Skip to content

Make installcheck segfaults (SPOC-383) #292

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mason-sharp merged 8 commits into from
Dec 21, 2025
Merged

Make installcheck segfaults (SPOC-383) #292

mason-sharp merged 8 commits into from
Dec 21, 2025

Conversation

@danolivo
Copy link
Contributor

@danolivo danolivo commented Dec 19, 2025

No description provided.

danolivo and others added 3 commits December 19, 2025 11:59
@danolivo
Guard AutoDDL processing with transaction when needed
a226eb7 
Some utility commands (e.g., CLUSTER without table name) execute outside
transaction blocks, committing after each table operation. When the AutoDDL
hook fires after such commands complete, catalog operations and queue
insertions fail without transaction context.

This commit adds transaction and snapshot guards at the AutoDDL entry point
in spock_autoddl_process().

Test case added: CLUSTER without table name after ALTER TABLE CLUSTER ON
verifies that AutoDDL works correctly when invoked outside transaction
context.

co-author: Claude.
@danolivo
Check transactional state in spock_node.
a3b1a39 
There are some evidence exists that we have been cavalier with database
lookups. It seems sometimes Spock does it outside a transaction. And the reason
why we didn't see any issues before is that relation we touch is frequently
in the syscache. It is unstable situation and we must fix it.
It is too expensive to run tests with the '--discard-caches' enabled. So, to
make thing simpler, add assertions to check we touch the database inside
a transaction.
@claude @danolivo
Add transaction state assertions to catalog access functions
5f68b6f 
Add Assert(IsTransactionState()) to all functions that perform catalog
access in spock_queue.c, spock_sync.c, and spock_exception_handler.c.

These assertions complement the existing assertions in spock_node.c and
spock_repset.c, providing comprehensive protection against calling catalog
functions outside transaction context.

Functions updated:
- spock_queue.c: queue_message(), queued_message_from_tuple()
- spock_sync.c: create_local_sync_status(), drop_subscription_sync_status(),
  get_subscription_sync_status(), drop_table_sync_status(),
  drop_table_sync_status_for_sub(), get_table_sync_status(),
  get_unsynced_tables(), get_subscription_tables()
- spock_exception_handler.c: add_entry_to_exception_log()

These assertions will help catch transaction state violations during
development and testing, particularly in edge cases like CLUSTER without
table name or other utility commands that run outside transaction blocks.
@danolivo danolivo requested a review from mason-sharp December 19, 2025 11:18
@danolivo danolivo self-assigned this Dec 19, 2025
@danolivo danolivo added the bug Something isn't working label Dec 19, 2025
@danolivo danolivo changed the title Make installcheck segfaults Make installcheck segfaults (SPOC-383) Dec 19, 2025
@danolivo danolivo force-pushed the make-installcheck-segfaults branch from 61cc7e2 to f622562 Compare December 19, 2025 14:27
@danolivo
Filter DDL commands that require execution outside transaction blocks
b0e8677 
Previous commit added a test on this feature and opened that Spock has troubles
on subscriber's side with commands which requires no transaction.
Having no clean idea what to do here we may just filter problematic commands.

DESCRIPTION:
===========

Some PostgreSQL utility commands cannot be executed inside transaction
blocks. When these commands are replicated to subscribers, the apply
worker executes them inside transactions (via begin_replication_step()),
causing failures or crashes.

This commit implements publisher-side filtering to prevent problematic
commands from being queued for replication:

1. CLUSTER command filtering:
   - Skip CLUSTER without table name (clusters all tables)
   - Skip CLUSTER on partitioned tables
   - Allow CLUSTER on regular tables (safe to replicate)

2. Additional transaction-incompatible commands:
   - VACUUM
   - CREATE/DROP TABLESPACE
   - REINDEX CONCURRENTLY
   - CREATE/DROP DATABASE (already filtered)
   - Concurrent index operations (already filtered)

In addition:
3. Optimization in autoddl_can_proceed():
   - Remove early get_local_node() check for better performance
   - The check is still performed later in spock_auto_replicate_ddl()
     after initial filtering reduces unnecessary catalog lookups

The filtering approach is simpler and more maintainable than attempting
to handle these commands specially on the subscriber side. Users receive
a clear warning when DDL statements cannot be replicated.
@danolivo danolivo force-pushed the make-installcheck-segfaults branch from f622562 to b0e8677 Compare December 19, 2025 15:26
mason-sharp
mason-sharp reviewed Dec 20, 2025
View reviewed changes
mason-sharp
mason-sharp reviewed Dec 20, 2025
View reviewed changes
@mason-sharp
Copy link
Member

mason-sharp commented Dec 20, 2025

Looks good, just need to address that PG 15 and 16 are failing.

@danolivo
Copy link
Contributor Author

danolivo commented Dec 20, 2025

Looks good, just need to address that PG 15 and 16 are failing.

Done.

@mason-sharp mason-sharp merged commit 43d3ec8 into main Dec 21, 2025
5 checks passed
@mason-sharp mason-sharp deleted the make-installcheck-segfaults branch December 21, 2025 20:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mason-sharp mason-sharp mason-sharp approved these changes

Assignees

@danolivo danolivo

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@danolivo @mason-sharp @claude