On Tue, Apr 28, 2026 at 7:17 AM Bertrand Drouvot <[email protected]> wrote: > 0003: Add Assert guard to detect permission check before lock regressions > > Add instrumentation under USE_ASSERT_CHECKING to detect cases where > object_aclcheck() > is called on a referenced object before a lock is held on it, which would > widen > the TOCTOU window between the permission check and the dependency recording.
I really like the idea of having some kind of cross-check system that can detect future (or current) coding mistakes. But what I wonder about this mechanism is: should we instead be insisting that we take a lock and check permissions on every dependency? Is it an error to record a dependency on an object without any sort of permissions check? Also, I think the mechanism might not be entirely safe. ProcessUtility can result in executing user-defined functions which could theoretically run other DDL and then it seems like this code would get confused. -- Robert Haas EDB: http://www.enterprisedb.com
