verify_heapam.c File Reference
#include "postgres.h"#include "access/detoast.h"#include "access/genam.h"#include "access/heaptoast.h"#include "access/multixact.h"#include "access/relation.h"#include "access/table.h"#include "access/toast_internals.h"#include "access/visibilitymap.h"#include "access/xact.h"#include "catalog/pg_am.h"#include "catalog/pg_class.h"#include "funcapi.h"#include "miscadmin.h"#include "storage/bufmgr.h"#include "storage/procarray.h"#include "storage/read_stream.h"#include "utils/builtins.h"#include "utils/fmgroids.h"#include "utils/rel.h"
Include dependency graph for verify_heapam.c:
Go to the source code of this file.
Data Structures | |
| struct | ToastedAttribute |
| struct | HeapCheckContext |
| struct | HeapCheckReadStreamData |
Macros | |
| #define | HEAPCHECK_RELATION_COLS 4 |
| #define | VARLENA_SIZE_LIMIT 0x3FFFFFFF |
Typedefs | |
| typedef enum XidBoundsViolation | XidBoundsViolation |
| typedef enum XidCommitStatus | XidCommitStatus |
| typedef enum SkipPages | SkipPages |
| typedef struct ToastedAttribute | ToastedAttribute |
| typedef struct HeapCheckContext | HeapCheckContext |
| typedef struct HeapCheckReadStreamData | HeapCheckReadStreamData |
Enumerations | |
| enum | XidBoundsViolation { XID_INVALID , XID_IN_FUTURE , XID_PRECEDES_CLUSTERMIN , XID_PRECEDES_RELMIN , XID_BOUNDS_OK } |
| enum | XidCommitStatus { XID_COMMITTED , XID_IS_CURRENT_XID , XID_IN_PROGRESS , XID_ABORTED } |
| enum | SkipPages { SKIP_PAGES_ALL_FROZEN , SKIP_PAGES_ALL_VISIBLE , SKIP_PAGES_NONE } |
Macro Definition Documentation
◆ HEAPCHECK_RELATION_COLS
| #define HEAPCHECK_RELATION_COLS 4 |
Definition at line 36 of file verify_heapam.c.
◆ VARLENA_SIZE_LIMIT
| #define VARLENA_SIZE_LIMIT 0x3FFFFFFF |
Definition at line 39 of file verify_heapam.c.
Typedef Documentation
◆ HeapCheckContext
| typedef struct HeapCheckContext HeapCheckContext |
◆ HeapCheckReadStreamData
| typedef struct HeapCheckReadStreamData HeapCheckReadStreamData |
◆ SkipPages
◆ ToastedAttribute
| typedef struct ToastedAttribute ToastedAttribute |
◆ XidBoundsViolation
| typedef enum XidBoundsViolation XidBoundsViolation |
◆ XidCommitStatus
| typedef enum XidCommitStatus XidCommitStatus |
Enumeration Type Documentation
◆ SkipPages
| enum SkipPages |
| Enumerator | |
|---|---|
| SKIP_PAGES_ALL_FROZEN | |
| SKIP_PAGES_ALL_VISIBLE | |
| SKIP_PAGES_NONE | |
Definition at line 62 of file verify_heapam.c.
◆ XidBoundsViolation
| enum XidBoundsViolation |
| Enumerator | |
|---|---|
| XID_INVALID | |
| XID_IN_FUTURE | |
| XID_PRECEDES_CLUSTERMIN | |
| XID_PRECEDES_RELMIN | |
| XID_BOUNDS_OK | |
Definition at line 45 of file verify_heapam.c.
◆ XidCommitStatus
| enum XidCommitStatus |
| Enumerator | |
|---|---|
| XID_COMMITTED | |
| XID_IS_CURRENT_XID | |
| XID_IN_PROGRESS | |
| XID_ABORTED | |
Definition at line 54 of file verify_heapam.c.
Function Documentation
◆ check_mxid_in_range()
|
static |
Definition at line 2057 of file verify_heapam.c.
2058{
2068}
bool MultiXactIdPrecedes(MultiXactId multi1, MultiXactId multi2)
Definition: multixact.c:3317
bool MultiXactIdPrecedesOrEquals(MultiXactId multi1, MultiXactId multi2)
Definition: multixact.c:3331
References MultiXactIdPrecedes(), MultiXactIdPrecedesOrEquals(), HeapCheckContext::next_mxact, HeapCheckContext::oldest_mxact, HeapCheckContext::relminmxid, TransactionIdIsValid, XID_BOUNDS_OK, XID_IN_FUTURE, XID_INVALID, XID_PRECEDES_CLUSTERMIN, and XID_PRECEDES_RELMIN.
Referenced by check_mxid_valid_in_rel().
◆ check_mxid_valid_in_rel()
|
static |
Definition at line 2079 of file verify_heapam.c.
2080{
2081 XidBoundsViolation result;
2082
2083 result = check_mxid_in_range(mxid, ctx);
2086
2087 /* The range may have advanced. Recheck. */
2088 update_cached_mxid_range(ctx);
2090}
static XidBoundsViolation check_mxid_in_range(MultiXactId mxid, HeapCheckContext *ctx)
Definition: verify_heapam.c:2057
static void update_cached_mxid_range(HeapCheckContext *ctx)
Definition: verify_heapam.c:2036
References check_mxid_in_range(), update_cached_mxid_range(), and XID_BOUNDS_OK.
Referenced by check_tuple_visibility().
◆ check_toast_tuple()
|
static |
Definition at line 1554 of file verify_heapam.c.
1557{
1558 int32 chunk_seq;
1560 Pointer chunk;
1561 bool isnull;
1562 int32 chunksize;
1563 int32 expected_size;
1564
1565 /* Sanity-check the sequence number. */
1568 if (isnull)
1569 {
1570 report_toast_corruption(ctx, ta,
1573 return;
1574 }
1575 if (chunk_seq != *expected_chunk_seq)
1576 {
1577 /* Either the TOAST index is corrupt, or we don't have all chunks. */
1578 report_toast_corruption(ctx, ta,
1581 chunk_seq, *expected_chunk_seq));
1582 }
1583 *expected_chunk_seq = chunk_seq + 1;
1584
1585 /* Sanity-check the chunk data. */
1588 if (isnull)
1589 {
1590 report_toast_corruption(ctx, ta,
1593 chunk_seq));
1594 return;
1595 }
1599 {
1600 /*
1601 * could happen due to heap_form_tuple doing its thing
1602 */
1604 }
1605 else
1606 {
1607 /* should never happen */
1609
1610 report_toast_corruption(ctx, ta,
1613 chunk_seq, header));
1614 return;
1615 }
1616
1617 /*
1618 * Some checks on the data we've found
1619 */
1620 if (chunk_seq > last_chunk_seq)
1621 {
1622 report_toast_corruption(ctx, ta,
1625 chunk_seq, last_chunk_seq));
1626 return;
1627 }
1628
1629 expected_size = chunk_seq < last_chunk_seq ? TOAST_MAX_CHUNK_SIZE
1630 : extsize - (last_chunk_seq * TOAST_MAX_CHUNK_SIZE);
1631
1632 if (chunksize != expected_size)
1633 report_toast_corruption(ctx, ta,
1636 chunk_seq, chunksize, expected_size));
1637}
static Datum fastgetattr(HeapTuple tup, int attnum, TupleDesc tupleDesc, bool *isnull)
Definition: htup_details.h:861
Definition: varatt.h:112
static void report_toast_corruption(HeapCheckContext *ctx, ToastedAttribute *ta, char *msg)
Definition: verify_heapam.c:967
References DatumGetInt32(), DatumGetPointer(), fastgetattr(), psprintf(), RelationData::rd_att, report_toast_corruption(), TOAST_MAX_CHUNK_SIZE, ToastedAttribute::toast_pointer, HeapCheckContext::toast_rel, varatt_external::va_valueid, VARATT_IS_EXTENDED, VARATT_IS_SHORT, VARHDRSZ, VARHDRSZ_SHORT, VARSIZE, and VARSIZE_SHORT.
Referenced by check_toasted_attribute().
◆ check_toasted_attribute()
|
static |
Definition at line 1860 of file verify_heapam.c.
1861{
1862 ScanKeyData toastkey;
1863 SysScanDesc toastscan;
1864 bool found_toasttup;
1865 HeapTuple toasttup;
1866 uint32 extsize;
1867 int32 expected_chunk_seq = 0;
1868 int32 last_chunk_seq;
1869
1871 last_chunk_seq = (extsize - 1) / TOAST_MAX_CHUNK_SIZE;
1872
1873 /*
1874 * Setup a scan key to find chunks in toast table with matching va_valueid
1875 */
1876 ScanKeyInit(&toastkey,
1877 (AttrNumber) 1,
1878 BTEqualStrategyNumber, F_OIDEQ,
1880
1881 /*
1882 * Check if any chunks for this toasted object exist in the toast table,
1883 * accessible via the index.
1884 */
1886 ctx->valid_toast_index,
1887 get_toast_snapshot(), 1,
1888 &toastkey);
1889 found_toasttup = false;
1890 while ((toasttup =
1891 systable_getnext_ordered(toastscan,
1892 ForwardScanDirection)) != NULL)
1893 {
1894 found_toasttup = true;
1895 check_toast_tuple(toasttup, ctx, ta, &expected_chunk_seq, extsize);
1896 }
1897 systable_endscan_ordered(toastscan);
1898
1899 if (!found_toasttup)
1900 report_toast_corruption(ctx, ta,
1903 else if (expected_chunk_seq <= last_chunk_seq)
1904 report_toast_corruption(ctx, ta,
1907 last_chunk_seq, expected_chunk_seq));
1908}
SysScanDesc systable_beginscan_ordered(Relation heapRelation, Relation indexRelation, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:650
HeapTuple systable_getnext_ordered(SysScanDesc sysscan, ScanDirection direction)
Definition: genam.c:732
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
Definition: htup.h:63
Definition: skey.h:65
Definition: relscan.h:208
#define VARATT_EXTERNAL_GET_EXTSIZE(toast_pointer)
Definition: varatt.h:334
static void check_toast_tuple(HeapTuple toasttup, HeapCheckContext *ctx, ToastedAttribute *ta, int32 *expected_chunk_seq, uint32 extsize)
Definition: verify_heapam.c:1554
References BTEqualStrategyNumber, check_toast_tuple(), ForwardScanDirection, get_toast_snapshot(), ObjectIdGetDatum(), psprintf(), report_toast_corruption(), ScanKeyInit(), systable_beginscan_ordered(), systable_endscan_ordered(), systable_getnext_ordered(), TOAST_MAX_CHUNK_SIZE, ToastedAttribute::toast_pointer, HeapCheckContext::toast_rel, varatt_external::va_valueid, HeapCheckContext::valid_toast_index, and VARATT_EXTERNAL_GET_EXTSIZE.
Referenced by verify_heapam().
◆ check_tuple()
|
static |
Definition at line 1918 of file verify_heapam.c.
1920{
1921 /*
1922 * Check various forms of tuple header corruption, and if the header is
1923 * too corrupt, do not continue with other checks.
1924 */
1926 return;
1927
1928 /*
1929 * Check tuple visibility. If the inserting transaction aborted, we
1930 * cannot assume our relation description matches the tuple structure, and
1931 * therefore cannot check it.
1932 */
1934 xmin_commit_status))
1935 return;
1936
1937 /*
1938 * The tuple is visible, so it must be compatible with the current version
1939 * of the relation descriptor. It might have fewer columns than are
1940 * present in the relation descriptor, but it cannot have more.
1941 */
1943 {
1944 report_corruption(ctx,
1946 ctx->natts,
1948 return;
1949 }
1950
1951 /*
1952 * Check each attribute unless we hit corruption that confuses what to do
1953 * next, at which point we abort further attribute checks for this tuple.
1954 * Note that we don't abort for all types of corruption, only for those
1955 * types where we don't know how to continue. We also don't abort the
1956 * checking of toasted attributes collected from the tuple prior to
1957 * aborting. Those will still be checked later along with other toasted
1958 * attributes collected from the page.
1959 */
1960 ctx->offset = 0;
1963 break; /* cannot continue */
1964
1965 /* revert attnum to -1 until we again examine individual attributes */
1966 ctx->attnum = -1;
1967}
static bool check_tuple_visibility(HeapCheckContext *ctx, bool *xmin_commit_status_ok, XidCommitStatus *xmin_commit_status)
Definition: verify_heapam.c:1112
static bool check_tuple_header(HeapCheckContext *ctx)
Definition: verify_heapam.c:999
static bool check_tuple_attribute(HeapCheckContext *ctx)
Definition: verify_heapam.c:1660
static void report_corruption(HeapCheckContext *ctx, char *msg)
Definition: verify_heapam.c:951
References HeapCheckContext::attnum, check_tuple_attribute(), check_tuple_header(), check_tuple_visibility(), HeapCheckContext::natts, HeapCheckContext::offset, psprintf(), HeapCheckContext::rel, RelationGetDescr, and report_corruption().
Referenced by verify_heapam().
◆ check_tuple_attribute()
|
static |
Definition at line 1660 of file verify_heapam.c.
1661{
1662 Datum attdatum;
1664 char *tp; /* pointer to the tuple data */
1665 uint16 infomask;
1666 CompactAttribute *thisatt;
1668
1671
1673
1675 {
1676 report_corruption(ctx,
1678 thisatt->attlen,
1680 ctx->lp_len));
1681 return false;
1682 }
1683
1684 /* Skip null values */
1686 return true;
1687
1688 /* Skip non-varlena values, but update offset first */
1690 {
1693 tp + ctx->offset);
1695 {
1696 report_corruption(ctx,
1698 thisatt->attlen,
1700 ctx->lp_len));
1701 return false;
1702 }
1703 return true;
1704 }
1705
1706 /* Ok, we're looking at a varlena attribute. */
1708 tp + ctx->offset);
1709
1710 /* Get the (possibly corrupt) varlena datum */
1712
1713 /*
1714 * We have the datum, but we cannot decode it carelessly, as it may still
1715 * be corrupt.
1716 */
1717
1718 /*
1719 * Check that VARTAG_SIZE won't hit an Assert on a corrupt va_tag before
1720 * risking a call into att_addlength_pointer
1721 */
1723 {
1725
1727 {
1728 report_corruption(ctx,
1730 va_tag));
1731 /* We can't know where the next attribute begins */
1732 return false;
1733 }
1734 }
1735
1736 /* Ok, should be safe now */
1738 tp + ctx->offset);
1739
1741 {
1742 report_corruption(ctx,
1744 thisatt->attlen,
1746 ctx->lp_len));
1747
1748 return false;
1749 }
1750
1751 /*
1752 * heap_deform_tuple would be done with this attribute at this point,
1753 * having stored it in values[], and would continue to the next attribute.
1754 * We go further, because we need to check if the toast datum is corrupt.
1755 */
1756
1758
1759 /*
1760 * Now we follow the logic of detoast_external_attr(), with the same
1761 * caveats about being paranoid about corruption.
1762 */
1763
1764 /* Skip values that are not external */
1766 return true;
1767
1768 /* It is external, and we're looking at a page on disk */
1769
1770 /*
1771 * Must copy attr into toast_pointer for alignment considerations
1772 */
1773 VARATT_EXTERNAL_GET_POINTER(toast_pointer, attr);
1774
1775 /* Toasted attributes too large to be untoasted should never be stored */
1777 report_corruption(ctx,
1779 toast_pointer.va_valueid,
1780 toast_pointer.va_rawsize,
1781 VARLENA_SIZE_LIMIT));
1782
1784 {
1785 ToastCompressionId cmid;
1786 bool valid = false;
1787
1788 /* Compressed attributes should have a valid compression method */
1789 cmid = TOAST_COMPRESS_METHOD(&toast_pointer);
1790 switch (cmid)
1791 {
1792 /* List of all valid compression method IDs */
1795 valid = true;
1796 break;
1797
1798 /* Recognized but invalid compression method ID */
1800 break;
1801
1802 /* Intentionally no default here */
1803 }
1804 if (!valid)
1805 report_corruption(ctx,
1807 toast_pointer.va_valueid, cmid));
1808 }
1809
1810 /* The tuple header better claim to contain toasted values */
1812 {
1813 report_corruption(ctx,
1815 toast_pointer.va_valueid));
1816 return true;
1817 }
1818
1819 /* The relation better have a toast table */
1821 {
1822 report_corruption(ctx,
1824 toast_pointer.va_valueid));
1825 return true;
1826 }
1827
1828 /* If we were told to skip toast checking, then we're done. */
1830 return true;
1831
1832 /*
1833 * If this tuple is eligible to be pruned, we cannot check the toast.
1834 * Otherwise, we push a copy of the toast tuple so we can check it after
1835 * releasing the main table buffer lock.
1836 */
1838 {
1839 ToastedAttribute *ta;
1840
1842
1848 }
1849
1850 return true;
1851}
#define VARATT_EXTERNAL_GET_POINTER(toast_pointer, attr)
Definition: detoast.h:22
Definition: tupdesc.h:69
Definition: verify_heapam.c:75
Definition: varatt.h:33
static CompactAttribute * TupleDescCompactAttr(TupleDesc tupdesc, int i)
Definition: tupdesc.h:175
#define att_addlength_pointer(cur_offset, attlen, attptr)
Definition: tupmacs.h:185
#define att_pointer_alignby(cur_offset, attalignby, attlen, attptr)
Definition: tupmacs.h:129
#define VARATT_EXTERNAL_IS_COMPRESSED(toast_pointer)
Definition: varatt.h:354
References att_addlength_pointer, att_isnull(), att_nominal_alignby, att_pointer_alignby, CompactAttribute::attalignby, CompactAttribute::attlen, ToastedAttribute::attnum, HeapCheckContext::attnum, ToastedAttribute::blkno, HeapCheckContext::blkno, DatumGetPointer(), fetchatt, HEAP_HASEXTERNAL, HEAP_HASNULL, if(), lappend(), HeapCheckContext::lp_len, ToastedAttribute::offnum, HeapCheckContext::offnum, HeapCheckContext::offset, palloc0(), psprintf(), RelationData::rd_rel, HeapCheckContext::rel, RelationGetDescr, report_corruption(), HeapTupleHeaderData::t_bits, HeapTupleHeaderData::t_hoff, HeapTupleHeaderData::t_infomask, TOAST_COMPRESS_METHOD, TOAST_INVALID_COMPRESSION_ID, TOAST_LZ4_COMPRESSION_ID, TOAST_PGLZ_COMPRESSION_ID, ToastedAttribute::toast_pointer, HeapCheckContext::toast_rel, HeapCheckContext::toasted_attributes, HeapCheckContext::tuphdr, HeapCheckContext::tuple_could_be_pruned, TupleDescCompactAttr(), varatt_external::va_rawsize, varatt_external::va_valueid, VARATT_EXTERNAL_GET_POINTER, VARATT_EXTERNAL_IS_COMPRESSED, VARATT_IS_EXTERNAL, VARLENA_SIZE_LIMIT, VARTAG_EXTERNAL, and VARTAG_ONDISK.
Referenced by check_tuple().
◆ check_tuple_header()
|
static |
Definition at line 999 of file verify_heapam.c.
1000{
1004 bool result = true;
1005 unsigned expected_hoff;
1006
1008 {
1009 report_corruption(ctx,
1012 result = false;
1013 }
1014
1017 {
1018 report_corruption(ctx,
1020
1021 /*
1022 * This condition is clearly wrong, but it's not enough to justify
1023 * skipping further checks, because we don't rely on this to determine
1024 * whether the tuple is visible or to interpret other relevant header
1025 * fields.
1026 */
1027 }
1028
1030 HeapTupleHeaderIsHotUpdated(tuphdr))
1031 {
1032 report_corruption(ctx,
1034
1035 /*
1036 * As above, even though this shouldn't happen, it's not sufficient
1037 * justification for skipping further checks, we should still be able
1038 * to perform sensibly.
1039 */
1040 }
1041
1044 {
1045 report_corruption(ctx,
1047
1048 /* Here again, we can still perform further checks. */
1049 }
1050
1053 else
1056 {
1058 report_corruption(ctx,
1059 psprintf("tuple data should begin at byte %u, but actually begins at byte %u (1 attribute, has nulls)",
1062 report_corruption(ctx,
1063 psprintf("tuple data should begin at byte %u, but actually begins at byte %u (%u attributes, has nulls)",
1066 report_corruption(ctx,
1067 psprintf("tuple data should begin at byte %u, but actually begins at byte %u (1 attribute, no nulls)",
1069 else
1070 report_corruption(ctx,
1071 psprintf("tuple data should begin at byte %u, but actually begins at byte %u (%u attributes, no nulls)",
1073 result = false;
1074 }
1075
1076 return result;
1077}
static bool HeapTupleHeaderIsHeapOnly(const HeapTupleHeaderData *tup)
Definition: htup_details.h:555
static bool HeapTupleHeaderIsHotUpdated(const HeapTupleHeaderData *tup)
Definition: htup_details.h:534
static TransactionId HeapTupleHeaderGetUpdateXid(const HeapTupleHeaderData *tup)
Definition: htup_details.h:397
Definition: htup_details.h:154
References BITMAPLEN(), HEAP_HASNULL, HEAP_UPDATED, HEAP_XMAX_COMMITTED, HEAP_XMAX_IS_MULTI, HeapTupleHeaderGetUpdateXid(), HeapTupleHeaderIsHeapOnly(), HeapTupleHeaderIsHotUpdated(), HeapCheckContext::lp_len, MAXALIGN, HeapCheckContext::natts, psprintf(), pstrdup(), report_corruption(), SizeofHeapTupleHeader, HeapTupleHeaderData::t_hoff, HeapTupleHeaderData::t_infomask, TransactionIdIsValid, and HeapCheckContext::tuphdr.
Referenced by check_tuple().
◆ check_tuple_visibility()
|
static |
Definition at line 1112 of file verify_heapam.c.
1114{
1115 TransactionId xmin;
1116 TransactionId xvac;
1117 TransactionId xmax;
1118 XidCommitStatus xmin_status;
1119 XidCommitStatus xvac_status;
1120 XidCommitStatus xmax_status;
1122
1124 *xmin_commit_status_ok = false; /* have not yet proven otherwise */
1125
1126 /* If xmin is normal, it should be within valid range */
1127 xmin = HeapTupleHeaderGetXmin(tuphdr);
1129 {
1131 /* Could be the result of a speculative insertion that aborted. */
1132 return false;
1134 *xmin_commit_status_ok = true;
1135 *xmin_commit_status = xmin_status;
1136 break;
1138 report_corruption(ctx,
1140 xmin,
1143 return false;
1145 report_corruption(ctx,
1147 xmin,
1150 return false;
1152 report_corruption(ctx,
1154 xmin,
1157 return false;
1158 }
1159
1160 /*
1161 * Has inserting transaction committed?
1162 */
1164 {
1166 return false; /* inserter aborted, don't check */
1167 /* Used by pre-9.0 binary upgrades */
1169 {
1170 xvac = HeapTupleHeaderGetXvac(tuphdr);
1171
1173 {
1175 report_corruption(ctx,
1177 return false;
1179 report_corruption(ctx,
1180 psprintf("old-style VACUUM FULL transaction ID %u for moved off tuple equals or exceeds next valid transaction ID %u:%u",
1181 xvac,
1184 return false;
1186 report_corruption(ctx,
1187 psprintf("old-style VACUUM FULL transaction ID %u for moved off tuple precedes relation freeze threshold %u:%u",
1188 xvac,
1191 return false;
1193 report_corruption(ctx,
1194 psprintf("old-style VACUUM FULL transaction ID %u for moved off tuple precedes oldest valid transaction ID %u:%u",
1195 xvac,
1198 return false;
1200 break;
1201 }
1202
1203 switch (xvac_status)
1204 {
1206 report_corruption(ctx,
1207 psprintf("old-style VACUUM FULL transaction ID %u for moved off tuple matches our current transaction ID",
1208 xvac));
1209 return false;
1211 report_corruption(ctx,
1212 psprintf("old-style VACUUM FULL transaction ID %u for moved off tuple appears to be in progress",
1213 xvac));
1214 return false;
1215
1217
1218 /*
1219 * The tuple is dead, because the xvac transaction moved
1220 * it off and committed. It's checkable, but also
1221 * prunable.
1222 */
1223 return true;
1224
1226
1227 /*
1228 * The original xmin must have committed, because the xvac
1229 * transaction tried to move it later. Since xvac is
1230 * aborted, whether it's still alive now depends on the
1231 * status of xmax.
1232 */
1233 break;
1234 }
1235 }
1236 /* Used by pre-9.0 binary upgrades */
1238 {
1239 xvac = HeapTupleHeaderGetXvac(tuphdr);
1240
1242 {
1244 report_corruption(ctx,
1246 return false;
1248 report_corruption(ctx,
1249 psprintf("old-style VACUUM FULL transaction ID %u for moved in tuple equals or exceeds next valid transaction ID %u:%u",
1250 xvac,
1253 return false;
1255 report_corruption(ctx,
1256 psprintf("old-style VACUUM FULL transaction ID %u for moved in tuple precedes relation freeze threshold %u:%u",
1257 xvac,
1260 return false;
1262 report_corruption(ctx,
1263 psprintf("old-style VACUUM FULL transaction ID %u for moved in tuple precedes oldest valid transaction ID %u:%u",
1264 xvac,
1267 return false;
1269 break;
1270 }
1271
1272 switch (xvac_status)
1273 {
1275 report_corruption(ctx,
1276 psprintf("old-style VACUUM FULL transaction ID %u for moved in tuple matches our current transaction ID",
1277 xvac));
1278 return false;
1280 report_corruption(ctx,
1281 psprintf("old-style VACUUM FULL transaction ID %u for moved in tuple appears to be in progress",
1282 xvac));
1283 return false;
1284
1286
1287 /*
1288 * The original xmin must have committed, because the xvac
1289 * transaction moved it later. Whether it's still alive
1290 * now depends on the status of xmax.
1291 */
1292 break;
1293
1295
1296 /*
1297 * The tuple is dead, because the xvac transaction moved
1298 * it off and committed. It's checkable, but also
1299 * prunable.
1300 */
1301 return true;
1302 }
1303 }
1305 {
1306 /*
1307 * Inserting transaction is not in progress, and not committed, so
1308 * it might have changed the TupleDesc in ways we don't know
1309 * about. Thus, don't try to check the tuple structure.
1310 *
1311 * If xmin_status happens to be XID_IS_CURRENT_XID, then in theory
1312 * any such DDL changes ought to be visible to us, so perhaps we
1313 * could check anyway in that case. But, for now, let's be
1314 * conservative and treat this like any other uncommitted insert.
1315 */
1316 return false;
1317 }
1318 }
1319
1320 /*
1321 * Okay, the inserter committed, so it was good at some point. Now what
1322 * about the deleting transaction?
1323 */
1324
1326 {
1327 /*
1328 * xmax is a multixact, so sanity-check the MXID. Note that we do this
1329 * prior to checking for HEAP_XMAX_INVALID or
1330 * HEAP_XMAX_IS_LOCKED_ONLY. This might therefore complain about
1331 * things that wouldn't actually be a problem during a normal scan,
1332 * but eventually we're going to have to freeze, and that process will
1333 * ignore hint bits.
1334 *
1335 * Even if the MXID is out of range, we still know that the original
1336 * insert committed, so we can check the tuple itself. However, we
1337 * can't rule out the possibility that this tuple is dead, so don't
1338 * clear ctx->tuple_could_be_pruned. Possibly we should go ahead and
1339 * clear that flag anyway if HEAP_XMAX_INVALID is set or if
1340 * HEAP_XMAX_IS_LOCKED_ONLY is true, but for now we err on the side of
1341 * avoiding possibly-bogus complaints about missing TOAST entries.
1342 */
1343 xmax = HeapTupleHeaderGetRawXmax(tuphdr);
1345 {
1347 report_corruption(ctx,
1349 return true;
1351 report_corruption(ctx,
1353 xmax, ctx->relminmxid));
1354 return true;
1356 report_corruption(ctx,
1358 xmax, ctx->oldest_mxact));
1359 return true;
1361 report_corruption(ctx,
1363 xmax,
1364 ctx->next_mxact));
1365 return true;
1367 break;
1368 }
1369 }
1370
1372 {
1373 /*
1374 * This tuple is live. A concurrently running transaction could
1375 * delete it before we get around to checking the toast, but any such
1376 * running transaction is surely not less than our safe_xmin, so the
1377 * toast cannot be vacuumed out from under us.
1378 */
1380 return true;
1381 }
1382
1384 {
1385 /*
1386 * "Deleting" xact really only locked it, so the tuple is live in any
1387 * case. As above, a concurrently running transaction could delete
1388 * it, but it cannot be vacuumed out from under us.
1389 */
1391 return true;
1392 }
1393
1395 {
1396 /*
1397 * We already checked above that this multixact is within limits for
1398 * this table. Now check the update xid from this multixact.
1399 */
1400 xmax = HeapTupleGetUpdateXid(tuphdr);
1402 {
1404 /* not LOCKED_ONLY, so it has to have an xmax */
1405 report_corruption(ctx,
1407 return true;
1409 report_corruption(ctx,
1411 xmax,
1414 return true;
1416 report_corruption(ctx,
1418 xmax,
1421 return true;
1423 report_corruption(ctx,
1425 xmax,
1428 return true;
1430 break;
1431 }
1432
1433 switch (xmax_status)
1434 {
1437
1438 /*
1439 * The delete is in progress, so it cannot be visible to our
1440 * snapshot.
1441 */
1443 break;
1445
1446 /*
1447 * The delete committed. Whether the toast can be vacuumed
1448 * away depends on how old the deleting transaction is.
1449 */
1451 ctx->safe_xmin);
1452 break;
1454
1455 /*
1456 * The delete aborted or crashed. The tuple is still live.
1457 */
1459 break;
1460 }
1461
1462 /* Tuple itself is checkable even if it's dead. */
1463 return true;
1464 }
1465
1466 /* xmax is an XID, not a MXID. Sanity check it. */
1467 xmax = HeapTupleHeaderGetRawXmax(tuphdr);
1469 {
1472 return true;
1474 report_corruption(ctx,
1476 xmax,
1479 return false; /* corrupt */
1481 report_corruption(ctx,
1483 xmax,
1486 return false; /* corrupt */
1488 report_corruption(ctx,
1490 xmax,
1493 return false; /* corrupt */
1495 break;
1496 }
1497
1498 /*
1499 * Whether the toast can be vacuumed away depends on how old the deleting
1500 * transaction is.
1501 */
1502 switch (xmax_status)
1503 {
1506
1507 /*
1508 * The delete is in progress, so it cannot be visible to our
1509 * snapshot.
1510 */
1512 break;
1513
1515
1516 /*
1517 * The delete committed. Whether the toast can be vacuumed away
1518 * depends on how old the deleting transaction is.
1519 */
1521 ctx->safe_xmin);
1522 break;
1523
1525
1526 /*
1527 * The delete aborted or crashed. The tuple is still live.
1528 */
1530 break;
1531 }
1532
1533 /* Tuple itself is checkable even if it's dead. */
1534 return true;
1535}
TransactionId HeapTupleGetUpdateXid(const HeapTupleHeaderData *tup)
Definition: heapam.c:7543
static bool HEAP_XMAX_IS_LOCKED_ONLY(uint16 infomask)
Definition: htup_details.h:226
static bool HeapTupleHeaderXminInvalid(const HeapTupleHeaderData *tup)
Definition: htup_details.h:343
static TransactionId HeapTupleHeaderGetXvac(const HeapTupleHeaderData *tup)
Definition: htup_details.h:442
static TransactionId HeapTupleHeaderGetRawXmax(const HeapTupleHeaderData *tup)
Definition: htup_details.h:377
static TransactionId HeapTupleHeaderGetXmin(const HeapTupleHeaderData *tup)
Definition: htup_details.h:324
static bool HeapTupleHeaderXminCommitted(const HeapTupleHeaderData *tup)
Definition: htup_details.h:337
bool TransactionIdPrecedes(TransactionId id1, TransactionId id2)
Definition: transam.c:280
static XidBoundsViolation check_mxid_valid_in_rel(MultiXactId mxid, HeapCheckContext *ctx)
Definition: verify_heapam.c:2079
static XidBoundsViolation get_xid_status(TransactionId xid, HeapCheckContext *ctx, XidCommitStatus *status)
Definition: verify_heapam.c:2111
References check_mxid_valid_in_rel(), EpochFromFullTransactionId, get_xid_status(), HEAP_MOVED_IN, HEAP_MOVED_OFF, HEAP_XMAX_INVALID, HEAP_XMAX_IS_LOCKED_ONLY(), HEAP_XMAX_IS_MULTI, HeapTupleGetUpdateXid(), HeapTupleHeaderGetRawXmax(), HeapTupleHeaderGetXmin(), HeapTupleHeaderGetXvac(), HeapTupleHeaderXminCommitted(), HeapTupleHeaderXminInvalid(), HeapCheckContext::next_fxid, HeapCheckContext::next_mxact, HeapCheckContext::oldest_fxid, HeapCheckContext::oldest_mxact, psprintf(), pstrdup(), HeapCheckContext::relfrozenfxid, HeapCheckContext::relminmxid, report_corruption(), HeapCheckContext::safe_xmin, HeapTupleHeaderData::t_infomask, TransactionIdPrecedes(), HeapCheckContext::tuphdr, HeapCheckContext::tuple_could_be_pruned, XID_ABORTED, XID_BOUNDS_OK, XID_COMMITTED, XID_IN_FUTURE, XID_IN_PROGRESS, XID_INVALID, XID_IS_CURRENT_XID, XID_PRECEDES_CLUSTERMIN, XID_PRECEDES_RELMIN, and XidFromFullTransactionId.
Referenced by check_tuple().
◆ FullTransactionIdFromXidAndCtx()
|
static |
Definition at line 1977 of file verify_heapam.c.
1978{
1979 uint64 nextfxid_i;
1980 int32 diff;
1981 FullTransactionId fxid;
1982
1986
1989
1991
1992 /* compute the 32bit modulo difference */
1994
1995 /*
1996 * In cases of corruption we might see a 32bit xid that is before epoch 0.
1997 * We can't represent that as a 64bit xid, due to 64bit xids being
1998 * unsigned integers, without the modulo arithmetic of 32bit xid. There's
1999 * no really nice way to deal with that, but it works ok enough to use
2000 * FirstNormalFullTransactionId in that case, as a freshly initdb'd
2001 * cluster already has a newer horizon.
2002 */
2004 {
2006 fxid = FirstNormalFullTransactionId;
2007 }
2008 else
2009 fxid = FullTransactionIdFromU64(nextfxid_i - diff);
2010
2012 return fxid;
2013}
Assert(PointerIsAligned(start, uint64))
Definition: transam.h:66
static FullTransactionId FullTransactionIdFromU64(uint64 value)
Definition: transam.h:81
static FullTransactionId FullTransactionIdFromEpochAndXid(uint32 epoch, TransactionId xid)
Definition: transam.h:71
References Assert(), EpochFromFullTransactionId, FirstNormalFullTransactionId, FirstNormalTransactionId, FullTransactionIdFromEpochAndXid(), FullTransactionIdFromU64(), FullTransactionIdIsNormal, HeapCheckContext::next_fxid, HeapCheckContext::next_xid, TransactionIdIsNormal, U64FromFullTransactionId, and XidFromFullTransactionId.
Referenced by get_xid_status(), update_cached_xid_range(), and verify_heapam().
◆ fxid_in_cached_range()
|
inlinestatic |
Definition at line 2046 of file verify_heapam.c.
References FullTransactionIdPrecedes, FullTransactionIdPrecedesOrEquals, HeapCheckContext::next_fxid, and HeapCheckContext::oldest_fxid.
Referenced by get_xid_status().
◆ get_xid_status()
|
static |
Definition at line 2111 of file verify_heapam.c.
2113{
2114 FullTransactionId fxid;
2115 FullTransactionId clog_horizon;
2116
2117 /* Quick check for special xids */
2121 {
2122 if (status != NULL)
2123 *status = XID_COMMITTED;
2125 }
2126
2127 /* Check if the xid is within bounds */
2128 fxid = FullTransactionIdFromXidAndCtx(xid, ctx);
2130 {
2131 /*
2132 * We may have been checking against stale values. Update the cached
2133 * range to be sure, and since we relied on the cached range when we
2134 * performed the full xid conversion, reconvert.
2135 */
2136 update_cached_xid_range(ctx);
2137 fxid = FullTransactionIdFromXidAndCtx(xid, ctx);
2138 }
2139
2146
2147 /* Early return if the caller does not request clog checking */
2148 if (status == NULL)
2150
2151 /* Early return if we just checked this xid in a prior call */
2153 {
2154 *status = ctx->cached_status;
2156 }
2157
2158 *status = XID_COMMITTED;
2160 clog_horizon =
2162 ctx);
2164 {
2166 *status = XID_IS_CURRENT_XID;
2168 *status = XID_IN_PROGRESS;
2170 *status = XID_COMMITTED;
2171 else
2172 *status = XID_ABORTED;
2173 }
2174 LWLockRelease(XactTruncationLock);
2175 ctx->cached_xid = xid;
2176 ctx->cached_status = *status;
2178}
bool TransactionIdIsInProgress(TransactionId xid)
Definition: procarray.c:1402
bool TransactionIdDidCommit(TransactionId transactionId)
Definition: transam.c:126
static bool fxid_in_cached_range(FullTransactionId fxid, const HeapCheckContext *ctx)
Definition: verify_heapam.c:2046
static void update_cached_xid_range(HeapCheckContext *ctx)
Definition: verify_heapam.c:2019
static FullTransactionId FullTransactionIdFromXidAndCtx(TransactionId xid, const HeapCheckContext *ctx)
Definition: verify_heapam.c:1977
bool TransactionIdIsCurrentTransactionId(TransactionId xid)
Definition: xact.c:941
References BootstrapTransactionId, HeapCheckContext::cached_status, HeapCheckContext::cached_xid, FrozenTransactionId, FullTransactionIdFromXidAndCtx(), FullTransactionIdPrecedes, FullTransactionIdPrecedesOrEquals, fxid_in_cached_range(), LW_SHARED, LWLockAcquire(), LWLockRelease(), HeapCheckContext::next_fxid, HeapCheckContext::oldest_fxid, TransamVariablesData::oldestClogXid, HeapCheckContext::relfrozenfxid, TransactionIdDidCommit(), TransactionIdIsCurrentTransactionId(), TransactionIdIsInProgress(), TransactionIdIsValid, TransamVariables, update_cached_xid_range(), XID_ABORTED, XID_BOUNDS_OK, XID_COMMITTED, XID_IN_FUTURE, XID_IN_PROGRESS, XID_INVALID, XID_IS_CURRENT_XID, XID_PRECEDES_CLUSTERMIN, and XID_PRECEDES_RELMIN.
Referenced by check_tuple_visibility().
◆ heapcheck_read_stream_next_unskippable()
|
static |
Definition at line 881 of file verify_heapam.c.
884{
885 HeapCheckReadStreamData *p = callback_private_data;
886
887 /* Loops over [current_blocknum, last_exclusive) blocks */
889 {
891
893 {
895 continue;
896 }
897
899 {
901 continue;
902 }
903
905 }
906
908}
BlockNumber current_blocknum
Definition: read_stream.h:72
Definition: verify_heapam.c:166
uint8 visibilitymap_get_status(Relation rel, BlockNumber heapBlk, Buffer *vmbuf)
Definition: visibilitymap.c:341
References BlockRangeReadStreamPrivate::current_blocknum, i, InvalidBlockNumber, BlockRangeReadStreamPrivate::last_exclusive, HeapCheckReadStreamData::range, HeapCheckReadStreamData::rel, HeapCheckReadStreamData::skip_option, SKIP_PAGES_ALL_FROZEN, SKIP_PAGES_ALL_VISIBLE, VISIBILITYMAP_ALL_FROZEN, VISIBILITYMAP_ALL_VISIBLE, visibilitymap_get_status(), and HeapCheckReadStreamData::vmbuffer.
Referenced by verify_heapam().
◆ PG_FUNCTION_INFO_V1()
| PG_FUNCTION_INFO_V1 | ( | verify_heapam | ) |
◆ report_corruption()
|
static |
Definition at line 951 of file verify_heapam.c.
952{
956}
static void report_corruption_internal(Tuplestorestate *tupstore, TupleDesc tupdesc, BlockNumber blkno, OffsetNumber offnum, AttrNumber attnum, char *msg)
Definition: verify_heapam.c:915
References HeapCheckContext::attnum, HeapCheckContext::blkno, HeapCheckContext::is_corrupt, HeapCheckContext::offnum, report_corruption_internal(), HeapCheckContext::tupdesc, and HeapCheckContext::tupstore.
Referenced by check_tuple(), check_tuple_attribute(), check_tuple_header(), check_tuple_visibility(), and verify_heapam().
◆ report_corruption_internal()
|
static |
Definition at line 915 of file verify_heapam.c.
918{
921 HeapTuple tuple;
922
926 nulls[2] = (attnum < 0);
928
929 /*
930 * In principle, there is nothing to prevent a scan over a large, highly
931 * corrupted table from using work_mem worth of memory building up the
932 * tuplestore. That's ok, but if we also leak the msg argument memory
933 * until the end of the query, we could exceed work_mem by more than a
934 * trivial amount. Therefore, free the msg argument each time we are
935 * called rather than waiting for our current memory context to be freed.
936 */
937 pfree(msg);
938
940 tuplestore_puttuple(tupstore, tuple);
941}
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, const Datum *values, const bool *isnull)
Definition: heaptuple.c:1117
void tuplestore_puttuple(Tuplestorestate *state, HeapTuple tuple)
Definition: tuplestore.c:764
References attnum, CStringGetTextDatum, heap_form_tuple(), HEAPCHECK_RELATION_COLS, Int32GetDatum(), Int64GetDatum(), pfree(), tuplestore_puttuple(), and values.
Referenced by report_corruption(), and report_toast_corruption().
◆ report_toast_corruption()
|
static |
Definition at line 967 of file verify_heapam.c.
969{
973}
References ToastedAttribute::attnum, ToastedAttribute::blkno, HeapCheckContext::is_corrupt, ToastedAttribute::offnum, report_corruption_internal(), HeapCheckContext::tupdesc, and HeapCheckContext::tupstore.
Referenced by check_toast_tuple(), and check_toasted_attribute().
◆ update_cached_mxid_range()
|
static |
Definition at line 2036 of file verify_heapam.c.
2037{
2039}
void ReadMultiXactIdRange(MultiXactId *oldest, MultiXactId *next)
Definition: multixact.c:791
References HeapCheckContext::next_mxact, HeapCheckContext::oldest_mxact, and ReadMultiXactIdRange().
Referenced by check_mxid_valid_in_rel(), and verify_heapam().
◆ update_cached_xid_range()
|
static |
Definition at line 2019 of file verify_heapam.c.
2020{
2021 /* Make cached copies */
2025 LWLockRelease(XidGenLock);
2026
2027 /* And compute alternate versions of the same */
2030}
References FullTransactionIdFromXidAndCtx(), LW_SHARED, LWLockAcquire(), LWLockRelease(), HeapCheckContext::next_fxid, HeapCheckContext::next_xid, TransamVariablesData::nextXid, HeapCheckContext::oldest_fxid, HeapCheckContext::oldest_xid, TransamVariablesData::oldestXid, TransamVariables, and XidFromFullTransactionId.
Referenced by get_xid_status(), and verify_heapam().
◆ verify_heapam()
| Datum verify_heapam | ( | PG_FUNCTION_ARGS | ) |
Definition at line 250 of file verify_heapam.c.
251{
253 HeapCheckContext ctx;
255 Oid relid;
256 bool on_error_stop;
257 bool check_toast;
259 BlockNumber first_block;
260 BlockNumber last_block;
261 BlockNumber nblocks;
263 ReadStream *stream;
264 int stream_flags;
265 ReadStreamBlockNumberCB stream_cb;
266 void *stream_data;
267 HeapCheckReadStreamData stream_skip_data;
268
269 /* Check supplied arguments */
272 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
274 relid = PG_GETARG_OID(0);
275
278 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
280 on_error_stop = PG_GETARG_BOOL(1);
281
284 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
286 check_toast = PG_GETARG_BOOL(2);
287
290 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
294 skip_option = SKIP_PAGES_ALL_VISIBLE;
296 skip_option = SKIP_PAGES_ALL_FROZEN;
298 skip_option = SKIP_PAGES_NONE;
299 else
301 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
304
306 ctx.cached_xid = InvalidTransactionId;
307 ctx.toasted_attributes = NIL;
308
309 /*
310 * Any xmin newer than the xmin of our snapshot can't become all-visible
311 * while we're running.
312 */
314
315 /*
316 * If we report corruption when not examining some individual attribute,
317 * we need attnum to be reported as NULL. Set that up before any
318 * corruption reporting might happen.
319 */
320 ctx.attnum = -1;
321
322 /* Construct the tuplestore and tuple descriptor */
323 InitMaterializedSRF(fcinfo, 0);
324 ctx.tupdesc = rsinfo->setDesc;
325 ctx.tupstore = rsinfo->setResult;
326
327 /* Open relation, check relkind and access method */
329
330 /*
331 * Check that a relation's relkind and access method are both supported.
332 */
333 if (!RELKIND_HAS_TABLE_AM(ctx.rel->rd_rel->relkind) &&
334 ctx.rel->rd_rel->relkind != RELKIND_SEQUENCE)
336 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
338 RelationGetRelationName(ctx.rel)),
339 errdetail_relkind_not_supported(ctx.rel->rd_rel->relkind)));
340
341 /*
342 * Sequences always use heap AM, but they don't show that in the catalogs.
343 * Other relkinds might be using a different AM, so check.
344 */
345 if (ctx.rel->rd_rel->relkind != RELKIND_SEQUENCE &&
346 ctx.rel->rd_rel->relam != HEAP_TABLE_AM_OID)
348 (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
350
351 /*
352 * Early exit for unlogged relations during recovery. These will have no
353 * relation fork, so there won't be anything to check. We behave as if
354 * the relation is empty.
355 */
356 if (ctx.rel->rd_rel->relpersistence == RELPERSISTENCE_UNLOGGED &&
357 RecoveryInProgress())
358 {
360 (errcode(ERRCODE_READ_ONLY_SQL_TRANSACTION),
362 RelationGetRelationName(ctx.rel))));
364 PG_RETURN_NULL();
365 }
366
367 /* Early exit if the relation is empty */
368 nblocks = RelationGetNumberOfBlocks(ctx.rel);
369 if (!nblocks)
370 {
372 PG_RETURN_NULL();
373 }
374
376 ctx.buffer = InvalidBuffer;
377 ctx.page = NULL;
378
379 /* Validate block numbers, or handle nulls. */
381 first_block = 0;
382 else
383 {
385
386 if (fb < 0 || fb >= nblocks)
388 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
390 nblocks - 1)));
392 }
394 last_block = nblocks - 1;
395 else
396 {
398
399 if (lb < 0 || lb >= nblocks)
401 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
403 nblocks - 1)));
404 last_block = (BlockNumber) lb;
405 }
406
407 /* Optionally open the toast relation, if any. */
408 if (ctx.rel->rd_rel->reltoastrelid && check_toast)
409 {
410 int offset;
411
412 /* Main relation has associated toast relation */
413 ctx.toast_rel = table_open(ctx.rel->rd_rel->reltoastrelid,
414 AccessShareLock);
415 offset = toast_open_indexes(ctx.toast_rel,
416 AccessShareLock,
417 &(ctx.toast_indexes),
418 &(ctx.num_toast_indexes));
419 ctx.valid_toast_index = ctx.toast_indexes[offset];
420 }
421 else
422 {
423 /*
424 * Main relation has no associated toast relation, or we're
425 * intentionally skipping it.
426 */
427 ctx.toast_rel = NULL;
428 ctx.toast_indexes = NULL;
429 ctx.num_toast_indexes = 0;
430 }
431
432 update_cached_xid_range(&ctx);
433 update_cached_mxid_range(&ctx);
434 ctx.relfrozenxid = ctx.rel->rd_rel->relfrozenxid;
435 ctx.relfrozenfxid = FullTransactionIdFromXidAndCtx(ctx.relfrozenxid, &ctx);
436 ctx.relminmxid = ctx.rel->rd_rel->relminmxid;
437
439 ctx.oldest_xid = ctx.relfrozenxid;
440
441 /* Now that `ctx` is set up, set up the read stream */
442 stream_skip_data.range.current_blocknum = first_block;
443 stream_skip_data.range.last_exclusive = last_block + 1;
444 stream_skip_data.skip_option = skip_option;
445 stream_skip_data.rel = ctx.rel;
446 stream_skip_data.vmbuffer = &vmbuffer;
447
449 {
450 /*
451 * It is safe to use batchmode as block_range_read_stream_cb takes no
452 * locks.
453 */
454 stream_cb = block_range_read_stream_cb;
455 stream_flags = READ_STREAM_SEQUENTIAL |
456 READ_STREAM_FULL |
458 stream_data = &stream_skip_data.range;
459 }
460 else
461 {
462 /*
463 * It would not be safe to naively use batchmode, as
464 * heapcheck_read_stream_next_unskippable takes locks. It shouldn't be
465 * too hard to convert though.
466 */
467 stream_cb = heapcheck_read_stream_next_unskippable;
468 stream_flags = READ_STREAM_DEFAULT;
469 stream_data = &stream_skip_data;
470 }
471
472 stream = read_stream_begin_relation(stream_flags,
473 ctx.bstrategy,
474 ctx.rel,
475 MAIN_FORKNUM,
476 stream_cb,
477 stream_data,
478 0);
479
481 {
482 OffsetNumber maxoff;
488
489 CHECK_FOR_INTERRUPTS();
490
492
493 /* Lock the next page. */
496
497 ctx.blkno = BufferGetBlockNumber(ctx.buffer);
498 ctx.page = BufferGetPage(ctx.buffer);
499
500 /* Perform tuple checks */
501 maxoff = PageGetMaxOffsetNumber(ctx.page);
503 ctx.offnum = OffsetNumberNext(ctx.offnum))
504 {
505 BlockNumber nextblkno;
506 OffsetNumber nextoffnum;
507
508 successor[ctx.offnum] = InvalidOffsetNumber;
509 lp_valid[ctx.offnum] = false;
510 xmin_commit_status_ok[ctx.offnum] = false;
511 ctx.itemid = PageGetItemId(ctx.page, ctx.offnum);
512
513 /* Skip over unused/dead line pointers */
515 continue;
516
517 /*
518 * If this line pointer has been redirected, check that it
519 * redirects to a valid offset within the line pointer array
520 */
522 {
524 ItemId rditem;
525
527 {
528 report_corruption(&ctx,
530 (unsigned) rdoffnum,
532 continue;
533 }
534 if (rdoffnum > maxoff)
535 {
536 report_corruption(&ctx,
538 (unsigned) rdoffnum,
539 (unsigned) maxoff));
540 continue;
541 }
542
543 /*
544 * Since we've checked that this redirect points to a line
545 * pointer between FirstOffsetNumber and maxoff, it should now
546 * be safe to fetch the referenced line pointer. We expect it
547 * to be LP_NORMAL; if not, that's corruption.
548 */
549 rditem = PageGetItemId(ctx.page, rdoffnum);
551 {
552 report_corruption(&ctx,
554 (unsigned) rdoffnum));
555 continue;
556 }
558 {
559 report_corruption(&ctx,
561 (unsigned) rdoffnum));
562 continue;
563 }
565 {
566 report_corruption(&ctx,
568 (unsigned) rdoffnum));
569 continue;
570 }
571
572 /*
573 * Record the fact that this line pointer has passed basic
574 * sanity checking, and also the offset number to which it
575 * points.
576 */
577 lp_valid[ctx.offnum] = true;
578 successor[ctx.offnum] = rdoffnum;
579 continue;
580 }
581
582 /* Sanity-check the line pointer's offset and length values */
583 ctx.lp_len = ItemIdGetLength(ctx.itemid);
584 ctx.lp_off = ItemIdGetOffset(ctx.itemid);
585
587 {
588 report_corruption(&ctx,
590 ctx.lp_off));
591 continue;
592 }
594 {
595 report_corruption(&ctx,
597 ctx.lp_len,
599 continue;
600 }
601 if (ctx.lp_off + ctx.lp_len > BLCKSZ)
602 {
603 report_corruption(&ctx,
605 ctx.lp_off,
606 ctx.lp_len,
607 (unsigned) BLCKSZ));
608 continue;
609 }
610
611 /* It should be safe to examine the tuple's header, at least */
612 lp_valid[ctx.offnum] = true;
614 ctx.natts = HeapTupleHeaderGetNatts(ctx.tuphdr);
615
616 /* Ok, ready to check this next tuple */
617 check_tuple(&ctx,
618 &xmin_commit_status_ok[ctx.offnum],
619 &xmin_commit_status[ctx.offnum]);
620
621 /*
622 * If the CTID field of this tuple seems to point to another tuple
623 * on the same page, record that tuple as the successor of this
624 * one.
625 */
626 nextblkno = ItemPointerGetBlockNumber(&(ctx.tuphdr)->t_ctid);
627 nextoffnum = ItemPointerGetOffsetNumber(&(ctx.tuphdr)->t_ctid);
628 if (nextblkno == ctx.blkno && nextoffnum != ctx.offnum &&
629 nextoffnum >= FirstOffsetNumber && nextoffnum <= maxoff)
630 successor[ctx.offnum] = nextoffnum;
631 }
632
633 /*
634 * Update chain validation. Check each line pointer that's got a valid
635 * successor against that successor.
636 */
637 ctx.attnum = -1;
639 ctx.offnum = OffsetNumberNext(ctx.offnum))
640 {
641 ItemId curr_lp;
642 ItemId next_lp;
643 HeapTupleHeader curr_htup;
644 HeapTupleHeader next_htup;
645 TransactionId curr_xmin;
646 TransactionId curr_xmax;
647 TransactionId next_xmin;
648 OffsetNumber nextoffnum = successor[ctx.offnum];
649
650 /*
651 * The current line pointer may not have a successor, either
652 * because it's not valid or because it didn't point to anything.
653 * In either case, we have to give up.
654 *
655 * If the current line pointer does point to something, it's
656 * possible that the target line pointer isn't valid. We have to
657 * give up in that case, too.
658 */
660 continue;
661
662 /* We have two valid line pointers that we can examine. */
663 curr_lp = PageGetItemId(ctx.page, ctx.offnum);
664 next_lp = PageGetItemId(ctx.page, nextoffnum);
665
666 /* Handle the cases where the current line pointer is a redirect. */
668 {
669 /*
670 * We should not have set successor[ctx.offnum] to a value
671 * other than InvalidOffsetNumber unless that line pointer is
672 * LP_NORMAL.
673 */
675
676 /* Can only redirect to a HOT tuple. */
679 {
680 report_corruption(&ctx,
682 (unsigned) nextoffnum));
683 }
684
685 /* HOT chains should not intersect. */
687 {
688 report_corruption(&ctx,
690 (unsigned) nextoffnum, (unsigned) predecessor[nextoffnum]));
691 continue;
692 }
693
694 /*
695 * This redirect and the tuple to which it points seem to be
696 * part of an update chain.
697 */
698 predecessor[nextoffnum] = ctx.offnum;
699 continue;
700 }
701
702 /*
703 * If the next line pointer is a redirect, or if it's a tuple but
704 * the XMAX of this tuple doesn't match the XMIN of the next
705 * tuple, then the two aren't part of the same update chain and
706 * there is nothing more to do.
707 */
709 continue;
711 curr_xmax = HeapTupleHeaderGetUpdateXid(curr_htup);
713 next_xmin = HeapTupleHeaderGetXmin(next_htup);
715 !TransactionIdEquals(curr_xmax, next_xmin))
716 continue;
717
718 /* HOT chains should not intersect. */
720 {
721 report_corruption(&ctx,
723 (unsigned) nextoffnum, (unsigned) predecessor[nextoffnum]));
724 continue;
725 }
726
727 /*
728 * This tuple and the tuple to which it points seem to be part of
729 * an update chain.
730 */
731 predecessor[nextoffnum] = ctx.offnum;
732
733 /*
734 * If the current tuple is marked as HOT-updated, then the next
735 * tuple should be marked as a heap-only tuple. Conversely, if the
736 * current tuple isn't marked as HOT-updated, then the next tuple
737 * shouldn't be marked as a heap-only tuple.
738 *
739 * NB: Can't use HeapTupleHeaderIsHotUpdated() as it checks if
740 * hint bits indicate xmin/xmax aborted.
741 */
743 HeapTupleHeaderIsHeapOnly(next_htup))
744 {
745 report_corruption(&ctx,
747 (unsigned) nextoffnum));
748 }
750 !HeapTupleHeaderIsHeapOnly(next_htup))
751 {
752 report_corruption(&ctx,
754 (unsigned) nextoffnum));
755 }
756
757 /*
758 * If the current tuple's xmin is still in progress but the
759 * successor tuple's xmin is committed, that's corruption.
760 *
761 * NB: We recheck the commit status of the current tuple's xmin
762 * here, because it might have committed after we checked it and
763 * before we checked the commit status of the successor tuple's
764 * xmin. This should be safe because the xmin itself can't have
765 * changed, only its commit status.
766 */
767 curr_xmin = HeapTupleHeaderGetXmin(curr_htup);
768 if (xmin_commit_status_ok[ctx.offnum] &&
769 xmin_commit_status[ctx.offnum] == XID_IN_PROGRESS &&
770 xmin_commit_status_ok[nextoffnum] &&
771 xmin_commit_status[nextoffnum] == XID_COMMITTED &&
772 TransactionIdIsInProgress(curr_xmin))
773 {
774 report_corruption(&ctx,
775 psprintf("tuple with in-progress xmin %u was updated to produce a tuple at offset %u with committed xmin %u",
776 (unsigned) curr_xmin,
777 (unsigned) ctx.offnum,
778 (unsigned) next_xmin));
779 }
780
781 /*
782 * If the current tuple's xmin is aborted but the successor
783 * tuple's xmin is in-progress or committed, that's corruption.
784 */
785 if (xmin_commit_status_ok[ctx.offnum] &&
786 xmin_commit_status[ctx.offnum] == XID_ABORTED &&
787 xmin_commit_status_ok[nextoffnum])
788 {
790 report_corruption(&ctx,
791 psprintf("tuple with aborted xmin %u was updated to produce a tuple at offset %u with in-progress xmin %u",
792 (unsigned) curr_xmin,
793 (unsigned) ctx.offnum,
794 (unsigned) next_xmin));
796 report_corruption(&ctx,
797 psprintf("tuple with aborted xmin %u was updated to produce a tuple at offset %u with committed xmin %u",
798 (unsigned) curr_xmin,
799 (unsigned) ctx.offnum,
800 (unsigned) next_xmin));
801 }
802 }
803
804 /*
805 * An update chain can start either with a non-heap-only tuple or with
806 * a redirect line pointer, but not with a heap-only tuple.
807 *
808 * (This check is in a separate loop because we need the predecessor
809 * array to be fully populated before we can perform it.)
810 */
812 ctx.offnum <= maxoff;
813 ctx.offnum = OffsetNumberNext(ctx.offnum))
814 {
815 if (xmin_commit_status_ok[ctx.offnum] &&
816 (xmin_commit_status[ctx.offnum] == XID_COMMITTED ||
817 xmin_commit_status[ctx.offnum] == XID_IN_PROGRESS) &&
818 predecessor[ctx.offnum] == InvalidOffsetNumber)
819 {
820 ItemId curr_lp;
821
822 curr_lp = PageGetItemId(ctx.page, ctx.offnum);
824 {
825 HeapTupleHeader curr_htup;
826
827 curr_htup = (HeapTupleHeader)
828 PageGetItem(ctx.page, curr_lp);
830 report_corruption(&ctx,
832 }
833 }
834 }
835
836 /* clean up */
837 UnlockReleaseBuffer(ctx.buffer);
838
839 /*
840 * Check any toast pointers from the page whose lock we just released
841 */
843 {
844 ListCell *cell;
845
846 foreach(cell, ctx.toasted_attributes)
848 list_free_deep(ctx.toasted_attributes);
849 ctx.toasted_attributes = NIL;
850 }
851
852 if (on_error_stop && ctx.is_corrupt)
853 break;
854 }
855
856 read_stream_end(stream);
857
859 ReleaseBuffer(vmbuffer);
860
861 /* Close the associated toast table and indexes, if any. */
862 if (ctx.toast_indexes)
863 toast_close_indexes(ctx.toast_indexes, ctx.num_toast_indexes,
864 AccessShareLock);
865 if (ctx.toast_rel)
867
868 /* Close the main relation */
870
871 PG_RETURN_NULL();
872}
static Item PageGetItem(const PageData *page, const ItemIdData *itemId)
Definition: bufpage.h:354
static ItemId PageGetItemId(Page page, OffsetNumber offsetNumber)
Definition: bufpage.h:244
static OffsetNumber PageGetMaxOffsetNumber(const PageData *page)
Definition: bufpage.h:372
BufferAccessStrategy GetAccessStrategy(BufferAccessStrategyType btype)
Definition: freelist.c:541
void InitMaterializedSRF(FunctionCallInfo fcinfo, bits32 flags)
Definition: funcapi.c:76
static OffsetNumber ItemPointerGetOffsetNumber(const ItemPointerData *pointer)
Definition: itemptr.h:124
static BlockNumber ItemPointerGetBlockNumber(const ItemPointerData *pointer)
Definition: itemptr.h:103
int errdetail_relkind_not_supported(char relkind)
Definition: pg_class.c:24
Buffer read_stream_next_buffer(ReadStream *stream, void **per_buffer_data)
Definition: read_stream.c:770
ReadStream * read_stream_begin_relation(int flags, BufferAccessStrategy strategy, Relation rel, ForkNumber forknum, ReadStreamBlockNumberCB callback, void *callback_private_data, size_t per_buffer_data_size)
Definition: read_stream.c:716
BlockNumber block_range_read_stream_cb(ReadStream *stream, void *callback_private_data, void *per_buffer_data)
Definition: read_stream.c:162
BlockNumber(* ReadStreamBlockNumberCB)(ReadStream *stream, void *callback_private_data, void *per_buffer_data)
Definition: read_stream.h:77
Definition: verify_heapam.c:87
Definition: itemid.h:26
Definition: read_stream.c:93
Definition: execnodes.h:347
void toast_close_indexes(Relation *toastidxs, int num_indexes, LOCKMODE lock)
Definition: toast_internals.c:621
int toast_open_indexes(Relation toastrel, LOCKMODE lock, Relation **toastidxs, int *num_indexes)
Definition: toast_internals.c:562
Definition: pg_list.h:46
static void check_toasted_attribute(HeapCheckContext *ctx, ToastedAttribute *ta)
Definition: verify_heapam.c:1860
static void check_tuple(HeapCheckContext *ctx, bool *xmin_commit_status_ok, XidCommitStatus *xmin_commit_status)
Definition: verify_heapam.c:1918
static BlockNumber heapcheck_read_stream_next_unskippable(ReadStream *stream, void *callback_private_data, void *per_buffer_data)
Definition: verify_heapam.c:881
References AccessShareLock, Assert(), BAS_BULKREAD, block_range_read_stream_cb(), BUFFER_LOCK_SHARE, BufferGetBlockNumber(), BufferGetPage(), BufferIsValid(), CHECK_FOR_INTERRUPTS, check_toasted_attribute(), check_tuple(), DEBUG1, ereport, errcode(), errdetail_relkind_not_supported(), errhint(), errmsg(), ERROR, fb(), FirstOffsetNumber, FullTransactionIdFromXidAndCtx(), GetAccessStrategy(), GetTransactionSnapshot(), HEAP_HOT_UPDATED, heapcheck_read_stream_next_unskippable(), HeapTupleHeaderGetNatts, HeapTupleHeaderGetUpdateXid(), HeapTupleHeaderGetXmin(), HeapTupleHeaderIsHeapOnly(), if(), InitMaterializedSRF(), InvalidBuffer, InvalidOffsetNumber, InvalidTransactionId, ItemIdGetLength, ItemIdGetOffset, ItemIdGetRedirect, ItemIdIsDead, ItemIdIsNormal, ItemIdIsRedirected, ItemIdIsUsed, ItemPointerGetBlockNumber(), ItemPointerGetOffsetNumber(), lfirst, list_free_deep(), LockBuffer(), MAIN_FORKNUM, MAXALIGN, MaxOffsetNumber, NIL, OffsetNumberNext, PageGetItem(), PageGetItemId(), PageGetMaxOffsetNumber(), PG_ARGISNULL, PG_GETARG_BOOL, PG_GETARG_INT64, PG_GETARG_OID, PG_GETARG_TEXT_PP, PG_RETURN_NULL, pg_strcasecmp(), psprintf(), read_stream_begin_relation(), READ_STREAM_DEFAULT, read_stream_end(), READ_STREAM_FULL, read_stream_next_buffer(), READ_STREAM_SEQUENTIAL, READ_STREAM_USE_BATCHING, RecoveryInProgress(), relation_close(), relation_open(), RelationGetNumberOfBlocks, RelationGetRelationName, ReleaseBuffer(), report_corruption(), ReturnSetInfo::setDesc, ReturnSetInfo::setResult, SizeofHeapTupleHeader, skip, SKIP_PAGES_ALL_FROZEN, SKIP_PAGES_ALL_VISIBLE, SKIP_PAGES_NONE, HeapTupleHeaderData::t_infomask2, table_close(), table_open(), text_to_cstring(), toast_close_indexes(), toast_open_indexes(), TransactionIdEquals, TransactionIdIsInProgress(), TransactionIdIsNormal, TransactionIdIsValid, UnlockReleaseBuffer(), update_cached_mxid_range(), update_cached_xid_range(), XID_ABORTED, XID_COMMITTED, XID_IN_PROGRESS, and SnapshotData::xmin.
