Re: Adding REPACK [concurrently]

Mihail Nikalayeu <mihailnikalayeu(at)gmail(dot)com> wrote:

> PART 1:
>
> I started rebasing the MVCC-safe version on top of the multi-snapshot version and realized it becomes complex.
> But, what's really bad about MVCC-unsafety is the ability to access *incorrect* data and break some logic (or even constraints).
>
> If we may *prevent* such data access with some kind of error (which is going to be very infrequent) - I don't see any sense to achieve true
> MVCC-safety.
>
> I remembered a way it works with indcheckxmin for indexes. And made something similar for pg_class: it records the rewriting transaction
> XID and causes the executor to raise an error if a transaction with an older snapshot attempts to access the rewritten relation.
>
> For the normal case - check is never executed, no performance regression here. Also, the flag is automatically cleared by VACUUM once the
> transaction ID is frozen.
>
> It also "fixes" ALTER TABLE, not only REPACK concurrently.
>
> Attached patch contains more details (some in the commit message).

A few days ago, when thinking about it, I realized that my implementation of
MVCC safety is not correct, as it does not preserve the whole HOT chains as
CLUSTER / VACUUM FULL does. To resolve that, we should not allow access to the
new table until the parts of HOT chains not copied by REPACK are DEAD.

Better solution might be to improve rewriteheap.c (which does keep the HOT
chains) so it 1) works w/o AccessExclusiveLock on the table, 2) does not copy
tuples which will eventually be retrieved by the logical decoding output
plugin, 3) allows snapshot switching/resetting in 2). I think these
requirements are rather hard to implement.

I've noticed recently that the MVCC safety patch you posted is not exactly
what I wrote, but maybe the copying part is identical. So it's possible that
the problem you saw is related to what I try to describe here.

Let's see in the future if the demand for the MVCC safety will ever justify
the effort to implement it.

> PART 2:
>
> I have continued working with stress tests. This time I added your WIP patch to fix the LR\CLOG race.
>
> I made the following configs:
> 1) just REPACK CONCURRENTLY - ok
> 2) + relcheckxmin (see PART1) - ok
> 3) + worker - ok
> 4) + multiple snapshots - broken in multiple ways.
>
> You may see example of run here - https://cirrus-ci.com/build/6359048020295680
>
> Some examples:
>
> 1) 'pgbench: error: client 11 script 0 aborted in command 20 query 0: ERROR: could not read blocks 0..0 in file "base/5/16414": read only 0
> of 8192 bytes
> 2) at /home/postgres/postgres/contrib/amcheck/t/008_repack_concurrently.pl line 51.
> [15:36:37.204] # 'pgbench: error: client 5 script 0 aborted in command 28 query 0: ERROR: division by zero
> 3) 'pgbench: error: client 12 script 0 aborted in command 6 query 0: ERROR: cache lookup failed for relation 17400

Thanks, I'll check these.

--
Antonin Houska
Web: https://www.cybertec-postgresql.com