verify_heapam.c File Reference
#include "postgres.h"#include "access/detoast.h"#include "access/genam.h"#include "access/heaptoast.h"#include "access/multixact.h"#include "access/relation.h"#include "access/table.h"#include "access/toast_internals.h"#include "access/visibilitymap.h"#include "access/xact.h"#include "catalog/pg_am.h"#include "catalog/pg_class.h"#include "funcapi.h"#include "miscadmin.h"#include "storage/bufmgr.h"#include "storage/procarray.h"#include "utils/builtins.h"#include "utils/fmgroids.h"#include "utils/rel.h"
Include dependency graph for verify_heapam.c:
Go to the source code of this file.
Data Structures | |
| struct | ToastedAttribute |
| struct | HeapCheckContext |
Macros | |
| #define | HEAPCHECK_RELATION_COLS 4 |
| #define | VARLENA_SIZE_LIMIT 0x3FFFFFFF |
Typedefs | |
| typedef enum XidBoundsViolation | XidBoundsViolation |
| typedef enum XidCommitStatus | XidCommitStatus |
| typedef enum SkipPages | SkipPages |
| typedef struct ToastedAttribute | ToastedAttribute |
| typedef struct HeapCheckContext | HeapCheckContext |
Enumerations | |
| enum | XidBoundsViolation { XID_INVALID , XID_IN_FUTURE , XID_PRECEDES_CLUSTERMIN , XID_PRECEDES_RELMIN , XID_BOUNDS_OK } |
| enum | XidCommitStatus { XID_COMMITTED , XID_IS_CURRENT_XID , XID_IN_PROGRESS , XID_ABORTED } |
| enum | SkipPages { SKIP_PAGES_ALL_FROZEN , SKIP_PAGES_ALL_VISIBLE , SKIP_PAGES_NONE } |
Macro Definition Documentation
◆ HEAPCHECK_RELATION_COLS
| #define HEAPCHECK_RELATION_COLS 4 |
Definition at line 35 of file verify_heapam.c.
◆ VARLENA_SIZE_LIMIT
| #define VARLENA_SIZE_LIMIT 0x3FFFFFFF |
Definition at line 38 of file verify_heapam.c.
Typedef Documentation
◆ HeapCheckContext
| typedef struct HeapCheckContext HeapCheckContext |
◆ SkipPages
◆ ToastedAttribute
| typedef struct ToastedAttribute ToastedAttribute |
◆ XidBoundsViolation
| typedef enum XidBoundsViolation XidBoundsViolation |
◆ XidCommitStatus
| typedef enum XidCommitStatus XidCommitStatus |
Enumeration Type Documentation
◆ SkipPages
| enum SkipPages |
| Enumerator | |
|---|---|
| SKIP_PAGES_ALL_FROZEN | |
| SKIP_PAGES_ALL_VISIBLE | |
| SKIP_PAGES_NONE | |
Definition at line 61 of file verify_heapam.c.
◆ XidBoundsViolation
| enum XidBoundsViolation |
| Enumerator | |
|---|---|
| XID_INVALID | |
| XID_IN_FUTURE | |
| XID_PRECEDES_CLUSTERMIN | |
| XID_PRECEDES_RELMIN | |
| XID_BOUNDS_OK | |
Definition at line 44 of file verify_heapam.c.
◆ XidCommitStatus
| enum XidCommitStatus |
| Enumerator | |
|---|---|
| XID_COMMITTED | |
| XID_IS_CURRENT_XID | |
| XID_IN_PROGRESS | |
| XID_ABORTED | |
Definition at line 53 of file verify_heapam.c.
Function Documentation
◆ check_mxid_in_range()
|
static |
Definition at line 1965 of file verify_heapam.c.
1966{
1976}
bool MultiXactIdPrecedes(MultiXactId multi1, MultiXactId multi2)
Definition: multixact.c:3317
bool MultiXactIdPrecedesOrEquals(MultiXactId multi1, MultiXactId multi2)
Definition: multixact.c:3331
References MultiXactIdPrecedes(), MultiXactIdPrecedesOrEquals(), HeapCheckContext::next_mxact, HeapCheckContext::oldest_mxact, HeapCheckContext::relminmxid, TransactionIdIsValid, XID_BOUNDS_OK, XID_IN_FUTURE, XID_INVALID, XID_PRECEDES_CLUSTERMIN, and XID_PRECEDES_RELMIN.
Referenced by check_mxid_valid_in_rel().
◆ check_mxid_valid_in_rel()
|
static |
Definition at line 1987 of file verify_heapam.c.
1988{
1989 XidBoundsViolation result;
1990
1991 result = check_mxid_in_range(mxid, ctx);
1994
1995 /* The range may have advanced. Recheck. */
1996 update_cached_mxid_range(ctx);
1998}
static XidBoundsViolation check_mxid_in_range(MultiXactId mxid, HeapCheckContext *ctx)
Definition: verify_heapam.c:1965
static void update_cached_mxid_range(HeapCheckContext *ctx)
Definition: verify_heapam.c:1944
References check_mxid_in_range(), update_cached_mxid_range(), and XID_BOUNDS_OK.
Referenced by check_tuple_visibility().
◆ check_toast_tuple()
|
static |
Definition at line 1462 of file verify_heapam.c.
1465{
1466 int32 chunk_seq;
1468 Pointer chunk;
1469 bool isnull;
1470 int32 chunksize;
1471 int32 expected_size;
1472
1473 /* Sanity-check the sequence number. */
1476 if (isnull)
1477 {
1478 report_toast_corruption(ctx, ta,
1481 return;
1482 }
1483 if (chunk_seq != *expected_chunk_seq)
1484 {
1485 /* Either the TOAST index is corrupt, or we don't have all chunks. */
1486 report_toast_corruption(ctx, ta,
1489 chunk_seq, *expected_chunk_seq));
1490 }
1491 *expected_chunk_seq = chunk_seq + 1;
1492
1493 /* Sanity-check the chunk data. */
1496 if (isnull)
1497 {
1498 report_toast_corruption(ctx, ta,
1501 chunk_seq));
1502 return;
1503 }
1507 {
1508 /*
1509 * could happen due to heap_form_tuple doing its thing
1510 */
1512 }
1513 else
1514 {
1515 /* should never happen */
1517
1518 report_toast_corruption(ctx, ta,
1521 chunk_seq, header));
1522 return;
1523 }
1524
1525 /*
1526 * Some checks on the data we've found
1527 */
1528 if (chunk_seq > last_chunk_seq)
1529 {
1530 report_toast_corruption(ctx, ta,
1533 chunk_seq, last_chunk_seq));
1534 return;
1535 }
1536
1537 expected_size = chunk_seq < last_chunk_seq ? TOAST_MAX_CHUNK_SIZE
1538 : extsize - (last_chunk_seq * TOAST_MAX_CHUNK_SIZE);
1539
1540 if (chunksize != expected_size)
1541 report_toast_corruption(ctx, ta,
1544 chunk_seq, chunksize, expected_size));
1545}
static Datum fastgetattr(HeapTuple tup, int attnum, TupleDesc tupleDesc, bool *isnull)
Definition: htup_details.h:860
Definition: varatt.h:112
static void report_toast_corruption(HeapCheckContext *ctx, ToastedAttribute *ta, char *msg)
Definition: verify_heapam.c:875
References DatumGetInt32(), DatumGetPointer(), fastgetattr(), psprintf(), RelationData::rd_att, report_toast_corruption(), TOAST_MAX_CHUNK_SIZE, ToastedAttribute::toast_pointer, HeapCheckContext::toast_rel, varatt_external::va_valueid, VARATT_IS_EXTENDED, VARATT_IS_SHORT, VARHDRSZ, VARHDRSZ_SHORT, VARSIZE, and VARSIZE_SHORT.
Referenced by check_toasted_attribute().
◆ check_toasted_attribute()
|
static |
Definition at line 1768 of file verify_heapam.c.
1769{
1770 ScanKeyData toastkey;
1771 SysScanDesc toastscan;
1772 bool found_toasttup;
1773 HeapTuple toasttup;
1774 uint32 extsize;
1775 int32 expected_chunk_seq = 0;
1776 int32 last_chunk_seq;
1777
1779 last_chunk_seq = (extsize - 1) / TOAST_MAX_CHUNK_SIZE;
1780
1781 /*
1782 * Setup a scan key to find chunks in toast table with matching va_valueid
1783 */
1784 ScanKeyInit(&toastkey,
1785 (AttrNumber) 1,
1786 BTEqualStrategyNumber, F_OIDEQ,
1788
1789 /*
1790 * Check if any chunks for this toasted object exist in the toast table,
1791 * accessible via the index.
1792 */
1794 ctx->valid_toast_index,
1795 get_toast_snapshot(), 1,
1796 &toastkey);
1797 found_toasttup = false;
1798 while ((toasttup =
1799 systable_getnext_ordered(toastscan,
1800 ForwardScanDirection)) != NULL)
1801 {
1802 found_toasttup = true;
1803 check_toast_tuple(toasttup, ctx, ta, &expected_chunk_seq, extsize);
1804 }
1805 systable_endscan_ordered(toastscan);
1806
1807 if (!found_toasttup)
1808 report_toast_corruption(ctx, ta,
1811 else if (expected_chunk_seq <= last_chunk_seq)
1812 report_toast_corruption(ctx, ta,
1815 last_chunk_seq, expected_chunk_seq));
1816}
SysScanDesc systable_beginscan_ordered(Relation heapRelation, Relation indexRelation, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:650
HeapTuple systable_getnext_ordered(SysScanDesc sysscan, ScanDirection direction)
Definition: genam.c:732
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
Definition: htup.h:63
Definition: skey.h:65
Definition: relscan.h:208
#define VARATT_EXTERNAL_GET_EXTSIZE(toast_pointer)
Definition: varatt.h:334
static void check_toast_tuple(HeapTuple toasttup, HeapCheckContext *ctx, ToastedAttribute *ta, int32 *expected_chunk_seq, uint32 extsize)
Definition: verify_heapam.c:1462
References BTEqualStrategyNumber, check_toast_tuple(), ForwardScanDirection, get_toast_snapshot(), ObjectIdGetDatum(), psprintf(), report_toast_corruption(), ScanKeyInit(), systable_beginscan_ordered(), systable_endscan_ordered(), systable_getnext_ordered(), TOAST_MAX_CHUNK_SIZE, ToastedAttribute::toast_pointer, HeapCheckContext::toast_rel, varatt_external::va_valueid, HeapCheckContext::valid_toast_index, and VARATT_EXTERNAL_GET_EXTSIZE.
Referenced by verify_heapam().
◆ check_tuple()
|
static |
Definition at line 1826 of file verify_heapam.c.
1828{
1829 /*
1830 * Check various forms of tuple header corruption, and if the header is
1831 * too corrupt, do not continue with other checks.
1832 */
1834 return;
1835
1836 /*
1837 * Check tuple visibility. If the inserting transaction aborted, we
1838 * cannot assume our relation description matches the tuple structure, and
1839 * therefore cannot check it.
1840 */
1842 xmin_commit_status))
1843 return;
1844
1845 /*
1846 * The tuple is visible, so it must be compatible with the current version
1847 * of the relation descriptor. It might have fewer columns than are
1848 * present in the relation descriptor, but it cannot have more.
1849 */
1851 {
1852 report_corruption(ctx,
1854 ctx->natts,
1856 return;
1857 }
1858
1859 /*
1860 * Check each attribute unless we hit corruption that confuses what to do
1861 * next, at which point we abort further attribute checks for this tuple.
1862 * Note that we don't abort for all types of corruption, only for those
1863 * types where we don't know how to continue. We also don't abort the
1864 * checking of toasted attributes collected from the tuple prior to
1865 * aborting. Those will still be checked later along with other toasted
1866 * attributes collected from the page.
1867 */
1868 ctx->offset = 0;
1871 break; /* cannot continue */
1872
1873 /* revert attnum to -1 until we again examine individual attributes */
1874 ctx->attnum = -1;
1875}
static bool check_tuple_visibility(HeapCheckContext *ctx, bool *xmin_commit_status_ok, XidCommitStatus *xmin_commit_status)
Definition: verify_heapam.c:1020
static bool check_tuple_header(HeapCheckContext *ctx)
Definition: verify_heapam.c:907
static bool check_tuple_attribute(HeapCheckContext *ctx)
Definition: verify_heapam.c:1568
static void report_corruption(HeapCheckContext *ctx, char *msg)
Definition: verify_heapam.c:859
References HeapCheckContext::attnum, check_tuple_attribute(), check_tuple_header(), check_tuple_visibility(), HeapCheckContext::natts, HeapCheckContext::offset, psprintf(), HeapCheckContext::rel, RelationGetDescr, and report_corruption().
Referenced by verify_heapam().
◆ check_tuple_attribute()
|
static |
Definition at line 1568 of file verify_heapam.c.
1569{
1570 Datum attdatum;
1572 char *tp; /* pointer to the tuple data */
1573 uint16 infomask;
1574 CompactAttribute *thisatt;
1576
1579
1581
1583 {
1584 report_corruption(ctx,
1586 thisatt->attlen,
1588 ctx->lp_len));
1589 return false;
1590 }
1591
1592 /* Skip null values */
1594 return true;
1595
1596 /* Skip non-varlena values, but update offset first */
1598 {
1601 tp + ctx->offset);
1603 {
1604 report_corruption(ctx,
1606 thisatt->attlen,
1608 ctx->lp_len));
1609 return false;
1610 }
1611 return true;
1612 }
1613
1614 /* Ok, we're looking at a varlena attribute. */
1616 tp + ctx->offset);
1617
1618 /* Get the (possibly corrupt) varlena datum */
1620
1621 /*
1622 * We have the datum, but we cannot decode it carelessly, as it may still
1623 * be corrupt.
1624 */
1625
1626 /*
1627 * Check that VARTAG_SIZE won't hit an Assert on a corrupt va_tag before
1628 * risking a call into att_addlength_pointer
1629 */
1631 {
1633
1635 {
1636 report_corruption(ctx,
1638 va_tag));
1639 /* We can't know where the next attribute begins */
1640 return false;
1641 }
1642 }
1643
1644 /* Ok, should be safe now */
1646 tp + ctx->offset);
1647
1649 {
1650 report_corruption(ctx,
1652 thisatt->attlen,
1654 ctx->lp_len));
1655
1656 return false;
1657 }
1658
1659 /*
1660 * heap_deform_tuple would be done with this attribute at this point,
1661 * having stored it in values[], and would continue to the next attribute.
1662 * We go further, because we need to check if the toast datum is corrupt.
1663 */
1664
1666
1667 /*
1668 * Now we follow the logic of detoast_external_attr(), with the same
1669 * caveats about being paranoid about corruption.
1670 */
1671
1672 /* Skip values that are not external */
1674 return true;
1675
1676 /* It is external, and we're looking at a page on disk */
1677
1678 /*
1679 * Must copy attr into toast_pointer for alignment considerations
1680 */
1681 VARATT_EXTERNAL_GET_POINTER(toast_pointer, attr);
1682
1683 /* Toasted attributes too large to be untoasted should never be stored */
1685 report_corruption(ctx,
1687 toast_pointer.va_valueid,
1688 toast_pointer.va_rawsize,
1689 VARLENA_SIZE_LIMIT));
1690
1692 {
1693 ToastCompressionId cmid;
1694 bool valid = false;
1695
1696 /* Compressed attributes should have a valid compression method */
1697 cmid = TOAST_COMPRESS_METHOD(&toast_pointer);
1698 switch (cmid)
1699 {
1700 /* List of all valid compression method IDs */
1703 valid = true;
1704 break;
1705
1706 /* Recognized but invalid compression method ID */
1708 break;
1709
1710 /* Intentionally no default here */
1711 }
1712 if (!valid)
1713 report_corruption(ctx,
1715 toast_pointer.va_valueid, cmid));
1716 }
1717
1718 /* The tuple header better claim to contain toasted values */
1720 {
1721 report_corruption(ctx,
1723 toast_pointer.va_valueid));
1724 return true;
1725 }
1726
1727 /* The relation better have a toast table */
1729 {
1730 report_corruption(ctx,
1732 toast_pointer.va_valueid));
1733 return true;
1734 }
1735
1736 /* If we were told to skip toast checking, then we're done. */
1738 return true;
1739
1740 /*
1741 * If this tuple is eligible to be pruned, we cannot check the toast.
1742 * Otherwise, we push a copy of the toast tuple so we can check it after
1743 * releasing the main table buffer lock.
1744 */
1746 {
1747 ToastedAttribute *ta;
1748
1750
1756 }
1757
1758 return true;
1759}
#define VARATT_EXTERNAL_GET_POINTER(toast_pointer, attr)
Definition: detoast.h:22
Definition: tupdesc.h:69
Definition: verify_heapam.c:74
Definition: varatt.h:33
static CompactAttribute * TupleDescCompactAttr(TupleDesc tupdesc, int i)
Definition: tupdesc.h:169
#define att_addlength_pointer(cur_offset, attlen, attptr)
Definition: tupmacs.h:185
#define att_pointer_alignby(cur_offset, attalignby, attlen, attptr)
Definition: tupmacs.h:129
#define VARATT_EXTERNAL_IS_COMPRESSED(toast_pointer)
Definition: varatt.h:354
References att_addlength_pointer, att_isnull(), att_nominal_alignby, att_pointer_alignby, CompactAttribute::attalignby, CompactAttribute::attlen, ToastedAttribute::attnum, HeapCheckContext::attnum, ToastedAttribute::blkno, HeapCheckContext::blkno, DatumGetPointer(), fetchatt, HEAP_HASEXTERNAL, HEAP_HASNULL, if(), lappend(), HeapCheckContext::lp_len, ToastedAttribute::offnum, HeapCheckContext::offnum, HeapCheckContext::offset, palloc0(), psprintf(), RelationData::rd_rel, HeapCheckContext::rel, RelationGetDescr, report_corruption(), HeapTupleHeaderData::t_bits, HeapTupleHeaderData::t_hoff, HeapTupleHeaderData::t_infomask, TOAST_COMPRESS_METHOD, TOAST_INVALID_COMPRESSION_ID, TOAST_LZ4_COMPRESSION_ID, TOAST_PGLZ_COMPRESSION_ID, ToastedAttribute::toast_pointer, HeapCheckContext::toast_rel, HeapCheckContext::toasted_attributes, HeapCheckContext::tuphdr, HeapCheckContext::tuple_could_be_pruned, TupleDescCompactAttr(), varatt_external::va_rawsize, varatt_external::va_valueid, VARATT_EXTERNAL_GET_POINTER, VARATT_EXTERNAL_IS_COMPRESSED, VARATT_IS_EXTERNAL, VARLENA_SIZE_LIMIT, VARTAG_EXTERNAL, and VARTAG_ONDISK.
Referenced by check_tuple().
◆ check_tuple_header()
|
static |
Definition at line 907 of file verify_heapam.c.
908{
912 bool result = true;
913 unsigned expected_hoff;
914
916 {
917 report_corruption(ctx,
920 result = false;
921 }
922
925 {
926 report_corruption(ctx,
928
929 /*
930 * This condition is clearly wrong, but it's not enough to justify
931 * skipping further checks, because we don't rely on this to determine
932 * whether the tuple is visible or to interpret other relevant header
933 * fields.
934 */
935 }
936
938 HeapTupleHeaderIsHotUpdated(tuphdr))
939 {
940 report_corruption(ctx,
942
943 /*
944 * As above, even though this shouldn't happen, it's not sufficient
945 * justification for skipping further checks, we should still be able
946 * to perform sensibly.
947 */
948 }
949
952 {
953 report_corruption(ctx,
955
956 /* Here again, we can still perform further checks. */
957 }
958
961 else
964 {
966 report_corruption(ctx,
967 psprintf("tuple data should begin at byte %u, but actually begins at byte %u (1 attribute, has nulls)",
970 report_corruption(ctx,
971 psprintf("tuple data should begin at byte %u, but actually begins at byte %u (%u attributes, has nulls)",
974 report_corruption(ctx,
975 psprintf("tuple data should begin at byte %u, but actually begins at byte %u (1 attribute, no nulls)",
977 else
978 report_corruption(ctx,
979 psprintf("tuple data should begin at byte %u, but actually begins at byte %u (%u attributes, no nulls)",
981 result = false;
982 }
983
984 return result;
985}
static bool HeapTupleHeaderIsHeapOnly(const HeapTupleHeaderData *tup)
Definition: htup_details.h:555
static bool HeapTupleHeaderIsHotUpdated(const HeapTupleHeaderData *tup)
Definition: htup_details.h:534
static TransactionId HeapTupleHeaderGetUpdateXid(const HeapTupleHeaderData *tup)
Definition: htup_details.h:397
Definition: htup_details.h:154
References BITMAPLEN(), HEAP_HASNULL, HEAP_UPDATED, HEAP_XMAX_COMMITTED, HEAP_XMAX_IS_MULTI, HeapTupleHeaderGetUpdateXid(), HeapTupleHeaderIsHeapOnly(), HeapTupleHeaderIsHotUpdated(), HeapCheckContext::lp_len, MAXALIGN, HeapCheckContext::natts, psprintf(), pstrdup(), report_corruption(), SizeofHeapTupleHeader, HeapTupleHeaderData::t_hoff, HeapTupleHeaderData::t_infomask, TransactionIdIsValid, and HeapCheckContext::tuphdr.
Referenced by check_tuple().
◆ check_tuple_visibility()
|
static |
Definition at line 1020 of file verify_heapam.c.
1022{
1023 TransactionId xmin;
1024 TransactionId xvac;
1025 TransactionId xmax;
1026 XidCommitStatus xmin_status;
1027 XidCommitStatus xvac_status;
1028 XidCommitStatus xmax_status;
1030
1032 *xmin_commit_status_ok = false; /* have not yet proven otherwise */
1033
1034 /* If xmin is normal, it should be within valid range */
1035 xmin = HeapTupleHeaderGetXmin(tuphdr);
1037 {
1039 /* Could be the result of a speculative insertion that aborted. */
1040 return false;
1042 *xmin_commit_status_ok = true;
1043 *xmin_commit_status = xmin_status;
1044 break;
1046 report_corruption(ctx,
1048 xmin,
1051 return false;
1053 report_corruption(ctx,
1055 xmin,
1058 return false;
1060 report_corruption(ctx,
1062 xmin,
1065 return false;
1066 }
1067
1068 /*
1069 * Has inserting transaction committed?
1070 */
1072 {
1074 return false; /* inserter aborted, don't check */
1075 /* Used by pre-9.0 binary upgrades */
1077 {
1078 xvac = HeapTupleHeaderGetXvac(tuphdr);
1079
1081 {
1083 report_corruption(ctx,
1085 return false;
1087 report_corruption(ctx,
1088 psprintf("old-style VACUUM FULL transaction ID %u for moved off tuple equals or exceeds next valid transaction ID %u:%u",
1089 xvac,
1092 return false;
1094 report_corruption(ctx,
1095 psprintf("old-style VACUUM FULL transaction ID %u for moved off tuple precedes relation freeze threshold %u:%u",
1096 xvac,
1099 return false;
1101 report_corruption(ctx,
1102 psprintf("old-style VACUUM FULL transaction ID %u for moved off tuple precedes oldest valid transaction ID %u:%u",
1103 xvac,
1106 return false;
1108 break;
1109 }
1110
1111 switch (xvac_status)
1112 {
1114 report_corruption(ctx,
1115 psprintf("old-style VACUUM FULL transaction ID %u for moved off tuple matches our current transaction ID",
1116 xvac));
1117 return false;
1119 report_corruption(ctx,
1120 psprintf("old-style VACUUM FULL transaction ID %u for moved off tuple appears to be in progress",
1121 xvac));
1122 return false;
1123
1125
1126 /*
1127 * The tuple is dead, because the xvac transaction moved
1128 * it off and committed. It's checkable, but also
1129 * prunable.
1130 */
1131 return true;
1132
1134
1135 /*
1136 * The original xmin must have committed, because the xvac
1137 * transaction tried to move it later. Since xvac is
1138 * aborted, whether it's still alive now depends on the
1139 * status of xmax.
1140 */
1141 break;
1142 }
1143 }
1144 /* Used by pre-9.0 binary upgrades */
1146 {
1147 xvac = HeapTupleHeaderGetXvac(tuphdr);
1148
1150 {
1152 report_corruption(ctx,
1154 return false;
1156 report_corruption(ctx,
1157 psprintf("old-style VACUUM FULL transaction ID %u for moved in tuple equals or exceeds next valid transaction ID %u:%u",
1158 xvac,
1161 return false;
1163 report_corruption(ctx,
1164 psprintf("old-style VACUUM FULL transaction ID %u for moved in tuple precedes relation freeze threshold %u:%u",
1165 xvac,
1168 return false;
1170 report_corruption(ctx,
1171 psprintf("old-style VACUUM FULL transaction ID %u for moved in tuple precedes oldest valid transaction ID %u:%u",
1172 xvac,
1175 return false;
1177 break;
1178 }
1179
1180 switch (xvac_status)
1181 {
1183 report_corruption(ctx,
1184 psprintf("old-style VACUUM FULL transaction ID %u for moved in tuple matches our current transaction ID",
1185 xvac));
1186 return false;
1188 report_corruption(ctx,
1189 psprintf("old-style VACUUM FULL transaction ID %u for moved in tuple appears to be in progress",
1190 xvac));
1191 return false;
1192
1194
1195 /*
1196 * The original xmin must have committed, because the xvac
1197 * transaction moved it later. Whether it's still alive
1198 * now depends on the status of xmax.
1199 */
1200 break;
1201
1203
1204 /*
1205 * The tuple is dead, because the xvac transaction moved
1206 * it off and committed. It's checkable, but also
1207 * prunable.
1208 */
1209 return true;
1210 }
1211 }
1213 {
1214 /*
1215 * Inserting transaction is not in progress, and not committed, so
1216 * it might have changed the TupleDesc in ways we don't know
1217 * about. Thus, don't try to check the tuple structure.
1218 *
1219 * If xmin_status happens to be XID_IS_CURRENT_XID, then in theory
1220 * any such DDL changes ought to be visible to us, so perhaps we
1221 * could check anyway in that case. But, for now, let's be
1222 * conservative and treat this like any other uncommitted insert.
1223 */
1224 return false;
1225 }
1226 }
1227
1228 /*
1229 * Okay, the inserter committed, so it was good at some point. Now what
1230 * about the deleting transaction?
1231 */
1232
1234 {
1235 /*
1236 * xmax is a multixact, so sanity-check the MXID. Note that we do this
1237 * prior to checking for HEAP_XMAX_INVALID or
1238 * HEAP_XMAX_IS_LOCKED_ONLY. This might therefore complain about
1239 * things that wouldn't actually be a problem during a normal scan,
1240 * but eventually we're going to have to freeze, and that process will
1241 * ignore hint bits.
1242 *
1243 * Even if the MXID is out of range, we still know that the original
1244 * insert committed, so we can check the tuple itself. However, we
1245 * can't rule out the possibility that this tuple is dead, so don't
1246 * clear ctx->tuple_could_be_pruned. Possibly we should go ahead and
1247 * clear that flag anyway if HEAP_XMAX_INVALID is set or if
1248 * HEAP_XMAX_IS_LOCKED_ONLY is true, but for now we err on the side of
1249 * avoiding possibly-bogus complaints about missing TOAST entries.
1250 */
1251 xmax = HeapTupleHeaderGetRawXmax(tuphdr);
1253 {
1255 report_corruption(ctx,
1257 return true;
1259 report_corruption(ctx,
1261 xmax, ctx->relminmxid));
1262 return true;
1264 report_corruption(ctx,
1266 xmax, ctx->oldest_mxact));
1267 return true;
1269 report_corruption(ctx,
1271 xmax,
1272 ctx->next_mxact));
1273 return true;
1275 break;
1276 }
1277 }
1278
1280 {
1281 /*
1282 * This tuple is live. A concurrently running transaction could
1283 * delete it before we get around to checking the toast, but any such
1284 * running transaction is surely not less than our safe_xmin, so the
1285 * toast cannot be vacuumed out from under us.
1286 */
1288 return true;
1289 }
1290
1292 {
1293 /*
1294 * "Deleting" xact really only locked it, so the tuple is live in any
1295 * case. As above, a concurrently running transaction could delete
1296 * it, but it cannot be vacuumed out from under us.
1297 */
1299 return true;
1300 }
1301
1303 {
1304 /*
1305 * We already checked above that this multixact is within limits for
1306 * this table. Now check the update xid from this multixact.
1307 */
1308 xmax = HeapTupleGetUpdateXid(tuphdr);
1310 {
1312 /* not LOCKED_ONLY, so it has to have an xmax */
1313 report_corruption(ctx,
1315 return true;
1317 report_corruption(ctx,
1319 xmax,
1322 return true;
1324 report_corruption(ctx,
1326 xmax,
1329 return true;
1331 report_corruption(ctx,
1333 xmax,
1336 return true;
1338 break;
1339 }
1340
1341 switch (xmax_status)
1342 {
1345
1346 /*
1347 * The delete is in progress, so it cannot be visible to our
1348 * snapshot.
1349 */
1351 break;
1353
1354 /*
1355 * The delete committed. Whether the toast can be vacuumed
1356 * away depends on how old the deleting transaction is.
1357 */
1359 ctx->safe_xmin);
1360 break;
1362
1363 /*
1364 * The delete aborted or crashed. The tuple is still live.
1365 */
1367 break;
1368 }
1369
1370 /* Tuple itself is checkable even if it's dead. */
1371 return true;
1372 }
1373
1374 /* xmax is an XID, not a MXID. Sanity check it. */
1375 xmax = HeapTupleHeaderGetRawXmax(tuphdr);
1377 {
1380 return true;
1382 report_corruption(ctx,
1384 xmax,
1387 return false; /* corrupt */
1389 report_corruption(ctx,
1391 xmax,
1394 return false; /* corrupt */
1396 report_corruption(ctx,
1398 xmax,
1401 return false; /* corrupt */
1403 break;
1404 }
1405
1406 /*
1407 * Whether the toast can be vacuumed away depends on how old the deleting
1408 * transaction is.
1409 */
1410 switch (xmax_status)
1411 {
1414
1415 /*
1416 * The delete is in progress, so it cannot be visible to our
1417 * snapshot.
1418 */
1420 break;
1421
1423
1424 /*
1425 * The delete committed. Whether the toast can be vacuumed away
1426 * depends on how old the deleting transaction is.
1427 */
1429 ctx->safe_xmin);
1430 break;
1431
1433
1434 /*
1435 * The delete aborted or crashed. The tuple is still live.
1436 */
1438 break;
1439 }
1440
1441 /* Tuple itself is checkable even if it's dead. */
1442 return true;
1443}
TransactionId HeapTupleGetUpdateXid(const HeapTupleHeaderData *tup)
Definition: heapam.c:7568
static bool HEAP_XMAX_IS_LOCKED_ONLY(uint16 infomask)
Definition: htup_details.h:226
static bool HeapTupleHeaderXminInvalid(const HeapTupleHeaderData *tup)
Definition: htup_details.h:343
static TransactionId HeapTupleHeaderGetXvac(const HeapTupleHeaderData *tup)
Definition: htup_details.h:442
static TransactionId HeapTupleHeaderGetRawXmax(const HeapTupleHeaderData *tup)
Definition: htup_details.h:377
static TransactionId HeapTupleHeaderGetXmin(const HeapTupleHeaderData *tup)
Definition: htup_details.h:324
static bool HeapTupleHeaderXminCommitted(const HeapTupleHeaderData *tup)
Definition: htup_details.h:337
bool TransactionIdPrecedes(TransactionId id1, TransactionId id2)
Definition: transam.c:280
static XidBoundsViolation check_mxid_valid_in_rel(MultiXactId mxid, HeapCheckContext *ctx)
Definition: verify_heapam.c:1987
static XidBoundsViolation get_xid_status(TransactionId xid, HeapCheckContext *ctx, XidCommitStatus *status)
Definition: verify_heapam.c:2019
References check_mxid_valid_in_rel(), EpochFromFullTransactionId, get_xid_status(), HEAP_MOVED_IN, HEAP_MOVED_OFF, HEAP_XMAX_INVALID, HEAP_XMAX_IS_LOCKED_ONLY(), HEAP_XMAX_IS_MULTI, HeapTupleGetUpdateXid(), HeapTupleHeaderGetRawXmax(), HeapTupleHeaderGetXmin(), HeapTupleHeaderGetXvac(), HeapTupleHeaderXminCommitted(), HeapTupleHeaderXminInvalid(), HeapCheckContext::next_fxid, HeapCheckContext::next_mxact, HeapCheckContext::oldest_fxid, HeapCheckContext::oldest_mxact, psprintf(), pstrdup(), HeapCheckContext::relfrozenfxid, HeapCheckContext::relminmxid, report_corruption(), HeapCheckContext::safe_xmin, HeapTupleHeaderData::t_infomask, TransactionIdPrecedes(), HeapCheckContext::tuphdr, HeapCheckContext::tuple_could_be_pruned, XID_ABORTED, XID_BOUNDS_OK, XID_COMMITTED, XID_IN_FUTURE, XID_IN_PROGRESS, XID_INVALID, XID_IS_CURRENT_XID, XID_PRECEDES_CLUSTERMIN, XID_PRECEDES_RELMIN, and XidFromFullTransactionId.
Referenced by check_tuple().
◆ FullTransactionIdFromXidAndCtx()
|
static |
Definition at line 1885 of file verify_heapam.c.
1886{
1887 uint64 nextfxid_i;
1888 int32 diff;
1889 FullTransactionId fxid;
1890
1894
1897
1899
1900 /* compute the 32bit modulo difference */
1902
1903 /*
1904 * In cases of corruption we might see a 32bit xid that is before epoch 0.
1905 * We can't represent that as a 64bit xid, due to 64bit xids being
1906 * unsigned integers, without the modulo arithmetic of 32bit xid. There's
1907 * no really nice way to deal with that, but it works ok enough to use
1908 * FirstNormalFullTransactionId in that case, as a freshly initdb'd
1909 * cluster already has a newer horizon.
1910 */
1912 {
1914 fxid = FirstNormalFullTransactionId;
1915 }
1916 else
1917 fxid = FullTransactionIdFromU64(nextfxid_i - diff);
1918
1920 return fxid;
1921}
Assert(PointerIsAligned(start, uint64))
Definition: transam.h:66
static FullTransactionId FullTransactionIdFromU64(uint64 value)
Definition: transam.h:81
static FullTransactionId FullTransactionIdFromEpochAndXid(uint32 epoch, TransactionId xid)
Definition: transam.h:71
References Assert(), EpochFromFullTransactionId, FirstNormalFullTransactionId, FirstNormalTransactionId, FullTransactionIdFromEpochAndXid(), FullTransactionIdFromU64(), FullTransactionIdIsNormal, HeapCheckContext::next_fxid, HeapCheckContext::next_xid, TransactionIdIsNormal, U64FromFullTransactionId, and XidFromFullTransactionId.
Referenced by get_xid_status(), update_cached_xid_range(), and verify_heapam().
◆ fxid_in_cached_range()
|
inlinestatic |
Definition at line 1954 of file verify_heapam.c.
References FullTransactionIdPrecedes, FullTransactionIdPrecedesOrEquals, HeapCheckContext::next_fxid, and HeapCheckContext::oldest_fxid.
Referenced by get_xid_status().
◆ get_xid_status()
|
static |
Definition at line 2019 of file verify_heapam.c.
2021{
2022 FullTransactionId fxid;
2023 FullTransactionId clog_horizon;
2024
2025 /* Quick check for special xids */
2029 {
2030 if (status != NULL)
2031 *status = XID_COMMITTED;
2033 }
2034
2035 /* Check if the xid is within bounds */
2036 fxid = FullTransactionIdFromXidAndCtx(xid, ctx);
2038 {
2039 /*
2040 * We may have been checking against stale values. Update the cached
2041 * range to be sure, and since we relied on the cached range when we
2042 * performed the full xid conversion, reconvert.
2043 */
2044 update_cached_xid_range(ctx);
2045 fxid = FullTransactionIdFromXidAndCtx(xid, ctx);
2046 }
2047
2054
2055 /* Early return if the caller does not request clog checking */
2056 if (status == NULL)
2058
2059 /* Early return if we just checked this xid in a prior call */
2061 {
2062 *status = ctx->cached_status;
2064 }
2065
2066 *status = XID_COMMITTED;
2068 clog_horizon =
2070 ctx);
2072 {
2074 *status = XID_IS_CURRENT_XID;
2076 *status = XID_IN_PROGRESS;
2078 *status = XID_COMMITTED;
2079 else
2080 *status = XID_ABORTED;
2081 }
2082 LWLockRelease(XactTruncationLock);
2083 ctx->cached_xid = xid;
2084 ctx->cached_status = *status;
2086}
bool TransactionIdIsInProgress(TransactionId xid)
Definition: procarray.c:1402
bool TransactionIdDidCommit(TransactionId transactionId)
Definition: transam.c:126
static bool fxid_in_cached_range(FullTransactionId fxid, const HeapCheckContext *ctx)
Definition: verify_heapam.c:1954
static void update_cached_xid_range(HeapCheckContext *ctx)
Definition: verify_heapam.c:1927
static FullTransactionId FullTransactionIdFromXidAndCtx(TransactionId xid, const HeapCheckContext *ctx)
Definition: verify_heapam.c:1885
bool TransactionIdIsCurrentTransactionId(TransactionId xid)
Definition: xact.c:941
References BootstrapTransactionId, HeapCheckContext::cached_status, HeapCheckContext::cached_xid, FrozenTransactionId, FullTransactionIdFromXidAndCtx(), FullTransactionIdPrecedes, FullTransactionIdPrecedesOrEquals, fxid_in_cached_range(), LW_SHARED, LWLockAcquire(), LWLockRelease(), HeapCheckContext::next_fxid, HeapCheckContext::oldest_fxid, TransamVariablesData::oldestClogXid, HeapCheckContext::relfrozenfxid, TransactionIdDidCommit(), TransactionIdIsCurrentTransactionId(), TransactionIdIsInProgress(), TransactionIdIsValid, TransamVariables, update_cached_xid_range(), XID_ABORTED, XID_BOUNDS_OK, XID_COMMITTED, XID_IN_FUTURE, XID_IN_PROGRESS, XID_INVALID, XID_IS_CURRENT_XID, XID_PRECEDES_CLUSTERMIN, and XID_PRECEDES_RELMIN.
Referenced by check_tuple_visibility().
◆ PG_FUNCTION_INFO_V1()
| PG_FUNCTION_INFO_V1 | ( | verify_heapam | ) |
◆ report_corruption()
|
static |
Definition at line 859 of file verify_heapam.c.
860{
864}
static void report_corruption_internal(Tuplestorestate *tupstore, TupleDesc tupdesc, BlockNumber blkno, OffsetNumber offnum, AttrNumber attnum, char *msg)
Definition: verify_heapam.c:823
References HeapCheckContext::attnum, HeapCheckContext::blkno, HeapCheckContext::is_corrupt, HeapCheckContext::offnum, report_corruption_internal(), HeapCheckContext::tupdesc, and HeapCheckContext::tupstore.
Referenced by check_tuple(), check_tuple_attribute(), check_tuple_header(), check_tuple_visibility(), and verify_heapam().
◆ report_corruption_internal()
|
static |
Definition at line 823 of file verify_heapam.c.
826{
829 HeapTuple tuple;
830
834 nulls[2] = (attnum < 0);
836
837 /*
838 * In principle, there is nothing to prevent a scan over a large, highly
839 * corrupted table from using work_mem worth of memory building up the
840 * tuplestore. That's ok, but if we also leak the msg argument memory
841 * until the end of the query, we could exceed work_mem by more than a
842 * trivial amount. Therefore, free the msg argument each time we are
843 * called rather than waiting for our current memory context to be freed.
844 */
845 pfree(msg);
846
848 tuplestore_puttuple(tupstore, tuple);
849}
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, const Datum *values, const bool *isnull)
Definition: heaptuple.c:1117
void tuplestore_puttuple(Tuplestorestate *state, HeapTuple tuple)
Definition: tuplestore.c:764
References attnum, CStringGetTextDatum, heap_form_tuple(), HEAPCHECK_RELATION_COLS, Int32GetDatum(), Int64GetDatum(), pfree(), tuplestore_puttuple(), and values.
Referenced by report_corruption(), and report_toast_corruption().
◆ report_toast_corruption()
|
static |
Definition at line 875 of file verify_heapam.c.
877{
881}
References ToastedAttribute::attnum, ToastedAttribute::blkno, HeapCheckContext::is_corrupt, ToastedAttribute::offnum, report_corruption_internal(), HeapCheckContext::tupdesc, and HeapCheckContext::tupstore.
Referenced by check_toast_tuple(), and check_toasted_attribute().
◆ update_cached_mxid_range()
|
static |
Definition at line 1944 of file verify_heapam.c.
1945{
1947}
void ReadMultiXactIdRange(MultiXactId *oldest, MultiXactId *next)
Definition: multixact.c:791
References HeapCheckContext::next_mxact, HeapCheckContext::oldest_mxact, and ReadMultiXactIdRange().
Referenced by check_mxid_valid_in_rel(), and verify_heapam().
◆ update_cached_xid_range()
|
static |
Definition at line 1927 of file verify_heapam.c.
1928{
1929 /* Make cached copies */
1933 LWLockRelease(XidGenLock);
1934
1935 /* And compute alternate versions of the same */
1938}
References FullTransactionIdFromXidAndCtx(), LW_SHARED, LWLockAcquire(), LWLockRelease(), HeapCheckContext::next_fxid, HeapCheckContext::next_xid, TransamVariablesData::nextXid, HeapCheckContext::oldest_fxid, HeapCheckContext::oldest_xid, TransamVariablesData::oldestXid, TransamVariables, and XidFromFullTransactionId.
Referenced by get_xid_status(), and verify_heapam().
◆ verify_heapam()
| Datum verify_heapam | ( | PG_FUNCTION_ARGS | ) |
Definition at line 221 of file verify_heapam.c.
222{
224 HeapCheckContext ctx;
226 Oid relid;
227 bool on_error_stop;
228 bool check_toast;
230 BlockNumber first_block;
231 BlockNumber last_block;
232 BlockNumber nblocks;
234
235 /* Check supplied arguments */
238 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
240 relid = PG_GETARG_OID(0);
241
244 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
246 on_error_stop = PG_GETARG_BOOL(1);
247
250 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
252 check_toast = PG_GETARG_BOOL(2);
253
256 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
260 skip_option = SKIP_PAGES_ALL_VISIBLE;
262 skip_option = SKIP_PAGES_ALL_FROZEN;
264 skip_option = SKIP_PAGES_NONE;
265 else
267 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
270
272 ctx.cached_xid = InvalidTransactionId;
273 ctx.toasted_attributes = NIL;
274
275 /*
276 * Any xmin newer than the xmin of our snapshot can't become all-visible
277 * while we're running.
278 */
280
281 /*
282 * If we report corruption when not examining some individual attribute,
283 * we need attnum to be reported as NULL. Set that up before any
284 * corruption reporting might happen.
285 */
286 ctx.attnum = -1;
287
288 /* Construct the tuplestore and tuple descriptor */
289 InitMaterializedSRF(fcinfo, 0);
290 ctx.tupdesc = rsinfo->setDesc;
291 ctx.tupstore = rsinfo->setResult;
292
293 /* Open relation, check relkind and access method */
295
296 /*
297 * Check that a relation's relkind and access method are both supported.
298 */
299 if (!RELKIND_HAS_TABLE_AM(ctx.rel->rd_rel->relkind) &&
300 ctx.rel->rd_rel->relkind != RELKIND_SEQUENCE)
302 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
304 RelationGetRelationName(ctx.rel)),
305 errdetail_relkind_not_supported(ctx.rel->rd_rel->relkind)));
306
307 /*
308 * Sequences always use heap AM, but they don't show that in the catalogs.
309 * Other relkinds might be using a different AM, so check.
310 */
311 if (ctx.rel->rd_rel->relkind != RELKIND_SEQUENCE &&
312 ctx.rel->rd_rel->relam != HEAP_TABLE_AM_OID)
314 (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
316
317 /*
318 * Early exit for unlogged relations during recovery. These will have no
319 * relation fork, so there won't be anything to check. We behave as if
320 * the relation is empty.
321 */
322 if (ctx.rel->rd_rel->relpersistence == RELPERSISTENCE_UNLOGGED &&
323 RecoveryInProgress())
324 {
326 (errcode(ERRCODE_READ_ONLY_SQL_TRANSACTION),
328 RelationGetRelationName(ctx.rel))));
330 PG_RETURN_NULL();
331 }
332
333 /* Early exit if the relation is empty */
334 nblocks = RelationGetNumberOfBlocks(ctx.rel);
335 if (!nblocks)
336 {
338 PG_RETURN_NULL();
339 }
340
342 ctx.buffer = InvalidBuffer;
343 ctx.page = NULL;
344
345 /* Validate block numbers, or handle nulls. */
347 first_block = 0;
348 else
349 {
351
352 if (fb < 0 || fb >= nblocks)
354 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
356 nblocks - 1)));
358 }
360 last_block = nblocks - 1;
361 else
362 {
364
365 if (lb < 0 || lb >= nblocks)
367 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
369 nblocks - 1)));
370 last_block = (BlockNumber) lb;
371 }
372
373 /* Optionally open the toast relation, if any. */
374 if (ctx.rel->rd_rel->reltoastrelid && check_toast)
375 {
376 int offset;
377
378 /* Main relation has associated toast relation */
379 ctx.toast_rel = table_open(ctx.rel->rd_rel->reltoastrelid,
380 AccessShareLock);
381 offset = toast_open_indexes(ctx.toast_rel,
382 AccessShareLock,
383 &(ctx.toast_indexes),
384 &(ctx.num_toast_indexes));
385 ctx.valid_toast_index = ctx.toast_indexes[offset];
386 }
387 else
388 {
389 /*
390 * Main relation has no associated toast relation, or we're
391 * intentionally skipping it.
392 */
393 ctx.toast_rel = NULL;
394 ctx.toast_indexes = NULL;
395 ctx.num_toast_indexes = 0;
396 }
397
398 update_cached_xid_range(&ctx);
399 update_cached_mxid_range(&ctx);
400 ctx.relfrozenxid = ctx.rel->rd_rel->relfrozenxid;
401 ctx.relfrozenfxid = FullTransactionIdFromXidAndCtx(ctx.relfrozenxid, &ctx);
402 ctx.relminmxid = ctx.rel->rd_rel->relminmxid;
403
405 ctx.oldest_xid = ctx.relfrozenxid;
406
407 for (ctx.blkno = first_block; ctx.blkno <= last_block; ctx.blkno++)
408 {
409 OffsetNumber maxoff;
415
416 CHECK_FOR_INTERRUPTS();
417
419
420 /* Optionally skip over all-frozen or all-visible blocks */
422 {
423 int32 mapbits;
424
426 &vmbuffer);
428 {
430 continue;
431 }
432
434 {
436 continue;
437 }
438 }
439
440 /* Read and lock the next page. */
442 RBM_NORMAL, ctx.bstrategy);
444 ctx.page = BufferGetPage(ctx.buffer);
445
446 /* Perform tuple checks */
447 maxoff = PageGetMaxOffsetNumber(ctx.page);
449 ctx.offnum = OffsetNumberNext(ctx.offnum))
450 {
451 BlockNumber nextblkno;
452 OffsetNumber nextoffnum;
453
454 successor[ctx.offnum] = InvalidOffsetNumber;
455 lp_valid[ctx.offnum] = false;
456 xmin_commit_status_ok[ctx.offnum] = false;
457 ctx.itemid = PageGetItemId(ctx.page, ctx.offnum);
458
459 /* Skip over unused/dead line pointers */
461 continue;
462
463 /*
464 * If this line pointer has been redirected, check that it
465 * redirects to a valid offset within the line pointer array
466 */
468 {
470 ItemId rditem;
471
473 {
474 report_corruption(&ctx,
476 (unsigned) rdoffnum,
478 continue;
479 }
480 if (rdoffnum > maxoff)
481 {
482 report_corruption(&ctx,
484 (unsigned) rdoffnum,
485 (unsigned) maxoff));
486 continue;
487 }
488
489 /*
490 * Since we've checked that this redirect points to a line
491 * pointer between FirstOffsetNumber and maxoff, it should now
492 * be safe to fetch the referenced line pointer. We expect it
493 * to be LP_NORMAL; if not, that's corruption.
494 */
495 rditem = PageGetItemId(ctx.page, rdoffnum);
497 {
498 report_corruption(&ctx,
500 (unsigned) rdoffnum));
501 continue;
502 }
504 {
505 report_corruption(&ctx,
507 (unsigned) rdoffnum));
508 continue;
509 }
511 {
512 report_corruption(&ctx,
514 (unsigned) rdoffnum));
515 continue;
516 }
517
518 /*
519 * Record the fact that this line pointer has passed basic
520 * sanity checking, and also the offset number to which it
521 * points.
522 */
523 lp_valid[ctx.offnum] = true;
524 successor[ctx.offnum] = rdoffnum;
525 continue;
526 }
527
528 /* Sanity-check the line pointer's offset and length values */
529 ctx.lp_len = ItemIdGetLength(ctx.itemid);
530 ctx.lp_off = ItemIdGetOffset(ctx.itemid);
531
533 {
534 report_corruption(&ctx,
536 ctx.lp_off));
537 continue;
538 }
540 {
541 report_corruption(&ctx,
543 ctx.lp_len,
545 continue;
546 }
547 if (ctx.lp_off + ctx.lp_len > BLCKSZ)
548 {
549 report_corruption(&ctx,
551 ctx.lp_off,
552 ctx.lp_len,
553 (unsigned) BLCKSZ));
554 continue;
555 }
556
557 /* It should be safe to examine the tuple's header, at least */
558 lp_valid[ctx.offnum] = true;
560 ctx.natts = HeapTupleHeaderGetNatts(ctx.tuphdr);
561
562 /* Ok, ready to check this next tuple */
563 check_tuple(&ctx,
564 &xmin_commit_status_ok[ctx.offnum],
565 &xmin_commit_status[ctx.offnum]);
566
567 /*
568 * If the CTID field of this tuple seems to point to another tuple
569 * on the same page, record that tuple as the successor of this
570 * one.
571 */
572 nextblkno = ItemPointerGetBlockNumber(&(ctx.tuphdr)->t_ctid);
573 nextoffnum = ItemPointerGetOffsetNumber(&(ctx.tuphdr)->t_ctid);
574 if (nextblkno == ctx.blkno && nextoffnum != ctx.offnum &&
575 nextoffnum >= FirstOffsetNumber && nextoffnum <= maxoff)
576 successor[ctx.offnum] = nextoffnum;
577 }
578
579 /*
580 * Update chain validation. Check each line pointer that's got a valid
581 * successor against that successor.
582 */
583 ctx.attnum = -1;
585 ctx.offnum = OffsetNumberNext(ctx.offnum))
586 {
587 ItemId curr_lp;
588 ItemId next_lp;
589 HeapTupleHeader curr_htup;
590 HeapTupleHeader next_htup;
591 TransactionId curr_xmin;
592 TransactionId curr_xmax;
593 TransactionId next_xmin;
594 OffsetNumber nextoffnum = successor[ctx.offnum];
595
596 /*
597 * The current line pointer may not have a successor, either
598 * because it's not valid or because it didn't point to anything.
599 * In either case, we have to give up.
600 *
601 * If the current line pointer does point to something, it's
602 * possible that the target line pointer isn't valid. We have to
603 * give up in that case, too.
604 */
606 continue;
607
608 /* We have two valid line pointers that we can examine. */
609 curr_lp = PageGetItemId(ctx.page, ctx.offnum);
610 next_lp = PageGetItemId(ctx.page, nextoffnum);
611
612 /* Handle the cases where the current line pointer is a redirect. */
614 {
615 /*
616 * We should not have set successor[ctx.offnum] to a value
617 * other than InvalidOffsetNumber unless that line pointer is
618 * LP_NORMAL.
619 */
621
622 /* Can only redirect to a HOT tuple. */
625 {
626 report_corruption(&ctx,
628 (unsigned) nextoffnum));
629 }
630
631 /* HOT chains should not intersect. */
633 {
634 report_corruption(&ctx,
636 (unsigned) nextoffnum, (unsigned) predecessor[nextoffnum]));
637 continue;
638 }
639
640 /*
641 * This redirect and the tuple to which it points seem to be
642 * part of an update chain.
643 */
644 predecessor[nextoffnum] = ctx.offnum;
645 continue;
646 }
647
648 /*
649 * If the next line pointer is a redirect, or if it's a tuple but
650 * the XMAX of this tuple doesn't match the XMIN of the next
651 * tuple, then the two aren't part of the same update chain and
652 * there is nothing more to do.
653 */
655 continue;
657 curr_xmax = HeapTupleHeaderGetUpdateXid(curr_htup);
659 next_xmin = HeapTupleHeaderGetXmin(next_htup);
661 !TransactionIdEquals(curr_xmax, next_xmin))
662 continue;
663
664 /* HOT chains should not intersect. */
666 {
667 report_corruption(&ctx,
669 (unsigned) nextoffnum, (unsigned) predecessor[nextoffnum]));
670 continue;
671 }
672
673 /*
674 * This tuple and the tuple to which it points seem to be part of
675 * an update chain.
676 */
677 predecessor[nextoffnum] = ctx.offnum;
678
679 /*
680 * If the current tuple is marked as HOT-updated, then the next
681 * tuple should be marked as a heap-only tuple. Conversely, if the
682 * current tuple isn't marked as HOT-updated, then the next tuple
683 * shouldn't be marked as a heap-only tuple.
684 *
685 * NB: Can't use HeapTupleHeaderIsHotUpdated() as it checks if
686 * hint bits indicate xmin/xmax aborted.
687 */
689 HeapTupleHeaderIsHeapOnly(next_htup))
690 {
691 report_corruption(&ctx,
693 (unsigned) nextoffnum));
694 }
696 !HeapTupleHeaderIsHeapOnly(next_htup))
697 {
698 report_corruption(&ctx,
700 (unsigned) nextoffnum));
701 }
702
703 /*
704 * If the current tuple's xmin is still in progress but the
705 * successor tuple's xmin is committed, that's corruption.
706 *
707 * NB: We recheck the commit status of the current tuple's xmin
708 * here, because it might have committed after we checked it and
709 * before we checked the commit status of the successor tuple's
710 * xmin. This should be safe because the xmin itself can't have
711 * changed, only its commit status.
712 */
713 curr_xmin = HeapTupleHeaderGetXmin(curr_htup);
714 if (xmin_commit_status_ok[ctx.offnum] &&
715 xmin_commit_status[ctx.offnum] == XID_IN_PROGRESS &&
716 xmin_commit_status_ok[nextoffnum] &&
717 xmin_commit_status[nextoffnum] == XID_COMMITTED &&
718 TransactionIdIsInProgress(curr_xmin))
719 {
720 report_corruption(&ctx,
721 psprintf("tuple with in-progress xmin %u was updated to produce a tuple at offset %u with committed xmin %u",
722 (unsigned) curr_xmin,
723 (unsigned) ctx.offnum,
724 (unsigned) next_xmin));
725 }
726
727 /*
728 * If the current tuple's xmin is aborted but the successor
729 * tuple's xmin is in-progress or committed, that's corruption.
730 */
731 if (xmin_commit_status_ok[ctx.offnum] &&
732 xmin_commit_status[ctx.offnum] == XID_ABORTED &&
733 xmin_commit_status_ok[nextoffnum])
734 {
736 report_corruption(&ctx,
737 psprintf("tuple with aborted xmin %u was updated to produce a tuple at offset %u with in-progress xmin %u",
738 (unsigned) curr_xmin,
739 (unsigned) ctx.offnum,
740 (unsigned) next_xmin));
742 report_corruption(&ctx,
743 psprintf("tuple with aborted xmin %u was updated to produce a tuple at offset %u with committed xmin %u",
744 (unsigned) curr_xmin,
745 (unsigned) ctx.offnum,
746 (unsigned) next_xmin));
747 }
748 }
749
750 /*
751 * An update chain can start either with a non-heap-only tuple or with
752 * a redirect line pointer, but not with a heap-only tuple.
753 *
754 * (This check is in a separate loop because we need the predecessor
755 * array to be fully populated before we can perform it.)
756 */
758 ctx.offnum <= maxoff;
759 ctx.offnum = OffsetNumberNext(ctx.offnum))
760 {
761 if (xmin_commit_status_ok[ctx.offnum] &&
762 (xmin_commit_status[ctx.offnum] == XID_COMMITTED ||
763 xmin_commit_status[ctx.offnum] == XID_IN_PROGRESS) &&
764 predecessor[ctx.offnum] == InvalidOffsetNumber)
765 {
766 ItemId curr_lp;
767
768 curr_lp = PageGetItemId(ctx.page, ctx.offnum);
770 {
771 HeapTupleHeader curr_htup;
772
773 curr_htup = (HeapTupleHeader)
774 PageGetItem(ctx.page, curr_lp);
776 report_corruption(&ctx,
778 }
779 }
780 }
781
782 /* clean up */
783 UnlockReleaseBuffer(ctx.buffer);
784
785 /*
786 * Check any toast pointers from the page whose lock we just released
787 */
789 {
790 ListCell *cell;
791
792 foreach(cell, ctx.toasted_attributes)
794 list_free_deep(ctx.toasted_attributes);
795 ctx.toasted_attributes = NIL;
796 }
797
798 if (on_error_stop && ctx.is_corrupt)
799 break;
800 }
801
803 ReleaseBuffer(vmbuffer);
804
805 /* Close the associated toast table and indexes, if any. */
806 if (ctx.toast_indexes)
807 toast_close_indexes(ctx.toast_indexes, ctx.num_toast_indexes,
808 AccessShareLock);
809 if (ctx.toast_rel)
811
812 /* Close the main relation */
814
815 PG_RETURN_NULL();
816}
Buffer ReadBufferExtended(Relation reln, ForkNumber forkNum, BlockNumber blockNum, ReadBufferMode mode, BufferAccessStrategy strategy)
Definition: bufmgr.c:798
static Item PageGetItem(const PageData *page, const ItemIdData *itemId)
Definition: bufpage.h:354
static ItemId PageGetItemId(Page page, OffsetNumber offsetNumber)
Definition: bufpage.h:244
static OffsetNumber PageGetMaxOffsetNumber(const PageData *page)
Definition: bufpage.h:372
BufferAccessStrategy GetAccessStrategy(BufferAccessStrategyType btype)
Definition: freelist.c:541
void InitMaterializedSRF(FunctionCallInfo fcinfo, bits32 flags)
Definition: funcapi.c:76
static OffsetNumber ItemPointerGetOffsetNumber(const ItemPointerData *pointer)
Definition: itemptr.h:124
static BlockNumber ItemPointerGetBlockNumber(const ItemPointerData *pointer)
Definition: itemptr.h:103
int errdetail_relkind_not_supported(char relkind)
Definition: pg_class.c:24
Definition: verify_heapam.c:86
Definition: itemid.h:26
Definition: execnodes.h:348
void toast_close_indexes(Relation *toastidxs, int num_indexes, LOCKMODE lock)
Definition: toast_internals.c:621
int toast_open_indexes(Relation toastrel, LOCKMODE lock, Relation **toastidxs, int *num_indexes)
Definition: toast_internals.c:562
Definition: pg_list.h:46
static void check_toasted_attribute(HeapCheckContext *ctx, ToastedAttribute *ta)
Definition: verify_heapam.c:1768
static void check_tuple(HeapCheckContext *ctx, bool *xmin_commit_status_ok, XidCommitStatus *xmin_commit_status)
Definition: verify_heapam.c:1826
uint8 visibilitymap_get_status(Relation rel, BlockNumber heapBlk, Buffer *vmbuf)
Definition: visibilitymap.c:341
References AccessShareLock, Assert(), BAS_BULKREAD, BUFFER_LOCK_SHARE, BufferGetPage(), CHECK_FOR_INTERRUPTS, check_toasted_attribute(), check_tuple(), DEBUG1, ereport, errcode(), errdetail_relkind_not_supported(), errhint(), errmsg(), ERROR, fb(), FirstOffsetNumber, FullTransactionIdFromXidAndCtx(), GetAccessStrategy(), GetTransactionSnapshot(), HEAP_HOT_UPDATED, HeapTupleHeaderGetNatts, HeapTupleHeaderGetUpdateXid(), HeapTupleHeaderGetXmin(), HeapTupleHeaderIsHeapOnly(), if(), InitMaterializedSRF(), InvalidBuffer, InvalidOffsetNumber, InvalidTransactionId, ItemIdGetLength, ItemIdGetOffset, ItemIdGetRedirect, ItemIdIsDead, ItemIdIsNormal, ItemIdIsRedirected, ItemIdIsUsed, ItemPointerGetBlockNumber(), ItemPointerGetOffsetNumber(), lfirst, list_free_deep(), LockBuffer(), MAIN_FORKNUM, MAXALIGN, MaxOffsetNumber, NIL, OffsetNumberNext, PageGetItem(), PageGetItemId(), PageGetMaxOffsetNumber(), PG_ARGISNULL, PG_GETARG_BOOL, PG_GETARG_INT64, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_NULL, pg_strcasecmp(), psprintf(), RBM_NORMAL, ReadBufferExtended(), RecoveryInProgress(), relation_close(), relation_open(), RelationGetNumberOfBlocks, RelationGetRelationName, ReleaseBuffer(), report_corruption(), ReturnSetInfo::setDesc, ReturnSetInfo::setResult, SizeofHeapTupleHeader, skip, SKIP_PAGES_ALL_FROZEN, SKIP_PAGES_ALL_VISIBLE, SKIP_PAGES_NONE, HeapTupleHeaderData::t_infomask2, table_close(), table_open(), text_to_cstring(), toast_close_indexes(), toast_open_indexes(), TransactionIdEquals, TransactionIdIsInProgress(), TransactionIdIsNormal, TransactionIdIsValid, UnlockReleaseBuffer(), update_cached_mxid_range(), update_cached_xid_range(), VISIBILITYMAP_ALL_FROZEN, VISIBILITYMAP_ALL_VISIBLE, visibilitymap_get_status(), XID_ABORTED, XID_COMMITTED, XID_IN_PROGRESS, and SnapshotData::xmin.
