On Thu, Feb 9, 2017 at 4:57 PM, Andres Freund <and...@anarazel.de> wrote: > On 2017-02-09 13:29:42 -0800, Peter Geoghegan wrote: >> > I'd really like to have something like relation_check(), index_check() >> > which calls the correct functions for the relevan index types (and >> > possibly warns about !nbtree indexes not being checked?). >> >> I feel that that's something for an in-core facility that exposes this >> through DDL. One good reason to not do that just yet is that I'm not >> completely comfortable with what a uniform interface looks like here. >> And frankly, I really just want to get this out of the way, to prove >> the general concept of verification tooling. amcheck v1 is a good >> start, but much work remains. I think that no one will take the idea >> completely seriously until it is usable as a core extension. Let's get >> the ball rolling. > > I'm not convinced at all by that argument. If we want something in > core, having this in contrib doesn't help much. Nor do I see much > point in explicit syntax.
I don't see any need for this to be in core, nor do I think we need explicit syntax. But given that, I also don't think that we need the generalized infrastructure you proposed in the quoted section above. >> I strongly disagree. I would agree if the lock strength were the same >> in both cases, but it isn't. Varying the strength of heavyweight lock >> taken based on an argument to a function is a massive foot-gun IMV. > > Meh. I don't think that's a serious problem, nor is without precedent > (say same toplevel DDL with differing lock levels depending on > options). Nor do the function names confer that any more efficiently > than parameters. Really? check_btree(blah, true) vs. check_btree(blah, false) is no more or less clear than check_btree_for_plausible_errors(blah) vs. check_btree_in_unreasonable_detail(blah)? >> I do think that that's the logical way to split out functionality. I >> don't think that there is likely to be a problem with adding stuff in >> the future. It'll either be something that we can do in passing >> anyway, in which case we can just add it to the existing checks >> harmlessly. Or, it will be something like a tool that verifies the >> heap is consistent with a given index, which is vastly more expensive >> in terms of CPU and I/O costs, and yet is probably no worse than >> bt_index_check() in terms of lock strength (AccessShareLock). > > But you quite possibly want to do all three in one pass - and that'll be > ugly with your API. With your API I'll not be able to do the parent > check and the heap check at once. Lest we add fourth function that does > all of it. This however seems like a good point. > Again, some parts of the code doing something bad isn't a good argument > for doing again. Releasing locks early is a bad pattern, because backend > code isn't generally safe against it, we have special code-paths for > catalog tables to support it for those. I don't agree with that. The reason we keep relation locks until the end of the transaction is to avoid surprising application code, not because the system can't tolerate it. But here it's more likely that retaining the lock will surprise the user. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (email@example.com) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers