Re: BUG #9202: C Functions crash database too easily

rotten(at)windfish(dot)net writes:
> While setting up a third party (commerical) provided C library functions
> I've observed PostgreSQL 9.3.2 to be very sensitive to simple typos.

Coding in C in general is very sensitive to simple typos. Perhaps you
should use some higher-level PL if you find C too uncooperative.

> 2) The same thing happens if you try to create the same function twice:

Hm, that seems odd, since merely creating the function doesn't call it.
But then again, stuff like this suggests that you're abusing something
rather badly:

> 2014-02-12 15:20:45.626 EST mydb [local] postgresWARNING: using index
> "pg_event_trigger_evtname_index" despite IgnoreSystemIndexes

How did IgnoreSystemIndexes come to be set?

> 2014-02-12 15:20:45.627 EST mydb [local] postgresPANIC: function
> "myfunction" already exists with same argument types

Interesting; that should only be an ERROR not a PANIC. I'm guessing
that something in your loadable module left the system thinking it
was in a critical section, which would cause errors to be promoted
to panics like that.

In general it looks like these issues arise from your C code having
tromped on some global variables it shouldn't have. Wild store through
a wrong pointer, perhaps?

> For case (1) I think you shouldn't be able to create a C function without
> the right number of arguments.

I know of no way that we could (portably) infer the number of arguments
a C function expects from looking at the loadable library. Even if we
could, that alone wouldn't be much of a safety improvement. There are
too many other ways to crash things with an incorrect C function.
IME wrong data types and failure to handle null arguments properly
(neither checking for them explicitly, nor marking the function STRICT)
are bigger hazards than wrong-number-of-arguments.

regards, tom lane