Re: ALTER TABLE ... NOREWRITE option

On 2012-12-06 18:42:22 +0000, Simon Riggs wrote:
> On 6 December 2012 18:31, Andres Freund <andres(at)2ndquadrant(dot)com> wrote:
> > On 2012-12-06 18:21:09 +0000, Simon Riggs wrote:
> >> On 6 December 2012 00:46, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> >> > On Wed, Dec 5, 2012 at 6:45 PM, Simon Riggs <simon(at)2ndquadrant(dot)com> wrote:
> >> >> Yes, but it is also the trigger writers problem.
> >> >
> >> > Maybe to some degree. I don't think that a server crash or something
> >> > like a block-read error is ever tolerable though, no matter how silly
> >> > the user is with their event trigger logic. If we go down that road
> >> > it will be impossible to know whether errors that are currently
> >> > reliable indicators of software or hardware problems are in fact
> >> > caused by event triggers. Of course, if an event trigger causes the
> >> > system to error out in some softer way, that's perfectly fine...
> >>
> >> How are event triggers more dangerous than normal triggers/functions?
> >
> > Normal triggers aren't run when the catalog is in an in-between state
> > because they aren't run while catalog modifications are taking place.
>
> "in-between state" means what? And what danger do you see?

For example during table rewrites we have a temporary pg_class entry
thats a full copy of the table, with a separate oid, relfilenode and
everything. That gets dropped rather unceremonially, without the usual
safety checks. If the user did anything referencing that table we would
possibly have a corrupt catalog or even a segfault at our hands.

For normal triggers the code takes quite some care to avoid such
dangers.

> If its just "someone might write bad code" that horse has already
> bolted - functions, triggers, executor hooks, operators, indexes etc

Not sure what you mean by that. Those don't get called in situation
where they don't have a reliable work-environment.

> I don't see any difference between an event trigger and these statements...
>
> BEGIN;
> ALTER TABLE x ...;
> SELECT somefunction();
> ALTER TABLE y ...;
> COMMIT;

Event triggers get called *during* the ALTER TABLE. So if were not
careful they see something thats not easy to handle.

I am for example not sure what would happen if we had a "rewrite" event
trigger which inserts a log entry into a logtable. Not a stupid idea,
right?
Now imagine we had a deferred unique key on that logtable and the
logtable is the one that gets rewritten...

Greetings,

Andres Freund

--
Andres Freund http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services