git.postgresql.org Git - postgresql.git/log

Check get_tle_by_resno() result before deref

When creating a sort to support a group by, we need to look up the
target entry in the target list by the resno using get_tle_by_resno().
This particular code-path didn't check the result prior to attempting
to dereference it, while all other callers did. While I can't see a
way for this usage of get_tle_by_resno() to fail (you can't ask for
a column to be sorted on which isn't included in the group by), it's
probably best to check that we didn't end up with a NULL somehow
anyway than risk the segfault.

I'm willing to back-patch this if others feel it's necessary, but my
guess is new features are what might tickle this rather than anything
existing.

Missing check spotted by the Coverity scanner.

Tab completion for \lo_import

Josh Kupershmidt

Assert that syscache lookups don't happen outside transactions.

Andres Freund

Regression tests for LOCK TABLE.

Robins Tharakan, reviewed by Szymon Guz, substantially revised by me.

vacuumlo: Use a cursor to limit client-side memory usage.

This prevents the client from gobbling up too much memory when the
number of large objects to be removed is very large.

Andrew Dunstan, reviewed by Josh Kupershmidt

Correct off-by-one when reading from pipe

In pg_basebackup.c:reached_end_position(), we're reading from an
internal pipe with our own background process but we're possibly
reading more bytes than will actually fit into our buffer due to
an off-by-one error. As we're reading from an internal pipe
there's no real risk here, but it's good form to not depend on
such convenient arrangements.

Bug spotted by the Coverity scanner.

Back-patch to 9.2 where this showed up.

Check version before allocating PQExpBuffer

In pg_dump.c:getEventTriggers, check what major version we are on
before calling createPQExpBuffer() to avoid leaking that bit of
memory.

Leak discovered by the Coverity scanner.

Back-patch to 9.3 where support for dumping event triggers was
added.

Document the OVER keyword as being unreserved.

It became so in commit 5893ffa79c03824f34ae3d37f211381fd1c17283.

David Fetter, extracted from a larger patch.

Fix resource leak in initdb -X option

When creating the symlink for the xlog directory, free the string
which stores the link location. Not really an issue but it doesn't
hurt to be good about this- prior cleanups have fixed similar
issues.

Leak found by the Coverity scanner.

Not back-patching as I don't see it being worth the code churn.

Be sure to close() file descriptor on error case

In receivelog.c:writeTimeLineHistoryFile(), we were not properly
closing the open'd file descriptor in error cases. While this
wouldn't matter much if we were about to exit due to such an
error, that's not the case with pg_receivexlog as it can be a
long-running process and these errors are non-fatal.

This resource leak was found by the Coverity scanner.

Back-patch to 9.3 where this issue first appeared.

Ensure 64bit arithmetic when calculating tapeSpace

In tuplesort.c:inittapes(), we calculate tapeSpace by first figuring
out how many 'tapes' we can use (maxTapes) and then multiplying the
result by the tape buffer overhead for each. Unfortunately, when
we are on a system with an 8-byte long, we allow work_mem to be
larger than 2GB and that allows maxTapes to be large enough that the
32bit arithmetic can overflow when multiplied against the buffer
overhead.

When this overflow happens, we end up adding the overflow to the
amount of space available, causing the amount of memory allocated to
be larger than work_mem.

Note that to reach this point, you have to set work mem to at least
24GB and be sorting a set which is at least that size. Given that a
user who can set work_mem to 24GB could also set it even higher, if
they were looking to run the system out of memory, this isn't
considered a security issue.

This overflow risk was found by the Coverity scanner.

Back-patch to all supported branches, as this issue has existed
since before 8.4.

pg_isready: Message improvement

pg_receivexlog - Exit on failure to parse

In streamutil.c:GetConnection(), upgrade failure to parse the
connection string to an exit(1) instead of simply returning NULL.
Most callers already immediately exited, but pg_receivexlog would
loop on this case, continually trying to re-parse the connection
string (which can't be changed after pg_receivexlog has started).

GetConnection() was already expected to exit(1) in some cases
(eg: failure to allocate memory or if unable to determine the
integer_datetimes flag), so this change shouldn't surprise anyone.

Began looking at this due to the Coverity scanner complaining that
we were leaking err_msg in this case- no longer an issue since we
just exit(1) immediately.

During parallel pg_dump, free commands from master

The command strings read by the child processes during parallel
pg_dump, after being read and handled, were not being free'd.
This patch corrects this relatively minor memory leak.

Leak found by the Coverity scanner.

Back patch to 9.3 where parallel pg_dump was introduced.

Add session_preload_libraries configuration parameter

This is like shared_preload_libraries except that it takes effect at
backend start and can be changed without a full postmaster restart.  It
is like local_preload_libraries except that it is still only settable by
a superuser.  This can be a better way to load modules such as
auto_explain.

Since there are now three preload parameters, regroup the documentation
a bit.  Put all parameters into one section, explain common
functionality only once, update the descriptions to reflect current and
future realities.

Reviewed-by: Dimitri Fontaine <dimitri@2ndQuadrant.fr>

Switch user ID to the object owner when populating a materialized view.

This makes superuser-issued REFRESH MATERIALIZED VIEW safe regardless of
the object's provenance.  REINDEX is an earlier example of this pattern.
As a downside, functions called from materialized views must tolerate
running in a security-restricted operation.  CREATE MATERIALIZED VIEW
need not change user ID.  Nonetheless, avoid creation of materialized
views that will invariably fail REFRESH by making it, too, start a
security-restricted operation.

Back-patch to 9.3 so materialized views have this from the beginning.

Reviewed by Kevin Grittner.

Make comments reflect that omission of SPI_gettypmod() is intentional.

pg_dump: Formatting cleanup of new messages

pg_upgrade: document possible pg_hba.conf options
Previously, pg_upgrade docs recommended using .pgpass if using MD5
authentication to avoid being prompted for a password. Turns out pg_ctl
never prompts for a password, so MD5 requires .pgpass --- document that.
Also recommend 'peer' for authentication too.
Backpatch back to 9.1.

doc: Replace link to pgFouine with pgBadger

From: Ian Lawrence Barwick <barwick@gmail.com>

Add coverage/ to .gitignore

Fix lack of message pluralization

Fix memory barrier support on icc on ia64, 2nd attempt.

Itanium doesn't have the mfence instruction - that's a 386 thing. Use the
"mf" instruction instead.

This reverts the previous commit to add "#include <emmintrinsic.h>"; the
problem was not with a missing #include.

Add #include needed for _mm_mfence() intrinsic on ia64.

Hopefully this fixes the build failure on buildfarm member dugong.

Fix bool abuse

path_encode's "closed" argument used to take three values: TRUE, FALSE,
or -1, while being of type bool. Replace that with a three-valued enum
for more clarity.

Fix mention of htup.h in pageinspect docs

It's htup_details.h now.

Jeff Janes

Fix Windows build.

Was broken by my xloginsert scaling patch. XLogCtl global variable needs
to be initialized in each process, as it's not inherited by fork() on
Windows.

Fix pg_test_fsync, broken by xloginsert scaling patch.

I didn't realize that ALIGNOF_XLOG_BUFFER was used in pg_test_fsync.

Improve scalability of WAL insertions.

This patch replaces WALInsertLock with a number of WAL insertion slots,
allowing multiple backends to insert WAL records to the WAL buffers
concurrently. This is particularly useful for parallel loading large amounts
of data on a system with many CPUs.

This has one user-visible change: switching to a new WAL segment with
pg_switch_xlog() now fills the remaining unused portion of the segment with
zeros. This potentially adds some overhead, but it has been a very common
practice by DBA's to clear the "tail" of the segment with an external
pg_clearxlogtail utility anyway, to make the WAL files compress better.
With this patch, it's no longer necessary to do that.

This patch adds a new GUC, xloginsert_slots, to tune the number of WAL
insertion slots. Performance testing suggests that the default, 8, works
pretty well for all kinds of worklods, but I left the GUC in place to allow
others with different hardware to test that easily. We might want to remove
that before release.

Reviewed by Andres Freund.

Fix planning of parameterized appendrel paths with expensive join quals.

The code in set_append_rel_pathlist() for building parameterized paths
for append relations (inheritance and UNION ALL combinations) supposed
that the cheapest regular path for a child relation would still be cheapest
when reparameterized. Which might not be the case, particularly if the
added join conditions are expensive to compute, as in a recent example from
Jeff Janes. Fix it to compare child path costs *after* reparameterizing.
We can short-circuit that if the cheapest pre-existing path is already
parameterized correctly, which seems likely to be true often enough to be
worth checking for.

Back-patch to 9.2 where parameterized paths were introduced.

pg_isready: Make --help output more consistent with other utilities

pg_resetxlog: Make --help consistent with man page

Use "MXID" as placeholder for -m option, instead of just "XID".

pg_upgrade: document link options
Document that tablespaces and pg_xlog can be on different file systems
for pg_upgrade --link mode.
Backpatch to 9.3.

Fix include-guard

Looks like a cut/paste error in the original addition of the file.

Andres Freund

pgbench: Silence compiler warning

Explicitly ignore return value from write(), to silence warning. This
warning only appeared under --disable-thread-safety.

PL/Python: Make regression tests pass with older Python versions

Avoid output formatting differences by printing str() instead of repr()
of the value.

Handle posix_fallocate() errors.

On some platforms, posix_fallocate() is available but may still return
EINVAL if the underlying filesystem does not support it. So, in case
of an error, fall through to the alternate implementation that just
writes zeros.

Per buildfarm failure and analysis by Tom Lane.

Also escape double quotes for ECPG's #line statement.

Rename a function to avoid naming conflict in parallel regression tests.

Commit 31a891857a128828d47d93c63e041f3b69cbab70 added some tests in
plpgsql.sql that used a function rather unthinkingly named "foo()".
However, rangefuncs.sql has some much older tests that create a function
of that name, and since these test scripts run in parallel, there is a
chance of failures if the timing is just right. Use another name to
avoid that. Per buildfarm (failure seen today on "hamerkop", but
probably it's happened before and not been noticed).

PL/Python: Convert numeric to Decimal

The old implementation converted PostgreSQL numeric to Python float,
which was always considered a shortcoming. Now numeric is converted to
the Python Decimal object. Either the external cdecimal module or the
standard library decimal module are supported.

From: Szymon Guz <mabewlun@gmail.com>
From: Ronan Dunklau <rdunklau@gmail.com>
Reviewed-by: Steve Singer <steve@ssinger.info>

Update messages, comments and documentation for materialized views.

All instances of the verbiage lagging the code. Back-patch to 9.3,
where materialized views were introduced.

Use posix_fallocate() for new WAL files, where available.

This function is more efficient than actually writing out zeroes to
the new file, per microbenchmarks by Jon Nelson. Also, it may reduce
the likelihood of WAL file fragmentation.

Jon Nelson, with review by Andres Freund, Greg Smith and me.

Remove stray | character

Erikjan Rijkers

Fix spelling error

Reported by Kevin Hale Boyes

Expose the estimation of number of changed tuples since last analyze

This value, now pg_stat_all_tables.n_mod_since_analyze, was already
tracked and used by autovacuum, but not exposed to the user.

Mark Kirkwood, review by Laurenz Albe

Apploed patch by MauMau <maumau307@gmail.com> to escape filenames in #line statements.

Use type "int64" for memory accounting in tuplesort.c/tuplestore.c.

Commit 263865a48973767ce8ed7b7788059a38a24a9f37 switched tuplesort.c and
tuplestore.c variables representing memory usage from type "long" to
type "Size".  This was unnecessary; I thought doing so avoided overflow
scenarios on 64-bit Windows, but guc.c already limited work_mem so as to
prevent the overflow.  It was also incomplete, not touching the logic
that assumed a signed data type.  Change the affected variables to
"int64".  This is perfect for 64-bit platforms, and it reduces the need
to contemplate platform-specific overflow scenarios.  It also puts us
close to being able to support work_mem over 2 GiB on 64-bit Windows.

Per report from Andres Freund.

Fix typo in comment.

Michael Paquier

Add C comment about \copy bug in CSV mode
Comment: This code erroneously assumes '\.' on a line alone inside a
quoted CSV string terminates the \copy.
http://www.postgresql.org/message-id/E1TdNVQ-0001ju-GO@wrigleys.postgresql.org

Add contrib function references in the doc index
Backpatch to 9.3.
Idea from Craig Ringer

Add new GUC, max_worker_processes, limiting number of bgworkers.

In 9.3, there's no particular limit on the number of bgworkers;
instead, we just count up the number that are actually registered,
and use that to set MaxBackends.  However, that approach causes
problems for Hot Standby, which needs both MaxBackends and the
size of the lock table to be the same on the standby as on the
master, yet it may not be desirable to run the same bgworkers in
both places.  9.3 handles that by failing to notice the problem,
which will probably work fine in nearly all cases anyway, but is
not theoretically sound.

A further problem with simply counting the number of registered
workers is that new workers can't be registered without a
postmaster restart.  This is inconvenient for administrators,
since bouncing the postmaster causes an interruption of service.
Moreover, there are a number of applications for background
processes where, by necessity, the background process must be
started on the fly (e.g. parallel query).  While this patch
doesn't actually make it possible to register new background
workers after startup time, it's a necessary prerequisite.

Patch by me.  Review by Michael Paquier.

docs: Clarify flag dependencies for background workers.

BGWORKER_BACKEND_DATABASE_CONNECTION can only be used if
BGWORKER_SHMEM_ACCESS is also used.

Michael Paquier, with some tweaks by me.

doc: Fix typo in event trigger documentation

From: Dimitri Fontaine <dimitri@2ndQuadrant.fr>

doc: Add event trigger C API documentation

From: Dimitri Fontaine <dimitri@2ndQuadrant.fr>

Install all a Makefile's extension controls, not just the first.

Bug introduced by commit 6697aa2bc25c83b88d6165340348a31328c35de6 and
reported by Robert Haas.

Get rid of pg_class.reltoastidxid.

Treat TOAST index just the same as normal one and get the OID
of TOAST index from pg_index but not pg_class.reltoastidxid.
This change allows us to handle multiple TOAST indexes, and
which is required infrastructure for upcoming
REINDEX CONCURRENTLY feature.

Patch by Michael Paquier, reviewed by Andres Freund and me.

pg_buffercache: document column meanings
Improve documentation for usagecount and relforknumber.
Backpatch to 9.3.
Suggestion from Satoshi Nagayasu

Revert "Hopefully-portable regression tests for CREATE/ALTER/DROP COLLATION."

This reverts commit 263645305b8f14a3821e04dffa96fa7c1bc2ae86.

The buildfarm is sad.

Hopefully-portable regression tests for CREATE/ALTER/DROP COLLATION.

The collate.linux.utf8 test covers some of the same territory, but
isn't portable and so probably does not get run often, or on
non-Linux platforms. If this approach turns out to be sufficiently
portable, we may want to look at trimming the redundant tests out
of that file to avoid duplication.

Robins Tharakan, reviewed by Michael Paquier and Fabien Coelho,
with further changes and cleanup by me.

Fix handling of auto-updatable views on inherited tables.

An INSERT into such a view should work just like an INSERT into its base
table, ie the insertion should go directly into that table ... not be
duplicated into each child table, as was happening before, per bug #8275
from Rushabh Lathia. On the other hand, the current behavior for
UPDATE/DELETE seems reasonable: the update/delete traverses the child
tables, or not, depending on whether the view specifies ONLY or not.
Add some regression tests covering this area.

Dean Rasheed

Unbreak postmaster restart-after-crash sequence

In patch 82233ce7ea42, AbortStartTime wasn't being reset appropriately
after the restart sequence, causing subsequent iterations through
ServerLoop to malfunction.

Regression tests for LISTEN/NOTIFY/UNLISTEN/pg_notify.

Robins Tharakan, reviewed by Szymon Guz

Additional regression tests for CREATE OPERATOR.

Robins Tharakan, reviewed by Szymon Guz

Expose object name error fields in PL/pgSQL.

Specifically, permit attaching them to the error in RAISE and retrieving
them from a caught error in GET STACKED DIAGNOSTICS.  RAISE enforces
nothing about the content of the fields; for its purposes, they are just
additional string fields.  Consequently, clarify in the protocol and
libpq documentation that the usual relationships between error fields,
like a schema name appearing wherever a table name appears, are not
universal.  This freedom has other applications; consider a FDW
propagating an error from an RDBMS having no schema support.

Back-patch to 9.3, where core support for the error fields was
introduced.  This prevents the confusion of having a release where libpq
exposes the fields and PL/pgSQL does not.

Pavel Stehule, lexical revisions by Noah Misch.

doc: Remove i18ngurus.com link

The web site is dead, and the Wayback Machine shows that it didn't have
much useful content before.

Add #include to make header file independent

doc: Arrange See Also links in more consistent order

pg_restore: Error about incompatible options

This mirrors the equivalent error cases in pg_dump.

Add support for multiple kinds of external toast datums.

To that end, support tags rather than lengths for external datums.
As an example of how this can be used, add support or "indirect"
tuples which point to some externally allocated memory containing
a toast tuple. Similar infrastructure could be used for other
purposes, including, perhaps, support for alternative compression
algorithms.

Andres Freund, reviewed by Hitoshi Harada and myself

Mention extra_float_digits in floating point docs

Make it easier for readers of the FP docs to find out about possibly
truncated values.

Per complaint from Tom Duffey in message
F0E0F874-C86F-48D1-AA2A-0C5365BF5118@trillitech.com

Author: Albe Laurenz
Reviewed by: Abhijit Menon-Sen

Silence compiler warning in assertion-enabled builds.

With -Wtype-limits, gcc correctly points out that size_t can never be < 0.
Backpatch to 9.3 and 9.2. It's been like this forever, but in <= 9.1 you got
a lot other warnings with -Wtype-limits anyway (at least with my version of
gcc).

Andres Freund

pg_upgrade: revert changing '' to ""
On the command line, GUC option strings are handled by the guc parser,
not by the shell parser, so '' is the proper way to represent a
zero-length string. This reverts commit
3132a9b7ab3d76c15f88cfa29792fd888e7a959e.

Use an MVCC snapshot, rather than SnapshotNow, for catalog scans.

SnapshotNow scans have the undesirable property that, in the face of
concurrent updates, the scan can fail to see either the old or the new
versions of the row.  In many cases, we work around this by requiring
DDL operations to hold AccessExclusiveLock on the object being
modified; in some cases, the existing locking is inadequate and random
failures occur as a result.  This commit doesn't change anything
related to locking, but will hopefully pave the way to allowing lock
strength reductions in the future.

The major issue has held us back from making this change in the past
is that taking an MVCC snapshot is significantly more expensive than
using a static special snapshot such as SnapshotNow.  However, testing
of various worst-case scenarios reveals that this problem is not
severe except under fairly extreme workloads.  To mitigate those
problems, we avoid retaking the MVCC snapshot for each new scan;
instead, we take a new snapshot only when invalidation messages have
been processed.  The catcache machinery already requires that
invalidation messages be sent before releasing the related heavyweight
lock; else other backends might rely on locally-cached data rather
than scanning the catalog at all.  Thus, making snapshot reuse
dependent on the same guarantees shouldn't break anything that wasn't
already subtly broken.

Patch by me.  Review by Michael Paquier and Andres Freund.

Fix regression test make dependencies

The dependencies on the spi and dummy_seclabel contrib modules were
incomplete, because they did not pick up automatically generated
dependencies on header files. This will manifest itself especially when
switching major versions, where the contrib modules would not be
recompiled to contain the new version number, leading to regression test
failures.

To fix this, use the submake approach already in use elsewhere, so that
the contrib modules are built using their full rules.

pg_dump docs: use escaped double-quotes, for Windows
On Unix, you can embed double-quotes in single-quotes, and via versa.
However, on Windows, you can only escape double-quotes in double-quotes,
so use that in the pg_dump -t/table example.
Backpatch to 9.3.
Report from Mike Toews

Add a convenience routine makeFuncCall to reduce duplication.

David Fetter and Andrew Gierth, reviewed by Jeevan Chalke

pg_upgrade: use "" rather than '', for Windows
If we ever support unix sockets on Windows, we should use "" rather than
'' for zero-length strings on the command-line, so use that.

Add timezone offset output option to to_char()
Add ability for to_char() to output the timezone's UTC offset (OF). We
already have the ability to return the timezone abbeviation (TZ/tz).
Per request from Andrew Dunstan

Improve support for building PGXS modules with VPATH.

A VPATH build will be performed when the module's make file path is not
the current directory or when USE_VPATH is set.

This will assist packagers and others who prefer to build without
polluting the source directories.

There is still a bit of work to do here, notably documentation, but it's
probably a good idea to commit what we have so far and let people test
it out on their modules.

Cédric Villemain, with an addition from me.

Update LSB URL in pg_ctl
Update Linux Standard Base Core Specification 3.1 URL mention in pg_ctl
comments.

Remove undocumented -h (help) option
The -h option was not supported by many tools, and not documented, so
remove them for consistency from pg_upgrade, pg_test_fsync, and
pg_test_timing.

Optimize pglz compressor for small inputs.

The pglz compressor has a significant startup cost, because it has to
initialize to zeros the history-tracking hash table. On a 64-bit system, the
hash table was 64kB in size. While clearing memory is pretty fast, for very
short inputs the relative cost of that was quite large.

This patch alleviates that in two ways. First, instead of storing pointers
in the hash table, store 16-bit indexes into the hist_entries array. That
slashes the size of the hash table to 1/2 or 1/4 of the original, depending
on the pointer width. Secondly, adjust the size of the hash table based on
input size. For very small inputs, you don't need a large hash table to
avoid collisions.

Review by Amit Kapila.

Retry short writes when flushing WAL.

We don't normally bother retrying when the number of bytes written by
write() is short of what was requested. It is generally assumed that a
write() to disk doesn't return short, unless you run out of disk space.
While writing the WAL, however, it seems prudent to try a bit harder,
because a failure leads to PANIC. The write() is also much larger than most
write()s in the backend (up to wal_buffers), so there's more room for
surprises.

Also retry on EINTR. All signals used in the backend are flagged SA_RESTART
nowadays, so it shouldn't happen, but better to be defensive.

Fix cpluspluscheck in checksum code

C++ is more picky about comparing signed and unsigned integers.

ecpg: Consistently use mm_strdup()

mm_strdup() is provided to check errors from strdup(), but some places
were failing to use it.

Inline ginCompareItemPointers function for speed.

ginCompareItemPointers function is called heavily in gin index scans -
inlining it speeds up some kind of queries a lot.

Change errcode for lock_timeout to match NOWAIT

Set errcode to ERRCODE_LOCK_NOT_AVAILABLE

Zoltán Bsöszörményi

ALTER TABLE ... ALTER CONSTRAINT for FKs

Allow constraint attributes to be altered,
so the default setting of NOT DEFERRABLE
can be altered to DEFERRABLE and back.

Review by Abhijit Menon-Sen

Assert that ALTER TABLE subcommands have pass set

pg_upgrade: pass username to analyze script
If -U (user) is specified, pass the username into the created analyze
script.
Per request from Ray Stell

pg_upgrade: remove -h option
-h (help) is not needed; pg_upgrade already supports --help and -?,
which is consistent with other tools.

pg_upgrade:  trim down --help and doc option descriptions
Previous code had old/new prefixes on option values, e.g.
--old-datadir=OLDDATADIR.  Remove them, for simplicity;  now:
--old-datadir=DATADIR.  Also update docs to do the same.

Send SIGKILL to children if they don't die quickly in immediate shutdown

On immediate shutdown, or during a restart-after-crash sequence,
postmaster used to send SIGQUIT (and then abandon ship if shutdown); but
this is not a good strategy if backends don't die because of that
signal.  (This might happen, for example, if a backend gets tangled
trying to malloc() due to gettext(), as in an example illustrated by
MauMau.)  This causes problems when later trying to restart the server,
because some processes are still attached to the shared memory segment.

Instead of just abandoning such backends to their fates, we now have
postmaster hang around for a little while longer, send a SIGKILL after
some reasonable waiting period, and then exit.  This makes immediate
shutdown more reliable.

There is disagreement on whether it's best for postmaster to exit after
sending SIGKILL, or to stick around until all children have reported
death.  If this controversy is resolved differently than what this patch
implements, it's an easy change to make.

Bug reported by MauMau in message 20DAEA8949EC4E2289C6E8E58560DEC0@maumau

MauMau and Álvaro Herrera

pg_upgrade: change -u to -U, for consistency
Change -u (user) option to -U, for consistency with other tools like
pg_dump and psql. Also expand --user to --username, again for
consistency.
BACKWARD INCOMPATIBILITY

Make the OVER keyword unreserved.

This results in a slightly less specific error message when OVER
is used in a context where we don't accept window functions, but
per discussion, it's worth it to get the benefit of not needing
to reserve this keyword any more. This same refactoring will
also let us avoid reserving some other keywords that we expect
to add in upcoming patches (specifically, IGNORE, RESPECT, and
FILTER).

Troels Nielsen, with minor changes by me

Define Trap and TrapMacro even in non-cassert builds.

In some cases, the use of these macros may be preferable to Assert()
or AssertMacro(), since this way the caller can set the trap message.

Andres Freund and Robert Haas

Track spinlock delay in microsecond granularity.

On many platforms the OS will round the sleep time to millisecond
resolution, but there is no reason for us to pre-emptively round the
argument to pg_usleep.

When the delay was measured in milliseconds and started from 1 ms, it
sometimes took many attempts until the logic that increases the delay by
multiplying with a random value between 1 and 2 actually managed to bump it
from 1 ms to 2 ms. That lead to a sequence of 1 ms waits until the delay
started to increase. This wasn't really a problem but it looked odd if you
observed the waits. There is no measurable difference in performance, but
it's more readable this way.

Jeff Janes

Update pg_resetxlog's documentation on multixacts

I added some more functionality to it in 0ac5ad5134f27 but neglected to
add it to the docs.

Per Peter Eisentraut in message
1367112171.32604.4.camel@vanquo.pezone.net

Document relminmxid and datminmxid

I introduced these new fields in 0ac5ad5134f27 but neglected to add them
to the system catalogs section of the docs.

Per Thom Brown in message
CAA-aLv7UiO=Whiq3MVbsEqSyQRthuX8Tb_RLyBuQt0KQBp=6EQ@mail.gmail.com

Permit super-MaxAllocSize allocations with MemoryContextAllocHuge().

The MaxAllocSize guard is convenient for most callers, because it
reduces the need for careful attention to overflow, data type selection,
and the SET_VARSIZE() limit.  A handful of callers are happy to navigate
those hazards in exchange for the ability to allocate a larger chunk.
Introduce MemoryContextAllocHuge() and repalloc_huge().  Use this in
tuplesort.c and tuplestore.c, enabling internal sorts of up to INT_MAX
tuples, a factor-of-48 increase.  In particular, B-tree index builds can
now benefit from much-larger maintenance_work_mem settings.

Reviewed by Stephen Frost, Simon Riggs and Jeff Janes.