PostgreSQL Source Code git master
Loading...
Searching...
No Matches
verify_heapam.c
Go to the documentation of this file.
1/*-------------------------------------------------------------------------
2 *
3 * verify_heapam.c
4 * Functions to check postgresql heap relations for corruption
5 *
6 * Copyright (c) 2016-2026, PostgreSQL Global Development Group
7 *
8 * contrib/amcheck/verify_heapam.c
9 *-------------------------------------------------------------------------
10 */
11#include "postgres.h"
12
13#include "access/detoast.h"
14#include "access/genam.h"
15#include "access/heaptoast.h"
16#include "access/multixact.h"
17#include "access/relation.h"
18#include "access/table.h"
19#include "access/toast_internals.h"
20#include "access/visibilitymap.h"
21#include "access/xact.h"
22#include "catalog/pg_am.h"
23#include "catalog/pg_class.h"
24#include "funcapi.h"
25#include "miscadmin.h"
26#include "storage/bufmgr.h"
27#include "storage/lwlock.h"
28#include "storage/procarray.h"
29#include "storage/read_stream.h"
30#include "utils/builtins.h"
31#include "utils/fmgroids.h"
32#include "utils/rel.h"
33#include "utils/tuplestore.h"
34
35PG_FUNCTION_INFO_V1(verify_heapam);
36
37/* The number of columns in tuples returned by verify_heapam */
38#define HEAPCHECK_RELATION_COLS 4
39
40/* The largest valid toast va_rawsize */
41#define VARLENA_SIZE_LIMIT 0x3FFFFFFF
42
43/*
44 * Despite the name, we use this for reporting problems with both XIDs and
45 * MXIDs.
46 */
55
63
70
71/*
72 * Struct holding information about a toasted attribute sufficient to both
73 * check the toasted attribute and, if found to be corrupt, to report where it
74 * was encountered in the main table.
75 */
76typedef struct ToastedAttribute
77{
78 varatt_external toast_pointer;
79 BlockNumber blkno; /* block in main table */
80 OffsetNumber offnum; /* offset in main table */
81 AttrNumber attnum; /* attribute in main table */
82} ToastedAttribute;
83
84/*
85 * Struct holding the running context information during
86 * a lifetime of a verify_heapam execution.
87 */
88typedef struct HeapCheckContext
89{
90 /*
91 * Cached copies of values from TransamVariables and computed values from
92 * them.
93 */
94 FullTransactionId next_fxid; /* TransamVariables->nextXid */
95 TransactionId next_xid; /* 32-bit version of next_fxid */
96 TransactionId oldest_xid; /* TransamVariables->oldestXid */
97 FullTransactionId oldest_fxid; /* 64-bit version of oldest_xid, computed
98 * relative to next_fxid */
99 TransactionId safe_xmin; /* this XID and newer ones can't become
100 * all-visible while we're running */
101
102 /*
103 * Cached copy of value from MultiXactState
104 */
105 MultiXactId next_mxact; /* MultiXactState->nextMXact */
106 MultiXactId oldest_mxact; /* MultiXactState->oldestMultiXactId */
107
108 /*
109 * Cached copies of the most recently checked xid and its status.
110 */
111 TransactionId cached_xid;
112 XidCommitStatus cached_status;
113
114 /* Values concerning the heap relation being checked */
115 Relation rel;
116 TransactionId relfrozenxid;
117 FullTransactionId relfrozenfxid;
118 TransactionId relminmxid;
119 Relation toast_rel;
120 Relation *toast_indexes;
121 Relation valid_toast_index;
122 int num_toast_indexes;
123
124 /*
125 * Values for iterating over pages in the relation. `blkno` is the most
126 * recent block in the buffer yielded by the read stream API.
127 */
128 BlockNumber blkno;
129 BufferAccessStrategy bstrategy;
130 Buffer buffer;
131 Page page;
132
133 /* Values for iterating over tuples within a page */
134 OffsetNumber offnum;
135 ItemId itemid;
136 uint16 lp_len;
137 uint16 lp_off;
138 HeapTupleHeader tuphdr;
139 int natts;
140
141 /* Values for iterating over attributes within the tuple */
142 uint32 offset; /* offset in tuple data */
143 AttrNumber attnum;
144
145 /* True if tuple's xmax makes it eligible for pruning */
146 bool tuple_could_be_pruned;
147
148 /*
149 * List of ToastedAttribute structs for toasted attributes which are not
150 * eligible for pruning and should be checked
151 */
152 List *toasted_attributes;
153
154 /* Whether verify_heapam has yet encountered any corrupt tuples */
155 bool is_corrupt;
156
157 /* The descriptor and tuplestore for verify_heapam's result tuples */
158 TupleDesc tupdesc;
159 Tuplestorestate *tupstore;
160} HeapCheckContext;
161
162/*
163 * The per-relation data provided to the read stream API for heap amcheck to
164 * use in its callback for the SKIP_PAGES_ALL_FROZEN and
165 * SKIP_PAGES_ALL_VISIBLE options.
166 */
167typedef struct HeapCheckReadStreamData
168{
169 /*
170 * `range` is used by all SkipPages options. SKIP_PAGES_NONE uses the
171 * default read stream callback, block_range_read_stream_cb(), which takes
172 * a BlockRangeReadStreamPrivate as its callback_private_data. `range`
173 * keeps track of the current block number across
174 * read_stream_next_buffer() invocations.
175 */
176 BlockRangeReadStreamPrivate range;
177 SkipPages skip_option;
178 Relation rel;
179 Buffer *vmbuffer;
180} HeapCheckReadStreamData;
181
182
183/* Internal implementation */
184static BlockNumber heapcheck_read_stream_next_unskippable(ReadStream *stream,
185 void *callback_private_data,
186 void *per_buffer_data);
187
188static void check_tuple(HeapCheckContext *ctx,
189 bool *xmin_commit_status_ok,
190 XidCommitStatus *xmin_commit_status);
191static void check_toast_tuple(HeapTuple toasttup, HeapCheckContext *ctx,
192 ToastedAttribute *ta, int32 *expected_chunk_seq,
193 uint32 extsize);
194
195static bool check_tuple_attribute(HeapCheckContext *ctx);
196static void check_toasted_attribute(HeapCheckContext *ctx,
197 ToastedAttribute *ta);
198
199static bool check_tuple_header(HeapCheckContext *ctx);
200static bool check_tuple_visibility(HeapCheckContext *ctx,
201 bool *xmin_commit_status_ok,
202 XidCommitStatus *xmin_commit_status);
203
204static void report_corruption(HeapCheckContext *ctx, char *msg);
205static void report_toast_corruption(HeapCheckContext *ctx,
206 ToastedAttribute *ta, char *msg);
207static FullTransactionId FullTransactionIdFromXidAndCtx(TransactionId xid,
208 const HeapCheckContext *ctx);
209static void update_cached_xid_range(HeapCheckContext *ctx);
210static void update_cached_mxid_range(HeapCheckContext *ctx);
211static XidBoundsViolation check_mxid_in_range(MultiXactId mxid,
212 HeapCheckContext *ctx);
213static XidBoundsViolation check_mxid_valid_in_rel(MultiXactId mxid,
214 HeapCheckContext *ctx);
215static XidBoundsViolation get_xid_status(TransactionId xid,
216 HeapCheckContext *ctx,
217 XidCommitStatus *status);
218
219/*
220 * Scan and report corruption in heap pages, optionally reconciling toasted
221 * attributes with entries in the associated toast table. Intended to be
222 * called from SQL with the following parameters:
223 *
224 * relation:
225 * The Oid of the heap relation to be checked.
226 *
227 * on_error_stop:
228 * Whether to stop at the end of the first page for which errors are
229 * detected. Note that multiple rows may be returned.
230 *
231 * check_toast:
232 * Whether to check each toasted attribute against the toast table to
233 * verify that it can be found there.
234 *
235 * skip:
236 * What kinds of pages in the heap relation should be skipped. Valid
237 * options are "all-visible", "all-frozen", and "none".
238 *
239 * Returns to the SQL caller a set of tuples, each containing the location
240 * and a description of a corruption found in the heap.
241 *
242 * This code goes to some trouble to avoid crashing the server even if the
243 * table pages are badly corrupted, but it's probably not perfect. If
244 * check_toast is true, we'll use regular index lookups to try to fetch TOAST
245 * tuples, which can certainly cause crashes if the right kind of corruption
246 * exists in the toast table or index. No matter what parameters you pass,
247 * we can't protect against crashes that might occur trying to look up the
248 * commit status of transaction IDs (though we avoid trying to do such lookups
249 * for transaction IDs that can't legally appear in the table).
250 */
251Datum
252verify_heapam(PG_FUNCTION_ARGS)
253{
254 ReturnSetInfo *rsinfo = (ReturnSetInfo *) fcinfo->resultinfo;
255 HeapCheckContext ctx;
256 Buffer vmbuffer = InvalidBuffer;
257 Oid relid;
258 bool on_error_stop;
259 bool check_toast;
260 SkipPages skip_option = SKIP_PAGES_NONE;
261 BlockNumber first_block;
262 BlockNumber last_block;
263 BlockNumber nblocks;
264 const char *skip;
265 ReadStream *stream;
266 int stream_flags;
267 ReadStreamBlockNumberCB stream_cb;
268 void *stream_data;
269 HeapCheckReadStreamData stream_skip_data;
270
271 /* Check supplied arguments */
272 if (PG_ARGISNULL(0))
273 ereport(ERROR,
274 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
275 errmsg("relation cannot be null")));
276 relid = PG_GETARG_OID(0);
277
278 if (PG_ARGISNULL(1))
279 ereport(ERROR,
280 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
281 errmsg("on_error_stop cannot be null")));
282 on_error_stop = PG_GETARG_BOOL(1);
283
284 if (PG_ARGISNULL(2))
285 ereport(ERROR,
286 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
287 errmsg("check_toast cannot be null")));
288 check_toast = PG_GETARG_BOOL(2);
289
290 if (PG_ARGISNULL(3))
291 ereport(ERROR,
292 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
293 errmsg("skip cannot be null")));
294 skip = text_to_cstring(PG_GETARG_TEXT_PP(3));
295 if (pg_strcasecmp(skip, "all-visible") == 0)
296 skip_option = SKIP_PAGES_ALL_VISIBLE;
297 else if (pg_strcasecmp(skip, "all-frozen") == 0)
298 skip_option = SKIP_PAGES_ALL_FROZEN;
299 else if (pg_strcasecmp(skip, "none") == 0)
300 skip_option = SKIP_PAGES_NONE;
301 else
302 ereport(ERROR,
303 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
304 errmsg("invalid skip option"),
305 errhint("Valid skip options are \"all-visible\", \"all-frozen\", and \"none\".")));
306
307 memset(&ctx, 0, sizeof(HeapCheckContext));
308 ctx.cached_xid = InvalidTransactionId;
309 ctx.toasted_attributes = NIL;
310
311 /*
312 * Any xmin newer than the xmin of our snapshot can't become all-visible
313 * while we're running.
314 */
315 ctx.safe_xmin = GetTransactionSnapshot()->xmin;
316
317 /*
318 * If we report corruption when not examining some individual attribute,
319 * we need attnum to be reported as NULL. Set that up before any
320 * corruption reporting might happen.
321 */
322 ctx.attnum = -1;
323
324 /* Construct the tuplestore and tuple descriptor */
325 InitMaterializedSRF(fcinfo, 0);
326 ctx.tupdesc = rsinfo->setDesc;
327 ctx.tupstore = rsinfo->setResult;
328
329 /* Open relation, check relkind and access method */
330 ctx.rel = relation_open(relid, AccessShareLock);
331
332 /*
333 * Check that a relation's relkind and access method are both supported.
334 */
335 if (!RELKIND_HAS_TABLE_AM(ctx.rel->rd_rel->relkind) &&
336 ctx.rel->rd_rel->relkind != RELKIND_SEQUENCE)
337 ereport(ERROR,
338 (errcode(ERRCODE_WRONG_OBJECT_TYPE),
339 errmsg("cannot check relation \"%s\"",
340 RelationGetRelationName(ctx.rel)),
341 errdetail_relkind_not_supported(ctx.rel->rd_rel->relkind)));
342
343 /*
344 * Sequences always use heap AM, but they don't show that in the catalogs.
345 * Other relkinds might be using a different AM, so check.
346 */
347 if (ctx.rel->rd_rel->relkind != RELKIND_SEQUENCE &&
348 ctx.rel->rd_rel->relam != HEAP_TABLE_AM_OID)
349 ereport(ERROR,
350 (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
351 errmsg("only heap AM is supported")));
352
353 /*
354 * Early exit for unlogged relations during recovery. These will have no
355 * relation fork, so there won't be anything to check. We behave as if
356 * the relation is empty.
357 */
358 if (ctx.rel->rd_rel->relpersistence == RELPERSISTENCE_UNLOGGED &&
359 RecoveryInProgress())
360 {
361 ereport(DEBUG1,
362 (errcode(ERRCODE_READ_ONLY_SQL_TRANSACTION),
363 errmsg("cannot verify unlogged relation \"%s\" during recovery, skipping",
364 RelationGetRelationName(ctx.rel))));
365 relation_close(ctx.rel, AccessShareLock);
366 PG_RETURN_NULL();
367 }
368
369 /* Early exit if the relation is empty */
370 nblocks = RelationGetNumberOfBlocks(ctx.rel);
371 if (!nblocks)
372 {
373 relation_close(ctx.rel, AccessShareLock);
374 PG_RETURN_NULL();
375 }
376
377 ctx.bstrategy = GetAccessStrategy(BAS_BULKREAD);
378 ctx.buffer = InvalidBuffer;
379 ctx.page = NULL;
380
381 /* Validate block numbers, or handle nulls. */
382 if (PG_ARGISNULL(4))
383 first_block = 0;
384 else
385 {
386 int64 fb = PG_GETARG_INT64(4);
387
388 if (fb < 0 || fb >= nblocks)
389 ereport(ERROR,
390 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
391 errmsg("starting block number must be between 0 and %u",
392 nblocks - 1)));
393 first_block = (BlockNumber) fb;
394 }
395 if (PG_ARGISNULL(5))
396 last_block = nblocks - 1;
397 else
398 {
399 int64 lb = PG_GETARG_INT64(5);
400
401 if (lb < 0 || lb >= nblocks)
402 ereport(ERROR,
403 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
404 errmsg("ending block number must be between 0 and %u",
405 nblocks - 1)));
406 last_block = (BlockNumber) lb;
407 }
408
409 /* Optionally open the toast relation, if any. */
410 if (ctx.rel->rd_rel->reltoastrelid && check_toast)
411 {
412 int offset;
413
414 /* Main relation has associated toast relation */
415 ctx.toast_rel = table_open(ctx.rel->rd_rel->reltoastrelid,
416 AccessShareLock);
417 offset = toast_open_indexes(ctx.toast_rel,
418 AccessShareLock,
419 &(ctx.toast_indexes),
420 &(ctx.num_toast_indexes));
421 ctx.valid_toast_index = ctx.toast_indexes[offset];
422 }
423 else
424 {
425 /*
426 * Main relation has no associated toast relation, or we're
427 * intentionally skipping it.
428 */
429 ctx.toast_rel = NULL;
430 ctx.toast_indexes = NULL;
431 ctx.num_toast_indexes = 0;
432 }
433
434 update_cached_xid_range(&ctx);
435 update_cached_mxid_range(&ctx);
436 ctx.relfrozenxid = ctx.rel->rd_rel->relfrozenxid;
437 ctx.relfrozenfxid = FullTransactionIdFromXidAndCtx(ctx.relfrozenxid, &ctx);
438 ctx.relminmxid = ctx.rel->rd_rel->relminmxid;
439
440 if (TransactionIdIsNormal(ctx.relfrozenxid))
441 ctx.oldest_xid = ctx.relfrozenxid;
442
443 /* Now that `ctx` is set up, set up the read stream */
444 stream_skip_data.range.current_blocknum = first_block;
445 stream_skip_data.range.last_exclusive = last_block + 1;
446 stream_skip_data.skip_option = skip_option;
447 stream_skip_data.rel = ctx.rel;
448 stream_skip_data.vmbuffer = &vmbuffer;
449
450 if (skip_option == SKIP_PAGES_NONE)
451 {
452 /*
453 * It is safe to use batchmode as block_range_read_stream_cb takes no
454 * locks.
455 */
456 stream_cb = block_range_read_stream_cb;
457 stream_flags = READ_STREAM_SEQUENTIAL |
458 READ_STREAM_FULL |
459 READ_STREAM_USE_BATCHING;
460 stream_data = &stream_skip_data.range;
461 }
462 else
463 {
464 /*
465 * It would not be safe to naively use batchmode, as
466 * heapcheck_read_stream_next_unskippable takes locks. It shouldn't be
467 * too hard to convert though.
468 */
469 stream_cb = heapcheck_read_stream_next_unskippable;
470 stream_flags = READ_STREAM_DEFAULT;
471 stream_data = &stream_skip_data;
472 }
473
474 stream = read_stream_begin_relation(stream_flags,
475 ctx.bstrategy,
476 ctx.rel,
477 MAIN_FORKNUM,
478 stream_cb,
479 stream_data,
480 0);
481
482 while ((ctx.buffer = read_stream_next_buffer(stream, NULL)) != InvalidBuffer)
483 {
484 OffsetNumber maxoff;
485 OffsetNumber predecessor[MaxOffsetNumber];
486 OffsetNumber successor[MaxOffsetNumber];
487 bool lp_valid[MaxOffsetNumber];
488 bool xmin_commit_status_ok[MaxOffsetNumber];
489 XidCommitStatus xmin_commit_status[MaxOffsetNumber];
490
491 CHECK_FOR_INTERRUPTS();
492
493 memset(predecessor, 0, sizeof(OffsetNumber) * MaxOffsetNumber);
494
495 /* Lock the next page. */
496 Assert(BufferIsValid(ctx.buffer));
497 LockBuffer(ctx.buffer, BUFFER_LOCK_SHARE);
498
499 ctx.blkno = BufferGetBlockNumber(ctx.buffer);
500 ctx.page = BufferGetPage(ctx.buffer);
501
502 /* Perform tuple checks */
503 maxoff = PageGetMaxOffsetNumber(ctx.page);
504 for (ctx.offnum = FirstOffsetNumber; ctx.offnum <= maxoff;
505 ctx.offnum = OffsetNumberNext(ctx.offnum))
506 {
507 BlockNumber nextblkno;
508 OffsetNumber nextoffnum;
509
510 successor[ctx.offnum] = InvalidOffsetNumber;
511 lp_valid[ctx.offnum] = false;
512 xmin_commit_status_ok[ctx.offnum] = false;
513 ctx.itemid = PageGetItemId(ctx.page, ctx.offnum);
514
515 /* Skip over unused/dead line pointers */
516 if (!ItemIdIsUsed(ctx.itemid) || ItemIdIsDead(ctx.itemid))
517 continue;
518
519 /*
520 * If this line pointer has been redirected, check that it
521 * redirects to a valid offset within the line pointer array
522 */
523 if (ItemIdIsRedirected(ctx.itemid))
524 {
525 OffsetNumber rdoffnum = ItemIdGetRedirect(ctx.itemid);
526 ItemId rditem;
527
528 if (rdoffnum < FirstOffsetNumber)
529 {
530 report_corruption(&ctx,
531 psprintf("line pointer redirection to item at offset %d precedes minimum offset %d",
532 rdoffnum,
533 FirstOffsetNumber));
534 continue;
535 }
536 if (rdoffnum > maxoff)
537 {
538 report_corruption(&ctx,
539 psprintf("line pointer redirection to item at offset %d exceeds maximum offset %d",
540 rdoffnum,
541 maxoff));
542 continue;
543 }
544
545 /*
546 * Since we've checked that this redirect points to a line
547 * pointer between FirstOffsetNumber and maxoff, it should now
548 * be safe to fetch the referenced line pointer. We expect it
549 * to be LP_NORMAL; if not, that's corruption.
550 */
551 rditem = PageGetItemId(ctx.page, rdoffnum);
552 if (!ItemIdIsUsed(rditem))
553 {
554 report_corruption(&ctx,
555 psprintf("redirected line pointer points to an unused item at offset %d",
556 rdoffnum));
557 continue;
558 }
559 else if (ItemIdIsDead(rditem))
560 {
561 report_corruption(&ctx,
562 psprintf("redirected line pointer points to a dead item at offset %d",
563 rdoffnum));
564 continue;
565 }
566 else if (ItemIdIsRedirected(rditem))
567 {
568 report_corruption(&ctx,
569 psprintf("redirected line pointer points to another redirected line pointer at offset %d",
570 rdoffnum));
571 continue;
572 }
573
574 /*
575 * Record the fact that this line pointer has passed basic
576 * sanity checking, and also the offset number to which it
577 * points.
578 */
579 lp_valid[ctx.offnum] = true;
580 successor[ctx.offnum] = rdoffnum;
581 continue;
582 }
583
584 /* Sanity-check the line pointer's offset and length values */
585 ctx.lp_len = ItemIdGetLength(ctx.itemid);
586 ctx.lp_off = ItemIdGetOffset(ctx.itemid);
587
588 if (ctx.lp_off != MAXALIGN(ctx.lp_off))
589 {
590 report_corruption(&ctx,
591 psprintf("line pointer to page offset %u is not maximally aligned",
592 ctx.lp_off));
593 continue;
594 }
595 if (ctx.lp_len < MAXALIGN(SizeofHeapTupleHeader))
596 {
597 report_corruption(&ctx,
598 psprintf("line pointer length %u is less than the minimum tuple header size %u",
599 ctx.lp_len,
600 (unsigned) MAXALIGN(SizeofHeapTupleHeader)));
601 continue;
602 }
603 if (ctx.lp_off + ctx.lp_len > BLCKSZ)
604 {
605 report_corruption(&ctx,
606 psprintf("line pointer to page offset %u with length %u ends beyond maximum page offset %d",
607 ctx.lp_off,
608 ctx.lp_len,
609 BLCKSZ));
610 continue;
611 }
612
613 /* It should be safe to examine the tuple's header, at least */
614 lp_valid[ctx.offnum] = true;
615 ctx.tuphdr = (HeapTupleHeader) PageGetItem(ctx.page, ctx.itemid);
616 ctx.natts = HeapTupleHeaderGetNatts(ctx.tuphdr);
617
618 /* Ok, ready to check this next tuple */
619 check_tuple(&ctx,
620 &xmin_commit_status_ok[ctx.offnum],
621 &xmin_commit_status[ctx.offnum]);
622
623 /*
624 * If the CTID field of this tuple seems to point to another tuple
625 * on the same page, record that tuple as the successor of this
626 * one.
627 */
628 nextblkno = ItemPointerGetBlockNumber(&(ctx.tuphdr)->t_ctid);
629 nextoffnum = ItemPointerGetOffsetNumber(&(ctx.tuphdr)->t_ctid);
630 if (nextblkno == ctx.blkno && nextoffnum != ctx.offnum &&
631 nextoffnum >= FirstOffsetNumber && nextoffnum <= maxoff)
632 successor[ctx.offnum] = nextoffnum;
633 }
634
635 /*
636 * Update chain validation. Check each line pointer that's got a valid
637 * successor against that successor.
638 */
639 ctx.attnum = -1;
640 for (ctx.offnum = FirstOffsetNumber; ctx.offnum <= maxoff;
641 ctx.offnum = OffsetNumberNext(ctx.offnum))
642 {
643 ItemId curr_lp;
644 ItemId next_lp;
645 HeapTupleHeader curr_htup;
646 HeapTupleHeader next_htup;
647 TransactionId curr_xmin;
648 TransactionId curr_xmax;
649 TransactionId next_xmin;
650 OffsetNumber nextoffnum = successor[ctx.offnum];
651
652 /*
653 * The current line pointer may not have a successor, either
654 * because it's not valid or because it didn't point to anything.
655 * In either case, we have to give up.
656 *
657 * If the current line pointer does point to something, it's
658 * possible that the target line pointer isn't valid. We have to
659 * give up in that case, too.
660 */
661 if (nextoffnum == InvalidOffsetNumber || !lp_valid[nextoffnum])
662 continue;
663
664 /* We have two valid line pointers that we can examine. */
665 curr_lp = PageGetItemId(ctx.page, ctx.offnum);
666 next_lp = PageGetItemId(ctx.page, nextoffnum);
667
668 /* Handle the cases where the current line pointer is a redirect. */
669 if (ItemIdIsRedirected(curr_lp))
670 {
671 /*
672 * We should not have set successor[ctx.offnum] to a value
673 * other than InvalidOffsetNumber unless that line pointer is
674 * LP_NORMAL.
675 */
676 Assert(ItemIdIsNormal(next_lp));
677
678 /* Can only redirect to a HOT tuple. */
679 next_htup = (HeapTupleHeader) PageGetItem(ctx.page, next_lp);
680 if (!HeapTupleHeaderIsHeapOnly(next_htup))
681 {
682 report_corruption(&ctx,
683 psprintf("redirected line pointer points to a non-heap-only tuple at offset %d",
684 nextoffnum));
685 }
686
687 /* HOT chains should not intersect. */
688 if (predecessor[nextoffnum] != InvalidOffsetNumber)
689 {
690 report_corruption(&ctx,
691 psprintf("redirect line pointer points to offset %d, but offset %d also points there",
692 nextoffnum, predecessor[nextoffnum]));
693 continue;
694 }
695
696 /*
697 * This redirect and the tuple to which it points seem to be
698 * part of an update chain.
699 */
700 predecessor[nextoffnum] = ctx.offnum;
701 continue;
702 }
703
704 /*
705 * If the next line pointer is a redirect, or if it's a tuple but
706 * the XMAX of this tuple doesn't match the XMIN of the next
707 * tuple, then the two aren't part of the same update chain and
708 * there is nothing more to do.
709 */
710 if (ItemIdIsRedirected(next_lp))
711 continue;
712 curr_htup = (HeapTupleHeader) PageGetItem(ctx.page, curr_lp);
713 curr_xmax = HeapTupleHeaderGetUpdateXid(curr_htup);
714 next_htup = (HeapTupleHeader) PageGetItem(ctx.page, next_lp);
715 next_xmin = HeapTupleHeaderGetXmin(next_htup);
716 if (!TransactionIdIsValid(curr_xmax) ||
717 !TransactionIdEquals(curr_xmax, next_xmin))
718 continue;
719
720 /* HOT chains should not intersect. */
721 if (predecessor[nextoffnum] != InvalidOffsetNumber)
722 {
723 report_corruption(&ctx,
724 psprintf("tuple points to new version at offset %d, but offset %d also points there",
725 nextoffnum, predecessor[nextoffnum]));
726 continue;
727 }
728
729 /*
730 * This tuple and the tuple to which it points seem to be part of
731 * an update chain.
732 */
733 predecessor[nextoffnum] = ctx.offnum;
734
735 /*
736 * If the current tuple is marked as HOT-updated, then the next
737 * tuple should be marked as a heap-only tuple. Conversely, if the
738 * current tuple isn't marked as HOT-updated, then the next tuple
739 * shouldn't be marked as a heap-only tuple.
740 *
741 * NB: Can't use HeapTupleHeaderIsHotUpdated() as it checks if
742 * hint bits indicate xmin/xmax aborted.
743 */
744 if (!(curr_htup->t_infomask2 & HEAP_HOT_UPDATED) &&
745 HeapTupleHeaderIsHeapOnly(next_htup))
746 {
747 report_corruption(&ctx,
748 psprintf("non-heap-only update produced a heap-only tuple at offset %d",
749 nextoffnum));
750 }
751 if ((curr_htup->t_infomask2 & HEAP_HOT_UPDATED) &&
752 !HeapTupleHeaderIsHeapOnly(next_htup))
753 {
754 report_corruption(&ctx,
755 psprintf("heap-only update produced a non-heap only tuple at offset %d",
756 nextoffnum));
757 }
758
759 /*
760 * If the current tuple's xmin is still in progress but the
761 * successor tuple's xmin is committed, that's corruption.
762 *
763 * NB: We recheck the commit status of the current tuple's xmin
764 * here, because it might have committed after we checked it and
765 * before we checked the commit status of the successor tuple's
766 * xmin. This should be safe because the xmin itself can't have
767 * changed, only its commit status.
768 */
769 curr_xmin = HeapTupleHeaderGetXmin(curr_htup);
770 if (xmin_commit_status_ok[ctx.offnum] &&
771 xmin_commit_status[ctx.offnum] == XID_IN_PROGRESS &&
772 xmin_commit_status_ok[nextoffnum] &&
773 xmin_commit_status[nextoffnum] == XID_COMMITTED &&
774 TransactionIdIsInProgress(curr_xmin))
775 {
776 report_corruption(&ctx,
777 psprintf("tuple with in-progress xmin %u was updated to produce a tuple at offset %d with committed xmin %u",
778 curr_xmin,
779 ctx.offnum,
780 next_xmin));
781 }
782
783 /*
784 * If the current tuple's xmin is aborted but the successor
785 * tuple's xmin is in-progress or committed, that's corruption.
786 */
787 if (xmin_commit_status_ok[ctx.offnum] &&
788 xmin_commit_status[ctx.offnum] == XID_ABORTED &&
789 xmin_commit_status_ok[nextoffnum])
790 {
791 if (xmin_commit_status[nextoffnum] == XID_IN_PROGRESS)
792 report_corruption(&ctx,
793 psprintf("tuple with aborted xmin %u was updated to produce a tuple at offset %d with in-progress xmin %u",
794 curr_xmin,
795 ctx.offnum,
796 next_xmin));
797 else if (xmin_commit_status[nextoffnum] == XID_COMMITTED)
798 report_corruption(&ctx,
799 psprintf("tuple with aborted xmin %u was updated to produce a tuple at offset %d with committed xmin %u",
800 curr_xmin,
801 ctx.offnum,
802 next_xmin));
803 }
804 }
805
806 /*
807 * An update chain can start either with a non-heap-only tuple or with
808 * a redirect line pointer, but not with a heap-only tuple.
809 *
810 * (This check is in a separate loop because we need the predecessor
811 * array to be fully populated before we can perform it.)
812 */
813 for (ctx.offnum = FirstOffsetNumber;
814 ctx.offnum <= maxoff;
815 ctx.offnum = OffsetNumberNext(ctx.offnum))
816 {
817 if (xmin_commit_status_ok[ctx.offnum] &&
818 (xmin_commit_status[ctx.offnum] == XID_COMMITTED ||
819 xmin_commit_status[ctx.offnum] == XID_IN_PROGRESS) &&
820 predecessor[ctx.offnum] == InvalidOffsetNumber)
821 {
822 ItemId curr_lp;
823
824 curr_lp = PageGetItemId(ctx.page, ctx.offnum);
825 if (!ItemIdIsRedirected(curr_lp))
826 {
827 HeapTupleHeader curr_htup;
828
829 curr_htup = (HeapTupleHeader)
830 PageGetItem(ctx.page, curr_lp);
831 if (HeapTupleHeaderIsHeapOnly(curr_htup))
832 report_corruption(&ctx,
833 psprintf("tuple is root of chain but is marked as heap-only tuple"));
834 }
835 }
836 }
837
838 /* clean up */
839 UnlockReleaseBuffer(ctx.buffer);
840
841 /*
842 * Check any toast pointers from the page whose lock we just released
843 */
844 if (ctx.toasted_attributes != NIL)
845 {
846 ListCell *cell;
847
848 foreach(cell, ctx.toasted_attributes)
849 check_toasted_attribute(&ctx, lfirst(cell));
850 list_free_deep(ctx.toasted_attributes);
851 ctx.toasted_attributes = NIL;
852 }
853
854 if (on_error_stop && ctx.is_corrupt)
855 break;
856 }
857
858 read_stream_end(stream);
859
860 if (vmbuffer != InvalidBuffer)
861 ReleaseBuffer(vmbuffer);
862
863 /* Close the associated toast table and indexes, if any. */
864 if (ctx.toast_indexes)
865 toast_close_indexes(ctx.toast_indexes, ctx.num_toast_indexes,
866 AccessShareLock);
867 if (ctx.toast_rel)
868 table_close(ctx.toast_rel, AccessShareLock);
869
870 /* Close the main relation */
871 relation_close(ctx.rel, AccessShareLock);
872
873 PG_RETURN_NULL();
874}
875
876/*
877 * Heap amcheck's read stream callback for getting the next unskippable block.
878 * This callback is only used when 'all-visible' or 'all-frozen' is provided
879 * as the skip option to verify_heapam(). With the default 'none',
880 * block_range_read_stream_cb() is used instead.
881 */
882static BlockNumber
883heapcheck_read_stream_next_unskippable(ReadStream *stream,
884 void *callback_private_data,
885 void *per_buffer_data)
886{
887 HeapCheckReadStreamData *p = callback_private_data;
888
889 /* Loops over [current_blocknum, last_exclusive) blocks */
890 for (BlockNumber i; (i = p->range.current_blocknum++) < p->range.last_exclusive;)
891 {
892 uint8 mapbits = visibilitymap_get_status(p->rel, i, p->vmbuffer);
893
894 if (p->skip_option == SKIP_PAGES_ALL_FROZEN)
895 {
896 if ((mapbits & VISIBILITYMAP_ALL_FROZEN) != 0)
897 continue;
898 }
899
900 if (p->skip_option == SKIP_PAGES_ALL_VISIBLE)
901 {
902 if ((mapbits & VISIBILITYMAP_ALL_VISIBLE) != 0)
903 continue;
904 }
905
906 return i;
907 }
908
909 return InvalidBlockNumber;
910}
911
912/*
913 * Shared internal implementation for report_corruption and
914 * report_toast_corruption.
915 */
916static void
917report_corruption_internal(Tuplestorestate *tupstore, TupleDesc tupdesc,
918 BlockNumber blkno, OffsetNumber offnum,
919 AttrNumber attnum, char *msg)
920{
921 Datum values[HEAPCHECK_RELATION_COLS] = {0};
922 bool nulls[HEAPCHECK_RELATION_COLS] = {0};
923 HeapTuple tuple;
924
925 values[0] = Int64GetDatum(blkno);
926 values[1] = Int32GetDatum(offnum);
927 values[2] = Int32GetDatum(attnum);
928 nulls[2] = (attnum < 0);
929 values[3] = CStringGetTextDatum(msg);
930
931 /*
932 * In principle, there is nothing to prevent a scan over a large, highly
933 * corrupted table from using work_mem worth of memory building up the
934 * tuplestore. That's ok, but if we also leak the msg argument memory
935 * until the end of the query, we could exceed work_mem by more than a
936 * trivial amount. Therefore, free the msg argument each time we are
937 * called rather than waiting for our current memory context to be freed.
938 */
939 pfree(msg);
940
941 tuple = heap_form_tuple(tupdesc, values, nulls);
942 tuplestore_puttuple(tupstore, tuple);
943}
944
945/*
946 * Record a single corruption found in the main table. The values in ctx should
947 * indicate the location of the corruption, and the msg argument should contain
948 * a human-readable description of the corruption.
949 *
950 * The msg argument is pfree'd by this function.
951 */
952static void
953report_corruption(HeapCheckContext *ctx, char *msg)
954{
955 report_corruption_internal(ctx->tupstore, ctx->tupdesc, ctx->blkno,
956 ctx->offnum, ctx->attnum, msg);
957 ctx->is_corrupt = true;
958}
959
960/*
961 * Record corruption found in the toast table. The values in ta should
962 * indicate the location in the main table where the toast pointer was
963 * encountered, and the msg argument should contain a human-readable
964 * description of the toast table corruption.
965 *
966 * As above, the msg argument is pfree'd by this function.
967 */
968static void
969report_toast_corruption(HeapCheckContext *ctx, ToastedAttribute *ta,
970 char *msg)
971{
972 report_corruption_internal(ctx->tupstore, ctx->tupdesc, ta->blkno,
973 ta->offnum, ta->attnum, msg);
974 ctx->is_corrupt = true;
975}
976
977/*
978 * Check for tuple header corruption.
979 *
980 * Some kinds of corruption make it unsafe to check the tuple attributes, for
981 * example when the line pointer refers to a range of bytes outside the page.
982 * In such cases, we return false (not checkable) after recording appropriate
983 * corruption messages.
984 *
985 * Some other kinds of tuple header corruption confuse the question of where
986 * the tuple attributes begin, or how long the nulls bitmap is, etc., making it
987 * unreasonable to attempt to check attributes, even if all candidate answers
988 * to those questions would not result in reading past the end of the line
989 * pointer or page. In such cases, like above, we record corruption messages
990 * about the header and then return false.
991 *
992 * Other kinds of tuple header corruption do not bear on the question of
993 * whether the tuple attributes can be checked, so we record corruption
994 * messages for them but we do not return false merely because we detected
995 * them.
996 *
997 * Returns whether the tuple is sufficiently sensible to undergo visibility and
998 * attribute checks.
999 */
1000static bool
1001check_tuple_header(HeapCheckContext *ctx)
1002{
1003 HeapTupleHeader tuphdr = ctx->tuphdr;
1004 uint16 infomask = tuphdr->t_infomask;
1005 TransactionId curr_xmax = HeapTupleHeaderGetUpdateXid(tuphdr);
1006 bool result = true;
1007 unsigned expected_hoff;
1008
1009 if (ctx->tuphdr->t_hoff > ctx->lp_len)
1010 {
1011 report_corruption(ctx,
1012 psprintf("data begins at offset %u beyond the tuple length %u",
1013 ctx->tuphdr->t_hoff, ctx->lp_len));
1014 result = false;
1015 }
1016
1017 if ((ctx->tuphdr->t_infomask & HEAP_XMAX_COMMITTED) &&
1018 (ctx->tuphdr->t_infomask & HEAP_XMAX_IS_MULTI))
1019 {
1020 report_corruption(ctx,
1021 pstrdup("multixact should not be marked committed"));
1022
1023 /*
1024 * This condition is clearly wrong, but it's not enough to justify
1025 * skipping further checks, because we don't rely on this to determine
1026 * whether the tuple is visible or to interpret other relevant header
1027 * fields.
1028 */
1029 }
1030
1031 if (!TransactionIdIsValid(curr_xmax) &&
1032 HeapTupleHeaderIsHotUpdated(tuphdr))
1033 {
1034 report_corruption(ctx,
1035 psprintf("tuple has been HOT updated, but xmax is 0"));
1036
1037 /*
1038 * As above, even though this shouldn't happen, it's not sufficient
1039 * justification for skipping further checks, we should still be able
1040 * to perform sensibly.
1041 */
1042 }
1043
1044 if (HeapTupleHeaderIsHeapOnly(tuphdr) &&
1045 ((tuphdr->t_infomask & HEAP_UPDATED) == 0))
1046 {
1047 report_corruption(ctx,
1048 psprintf("tuple is heap only, but not the result of an update"));
1049
1050 /* Here again, we can still perform further checks. */
1051 }
1052
1053 if (infomask & HEAP_HASNULL)
1054 expected_hoff = MAXALIGN(SizeofHeapTupleHeader + BITMAPLEN(ctx->natts));
1055 else
1056 expected_hoff = MAXALIGN(SizeofHeapTupleHeader);
1057 if (ctx->tuphdr->t_hoff != expected_hoff)
1058 {
1059 if ((infomask & HEAP_HASNULL) && ctx->natts == 1)
1060 report_corruption(ctx,
1061 psprintf("tuple data should begin at byte %u, but actually begins at byte %u (1 attribute, has nulls)",
1062 expected_hoff, ctx->tuphdr->t_hoff));
1063 else if ((infomask & HEAP_HASNULL))
1064 report_corruption(ctx,
1065 psprintf("tuple data should begin at byte %u, but actually begins at byte %u (%u attributes, has nulls)",
1066 expected_hoff, ctx->tuphdr->t_hoff, ctx->natts));
1067 else if (ctx->natts == 1)
1068 report_corruption(ctx,
1069 psprintf("tuple data should begin at byte %u, but actually begins at byte %u (1 attribute, no nulls)",
1070 expected_hoff, ctx->tuphdr->t_hoff));
1071 else
1072 report_corruption(ctx,
1073 psprintf("tuple data should begin at byte %u, but actually begins at byte %u (%u attributes, no nulls)",
1074 expected_hoff, ctx->tuphdr->t_hoff, ctx->natts));
1075 result = false;
1076 }
1077
1078 return result;
1079}
1080
1081/*
1082 * Checks tuple visibility so we know which further checks are safe to
1083 * perform.
1084 *
1085 * If a tuple could have been inserted by a transaction that also added a
1086 * column to the table, but which ultimately did not commit, or which has not
1087 * yet committed, then the table's current TupleDesc might differ from the one
1088 * used to construct this tuple, so we must not check it.
1089 *
1090 * As a special case, if our own transaction inserted the tuple, even if we
1091 * added a column to the table, our TupleDesc should match. We could check the
1092 * tuple, but choose not to do so.
1093 *
1094 * If a tuple has been updated or deleted, we can still read the old tuple for
1095 * corruption checking purposes, as long as we are careful about concurrent
1096 * vacuums. The main table tuple itself cannot be vacuumed away because we
1097 * hold a buffer lock on the page, but if the deleting transaction is older
1098 * than our transaction snapshot's xmin, then vacuum could remove the toast at
1099 * any time, so we must not try to follow TOAST pointers.
1100 *
1101 * If xmin or xmax values are older than can be checked against clog, or appear
1102 * to be in the future (possibly due to wrap-around), then we cannot make a
1103 * determination about the visibility of the tuple, so we skip further checks.
1104 *
1105 * Returns true if the tuple itself should be checked, false otherwise. Sets
1106 * ctx->tuple_could_be_pruned if the tuple -- and thus also any associated
1107 * TOAST tuples -- are eligible for pruning.
1108 *
1109 * Sets *xmin_commit_status_ok to true if the commit status of xmin is known
1110 * and false otherwise. If it's set to true, then also set *xmin_commit_status
1111 * to the actual commit status.
1112 */
1113static bool
1114check_tuple_visibility(HeapCheckContext *ctx, bool *xmin_commit_status_ok,
1115 XidCommitStatus *xmin_commit_status)
1116{
1117 TransactionId xmin;
1118 TransactionId xvac;
1119 TransactionId xmax;
1120 XidCommitStatus xmin_status;
1121 XidCommitStatus xvac_status;
1122 XidCommitStatus xmax_status;
1123 HeapTupleHeader tuphdr = ctx->tuphdr;
1124
1125 ctx->tuple_could_be_pruned = true; /* have not yet proven otherwise */
1126 *xmin_commit_status_ok = false; /* have not yet proven otherwise */
1127
1128 /* If xmin is normal, it should be within valid range */
1129 xmin = HeapTupleHeaderGetXmin(tuphdr);
1130 switch (get_xid_status(xmin, ctx, &xmin_status))
1131 {
1132 case XID_INVALID:
1133 /* Could be the result of a speculative insertion that aborted. */
1134 return false;
1135 case XID_BOUNDS_OK:
1136 *xmin_commit_status_ok = true;
1137 *xmin_commit_status = xmin_status;
1138 break;
1139 case XID_IN_FUTURE:
1140 report_corruption(ctx,
1141 psprintf("xmin %u equals or exceeds next valid transaction ID %u:%u",
1142 xmin,
1143 EpochFromFullTransactionId(ctx->next_fxid),
1144 XidFromFullTransactionId(ctx->next_fxid)));
1145 return false;
1146 case XID_PRECEDES_CLUSTERMIN:
1147 report_corruption(ctx,
1148 psprintf("xmin %u precedes oldest valid transaction ID %u:%u",
1149 xmin,
1150 EpochFromFullTransactionId(ctx->oldest_fxid),
1151 XidFromFullTransactionId(ctx->oldest_fxid)));
1152 return false;
1153 case XID_PRECEDES_RELMIN:
1154 report_corruption(ctx,
1155 psprintf("xmin %u precedes relation freeze threshold %u:%u",
1156 xmin,
1157 EpochFromFullTransactionId(ctx->relfrozenfxid),
1158 XidFromFullTransactionId(ctx->relfrozenfxid)));
1159 return false;
1160 }
1161
1162 /*
1163 * Has inserting transaction committed?
1164 */
1165 if (!HeapTupleHeaderXminCommitted(tuphdr))
1166 {
1167 if (HeapTupleHeaderXminInvalid(tuphdr))
1168 return false; /* inserter aborted, don't check */
1169 /* Used by pre-9.0 binary upgrades */
1170 else if (tuphdr->t_infomask & HEAP_MOVED_OFF)
1171 {
1172 xvac = HeapTupleHeaderGetXvac(tuphdr);
1173
1174 switch (get_xid_status(xvac, ctx, &xvac_status))
1175 {
1176 case XID_INVALID:
1177 report_corruption(ctx,
1178 pstrdup("old-style VACUUM FULL transaction ID for moved off tuple is invalid"));
1179 return false;
1180 case XID_IN_FUTURE:
1181 report_corruption(ctx,
1182 psprintf("old-style VACUUM FULL transaction ID %u for moved off tuple equals or exceeds next valid transaction ID %u:%u",
1183 xvac,
1184 EpochFromFullTransactionId(ctx->next_fxid),
1185 XidFromFullTransactionId(ctx->next_fxid)));
1186 return false;
1187 case XID_PRECEDES_RELMIN:
1188 report_corruption(ctx,
1189 psprintf("old-style VACUUM FULL transaction ID %u for moved off tuple precedes relation freeze threshold %u:%u",
1190 xvac,
1191 EpochFromFullTransactionId(ctx->relfrozenfxid),
1192 XidFromFullTransactionId(ctx->relfrozenfxid)));
1193 return false;
1194 case XID_PRECEDES_CLUSTERMIN:
1195 report_corruption(ctx,
1196 psprintf("old-style VACUUM FULL transaction ID %u for moved off tuple precedes oldest valid transaction ID %u:%u",
1197 xvac,
1198 EpochFromFullTransactionId(ctx->oldest_fxid),
1199 XidFromFullTransactionId(ctx->oldest_fxid)));
1200 return false;
1201 case XID_BOUNDS_OK:
1202 break;
1203 }
1204
1205 switch (xvac_status)
1206 {
1207 case XID_IS_CURRENT_XID:
1208 report_corruption(ctx,
1209 psprintf("old-style VACUUM FULL transaction ID %u for moved off tuple matches our current transaction ID",
1210 xvac));
1211 return false;
1212 case XID_IN_PROGRESS:
1213 report_corruption(ctx,
1214 psprintf("old-style VACUUM FULL transaction ID %u for moved off tuple appears to be in progress",
1215 xvac));
1216 return false;
1217
1218 case XID_COMMITTED:
1219
1220 /*
1221 * The tuple is dead, because the xvac transaction moved
1222 * it off and committed. It's checkable, but also
1223 * prunable.
1224 */
1225 return true;
1226
1227 case XID_ABORTED:
1228
1229 /*
1230 * The original xmin must have committed, because the xvac
1231 * transaction tried to move it later. Since xvac is
1232 * aborted, whether it's still alive now depends on the
1233 * status of xmax.
1234 */
1235 break;
1236 }
1237 }
1238 /* Used by pre-9.0 binary upgrades */
1239 else if (tuphdr->t_infomask & HEAP_MOVED_IN)
1240 {
1241 xvac = HeapTupleHeaderGetXvac(tuphdr);
1242
1243 switch (get_xid_status(xvac, ctx, &xvac_status))
1244 {
1245 case XID_INVALID:
1246 report_corruption(ctx,
1247 pstrdup("old-style VACUUM FULL transaction ID for moved in tuple is invalid"));
1248 return false;
1249 case XID_IN_FUTURE:
1250 report_corruption(ctx,
1251 psprintf("old-style VACUUM FULL transaction ID %u for moved in tuple equals or exceeds next valid transaction ID %u:%u",
1252 xvac,
1253 EpochFromFullTransactionId(ctx->next_fxid),
1254 XidFromFullTransactionId(ctx->next_fxid)));
1255 return false;
1256 case XID_PRECEDES_RELMIN:
1257 report_corruption(ctx,
1258 psprintf("old-style VACUUM FULL transaction ID %u for moved in tuple precedes relation freeze threshold %u:%u",
1259 xvac,
1260 EpochFromFullTransactionId(ctx->relfrozenfxid),
1261 XidFromFullTransactionId(ctx->relfrozenfxid)));
1262 return false;
1263 case XID_PRECEDES_CLUSTERMIN:
1264 report_corruption(ctx,
1265 psprintf("old-style VACUUM FULL transaction ID %u for moved in tuple precedes oldest valid transaction ID %u:%u",
1266 xvac,
1267 EpochFromFullTransactionId(ctx->oldest_fxid),
1268 XidFromFullTransactionId(ctx->oldest_fxid)));
1269 return false;
1270 case XID_BOUNDS_OK:
1271 break;
1272 }
1273
1274 switch (xvac_status)
1275 {
1276 case XID_IS_CURRENT_XID:
1277 report_corruption(ctx,
1278 psprintf("old-style VACUUM FULL transaction ID %u for moved in tuple matches our current transaction ID",
1279 xvac));
1280 return false;
1281 case XID_IN_PROGRESS:
1282 report_corruption(ctx,
1283 psprintf("old-style VACUUM FULL transaction ID %u for moved in tuple appears to be in progress",
1284 xvac));
1285 return false;
1286
1287 case XID_COMMITTED:
1288
1289 /*
1290 * The original xmin must have committed, because the xvac
1291 * transaction moved it later. Whether it's still alive
1292 * now depends on the status of xmax.
1293 */
1294 break;
1295
1296 case XID_ABORTED:
1297
1298 /*
1299 * The tuple is dead, because the xvac transaction moved
1300 * it off and committed. It's checkable, but also
1301 * prunable.
1302 */
1303 return true;
1304 }
1305 }
1306 else if (xmin_status != XID_COMMITTED)
1307 {
1308 /*
1309 * Inserting transaction is not in progress, and not committed, so
1310 * it might have changed the TupleDesc in ways we don't know
1311 * about. Thus, don't try to check the tuple structure.
1312 *
1313 * If xmin_status happens to be XID_IS_CURRENT_XID, then in theory
1314 * any such DDL changes ought to be visible to us, so perhaps we
1315 * could check anyway in that case. But, for now, let's be
1316 * conservative and treat this like any other uncommitted insert.
1317 */
1318 return false;
1319 }
1320 }
1321
1322 /*
1323 * Okay, the inserter committed, so it was good at some point. Now what
1324 * about the deleting transaction?
1325 */
1326
1327 if (tuphdr->t_infomask & HEAP_XMAX_IS_MULTI)
1328 {
1329 /*
1330 * xmax is a multixact, so sanity-check the MXID. Note that we do this
1331 * prior to checking for HEAP_XMAX_INVALID or
1332 * HEAP_XMAX_IS_LOCKED_ONLY. This might therefore complain about
1333 * things that wouldn't actually be a problem during a normal scan,
1334 * but eventually we're going to have to freeze, and that process will
1335 * ignore hint bits.
1336 *
1337 * Even if the MXID is out of range, we still know that the original
1338 * insert committed, so we can check the tuple itself. However, we
1339 * can't rule out the possibility that this tuple is dead, so don't
1340 * clear ctx->tuple_could_be_pruned. Possibly we should go ahead and
1341 * clear that flag anyway if HEAP_XMAX_INVALID is set or if
1342 * HEAP_XMAX_IS_LOCKED_ONLY is true, but for now we err on the side of
1343 * avoiding possibly-bogus complaints about missing TOAST entries.
1344 */
1345 xmax = HeapTupleHeaderGetRawXmax(tuphdr);
1346 switch (check_mxid_valid_in_rel(xmax, ctx))
1347 {
1348 case XID_INVALID:
1349 report_corruption(ctx,
1350 pstrdup("multitransaction ID is invalid"));
1351 return true;
1352 case XID_PRECEDES_RELMIN:
1353 report_corruption(ctx,
1354 psprintf("multitransaction ID %u precedes relation minimum multitransaction ID threshold %u",
1355 xmax, ctx->relminmxid));
1356 return true;
1357 case XID_PRECEDES_CLUSTERMIN:
1358 report_corruption(ctx,
1359 psprintf("multitransaction ID %u precedes oldest valid multitransaction ID threshold %u",
1360 xmax, ctx->oldest_mxact));
1361 return true;
1362 case XID_IN_FUTURE:
1363 report_corruption(ctx,
1364 psprintf("multitransaction ID %u equals or exceeds next valid multitransaction ID %u",
1365 xmax,
1366 ctx->next_mxact));
1367 return true;
1368 case XID_BOUNDS_OK:
1369 break;
1370 }
1371 }
1372
1373 if (tuphdr->t_infomask & HEAP_XMAX_INVALID)
1374 {
1375 /*
1376 * This tuple is live. A concurrently running transaction could
1377 * delete it before we get around to checking the toast, but any such
1378 * running transaction is surely not less than our safe_xmin, so the
1379 * toast cannot be vacuumed out from under us.
1380 */
1381 ctx->tuple_could_be_pruned = false;
1382 return true;
1383 }
1384
1385 if (HEAP_XMAX_IS_LOCKED_ONLY(tuphdr->t_infomask))
1386 {
1387 /*
1388 * "Deleting" xact really only locked it, so the tuple is live in any
1389 * case. As above, a concurrently running transaction could delete
1390 * it, but it cannot be vacuumed out from under us.
1391 */
1392 ctx->tuple_could_be_pruned = false;
1393 return true;
1394 }
1395
1396 if (tuphdr->t_infomask & HEAP_XMAX_IS_MULTI)
1397 {
1398 /*
1399 * We already checked above that this multixact is within limits for
1400 * this table. Now check the update xid from this multixact.
1401 */
1402 xmax = HeapTupleGetUpdateXid(tuphdr);
1403 switch (get_xid_status(xmax, ctx, &xmax_status))
1404 {
1405 case XID_INVALID:
1406 /* not LOCKED_ONLY, so it has to have an xmax */
1407 report_corruption(ctx,
1408 pstrdup("update xid is invalid"));
1409 return true;
1410 case XID_IN_FUTURE:
1411 report_corruption(ctx,
1412 psprintf("update xid %u equals or exceeds next valid transaction ID %u:%u",
1413 xmax,
1414 EpochFromFullTransactionId(ctx->next_fxid),
1415 XidFromFullTransactionId(ctx->next_fxid)));
1416 return true;
1417 case XID_PRECEDES_RELMIN:
1418 report_corruption(ctx,
1419 psprintf("update xid %u precedes relation freeze threshold %u:%u",
1420 xmax,
1421 EpochFromFullTransactionId(ctx->relfrozenfxid),
1422 XidFromFullTransactionId(ctx->relfrozenfxid)));
1423 return true;
1424 case XID_PRECEDES_CLUSTERMIN:
1425 report_corruption(ctx,
1426 psprintf("update xid %u precedes oldest valid transaction ID %u:%u",
1427 xmax,
1428 EpochFromFullTransactionId(ctx->oldest_fxid),
1429 XidFromFullTransactionId(ctx->oldest_fxid)));
1430 return true;
1431 case XID_BOUNDS_OK:
1432 break;
1433 }
1434
1435 switch (xmax_status)
1436 {
1437 case XID_IS_CURRENT_XID:
1438 case XID_IN_PROGRESS:
1439
1440 /*
1441 * The delete is in progress, so it cannot be visible to our
1442 * snapshot.
1443 */
1444 ctx->tuple_could_be_pruned = false;
1445 break;
1446 case XID_COMMITTED:
1447
1448 /*
1449 * The delete committed. Whether the toast can be vacuumed
1450 * away depends on how old the deleting transaction is.
1451 */
1452 ctx->tuple_could_be_pruned = TransactionIdPrecedes(xmax,
1453 ctx->safe_xmin);
1454 break;
1455 case XID_ABORTED:
1456
1457 /*
1458 * The delete aborted or crashed. The tuple is still live.
1459 */
1460 ctx->tuple_could_be_pruned = false;
1461 break;
1462 }
1463
1464 /* Tuple itself is checkable even if it's dead. */
1465 return true;
1466 }
1467
1468 /* xmax is an XID, not a MXID. Sanity check it. */
1469 xmax = HeapTupleHeaderGetRawXmax(tuphdr);
1470 switch (get_xid_status(xmax, ctx, &xmax_status))
1471 {
1472 case XID_INVALID:
1473 ctx->tuple_could_be_pruned = false;
1474 return true;
1475 case XID_IN_FUTURE:
1476 report_corruption(ctx,
1477 psprintf("xmax %u equals or exceeds next valid transaction ID %u:%u",
1478 xmax,
1479 EpochFromFullTransactionId(ctx->next_fxid),
1480 XidFromFullTransactionId(ctx->next_fxid)));
1481 return false; /* corrupt */
1482 case XID_PRECEDES_RELMIN:
1483 report_corruption(ctx,
1484 psprintf("xmax %u precedes relation freeze threshold %u:%u",
1485 xmax,
1486 EpochFromFullTransactionId(ctx->relfrozenfxid),
1487 XidFromFullTransactionId(ctx->relfrozenfxid)));
1488 return false; /* corrupt */
1489 case XID_PRECEDES_CLUSTERMIN:
1490 report_corruption(ctx,
1491 psprintf("xmax %u precedes oldest valid transaction ID %u:%u",
1492 xmax,
1493 EpochFromFullTransactionId(ctx->oldest_fxid),
1494 XidFromFullTransactionId(ctx->oldest_fxid)));
1495 return false; /* corrupt */
1496 case XID_BOUNDS_OK:
1497 break;
1498 }
1499
1500 /*
1501 * Whether the toast can be vacuumed away depends on how old the deleting
1502 * transaction is.
1503 */
1504 switch (xmax_status)
1505 {
1506 case XID_IS_CURRENT_XID:
1507 case XID_IN_PROGRESS:
1508
1509 /*
1510 * The delete is in progress, so it cannot be visible to our
1511 * snapshot.
1512 */
1513 ctx->tuple_could_be_pruned = false;
1514 break;
1515
1516 case XID_COMMITTED:
1517
1518 /*
1519 * The delete committed. Whether the toast can be vacuumed away
1520 * depends on how old the deleting transaction is.
1521 */
1522 ctx->tuple_could_be_pruned = TransactionIdPrecedes(xmax,
1523 ctx->safe_xmin);
1524 break;
1525
1526 case XID_ABORTED:
1527
1528 /*
1529 * The delete aborted or crashed. The tuple is still live.
1530 */
1531 ctx->tuple_could_be_pruned = false;
1532 break;
1533 }
1534
1535 /* Tuple itself is checkable even if it's dead. */
1536 return true;
1537}
1538
1539
1540/*
1541 * Check the current toast tuple against the state tracked in ctx, recording
1542 * any corruption found in ctx->tupstore.
1543 *
1544 * This is not equivalent to running verify_heapam on the toast table itself,
1545 * and is not hardened against corruption of the toast table. Rather, when
1546 * validating a toasted attribute in the main table, the sequence of toast
1547 * tuples that store the toasted value are retrieved and checked in order, with
1548 * each toast tuple being checked against where we are in the sequence, as well
1549 * as each toast tuple having its varlena structure sanity checked.
1550 *
1551 * On entry, *expected_chunk_seq should be the chunk_seq value that we expect
1552 * to find in toasttup. On exit, it will be updated to the value the next call
1553 * to this function should expect to see.
1554 */
1555static void
1556check_toast_tuple(HeapTuple toasttup, HeapCheckContext *ctx,
1557 ToastedAttribute *ta, int32 *expected_chunk_seq,
1558 uint32 extsize)
1559{
1560 int32 chunk_seq;
1561 int32 last_chunk_seq = (extsize - 1) / TOAST_MAX_CHUNK_SIZE;
1562 Pointer chunk;
1563 bool isnull;
1564 int32 chunksize;
1565 int32 expected_size;
1566
1567 /* Sanity-check the sequence number. */
1568 chunk_seq = DatumGetInt32(fastgetattr(toasttup, 2,
1569 ctx->toast_rel->rd_att, &isnull));
1570 if (isnull)
1571 {
1572 report_toast_corruption(ctx, ta,
1573 psprintf("toast value %u has toast chunk with null sequence number",
1574 ta->toast_pointer.va_valueid));
1575 return;
1576 }
1577 if (chunk_seq != *expected_chunk_seq)
1578 {
1579 /* Either the TOAST index is corrupt, or we don't have all chunks. */
1580 report_toast_corruption(ctx, ta,
1581 psprintf("toast value %u index scan returned chunk %d when expecting chunk %d",
1582 ta->toast_pointer.va_valueid,
1583 chunk_seq, *expected_chunk_seq));
1584 }
1585 *expected_chunk_seq = chunk_seq + 1;
1586
1587 /* Sanity-check the chunk data. */
1588 chunk = DatumGetPointer(fastgetattr(toasttup, 3,
1589 ctx->toast_rel->rd_att, &isnull));
1590 if (isnull)
1591 {
1592 report_toast_corruption(ctx, ta,
1593 psprintf("toast value %u chunk %d has null data",
1594 ta->toast_pointer.va_valueid,
1595 chunk_seq));
1596 return;
1597 }
1598 if (!VARATT_IS_EXTENDED(chunk))
1599 chunksize = VARSIZE(chunk) - VARHDRSZ;
1600 else if (VARATT_IS_SHORT(chunk))
1601 {
1602 /*
1603 * could happen due to heap_form_tuple doing its thing
1604 */
1605 chunksize = VARSIZE_SHORT(chunk) - VARHDRSZ_SHORT;
1606 }
1607 else
1608 {
1609 /* should never happen */
1610 uint32 header = ((varattrib_4b *) chunk)->va_4byte.va_header;
1611
1612 report_toast_corruption(ctx, ta,
1613 psprintf("toast value %u chunk %d has invalid varlena header %0x",
1614 ta->toast_pointer.va_valueid,
1615 chunk_seq, header));
1616 return;
1617 }
1618
1619 /*
1620 * Some checks on the data we've found
1621 */
1622 if (chunk_seq > last_chunk_seq)
1623 {
1624 report_toast_corruption(ctx, ta,
1625 psprintf("toast value %u chunk %d follows last expected chunk %d",
1626 ta->toast_pointer.va_valueid,
1627 chunk_seq, last_chunk_seq));
1628 return;
1629 }
1630
1631 expected_size = chunk_seq < last_chunk_seq ? TOAST_MAX_CHUNK_SIZE
1632 : extsize - (last_chunk_seq * TOAST_MAX_CHUNK_SIZE);
1633
1634 if (chunksize != expected_size)
1635 report_toast_corruption(ctx, ta,
1636 psprintf("toast value %u chunk %d has size %u, but expected size %u",
1637 ta->toast_pointer.va_valueid,
1638 chunk_seq, chunksize, expected_size));
1639}
1640
1641/*
1642 * Check the current attribute as tracked in ctx, recording any corruption
1643 * found in ctx->tupstore.
1644 *
1645 * This function follows the logic performed by heap_deform_tuple(), and in the
1646 * case of a toasted value, optionally stores the toast pointer so later it can
1647 * be checked following the logic of detoast_external_attr(), checking for any
1648 * conditions that would result in either of those functions Asserting or
1649 * crashing the backend. The checks performed by Asserts present in those two
1650 * functions are also performed here and in check_toasted_attribute. In cases
1651 * where those two functions are a bit cavalier in their assumptions about data
1652 * being correct, we perform additional checks not present in either of those
1653 * two functions. Where some condition is checked in both of those functions,
1654 * we perform it here twice, as we parallel the logical flow of those two
1655 * functions. The presence of duplicate checks seems a reasonable price to pay
1656 * for keeping this code tightly coupled with the code it protects.
1657 *
1658 * Returns true if the tuple attribute is sane enough for processing to
1659 * continue on to the next attribute, false otherwise.
1660 */
1661static bool
1662check_tuple_attribute(HeapCheckContext *ctx)
1663{
1664 Datum attdatum;
1665 varlena *attr;
1666 char *tp; /* pointer to the tuple data */
1667 uint16 infomask;
1668 CompactAttribute *thisatt;
1669 varatt_external toast_pointer;
1670
1671 infomask = ctx->tuphdr->t_infomask;
1672 thisatt = TupleDescCompactAttr(RelationGetDescr(ctx->rel), ctx->attnum);
1673
1674 tp = (char *) ctx->tuphdr + ctx->tuphdr->t_hoff;
1675
1676 if (ctx->tuphdr->t_hoff + ctx->offset > ctx->lp_len)
1677 {
1678 report_corruption(ctx,
1679 psprintf("attribute with length %u starts at offset %u beyond total tuple length %u",
1680 thisatt->attlen,
1681 ctx->tuphdr->t_hoff + ctx->offset,
1682 ctx->lp_len));
1683 return false;
1684 }
1685
1686 /* Skip null values */
1687 if (infomask & HEAP_HASNULL && att_isnull(ctx->attnum, ctx->tuphdr->t_bits))
1688 return true;
1689
1690 /* Skip non-varlena values, but update offset first */
1691 if (thisatt->attlen != -1)
1692 {
1693 ctx->offset = att_nominal_alignby(ctx->offset, thisatt->attalignby);
1694 ctx->offset = att_addlength_pointer(ctx->offset, thisatt->attlen,
1695 tp + ctx->offset);
1696 if (ctx->tuphdr->t_hoff + ctx->offset > ctx->lp_len)
1697 {
1698 report_corruption(ctx,
1699 psprintf("attribute with length %u ends at offset %u beyond total tuple length %u",
1700 thisatt->attlen,
1701 ctx->tuphdr->t_hoff + ctx->offset,
1702 ctx->lp_len));
1703 return false;
1704 }
1705 return true;
1706 }
1707
1708 /* Ok, we're looking at a varlena attribute. */
1709 ctx->offset = att_pointer_alignby(ctx->offset, thisatt->attalignby, -1,
1710 tp + ctx->offset);
1711
1712 /* Get the (possibly corrupt) varlena datum */
1713 attdatum = fetchatt(thisatt, tp + ctx->offset);
1714
1715 /*
1716 * We have the datum, but we cannot decode it carelessly, as it may still
1717 * be corrupt.
1718 */
1719
1720 /*
1721 * Check that VARTAG_SIZE won't hit an Assert on a corrupt va_tag before
1722 * risking a call into att_addlength_pointer
1723 */
1724 if (VARATT_IS_EXTERNAL(tp + ctx->offset))
1725 {
1726 uint8 va_tag = VARTAG_EXTERNAL(tp + ctx->offset);
1727
1728 if (va_tag != VARTAG_ONDISK)
1729 {
1730 report_corruption(ctx,
1731 psprintf("toasted attribute has unexpected TOAST tag %u",
1732 va_tag));
1733 /* We can't know where the next attribute begins */
1734 return false;
1735 }
1736 }
1737
1738 /* Ok, should be safe now */
1739 ctx->offset = att_addlength_pointer(ctx->offset, thisatt->attlen,
1740 tp + ctx->offset);
1741
1742 if (ctx->tuphdr->t_hoff + ctx->offset > ctx->lp_len)
1743 {
1744 report_corruption(ctx,
1745 psprintf("attribute with length %u ends at offset %u beyond total tuple length %u",
1746 thisatt->attlen,
1747 ctx->tuphdr->t_hoff + ctx->offset,
1748 ctx->lp_len));
1749
1750 return false;
1751 }
1752
1753 /*
1754 * heap_deform_tuple would be done with this attribute at this point,
1755 * having stored it in values[], and would continue to the next attribute.
1756 * We go further, because we need to check if the toast datum is corrupt.
1757 */
1758
1759 attr = (varlena *) DatumGetPointer(attdatum);
1760
1761 /*
1762 * Now we follow the logic of detoast_external_attr(), with the same
1763 * caveats about being paranoid about corruption.
1764 */
1765
1766 /* Skip values that are not external */
1767 if (!VARATT_IS_EXTERNAL(attr))
1768 return true;
1769
1770 /* It is external, and we're looking at a page on disk */
1771
1772 /*
1773 * Must copy attr into toast_pointer for alignment considerations
1774 */
1775 VARATT_EXTERNAL_GET_POINTER(toast_pointer, attr);
1776
1777 /* Toasted attributes too large to be untoasted should never be stored */
1778 if (toast_pointer.va_rawsize > VARLENA_SIZE_LIMIT)
1779 report_corruption(ctx,
1780 psprintf("toast value %u rawsize %d exceeds limit %d",
1781 toast_pointer.va_valueid,
1782 toast_pointer.va_rawsize,
1783 VARLENA_SIZE_LIMIT));
1784
1785 if (VARATT_EXTERNAL_IS_COMPRESSED(toast_pointer))
1786 {
1787 ToastCompressionId cmid;
1788 bool valid = false;
1789
1790 /* Compressed attributes should have a valid compression method */
1791 cmid = TOAST_COMPRESS_METHOD(&toast_pointer);
1792 switch (cmid)
1793 {
1794 /* List of all valid compression method IDs */
1795 case TOAST_PGLZ_COMPRESSION_ID:
1796 case TOAST_LZ4_COMPRESSION_ID:
1797 valid = true;
1798 break;
1799
1800 /* Recognized but invalid compression method ID */
1801 case TOAST_INVALID_COMPRESSION_ID:
1802 break;
1803
1804 /* Intentionally no default here */
1805 }
1806 if (!valid)
1807 report_corruption(ctx,
1808 psprintf("toast value %u has invalid compression method id %d",
1809 toast_pointer.va_valueid, cmid));
1810 }
1811
1812 /* The tuple header better claim to contain toasted values */
1813 if (!(infomask & HEAP_HASEXTERNAL))
1814 {
1815 report_corruption(ctx,
1816 psprintf("toast value %u is external but tuple header flag HEAP_HASEXTERNAL not set",
1817 toast_pointer.va_valueid));
1818 return true;
1819 }
1820
1821 /* The relation better have a toast table */
1822 if (!ctx->rel->rd_rel->reltoastrelid)
1823 {
1824 report_corruption(ctx,
1825 psprintf("toast value %u is external but relation has no toast relation",
1826 toast_pointer.va_valueid));
1827 return true;
1828 }
1829
1830 /* If we were told to skip toast checking, then we're done. */
1831 if (ctx->toast_rel == NULL)
1832 return true;
1833
1834 /*
1835 * If this tuple is eligible to be pruned, we cannot check the toast.
1836 * Otherwise, we push a copy of the toast tuple so we can check it after
1837 * releasing the main table buffer lock.
1838 */
1839 if (!ctx->tuple_could_be_pruned)
1840 {
1841 ToastedAttribute *ta;
1842
1843 ta = palloc0_object(ToastedAttribute);
1844
1845 VARATT_EXTERNAL_GET_POINTER(ta->toast_pointer, attr);
1846 ta->blkno = ctx->blkno;
1847 ta->offnum = ctx->offnum;
1848 ta->attnum = ctx->attnum;
1849 ctx->toasted_attributes = lappend(ctx->toasted_attributes, ta);
1850 }
1851
1852 return true;
1853}
1854
1855/*
1856 * For each attribute collected in ctx->toasted_attributes, look up the value
1857 * in the toast table and perform checks on it. This function should only be
1858 * called on toast pointers which cannot be vacuumed away during our
1859 * processing.
1860 */
1861static void
1862check_toasted_attribute(HeapCheckContext *ctx, ToastedAttribute *ta)
1863{
1864 ScanKeyData toastkey;
1865 SysScanDesc toastscan;
1866 bool found_toasttup;
1867 HeapTuple toasttup;
1868 uint32 extsize;
1869 int32 expected_chunk_seq = 0;
1870 int32 last_chunk_seq;
1871
1872 extsize = VARATT_EXTERNAL_GET_EXTSIZE(ta->toast_pointer);
1873 last_chunk_seq = (extsize - 1) / TOAST_MAX_CHUNK_SIZE;
1874
1875 /*
1876 * Setup a scan key to find chunks in toast table with matching va_valueid
1877 */
1878 ScanKeyInit(&toastkey,
1879 (AttrNumber) 1,
1880 BTEqualStrategyNumber, F_OIDEQ,
1881 ObjectIdGetDatum(ta->toast_pointer.va_valueid));
1882
1883 /*
1884 * Check if any chunks for this toasted object exist in the toast table,
1885 * accessible via the index.
1886 */
1887 toastscan = systable_beginscan_ordered(ctx->toast_rel,
1888 ctx->valid_toast_index,
1889 get_toast_snapshot(), 1,
1890 &toastkey);
1891 found_toasttup = false;
1892 while ((toasttup =
1893 systable_getnext_ordered(toastscan,
1894 ForwardScanDirection)) != NULL)
1895 {
1896 found_toasttup = true;
1897 check_toast_tuple(toasttup, ctx, ta, &expected_chunk_seq, extsize);
1898 }
1899 systable_endscan_ordered(toastscan);
1900
1901 if (!found_toasttup)
1902 report_toast_corruption(ctx, ta,
1903 psprintf("toast value %u not found in toast table",
1904 ta->toast_pointer.va_valueid));
1905 else if (expected_chunk_seq <= last_chunk_seq)
1906 report_toast_corruption(ctx, ta,
1907 psprintf("toast value %u was expected to end at chunk %d, but ended while expecting chunk %d",
1908 ta->toast_pointer.va_valueid,
1909 last_chunk_seq, expected_chunk_seq));
1910}
1911
1912/*
1913 * Check the current tuple as tracked in ctx, recording any corruption found in
1914 * ctx->tupstore.
1915 *
1916 * We return some information about the status of xmin to aid in validating
1917 * update chains.
1918 */
1919static void
1920check_tuple(HeapCheckContext *ctx, bool *xmin_commit_status_ok,
1921 XidCommitStatus *xmin_commit_status)
1922{
1923 /*
1924 * Check various forms of tuple header corruption, and if the header is
1925 * too corrupt, do not continue with other checks.
1926 */
1927 if (!check_tuple_header(ctx))
1928 return;
1929
1930 /*
1931 * Check tuple visibility. If the inserting transaction aborted, we
1932 * cannot assume our relation description matches the tuple structure, and
1933 * therefore cannot check it.
1934 */
1935 if (!check_tuple_visibility(ctx, xmin_commit_status_ok,
1936 xmin_commit_status))
1937 return;
1938
1939 /*
1940 * The tuple is visible, so it must be compatible with the current version
1941 * of the relation descriptor. It might have fewer columns than are
1942 * present in the relation descriptor, but it cannot have more.
1943 */
1944 if (RelationGetDescr(ctx->rel)->natts < ctx->natts)
1945 {
1946 report_corruption(ctx,
1947 psprintf("number of attributes %u exceeds maximum %u expected for table",
1948 ctx->natts,
1949 RelationGetDescr(ctx->rel)->natts));
1950 return;
1951 }
1952
1953 /*
1954 * Check each attribute unless we hit corruption that confuses what to do
1955 * next, at which point we abort further attribute checks for this tuple.
1956 * Note that we don't abort for all types of corruption, only for those
1957 * types where we don't know how to continue. We also don't abort the
1958 * checking of toasted attributes collected from the tuple prior to
1959 * aborting. Those will still be checked later along with other toasted
1960 * attributes collected from the page.
1961 */
1962 ctx->offset = 0;
1963 for (ctx->attnum = 0; ctx->attnum < ctx->natts; ctx->attnum++)
1964 if (!check_tuple_attribute(ctx))
1965 break; /* cannot continue */
1966
1967 /* revert attnum to -1 until we again examine individual attributes */
1968 ctx->attnum = -1;
1969}
1970
1971/*
1972 * Convert a TransactionId into a FullTransactionId using our cached values of
1973 * the valid transaction ID range. It is the caller's responsibility to have
1974 * already updated the cached values, if necessary. This is akin to
1975 * FullTransactionIdFromAllowableAt(), but it tolerates corruption in the form
1976 * of an xid before epoch 0.
1977 */
1978static FullTransactionId
1979FullTransactionIdFromXidAndCtx(TransactionId xid, const HeapCheckContext *ctx)
1980{
1981 uint64 nextfxid_i;
1982 int32 diff;
1983 FullTransactionId fxid;
1984
1985 Assert(TransactionIdIsNormal(ctx->next_xid));
1986 Assert(FullTransactionIdIsNormal(ctx->next_fxid));
1987 Assert(XidFromFullTransactionId(ctx->next_fxid) == ctx->next_xid);
1988
1989 if (!TransactionIdIsNormal(xid))
1990 return FullTransactionIdFromEpochAndXid(0, xid);
1991
1992 nextfxid_i = U64FromFullTransactionId(ctx->next_fxid);
1993
1994 /* compute the 32bit modulo difference */
1995 diff = (int32) (ctx->next_xid - xid);
1996
1997 /*
1998 * In cases of corruption we might see a 32bit xid that is before epoch 0.
1999 * We can't represent that as a 64bit xid, due to 64bit xids being
2000 * unsigned integers, without the modulo arithmetic of 32bit xid. There's
2001 * no really nice way to deal with that, but it works ok enough to use
2002 * FirstNormalFullTransactionId in that case, as a freshly initdb'd
2003 * cluster already has a newer horizon.
2004 */
2005 if (diff > 0 && (nextfxid_i - FirstNormalTransactionId) < (int64) diff)
2006 {
2007 Assert(EpochFromFullTransactionId(ctx->next_fxid) == 0);
2008 fxid = FirstNormalFullTransactionId;
2009 }
2010 else
2011 fxid = FullTransactionIdFromU64(nextfxid_i - diff);
2012
2013 Assert(FullTransactionIdIsNormal(fxid));
2014 return fxid;
2015}
2016
2017/*
2018 * Update our cached range of valid transaction IDs.
2019 */
2020static void
2021update_cached_xid_range(HeapCheckContext *ctx)
2022{
2023 /* Make cached copies */
2024 LWLockAcquire(XidGenLock, LW_SHARED);
2025 ctx->next_fxid = TransamVariables->nextXid;
2026 ctx->oldest_xid = TransamVariables->oldestXid;
2027 LWLockRelease(XidGenLock);
2028
2029 /* And compute alternate versions of the same */
2030 ctx->next_xid = XidFromFullTransactionId(ctx->next_fxid);
2031 ctx->oldest_fxid = FullTransactionIdFromXidAndCtx(ctx->oldest_xid, ctx);
2032}
2033
2034/*
2035 * Update our cached range of valid multitransaction IDs.
2036 */
2037static void
2042
2043/*
2044 * Return whether the given FullTransactionId is within our cached valid
2045 * transaction ID range.
2046 */
2047static inline bool
2053
2054/*
2055 * Checks whether a multitransaction ID is in the cached valid range, returning
2056 * the nature of the range violation, if any.
2057 */
2058static XidBoundsViolation
2059check_mxid_in_range(MultiXactId mxid, HeapCheckContext *ctx)
2060{
2061 if (!TransactionIdIsValid(mxid))
2062 return XID_INVALID;
2063 if (MultiXactIdPrecedes(mxid, ctx->relminmxid))
2064 return XID_PRECEDES_RELMIN;
2065 if (MultiXactIdPrecedes(mxid, ctx->oldest_mxact))
2066 return XID_PRECEDES_CLUSTERMIN;
2067 if (MultiXactIdPrecedesOrEquals(ctx->next_mxact, mxid))
2068 return XID_IN_FUTURE;
2069 return XID_BOUNDS_OK;
2070}
2071
2072/*
2073 * Checks whether the given mxid is valid to appear in the heap being checked,
2074 * returning the nature of the range violation, if any.
2075 *
2076 * This function attempts to return quickly by caching the known valid mxid
2077 * range in ctx. Callers should already have performed the initial setup of
2078 * the cache prior to the first call to this function.
2079 */
2080static XidBoundsViolation
2081check_mxid_valid_in_rel(MultiXactId mxid, HeapCheckContext *ctx)
2082{
2083 XidBoundsViolation result;
2084
2085 result = check_mxid_in_range(mxid, ctx);
2086 if (result == XID_BOUNDS_OK)
2087 return XID_BOUNDS_OK;
2088
2089 /* The range may have advanced. Recheck. */
2090 update_cached_mxid_range(ctx);
2091 return check_mxid_in_range(mxid, ctx);
2092}
2093
2094/*
2095 * Checks whether the given transaction ID is (or was recently) valid to appear
2096 * in the heap being checked, or whether it is too old or too new to appear in
2097 * the relation, returning information about the nature of the bounds violation.
2098 *
2099 * We cache the range of valid transaction IDs. If xid is in that range, we
2100 * conclude that it is valid, even though concurrent changes to the table might
2101 * invalidate it under certain corrupt conditions. (For example, if the table
2102 * contains corrupt all-frozen bits, a concurrent vacuum might skip the page(s)
2103 * containing the xid and then truncate clog and advance the relfrozenxid
2104 * beyond xid.) Reporting the xid as valid under such conditions seems
2105 * acceptable, since if we had checked it earlier in our scan it would have
2106 * truly been valid at that time.
2107 *
2108 * If the status argument is not NULL, and if and only if the transaction ID
2109 * appears to be valid in this relation, the status argument will be set with
2110 * the commit status of the transaction ID.
2111 */
2112static XidBoundsViolation
2113get_xid_status(TransactionId xid, HeapCheckContext *ctx,
2114 XidCommitStatus *status)
2115{
2116 FullTransactionId fxid;
2117 FullTransactionId clog_horizon;
2118
2119 /* Quick check for special xids */
2120 if (!TransactionIdIsValid(xid))
2121 return XID_INVALID;
2122 else if (xid == BootstrapTransactionId || xid == FrozenTransactionId)
2123 {
2124 if (status != NULL)
2125 *status = XID_COMMITTED;
2126 return XID_BOUNDS_OK;
2127 }
2128
2129 /* Check if the xid is within bounds */
2130 fxid = FullTransactionIdFromXidAndCtx(xid, ctx);
2131 if (!fxid_in_cached_range(fxid, ctx))
2132 {
2133 /*
2134 * We may have been checking against stale values. Update the cached
2135 * range to be sure, and since we relied on the cached range when we
2136 * performed the full xid conversion, reconvert.
2137 */
2138 update_cached_xid_range(ctx);
2139 fxid = FullTransactionIdFromXidAndCtx(xid, ctx);
2140 }
2141
2142 if (FullTransactionIdPrecedesOrEquals(ctx->next_fxid, fxid))
2143 return XID_IN_FUTURE;
2144 if (FullTransactionIdPrecedes(fxid, ctx->oldest_fxid))
2145 return XID_PRECEDES_CLUSTERMIN;
2146 if (FullTransactionIdPrecedes(fxid, ctx->relfrozenfxid))
2147 return XID_PRECEDES_RELMIN;
2148
2149 /* Early return if the caller does not request clog checking */
2150 if (status == NULL)
2151 return XID_BOUNDS_OK;
2152
2153 /* Early return if we just checked this xid in a prior call */
2154 if (xid == ctx->cached_xid)
2155 {
2156 *status = ctx->cached_status;
2157 return XID_BOUNDS_OK;
2158 }
2159
2160 *status = XID_COMMITTED;
2161 LWLockAcquire(XactTruncationLock, LW_SHARED);
2162 clog_horizon =
2163 FullTransactionIdFromXidAndCtx(TransamVariables->oldestClogXid,
2164 ctx);
2165 if (FullTransactionIdPrecedesOrEquals(clog_horizon, fxid))
2166 {
2167 if (TransactionIdIsCurrentTransactionId(xid))
2168 *status = XID_IS_CURRENT_XID;
2169 else if (TransactionIdIsInProgress(xid))
2170 *status = XID_IN_PROGRESS;
2171 else if (TransactionIdDidCommit(xid))
2172 *status = XID_COMMITTED;
2173 else
2174 *status = XID_ABORTED;
2175 }
2176 LWLockRelease(XactTruncationLock);
2177 ctx->cached_xid = xid;
2178 ctx->cached_status = *status;
2179 return XID_BOUNDS_OK;
2180}
AttrNumber
int16 AttrNumber
Definition attnum.h:21
BlockNumber
uint32 BlockNumber
Definition block.h:31
InvalidBlockNumber
#define InvalidBlockNumber
Definition block.h:33
values
static Datum values[MAXATTR]
Definition bootstrap.c:188
Buffer
int Buffer
Definition buf.h:23
InvalidBuffer
#define InvalidBuffer
Definition buf.h:25
BufferGetBlockNumber
BlockNumber BufferGetBlockNumber(Buffer buffer)
Definition bufmgr.c:4426
ReleaseBuffer
void ReleaseBuffer(Buffer buffer)
Definition bufmgr.c:5566
UnlockReleaseBuffer
void UnlockReleaseBuffer(Buffer buffer)
Definition bufmgr.c:5583
BAS_BULKREAD
@ BAS_BULKREAD
Definition bufmgr.h:37
RelationGetNumberOfBlocks
#define RelationGetNumberOfBlocks(reln)
Definition bufmgr.h:309
BufferGetPage
static Page BufferGetPage(Buffer buffer)
Definition bufmgr.h:472
BUFFER_LOCK_SHARE
@ BUFFER_LOCK_SHARE
Definition bufmgr.h:212
LockBuffer
static void LockBuffer(Buffer buffer, BufferLockMode mode)
Definition bufmgr.h:334
BufferIsValid
static bool BufferIsValid(Buffer bufnum)
Definition bufmgr.h:423
PageGetItemId
static ItemId PageGetItemId(Page page, OffsetNumber offsetNumber)
Definition bufpage.h:269
PageGetItem
static void * PageGetItem(PageData *page, const ItemIdData *itemId)
Definition bufpage.h:379
Page
PageData * Page
Definition bufpage.h:81
PageGetMaxOffsetNumber
static OffsetNumber PageGetMaxOffsetNumber(const PageData *page)
Definition bufpage.h:397
CStringGetTextDatum
#define CStringGetTextDatum(s)
Definition builtins.h:98
MAXALIGN
#define MAXALIGN(LEN)
Definition c.h:898
uint8
uint8_t uint8
Definition c.h:616
VARHDRSZ
#define VARHDRSZ
Definition c.h:783
Assert
#define Assert(condition)
Definition c.h:945
int64
int64_t int64
Definition c.h:615
MultiXactId
TransactionId MultiXactId
Definition c.h:748
int32
int32_t int32
Definition c.h:614
uint64
uint64_t uint64
Definition c.h:619
uint16
uint16_t uint16
Definition c.h:617
uint32
uint32_t uint32
Definition c.h:618
Pointer
void * Pointer
Definition c.h:609
TransactionId
uint32 TransactionId
Definition c.h:738
VARATT_EXTERNAL_GET_POINTER
#define VARATT_EXTERNAL_GET_POINTER(toast_pointer, attr)
Definition detoast.h:22
errcode
int errcode(int sqlerrcode)
Definition elog.c:874
errhint
int errhint(const char *fmt,...) pg_attribute_printf(1
DEBUG1
#define DEBUG1
Definition elog.h:30
ERROR
#define ERROR
Definition elog.h:39
ereport
#define ereport(elevel,...)
Definition elog.h:150
palloc0_object
#define palloc0_object(type)
Definition fe_memutils.h:75
PG_GETARG_OID
#define PG_GETARG_OID(n)
Definition fmgr.h:275
PG_GETARG_TEXT_PP
#define PG_GETARG_TEXT_PP(n)
Definition fmgr.h:310
PG_ARGISNULL
#define PG_ARGISNULL(n)
Definition fmgr.h:209
PG_RETURN_NULL
#define PG_RETURN_NULL()
Definition fmgr.h:346
PG_GETARG_INT64
#define PG_GETARG_INT64(n)
Definition fmgr.h:284
PG_FUNCTION_INFO_V1
#define PG_FUNCTION_INFO_V1(funcname)
Definition fmgr.h:417
PG_GETARG_BOOL
#define PG_GETARG_BOOL(n)
Definition fmgr.h:274
PG_FUNCTION_ARGS
#define PG_FUNCTION_ARGS
Definition fmgr.h:193
GetAccessStrategy
BufferAccessStrategy GetAccessStrategy(BufferAccessStrategyType btype)
Definition freelist.c:461
InitMaterializedSRF
void InitMaterializedSRF(FunctionCallInfo fcinfo, bits32 flags)
Definition funcapi.c:76
systable_beginscan_ordered
SysScanDesc systable_beginscan_ordered(Relation heapRelation, Relation indexRelation, Snapshot snapshot, int nkeys, ScanKey key)
Definition genam.c:650
systable_endscan_ordered
void systable_endscan_ordered(SysScanDesc sysscan)
Definition genam.c:757
systable_getnext_ordered
HeapTuple systable_getnext_ordered(SysScanDesc sysscan, ScanDirection direction)
Definition genam.c:732
HeapTupleGetUpdateXid
TransactionId HeapTupleGetUpdateXid(const HeapTupleHeaderData *tup)
Definition heapam.c:7677
TOAST_MAX_CHUNK_SIZE
#define TOAST_MAX_CHUNK_SIZE
Definition heaptoast.h:84
heap_form_tuple
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, const Datum *values, const bool *isnull)
Definition heaptuple.c:1037
HeapTupleHeader
HeapTupleHeaderData * HeapTupleHeader
Definition htup.h:23
HEAP_MOVED_OFF
#define HEAP_MOVED_OFF
Definition htup_details.h:211
HeapTupleHeaderGetNatts
#define HeapTupleHeaderGetNatts(tup)
Definition htup_details.h:563
SizeofHeapTupleHeader
#define SizeofHeapTupleHeader
Definition htup_details.h:185
HEAP_HOT_UPDATED
#define HEAP_HOT_UPDATED
Definition htup_details.h:290
HEAP_HASNULL
#define HEAP_HASNULL
Definition htup_details.h:190
HEAP_XMAX_IS_LOCKED_ONLY
static bool HEAP_XMAX_IS_LOCKED_ONLY(uint16 infomask)
Definition htup_details.h:226
BITMAPLEN
static int BITMAPLEN(int NATTS)
Definition htup_details.h:580
HeapTupleHeaderXminInvalid
static bool HeapTupleHeaderXminInvalid(const HeapTupleHeaderData *tup)
Definition htup_details.h:343
HeapTupleHeaderGetXvac
static TransactionId HeapTupleHeaderGetXvac(const HeapTupleHeaderData *tup)
Definition htup_details.h:428
HEAP_MOVED_IN
#define HEAP_MOVED_IN
Definition htup_details.h:212
HeapTupleHeaderGetRawXmax
static TransactionId HeapTupleHeaderGetRawXmax(const HeapTupleHeaderData *tup)
Definition htup_details.h:363
HeapTupleHeaderIsHeapOnly
static bool HeapTupleHeaderIsHeapOnly(const HeapTupleHeaderData *tup)
Definition htup_details.h:541
HEAP_XMAX_IS_MULTI
#define HEAP_XMAX_IS_MULTI
Definition htup_details.h:209
HEAP_XMAX_COMMITTED
#define HEAP_XMAX_COMMITTED
Definition htup_details.h:207
HeapTupleHeaderGetXmin
static TransactionId HeapTupleHeaderGetXmin(const HeapTupleHeaderData *tup)
Definition htup_details.h:324
HEAP_HASEXTERNAL
#define HEAP_HASEXTERNAL
Definition htup_details.h:192
HeapTupleHeaderIsHotUpdated
static bool HeapTupleHeaderIsHotUpdated(const HeapTupleHeaderData *tup)
Definition htup_details.h:520
HEAP_XMAX_INVALID
#define HEAP_XMAX_INVALID
Definition htup_details.h:208
HeapTupleHeaderGetUpdateXid
static TransactionId HeapTupleHeaderGetUpdateXid(const HeapTupleHeaderData *tup)
Definition htup_details.h:383
HEAP_UPDATED
#define HEAP_UPDATED
Definition htup_details.h:210
fastgetattr
static Datum fastgetattr(HeapTuple tup, int attnum, TupleDesc tupleDesc, bool *isnull)
Definition htup_details.h:847
HeapTupleHeaderXminCommitted
static bool HeapTupleHeaderXminCommitted(const HeapTupleHeaderData *tup)
Definition htup_details.h:337
i
int i
Definition isn.c:77
ItemIdGetLength
#define ItemIdGetLength(itemId)
Definition itemid.h:59
ItemIdIsNormal
#define ItemIdIsNormal(itemId)
Definition itemid.h:99
ItemIdGetOffset
#define ItemIdGetOffset(itemId)
Definition itemid.h:65
ItemIdGetRedirect
#define ItemIdGetRedirect(itemId)
Definition itemid.h:78
ItemIdIsDead
#define ItemIdIsDead(itemId)
Definition itemid.h:113
ItemIdIsUsed
#define ItemIdIsUsed(itemId)
Definition itemid.h:92
ItemIdIsRedirected
#define ItemIdIsRedirected(itemId)
Definition itemid.h:106
ItemPointerGetOffsetNumber
static OffsetNumber ItemPointerGetOffsetNumber(const ItemPointerData *pointer)
Definition itemptr.h:124
ItemPointerGetBlockNumber
static BlockNumber ItemPointerGetBlockNumber(const ItemPointerData *pointer)
Definition itemptr.h:103
lappend
List * lappend(List *list, void *datum)
Definition list.c:339
list_free_deep
void list_free_deep(List *list)
Definition list.c:1560
AccessShareLock
#define AccessShareLock
Definition lockdefs.h:36
LWLockAcquire
bool LWLockAcquire(LWLock *lock, LWLockMode mode)
Definition lwlock.c:1153
LWLockRelease
void LWLockRelease(LWLock *lock)
Definition lwlock.c:1770
LW_SHARED
@ LW_SHARED
Definition lwlock.h:105
pstrdup
char * pstrdup(const char *in)
Definition mcxt.c:1781
pfree
void pfree(void *pointer)
Definition mcxt.c:1616
CHECK_FOR_INTERRUPTS
#define CHECK_FOR_INTERRUPTS()
Definition miscadmin.h:123
ReadMultiXactIdRange
void ReadMultiXactIdRange(MultiXactId *oldest, MultiXactId *next)
Definition multixact.c:685
MultiXactIdPrecedes
bool MultiXactIdPrecedes(MultiXactId multi1, MultiXactId multi2)
Definition multixact.c:2857
MultiXactIdPrecedesOrEquals
bool MultiXactIdPrecedesOrEquals(MultiXactId multi1, MultiXactId multi2)
Definition multixact.c:2871
errmsg
static char * errmsg
Definition oauth_hook_client.c:61
InvalidOffsetNumber
#define InvalidOffsetNumber
Definition off.h:26
OffsetNumberNext
#define OffsetNumberNext(offsetNumber)
Definition off.h:52
OffsetNumber
uint16 OffsetNumber
Definition off.h:24
FirstOffsetNumber
#define FirstOffsetNumber
Definition off.h:27
MaxOffsetNumber
#define MaxOffsetNumber
Definition off.h:28
pg_am.h
attnum
int16 attnum
Definition pg_attribute.h:76
skip
static const struct exclude_list_item skip[]
Definition pg_checksums.c:108
errdetail_relkind_not_supported
int errdetail_relkind_not_supported(char relkind)
Definition pg_class.c:24
pg_class.h
lfirst
#define lfirst(lc)
Definition pg_list.h:172
NIL
#define NIL
Definition pg_list.h:68
pg_strcasecmp
int pg_strcasecmp(const char *s1, const char *s2)
Definition pgstrcasecmp.c:32
Int64GetDatum
static Datum Int64GetDatum(int64 X)
Definition postgres.h:413
ObjectIdGetDatum
static Datum ObjectIdGetDatum(Oid X)
Definition postgres.h:252
Datum
uint64_t Datum
Definition postgres.h:70
DatumGetPointer
static Pointer DatumGetPointer(Datum X)
Definition postgres.h:332
Int32GetDatum
static Datum Int32GetDatum(int32 X)
Definition postgres.h:212
DatumGetInt32
static int32 DatumGetInt32(Datum X)
Definition postgres.h:202
Oid
unsigned int Oid
Definition postgres_ext.h:32
fb
static int fb(int x)
Definition preproc-init.c:92
TransactionIdIsInProgress
bool TransactionIdIsInProgress(TransactionId xid)
Definition procarray.c:1401
psprintf
char * psprintf(const char *fmt,...)
Definition psprintf.c:43
read_stream_next_buffer
Buffer read_stream_next_buffer(ReadStream *stream, void **per_buffer_data)
Definition read_stream.c:793
read_stream_begin_relation
ReadStream * read_stream_begin_relation(int flags, BufferAccessStrategy strategy, Relation rel, ForkNumber forknum, ReadStreamBlockNumberCB callback, void *callback_private_data, size_t per_buffer_data_size)
Definition read_stream.c:739
read_stream_end
void read_stream_end(ReadStream *stream)
Definition read_stream.c:1116
block_range_read_stream_cb
BlockNumber block_range_read_stream_cb(ReadStream *stream, void *callback_private_data, void *per_buffer_data)
Definition read_stream.c:163
read_stream.h
READ_STREAM_USE_BATCHING
#define READ_STREAM_USE_BATCHING
Definition read_stream.h:64
ReadStreamBlockNumberCB
BlockNumber(* ReadStreamBlockNumberCB)(ReadStream *stream, void *callback_private_data, void *per_buffer_data)
Definition read_stream.h:77
READ_STREAM_FULL
#define READ_STREAM_FULL
Definition read_stream.h:43
READ_STREAM_DEFAULT
#define READ_STREAM_DEFAULT
Definition read_stream.h:21
READ_STREAM_SEQUENTIAL
#define READ_STREAM_SEQUENTIAL
Definition read_stream.h:36
RelationGetDescr
#define RelationGetDescr(relation)
Definition rel.h:540
RelationGetRelationName
#define RelationGetRelationName(relation)
Definition rel.h:548
MAIN_FORKNUM
@ MAIN_FORKNUM
Definition relpath.h:58
ScanKeyInit
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition scankey.c:76
ForwardScanDirection
@ ForwardScanDirection
Definition sdir.h:28
GetTransactionSnapshot
Snapshot GetTransactionSnapshot(void)
Definition snapmgr.c:272
relation_close
void relation_close(Relation relation, LOCKMODE lockmode)
Definition relation.c:206
relation_open
Relation relation_open(Oid relationId, LOCKMODE lockmode)
Definition relation.c:48
BTEqualStrategyNumber
#define BTEqualStrategyNumber
Definition stratnum.h:31
HeapCheckContext::tupstore
Tuplestorestate * tupstore
Definition verify_heapam.c:159
HeapCheckContext::relminmxid
TransactionId relminmxid
Definition verify_heapam.c:118
HeapCheckContext::oldest_fxid
FullTransactionId oldest_fxid
Definition verify_heapam.c:97
HeapCheckContext::toast_indexes
Relation * toast_indexes
Definition verify_heapam.c:120
HeapCheckContext::bstrategy
BufferAccessStrategy bstrategy
Definition verify_heapam.c:129
HeapCheckContext::relfrozenxid
TransactionId relfrozenxid
Definition verify_heapam.c:116
HeapCheckContext::cached_xid
TransactionId cached_xid
Definition verify_heapam.c:111
HeapCheckContext::next_fxid
FullTransactionId next_fxid
Definition verify_heapam.c:94
HeapCheckContext::blkno
BlockNumber blkno
Definition verify_heapam.c:128
HeapCheckContext::next_mxact
MultiXactId next_mxact
Definition verify_heapam.c:105
HeapCheckContext::relfrozenfxid
FullTransactionId relfrozenfxid
Definition verify_heapam.c:117
HeapCheckContext::valid_toast_index
Relation valid_toast_index
Definition verify_heapam.c:121
HeapCheckContext::cached_status
XidCommitStatus cached_status
Definition verify_heapam.c:112
HeapCheckContext::safe_xmin
TransactionId safe_xmin
Definition verify_heapam.c:99
HeapCheckContext::offnum
OffsetNumber offnum
Definition verify_heapam.c:134
HeapCheckContext::next_xid
TransactionId next_xid
Definition verify_heapam.c:95
HeapCheckContext::tuphdr
HeapTupleHeader tuphdr
Definition verify_heapam.c:138
HeapCheckContext::oldest_xid
TransactionId oldest_xid
Definition verify_heapam.c:96
HeapCheckContext::oldest_mxact
MultiXactId oldest_mxact
Definition verify_heapam.c:106
HeapCheckReadStreamData::range
BlockRangeReadStreamPrivate range
Definition verify_heapam.c:176
HeapTupleHeaderData::t_bits
bits8 t_bits[FLEXIBLE_ARRAY_MEMBER]
Definition htup_details.h:178
List
Definition pg_list.h:54
RelationData::rd_att
TupleDesc rd_att
Definition rel.h:112
RelationData::rd_rel
Form_pg_class rd_rel
Definition rel.h:111
ReturnSetInfo::setDesc
TupleDesc setDesc
Definition execnodes.h:375
ReturnSetInfo::setResult
Tuplestorestate * setResult
Definition execnodes.h:374
SnapshotData::xmin
TransactionId xmin
Definition snapshot.h:153
ToastedAttribute::attnum
AttrNumber attnum
Definition verify_heapam.c:81
ToastedAttribute::offnum
OffsetNumber offnum
Definition verify_heapam.c:80
ToastedAttribute::blkno
BlockNumber blkno
Definition verify_heapam.c:79
ToastedAttribute::toast_pointer
varatt_external toast_pointer
Definition verify_heapam.c:78
TransamVariablesData::nextXid
FullTransactionId nextXid
Definition transam.h:220
TransamVariablesData::oldestClogXid
TransactionId oldestClogXid
Definition transam.h:253
TransamVariablesData::oldestXid
TransactionId oldestXid
Definition transam.h:222
varatt_external
Definition varatt.h:33
varatt_external::va_rawsize
int32 va_rawsize
Definition varatt.h:34
varatt_external::va_valueid
Oid va_valueid
Definition varatt.h:37
varlena
Definition c.h:778
table_close
void table_close(Relation relation, LOCKMODE lockmode)
Definition table.c:126
table_open
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition table.c:40
ToastCompressionId
ToastCompressionId
Definition toast_compression.h:38
TOAST_INVALID_COMPRESSION_ID
@ TOAST_INVALID_COMPRESSION_ID
Definition toast_compression.h:41
TOAST_LZ4_COMPRESSION_ID
@ TOAST_LZ4_COMPRESSION_ID
Definition toast_compression.h:40
TOAST_PGLZ_COMPRESSION_ID
@ TOAST_PGLZ_COMPRESSION_ID
Definition toast_compression.h:39
toast_close_indexes
void toast_close_indexes(Relation *toastidxs, int num_indexes, LOCKMODE lock)
Definition toast_internals.c:612
toast_open_indexes
int toast_open_indexes(Relation toastrel, LOCKMODE lock, Relation **toastidxs, int *num_indexes)
Definition toast_internals.c:553
get_toast_snapshot
Snapshot get_toast_snapshot(void)
Definition toast_internals.c:629
toast_internals.h
TOAST_COMPRESS_METHOD
#define TOAST_COMPRESS_METHOD(ptr)
Definition toast_internals.h:36
TransactionIdDidCommit
bool TransactionIdDidCommit(TransactionId transactionId)
Definition transam.c:126
FullTransactionIdIsNormal
#define FullTransactionIdIsNormal(x)
Definition transam.h:58
FrozenTransactionId
#define FrozenTransactionId
Definition transam.h:33
InvalidTransactionId
#define InvalidTransactionId
Definition transam.h:31
FullTransactionIdPrecedesOrEquals
#define FullTransactionIdPrecedesOrEquals(a, b)
Definition transam.h:52
EpochFromFullTransactionId
#define EpochFromFullTransactionId(x)
Definition transam.h:47
U64FromFullTransactionId
#define U64FromFullTransactionId(x)
Definition transam.h:49
FullTransactionIdFromU64
static FullTransactionId FullTransactionIdFromU64(uint64 value)
Definition transam.h:81
TransactionIdEquals
#define TransactionIdEquals(id1, id2)
Definition transam.h:43
BootstrapTransactionId
#define BootstrapTransactionId
Definition transam.h:32
XidFromFullTransactionId
#define XidFromFullTransactionId(x)
Definition transam.h:48
FirstNormalTransactionId
#define FirstNormalTransactionId
Definition transam.h:34
TransactionIdIsValid
#define TransactionIdIsValid(xid)
Definition transam.h:41
FullTransactionIdFromEpochAndXid
static FullTransactionId FullTransactionIdFromEpochAndXid(uint32 epoch, TransactionId xid)
Definition transam.h:71
TransactionIdIsNormal
#define TransactionIdIsNormal(xid)
Definition transam.h:42
FirstNormalFullTransactionId
#define FirstNormalFullTransactionId
Definition transam.h:57
FullTransactionIdPrecedes
#define FullTransactionIdPrecedes(a, b)
Definition transam.h:51
TransactionIdPrecedes
static bool TransactionIdPrecedes(TransactionId id1, TransactionId id2)
Definition transam.h:263
TupleDescCompactAttr
static CompactAttribute * TupleDescCompactAttr(TupleDesc tupdesc, int i)
Definition tupdesc.h:195
tuplestore_puttuple
void tuplestore_puttuple(Tuplestorestate *state, HeapTuple tuple)
Definition tuplestore.c:765
att_nominal_alignby
#define att_nominal_alignby(cur_offset, attalignby)
Definition tupmacs.h:411
att_isnull
static bool att_isnull(int ATT, const bits8 *BITS)
Definition tupmacs.h:28
att_addlength_pointer
#define att_addlength_pointer(cur_offset, attlen, attptr)
Definition tupmacs.h:431
att_pointer_alignby
#define att_pointer_alignby(cur_offset, attalignby, attlen, attptr)
Definition tupmacs.h:383
fetchatt
#define fetchatt(A, T)
Definition tupmacs.h:102
varattrib_4b
Definition varatt.h:127
VARHDRSZ_SHORT
#define VARHDRSZ_SHORT
Definition varatt.h:278
VARATT_IS_SHORT
static bool VARATT_IS_SHORT(const void *PTR)
Definition varatt.h:403
VARATT_IS_EXTENDED
static bool VARATT_IS_EXTENDED(const void *PTR)
Definition varatt.h:410
VARATT_IS_EXTERNAL
static bool VARATT_IS_EXTERNAL(const void *PTR)
Definition varatt.h:354
VARSIZE
static Size VARSIZE(const void *PTR)
Definition varatt.h:298
VARTAG_EXTERNAL
static vartag_external VARTAG_EXTERNAL(const void *PTR)
Definition varatt.h:326
VARATT_EXTERNAL_GET_EXTSIZE
static Size VARATT_EXTERNAL_GET_EXTSIZE(varatt_external toast_pointer)
Definition varatt.h:507
VARTAG_ONDISK
@ VARTAG_ONDISK
Definition varatt.h:89
VARATT_EXTERNAL_IS_COMPRESSED
static bool VARATT_EXTERNAL_IS_COMPRESSED(varatt_external toast_pointer)
Definition varatt.h:536
VARSIZE_SHORT
static Size VARSIZE_SHORT(const void *PTR)
Definition varatt.h:312
text_to_cstring
char * text_to_cstring(const text *t)
Definition varlena.c:217
TransamVariables
TransamVariablesData * TransamVariables
Definition varsup.c:34
check_mxid_valid_in_rel
static XidBoundsViolation check_mxid_valid_in_rel(MultiXactId mxid, HeapCheckContext *ctx)
Definition verify_heapam.c:2081
check_toasted_attribute
static void check_toasted_attribute(HeapCheckContext *ctx, ToastedAttribute *ta)
Definition verify_heapam.c:1862
VARLENA_SIZE_LIMIT
#define VARLENA_SIZE_LIMIT
Definition verify_heapam.c:41
get_xid_status
static XidBoundsViolation get_xid_status(TransactionId xid, HeapCheckContext *ctx, XidCommitStatus *status)
Definition verify_heapam.c:2113
XidCommitStatus
XidCommitStatus
Definition verify_heapam.c:57
XID_IS_CURRENT_XID
@ XID_IS_CURRENT_XID
Definition verify_heapam.c:59
XID_IN_PROGRESS
@ XID_IN_PROGRESS
Definition verify_heapam.c:60
XID_COMMITTED
@ XID_COMMITTED
Definition verify_heapam.c:58
XID_ABORTED
@ XID_ABORTED
Definition verify_heapam.c:61
XidBoundsViolation
XidBoundsViolation
Definition verify_heapam.c:48
XID_IN_FUTURE
@ XID_IN_FUTURE
Definition verify_heapam.c:50
XID_PRECEDES_CLUSTERMIN
@ XID_PRECEDES_CLUSTERMIN
Definition verify_heapam.c:51
XID_INVALID
@ XID_INVALID
Definition verify_heapam.c:49
XID_PRECEDES_RELMIN
@ XID_PRECEDES_RELMIN
Definition verify_heapam.c:52
XID_BOUNDS_OK
@ XID_BOUNDS_OK
Definition verify_heapam.c:53
report_corruption_internal
static void report_corruption_internal(Tuplestorestate *tupstore, TupleDesc tupdesc, BlockNumber blkno, OffsetNumber offnum, AttrNumber attnum, char *msg)
Definition verify_heapam.c:917
check_tuple_visibility
static bool check_tuple_visibility(HeapCheckContext *ctx, bool *xmin_commit_status_ok, XidCommitStatus *xmin_commit_status)
Definition verify_heapam.c:1114
HEAPCHECK_RELATION_COLS
#define HEAPCHECK_RELATION_COLS
Definition verify_heapam.c:38
check_toast_tuple
static void check_toast_tuple(HeapTuple toasttup, HeapCheckContext *ctx, ToastedAttribute *ta, int32 *expected_chunk_seq, uint32 extsize)
Definition verify_heapam.c:1556
fxid_in_cached_range
static bool fxid_in_cached_range(FullTransactionId fxid, const HeapCheckContext *ctx)
Definition verify_heapam.c:2048
check_mxid_in_range
static XidBoundsViolation check_mxid_in_range(MultiXactId mxid, HeapCheckContext *ctx)
Definition verify_heapam.c:2059
update_cached_mxid_range
static void update_cached_mxid_range(HeapCheckContext *ctx)
Definition verify_heapam.c:2038
update_cached_xid_range
static void update_cached_xid_range(HeapCheckContext *ctx)
Definition verify_heapam.c:2021
SkipPages
SkipPages
Definition verify_heapam.c:65
SKIP_PAGES_ALL_VISIBLE
@ SKIP_PAGES_ALL_VISIBLE
Definition verify_heapam.c:67
SKIP_PAGES_ALL_FROZEN
@ SKIP_PAGES_ALL_FROZEN
Definition verify_heapam.c:66
SKIP_PAGES_NONE
@ SKIP_PAGES_NONE
Definition verify_heapam.c:68
FullTransactionIdFromXidAndCtx
static FullTransactionId FullTransactionIdFromXidAndCtx(TransactionId xid, const HeapCheckContext *ctx)
Definition verify_heapam.c:1979
check_tuple
static void check_tuple(HeapCheckContext *ctx, bool *xmin_commit_status_ok, XidCommitStatus *xmin_commit_status)
Definition verify_heapam.c:1920
check_tuple_header
static bool check_tuple_header(HeapCheckContext *ctx)
Definition verify_heapam.c:1001
report_toast_corruption
static void report_toast_corruption(HeapCheckContext *ctx, ToastedAttribute *ta, char *msg)
Definition verify_heapam.c:969
check_tuple_attribute
static bool check_tuple_attribute(HeapCheckContext *ctx)
Definition verify_heapam.c:1662
report_corruption
static void report_corruption(HeapCheckContext *ctx, char *msg)
Definition verify_heapam.c:953
heapcheck_read_stream_next_unskippable
static BlockNumber heapcheck_read_stream_next_unskippable(ReadStream *stream, void *callback_private_data, void *per_buffer_data)
Definition verify_heapam.c:883
verify_heapam
Datum verify_heapam(PG_FUNCTION_ARGS)
Definition verify_heapam.c:252
visibilitymap_get_status
uint8 visibilitymap_get_status(Relation rel, BlockNumber heapBlk, Buffer *vmbuf)
Definition visibilitymap.c:319
VISIBILITYMAP_ALL_FROZEN
#define VISIBILITYMAP_ALL_FROZEN
Definition visibilitymapdefs.h:21
VISIBILITYMAP_ALL_VISIBLE
#define VISIBILITYMAP_ALL_VISIBLE
Definition visibilitymapdefs.h:20
TransactionIdIsCurrentTransactionId
bool TransactionIdIsCurrentTransactionId(TransactionId xid)
Definition xact.c:943
RecoveryInProgress
bool RecoveryInProgress(void)
Definition xlog.c:6444