LCOV - code coverage report
Current view: top level - src/backend/access/transam - xlog.c (source / functions) Hit Total Coverage
Test: PostgreSQL 19devel Lines: 2181 2465 88.5 %
Date: 2025-07-26 09:18:06 Functions: 118 121 97.5 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /*-------------------------------------------------------------------------
       2             :  *
       3             :  * xlog.c
       4             :  *      PostgreSQL write-ahead log manager
       5             :  *
       6             :  * The Write-Ahead Log (WAL) functionality is split into several source
       7             :  * files, in addition to this one:
       8             :  *
       9             :  * xloginsert.c - Functions for constructing WAL records
      10             :  * xlogrecovery.c - WAL recovery and standby code
      11             :  * xlogreader.c - Facility for reading WAL files and parsing WAL records
      12             :  * xlogutils.c - Helper functions for WAL redo routines
      13             :  *
      14             :  * This file contains functions for coordinating database startup and
      15             :  * checkpointing, and managing the write-ahead log buffers when the
      16             :  * system is running.
      17             :  *
      18             :  * StartupXLOG() is the main entry point of the startup process.  It
      19             :  * coordinates database startup, performing WAL recovery, and the
      20             :  * transition from WAL recovery into normal operations.
      21             :  *
      22             :  * XLogInsertRecord() inserts a WAL record into the WAL buffers.  Most
      23             :  * callers should not call this directly, but use the functions in
      24             :  * xloginsert.c to construct the WAL record.  XLogFlush() can be used
      25             :  * to force the WAL to disk.
      26             :  *
      27             :  * In addition to those, there are many other functions for interrogating
      28             :  * the current system state, and for starting/stopping backups.
      29             :  *
      30             :  *
      31             :  * Portions Copyright (c) 1996-2025, PostgreSQL Global Development Group
      32             :  * Portions Copyright (c) 1994, Regents of the University of California
      33             :  *
      34             :  * src/backend/access/transam/xlog.c
      35             :  *
      36             :  *-------------------------------------------------------------------------
      37             :  */
      38             : 
      39             : #include "postgres.h"
      40             : 
      41             : #include <ctype.h>
      42             : #include <math.h>
      43             : #include <time.h>
      44             : #include <fcntl.h>
      45             : #include <sys/stat.h>
      46             : #include <sys/time.h>
      47             : #include <unistd.h>
      48             : 
      49             : #include "access/clog.h"
      50             : #include "access/commit_ts.h"
      51             : #include "access/heaptoast.h"
      52             : #include "access/multixact.h"
      53             : #include "access/rewriteheap.h"
      54             : #include "access/subtrans.h"
      55             : #include "access/timeline.h"
      56             : #include "access/transam.h"
      57             : #include "access/twophase.h"
      58             : #include "access/xact.h"
      59             : #include "access/xlog_internal.h"
      60             : #include "access/xlogarchive.h"
      61             : #include "access/xloginsert.h"
      62             : #include "access/xlogreader.h"
      63             : #include "access/xlogrecovery.h"
      64             : #include "access/xlogutils.h"
      65             : #include "backup/basebackup.h"
      66             : #include "catalog/catversion.h"
      67             : #include "catalog/pg_control.h"
      68             : #include "catalog/pg_database.h"
      69             : #include "common/controldata_utils.h"
      70             : #include "common/file_utils.h"
      71             : #include "executor/instrument.h"
      72             : #include "miscadmin.h"
      73             : #include "pg_trace.h"
      74             : #include "pgstat.h"
      75             : #include "port/atomics.h"
      76             : #include "postmaster/bgwriter.h"
      77             : #include "postmaster/startup.h"
      78             : #include "postmaster/walsummarizer.h"
      79             : #include "postmaster/walwriter.h"
      80             : #include "replication/origin.h"
      81             : #include "replication/slot.h"
      82             : #include "replication/snapbuild.h"
      83             : #include "replication/walreceiver.h"
      84             : #include "replication/walsender.h"
      85             : #include "storage/bufmgr.h"
      86             : #include "storage/fd.h"
      87             : #include "storage/ipc.h"
      88             : #include "storage/large_object.h"
      89             : #include "storage/latch.h"
      90             : #include "storage/predicate.h"
      91             : #include "storage/proc.h"
      92             : #include "storage/procarray.h"
      93             : #include "storage/reinit.h"
      94             : #include "storage/spin.h"
      95             : #include "storage/sync.h"
      96             : #include "utils/guc_hooks.h"
      97             : #include "utils/guc_tables.h"
      98             : #include "utils/injection_point.h"
      99             : #include "utils/ps_status.h"
     100             : #include "utils/relmapper.h"
     101             : #include "utils/snapmgr.h"
     102             : #include "utils/timeout.h"
     103             : #include "utils/timestamp.h"
     104             : #include "utils/varlena.h"
     105             : 
     106             : #ifdef WAL_DEBUG
     107             : #include "utils/memutils.h"
     108             : #endif
     109             : 
     110             : /* timeline ID to be used when bootstrapping */
     111             : #define BootstrapTimeLineID     1
     112             : 
     113             : /* User-settable parameters */
     114             : int         max_wal_size_mb = 1024; /* 1 GB */
     115             : int         min_wal_size_mb = 80;   /* 80 MB */
     116             : int         wal_keep_size_mb = 0;
     117             : int         XLOGbuffers = -1;
     118             : int         XLogArchiveTimeout = 0;
     119             : int         XLogArchiveMode = ARCHIVE_MODE_OFF;
     120             : char       *XLogArchiveCommand = NULL;
     121             : bool        EnableHotStandby = false;
     122             : bool        fullPageWrites = true;
     123             : bool        wal_log_hints = false;
     124             : int         wal_compression = WAL_COMPRESSION_NONE;
     125             : char       *wal_consistency_checking_string = NULL;
     126             : bool       *wal_consistency_checking = NULL;
     127             : bool        wal_init_zero = true;
     128             : bool        wal_recycle = true;
     129             : bool        log_checkpoints = true;
     130             : int         wal_sync_method = DEFAULT_WAL_SYNC_METHOD;
     131             : int         wal_level = WAL_LEVEL_REPLICA;
     132             : int         CommitDelay = 0;    /* precommit delay in microseconds */
     133             : int         CommitSiblings = 5; /* # concurrent xacts needed to sleep */
     134             : int         wal_retrieve_retry_interval = 5000;
     135             : int         max_slot_wal_keep_size_mb = -1;
     136             : int         wal_decode_buffer_size = 512 * 1024;
     137             : bool        track_wal_io_timing = false;
     138             : 
     139             : #ifdef WAL_DEBUG
     140             : bool        XLOG_DEBUG = false;
     141             : #endif
     142             : 
     143             : int         wal_segment_size = DEFAULT_XLOG_SEG_SIZE;
     144             : 
     145             : /*
     146             :  * Number of WAL insertion locks to use. A higher value allows more insertions
     147             :  * to happen concurrently, but adds some CPU overhead to flushing the WAL,
     148             :  * which needs to iterate all the locks.
     149             :  */
     150             : #define NUM_XLOGINSERT_LOCKS  8
     151             : 
     152             : /*
     153             :  * Max distance from last checkpoint, before triggering a new xlog-based
     154             :  * checkpoint.
     155             :  */
     156             : int         CheckPointSegments;
     157             : 
     158             : /* Estimated distance between checkpoints, in bytes */
     159             : static double CheckPointDistanceEstimate = 0;
     160             : static double PrevCheckPointDistance = 0;
     161             : 
     162             : /*
     163             :  * Track whether there were any deferred checks for custom resource managers
     164             :  * specified in wal_consistency_checking.
     165             :  */
     166             : static bool check_wal_consistency_checking_deferred = false;
     167             : 
     168             : /*
     169             :  * GUC support
     170             :  */
     171             : const struct config_enum_entry wal_sync_method_options[] = {
     172             :     {"fsync", WAL_SYNC_METHOD_FSYNC, false},
     173             : #ifdef HAVE_FSYNC_WRITETHROUGH
     174             :     {"fsync_writethrough", WAL_SYNC_METHOD_FSYNC_WRITETHROUGH, false},
     175             : #endif
     176             :     {"fdatasync", WAL_SYNC_METHOD_FDATASYNC, false},
     177             : #ifdef O_SYNC
     178             :     {"open_sync", WAL_SYNC_METHOD_OPEN, false},
     179             : #endif
     180             : #ifdef O_DSYNC
     181             :     {"open_datasync", WAL_SYNC_METHOD_OPEN_DSYNC, false},
     182             : #endif
     183             :     {NULL, 0, false}
     184             : };
     185             : 
     186             : 
     187             : /*
     188             :  * Although only "on", "off", and "always" are documented,
     189             :  * we accept all the likely variants of "on" and "off".
     190             :  */
     191             : const struct config_enum_entry archive_mode_options[] = {
     192             :     {"always", ARCHIVE_MODE_ALWAYS, false},
     193             :     {"on", ARCHIVE_MODE_ON, false},
     194             :     {"off", ARCHIVE_MODE_OFF, false},
     195             :     {"true", ARCHIVE_MODE_ON, true},
     196             :     {"false", ARCHIVE_MODE_OFF, true},
     197             :     {"yes", ARCHIVE_MODE_ON, true},
     198             :     {"no", ARCHIVE_MODE_OFF, true},
     199             :     {"1", ARCHIVE_MODE_ON, true},
     200             :     {"0", ARCHIVE_MODE_OFF, true},
     201             :     {NULL, 0, false}
     202             : };
     203             : 
     204             : /*
     205             :  * Statistics for current checkpoint are collected in this global struct.
     206             :  * Because only the checkpointer or a stand-alone backend can perform
     207             :  * checkpoints, this will be unused in normal backends.
     208             :  */
     209             : CheckpointStatsData CheckpointStats;
     210             : 
     211             : /*
     212             :  * During recovery, lastFullPageWrites keeps track of full_page_writes that
     213             :  * the replayed WAL records indicate. It's initialized with full_page_writes
     214             :  * that the recovery starting checkpoint record indicates, and then updated
     215             :  * each time XLOG_FPW_CHANGE record is replayed.
     216             :  */
     217             : static bool lastFullPageWrites;
     218             : 
     219             : /*
     220             :  * Local copy of the state tracked by SharedRecoveryState in shared memory,
     221             :  * It is false if SharedRecoveryState is RECOVERY_STATE_DONE.  True actually
     222             :  * means "not known, need to check the shared state".
     223             :  */
     224             : static bool LocalRecoveryInProgress = true;
     225             : 
     226             : /*
     227             :  * Local state for XLogInsertAllowed():
     228             :  *      1: unconditionally allowed to insert XLOG
     229             :  *      0: unconditionally not allowed to insert XLOG
     230             :  *      -1: must check RecoveryInProgress(); disallow until it is false
     231             :  * Most processes start with -1 and transition to 1 after seeing that recovery
     232             :  * is not in progress.  But we can also force the value for special cases.
     233             :  * The coding in XLogInsertAllowed() depends on the first two of these states
     234             :  * being numerically the same as bool true and false.
     235             :  */
     236             : static int  LocalXLogInsertAllowed = -1;
     237             : 
     238             : /*
     239             :  * ProcLastRecPtr points to the start of the last XLOG record inserted by the
     240             :  * current backend.  It is updated for all inserts.  XactLastRecEnd points to
     241             :  * end+1 of the last record, and is reset when we end a top-level transaction,
     242             :  * or start a new one; so it can be used to tell if the current transaction has
     243             :  * created any XLOG records.
     244             :  *
     245             :  * While in parallel mode, this may not be fully up to date.  When committing,
     246             :  * a transaction can assume this covers all xlog records written either by the
     247             :  * user backend or by any parallel worker which was present at any point during
     248             :  * the transaction.  But when aborting, or when still in parallel mode, other
     249             :  * parallel backends may have written WAL records at later LSNs than the value
     250             :  * stored here.  The parallel leader advances its own copy, when necessary,
     251             :  * in WaitForParallelWorkersToFinish.
     252             :  */
     253             : XLogRecPtr  ProcLastRecPtr = InvalidXLogRecPtr;
     254             : XLogRecPtr  XactLastRecEnd = InvalidXLogRecPtr;
     255             : XLogRecPtr  XactLastCommitEnd = InvalidXLogRecPtr;
     256             : 
     257             : /*
     258             :  * RedoRecPtr is this backend's local copy of the REDO record pointer
     259             :  * (which is almost but not quite the same as a pointer to the most recent
     260             :  * CHECKPOINT record).  We update this from the shared-memory copy,
     261             :  * XLogCtl->Insert.RedoRecPtr, whenever we can safely do so (ie, when we
     262             :  * hold an insertion lock).  See XLogInsertRecord for details.  We are also
     263             :  * allowed to update from XLogCtl->RedoRecPtr if we hold the info_lck;
     264             :  * see GetRedoRecPtr.
     265             :  *
     266             :  * NB: Code that uses this variable must be prepared not only for the
     267             :  * possibility that it may be arbitrarily out of date, but also for the
     268             :  * possibility that it might be set to InvalidXLogRecPtr. We used to
     269             :  * initialize it as a side effect of the first call to RecoveryInProgress(),
     270             :  * which meant that most code that might use it could assume that it had a
     271             :  * real if perhaps stale value. That's no longer the case.
     272             :  */
     273             : static XLogRecPtr RedoRecPtr;
     274             : 
     275             : /*
     276             :  * doPageWrites is this backend's local copy of (fullPageWrites ||
     277             :  * runningBackups > 0).  It is used together with RedoRecPtr to decide whether
     278             :  * a full-page image of a page need to be taken.
     279             :  *
     280             :  * NB: Initially this is false, and there's no guarantee that it will be
     281             :  * initialized to any other value before it is first used. Any code that
     282             :  * makes use of it must recheck the value after obtaining a WALInsertLock,
     283             :  * and respond appropriately if it turns out that the previous value wasn't
     284             :  * accurate.
     285             :  */
     286             : static bool doPageWrites;
     287             : 
     288             : /*----------
     289             :  * Shared-memory data structures for XLOG control
     290             :  *
     291             :  * LogwrtRqst indicates a byte position that we need to write and/or fsync
     292             :  * the log up to (all records before that point must be written or fsynced).
     293             :  * The positions already written/fsynced are maintained in logWriteResult
     294             :  * and logFlushResult using atomic access.
     295             :  * In addition to the shared variable, each backend has a private copy of
     296             :  * both in LogwrtResult, which is updated when convenient.
     297             :  *
     298             :  * The request bookkeeping is simpler: there is a shared XLogCtl->LogwrtRqst
     299             :  * (protected by info_lck), but we don't need to cache any copies of it.
     300             :  *
     301             :  * info_lck is only held long enough to read/update the protected variables,
     302             :  * so it's a plain spinlock.  The other locks are held longer (potentially
     303             :  * over I/O operations), so we use LWLocks for them.  These locks are:
     304             :  *
     305             :  * WALWriteLock: must be held to write WAL buffers to disk (XLogWrite or
     306             :  * XLogFlush).
     307             :  *
     308             :  * ControlFileLock: must be held to read/update control file or create
     309             :  * new log file.
     310             :  *
     311             :  *----------
     312             :  */
     313             : 
     314             : typedef struct XLogwrtRqst
     315             : {
     316             :     XLogRecPtr  Write;          /* last byte + 1 to write out */
     317             :     XLogRecPtr  Flush;          /* last byte + 1 to flush */
     318             : } XLogwrtRqst;
     319             : 
     320             : typedef struct XLogwrtResult
     321             : {
     322             :     XLogRecPtr  Write;          /* last byte + 1 written out */
     323             :     XLogRecPtr  Flush;          /* last byte + 1 flushed */
     324             : } XLogwrtResult;
     325             : 
     326             : /*
     327             :  * Inserting to WAL is protected by a small fixed number of WAL insertion
     328             :  * locks. To insert to the WAL, you must hold one of the locks - it doesn't
     329             :  * matter which one. To lock out other concurrent insertions, you must hold
     330             :  * of them. Each WAL insertion lock consists of a lightweight lock, plus an
     331             :  * indicator of how far the insertion has progressed (insertingAt).
     332             :  *
     333             :  * The insertingAt values are read when a process wants to flush WAL from
     334             :  * the in-memory buffers to disk, to check that all the insertions to the
     335             :  * region the process is about to write out have finished. You could simply
     336             :  * wait for all currently in-progress insertions to finish, but the
     337             :  * insertingAt indicator allows you to ignore insertions to later in the WAL,
     338             :  * so that you only wait for the insertions that are modifying the buffers
     339             :  * you're about to write out.
     340             :  *
     341             :  * This isn't just an optimization. If all the WAL buffers are dirty, an
     342             :  * inserter that's holding a WAL insert lock might need to evict an old WAL
     343             :  * buffer, which requires flushing the WAL. If it's possible for an inserter
     344             :  * to block on another inserter unnecessarily, deadlock can arise when two
     345             :  * inserters holding a WAL insert lock wait for each other to finish their
     346             :  * insertion.
     347             :  *
     348             :  * Small WAL records that don't cross a page boundary never update the value,
     349             :  * the WAL record is just copied to the page and the lock is released. But
     350             :  * to avoid the deadlock-scenario explained above, the indicator is always
     351             :  * updated before sleeping while holding an insertion lock.
     352             :  *
     353             :  * lastImportantAt contains the LSN of the last important WAL record inserted
     354             :  * using a given lock. This value is used to detect if there has been
     355             :  * important WAL activity since the last time some action, like a checkpoint,
     356             :  * was performed - allowing to not repeat the action if not. The LSN is
     357             :  * updated for all insertions, unless the XLOG_MARK_UNIMPORTANT flag was
     358             :  * set. lastImportantAt is never cleared, only overwritten by the LSN of newer
     359             :  * records.  Tracking the WAL activity directly in WALInsertLock has the
     360             :  * advantage of not needing any additional locks to update the value.
     361             :  */
     362             : typedef struct
     363             : {
     364             :     LWLock      lock;
     365             :     pg_atomic_uint64 insertingAt;
     366             :     XLogRecPtr  lastImportantAt;
     367             : } WALInsertLock;
     368             : 
     369             : /*
     370             :  * All the WAL insertion locks are allocated as an array in shared memory. We
     371             :  * force the array stride to be a power of 2, which saves a few cycles in
     372             :  * indexing, but more importantly also ensures that individual slots don't
     373             :  * cross cache line boundaries. (Of course, we have to also ensure that the
     374             :  * array start address is suitably aligned.)
     375             :  */
     376             : typedef union WALInsertLockPadded
     377             : {
     378             :     WALInsertLock l;
     379             :     char        pad[PG_CACHE_LINE_SIZE];
     380             : } WALInsertLockPadded;
     381             : 
     382             : /*
     383             :  * Session status of running backup, used for sanity checks in SQL-callable
     384             :  * functions to start and stop backups.
     385             :  */
     386             : static SessionBackupState sessionBackupState = SESSION_BACKUP_NONE;
     387             : 
     388             : /*
     389             :  * Shared state data for WAL insertion.
     390             :  */
     391             : typedef struct XLogCtlInsert
     392             : {
     393             :     slock_t     insertpos_lck;  /* protects CurrBytePos and PrevBytePos */
     394             : 
     395             :     /*
     396             :      * CurrBytePos is the end of reserved WAL. The next record will be
     397             :      * inserted at that position. PrevBytePos is the start position of the
     398             :      * previously inserted (or rather, reserved) record - it is copied to the
     399             :      * prev-link of the next record. These are stored as "usable byte
     400             :      * positions" rather than XLogRecPtrs (see XLogBytePosToRecPtr()).
     401             :      */
     402             :     uint64      CurrBytePos;
     403             :     uint64      PrevBytePos;
     404             : 
     405             :     /*
     406             :      * Make sure the above heavily-contended spinlock and byte positions are
     407             :      * on their own cache line. In particular, the RedoRecPtr and full page
     408             :      * write variables below should be on a different cache line. They are
     409             :      * read on every WAL insertion, but updated rarely, and we don't want
     410             :      * those reads to steal the cache line containing Curr/PrevBytePos.
     411             :      */
     412             :     char        pad[PG_CACHE_LINE_SIZE];
     413             : 
     414             :     /*
     415             :      * fullPageWrites is the authoritative value used by all backends to
     416             :      * determine whether to write full-page image to WAL. This shared value,
     417             :      * instead of the process-local fullPageWrites, is required because, when
     418             :      * full_page_writes is changed by SIGHUP, we must WAL-log it before it
     419             :      * actually affects WAL-logging by backends.  Checkpointer sets at startup
     420             :      * or after SIGHUP.
     421             :      *
     422             :      * To read these fields, you must hold an insertion lock. To modify them,
     423             :      * you must hold ALL the locks.
     424             :      */
     425             :     XLogRecPtr  RedoRecPtr;     /* current redo point for insertions */
     426             :     bool        fullPageWrites;
     427             : 
     428             :     /*
     429             :      * runningBackups is a counter indicating the number of backups currently
     430             :      * in progress. lastBackupStart is the latest checkpoint redo location
     431             :      * used as a starting point for an online backup.
     432             :      */
     433             :     int         runningBackups;
     434             :     XLogRecPtr  lastBackupStart;
     435             : 
     436             :     /*
     437             :      * WAL insertion locks.
     438             :      */
     439             :     WALInsertLockPadded *WALInsertLocks;
     440             : } XLogCtlInsert;
     441             : 
     442             : /*
     443             :  * Total shared-memory state for XLOG.
     444             :  */
     445             : typedef struct XLogCtlData
     446             : {
     447             :     XLogCtlInsert Insert;
     448             : 
     449             :     /* Protected by info_lck: */
     450             :     XLogwrtRqst LogwrtRqst;
     451             :     XLogRecPtr  RedoRecPtr;     /* a recent copy of Insert->RedoRecPtr */
     452             :     XLogRecPtr  asyncXactLSN;   /* LSN of newest async commit/abort */
     453             :     XLogRecPtr  replicationSlotMinLSN;  /* oldest LSN needed by any slot */
     454             : 
     455             :     XLogSegNo   lastRemovedSegNo;   /* latest removed/recycled XLOG segment */
     456             : 
     457             :     /* Fake LSN counter, for unlogged relations. */
     458             :     pg_atomic_uint64 unloggedLSN;
     459             : 
     460             :     /* Time and LSN of last xlog segment switch. Protected by WALWriteLock. */
     461             :     pg_time_t   lastSegSwitchTime;
     462             :     XLogRecPtr  lastSegSwitchLSN;
     463             : 
     464             :     /* These are accessed using atomics -- info_lck not needed */
     465             :     pg_atomic_uint64 logInsertResult;   /* last byte + 1 inserted to buffers */
     466             :     pg_atomic_uint64 logWriteResult;    /* last byte + 1 written out */
     467             :     pg_atomic_uint64 logFlushResult;    /* last byte + 1 flushed */
     468             : 
     469             :     /*
     470             :      * First initialized page in the cache (first byte position).
     471             :      */
     472             :     XLogRecPtr  InitializedFrom;
     473             : 
     474             :     /*
     475             :      * Latest reserved for initialization page in the cache (last byte
     476             :      * position + 1).
     477             :      *
     478             :      * To change the identity of a buffer, you need to advance
     479             :      * InitializeReserved first.  To change the identity of a buffer that's
     480             :      * still dirty, the old page needs to be written out first, and for that
     481             :      * you need WALWriteLock, and you need to ensure that there are no
     482             :      * in-progress insertions to the page by calling
     483             :      * WaitXLogInsertionsToFinish().
     484             :      */
     485             :     pg_atomic_uint64 InitializeReserved;
     486             : 
     487             :     /*
     488             :      * Latest initialized page in the cache (last byte position + 1).
     489             :      *
     490             :      * InitializedUpTo is updated after the buffer initialization.  After
     491             :      * update, waiters got notification using InitializedUpToCondVar.
     492             :      */
     493             :     pg_atomic_uint64 InitializedUpTo;
     494             :     ConditionVariable InitializedUpToCondVar;
     495             : 
     496             :     /*
     497             :      * These values do not change after startup, although the pointed-to pages
     498             :      * and xlblocks values certainly do.  xlblocks values are changed
     499             :      * lock-free according to the check for the xlog write position and are
     500             :      * accompanied by changes of InitializeReserved and InitializedUpTo.
     501             :      */
     502             :     char       *pages;          /* buffers for unwritten XLOG pages */
     503             :     pg_atomic_uint64 *xlblocks; /* 1st byte ptr-s + XLOG_BLCKSZ */
     504             :     int         XLogCacheBlck;  /* highest allocated xlog buffer index */
     505             : 
     506             :     /*
     507             :      * InsertTimeLineID is the timeline into which new WAL is being inserted
     508             :      * and flushed. It is zero during recovery, and does not change once set.
     509             :      *
     510             :      * If we create a new timeline when the system was started up,
     511             :      * PrevTimeLineID is the old timeline's ID that we forked off from.
     512             :      * Otherwise it's equal to InsertTimeLineID.
     513             :      *
     514             :      * We set these fields while holding info_lck. Most that reads these
     515             :      * values knows that recovery is no longer in progress and so can safely
     516             :      * read the value without a lock, but code that could be run either during
     517             :      * or after recovery can take info_lck while reading these values.
     518             :      */
     519             :     TimeLineID  InsertTimeLineID;
     520             :     TimeLineID  PrevTimeLineID;
     521             : 
     522             :     /*
     523             :      * SharedRecoveryState indicates if we're still in crash or archive
     524             :      * recovery.  Protected by info_lck.
     525             :      */
     526             :     RecoveryState SharedRecoveryState;
     527             : 
     528             :     /*
     529             :      * InstallXLogFileSegmentActive indicates whether the checkpointer should
     530             :      * arrange for future segments by recycling and/or PreallocXlogFiles().
     531             :      * Protected by ControlFileLock.  Only the startup process changes it.  If
     532             :      * true, anyone can use InstallXLogFileSegment().  If false, the startup
     533             :      * process owns the exclusive right to install segments, by reading from
     534             :      * the archive and possibly replacing existing files.
     535             :      */
     536             :     bool        InstallXLogFileSegmentActive;
     537             : 
     538             :     /*
     539             :      * WalWriterSleeping indicates whether the WAL writer is currently in
     540             :      * low-power mode (and hence should be nudged if an async commit occurs).
     541             :      * Protected by info_lck.
     542             :      */
     543             :     bool        WalWriterSleeping;
     544             : 
     545             :     /*
     546             :      * During recovery, we keep a copy of the latest checkpoint record here.
     547             :      * lastCheckPointRecPtr points to start of checkpoint record and
     548             :      * lastCheckPointEndPtr points to end+1 of checkpoint record.  Used by the
     549             :      * checkpointer when it wants to create a restartpoint.
     550             :      *
     551             :      * Protected by info_lck.
     552             :      */
     553             :     XLogRecPtr  lastCheckPointRecPtr;
     554             :     XLogRecPtr  lastCheckPointEndPtr;
     555             :     CheckPoint  lastCheckPoint;
     556             : 
     557             :     /*
     558             :      * lastFpwDisableRecPtr points to the start of the last replayed
     559             :      * XLOG_FPW_CHANGE record that instructs full_page_writes is disabled.
     560             :      */
     561             :     XLogRecPtr  lastFpwDisableRecPtr;
     562             : 
     563             :     slock_t     info_lck;       /* locks shared variables shown above */
     564             : } XLogCtlData;
     565             : 
     566             : /*
     567             :  * Classification of XLogInsertRecord operations.
     568             :  */
     569             : typedef enum
     570             : {
     571             :     WALINSERT_NORMAL,
     572             :     WALINSERT_SPECIAL_SWITCH,
     573             :     WALINSERT_SPECIAL_CHECKPOINT
     574             : } WalInsertClass;
     575             : 
     576             : static XLogCtlData *XLogCtl = NULL;
     577             : 
     578             : /* a private copy of XLogCtl->Insert.WALInsertLocks, for convenience */
     579             : static WALInsertLockPadded *WALInsertLocks = NULL;
     580             : 
     581             : /*
     582             :  * We maintain an image of pg_control in shared memory.
     583             :  */
     584             : static ControlFileData *ControlFile = NULL;
     585             : 
     586             : /*
     587             :  * Calculate the amount of space left on the page after 'endptr'. Beware
     588             :  * multiple evaluation!
     589             :  */
     590             : #define INSERT_FREESPACE(endptr)    \
     591             :     (((endptr) % XLOG_BLCKSZ == 0) ? 0 : (XLOG_BLCKSZ - (endptr) % XLOG_BLCKSZ))
     592             : 
     593             : /* Macro to advance to next buffer index. */
     594             : #define NextBufIdx(idx)     \
     595             :         (((idx) == XLogCtl->XLogCacheBlck) ? 0 : ((idx) + 1))
     596             : 
     597             : /*
     598             :  * XLogRecPtrToBufIdx returns the index of the WAL buffer that holds, or
     599             :  * would hold if it was in cache, the page containing 'recptr'.
     600             :  */
     601             : #define XLogRecPtrToBufIdx(recptr)  \
     602             :     (((recptr) / XLOG_BLCKSZ) % (XLogCtl->XLogCacheBlck + 1))
     603             : 
     604             : /*
     605             :  * These are the number of bytes in a WAL page usable for WAL data.
     606             :  */
     607             : #define UsableBytesInPage (XLOG_BLCKSZ - SizeOfXLogShortPHD)
     608             : 
     609             : /*
     610             :  * Convert values of GUCs measured in megabytes to equiv. segment count.
     611             :  * Rounds down.
     612             :  */
     613             : #define ConvertToXSegs(x, segsize)  XLogMBVarToSegs((x), (segsize))
     614             : 
     615             : /* The number of bytes in a WAL segment usable for WAL data. */
     616             : static int  UsableBytesInSegment;
     617             : 
     618             : /*
     619             :  * Private, possibly out-of-date copy of shared LogwrtResult.
     620             :  * See discussion above.
     621             :  */
     622             : static XLogwrtResult LogwrtResult = {0, 0};
     623             : 
     624             : /*
     625             :  * Update local copy of shared XLogCtl->log{Write,Flush}Result
     626             :  *
     627             :  * It's critical that Flush always trails Write, so the order of the reads is
     628             :  * important, as is the barrier.  See also XLogWrite.
     629             :  */
     630             : #define RefreshXLogWriteResult(_target) \
     631             :     do { \
     632             :         _target.Flush = pg_atomic_read_u64(&XLogCtl->logFlushResult); \
     633             :         pg_read_barrier(); \
     634             :         _target.Write = pg_atomic_read_u64(&XLogCtl->logWriteResult); \
     635             :     } while (0)
     636             : 
     637             : /*
     638             :  * openLogFile is -1 or a kernel FD for an open log file segment.
     639             :  * openLogSegNo identifies the segment, and openLogTLI the corresponding TLI.
     640             :  * These variables are only used to write the XLOG, and so will normally refer
     641             :  * to the active segment.
     642             :  *
     643             :  * Note: call Reserve/ReleaseExternalFD to track consumption of this FD.
     644             :  */
     645             : static int  openLogFile = -1;
     646             : static XLogSegNo openLogSegNo = 0;
     647             : static TimeLineID openLogTLI = 0;
     648             : 
     649             : /*
     650             :  * Local copies of equivalent fields in the control file.  When running
     651             :  * crash recovery, LocalMinRecoveryPoint is set to InvalidXLogRecPtr as we
     652             :  * expect to replay all the WAL available, and updateMinRecoveryPoint is
     653             :  * switched to false to prevent any updates while replaying records.
     654             :  * Those values are kept consistent as long as crash recovery runs.
     655             :  */
     656             : static XLogRecPtr LocalMinRecoveryPoint;
     657             : static TimeLineID LocalMinRecoveryPointTLI;
     658             : static bool updateMinRecoveryPoint = true;
     659             : 
     660             : /* For WALInsertLockAcquire/Release functions */
     661             : static int  MyLockNo = 0;
     662             : static bool holdingAllLocks = false;
     663             : 
     664             : #ifdef WAL_DEBUG
     665             : static MemoryContext walDebugCxt = NULL;
     666             : #endif
     667             : 
     668             : static void CleanupAfterArchiveRecovery(TimeLineID EndOfLogTLI,
     669             :                                         XLogRecPtr EndOfLog,
     670             :                                         TimeLineID newTLI);
     671             : static void CheckRequiredParameterValues(void);
     672             : static void XLogReportParameters(void);
     673             : static int  LocalSetXLogInsertAllowed(void);
     674             : static void CreateEndOfRecoveryRecord(void);
     675             : static XLogRecPtr CreateOverwriteContrecordRecord(XLogRecPtr aborted_lsn,
     676             :                                                   XLogRecPtr pagePtr,
     677             :                                                   TimeLineID newTLI);
     678             : static void CheckPointGuts(XLogRecPtr checkPointRedo, int flags);
     679             : static void KeepLogSeg(XLogRecPtr recptr, XLogSegNo *logSegNo);
     680             : static XLogRecPtr XLogGetReplicationSlotMinimumLSN(void);
     681             : 
     682             : static void AdvanceXLInsertBuffer(XLogRecPtr upto, TimeLineID tli,
     683             :                                   bool opportunistic);
     684             : static void XLogWrite(XLogwrtRqst WriteRqst, TimeLineID tli, bool flexible);
     685             : static bool InstallXLogFileSegment(XLogSegNo *segno, char *tmppath,
     686             :                                    bool find_free, XLogSegNo max_segno,
     687             :                                    TimeLineID tli);
     688             : static void XLogFileClose(void);
     689             : static void PreallocXlogFiles(XLogRecPtr endptr, TimeLineID tli);
     690             : static void RemoveTempXlogFiles(void);
     691             : static void RemoveOldXlogFiles(XLogSegNo segno, XLogRecPtr lastredoptr,
     692             :                                XLogRecPtr endptr, TimeLineID insertTLI);
     693             : static void RemoveXlogFile(const struct dirent *segment_de,
     694             :                            XLogSegNo recycleSegNo, XLogSegNo *endlogSegNo,
     695             :                            TimeLineID insertTLI);
     696             : static void UpdateLastRemovedPtr(char *filename);
     697             : static void ValidateXLOGDirectoryStructure(void);
     698             : static void CleanupBackupHistory(void);
     699             : static void UpdateMinRecoveryPoint(XLogRecPtr lsn, bool force);
     700             : static bool PerformRecoveryXLogAction(void);
     701             : static void InitControlFile(uint64 sysidentifier, uint32 data_checksum_version);
     702             : static void WriteControlFile(void);
     703             : static void ReadControlFile(void);
     704             : static void UpdateControlFile(void);
     705             : static char *str_time(pg_time_t tnow);
     706             : 
     707             : static int  get_sync_bit(int method);
     708             : 
     709             : static void CopyXLogRecordToWAL(int write_len, bool isLogSwitch,
     710             :                                 XLogRecData *rdata,
     711             :                                 XLogRecPtr StartPos, XLogRecPtr EndPos,
     712             :                                 TimeLineID tli);
     713             : static void ReserveXLogInsertLocation(int size, XLogRecPtr *StartPos,
     714             :                                       XLogRecPtr *EndPos, XLogRecPtr *PrevPtr);
     715             : static bool ReserveXLogSwitch(XLogRecPtr *StartPos, XLogRecPtr *EndPos,
     716             :                               XLogRecPtr *PrevPtr);
     717             : static XLogRecPtr WaitXLogInsertionsToFinish(XLogRecPtr upto);
     718             : static char *GetXLogBuffer(XLogRecPtr ptr, TimeLineID tli);
     719             : static XLogRecPtr XLogBytePosToRecPtr(uint64 bytepos);
     720             : static XLogRecPtr XLogBytePosToEndRecPtr(uint64 bytepos);
     721             : static uint64 XLogRecPtrToBytePos(XLogRecPtr ptr);
     722             : 
     723             : static void WALInsertLockAcquire(void);
     724             : static void WALInsertLockAcquireExclusive(void);
     725             : static void WALInsertLockRelease(void);
     726             : static void WALInsertLockUpdateInsertingAt(XLogRecPtr insertingAt);
     727             : 
     728             : /*
     729             :  * Insert an XLOG record represented by an already-constructed chain of data
     730             :  * chunks.  This is a low-level routine; to construct the WAL record header
     731             :  * and data, use the higher-level routines in xloginsert.c.
     732             :  *
     733             :  * If 'fpw_lsn' is valid, it is the oldest LSN among the pages that this
     734             :  * WAL record applies to, that were not included in the record as full page
     735             :  * images.  If fpw_lsn <= RedoRecPtr, the function does not perform the
     736             :  * insertion and returns InvalidXLogRecPtr.  The caller can then recalculate
     737             :  * which pages need a full-page image, and retry.  If fpw_lsn is invalid, the
     738             :  * record is always inserted.
     739             :  *
     740             :  * 'flags' gives more in-depth control on the record being inserted. See
     741             :  * XLogSetRecordFlags() for details.
     742             :  *
     743             :  * 'topxid_included' tells whether the top-transaction id is logged along with
     744             :  * current subtransaction. See XLogRecordAssemble().
     745             :  *
     746             :  * The first XLogRecData in the chain must be for the record header, and its
     747             :  * data must be MAXALIGNed.  XLogInsertRecord fills in the xl_prev and
     748             :  * xl_crc fields in the header, the rest of the header must already be filled
     749             :  * by the caller.
     750             :  *
     751             :  * Returns XLOG pointer to end of record (beginning of next record).
     752             :  * This can be used as LSN for data pages affected by the logged action.
     753             :  * (LSN is the XLOG point up to which the XLOG must be flushed to disk
     754             :  * before the data page can be written out.  This implements the basic
     755             :  * WAL rule "write the log before the data".)
     756             :  */
     757             : XLogRecPtr
     758    29225442 : XLogInsertRecord(XLogRecData *rdata,
     759             :                  XLogRecPtr fpw_lsn,
     760             :                  uint8 flags,
     761             :                  int num_fpi,
     762             :                  bool topxid_included)
     763             : {
     764    29225442 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
     765             :     pg_crc32c   rdata_crc;
     766             :     bool        inserted;
     767    29225442 :     XLogRecord *rechdr = (XLogRecord *) rdata->data;
     768    29225442 :     uint8       info = rechdr->xl_info & ~XLR_INFO_MASK;
     769    29225442 :     WalInsertClass class = WALINSERT_NORMAL;
     770             :     XLogRecPtr  StartPos;
     771             :     XLogRecPtr  EndPos;
     772    29225442 :     bool        prevDoPageWrites = doPageWrites;
     773             :     TimeLineID  insertTLI;
     774             : 
     775             :     /* Does this record type require special handling? */
     776    29225442 :     if (unlikely(rechdr->xl_rmid == RM_XLOG_ID))
     777             :     {
     778      444106 :         if (info == XLOG_SWITCH)
     779        1558 :             class = WALINSERT_SPECIAL_SWITCH;
     780      442548 :         else if (info == XLOG_CHECKPOINT_REDO)
     781        1804 :             class = WALINSERT_SPECIAL_CHECKPOINT;
     782             :     }
     783             : 
     784             :     /* we assume that all of the record header is in the first chunk */
     785             :     Assert(rdata->len >= SizeOfXLogRecord);
     786             : 
     787             :     /* cross-check on whether we should be here or not */
     788    29225442 :     if (!XLogInsertAllowed())
     789           0 :         elog(ERROR, "cannot make new WAL entries during recovery");
     790             : 
     791             :     /*
     792             :      * Given that we're not in recovery, InsertTimeLineID is set and can't
     793             :      * change, so we can read it without a lock.
     794             :      */
     795    29225442 :     insertTLI = XLogCtl->InsertTimeLineID;
     796             : 
     797             :     /*----------
     798             :      *
     799             :      * We have now done all the preparatory work we can without holding a
     800             :      * lock or modifying shared state. From here on, inserting the new WAL
     801             :      * record to the shared WAL buffer cache is a two-step process:
     802             :      *
     803             :      * 1. Reserve the right amount of space from the WAL. The current head of
     804             :      *    reserved space is kept in Insert->CurrBytePos, and is protected by
     805             :      *    insertpos_lck.
     806             :      *
     807             :      * 2. Copy the record to the reserved WAL space. This involves finding the
     808             :      *    correct WAL buffer containing the reserved space, and copying the
     809             :      *    record in place. This can be done concurrently in multiple processes.
     810             :      *
     811             :      * To keep track of which insertions are still in-progress, each concurrent
     812             :      * inserter acquires an insertion lock. In addition to just indicating that
     813             :      * an insertion is in progress, the lock tells others how far the inserter
     814             :      * has progressed. There is a small fixed number of insertion locks,
     815             :      * determined by NUM_XLOGINSERT_LOCKS. When an inserter crosses a page
     816             :      * boundary, it updates the value stored in the lock to the how far it has
     817             :      * inserted, to allow the previous buffer to be flushed.
     818             :      *
     819             :      * Holding onto an insertion lock also protects RedoRecPtr and
     820             :      * fullPageWrites from changing until the insertion is finished.
     821             :      *
     822             :      * Step 2 can usually be done completely in parallel. If the required WAL
     823             :      * page is not initialized yet, you have to go through AdvanceXLInsertBuffer,
     824             :      * which will ensure it is initialized. But the WAL writer tries to do that
     825             :      * ahead of insertions to avoid that from happening in the critical path.
     826             :      *
     827             :      *----------
     828             :      */
     829    29225442 :     START_CRIT_SECTION();
     830             : 
     831    29225442 :     if (likely(class == WALINSERT_NORMAL))
     832             :     {
     833    29222080 :         WALInsertLockAcquire();
     834             : 
     835             :         /*
     836             :          * Check to see if my copy of RedoRecPtr is out of date. If so, may
     837             :          * have to go back and have the caller recompute everything. This can
     838             :          * only happen just after a checkpoint, so it's better to be slow in
     839             :          * this case and fast otherwise.
     840             :          *
     841             :          * Also check to see if fullPageWrites was just turned on or there's a
     842             :          * running backup (which forces full-page writes); if we weren't
     843             :          * already doing full-page writes then go back and recompute.
     844             :          *
     845             :          * If we aren't doing full-page writes then RedoRecPtr doesn't
     846             :          * actually affect the contents of the XLOG record, so we'll update
     847             :          * our local copy but not force a recomputation.  (If doPageWrites was
     848             :          * just turned off, we could recompute the record without full pages,
     849             :          * but we choose not to bother.)
     850             :          */
     851    29222080 :         if (RedoRecPtr != Insert->RedoRecPtr)
     852             :         {
     853             :             Assert(RedoRecPtr < Insert->RedoRecPtr);
     854       13650 :             RedoRecPtr = Insert->RedoRecPtr;
     855             :         }
     856    29222080 :         doPageWrites = (Insert->fullPageWrites || Insert->runningBackups > 0);
     857             : 
     858    29222080 :         if (doPageWrites &&
     859    28739996 :             (!prevDoPageWrites ||
     860    26377040 :              (fpw_lsn != InvalidXLogRecPtr && fpw_lsn <= RedoRecPtr)))
     861             :         {
     862             :             /*
     863             :              * Oops, some buffer now needs to be backed up that the caller
     864             :              * didn't back up.  Start over.
     865             :              */
     866       15120 :             WALInsertLockRelease();
     867       15120 :             END_CRIT_SECTION();
     868       15120 :             return InvalidXLogRecPtr;
     869             :         }
     870             : 
     871             :         /*
     872             :          * Reserve space for the record in the WAL. This also sets the xl_prev
     873             :          * pointer.
     874             :          */
     875    29206960 :         ReserveXLogInsertLocation(rechdr->xl_tot_len, &StartPos, &EndPos,
     876             :                                   &rechdr->xl_prev);
     877             : 
     878             :         /* Normal records are always inserted. */
     879    29206960 :         inserted = true;
     880             :     }
     881        3362 :     else if (class == WALINSERT_SPECIAL_SWITCH)
     882             :     {
     883             :         /*
     884             :          * In order to insert an XLOG_SWITCH record, we need to hold all of
     885             :          * the WAL insertion locks, not just one, so that no one else can
     886             :          * begin inserting a record until we've figured out how much space
     887             :          * remains in the current WAL segment and claimed all of it.
     888             :          *
     889             :          * Nonetheless, this case is simpler than the normal cases handled
     890             :          * below, which must check for changes in doPageWrites and RedoRecPtr.
     891             :          * Those checks are only needed for records that can contain buffer
     892             :          * references, and an XLOG_SWITCH record never does.
     893             :          */
     894             :         Assert(fpw_lsn == InvalidXLogRecPtr);
     895        1558 :         WALInsertLockAcquireExclusive();
     896        1558 :         inserted = ReserveXLogSwitch(&StartPos, &EndPos, &rechdr->xl_prev);
     897             :     }
     898             :     else
     899             :     {
     900             :         Assert(class == WALINSERT_SPECIAL_CHECKPOINT);
     901             : 
     902             :         /*
     903             :          * We need to update both the local and shared copies of RedoRecPtr,
     904             :          * which means that we need to hold all the WAL insertion locks.
     905             :          * However, there can't be any buffer references, so as above, we need
     906             :          * not check RedoRecPtr before inserting the record; we just need to
     907             :          * update it afterwards.
     908             :          */
     909             :         Assert(fpw_lsn == InvalidXLogRecPtr);
     910        1804 :         WALInsertLockAcquireExclusive();
     911        1804 :         ReserveXLogInsertLocation(rechdr->xl_tot_len, &StartPos, &EndPos,
     912             :                                   &rechdr->xl_prev);
     913        1804 :         RedoRecPtr = Insert->RedoRecPtr = StartPos;
     914        1804 :         inserted = true;
     915             :     }
     916             : 
     917    29210322 :     if (inserted)
     918             :     {
     919             :         /*
     920             :          * Now that xl_prev has been filled in, calculate CRC of the record
     921             :          * header.
     922             :          */
     923    29210206 :         rdata_crc = rechdr->xl_crc;
     924    29210206 :         COMP_CRC32C(rdata_crc, rechdr, offsetof(XLogRecord, xl_crc));
     925    29210206 :         FIN_CRC32C(rdata_crc);
     926    29210206 :         rechdr->xl_crc = rdata_crc;
     927             : 
     928             :         /*
     929             :          * All the record data, including the header, is now ready to be
     930             :          * inserted. Copy the record in the space reserved.
     931             :          */
     932    29210206 :         CopyXLogRecordToWAL(rechdr->xl_tot_len,
     933             :                             class == WALINSERT_SPECIAL_SWITCH, rdata,
     934             :                             StartPos, EndPos, insertTLI);
     935             : 
     936             :         /*
     937             :          * Unless record is flagged as not important, update LSN of last
     938             :          * important record in the current slot. When holding all locks, just
     939             :          * update the first one.
     940             :          */
     941    29210206 :         if ((flags & XLOG_MARK_UNIMPORTANT) == 0)
     942             :         {
     943    29030418 :             int         lockno = holdingAllLocks ? 0 : MyLockNo;
     944             : 
     945    29030418 :             WALInsertLocks[lockno].l.lastImportantAt = StartPos;
     946             :         }
     947             :     }
     948             :     else
     949             :     {
     950             :         /*
     951             :          * This was an xlog-switch record, but the current insert location was
     952             :          * already exactly at the beginning of a segment, so there was no need
     953             :          * to do anything.
     954             :          */
     955             :     }
     956             : 
     957             :     /*
     958             :      * Done! Let others know that we're finished.
     959             :      */
     960    29210322 :     WALInsertLockRelease();
     961             : 
     962    29210322 :     END_CRIT_SECTION();
     963             : 
     964    29210322 :     MarkCurrentTransactionIdLoggedIfAny();
     965             : 
     966             :     /*
     967             :      * Mark top transaction id is logged (if needed) so that we should not try
     968             :      * to log it again with the next WAL record in the current subtransaction.
     969             :      */
     970    29210322 :     if (topxid_included)
     971         438 :         MarkSubxactTopXidLogged();
     972             : 
     973             :     /*
     974             :      * Update shared LogwrtRqst.Write, if we crossed page boundary.
     975             :      */
     976    29210322 :     if (StartPos / XLOG_BLCKSZ != EndPos / XLOG_BLCKSZ)
     977             :     {
     978     3303170 :         SpinLockAcquire(&XLogCtl->info_lck);
     979             :         /* advance global request to include new block(s) */
     980     3303170 :         if (XLogCtl->LogwrtRqst.Write < EndPos)
     981     3166232 :             XLogCtl->LogwrtRqst.Write = EndPos;
     982     3303170 :         SpinLockRelease(&XLogCtl->info_lck);
     983     3303170 :         RefreshXLogWriteResult(LogwrtResult);
     984             :     }
     985             : 
     986             :     /*
     987             :      * If this was an XLOG_SWITCH record, flush the record and the empty
     988             :      * padding space that fills the rest of the segment, and perform
     989             :      * end-of-segment actions (eg, notifying archiver).
     990             :      */
     991    29210322 :     if (class == WALINSERT_SPECIAL_SWITCH)
     992             :     {
     993             :         TRACE_POSTGRESQL_WAL_SWITCH();
     994        1558 :         XLogFlush(EndPos);
     995             : 
     996             :         /*
     997             :          * Even though we reserved the rest of the segment for us, which is
     998             :          * reflected in EndPos, we return a pointer to just the end of the
     999             :          * xlog-switch record.
    1000             :          */
    1001        1558 :         if (inserted)
    1002             :         {
    1003        1442 :             EndPos = StartPos + SizeOfXLogRecord;
    1004        1442 :             if (StartPos / XLOG_BLCKSZ != EndPos / XLOG_BLCKSZ)
    1005             :             {
    1006           0 :                 uint64      offset = XLogSegmentOffset(EndPos, wal_segment_size);
    1007             : 
    1008           0 :                 if (offset == EndPos % XLOG_BLCKSZ)
    1009           0 :                     EndPos += SizeOfXLogLongPHD;
    1010             :                 else
    1011           0 :                     EndPos += SizeOfXLogShortPHD;
    1012             :             }
    1013             :         }
    1014             :     }
    1015             : 
    1016             : #ifdef WAL_DEBUG
    1017             :     if (XLOG_DEBUG)
    1018             :     {
    1019             :         static XLogReaderState *debug_reader = NULL;
    1020             :         XLogRecord *record;
    1021             :         DecodedXLogRecord *decoded;
    1022             :         StringInfoData buf;
    1023             :         StringInfoData recordBuf;
    1024             :         char       *errormsg = NULL;
    1025             :         MemoryContext oldCxt;
    1026             : 
    1027             :         oldCxt = MemoryContextSwitchTo(walDebugCxt);
    1028             : 
    1029             :         initStringInfo(&buf);
    1030             :         appendStringInfo(&buf, "INSERT @ %X/%08X: ", LSN_FORMAT_ARGS(EndPos));
    1031             : 
    1032             :         /*
    1033             :          * We have to piece together the WAL record data from the XLogRecData
    1034             :          * entries, so that we can pass it to the rm_desc function as one
    1035             :          * contiguous chunk.
    1036             :          */
    1037             :         initStringInfo(&recordBuf);
    1038             :         for (; rdata != NULL; rdata = rdata->next)
    1039             :             appendBinaryStringInfo(&recordBuf, rdata->data, rdata->len);
    1040             : 
    1041             :         /* We also need temporary space to decode the record. */
    1042             :         record = (XLogRecord *) recordBuf.data;
    1043             :         decoded = (DecodedXLogRecord *)
    1044             :             palloc(DecodeXLogRecordRequiredSpace(record->xl_tot_len));
    1045             : 
    1046             :         if (!debug_reader)
    1047             :             debug_reader = XLogReaderAllocate(wal_segment_size, NULL,
    1048             :                                               XL_ROUTINE(.page_read = NULL,
    1049             :                                                          .segment_open = NULL,
    1050             :                                                          .segment_close = NULL),
    1051             :                                               NULL);
    1052             :         if (!debug_reader)
    1053             :         {
    1054             :             appendStringInfoString(&buf, "error decoding record: out of memory while allocating a WAL reading processor");
    1055             :         }
    1056             :         else if (!DecodeXLogRecord(debug_reader,
    1057             :                                    decoded,
    1058             :                                    record,
    1059             :                                    EndPos,
    1060             :                                    &errormsg))
    1061             :         {
    1062             :             appendStringInfo(&buf, "error decoding record: %s",
    1063             :                              errormsg ? errormsg : "no error message");
    1064             :         }
    1065             :         else
    1066             :         {
    1067             :             appendStringInfoString(&buf, " - ");
    1068             : 
    1069             :             debug_reader->record = decoded;
    1070             :             xlog_outdesc(&buf, debug_reader);
    1071             :             debug_reader->record = NULL;
    1072             :         }
    1073             :         elog(LOG, "%s", buf.data);
    1074             : 
    1075             :         pfree(decoded);
    1076             :         pfree(buf.data);
    1077             :         pfree(recordBuf.data);
    1078             :         MemoryContextSwitchTo(oldCxt);
    1079             :     }
    1080             : #endif
    1081             : 
    1082             :     /*
    1083             :      * Update our global variables
    1084             :      */
    1085    29210322 :     ProcLastRecPtr = StartPos;
    1086    29210322 :     XactLastRecEnd = EndPos;
    1087             : 
    1088             :     /* Report WAL traffic to the instrumentation. */
    1089    29210322 :     if (inserted)
    1090             :     {
    1091    29210206 :         pgWalUsage.wal_bytes += rechdr->xl_tot_len;
    1092    29210206 :         pgWalUsage.wal_records++;
    1093    29210206 :         pgWalUsage.wal_fpi += num_fpi;
    1094             :     }
    1095             : 
    1096    29210322 :     return EndPos;
    1097             : }
    1098             : 
    1099             : /*
    1100             :  * Reserves the right amount of space for a record of given size from the WAL.
    1101             :  * *StartPos is set to the beginning of the reserved section, *EndPos to
    1102             :  * its end+1. *PrevPtr is set to the beginning of the previous record; it is
    1103             :  * used to set the xl_prev of this record.
    1104             :  *
    1105             :  * This is the performance critical part of XLogInsert that must be serialized
    1106             :  * across backends. The rest can happen mostly in parallel. Try to keep this
    1107             :  * section as short as possible, insertpos_lck can be heavily contended on a
    1108             :  * busy system.
    1109             :  *
    1110             :  * NB: The space calculation here must match the code in CopyXLogRecordToWAL,
    1111             :  * where we actually copy the record to the reserved space.
    1112             :  *
    1113             :  * NB: Testing shows that XLogInsertRecord runs faster if this code is inlined;
    1114             :  * however, because there are two call sites, the compiler is reluctant to
    1115             :  * inline. We use pg_attribute_always_inline here to try to convince it.
    1116             :  */
    1117             : static pg_attribute_always_inline void
    1118    29208764 : ReserveXLogInsertLocation(int size, XLogRecPtr *StartPos, XLogRecPtr *EndPos,
    1119             :                           XLogRecPtr *PrevPtr)
    1120             : {
    1121    29208764 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    1122             :     uint64      startbytepos;
    1123             :     uint64      endbytepos;
    1124             :     uint64      prevbytepos;
    1125             : 
    1126    29208764 :     size = MAXALIGN(size);
    1127             : 
    1128             :     /* All (non xlog-switch) records should contain data. */
    1129             :     Assert(size > SizeOfXLogRecord);
    1130             : 
    1131             :     /*
    1132             :      * The duration the spinlock needs to be held is minimized by minimizing
    1133             :      * the calculations that have to be done while holding the lock. The
    1134             :      * current tip of reserved WAL is kept in CurrBytePos, as a byte position
    1135             :      * that only counts "usable" bytes in WAL, that is, it excludes all WAL
    1136             :      * page headers. The mapping between "usable" byte positions and physical
    1137             :      * positions (XLogRecPtrs) can be done outside the locked region, and
    1138             :      * because the usable byte position doesn't include any headers, reserving
    1139             :      * X bytes from WAL is almost as simple as "CurrBytePos += X".
    1140             :      */
    1141    29208764 :     SpinLockAcquire(&Insert->insertpos_lck);
    1142             : 
    1143    29208764 :     startbytepos = Insert->CurrBytePos;
    1144    29208764 :     endbytepos = startbytepos + size;
    1145    29208764 :     prevbytepos = Insert->PrevBytePos;
    1146    29208764 :     Insert->CurrBytePos = endbytepos;
    1147    29208764 :     Insert->PrevBytePos = startbytepos;
    1148             : 
    1149    29208764 :     SpinLockRelease(&Insert->insertpos_lck);
    1150             : 
    1151    29208764 :     *StartPos = XLogBytePosToRecPtr(startbytepos);
    1152    29208764 :     *EndPos = XLogBytePosToEndRecPtr(endbytepos);
    1153    29208764 :     *PrevPtr = XLogBytePosToRecPtr(prevbytepos);
    1154             : 
    1155             :     /*
    1156             :      * Check that the conversions between "usable byte positions" and
    1157             :      * XLogRecPtrs work consistently in both directions.
    1158             :      */
    1159             :     Assert(XLogRecPtrToBytePos(*StartPos) == startbytepos);
    1160             :     Assert(XLogRecPtrToBytePos(*EndPos) == endbytepos);
    1161             :     Assert(XLogRecPtrToBytePos(*PrevPtr) == prevbytepos);
    1162    29208764 : }
    1163             : 
    1164             : /*
    1165             :  * Like ReserveXLogInsertLocation(), but for an xlog-switch record.
    1166             :  *
    1167             :  * A log-switch record is handled slightly differently. The rest of the
    1168             :  * segment will be reserved for this insertion, as indicated by the returned
    1169             :  * *EndPos value. However, if we are already at the beginning of the current
    1170             :  * segment, *StartPos and *EndPos are set to the current location without
    1171             :  * reserving any space, and the function returns false.
    1172             : */
    1173             : static bool
    1174        1558 : ReserveXLogSwitch(XLogRecPtr *StartPos, XLogRecPtr *EndPos, XLogRecPtr *PrevPtr)
    1175             : {
    1176        1558 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    1177             :     uint64      startbytepos;
    1178             :     uint64      endbytepos;
    1179             :     uint64      prevbytepos;
    1180        1558 :     uint32      size = MAXALIGN(SizeOfXLogRecord);
    1181             :     XLogRecPtr  ptr;
    1182             :     uint32      segleft;
    1183             : 
    1184             :     /*
    1185             :      * These calculations are a bit heavy-weight to be done while holding a
    1186             :      * spinlock, but since we're holding all the WAL insertion locks, there
    1187             :      * are no other inserters competing for it. GetXLogInsertRecPtr() does
    1188             :      * compete for it, but that's not called very frequently.
    1189             :      */
    1190        1558 :     SpinLockAcquire(&Insert->insertpos_lck);
    1191             : 
    1192        1558 :     startbytepos = Insert->CurrBytePos;
    1193             : 
    1194        1558 :     ptr = XLogBytePosToEndRecPtr(startbytepos);
    1195        1558 :     if (XLogSegmentOffset(ptr, wal_segment_size) == 0)
    1196             :     {
    1197         116 :         SpinLockRelease(&Insert->insertpos_lck);
    1198         116 :         *EndPos = *StartPos = ptr;
    1199         116 :         return false;
    1200             :     }
    1201             : 
    1202        1442 :     endbytepos = startbytepos + size;
    1203        1442 :     prevbytepos = Insert->PrevBytePos;
    1204             : 
    1205        1442 :     *StartPos = XLogBytePosToRecPtr(startbytepos);
    1206        1442 :     *EndPos = XLogBytePosToEndRecPtr(endbytepos);
    1207             : 
    1208        1442 :     segleft = wal_segment_size - XLogSegmentOffset(*EndPos, wal_segment_size);
    1209        1442 :     if (segleft != wal_segment_size)
    1210             :     {
    1211             :         /* consume the rest of the segment */
    1212        1442 :         *EndPos += segleft;
    1213        1442 :         endbytepos = XLogRecPtrToBytePos(*EndPos);
    1214             :     }
    1215        1442 :     Insert->CurrBytePos = endbytepos;
    1216        1442 :     Insert->PrevBytePos = startbytepos;
    1217             : 
    1218        1442 :     SpinLockRelease(&Insert->insertpos_lck);
    1219             : 
    1220        1442 :     *PrevPtr = XLogBytePosToRecPtr(prevbytepos);
    1221             : 
    1222             :     Assert(XLogSegmentOffset(*EndPos, wal_segment_size) == 0);
    1223             :     Assert(XLogRecPtrToBytePos(*EndPos) == endbytepos);
    1224             :     Assert(XLogRecPtrToBytePos(*StartPos) == startbytepos);
    1225             :     Assert(XLogRecPtrToBytePos(*PrevPtr) == prevbytepos);
    1226             : 
    1227        1442 :     return true;
    1228             : }
    1229             : 
    1230             : /*
    1231             :  * Subroutine of XLogInsertRecord.  Copies a WAL record to an already-reserved
    1232             :  * area in the WAL.
    1233             :  */
    1234             : static void
    1235    29210206 : CopyXLogRecordToWAL(int write_len, bool isLogSwitch, XLogRecData *rdata,
    1236             :                     XLogRecPtr StartPos, XLogRecPtr EndPos, TimeLineID tli)
    1237             : {
    1238             :     char       *currpos;
    1239             :     int         freespace;
    1240             :     int         written;
    1241             :     XLogRecPtr  CurrPos;
    1242             :     XLogPageHeader pagehdr;
    1243             : 
    1244             :     /*
    1245             :      * Get a pointer to the right place in the right WAL buffer to start
    1246             :      * inserting to.
    1247             :      */
    1248    29210206 :     CurrPos = StartPos;
    1249    29210206 :     currpos = GetXLogBuffer(CurrPos, tli);
    1250    29210206 :     freespace = INSERT_FREESPACE(CurrPos);
    1251             : 
    1252             :     /*
    1253             :      * there should be enough space for at least the first field (xl_tot_len)
    1254             :      * on this page.
    1255             :      */
    1256             :     Assert(freespace >= sizeof(uint32));
    1257             : 
    1258             :     /* Copy record data */
    1259    29210206 :     written = 0;
    1260   137892650 :     while (rdata != NULL)
    1261             :     {
    1262   108682444 :         const char *rdata_data = rdata->data;
    1263   108682444 :         int         rdata_len = rdata->len;
    1264             : 
    1265   112222058 :         while (rdata_len > freespace)
    1266             :         {
    1267             :             /*
    1268             :              * Write what fits on this page, and continue on the next page.
    1269             :              */
    1270             :             Assert(CurrPos % XLOG_BLCKSZ >= SizeOfXLogShortPHD || freespace == 0);
    1271     3539614 :             memcpy(currpos, rdata_data, freespace);
    1272     3539614 :             rdata_data += freespace;
    1273     3539614 :             rdata_len -= freespace;
    1274     3539614 :             written += freespace;
    1275     3539614 :             CurrPos += freespace;
    1276             : 
    1277             :             /*
    1278             :              * Get pointer to beginning of next page, and set the xlp_rem_len
    1279             :              * in the page header. Set XLP_FIRST_IS_CONTRECORD.
    1280             :              *
    1281             :              * It's safe to set the contrecord flag and xlp_rem_len without a
    1282             :              * lock on the page. All the other flags were already set when the
    1283             :              * page was initialized, in AdvanceXLInsertBuffer, and we're the
    1284             :              * only backend that needs to set the contrecord flag.
    1285             :              */
    1286     3539614 :             currpos = GetXLogBuffer(CurrPos, tli);
    1287     3539614 :             pagehdr = (XLogPageHeader) currpos;
    1288     3539614 :             pagehdr->xlp_rem_len = write_len - written;
    1289     3539614 :             pagehdr->xlp_info |= XLP_FIRST_IS_CONTRECORD;
    1290             : 
    1291             :             /* skip over the page header */
    1292     3539614 :             if (XLogSegmentOffset(CurrPos, wal_segment_size) == 0)
    1293             :             {
    1294        2512 :                 CurrPos += SizeOfXLogLongPHD;
    1295        2512 :                 currpos += SizeOfXLogLongPHD;
    1296             :             }
    1297             :             else
    1298             :             {
    1299     3537102 :                 CurrPos += SizeOfXLogShortPHD;
    1300     3537102 :                 currpos += SizeOfXLogShortPHD;
    1301             :             }
    1302     3539614 :             freespace = INSERT_FREESPACE(CurrPos);
    1303             :         }
    1304             : 
    1305             :         Assert(CurrPos % XLOG_BLCKSZ >= SizeOfXLogShortPHD || rdata_len == 0);
    1306   108682444 :         memcpy(currpos, rdata_data, rdata_len);
    1307   108682444 :         currpos += rdata_len;
    1308   108682444 :         CurrPos += rdata_len;
    1309   108682444 :         freespace -= rdata_len;
    1310   108682444 :         written += rdata_len;
    1311             : 
    1312   108682444 :         rdata = rdata->next;
    1313             :     }
    1314             :     Assert(written == write_len);
    1315             : 
    1316             :     /*
    1317             :      * If this was an xlog-switch, it's not enough to write the switch record,
    1318             :      * we also have to consume all the remaining space in the WAL segment.  We
    1319             :      * have already reserved that space, but we need to actually fill it.
    1320             :      */
    1321    29210206 :     if (isLogSwitch && XLogSegmentOffset(CurrPos, wal_segment_size) != 0)
    1322             :     {
    1323             :         /* An xlog-switch record doesn't contain any data besides the header */
    1324             :         Assert(write_len == SizeOfXLogRecord);
    1325             : 
    1326             :         /* Assert that we did reserve the right amount of space */
    1327             :         Assert(XLogSegmentOffset(EndPos, wal_segment_size) == 0);
    1328             : 
    1329             :         /* Use up all the remaining space on the current page */
    1330        1442 :         CurrPos += freespace;
    1331             : 
    1332             :         /*
    1333             :          * Cause all remaining pages in the segment to be flushed, leaving the
    1334             :          * XLog position where it should be, at the start of the next segment.
    1335             :          * We do this one page at a time, to make sure we don't deadlock
    1336             :          * against ourselves if wal_buffers < wal_segment_size.
    1337             :          */
    1338     1383952 :         while (CurrPos < EndPos)
    1339             :         {
    1340             :             /*
    1341             :              * The minimal action to flush the page would be to call
    1342             :              * WALInsertLockUpdateInsertingAt(CurrPos) followed by
    1343             :              * AdvanceXLInsertBuffer(...).  The page would be left initialized
    1344             :              * mostly to zeros, except for the page header (always the short
    1345             :              * variant, as this is never a segment's first page).
    1346             :              *
    1347             :              * The large vistas of zeros are good for compressibility, but the
    1348             :              * headers interrupting them every XLOG_BLCKSZ (with values that
    1349             :              * differ from page to page) are not.  The effect varies with
    1350             :              * compression tool, but bzip2 for instance compresses about an
    1351             :              * order of magnitude worse if those headers are left in place.
    1352             :              *
    1353             :              * Rather than complicating AdvanceXLInsertBuffer itself (which is
    1354             :              * called in heavily-loaded circumstances as well as this lightly-
    1355             :              * loaded one) with variant behavior, we just use GetXLogBuffer
    1356             :              * (which itself calls the two methods we need) to get the pointer
    1357             :              * and zero most of the page.  Then we just zero the page header.
    1358             :              */
    1359     1382510 :             currpos = GetXLogBuffer(CurrPos, tli);
    1360     5530040 :             MemSet(currpos, 0, SizeOfXLogShortPHD);
    1361             : 
    1362     1382510 :             CurrPos += XLOG_BLCKSZ;
    1363             :         }
    1364             :     }
    1365             :     else
    1366             :     {
    1367             :         /* Align the end position, so that the next record starts aligned */
    1368    29208764 :         CurrPos = MAXALIGN64(CurrPos);
    1369             :     }
    1370             : 
    1371    29210206 :     if (CurrPos != EndPos)
    1372           0 :         ereport(PANIC,
    1373             :                 errcode(ERRCODE_DATA_CORRUPTED),
    1374             :                 errmsg_internal("space reserved for WAL record does not match what was written"));
    1375    29210206 : }
    1376             : 
    1377             : /*
    1378             :  * Acquire a WAL insertion lock, for inserting to WAL.
    1379             :  */
    1380             : static void
    1381    29222100 : WALInsertLockAcquire(void)
    1382             : {
    1383             :     bool        immed;
    1384             : 
    1385             :     /*
    1386             :      * It doesn't matter which of the WAL insertion locks we acquire, so try
    1387             :      * the one we used last time.  If the system isn't particularly busy, it's
    1388             :      * a good bet that it's still available, and it's good to have some
    1389             :      * affinity to a particular lock so that you don't unnecessarily bounce
    1390             :      * cache lines between processes when there's no contention.
    1391             :      *
    1392             :      * If this is the first time through in this backend, pick a lock
    1393             :      * (semi-)randomly.  This allows the locks to be used evenly if you have a
    1394             :      * lot of very short connections.
    1395             :      */
    1396             :     static int  lockToTry = -1;
    1397             : 
    1398    29222100 :     if (lockToTry == -1)
    1399       15752 :         lockToTry = MyProcNumber % NUM_XLOGINSERT_LOCKS;
    1400    29222100 :     MyLockNo = lockToTry;
    1401             : 
    1402             :     /*
    1403             :      * The insertingAt value is initially set to 0, as we don't know our
    1404             :      * insert location yet.
    1405             :      */
    1406    29222100 :     immed = LWLockAcquire(&WALInsertLocks[MyLockNo].l.lock, LW_EXCLUSIVE);
    1407    29222100 :     if (!immed)
    1408             :     {
    1409             :         /*
    1410             :          * If we couldn't get the lock immediately, try another lock next
    1411             :          * time.  On a system with more insertion locks than concurrent
    1412             :          * inserters, this causes all the inserters to eventually migrate to a
    1413             :          * lock that no-one else is using.  On a system with more inserters
    1414             :          * than locks, it still helps to distribute the inserters evenly
    1415             :          * across the locks.
    1416             :          */
    1417       56408 :         lockToTry = (lockToTry + 1) % NUM_XLOGINSERT_LOCKS;
    1418             :     }
    1419    29222100 : }
    1420             : 
    1421             : /*
    1422             :  * Acquire all WAL insertion locks, to prevent other backends from inserting
    1423             :  * to WAL.
    1424             :  */
    1425             : static void
    1426        8534 : WALInsertLockAcquireExclusive(void)
    1427             : {
    1428             :     int         i;
    1429             : 
    1430             :     /*
    1431             :      * When holding all the locks, all but the last lock's insertingAt
    1432             :      * indicator is set to 0xFFFFFFFFFFFFFFFF, which is higher than any real
    1433             :      * XLogRecPtr value, to make sure that no-one blocks waiting on those.
    1434             :      */
    1435       68272 :     for (i = 0; i < NUM_XLOGINSERT_LOCKS - 1; i++)
    1436             :     {
    1437       59738 :         LWLockAcquire(&WALInsertLocks[i].l.lock, LW_EXCLUSIVE);
    1438       59738 :         LWLockUpdateVar(&WALInsertLocks[i].l.lock,
    1439       59738 :                         &WALInsertLocks[i].l.insertingAt,
    1440             :                         PG_UINT64_MAX);
    1441             :     }
    1442             :     /* Variable value reset to 0 at release */
    1443        8534 :     LWLockAcquire(&WALInsertLocks[i].l.lock, LW_EXCLUSIVE);
    1444             : 
    1445        8534 :     holdingAllLocks = true;
    1446        8534 : }
    1447             : 
    1448             : /*
    1449             :  * Release our insertion lock (or locks, if we're holding them all).
    1450             :  *
    1451             :  * NB: Reset all variables to 0, so they cause LWLockWaitForVar to block the
    1452             :  * next time the lock is acquired.
    1453             :  */
    1454             : static void
    1455    29230634 : WALInsertLockRelease(void)
    1456             : {
    1457    29230634 :     if (holdingAllLocks)
    1458             :     {
    1459             :         int         i;
    1460             : 
    1461       76806 :         for (i = 0; i < NUM_XLOGINSERT_LOCKS; i++)
    1462       68272 :             LWLockReleaseClearVar(&WALInsertLocks[i].l.lock,
    1463       68272 :                                   &WALInsertLocks[i].l.insertingAt,
    1464             :                                   0);
    1465             : 
    1466        8534 :         holdingAllLocks = false;
    1467             :     }
    1468             :     else
    1469             :     {
    1470    29222100 :         LWLockReleaseClearVar(&WALInsertLocks[MyLockNo].l.lock,
    1471    29222100 :                               &WALInsertLocks[MyLockNo].l.insertingAt,
    1472             :                               0);
    1473             :     }
    1474    29230634 : }
    1475             : 
    1476             : /*
    1477             :  * Update our insertingAt value, to let others know that we've finished
    1478             :  * inserting up to that point.
    1479             :  */
    1480             : static void
    1481     5111790 : WALInsertLockUpdateInsertingAt(XLogRecPtr insertingAt)
    1482             : {
    1483     5111790 :     if (holdingAllLocks)
    1484             :     {
    1485             :         /*
    1486             :          * We use the last lock to mark our actual position, see comments in
    1487             :          * WALInsertLockAcquireExclusive.
    1488             :          */
    1489     1370462 :         LWLockUpdateVar(&WALInsertLocks[NUM_XLOGINSERT_LOCKS - 1].l.lock,
    1490     1370462 :                         &WALInsertLocks[NUM_XLOGINSERT_LOCKS - 1].l.insertingAt,
    1491             :                         insertingAt);
    1492             :     }
    1493             :     else
    1494     3741328 :         LWLockUpdateVar(&WALInsertLocks[MyLockNo].l.lock,
    1495     3741328 :                         &WALInsertLocks[MyLockNo].l.insertingAt,
    1496             :                         insertingAt);
    1497     5111790 : }
    1498             : 
    1499             : /*
    1500             :  * Wait for any WAL insertions < upto to finish.
    1501             :  *
    1502             :  * Returns the location of the oldest insertion that is still in-progress.
    1503             :  * Any WAL prior to that point has been fully copied into WAL buffers, and
    1504             :  * can be flushed out to disk. Because this waits for any insertions older
    1505             :  * than 'upto' to finish, the return value is always >= 'upto'.
    1506             :  *
    1507             :  * Note: When you are about to write out WAL, you must call this function
    1508             :  * *before* acquiring WALWriteLock, to avoid deadlocks. This function might
    1509             :  * need to wait for an insertion to finish (or at least advance to next
    1510             :  * uninitialized page), and the inserter might need to evict an old WAL buffer
    1511             :  * to make room for a new one, which in turn requires WALWriteLock.
    1512             :  */
    1513             : static XLogRecPtr
    1514     4223260 : WaitXLogInsertionsToFinish(XLogRecPtr upto)
    1515             : {
    1516             :     uint64      bytepos;
    1517             :     XLogRecPtr  inserted;
    1518             :     XLogRecPtr  reservedUpto;
    1519             :     XLogRecPtr  finishedUpto;
    1520     4223260 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    1521             :     int         i;
    1522             : 
    1523     4223260 :     if (MyProc == NULL)
    1524           0 :         elog(PANIC, "cannot wait without a PGPROC structure");
    1525             : 
    1526             :     /*
    1527             :      * Check if there's any work to do.  Use a barrier to ensure we get the
    1528             :      * freshest value.
    1529             :      */
    1530     4223260 :     inserted = pg_atomic_read_membarrier_u64(&XLogCtl->logInsertResult);
    1531     4223260 :     if (upto <= inserted)
    1532     3434990 :         return inserted;
    1533             : 
    1534             :     /* Read the current insert position */
    1535      788270 :     SpinLockAcquire(&Insert->insertpos_lck);
    1536      788270 :     bytepos = Insert->CurrBytePos;
    1537      788270 :     SpinLockRelease(&Insert->insertpos_lck);
    1538      788270 :     reservedUpto = XLogBytePosToEndRecPtr(bytepos);
    1539             : 
    1540             :     /*
    1541             :      * No-one should request to flush a piece of WAL that hasn't even been
    1542             :      * reserved yet. However, it can happen if there is a block with a bogus
    1543             :      * LSN on disk, for example. XLogFlush checks for that situation and
    1544             :      * complains, but only after the flush. Here we just assume that to mean
    1545             :      * that all WAL that has been reserved needs to be finished. In this
    1546             :      * corner-case, the return value can be smaller than 'upto' argument.
    1547             :      */
    1548      788270 :     if (upto > reservedUpto)
    1549             :     {
    1550           0 :         ereport(LOG,
    1551             :                 errmsg("request to flush past end of generated WAL; request %X/%08X, current position %X/%08X",
    1552             :                        LSN_FORMAT_ARGS(upto), LSN_FORMAT_ARGS(reservedUpto)));
    1553           0 :         upto = reservedUpto;
    1554             :     }
    1555             : 
    1556             :     /*
    1557             :      * Loop through all the locks, sleeping on any in-progress insert older
    1558             :      * than 'upto'.
    1559             :      *
    1560             :      * finishedUpto is our return value, indicating the point upto which all
    1561             :      * the WAL insertions have been finished. Initialize it to the head of
    1562             :      * reserved WAL, and as we iterate through the insertion locks, back it
    1563             :      * out for any insertion that's still in progress.
    1564             :      */
    1565      788270 :     finishedUpto = reservedUpto;
    1566     7094430 :     for (i = 0; i < NUM_XLOGINSERT_LOCKS; i++)
    1567             :     {
    1568     6306160 :         XLogRecPtr  insertingat = InvalidXLogRecPtr;
    1569             : 
    1570             :         do
    1571             :         {
    1572             :             /*
    1573             :              * See if this insertion is in progress.  LWLockWaitForVar will
    1574             :              * wait for the lock to be released, or for the 'value' to be set
    1575             :              * by a LWLockUpdateVar call.  When a lock is initially acquired,
    1576             :              * its value is 0 (InvalidXLogRecPtr), which means that we don't
    1577             :              * know where it's inserting yet.  We will have to wait for it. If
    1578             :              * it's a small insertion, the record will most likely fit on the
    1579             :              * same page and the inserter will release the lock without ever
    1580             :              * calling LWLockUpdateVar.  But if it has to sleep, it will
    1581             :              * advertise the insertion point with LWLockUpdateVar before
    1582             :              * sleeping.
    1583             :              *
    1584             :              * In this loop we are only waiting for insertions that started
    1585             :              * before WaitXLogInsertionsToFinish was called.  The lack of
    1586             :              * memory barriers in the loop means that we might see locks as
    1587             :              * "unused" that have since become used.  This is fine because
    1588             :              * they only can be used for later insertions that we would not
    1589             :              * want to wait on anyway.  Not taking a lock to acquire the
    1590             :              * current insertingAt value means that we might see older
    1591             :              * insertingAt values.  This is also fine, because if we read a
    1592             :              * value too old, we will add ourselves to the wait queue, which
    1593             :              * contains atomic operations.
    1594             :              */
    1595     6421818 :             if (LWLockWaitForVar(&WALInsertLocks[i].l.lock,
    1596     6421818 :                                  &WALInsertLocks[i].l.insertingAt,
    1597             :                                  insertingat, &insertingat))
    1598             :             {
    1599             :                 /* the lock was free, so no insertion in progress */
    1600     4623186 :                 insertingat = InvalidXLogRecPtr;
    1601     4623186 :                 break;
    1602             :             }
    1603             : 
    1604             :             /*
    1605             :              * This insertion is still in progress. Have to wait, unless the
    1606             :              * inserter has proceeded past 'upto'.
    1607             :              */
    1608     1798632 :         } while (insertingat < upto);
    1609             : 
    1610     6306160 :         if (insertingat != InvalidXLogRecPtr && insertingat < finishedUpto)
    1611      627796 :             finishedUpto = insertingat;
    1612             :     }
    1613             : 
    1614             :     /*
    1615             :      * Advance the limit we know to have been inserted and return the freshest
    1616             :      * value we know of, which might be beyond what we requested if somebody
    1617             :      * is concurrently doing this with an 'upto' pointer ahead of us.
    1618             :      */
    1619      788270 :     finishedUpto = pg_atomic_monotonic_advance_u64(&XLogCtl->logInsertResult,
    1620             :                                                    finishedUpto);
    1621             : 
    1622      788270 :     return finishedUpto;
    1623             : }
    1624             : 
    1625             : /*
    1626             :  * Get a pointer to the right location in the WAL buffer containing the
    1627             :  * given XLogRecPtr.
    1628             :  *
    1629             :  * If the page is not initialized yet, it is initialized. That might require
    1630             :  * evicting an old dirty buffer from the buffer cache, which means I/O.
    1631             :  *
    1632             :  * The caller must ensure that the page containing the requested location
    1633             :  * isn't evicted yet, and won't be evicted. The way to ensure that is to
    1634             :  * hold onto a WAL insertion lock with the insertingAt position set to
    1635             :  * something <= ptr. GetXLogBuffer() will update insertingAt if it needs
    1636             :  * to evict an old page from the buffer. (This means that once you call
    1637             :  * GetXLogBuffer() with a given 'ptr', you must not access anything before
    1638             :  * that point anymore, and must not call GetXLogBuffer() with an older 'ptr'
    1639             :  * later, because older buffers might be recycled already)
    1640             :  */
    1641             : static char *
    1642    34132350 : GetXLogBuffer(XLogRecPtr ptr, TimeLineID tli)
    1643             : {
    1644             :     int         idx;
    1645             :     XLogRecPtr  endptr;
    1646             :     static uint64 cachedPage = 0;
    1647             :     static char *cachedPos = NULL;
    1648             :     XLogRecPtr  expectedEndPtr;
    1649             : 
    1650             :     /*
    1651             :      * Fast path for the common case that we need to access again the same
    1652             :      * page as last time.
    1653             :      */
    1654    34132350 :     if (ptr / XLOG_BLCKSZ == cachedPage)
    1655             :     {
    1656             :         Assert(((XLogPageHeader) cachedPos)->xlp_magic == XLOG_PAGE_MAGIC);
    1657             :         Assert(((XLogPageHeader) cachedPos)->xlp_pageaddr == ptr - (ptr % XLOG_BLCKSZ));
    1658    27939866 :         return cachedPos + ptr % XLOG_BLCKSZ;
    1659             :     }
    1660             : 
    1661             :     /*
    1662             :      * The XLog buffer cache is organized so that a page is always loaded to a
    1663             :      * particular buffer.  That way we can easily calculate the buffer a given
    1664             :      * page must be loaded into, from the XLogRecPtr alone.
    1665             :      */
    1666     6192484 :     idx = XLogRecPtrToBufIdx(ptr);
    1667             : 
    1668             :     /*
    1669             :      * See what page is loaded in the buffer at the moment. It could be the
    1670             :      * page we're looking for, or something older. It can't be anything newer
    1671             :      * - that would imply the page we're looking for has already been written
    1672             :      * out to disk and evicted, and the caller is responsible for making sure
    1673             :      * that doesn't happen.
    1674             :      *
    1675             :      * We don't hold a lock while we read the value. If someone is just about
    1676             :      * to initialize or has just initialized the page, it's possible that we
    1677             :      * get InvalidXLogRecPtr. That's ok, we'll grab the mapping lock (in
    1678             :      * AdvanceXLInsertBuffer) and retry if we see anything other than the page
    1679             :      * we're looking for.
    1680             :      */
    1681     6192484 :     expectedEndPtr = ptr;
    1682     6192484 :     expectedEndPtr += XLOG_BLCKSZ - ptr % XLOG_BLCKSZ;
    1683             : 
    1684     6192484 :     endptr = pg_atomic_read_u64(&XLogCtl->xlblocks[idx]);
    1685     6192484 :     if (expectedEndPtr != endptr)
    1686             :     {
    1687             :         XLogRecPtr  initializedUpto;
    1688             : 
    1689             :         /*
    1690             :          * Before calling AdvanceXLInsertBuffer(), which can block, let others
    1691             :          * know how far we're finished with inserting the record.
    1692             :          *
    1693             :          * NB: If 'ptr' points to just after the page header, advertise a
    1694             :          * position at the beginning of the page rather than 'ptr' itself. If
    1695             :          * there are no other insertions running, someone might try to flush
    1696             :          * up to our advertised location. If we advertised a position after
    1697             :          * the page header, someone might try to flush the page header, even
    1698             :          * though page might actually not be initialized yet. As the first
    1699             :          * inserter on the page, we are effectively responsible for making
    1700             :          * sure that it's initialized, before we let insertingAt to move past
    1701             :          * the page header.
    1702             :          */
    1703     5111790 :         if (ptr % XLOG_BLCKSZ == SizeOfXLogShortPHD &&
    1704       12990 :             XLogSegmentOffset(ptr, wal_segment_size) > XLOG_BLCKSZ)
    1705       12990 :             initializedUpto = ptr - SizeOfXLogShortPHD;
    1706     5098800 :         else if (ptr % XLOG_BLCKSZ == SizeOfXLogLongPHD &&
    1707        2328 :                  XLogSegmentOffset(ptr, wal_segment_size) < XLOG_BLCKSZ)
    1708        1190 :             initializedUpto = ptr - SizeOfXLogLongPHD;
    1709             :         else
    1710     5097610 :             initializedUpto = ptr;
    1711             : 
    1712     5111790 :         WALInsertLockUpdateInsertingAt(initializedUpto);
    1713             : 
    1714     5111790 :         AdvanceXLInsertBuffer(ptr, tli, false);
    1715     5111790 :         endptr = pg_atomic_read_u64(&XLogCtl->xlblocks[idx]);
    1716             : 
    1717     5111790 :         if (expectedEndPtr != endptr)
    1718           0 :             elog(PANIC, "could not find WAL buffer for %X/%08X",
    1719             :                  LSN_FORMAT_ARGS(ptr));
    1720             :     }
    1721             :     else
    1722             :     {
    1723             :         /*
    1724             :          * Make sure the initialization of the page is visible to us, and
    1725             :          * won't arrive later to overwrite the WAL data we write on the page.
    1726             :          */
    1727     1080694 :         pg_memory_barrier();
    1728             :     }
    1729             : 
    1730             :     /*
    1731             :      * Found the buffer holding this page. Return a pointer to the right
    1732             :      * offset within the page.
    1733             :      */
    1734     6192484 :     cachedPage = ptr / XLOG_BLCKSZ;
    1735     6192484 :     cachedPos = XLogCtl->pages + idx * (Size) XLOG_BLCKSZ;
    1736             : 
    1737             :     Assert(((XLogPageHeader) cachedPos)->xlp_magic == XLOG_PAGE_MAGIC);
    1738             :     Assert(((XLogPageHeader) cachedPos)->xlp_pageaddr == ptr - (ptr % XLOG_BLCKSZ));
    1739             : 
    1740     6192484 :     return cachedPos + ptr % XLOG_BLCKSZ;
    1741             : }
    1742             : 
    1743             : /*
    1744             :  * Read WAL data directly from WAL buffers, if available. Returns the number
    1745             :  * of bytes read successfully.
    1746             :  *
    1747             :  * Fewer than 'count' bytes may be read if some of the requested WAL data has
    1748             :  * already been evicted.
    1749             :  *
    1750             :  * No locks are taken.
    1751             :  *
    1752             :  * Caller should ensure that it reads no further than LogwrtResult.Write
    1753             :  * (which should have been updated by the caller when determining how far to
    1754             :  * read). The 'tli' argument is only used as a convenient safety check so that
    1755             :  * callers do not read from WAL buffers on a historical timeline.
    1756             :  */
    1757             : Size
    1758      193982 : WALReadFromBuffers(char *dstbuf, XLogRecPtr startptr, Size count,
    1759             :                    TimeLineID tli)
    1760             : {
    1761      193982 :     char       *pdst = dstbuf;
    1762      193982 :     XLogRecPtr  recptr = startptr;
    1763             :     XLogRecPtr  inserted;
    1764      193982 :     Size        nbytes = count;
    1765             : 
    1766      193982 :     if (RecoveryInProgress() || tli != GetWALInsertionTimeLine())
    1767        1834 :         return 0;
    1768             : 
    1769             :     Assert(!XLogRecPtrIsInvalid(startptr));
    1770             : 
    1771             :     /*
    1772             :      * Caller should ensure that the requested data has been inserted into WAL
    1773             :      * buffers before we try to read it.
    1774             :      */
    1775      192148 :     inserted = pg_atomic_read_u64(&XLogCtl->logInsertResult);
    1776      192148 :     if (startptr + count > inserted)
    1777           0 :         ereport(ERROR,
    1778             :                 errmsg("cannot read past end of generated WAL: requested %X/%08X, current position %X/%08X",
    1779             :                        LSN_FORMAT_ARGS(startptr + count),
    1780             :                        LSN_FORMAT_ARGS(inserted)));
    1781             : 
    1782             :     /*
    1783             :      * Loop through the buffers without a lock. For each buffer, atomically
    1784             :      * read and verify the end pointer, then copy the data out, and finally
    1785             :      * re-read and re-verify the end pointer.
    1786             :      *
    1787             :      * Once a page is evicted, it never returns to the WAL buffers, so if the
    1788             :      * end pointer matches the expected end pointer before and after we copy
    1789             :      * the data, then the right page must have been present during the data
    1790             :      * copy. Read barriers are necessary to ensure that the data copy actually
    1791             :      * happens between the two verification steps.
    1792             :      *
    1793             :      * If either verification fails, we simply terminate the loop and return
    1794             :      * with the data that had been already copied out successfully.
    1795             :      */
    1796      203900 :     while (nbytes > 0)
    1797             :     {
    1798      201202 :         uint32      offset = recptr % XLOG_BLCKSZ;
    1799      201202 :         int         idx = XLogRecPtrToBufIdx(recptr);
    1800             :         XLogRecPtr  expectedEndPtr;
    1801             :         XLogRecPtr  endptr;
    1802             :         const char *page;
    1803             :         const char *psrc;
    1804             :         Size        npagebytes;
    1805             : 
    1806             :         /*
    1807             :          * Calculate the end pointer we expect in the xlblocks array if the
    1808             :          * correct page is present.
    1809             :          */
    1810      201202 :         expectedEndPtr = recptr + (XLOG_BLCKSZ - offset);
    1811             : 
    1812             :         /*
    1813             :          * First verification step: check that the correct page is present in
    1814             :          * the WAL buffers.
    1815             :          */
    1816      201202 :         endptr = pg_atomic_read_u64(&XLogCtl->xlblocks[idx]);
    1817      201202 :         if (expectedEndPtr != endptr)
    1818      189450 :             break;
    1819             : 
    1820             :         /*
    1821             :          * The correct page is present (or was at the time the endptr was
    1822             :          * read; must re-verify later). Calculate pointer to source data and
    1823             :          * determine how much data to read from this page.
    1824             :          */
    1825       11752 :         page = XLogCtl->pages + idx * (Size) XLOG_BLCKSZ;
    1826       11752 :         psrc = page + offset;
    1827       11752 :         npagebytes = Min(nbytes, XLOG_BLCKSZ - offset);
    1828             : 
    1829             :         /*
    1830             :          * Ensure that the data copy and the first verification step are not
    1831             :          * reordered.
    1832             :          */
    1833       11752 :         pg_read_barrier();
    1834             : 
    1835             :         /* data copy */
    1836       11752 :         memcpy(pdst, psrc, npagebytes);
    1837             : 
    1838             :         /*
    1839             :          * Ensure that the data copy and the second verification step are not
    1840             :          * reordered.
    1841             :          */
    1842       11752 :         pg_read_barrier();
    1843             : 
    1844             :         /*
    1845             :          * Second verification step: check that the page we read from wasn't
    1846             :          * evicted while we were copying the data.
    1847             :          */
    1848       11752 :         endptr = pg_atomic_read_u64(&XLogCtl->xlblocks[idx]);
    1849       11752 :         if (expectedEndPtr != endptr)
    1850           0 :             break;
    1851             : 
    1852       11752 :         pdst += npagebytes;
    1853       11752 :         recptr += npagebytes;
    1854       11752 :         nbytes -= npagebytes;
    1855             :     }
    1856             : 
    1857             :     Assert(pdst - dstbuf <= count);
    1858             : 
    1859      192148 :     return pdst - dstbuf;
    1860             : }
    1861             : 
    1862             : /*
    1863             :  * Converts a "usable byte position" to XLogRecPtr. A usable byte position
    1864             :  * is the position starting from the beginning of WAL, excluding all WAL
    1865             :  * page headers.
    1866             :  */
    1867             : static XLogRecPtr
    1868    58425576 : XLogBytePosToRecPtr(uint64 bytepos)
    1869             : {
    1870             :     uint64      fullsegs;
    1871             :     uint64      fullpages;
    1872             :     uint64      bytesleft;
    1873             :     uint32      seg_offset;
    1874             :     XLogRecPtr  result;
    1875             : 
    1876    58425576 :     fullsegs = bytepos / UsableBytesInSegment;
    1877    58425576 :     bytesleft = bytepos % UsableBytesInSegment;
    1878             : 
    1879    58425576 :     if (bytesleft < XLOG_BLCKSZ - SizeOfXLogLongPHD)
    1880             :     {
    1881             :         /* fits on first page of segment */
    1882      108766 :         seg_offset = bytesleft + SizeOfXLogLongPHD;
    1883             :     }
    1884             :     else
    1885             :     {
    1886             :         /* account for the first page on segment with long header */
    1887    58316810 :         seg_offset = XLOG_BLCKSZ;
    1888    58316810 :         bytesleft -= XLOG_BLCKSZ - SizeOfXLogLongPHD;
    1889             : 
    1890    58316810 :         fullpages = bytesleft / UsableBytesInPage;
    1891    58316810 :         bytesleft = bytesleft % UsableBytesInPage;
    1892             : 
    1893    58316810 :         seg_offset += fullpages * XLOG_BLCKSZ + bytesleft + SizeOfXLogShortPHD;
    1894             :     }
    1895             : 
    1896    58425576 :     XLogSegNoOffsetToRecPtr(fullsegs, seg_offset, wal_segment_size, result);
    1897             : 
    1898    58425576 :     return result;
    1899             : }
    1900             : 
    1901             : /*
    1902             :  * Like XLogBytePosToRecPtr, but if the position is at a page boundary,
    1903             :  * returns a pointer to the beginning of the page (ie. before page header),
    1904             :  * not to where the first xlog record on that page would go to. This is used
    1905             :  * when converting a pointer to the end of a record.
    1906             :  */
    1907             : static XLogRecPtr
    1908    30000034 : XLogBytePosToEndRecPtr(uint64 bytepos)
    1909             : {
    1910             :     uint64      fullsegs;
    1911             :     uint64      fullpages;
    1912             :     uint64      bytesleft;
    1913             :     uint32      seg_offset;
    1914             :     XLogRecPtr  result;
    1915             : 
    1916    30000034 :     fullsegs = bytepos / UsableBytesInSegment;
    1917    30000034 :     bytesleft = bytepos % UsableBytesInSegment;
    1918             : 
    1919    30000034 :     if (bytesleft < XLOG_BLCKSZ - SizeOfXLogLongPHD)
    1920             :     {
    1921             :         /* fits on first page of segment */
    1922      166048 :         if (bytesleft == 0)
    1923      109026 :             seg_offset = 0;
    1924             :         else
    1925       57022 :             seg_offset = bytesleft + SizeOfXLogLongPHD;
    1926             :     }
    1927             :     else
    1928             :     {
    1929             :         /* account for the first page on segment with long header */
    1930    29833986 :         seg_offset = XLOG_BLCKSZ;
    1931    29833986 :         bytesleft -= XLOG_BLCKSZ - SizeOfXLogLongPHD;
    1932             : 
    1933    29833986 :         fullpages = bytesleft / UsableBytesInPage;
    1934    29833986 :         bytesleft = bytesleft % UsableBytesInPage;
    1935             : 
    1936    29833986 :         if (bytesleft == 0)
    1937       29254 :             seg_offset += fullpages * XLOG_BLCKSZ + bytesleft;
    1938             :         else
    1939    29804732 :             seg_offset += fullpages * XLOG_BLCKSZ + bytesleft + SizeOfXLogShortPHD;
    1940             :     }
    1941             : 
    1942    30000034 :     XLogSegNoOffsetToRecPtr(fullsegs, seg_offset, wal_segment_size, result);
    1943             : 
    1944    30000034 :     return result;
    1945             : }
    1946             : 
    1947             : /*
    1948             :  * Convert an XLogRecPtr to a "usable byte position".
    1949             :  */
    1950             : static uint64
    1951        4930 : XLogRecPtrToBytePos(XLogRecPtr ptr)
    1952             : {
    1953             :     uint64      fullsegs;
    1954             :     uint32      fullpages;
    1955             :     uint32      offset;
    1956             :     uint64      result;
    1957             : 
    1958        4930 :     XLByteToSeg(ptr, fullsegs, wal_segment_size);
    1959             : 
    1960        4930 :     fullpages = (XLogSegmentOffset(ptr, wal_segment_size)) / XLOG_BLCKSZ;
    1961        4930 :     offset = ptr % XLOG_BLCKSZ;
    1962             : 
    1963        4930 :     if (fullpages == 0)
    1964             :     {
    1965        1952 :         result = fullsegs * UsableBytesInSegment;
    1966        1952 :         if (offset > 0)
    1967             :         {
    1968             :             Assert(offset >= SizeOfXLogLongPHD);
    1969         472 :             result += offset - SizeOfXLogLongPHD;
    1970             :         }
    1971             :     }
    1972             :     else
    1973             :     {
    1974        2978 :         result = fullsegs * UsableBytesInSegment +
    1975        2978 :             (XLOG_BLCKSZ - SizeOfXLogLongPHD) + /* account for first page */
    1976        2978 :             (fullpages - 1) * UsableBytesInPage;    /* full pages */
    1977        2978 :         if (offset > 0)
    1978             :         {
    1979             :             Assert(offset >= SizeOfXLogShortPHD);
    1980        2960 :             result += offset - SizeOfXLogShortPHD;
    1981             :         }
    1982             :     }
    1983             : 
    1984        4930 :     return result;
    1985             : }
    1986             : 
    1987             : /*
    1988             :  * Initialize XLOG buffers, writing out old buffers if they still contain
    1989             :  * unwritten data, upto the page containing 'upto'. Or if 'opportunistic' is
    1990             :  * true, initialize as many pages as we can without having to write out
    1991             :  * unwritten data. Any new pages are initialized to zeros, with pages headers
    1992             :  * initialized properly.
    1993             :  */
    1994             : static void
    1995     5121950 : AdvanceXLInsertBuffer(XLogRecPtr upto, TimeLineID tli, bool opportunistic)
    1996             : {
    1997     5121950 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    1998             :     int         nextidx;
    1999             :     XLogRecPtr  OldPageRqstPtr;
    2000             :     XLogwrtRqst WriteRqst;
    2001     5121950 :     XLogRecPtr  NewPageEndPtr = InvalidXLogRecPtr;
    2002             :     XLogRecPtr  NewPageBeginPtr;
    2003             :     XLogPageHeader NewPage;
    2004             :     XLogRecPtr  ReservedPtr;
    2005     5121950 :     int         npages pg_attribute_unused() = 0;
    2006             : 
    2007             :     /*
    2008             :      * We must run the loop below inside the critical section as we expect
    2009             :      * XLogCtl->InitializedUpTo to eventually keep up.  The most of callers
    2010             :      * already run inside the critical section. Except for WAL writer, which
    2011             :      * passed 'opportunistic == true', and therefore we don't perform
    2012             :      * operations that could error out.
    2013             :      *
    2014             :      * Start an explicit critical section anyway though.
    2015             :      */
    2016             :     Assert(CritSectionCount > 0 || opportunistic);
    2017     5121950 :     START_CRIT_SECTION();
    2018             : 
    2019             :     /*--
    2020             :      * Loop till we get all the pages in WAL buffer before 'upto' reserved for
    2021             :      * initialization.  Multiple process can initialize different buffers with
    2022             :      * this loop in parallel as following.
    2023             :      *
    2024             :      * 1. Reserve page for initialization using XLogCtl->InitializeReserved.
    2025             :      * 2. Initialize the reserved page.
    2026             :      * 3. Attempt to advance XLogCtl->InitializedUpTo,
    2027             :      */
    2028     5121950 :     ReservedPtr = pg_atomic_read_u64(&XLogCtl->InitializeReserved);
    2029    15165176 :     while (upto >= ReservedPtr || opportunistic)
    2030             :     {
    2031             :         Assert(ReservedPtr % XLOG_BLCKSZ == 0);
    2032             : 
    2033             :         /*
    2034             :          * Get ending-offset of the buffer page we need to replace.
    2035             :          *
    2036             :          * We don't lookup into xlblocks, but rather calculate position we
    2037             :          * must wait to be written. If it was written, xlblocks will have this
    2038             :          * position (or uninitialized)
    2039             :          */
    2040    10053386 :         if (ReservedPtr + XLOG_BLCKSZ > XLogCtl->InitializedFrom + XLOG_BLCKSZ * XLOGbuffers)
    2041     9499274 :             OldPageRqstPtr = ReservedPtr + XLOG_BLCKSZ - (XLogRecPtr) XLOG_BLCKSZ * XLOGbuffers;
    2042             :         else
    2043      554112 :             OldPageRqstPtr = InvalidXLogRecPtr;
    2044             : 
    2045    10053386 :         if (LogwrtResult.Write < OldPageRqstPtr && opportunistic)
    2046             :         {
    2047             :             /*
    2048             :              * If we just want to pre-initialize as much as we can without
    2049             :              * flushing, give up now.
    2050             :              */
    2051       10160 :             upto = ReservedPtr - 1;
    2052       10160 :             break;
    2053             :         }
    2054             : 
    2055             :         /*
    2056             :          * Attempt to reserve the page for initialization.  Failure means that
    2057             :          * this page got reserved by another process.
    2058             :          */
    2059    10043226 :         if (!pg_atomic_compare_exchange_u64(&XLogCtl->InitializeReserved,
    2060             :                                             &ReservedPtr,
    2061             :                                             ReservedPtr + XLOG_BLCKSZ))
    2062     5025290 :             continue;
    2063             : 
    2064             :         /*
    2065             :          * Wait till page gets correctly initialized up to OldPageRqstPtr.
    2066             :          */
    2067     5017936 :         nextidx = XLogRecPtrToBufIdx(ReservedPtr);
    2068     5018464 :         while (pg_atomic_read_u64(&XLogCtl->InitializedUpTo) < OldPageRqstPtr)
    2069         528 :             ConditionVariableSleep(&XLogCtl->InitializedUpToCondVar, WAIT_EVENT_WAL_BUFFER_INIT);
    2070     5017936 :         ConditionVariableCancelSleep();
    2071             :         Assert(pg_atomic_read_u64(&XLogCtl->xlblocks[nextidx]) == OldPageRqstPtr);
    2072             : 
    2073             :         /* Fall through if it's already written out. */
    2074     5017936 :         if (LogwrtResult.Write < OldPageRqstPtr)
    2075             :         {
    2076             :             /* Nope, got work to do. */
    2077             : 
    2078             :             /* Advance shared memory write request position */
    2079     3963928 :             SpinLockAcquire(&XLogCtl->info_lck);
    2080     3963928 :             if (XLogCtl->LogwrtRqst.Write < OldPageRqstPtr)
    2081     1244236 :                 XLogCtl->LogwrtRqst.Write = OldPageRqstPtr;
    2082     3963928 :             SpinLockRelease(&XLogCtl->info_lck);
    2083             : 
    2084             :             /*
    2085             :              * Acquire an up-to-date LogwrtResult value and see if we still
    2086             :              * need to write it or if someone else already did.
    2087             :              */
    2088     3963928 :             RefreshXLogWriteResult(LogwrtResult);
    2089     3963928 :             if (LogwrtResult.Write < OldPageRqstPtr)
    2090             :             {
    2091     3943212 :                 WaitXLogInsertionsToFinish(OldPageRqstPtr);
    2092             : 
    2093     3943212 :                 LWLockAcquire(WALWriteLock, LW_EXCLUSIVE);
    2094             : 
    2095     3943212 :                 RefreshXLogWriteResult(LogwrtResult);
    2096     3943212 :                 if (LogwrtResult.Write >= OldPageRqstPtr)
    2097             :                 {
    2098             :                     /* OK, someone wrote it already */
    2099       56798 :                     LWLockRelease(WALWriteLock);
    2100             :                 }
    2101             :                 else
    2102             :                 {
    2103             :                     /* Have to write it ourselves */
    2104             :                     TRACE_POSTGRESQL_WAL_BUFFER_WRITE_DIRTY_START();
    2105     3886414 :                     WriteRqst.Write = OldPageRqstPtr;
    2106     3886414 :                     WriteRqst.Flush = 0;
    2107     3886414 :                     XLogWrite(WriteRqst, tli, false);
    2108     3886414 :                     LWLockRelease(WALWriteLock);
    2109     3886414 :                     pgWalUsage.wal_buffers_full++;
    2110             :                     TRACE_POSTGRESQL_WAL_BUFFER_WRITE_DIRTY_DONE();
    2111             :                 }
    2112             :             }
    2113             :         }
    2114             : 
    2115             :         /*
    2116             :          * Now the next buffer slot is free and we can set it up to be the
    2117             :          * next output page.
    2118             :          */
    2119     5017936 :         NewPageBeginPtr = ReservedPtr;
    2120     5017936 :         NewPageEndPtr = NewPageBeginPtr + XLOG_BLCKSZ;
    2121             : 
    2122     5017936 :         NewPage = (XLogPageHeader) (XLogCtl->pages + nextidx * (Size) XLOG_BLCKSZ);
    2123             : 
    2124             :         /*
    2125             :          * Mark the xlblock with InvalidXLogRecPtr and issue a write barrier
    2126             :          * before initializing. Otherwise, the old page may be partially
    2127             :          * zeroed but look valid.
    2128             :          */
    2129     5017936 :         pg_atomic_write_u64(&XLogCtl->xlblocks[nextidx], InvalidXLogRecPtr);
    2130     5017936 :         pg_write_barrier();
    2131             : 
    2132             :         /*
    2133             :          * Be sure to re-zero the buffer so that bytes beyond what we've
    2134             :          * written will look like zeroes and not valid XLOG records...
    2135             :          */
    2136     5017936 :         MemSet(NewPage, 0, XLOG_BLCKSZ);
    2137             : 
    2138             :         /*
    2139             :          * Fill the new page's header
    2140             :          */
    2141     5017936 :         NewPage->xlp_magic = XLOG_PAGE_MAGIC;
    2142             : 
    2143             :         /* NewPage->xlp_info = 0; */ /* done by memset */
    2144     5017936 :         NewPage->xlp_tli = tli;
    2145     5017936 :         NewPage->xlp_pageaddr = NewPageBeginPtr;
    2146             : 
    2147             :         /* NewPage->xlp_rem_len = 0; */  /* done by memset */
    2148             : 
    2149             :         /*
    2150             :          * If online backup is not in progress, mark the header to indicate
    2151             :          * that WAL records beginning in this page have removable backup
    2152             :          * blocks.  This allows the WAL archiver to know whether it is safe to
    2153             :          * compress archived WAL data by transforming full-block records into
    2154             :          * the non-full-block format.  It is sufficient to record this at the
    2155             :          * page level because we force a page switch (in fact a segment
    2156             :          * switch) when starting a backup, so the flag will be off before any
    2157             :          * records can be written during the backup.  At the end of a backup,
    2158             :          * the last page will be marked as all unsafe when perhaps only part
    2159             :          * is unsafe, but at worst the archiver would miss the opportunity to
    2160             :          * compress a few records.
    2161             :          */
    2162     5017936 :         if (Insert->runningBackups == 0)
    2163     4760422 :             NewPage->xlp_info |= XLP_BKP_REMOVABLE;
    2164             : 
    2165             :         /*
    2166             :          * If first page of an XLOG segment file, make it a long header.
    2167             :          */
    2168     5017936 :         if ((XLogSegmentOffset(NewPage->xlp_pageaddr, wal_segment_size)) == 0)
    2169             :         {
    2170        3710 :             XLogLongPageHeader NewLongPage = (XLogLongPageHeader) NewPage;
    2171             : 
    2172        3710 :             NewLongPage->xlp_sysid = ControlFile->system_identifier;
    2173        3710 :             NewLongPage->xlp_seg_size = wal_segment_size;
    2174        3710 :             NewLongPage->xlp_xlog_blcksz = XLOG_BLCKSZ;
    2175        3710 :             NewPage->xlp_info |= XLP_LONG_HEADER;
    2176             :         }
    2177             : 
    2178             :         /*
    2179             :          * Make sure the initialization of the page becomes visible to others
    2180             :          * before the xlblocks update. GetXLogBuffer() reads xlblocks without
    2181             :          * holding a lock.
    2182             :          */
    2183     5017936 :         pg_write_barrier();
    2184             : 
    2185             :         /*-----
    2186             :          * Update the value of XLogCtl->xlblocks[nextidx] and try to advance
    2187             :          * XLogCtl->InitializedUpTo in a lock-less manner.
    2188             :          *
    2189             :          * First, let's provide a formal proof of the algorithm.  Let it be 'n'
    2190             :          * process with the following variables in shared memory:
    2191             :          *  f - an array of 'n' boolean flags,
    2192             :          *  v - atomic integer variable.
    2193             :          *
    2194             :          * Also, let
    2195             :          *  i - a number of a process,
    2196             :          *  j - local integer variable,
    2197             :          * CAS(var, oldval, newval) - compare-and-swap atomic operation
    2198             :          *                            returning true on success,
    2199             :          * write_barrier()/read_barrier() - memory barriers.
    2200             :          *
    2201             :          * The pseudocode for each process is the following.
    2202             :          *
    2203             :          *  j := i
    2204             :          *  f[i] := true
    2205             :          *  write_barrier()
    2206             :          *  while CAS(v, j, j + 1):
    2207             :          *      j := j + 1
    2208             :          *      read_barrier()
    2209             :          *      if not f[j]:
    2210             :          *          break
    2211             :          *
    2212             :          * Let's prove that v eventually reaches the value of n.
    2213             :          * 1. Prove by contradiction.  Assume v doesn't reach n and stucks
    2214             :          *    on k, where k < n.
    2215             :          * 2. Process k attempts CAS(v, k, k + 1).  1). If, as we assumed, v
    2216             :          *    gets stuck at k, then this CAS operation must fail.  Therefore,
    2217             :          *    v < k when process k attempts CAS(v, k, k + 1).
    2218             :          * 3. If, as we assumed, v gets stuck at k, then the value k of v
    2219             :          *    must be achieved by some process m, where m < k.  The process
    2220             :          *    m must observe f[k] == false.  Otherwise, it will later attempt
    2221             :          *    CAS(v, k, k + 1) with success.
    2222             :          * 4. Therefore, corresponding read_barrier() (while j == k) on
    2223             :          *    process m reached before write_barrier() of process k.  But then
    2224             :          *    process k attempts CAS(v, k, k + 1) after process m successfully
    2225             :          *    incremented v to k, and that CAS operation must succeed.
    2226             :          *    That leads to a contradiction.  So, there is no such k (k < n)
    2227             :          *    where v gets stuck.  Q.E.D.
    2228             :          *
    2229             :          * To apply this proof to the code below, we assume
    2230             :          * XLogCtl->InitializedUpTo will play the role of v with XLOG_BLCKSZ
    2231             :          * granularity.  We also assume setting XLogCtl->xlblocks[nextidx] to
    2232             :          * NewPageEndPtr to play the role of setting f[i] to true.  Also, note
    2233             :          * that processes can't concurrently map different xlog locations to
    2234             :          * the same nextidx because we previously requested that
    2235             :          * XLogCtl->InitializedUpTo >= OldPageRqstPtr.  So, a xlog buffer can
    2236             :          * be taken for initialization only once the previous initialization
    2237             :          * takes effect on XLogCtl->InitializedUpTo.
    2238             :          */
    2239             : 
    2240     5017936 :         pg_atomic_write_u64(&XLogCtl->xlblocks[nextidx], NewPageEndPtr);
    2241             : 
    2242     5017936 :         pg_write_barrier();
    2243             : 
    2244     5096862 :         while (pg_atomic_compare_exchange_u64(&XLogCtl->InitializedUpTo, &NewPageBeginPtr, NewPageEndPtr))
    2245             :         {
    2246     5025796 :             NewPageBeginPtr = NewPageEndPtr;
    2247     5025796 :             NewPageEndPtr = NewPageBeginPtr + XLOG_BLCKSZ;
    2248     5025796 :             nextidx = XLogRecPtrToBufIdx(NewPageBeginPtr);
    2249             : 
    2250     5025796 :             pg_read_barrier();
    2251             : 
    2252     5025796 :             if (pg_atomic_read_u64(&XLogCtl->xlblocks[nextidx]) != NewPageEndPtr)
    2253             :             {
    2254             :                 /*
    2255             :                  * Page at nextidx wasn't initialized yet, so we can't move
    2256             :                  * InitializedUpto further. It will be moved by backend which
    2257             :                  * will initialize nextidx.
    2258             :                  */
    2259     4946870 :                 ConditionVariableBroadcast(&XLogCtl->InitializedUpToCondVar);
    2260     4946870 :                 break;
    2261             :             }
    2262             :         }
    2263             : 
    2264     5017936 :         npages++;
    2265             :     }
    2266             : 
    2267     5121950 :     END_CRIT_SECTION();
    2268             : 
    2269             :     /*
    2270             :      * All the pages in WAL buffer before 'upto' were reserved for
    2271             :      * initialization.  However, some pages might be reserved by concurrent
    2272             :      * processes.  Wait till they finish initialization.
    2273             :      */
    2274     6280914 :     while (upto >= pg_atomic_read_u64(&XLogCtl->InitializedUpTo))
    2275     1158964 :         ConditionVariableSleep(&XLogCtl->InitializedUpToCondVar, WAIT_EVENT_WAL_BUFFER_INIT);
    2276     5121950 :     ConditionVariableCancelSleep();
    2277             : 
    2278     5121950 :     pg_read_barrier();
    2279             : 
    2280             : #ifdef WAL_DEBUG
    2281             :     if (XLOG_DEBUG && npages > 0)
    2282             :     {
    2283             :         elog(DEBUG1, "initialized %d pages, up to %X/%08X",
    2284             :              npages, LSN_FORMAT_ARGS(NewPageEndPtr));
    2285             :     }
    2286             : #endif
    2287     5121950 : }
    2288             : 
    2289             : /*
    2290             :  * Calculate CheckPointSegments based on max_wal_size_mb and
    2291             :  * checkpoint_completion_target.
    2292             :  */
    2293             : static void
    2294       15264 : CalculateCheckpointSegments(void)
    2295             : {
    2296             :     double      target;
    2297             : 
    2298             :     /*-------
    2299             :      * Calculate the distance at which to trigger a checkpoint, to avoid
    2300             :      * exceeding max_wal_size_mb. This is based on two assumptions:
    2301             :      *
    2302             :      * a) we keep WAL for only one checkpoint cycle (prior to PG11 we kept
    2303             :      *    WAL for two checkpoint cycles to allow us to recover from the
    2304             :      *    secondary checkpoint if the first checkpoint failed, though we
    2305             :      *    only did this on the primary anyway, not on standby. Keeping just
    2306             :      *    one checkpoint simplifies processing and reduces disk space in
    2307             :      *    many smaller databases.)
    2308             :      * b) during checkpoint, we consume checkpoint_completion_target *
    2309             :      *    number of segments consumed between checkpoints.
    2310             :      *-------
    2311             :      */
    2312       15264 :     target = (double) ConvertToXSegs(max_wal_size_mb, wal_segment_size) /
    2313       15264 :         (1.0 + CheckPointCompletionTarget);
    2314             : 
    2315             :     /* round down */
    2316       15264 :     CheckPointSegments = (int) target;
    2317             : 
    2318       15264 :     if (CheckPointSegments < 1)
    2319          20 :         CheckPointSegments = 1;
    2320       15264 : }
    2321             : 
    2322             : void
    2323       11074 : assign_max_wal_size(int newval, void *extra)
    2324             : {
    2325       11074 :     max_wal_size_mb = newval;
    2326       11074 :     CalculateCheckpointSegments();
    2327       11074 : }
    2328             : 
    2329             : void
    2330        2226 : assign_checkpoint_completion_target(double newval, void *extra)
    2331             : {
    2332        2226 :     CheckPointCompletionTarget = newval;
    2333        2226 :     CalculateCheckpointSegments();
    2334        2226 : }
    2335             : 
    2336             : bool
    2337        4294 : check_wal_segment_size(int *newval, void **extra, GucSource source)
    2338             : {
    2339        4294 :     if (!IsValidWalSegSize(*newval))
    2340             :     {
    2341           0 :         GUC_check_errdetail("The WAL segment size must be a power of two between 1 MB and 1 GB.");
    2342           0 :         return false;
    2343             :     }
    2344             : 
    2345        4294 :     return true;
    2346             : }
    2347             : 
    2348             : /*
    2349             :  * At a checkpoint, how many WAL segments to recycle as preallocated future
    2350             :  * XLOG segments? Returns the highest segment that should be preallocated.
    2351             :  */
    2352             : static XLogSegNo
    2353        3378 : XLOGfileslop(XLogRecPtr lastredoptr)
    2354             : {
    2355             :     XLogSegNo   minSegNo;
    2356             :     XLogSegNo   maxSegNo;
    2357             :     double      distance;
    2358             :     XLogSegNo   recycleSegNo;
    2359             : 
    2360             :     /*
    2361             :      * Calculate the segment numbers that min_wal_size_mb and max_wal_size_mb
    2362             :      * correspond to. Always recycle enough segments to meet the minimum, and
    2363             :      * remove enough segments to stay below the maximum.
    2364             :      */
    2365        3378 :     minSegNo = lastredoptr / wal_segment_size +
    2366        3378 :         ConvertToXSegs(min_wal_size_mb, wal_segment_size) - 1;
    2367        3378 :     maxSegNo = lastredoptr / wal_segment_size +
    2368        3378 :         ConvertToXSegs(max_wal_size_mb, wal_segment_size) - 1;
    2369             : 
    2370             :     /*
    2371             :      * Between those limits, recycle enough segments to get us through to the
    2372             :      * estimated end of next checkpoint.
    2373             :      *
    2374             :      * To estimate where the next checkpoint will finish, assume that the
    2375             :      * system runs steadily consuming CheckPointDistanceEstimate bytes between
    2376             :      * every checkpoint.
    2377             :      */
    2378        3378 :     distance = (1.0 + CheckPointCompletionTarget) * CheckPointDistanceEstimate;
    2379             :     /* add 10% for good measure. */
    2380        3378 :     distance *= 1.10;
    2381             : 
    2382        3378 :     recycleSegNo = (XLogSegNo) ceil(((double) lastredoptr + distance) /
    2383             :                                     wal_segment_size);
    2384             : 
    2385        3378 :     if (recycleSegNo < minSegNo)
    2386        2386 :         recycleSegNo = minSegNo;
    2387        3378 :     if (recycleSegNo > maxSegNo)
    2388         760 :         recycleSegNo = maxSegNo;
    2389             : 
    2390        3378 :     return recycleSegNo;
    2391             : }
    2392             : 
    2393             : /*
    2394             :  * Check whether we've consumed enough xlog space that a checkpoint is needed.
    2395             :  *
    2396             :  * new_segno indicates a log file that has just been filled up (or read
    2397             :  * during recovery). We measure the distance from RedoRecPtr to new_segno
    2398             :  * and see if that exceeds CheckPointSegments.
    2399             :  *
    2400             :  * Note: it is caller's responsibility that RedoRecPtr is up-to-date.
    2401             :  */
    2402             : bool
    2403       10286 : XLogCheckpointNeeded(XLogSegNo new_segno)
    2404             : {
    2405             :     XLogSegNo   old_segno;
    2406             : 
    2407       10286 :     XLByteToSeg(RedoRecPtr, old_segno, wal_segment_size);
    2408             : 
    2409       10286 :     if (new_segno >= old_segno + (uint64) (CheckPointSegments - 1))
    2410        6578 :         return true;
    2411        3708 :     return false;
    2412             : }
    2413             : 
    2414             : /*
    2415             :  * Write and/or fsync the log at least as far as WriteRqst indicates.
    2416             :  *
    2417             :  * If flexible == true, we don't have to write as far as WriteRqst, but
    2418             :  * may stop at any convenient boundary (such as a cache or logfile boundary).
    2419             :  * This option allows us to avoid uselessly issuing multiple writes when a
    2420             :  * single one would do.
    2421             :  *
    2422             :  * Must be called with WALWriteLock held. WaitXLogInsertionsToFinish(WriteRqst)
    2423             :  * must be called before grabbing the lock, to make sure the data is ready to
    2424             :  * write.
    2425             :  */
    2426             : static void
    2427     4152004 : XLogWrite(XLogwrtRqst WriteRqst, TimeLineID tli, bool flexible)
    2428             : {
    2429             :     bool        ispartialpage;
    2430             :     bool        last_iteration;
    2431             :     bool        finishing_seg;
    2432             :     int         curridx;
    2433             :     int         npages;
    2434             :     int         startidx;
    2435             :     uint32      startoffset;
    2436             : 
    2437             :     /* We should always be inside a critical section here */
    2438             :     Assert(CritSectionCount > 0);
    2439             : 
    2440             :     /*
    2441             :      * Update local LogwrtResult (caller probably did this already, but...)
    2442             :      */
    2443     4152004 :     RefreshXLogWriteResult(LogwrtResult);
    2444             : 
    2445             :     /*
    2446             :      * Since successive pages in the xlog cache are consecutively allocated,
    2447             :      * we can usually gather multiple pages together and issue just one
    2448             :      * write() call.  npages is the number of pages we have determined can be
    2449             :      * written together; startidx is the cache block index of the first one,
    2450             :      * and startoffset is the file offset at which it should go. The latter
    2451             :      * two variables are only valid when npages > 0, but we must initialize
    2452             :      * all of them to keep the compiler quiet.
    2453             :      */
    2454     4152004 :     npages = 0;
    2455     4152004 :     startidx = 0;
    2456     4152004 :     startoffset = 0;
    2457             : 
    2458             :     /*
    2459             :      * Within the loop, curridx is the cache block index of the page to
    2460             :      * consider writing.  Begin at the buffer containing the next unwritten
    2461             :      * page, or last partially written page.
    2462             :      */
    2463     4152004 :     curridx = XLogRecPtrToBufIdx(LogwrtResult.Write);
    2464             : 
    2465     9074946 :     while (LogwrtResult.Write < WriteRqst.Write)
    2466             :     {
    2467             :         /*
    2468             :          * Make sure we're not ahead of the insert process.  This could happen
    2469             :          * if we're passed a bogus WriteRqst.Write that is past the end of the
    2470             :          * last page that's been initialized by AdvanceXLInsertBuffer.
    2471             :          */
    2472     5178740 :         XLogRecPtr  EndPtr = pg_atomic_read_u64(&XLogCtl->xlblocks[curridx]);
    2473             : 
    2474     5178740 :         if (LogwrtResult.Write >= EndPtr)
    2475           0 :             elog(PANIC, "xlog write request %X/%08X is past end of log %X/%08X",
    2476             :                  LSN_FORMAT_ARGS(LogwrtResult.Write),
    2477             :                  LSN_FORMAT_ARGS(EndPtr));
    2478             : 
    2479             :         /* Advance LogwrtResult.Write to end of current buffer page */
    2480     5178740 :         LogwrtResult.Write = EndPtr;
    2481     5178740 :         ispartialpage = WriteRqst.Write < LogwrtResult.Write;
    2482             : 
    2483     5178740 :         if (!XLByteInPrevSeg(LogwrtResult.Write, openLogSegNo,
    2484             :                              wal_segment_size))
    2485             :         {
    2486             :             /*
    2487             :              * Switch to new logfile segment.  We cannot have any pending
    2488             :              * pages here (since we dump what we have at segment end).
    2489             :              */
    2490             :             Assert(npages == 0);
    2491       26578 :             if (openLogFile >= 0)
    2492       12258 :                 XLogFileClose();
    2493       26578 :             XLByteToPrevSeg(LogwrtResult.Write, openLogSegNo,
    2494             :                             wal_segment_size);
    2495       26578 :             openLogTLI = tli;
    2496             : 
    2497             :             /* create/use new log file */
    2498       26578 :             openLogFile = XLogFileInit(openLogSegNo, tli);
    2499       26578 :             ReserveExternalFD();
    2500             :         }
    2501             : 
    2502             :         /* Make sure we have the current logfile open */
    2503     5178740 :         if (openLogFile < 0)
    2504             :         {
    2505           0 :             XLByteToPrevSeg(LogwrtResult.Write, openLogSegNo,
    2506             :                             wal_segment_size);
    2507           0 :             openLogTLI = tli;
    2508           0 :             openLogFile = XLogFileOpen(openLogSegNo, tli);
    2509           0 :             ReserveExternalFD();
    2510             :         }
    2511             : 
    2512             :         /* Add current page to the set of pending pages-to-dump */
    2513     5178740 :         if (npages == 0)
    2514             :         {
    2515             :             /* first of group */
    2516     4186390 :             startidx = curridx;
    2517     4186390 :             startoffset = XLogSegmentOffset(LogwrtResult.Write - XLOG_BLCKSZ,
    2518             :                                             wal_segment_size);
    2519             :         }
    2520     5178740 :         npages++;
    2521             : 
    2522             :         /*
    2523             :          * Dump the set if this will be the last loop iteration, or if we are
    2524             :          * at the last page of the cache area (since the next page won't be
    2525             :          * contiguous in memory), or if we are at the end of the logfile
    2526             :          * segment.
    2527             :          */
    2528     5178740 :         last_iteration = WriteRqst.Write <= LogwrtResult.Write;
    2529             : 
    2530    10109366 :         finishing_seg = !ispartialpage &&
    2531     4930626 :             (startoffset + npages * XLOG_BLCKSZ) >= wal_segment_size;
    2532             : 
    2533     5178740 :         if (last_iteration ||
    2534     1028854 :             curridx == XLogCtl->XLogCacheBlck ||
    2535             :             finishing_seg)
    2536             :         {
    2537             :             char       *from;
    2538             :             Size        nbytes;
    2539             :             Size        nleft;
    2540             :             ssize_t     written;
    2541             :             instr_time  start;
    2542             : 
    2543             :             /* OK to write the page(s) */
    2544     4186390 :             from = XLogCtl->pages + startidx * (Size) XLOG_BLCKSZ;
    2545     4186390 :             nbytes = npages * (Size) XLOG_BLCKSZ;
    2546     4186390 :             nleft = nbytes;
    2547             :             do
    2548             :             {
    2549     4186390 :                 errno = 0;
    2550             : 
    2551             :                 /*
    2552             :                  * Measure I/O timing to write WAL data, for pg_stat_io.
    2553             :                  */
    2554     4186390 :                 start = pgstat_prepare_io_time(track_wal_io_timing);
    2555             : 
    2556     4186390 :                 pgstat_report_wait_start(WAIT_EVENT_WAL_WRITE);
    2557     4186390 :                 written = pg_pwrite(openLogFile, from, nleft, startoffset);
    2558     4186390 :                 pgstat_report_wait_end();
    2559             : 
    2560     4186390 :                 pgstat_count_io_op_time(IOOBJECT_WAL, IOCONTEXT_NORMAL,
    2561             :                                         IOOP_WRITE, start, 1, written);
    2562             : 
    2563     4186390 :                 if (written <= 0)
    2564             :                 {
    2565             :                     char        xlogfname[MAXFNAMELEN];
    2566             :                     int         save_errno;
    2567             : 
    2568           0 :                     if (errno == EINTR)
    2569           0 :                         continue;
    2570             : 
    2571           0 :                     save_errno = errno;
    2572           0 :                     XLogFileName(xlogfname, tli, openLogSegNo,
    2573             :                                  wal_segment_size);
    2574           0 :                     errno = save_errno;
    2575           0 :                     ereport(PANIC,
    2576             :                             (errcode_for_file_access(),
    2577             :                              errmsg("could not write to log file \"%s\" at offset %u, length %zu: %m",
    2578             :                                     xlogfname, startoffset, nleft)));
    2579             :                 }
    2580     4186390 :                 nleft -= written;
    2581     4186390 :                 from += written;
    2582     4186390 :                 startoffset += written;
    2583     4186390 :             } while (nleft > 0);
    2584             : 
    2585     4186390 :             npages = 0;
    2586             : 
    2587             :             /*
    2588             :              * If we just wrote the whole last page of a logfile segment,
    2589             :              * fsync the segment immediately.  This avoids having to go back
    2590             :              * and re-open prior segments when an fsync request comes along
    2591             :              * later. Doing it here ensures that one and only one backend will
    2592             :              * perform this fsync.
    2593             :              *
    2594             :              * This is also the right place to notify the Archiver that the
    2595             :              * segment is ready to copy to archival storage, and to update the
    2596             :              * timer for archive_timeout, and to signal for a checkpoint if
    2597             :              * too many logfile segments have been used since the last
    2598             :              * checkpoint.
    2599             :              */
    2600     4186390 :             if (finishing_seg)
    2601             :             {
    2602        3966 :                 issue_xlog_fsync(openLogFile, openLogSegNo, tli);
    2603             : 
    2604             :                 /* signal that we need to wakeup walsenders later */
    2605        3966 :                 WalSndWakeupRequest();
    2606             : 
    2607        3966 :                 LogwrtResult.Flush = LogwrtResult.Write;    /* end of page */
    2608             : 
    2609        3966 :                 if (XLogArchivingActive())
    2610         812 :                     XLogArchiveNotifySeg(openLogSegNo, tli);
    2611             : 
    2612        3966 :                 XLogCtl->lastSegSwitchTime = (pg_time_t) time(NULL);
    2613        3966 :                 XLogCtl->lastSegSwitchLSN = LogwrtResult.Flush;
    2614             : 
    2615             :                 /*
    2616             :                  * Request a checkpoint if we've consumed too much xlog since
    2617             :                  * the last one.  For speed, we first check using the local
    2618             :                  * copy of RedoRecPtr, which might be out of date; if it looks
    2619             :                  * like a checkpoint is needed, forcibly update RedoRecPtr and
    2620             :                  * recheck.
    2621             :                  */
    2622        3966 :                 if (IsUnderPostmaster && XLogCheckpointNeeded(openLogSegNo))
    2623             :                 {
    2624         468 :                     (void) GetRedoRecPtr();
    2625         468 :                     if (XLogCheckpointNeeded(openLogSegNo))
    2626         382 :                         RequestCheckpoint(CHECKPOINT_CAUSE_XLOG);
    2627             :                 }
    2628             :             }
    2629             :         }
    2630             : 
    2631     5178740 :         if (ispartialpage)
    2632             :         {
    2633             :             /* Only asked to write a partial page */
    2634      248114 :             LogwrtResult.Write = WriteRqst.Write;
    2635      248114 :             break;
    2636             :         }
    2637     4930626 :         curridx = NextBufIdx(curridx);
    2638             : 
    2639             :         /* If flexible, break out of loop as soon as we wrote something */
    2640     4930626 :         if (flexible && npages == 0)
    2641        7684 :             break;
    2642             :     }
    2643             : 
    2644             :     Assert(npages == 0);
    2645             : 
    2646             :     /*
    2647             :      * If asked to flush, do so
    2648             :      */
    2649     4152004 :     if (LogwrtResult.Flush < WriteRqst.Flush &&
    2650      264112 :         LogwrtResult.Flush < LogwrtResult.Write)
    2651             :     {
    2652             :         /*
    2653             :          * Could get here without iterating above loop, in which case we might
    2654             :          * have no open file or the wrong one.  However, we do not need to
    2655             :          * fsync more than one file.
    2656             :          */
    2657      264004 :         if (wal_sync_method != WAL_SYNC_METHOD_OPEN &&
    2658      264004 :             wal_sync_method != WAL_SYNC_METHOD_OPEN_DSYNC)
    2659             :         {
    2660      264004 :             if (openLogFile >= 0 &&
    2661      263980 :                 !XLByteInPrevSeg(LogwrtResult.Write, openLogSegNo,
    2662             :                                  wal_segment_size))
    2663         186 :                 XLogFileClose();
    2664      264004 :             if (openLogFile < 0)
    2665             :             {
    2666         210 :                 XLByteToPrevSeg(LogwrtResult.Write, openLogSegNo,
    2667             :                                 wal_segment_size);
    2668         210 :                 openLogTLI = tli;
    2669         210 :                 openLogFile = XLogFileOpen(openLogSegNo, tli);
    2670         210 :                 ReserveExternalFD();
    2671             :             }
    2672             : 
    2673      264004 :             issue_xlog_fsync(openLogFile, openLogSegNo, tli);
    2674             :         }
    2675             : 
    2676             :         /* signal that we need to wakeup walsenders later */
    2677      264004 :         WalSndWakeupRequest();
    2678             : 
    2679      264004 :         LogwrtResult.Flush = LogwrtResult.Write;
    2680             :     }
    2681             : 
    2682             :     /*
    2683             :      * Update shared-memory status
    2684             :      *
    2685             :      * We make sure that the shared 'request' values do not fall behind the
    2686             :      * 'result' values.  This is not absolutely essential, but it saves some
    2687             :      * code in a couple of places.
    2688             :      */
    2689     4152004 :     SpinLockAcquire(&XLogCtl->info_lck);
    2690     4152004 :     if (XLogCtl->LogwrtRqst.Write < LogwrtResult.Write)
    2691      232008 :         XLogCtl->LogwrtRqst.Write = LogwrtResult.Write;
    2692     4152004 :     if (XLogCtl->LogwrtRqst.Flush < LogwrtResult.Flush)
    2693      267046 :         XLogCtl->LogwrtRqst.Flush = LogwrtResult.Flush;
    2694     4152004 :     SpinLockRelease(&XLogCtl->info_lck);
    2695             : 
    2696             :     /*
    2697             :      * We write Write first, bar, then Flush.  When reading, the opposite must
    2698             :      * be done (with a matching barrier in between), so that we always see a
    2699             :      * Flush value that trails behind the Write value seen.
    2700             :      */
    2701     4152004 :     pg_atomic_write_u64(&XLogCtl->logWriteResult, LogwrtResult.Write);
    2702     4152004 :     pg_write_barrier();
    2703     4152004 :     pg_atomic_write_u64(&XLogCtl->logFlushResult, LogwrtResult.Flush);
    2704             : 
    2705             : #ifdef USE_ASSERT_CHECKING
    2706             :     {
    2707             :         XLogRecPtr  Flush;
    2708             :         XLogRecPtr  Write;
    2709             :         XLogRecPtr  Insert;
    2710             : 
    2711             :         Flush = pg_atomic_read_u64(&XLogCtl->logFlushResult);
    2712             :         pg_read_barrier();
    2713             :         Write = pg_atomic_read_u64(&XLogCtl->logWriteResult);
    2714             :         pg_read_barrier();
    2715             :         Insert = pg_atomic_read_u64(&XLogCtl->logInsertResult);
    2716             : 
    2717             :         /* WAL written to disk is always ahead of WAL flushed */
    2718             :         Assert(Write >= Flush);
    2719             : 
    2720             :         /* WAL inserted to buffers is always ahead of WAL written */
    2721             :         Assert(Insert >= Write);
    2722             :     }
    2723             : #endif
    2724     4152004 : }
    2725             : 
    2726             : /*
    2727             :  * Record the LSN for an asynchronous transaction commit/abort
    2728             :  * and nudge the WALWriter if there is work for it to do.
    2729             :  * (This should not be called for synchronous commits.)
    2730             :  */
    2731             : void
    2732       99038 : XLogSetAsyncXactLSN(XLogRecPtr asyncXactLSN)
    2733             : {
    2734       99038 :     XLogRecPtr  WriteRqstPtr = asyncXactLSN;
    2735             :     bool        sleeping;
    2736       99038 :     bool        wakeup = false;
    2737             :     XLogRecPtr  prevAsyncXactLSN;
    2738             : 
    2739       99038 :     SpinLockAcquire(&XLogCtl->info_lck);
    2740       99038 :     sleeping = XLogCtl->WalWriterSleeping;
    2741       99038 :     prevAsyncXactLSN = XLogCtl->asyncXactLSN;
    2742       99038 :     if (XLogCtl->asyncXactLSN < asyncXactLSN)
    2743       98134 :         XLogCtl->asyncXactLSN = asyncXactLSN;
    2744       99038 :     SpinLockRelease(&XLogCtl->info_lck);
    2745             : 
    2746             :     /*
    2747             :      * If somebody else already called this function with a more aggressive
    2748             :      * LSN, they will have done what we needed (and perhaps more).
    2749             :      */
    2750       99038 :     if (asyncXactLSN <= prevAsyncXactLSN)
    2751         904 :         return;
    2752             : 
    2753             :     /*
    2754             :      * If the WALWriter is sleeping, kick it to make it come out of low-power
    2755             :      * mode, so that this async commit will reach disk within the expected
    2756             :      * amount of time.  Otherwise, determine whether it has enough WAL
    2757             :      * available to flush, the same way that XLogBackgroundFlush() does.
    2758             :      */
    2759       98134 :     if (sleeping)
    2760          60 :         wakeup = true;
    2761             :     else
    2762             :     {
    2763             :         int         flushblocks;
    2764             : 
    2765       98074 :         RefreshXLogWriteResult(LogwrtResult);
    2766             : 
    2767       98074 :         flushblocks =
    2768       98074 :             WriteRqstPtr / XLOG_BLCKSZ - LogwrtResult.Flush / XLOG_BLCKSZ;
    2769             : 
    2770       98074 :         if (WalWriterFlushAfter == 0 || flushblocks >= WalWriterFlushAfter)
    2771        7640 :             wakeup = true;
    2772             :     }
    2773             : 
    2774       98134 :     if (wakeup)
    2775             :     {
    2776        7700 :         volatile PROC_HDR *procglobal = ProcGlobal;
    2777        7700 :         ProcNumber  walwriterProc = procglobal->walwriterProc;
    2778             : 
    2779        7700 :         if (walwriterProc != INVALID_PROC_NUMBER)
    2780         490 :             SetLatch(&GetPGProcByNumber(walwriterProc)->procLatch);
    2781             :     }
    2782             : }
    2783             : 
    2784             : /*
    2785             :  * Record the LSN up to which we can remove WAL because it's not required by
    2786             :  * any replication slot.
    2787             :  */
    2788             : void
    2789       53492 : XLogSetReplicationSlotMinimumLSN(XLogRecPtr lsn)
    2790             : {
    2791       53492 :     SpinLockAcquire(&XLogCtl->info_lck);
    2792       53492 :     XLogCtl->replicationSlotMinLSN = lsn;
    2793       53492 :     SpinLockRelease(&XLogCtl->info_lck);
    2794       53492 : }
    2795             : 
    2796             : 
    2797             : /*
    2798             :  * Return the oldest LSN we must retain to satisfy the needs of some
    2799             :  * replication slot.
    2800             :  */
    2801             : static XLogRecPtr
    2802        4334 : XLogGetReplicationSlotMinimumLSN(void)
    2803             : {
    2804             :     XLogRecPtr  retval;
    2805             : 
    2806        4334 :     SpinLockAcquire(&XLogCtl->info_lck);
    2807        4334 :     retval = XLogCtl->replicationSlotMinLSN;
    2808        4334 :     SpinLockRelease(&XLogCtl->info_lck);
    2809             : 
    2810        4334 :     return retval;
    2811             : }
    2812             : 
    2813             : /*
    2814             :  * Advance minRecoveryPoint in control file.
    2815             :  *
    2816             :  * If we crash during recovery, we must reach this point again before the
    2817             :  * database is consistent.
    2818             :  *
    2819             :  * If 'force' is true, 'lsn' argument is ignored. Otherwise, minRecoveryPoint
    2820             :  * is only updated if it's not already greater than or equal to 'lsn'.
    2821             :  */
    2822             : static void
    2823      207210 : UpdateMinRecoveryPoint(XLogRecPtr lsn, bool force)
    2824             : {
    2825             :     /* Quick check using our local copy of the variable */
    2826      207210 :     if (!updateMinRecoveryPoint || (!force && lsn <= LocalMinRecoveryPoint))
    2827      194038 :         return;
    2828             : 
    2829             :     /*
    2830             :      * An invalid minRecoveryPoint means that we need to recover all the WAL,
    2831             :      * i.e., we're doing crash recovery.  We never modify the control file's
    2832             :      * value in that case, so we can short-circuit future checks here too. The
    2833             :      * local values of minRecoveryPoint and minRecoveryPointTLI should not be
    2834             :      * updated until crash recovery finishes.  We only do this for the startup
    2835             :      * process as it should not update its own reference of minRecoveryPoint
    2836             :      * until it has finished crash recovery to make sure that all WAL
    2837             :      * available is replayed in this case.  This also saves from extra locks
    2838             :      * taken on the control file from the startup process.
    2839             :      */
    2840       13172 :     if (XLogRecPtrIsInvalid(LocalMinRecoveryPoint) && InRecovery)
    2841             :     {
    2842          62 :         updateMinRecoveryPoint = false;
    2843          62 :         return;
    2844             :     }
    2845             : 
    2846       13110 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    2847             : 
    2848             :     /* update local copy */
    2849       13110 :     LocalMinRecoveryPoint = ControlFile->minRecoveryPoint;
    2850       13110 :     LocalMinRecoveryPointTLI = ControlFile->minRecoveryPointTLI;
    2851             : 
    2852       13110 :     if (XLogRecPtrIsInvalid(LocalMinRecoveryPoint))
    2853           4 :         updateMinRecoveryPoint = false;
    2854       13106 :     else if (force || LocalMinRecoveryPoint < lsn)
    2855             :     {
    2856             :         XLogRecPtr  newMinRecoveryPoint;
    2857             :         TimeLineID  newMinRecoveryPointTLI;
    2858             : 
    2859             :         /*
    2860             :          * To avoid having to update the control file too often, we update it
    2861             :          * all the way to the last record being replayed, even though 'lsn'
    2862             :          * would suffice for correctness.  This also allows the 'force' case
    2863             :          * to not need a valid 'lsn' value.
    2864             :          *
    2865             :          * Another important reason for doing it this way is that the passed
    2866             :          * 'lsn' value could be bogus, i.e., past the end of available WAL, if
    2867             :          * the caller got it from a corrupted heap page.  Accepting such a
    2868             :          * value as the min recovery point would prevent us from coming up at
    2869             :          * all.  Instead, we just log a warning and continue with recovery.
    2870             :          * (See also the comments about corrupt LSNs in XLogFlush.)
    2871             :          */
    2872       10574 :         newMinRecoveryPoint = GetCurrentReplayRecPtr(&newMinRecoveryPointTLI);
    2873       10574 :         if (!force && newMinRecoveryPoint < lsn)
    2874           0 :             elog(WARNING,
    2875             :                  "xlog min recovery request %X/%08X is past current point %X/%08X",
    2876             :                  LSN_FORMAT_ARGS(lsn), LSN_FORMAT_ARGS(newMinRecoveryPoint));
    2877             : 
    2878             :         /* update control file */
    2879       10574 :         if (ControlFile->minRecoveryPoint < newMinRecoveryPoint)
    2880             :         {
    2881        9876 :             ControlFile->minRecoveryPoint = newMinRecoveryPoint;
    2882        9876 :             ControlFile->minRecoveryPointTLI = newMinRecoveryPointTLI;
    2883        9876 :             UpdateControlFile();
    2884        9876 :             LocalMinRecoveryPoint = newMinRecoveryPoint;
    2885        9876 :             LocalMinRecoveryPointTLI = newMinRecoveryPointTLI;
    2886             : 
    2887        9876 :             ereport(DEBUG2,
    2888             :                     errmsg_internal("updated min recovery point to %X/%08X on timeline %u",
    2889             :                                     LSN_FORMAT_ARGS(newMinRecoveryPoint),
    2890             :                                     newMinRecoveryPointTLI));
    2891             :         }
    2892             :     }
    2893       13110 :     LWLockRelease(ControlFileLock);
    2894             : }
    2895             : 
    2896             : /*
    2897             :  * Ensure that all XLOG data through the given position is flushed to disk.
    2898             :  *
    2899             :  * NOTE: this differs from XLogWrite mainly in that the WALWriteLock is not
    2900             :  * already held, and we try to avoid acquiring it if possible.
    2901             :  */
    2902             : void
    2903     1351430 : XLogFlush(XLogRecPtr record)
    2904             : {
    2905             :     XLogRecPtr  WriteRqstPtr;
    2906             :     XLogwrtRqst WriteRqst;
    2907     1351430 :     TimeLineID  insertTLI = XLogCtl->InsertTimeLineID;
    2908             : 
    2909             :     /*
    2910             :      * During REDO, we are reading not writing WAL.  Therefore, instead of
    2911             :      * trying to flush the WAL, we should update minRecoveryPoint instead. We
    2912             :      * test XLogInsertAllowed(), not InRecovery, because we need checkpointer
    2913             :      * to act this way too, and because when it tries to write the
    2914             :      * end-of-recovery checkpoint, it should indeed flush.
    2915             :      */
    2916     1351430 :     if (!XLogInsertAllowed())
    2917             :     {
    2918      206328 :         UpdateMinRecoveryPoint(record, false);
    2919     1071968 :         return;
    2920             :     }
    2921             : 
    2922             :     /* Quick exit if already known flushed */
    2923     1145102 :     if (record <= LogwrtResult.Flush)
    2924      865640 :         return;
    2925             : 
    2926             : #ifdef WAL_DEBUG
    2927             :     if (XLOG_DEBUG)
    2928             :         elog(LOG, "xlog flush request %X/%08X; write %X/%08X; flush %X/%08X",
    2929             :              LSN_FORMAT_ARGS(record),
    2930             :              LSN_FORMAT_ARGS(LogwrtResult.Write),
    2931             :              LSN_FORMAT_ARGS(LogwrtResult.Flush));
    2932             : #endif
    2933             : 
    2934      279462 :     START_CRIT_SECTION();
    2935             : 
    2936             :     /*
    2937             :      * Since fsync is usually a horribly expensive operation, we try to
    2938             :      * piggyback as much data as we can on each fsync: if we see any more data
    2939             :      * entered into the xlog buffer, we'll write and fsync that too, so that
    2940             :      * the final value of LogwrtResult.Flush is as large as possible. This
    2941             :      * gives us some chance of avoiding another fsync immediately after.
    2942             :      */
    2943             : 
    2944             :     /* initialize to given target; may increase below */
    2945      279462 :     WriteRqstPtr = record;
    2946             : 
    2947             :     /*
    2948             :      * Now wait until we get the write lock, or someone else does the flush
    2949             :      * for us.
    2950             :      */
    2951             :     for (;;)
    2952       10722 :     {
    2953             :         XLogRecPtr  insertpos;
    2954             : 
    2955             :         /* done already? */
    2956      290184 :         RefreshXLogWriteResult(LogwrtResult);
    2957      290184 :         if (record <= LogwrtResult.Flush)
    2958       20296 :             break;
    2959             : 
    2960             :         /*
    2961             :          * Before actually performing the write, wait for all in-flight
    2962             :          * insertions to the pages we're about to write to finish.
    2963             :          */
    2964      269888 :         SpinLockAcquire(&XLogCtl->info_lck);
    2965      269888 :         if (WriteRqstPtr < XLogCtl->LogwrtRqst.Write)
    2966       18344 :             WriteRqstPtr = XLogCtl->LogwrtRqst.Write;
    2967      269888 :         SpinLockRelease(&XLogCtl->info_lck);
    2968      269888 :         insertpos = WaitXLogInsertionsToFinish(WriteRqstPtr);
    2969             : 
    2970             :         /*
    2971             :          * Try to get the write lock. If we can't get it immediately, wait
    2972             :          * until it's released, and recheck if we still need to do the flush
    2973             :          * or if the backend that held the lock did it for us already. This
    2974             :          * helps to maintain a good rate of group committing when the system
    2975             :          * is bottlenecked by the speed of fsyncing.
    2976             :          */
    2977      269888 :         if (!LWLockAcquireOrWait(WALWriteLock, LW_EXCLUSIVE))
    2978             :         {
    2979             :             /*
    2980             :              * The lock is now free, but we didn't acquire it yet. Before we
    2981             :              * do, loop back to check if someone else flushed the record for
    2982             :              * us already.
    2983             :              */
    2984       10722 :             continue;
    2985             :         }
    2986             : 
    2987             :         /* Got the lock; recheck whether request is satisfied */
    2988      259166 :         RefreshXLogWriteResult(LogwrtResult);
    2989      259166 :         if (record <= LogwrtResult.Flush)
    2990             :         {
    2991        3204 :             LWLockRelease(WALWriteLock);
    2992        3204 :             break;
    2993             :         }
    2994             : 
    2995             :         /*
    2996             :          * Sleep before flush! By adding a delay here, we may give further
    2997             :          * backends the opportunity to join the backlog of group commit
    2998             :          * followers; this can significantly improve transaction throughput,
    2999             :          * at the risk of increasing transaction latency.
    3000             :          *
    3001             :          * We do not sleep if enableFsync is not turned on, nor if there are
    3002             :          * fewer than CommitSiblings other backends with active transactions.
    3003             :          */
    3004      255962 :         if (CommitDelay > 0 && enableFsync &&
    3005           0 :             MinimumActiveBackends(CommitSiblings))
    3006             :         {
    3007           0 :             pg_usleep(CommitDelay);
    3008             : 
    3009             :             /*
    3010             :              * Re-check how far we can now flush the WAL. It's generally not
    3011             :              * safe to call WaitXLogInsertionsToFinish while holding
    3012             :              * WALWriteLock, because an in-progress insertion might need to
    3013             :              * also grab WALWriteLock to make progress. But we know that all
    3014             :              * the insertions up to insertpos have already finished, because
    3015             :              * that's what the earlier WaitXLogInsertionsToFinish() returned.
    3016             :              * We're only calling it again to allow insertpos to be moved
    3017             :              * further forward, not to actually wait for anyone.
    3018             :              */
    3019           0 :             insertpos = WaitXLogInsertionsToFinish(insertpos);
    3020             :         }
    3021             : 
    3022             :         /* try to write/flush later additions to XLOG as well */
    3023      255962 :         WriteRqst.Write = insertpos;
    3024      255962 :         WriteRqst.Flush = insertpos;
    3025             : 
    3026      255962 :         XLogWrite(WriteRqst, insertTLI, false);
    3027             : 
    3028      255962 :         LWLockRelease(WALWriteLock);
    3029             :         /* done */
    3030      255962 :         break;
    3031             :     }
    3032             : 
    3033      279462 :     END_CRIT_SECTION();
    3034             : 
    3035             :     /* wake up walsenders now that we've released heavily contended locks */
    3036      279462 :     WalSndWakeupProcessRequests(true, !RecoveryInProgress());
    3037             : 
    3038             :     /*
    3039             :      * If we still haven't flushed to the request point then we have a
    3040             :      * problem; most likely, the requested flush point is past end of XLOG.
    3041             :      * This has been seen to occur when a disk page has a corrupted LSN.
    3042             :      *
    3043             :      * Formerly we treated this as a PANIC condition, but that hurts the
    3044             :      * system's robustness rather than helping it: we do not want to take down
    3045             :      * the whole system due to corruption on one data page.  In particular, if
    3046             :      * the bad page is encountered again during recovery then we would be
    3047             :      * unable to restart the database at all!  (This scenario actually
    3048             :      * happened in the field several times with 7.1 releases.)  As of 8.4, bad
    3049             :      * LSNs encountered during recovery are UpdateMinRecoveryPoint's problem;
    3050             :      * the only time we can reach here during recovery is while flushing the
    3051             :      * end-of-recovery checkpoint record, and we don't expect that to have a
    3052             :      * bad LSN.
    3053             :      *
    3054             :      * Note that for calls from xact.c, the ERROR will be promoted to PANIC
    3055             :      * since xact.c calls this routine inside a critical section.  However,
    3056             :      * calls from bufmgr.c are not within critical sections and so we will not
    3057             :      * force a restart for a bad LSN on a data page.
    3058             :      */
    3059      279462 :     if (LogwrtResult.Flush < record)
    3060           0 :         elog(ERROR,
    3061             :              "xlog flush request %X/%08X is not satisfied --- flushed only to %X/%08X",
    3062             :              LSN_FORMAT_ARGS(record),
    3063             :              LSN_FORMAT_ARGS(LogwrtResult.Flush));
    3064             : }
    3065             : 
    3066             : /*
    3067             :  * Write & flush xlog, but without specifying exactly where to.
    3068             :  *
    3069             :  * We normally write only completed blocks; but if there is nothing to do on
    3070             :  * that basis, we check for unwritten async commits in the current incomplete
    3071             :  * block, and write through the latest one of those.  Thus, if async commits
    3072             :  * are not being used, we will write complete blocks only.
    3073             :  *
    3074             :  * If, based on the above, there's anything to write we do so immediately. But
    3075             :  * to avoid calling fsync, fdatasync et. al. at a rate that'd impact
    3076             :  * concurrent IO, we only flush WAL every wal_writer_delay ms, or if there's
    3077             :  * more than wal_writer_flush_after unflushed blocks.
    3078             :  *
    3079             :  * We can guarantee that async commits reach disk after at most three
    3080             :  * wal_writer_delay cycles. (When flushing complete blocks, we allow XLogWrite
    3081             :  * to write "flexibly", meaning it can stop at the end of the buffer ring;
    3082             :  * this makes a difference only with very high load or long wal_writer_delay,
    3083             :  * but imposes one extra cycle for the worst case for async commits.)
    3084             :  *
    3085             :  * This routine is invoked periodically by the background walwriter process.
    3086             :  *
    3087             :  * Returns true if there was any work to do, even if we skipped flushing due
    3088             :  * to wal_writer_delay/wal_writer_flush_after.
    3089             :  */
    3090             : bool
    3091       36150 : XLogBackgroundFlush(void)
    3092             : {
    3093             :     XLogwrtRqst WriteRqst;
    3094       36150 :     bool        flexible = true;
    3095             :     static TimestampTz lastflush;
    3096             :     TimestampTz now;
    3097             :     int         flushblocks;
    3098             :     TimeLineID  insertTLI;
    3099             : 
    3100             :     /* XLOG doesn't need flushing during recovery */
    3101       36150 :     if (RecoveryInProgress())
    3102        2184 :         return false;
    3103             : 
    3104             :     /*
    3105             :      * Since we're not in recovery, InsertTimeLineID is set and can't change,
    3106             :      * so we can read it without a lock.
    3107             :      */
    3108       33966 :     insertTLI = XLogCtl->InsertTimeLineID;
    3109             : 
    3110             :     /* read updated LogwrtRqst */
    3111       33966 :     SpinLockAcquire(&XLogCtl->info_lck);
    3112       33966 :     WriteRqst = XLogCtl->LogwrtRqst;
    3113       33966 :     SpinLockRelease(&XLogCtl->info_lck);
    3114             : 
    3115             :     /* back off to last completed page boundary */
    3116       33966 :     WriteRqst.Write -= WriteRqst.Write % XLOG_BLCKSZ;
    3117             : 
    3118             :     /* if we have already flushed that far, consider async commit records */
    3119       33966 :     RefreshXLogWriteResult(LogwrtResult);
    3120       33966 :     if (WriteRqst.Write <= LogwrtResult.Flush)
    3121             :     {
    3122       25536 :         SpinLockAcquire(&XLogCtl->info_lck);
    3123       25536 :         WriteRqst.Write = XLogCtl->asyncXactLSN;
    3124       25536 :         SpinLockRelease(&XLogCtl->info_lck);
    3125       25536 :         flexible = false;       /* ensure it all gets written */
    3126             :     }
    3127             : 
    3128             :     /*
    3129             :      * If already known flushed, we're done. Just need to check if we are
    3130             :      * holding an open file handle to a logfile that's no longer in use,
    3131             :      * preventing the file from being deleted.
    3132             :      */
    3133       33966 :     if (WriteRqst.Write <= LogwrtResult.Flush)
    3134             :     {
    3135       23806 :         if (openLogFile >= 0)
    3136             :         {
    3137       17114 :             if (!XLByteInPrevSeg(LogwrtResult.Write, openLogSegNo,
    3138             :                                  wal_segment_size))
    3139             :             {
    3140         290 :                 XLogFileClose();
    3141             :             }
    3142             :         }
    3143       23806 :         return false;
    3144             :     }
    3145             : 
    3146             :     /*
    3147             :      * Determine how far to flush WAL, based on the wal_writer_delay and
    3148             :      * wal_writer_flush_after GUCs.
    3149             :      *
    3150             :      * Note that XLogSetAsyncXactLSN() performs similar calculation based on
    3151             :      * wal_writer_flush_after, to decide when to wake us up.  Make sure the
    3152             :      * logic is the same in both places if you change this.
    3153             :      */
    3154       10160 :     now = GetCurrentTimestamp();
    3155       10160 :     flushblocks =
    3156       10160 :         WriteRqst.Write / XLOG_BLCKSZ - LogwrtResult.Flush / XLOG_BLCKSZ;
    3157             : 
    3158       10160 :     if (WalWriterFlushAfter == 0 || lastflush == 0)
    3159             :     {
    3160             :         /* first call, or block based limits disabled */
    3161         490 :         WriteRqst.Flush = WriteRqst.Write;
    3162         490 :         lastflush = now;
    3163             :     }
    3164        9670 :     else if (TimestampDifferenceExceeds(lastflush, now, WalWriterDelay))
    3165             :     {
    3166             :         /*
    3167             :          * Flush the writes at least every WalWriterDelay ms. This is
    3168             :          * important to bound the amount of time it takes for an asynchronous
    3169             :          * commit to hit disk.
    3170             :          */
    3171        9348 :         WriteRqst.Flush = WriteRqst.Write;
    3172        9348 :         lastflush = now;
    3173             :     }
    3174         322 :     else if (flushblocks >= WalWriterFlushAfter)
    3175             :     {
    3176             :         /* exceeded wal_writer_flush_after blocks, flush */
    3177         292 :         WriteRqst.Flush = WriteRqst.Write;
    3178         292 :         lastflush = now;
    3179             :     }
    3180             :     else
    3181             :     {
    3182             :         /* no flushing, this time round */
    3183          30 :         WriteRqst.Flush = 0;
    3184             :     }
    3185             : 
    3186             : #ifdef WAL_DEBUG
    3187             :     if (XLOG_DEBUG)
    3188             :         elog(LOG, "xlog bg flush request write %X/%08X; flush: %X/%08X, current is write %X/%08X; flush %X/%08X",
    3189             :              LSN_FORMAT_ARGS(WriteRqst.Write),
    3190             :              LSN_FORMAT_ARGS(WriteRqst.Flush),
    3191             :              LSN_FORMAT_ARGS(LogwrtResult.Write),
    3192             :              LSN_FORMAT_ARGS(LogwrtResult.Flush));
    3193             : #endif
    3194             : 
    3195       10160 :     START_CRIT_SECTION();
    3196             : 
    3197             :     /* now wait for any in-progress insertions to finish and get write lock */
    3198       10160 :     WaitXLogInsertionsToFinish(WriteRqst.Write);
    3199       10160 :     LWLockAcquire(WALWriteLock, LW_EXCLUSIVE);
    3200       10160 :     RefreshXLogWriteResult(LogwrtResult);
    3201       10160 :     if (WriteRqst.Write > LogwrtResult.Write ||
    3202         834 :         WriteRqst.Flush > LogwrtResult.Flush)
    3203             :     {
    3204        9628 :         XLogWrite(WriteRqst, insertTLI, flexible);
    3205             :     }
    3206       10160 :     LWLockRelease(WALWriteLock);
    3207             : 
    3208       10160 :     END_CRIT_SECTION();
    3209             : 
    3210             :     /* wake up walsenders now that we've released heavily contended locks */
    3211       10160 :     WalSndWakeupProcessRequests(true, !RecoveryInProgress());
    3212             : 
    3213             :     /*
    3214             :      * Great, done. To take some work off the critical path, try to initialize
    3215             :      * as many of the no-longer-needed WAL buffers for future use as we can.
    3216             :      */
    3217       10160 :     AdvanceXLInsertBuffer(InvalidXLogRecPtr, insertTLI, true);
    3218             : 
    3219             :     /*
    3220             :      * If we determined that we need to write data, but somebody else
    3221             :      * wrote/flushed already, it should be considered as being active, to
    3222             :      * avoid hibernating too early.
    3223             :      */
    3224       10160 :     return true;
    3225             : }
    3226             : 
    3227             : /*
    3228             :  * Test whether XLOG data has been flushed up to (at least) the given position.
    3229             :  *
    3230             :  * Returns true if a flush is still needed.  (It may be that someone else
    3231             :  * is already in process of flushing that far, however.)
    3232             :  */
    3233             : bool
    3234    18227720 : XLogNeedsFlush(XLogRecPtr record)
    3235             : {
    3236             :     /*
    3237             :      * During recovery, we don't flush WAL but update minRecoveryPoint
    3238             :      * instead. So "needs flush" is taken to mean whether minRecoveryPoint
    3239             :      * would need to be updated.
    3240             :      */
    3241    18227720 :     if (RecoveryInProgress())
    3242             :     {
    3243             :         /*
    3244             :          * An invalid minRecoveryPoint means that we need to recover all the
    3245             :          * WAL, i.e., we're doing crash recovery.  We never modify the control
    3246             :          * file's value in that case, so we can short-circuit future checks
    3247             :          * here too.  This triggers a quick exit path for the startup process,
    3248             :          * which cannot update its local copy of minRecoveryPoint as long as
    3249             :          * it has not replayed all WAL available when doing crash recovery.
    3250             :          */
    3251     1277074 :         if (XLogRecPtrIsInvalid(LocalMinRecoveryPoint) && InRecovery)
    3252           0 :             updateMinRecoveryPoint = false;
    3253             : 
    3254             :         /* Quick exit if already known to be updated or cannot be updated */
    3255     1277074 :         if (record <= LocalMinRecoveryPoint || !updateMinRecoveryPoint)
    3256     1258384 :             return false;
    3257             : 
    3258             :         /*
    3259             :          * Update local copy of minRecoveryPoint. But if the lock is busy,
    3260             :          * just return a conservative guess.
    3261             :          */
    3262       18690 :         if (!LWLockConditionalAcquire(ControlFileLock, LW_SHARED))
    3263           0 :             return true;
    3264       18690 :         LocalMinRecoveryPoint = ControlFile->minRecoveryPoint;
    3265       18690 :         LocalMinRecoveryPointTLI = ControlFile->minRecoveryPointTLI;
    3266       18690 :         LWLockRelease(ControlFileLock);
    3267             : 
    3268             :         /*
    3269             :          * Check minRecoveryPoint for any other process than the startup
    3270             :          * process doing crash recovery, which should not update the control
    3271             :          * file value if crash recovery is still running.
    3272             :          */
    3273       18690 :         if (XLogRecPtrIsInvalid(LocalMinRecoveryPoint))
    3274           0 :             updateMinRecoveryPoint = false;
    3275             : 
    3276             :         /* check again */
    3277       18690 :         if (record <= LocalMinRecoveryPoint || !updateMinRecoveryPoint)
    3278         148 :             return false;
    3279             :         else
    3280       18542 :             return true;
    3281             :     }
    3282             : 
    3283             :     /* Quick exit if already known flushed */
    3284    16950646 :     if (record <= LogwrtResult.Flush)
    3285    16541940 :         return false;
    3286             : 
    3287             :     /* read LogwrtResult and update local state */
    3288      408706 :     RefreshXLogWriteResult(LogwrtResult);
    3289             : 
    3290             :     /* check again */
    3291      408706 :     if (record <= LogwrtResult.Flush)
    3292        5950 :         return false;
    3293             : 
    3294      402756 :     return true;
    3295             : }
    3296             : 
    3297             : /*
    3298             :  * Try to make a given XLOG file segment exist.
    3299             :  *
    3300             :  * logsegno: identify segment.
    3301             :  *
    3302             :  * *added: on return, true if this call raised the number of extant segments.
    3303             :  *
    3304             :  * path: on return, this char[MAXPGPATH] has the path to the logsegno file.
    3305             :  *
    3306             :  * Returns -1 or FD of opened file.  A -1 here is not an error; a caller
    3307             :  * wanting an open segment should attempt to open "path", which usually will
    3308             :  * succeed.  (This is weird, but it's efficient for the callers.)
    3309             :  */
    3310             : static int
    3311       28868 : XLogFileInitInternal(XLogSegNo logsegno, TimeLineID logtli,
    3312             :                      bool *added, char *path)
    3313             : {
    3314             :     char        tmppath[MAXPGPATH];
    3315             :     XLogSegNo   installed_segno;
    3316             :     XLogSegNo   max_segno;
    3317             :     int         fd;
    3318             :     int         save_errno;
    3319       28868 :     int         open_flags = O_RDWR | O_CREAT | O_EXCL | PG_BINARY;
    3320             :     instr_time  io_start;
    3321             : 
    3322             :     Assert(logtli != 0);
    3323             : 
    3324       28868 :     XLogFilePath(path, logtli, logsegno, wal_segment_size);
    3325             : 
    3326             :     /*
    3327             :      * Try to use existent file (checkpoint maker may have created it already)
    3328             :      */
    3329       28868 :     *added = false;
    3330       28868 :     fd = BasicOpenFile(path, O_RDWR | PG_BINARY | O_CLOEXEC |
    3331       28868 :                        get_sync_bit(wal_sync_method));
    3332       28868 :     if (fd < 0)
    3333             :     {
    3334        3002 :         if (errno != ENOENT)
    3335           0 :             ereport(ERROR,
    3336             :                     (errcode_for_file_access(),
    3337             :                      errmsg("could not open file \"%s\": %m", path)));
    3338             :     }
    3339             :     else
    3340       25866 :         return fd;
    3341             : 
    3342             :     /*
    3343             :      * Initialize an empty (all zeroes) segment.  NOTE: it is possible that
    3344             :      * another process is doing the same thing.  If so, we will end up
    3345             :      * pre-creating an extra log segment.  That seems OK, and better than
    3346             :      * holding the lock throughout this lengthy process.
    3347             :      */
    3348        3002 :     elog(DEBUG2, "creating and filling new WAL file");
    3349             : 
    3350        3002 :     snprintf(tmppath, MAXPGPATH, XLOGDIR "/xlogtemp.%d", (int) getpid());
    3351             : 
    3352        3002 :     unlink(tmppath);
    3353             : 
    3354        3002 :     if (io_direct_flags & IO_DIRECT_WAL_INIT)
    3355           0 :         open_flags |= PG_O_DIRECT;
    3356             : 
    3357             :     /* do not use get_sync_bit() here --- want to fsync only at end of fill */
    3358        3002 :     fd = BasicOpenFile(tmppath, open_flags);
    3359        3002 :     if (fd < 0)
    3360           0 :         ereport(ERROR,
    3361             :                 (errcode_for_file_access(),
    3362             :                  errmsg("could not create file \"%s\": %m", tmppath)));
    3363             : 
    3364             :     /* Measure I/O timing when initializing segment */
    3365        3002 :     io_start = pgstat_prepare_io_time(track_wal_io_timing);
    3366             : 
    3367        3002 :     pgstat_report_wait_start(WAIT_EVENT_WAL_INIT_WRITE);
    3368        3002 :     save_errno = 0;
    3369        3002 :     if (wal_init_zero)
    3370             :     {
    3371             :         ssize_t     rc;
    3372             : 
    3373             :         /*
    3374             :          * Zero-fill the file.  With this setting, we do this the hard way to
    3375             :          * ensure that all the file space has really been allocated.  On
    3376             :          * platforms that allow "holes" in files, just seeking to the end
    3377             :          * doesn't allocate intermediate space.  This way, we know that we
    3378             :          * have all the space and (after the fsync below) that all the
    3379             :          * indirect blocks are down on disk.  Therefore, fdatasync(2) or
    3380             :          * O_DSYNC will be sufficient to sync future writes to the log file.
    3381             :          */
    3382        3002 :         rc = pg_pwrite_zeros(fd, wal_segment_size, 0);
    3383             : 
    3384        3002 :         if (rc < 0)
    3385           0 :             save_errno = errno;
    3386             :     }
    3387             :     else
    3388             :     {
    3389             :         /*
    3390             :          * Otherwise, seeking to the end and writing a solitary byte is
    3391             :          * enough.
    3392             :          */
    3393           0 :         errno = 0;
    3394           0 :         if (pg_pwrite(fd, "\0", 1, wal_segment_size - 1) != 1)
    3395             :         {
    3396             :             /* if write didn't set errno, assume no disk space */
    3397           0 :             save_errno = errno ? errno : ENOSPC;
    3398             :         }
    3399             :     }
    3400        3002 :     pgstat_report_wait_end();
    3401             : 
    3402             :     /*
    3403             :      * A full segment worth of data is written when using wal_init_zero. One
    3404             :      * byte is written when not using it.
    3405             :      */
    3406        3002 :     pgstat_count_io_op_time(IOOBJECT_WAL, IOCONTEXT_INIT, IOOP_WRITE,
    3407             :                             io_start, 1,
    3408        3002 :                             wal_init_zero ? wal_segment_size : 1);
    3409             : 
    3410        3002 :     if (save_errno)
    3411             :     {
    3412             :         /*
    3413             :          * If we fail to make the file, delete it to release disk space
    3414             :          */
    3415           0 :         unlink(tmppath);
    3416             : 
    3417           0 :         close(fd);
    3418             : 
    3419           0 :         errno = save_errno;
    3420             : 
    3421           0 :         ereport(ERROR,
    3422             :                 (errcode_for_file_access(),
    3423             :                  errmsg("could not write to file \"%s\": %m", tmppath)));
    3424             :     }
    3425             : 
    3426             :     /* Measure I/O timing when flushing segment */
    3427        3002 :     io_start = pgstat_prepare_io_time(track_wal_io_timing);
    3428             : 
    3429        3002 :     pgstat_report_wait_start(WAIT_EVENT_WAL_INIT_SYNC);
    3430        3002 :     if (pg_fsync(fd) != 0)
    3431             :     {
    3432           0 :         save_errno = errno;
    3433           0 :         close(fd);
    3434           0 :         errno = save_errno;
    3435           0 :         ereport(ERROR,
    3436             :                 (errcode_for_file_access(),
    3437             :                  errmsg("could not fsync file \"%s\": %m", tmppath)));
    3438             :     }
    3439        3002 :     pgstat_report_wait_end();
    3440             : 
    3441        3002 :     pgstat_count_io_op_time(IOOBJECT_WAL, IOCONTEXT_INIT,
    3442             :                             IOOP_FSYNC, io_start, 1, 0);
    3443             : 
    3444        3002 :     if (close(fd) != 0)
    3445           0 :         ereport(ERROR,
    3446             :                 (errcode_for_file_access(),
    3447             :                  errmsg("could not close file \"%s\": %m", tmppath)));
    3448             : 
    3449             :     /*
    3450             :      * Now move the segment into place with its final name.  Cope with
    3451             :      * possibility that someone else has created the file while we were
    3452             :      * filling ours: if so, use ours to pre-create a future log segment.
    3453             :      */
    3454        3002 :     installed_segno = logsegno;
    3455             : 
    3456             :     /*
    3457             :      * XXX: What should we use as max_segno? We used to use XLOGfileslop when
    3458             :      * that was a constant, but that was always a bit dubious: normally, at a
    3459             :      * checkpoint, XLOGfileslop was the offset from the checkpoint record, but
    3460             :      * here, it was the offset from the insert location. We can't do the
    3461             :      * normal XLOGfileslop calculation here because we don't have access to
    3462             :      * the prior checkpoint's redo location. So somewhat arbitrarily, just use
    3463             :      * CheckPointSegments.
    3464             :      */
    3465        3002 :     max_segno = logsegno + CheckPointSegments;
    3466        3002 :     if (InstallXLogFileSegment(&installed_segno, tmppath, true, max_segno,
    3467             :                                logtli))
    3468             :     {
    3469        3002 :         *added = true;
    3470        3002 :         elog(DEBUG2, "done creating and filling new WAL file");
    3471             :     }
    3472             :     else
    3473             :     {
    3474             :         /*
    3475             :          * No need for any more future segments, or InstallXLogFileSegment()
    3476             :          * failed to rename the file into place. If the rename failed, a
    3477             :          * caller opening the file may fail.
    3478             :          */
    3479           0 :         unlink(tmppath);
    3480           0 :         elog(DEBUG2, "abandoned new WAL file");
    3481             :     }
    3482             : 
    3483        3002 :     return -1;
    3484             : }
    3485             : 
    3486             : /*
    3487             :  * Create a new XLOG file segment, or open a pre-existing one.
    3488             :  *
    3489             :  * logsegno: identify segment to be created/opened.
    3490             :  *
    3491             :  * Returns FD of opened file.
    3492             :  *
    3493             :  * Note: errors here are ERROR not PANIC because we might or might not be
    3494             :  * inside a critical section (eg, during checkpoint there is no reason to
    3495             :  * take down the system on failure).  They will promote to PANIC if we are
    3496             :  * in a critical section.
    3497             :  */
    3498             : int
    3499       28332 : XLogFileInit(XLogSegNo logsegno, TimeLineID logtli)
    3500             : {
    3501             :     bool        ignore_added;
    3502             :     char        path[MAXPGPATH];
    3503             :     int         fd;
    3504             : 
    3505             :     Assert(logtli != 0);
    3506             : 
    3507       28332 :     fd = XLogFileInitInternal(logsegno, logtli, &ignore_added, path);
    3508       28332 :     if (fd >= 0)
    3509       25622 :         return fd;
    3510             : 
    3511             :     /* Now open original target segment (might not be file I just made) */
    3512        2710 :     fd = BasicOpenFile(path, O_RDWR | PG_BINARY | O_CLOEXEC |
    3513        2710 :                        get_sync_bit(wal_sync_method));
    3514        2710 :     if (fd < 0)
    3515           0 :         ereport(ERROR,
    3516             :                 (errcode_for_file_access(),
    3517             :                  errmsg("could not open file \"%s\": %m", path)));
    3518        2710 :     return fd;
    3519             : }
    3520             : 
    3521             : /*
    3522             :  * Create a new XLOG file segment by copying a pre-existing one.
    3523             :  *
    3524             :  * destsegno: identify segment to be created.
    3525             :  *
    3526             :  * srcTLI, srcsegno: identify segment to be copied (could be from
    3527             :  *      a different timeline)
    3528             :  *
    3529             :  * upto: how much of the source file to copy (the rest is filled with
    3530             :  *      zeros)
    3531             :  *
    3532             :  * Currently this is only used during recovery, and so there are no locking
    3533             :  * considerations.  But we should be just as tense as XLogFileInit to avoid
    3534             :  * emplacing a bogus file.
    3535             :  */
    3536             : static void
    3537          74 : XLogFileCopy(TimeLineID destTLI, XLogSegNo destsegno,
    3538             :              TimeLineID srcTLI, XLogSegNo srcsegno,
    3539             :              int upto)
    3540             : {
    3541             :     char        path[MAXPGPATH];
    3542             :     char        tmppath[MAXPGPATH];
    3543             :     PGAlignedXLogBlock buffer;
    3544             :     int         srcfd;
    3545             :     int         fd;
    3546             :     int         nbytes;
    3547             : 
    3548             :     /*
    3549             :      * Open the source file
    3550             :      */
    3551          74 :     XLogFilePath(path, srcTLI, srcsegno, wal_segment_size);
    3552          74 :     srcfd = OpenTransientFile(path, O_RDONLY | PG_BINARY);
    3553          74 :     if (srcfd < 0)
    3554           0 :         ereport(ERROR,
    3555             :                 (errcode_for_file_access(),
    3556             :                  errmsg("could not open file \"%s\": %m", path)));
    3557             : 
    3558             :     /*
    3559             :      * Copy into a temp file name.
    3560             :      */
    3561          74 :     snprintf(tmppath, MAXPGPATH, XLOGDIR "/xlogtemp.%d", (int) getpid());
    3562             : 
    3563          74 :     unlink(tmppath);
    3564             : 
    3565             :     /* do not use get_sync_bit() here --- want to fsync only at end of fill */
    3566          74 :     fd = OpenTransientFile(tmppath, O_RDWR | O_CREAT | O_EXCL | PG_BINARY);
    3567          74 :     if (fd < 0)
    3568           0 :         ereport(ERROR,
    3569             :                 (errcode_for_file_access(),
    3570             :                  errmsg("could not create file \"%s\": %m", tmppath)));
    3571             : 
    3572             :     /*
    3573             :      * Do the data copying.
    3574             :      */
    3575      151626 :     for (nbytes = 0; nbytes < wal_segment_size; nbytes += sizeof(buffer))
    3576             :     {
    3577             :         int         nread;
    3578             : 
    3579      151552 :         nread = upto - nbytes;
    3580             : 
    3581             :         /*
    3582             :          * The part that is not read from the source file is filled with
    3583             :          * zeros.
    3584             :          */
    3585      151552 :         if (nread < sizeof(buffer))
    3586          74 :             memset(buffer.data, 0, sizeof(buffer));
    3587             : 
    3588      151552 :         if (nread > 0)
    3589             :         {
    3590             :             int         r;
    3591             : 
    3592        5382 :             if (nread > sizeof(buffer))
    3593        5308 :                 nread = sizeof(buffer);
    3594        5382 :             pgstat_report_wait_start(WAIT_EVENT_WAL_COPY_READ);
    3595        5382 :             r = read(srcfd, buffer.data, nread);
    3596        5382 :             if (r != nread)
    3597             :             {
    3598           0 :                 if (r < 0)
    3599           0 :                     ereport(ERROR,
    3600             :                             (errcode_for_file_access(),
    3601             :                              errmsg("could not read file \"%s\": %m",
    3602             :                                     path)));
    3603             :                 else
    3604           0 :                     ereport(ERROR,
    3605             :                             (errcode(ERRCODE_DATA_CORRUPTED),
    3606             :                              errmsg("could not read file \"%s\": read %d of %zu",
    3607             :                                     path, r, (Size) nread)));
    3608             :             }
    3609        5382 :             pgstat_report_wait_end();
    3610             :         }
    3611      151552 :         errno = 0;
    3612      151552 :         pgstat_report_wait_start(WAIT_EVENT_WAL_COPY_WRITE);
    3613      151552 :         if ((int) write(fd, buffer.data, sizeof(buffer)) != (int) sizeof(buffer))
    3614             :         {
    3615           0 :             int         save_errno = errno;
    3616             : 
    3617             :             /*
    3618             :              * If we fail to make the file, delete it to release disk space
    3619             :              */
    3620           0 :             unlink(tmppath);
    3621             :             /* if write didn't set errno, assume problem is no disk space */
    3622           0 :             errno = save_errno ? save_errno : ENOSPC;
    3623             : 
    3624           0 :             ereport(ERROR,
    3625             :                     (errcode_for_file_access(),
    3626             :                      errmsg("could not write to file \"%s\": %m", tmppath)));
    3627             :         }
    3628      151552 :         pgstat_report_wait_end();
    3629             :     }
    3630             : 
    3631          74 :     pgstat_report_wait_start(WAIT_EVENT_WAL_COPY_SYNC);
    3632          74 :     if (pg_fsync(fd) != 0)
    3633           0 :         ereport(data_sync_elevel(ERROR),
    3634             :                 (errcode_for_file_access(),
    3635             :                  errmsg("could not fsync file \"%s\": %m", tmppath)));
    3636          74 :     pgstat_report_wait_end();
    3637             : 
    3638          74 :     if (CloseTransientFile(fd) != 0)
    3639           0 :         ereport(ERROR,
    3640             :                 (errcode_for_file_access(),
    3641             :                  errmsg("could not close file \"%s\": %m", tmppath)));
    3642             : 
    3643          74 :     if (CloseTransientFile(srcfd) != 0)
    3644           0 :         ereport(ERROR,
    3645             :                 (errcode_for_file_access(),
    3646             :                  errmsg("could not close file \"%s\": %m", path)));
    3647             : 
    3648             :     /*
    3649             :      * Now move the segment into place with its final name.
    3650             :      */
    3651          74 :     if (!InstallXLogFileSegment(&destsegno, tmppath, false, 0, destTLI))
    3652           0 :         elog(ERROR, "InstallXLogFileSegment should not have failed");
    3653          74 : }
    3654             : 
    3655             : /*
    3656             :  * Install a new XLOG segment file as a current or future log segment.
    3657             :  *
    3658             :  * This is used both to install a newly-created segment (which has a temp
    3659             :  * filename while it's being created) and to recycle an old segment.
    3660             :  *
    3661             :  * *segno: identify segment to install as (or first possible target).
    3662             :  * When find_free is true, this is modified on return to indicate the
    3663             :  * actual installation location or last segment searched.
    3664             :  *
    3665             :  * tmppath: initial name of file to install.  It will be renamed into place.
    3666             :  *
    3667             :  * find_free: if true, install the new segment at the first empty segno
    3668             :  * number at or after the passed numbers.  If false, install the new segment
    3669             :  * exactly where specified, deleting any existing segment file there.
    3670             :  *
    3671             :  * max_segno: maximum segment number to install the new file as.  Fail if no
    3672             :  * free slot is found between *segno and max_segno. (Ignored when find_free
    3673             :  * is false.)
    3674             :  *
    3675             :  * tli: The timeline on which the new segment should be installed.
    3676             :  *
    3677             :  * Returns true if the file was installed successfully.  false indicates that
    3678             :  * max_segno limit was exceeded, the startup process has disabled this
    3679             :  * function for now, or an error occurred while renaming the file into place.
    3680             :  */
    3681             : static bool
    3682        5818 : InstallXLogFileSegment(XLogSegNo *segno, char *tmppath,
    3683             :                        bool find_free, XLogSegNo max_segno, TimeLineID tli)
    3684             : {
    3685             :     char        path[MAXPGPATH];
    3686             :     struct stat stat_buf;
    3687             : 
    3688             :     Assert(tli != 0);
    3689             : 
    3690        5818 :     XLogFilePath(path, tli, *segno, wal_segment_size);
    3691             : 
    3692        5818 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    3693        5818 :     if (!XLogCtl->InstallXLogFileSegmentActive)
    3694             :     {
    3695           0 :         LWLockRelease(ControlFileLock);
    3696           0 :         return false;
    3697             :     }
    3698             : 
    3699        5818 :     if (!find_free)
    3700             :     {
    3701             :         /* Force installation: get rid of any pre-existing segment file */
    3702          74 :         durable_unlink(path, DEBUG1);
    3703             :     }
    3704             :     else
    3705             :     {
    3706             :         /* Find a free slot to put it in */
    3707        8382 :         while (stat(path, &stat_buf) == 0)
    3708             :         {
    3709        2688 :             if ((*segno) >= max_segno)
    3710             :             {
    3711             :                 /* Failed to find a free slot within specified range */
    3712          50 :                 LWLockRelease(ControlFileLock);
    3713          50 :                 return false;
    3714             :             }
    3715        2638 :             (*segno)++;
    3716        2638 :             XLogFilePath(path, tli, *segno, wal_segment_size);
    3717             :         }
    3718             :     }
    3719             : 
    3720             :     Assert(access(path, F_OK) != 0 && errno == ENOENT);
    3721        5768 :     if (durable_rename(tmppath, path, LOG) != 0)
    3722             :     {
    3723           0 :         LWLockRelease(ControlFileLock);
    3724             :         /* durable_rename already emitted log message */
    3725           0 :         return false;
    3726             :     }
    3727             : 
    3728        5768 :     LWLockRelease(ControlFileLock);
    3729             : 
    3730        5768 :     return true;
    3731             : }
    3732             : 
    3733             : /*
    3734             :  * Open a pre-existing logfile segment for writing.
    3735             :  */
    3736             : int
    3737         210 : XLogFileOpen(XLogSegNo segno, TimeLineID tli)
    3738             : {
    3739             :     char        path[MAXPGPATH];
    3740             :     int         fd;
    3741             : 
    3742         210 :     XLogFilePath(path, tli, segno, wal_segment_size);
    3743             : 
    3744         210 :     fd = BasicOpenFile(path, O_RDWR | PG_BINARY | O_CLOEXEC |
    3745         210 :                        get_sync_bit(wal_sync_method));
    3746         210 :     if (fd < 0)
    3747           0 :         ereport(PANIC,
    3748             :                 (errcode_for_file_access(),
    3749             :                  errmsg("could not open file \"%s\": %m", path)));
    3750             : 
    3751         210 :     return fd;
    3752             : }
    3753             : 
    3754             : /*
    3755             :  * Close the current logfile segment for writing.
    3756             :  */
    3757             : static void
    3758       12734 : XLogFileClose(void)
    3759             : {
    3760             :     Assert(openLogFile >= 0);
    3761             : 
    3762             :     /*
    3763             :      * WAL segment files will not be re-read in normal operation, so we advise
    3764             :      * the OS to release any cached pages.  But do not do so if WAL archiving
    3765             :      * or streaming is active, because archiver and walsender process could
    3766             :      * use the cache to read the WAL segment.
    3767             :      */
    3768             : #if defined(USE_POSIX_FADVISE) && defined(POSIX_FADV_DONTNEED)
    3769       12734 :     if (!XLogIsNeeded() && (io_direct_flags & IO_DIRECT_WAL) == 0)
    3770        2992 :         (void) posix_fadvise(openLogFile, 0, 0, POSIX_FADV_DONTNEED);
    3771             : #endif
    3772             : 
    3773       12734 :     if (close(openLogFile) != 0)
    3774             :     {
    3775             :         char        xlogfname[MAXFNAMELEN];
    3776           0 :         int         save_errno = errno;
    3777             : 
    3778           0 :         XLogFileName(xlogfname, openLogTLI, openLogSegNo, wal_segment_size);
    3779           0 :         errno = save_errno;
    3780           0 :         ereport(PANIC,
    3781             :                 (errcode_for_file_access(),
    3782             :                  errmsg("could not close file \"%s\": %m", xlogfname)));
    3783             :     }
    3784             : 
    3785       12734 :     openLogFile = -1;
    3786       12734 :     ReleaseExternalFD();
    3787       12734 : }
    3788             : 
    3789             : /*
    3790             :  * Preallocate log files beyond the specified log endpoint.
    3791             :  *
    3792             :  * XXX this is currently extremely conservative, since it forces only one
    3793             :  * future log segment to exist, and even that only if we are 75% done with
    3794             :  * the current one.  This is only appropriate for very low-WAL-volume systems.
    3795             :  * High-volume systems will be OK once they've built up a sufficient set of
    3796             :  * recycled log segments, but the startup transient is likely to include
    3797             :  * a lot of segment creations by foreground processes, which is not so good.
    3798             :  *
    3799             :  * XLogFileInitInternal() can ereport(ERROR).  All known causes indicate big
    3800             :  * trouble; for example, a full filesystem is one cause.  The checkpoint WAL
    3801             :  * and/or ControlFile updates already completed.  If a RequestCheckpoint()
    3802             :  * initiated the present checkpoint and an ERROR ends this function, the
    3803             :  * command that called RequestCheckpoint() fails.  That's not ideal, but it's
    3804             :  * not worth contorting more functions to use caller-specified elevel values.
    3805             :  * (With or without RequestCheckpoint(), an ERROR forestalls some inessential
    3806             :  * reporting and resource reclamation.)
    3807             :  */
    3808             : static void
    3809        3922 : PreallocXlogFiles(XLogRecPtr endptr, TimeLineID tli)
    3810             : {
    3811             :     XLogSegNo   _logSegNo;
    3812             :     int         lf;
    3813             :     bool        added;
    3814             :     char        path[MAXPGPATH];
    3815             :     uint64      offset;
    3816             : 
    3817        3922 :     if (!XLogCtl->InstallXLogFileSegmentActive)
    3818          18 :         return;                 /* unlocked check says no */
    3819             : 
    3820        3904 :     XLByteToPrevSeg(endptr, _logSegNo, wal_segment_size);
    3821        3904 :     offset = XLogSegmentOffset(endptr - 1, wal_segment_size);
    3822        3904 :     if (offset >= (uint32) (0.75 * wal_segment_size))
    3823             :     {
    3824         536 :         _logSegNo++;
    3825         536 :         lf = XLogFileInitInternal(_logSegNo, tli, &added, path);
    3826         536 :         if (lf >= 0)
    3827         244 :             close(lf);
    3828         536 :         if (added)
    3829         292 :             CheckpointStats.ckpt_segs_added++;
    3830             :     }
    3831             : }
    3832             : 
    3833             : /*
    3834             :  * Throws an error if the given log segment has already been removed or
    3835             :  * recycled. The caller should only pass a segment that it knows to have
    3836             :  * existed while the server has been running, as this function always
    3837             :  * succeeds if no WAL segments have been removed since startup.
    3838             :  * 'tli' is only used in the error message.
    3839             :  *
    3840             :  * Note: this function guarantees to keep errno unchanged on return.
    3841             :  * This supports callers that use this to possibly deliver a better
    3842             :  * error message about a missing file, while still being able to throw
    3843             :  * a normal file-access error afterwards, if this does return.
    3844             :  */
    3845             : void
    3846      229990 : CheckXLogRemoved(XLogSegNo segno, TimeLineID tli)
    3847             : {
    3848      229990 :     int         save_errno = errno;
    3849             :     XLogSegNo   lastRemovedSegNo;
    3850             : 
    3851      229990 :     SpinLockAcquire(&XLogCtl->info_lck);
    3852      229990 :     lastRemovedSegNo = XLogCtl->lastRemovedSegNo;
    3853      229990 :     SpinLockRelease(&XLogCtl->info_lck);
    3854             : 
    3855      229990 :     if (segno <= lastRemovedSegNo)
    3856             :     {
    3857             :         char        filename[MAXFNAMELEN];
    3858             : 
    3859           0 :         XLogFileName(filename, tli, segno, wal_segment_size);
    3860           0 :         errno = save_errno;
    3861           0 :         ereport(ERROR,
    3862             :                 (errcode_for_file_access(),
    3863             :                  errmsg("requested WAL segment %s has already been removed",
    3864             :                         filename)));
    3865             :     }
    3866      229990 :     errno = save_errno;
    3867      229990 : }
    3868             : 
    3869             : /*
    3870             :  * Return the last WAL segment removed, or 0 if no segment has been removed
    3871             :  * since startup.
    3872             :  *
    3873             :  * NB: the result can be out of date arbitrarily fast, the caller has to deal
    3874             :  * with that.
    3875             :  */
    3876             : XLogSegNo
    3877        2148 : XLogGetLastRemovedSegno(void)
    3878             : {
    3879             :     XLogSegNo   lastRemovedSegNo;
    3880             : 
    3881        2148 :     SpinLockAcquire(&XLogCtl->info_lck);
    3882        2148 :     lastRemovedSegNo = XLogCtl->lastRemovedSegNo;
    3883        2148 :     SpinLockRelease(&XLogCtl->info_lck);
    3884             : 
    3885        2148 :     return lastRemovedSegNo;
    3886             : }
    3887             : 
    3888             : /*
    3889             :  * Return the oldest WAL segment on the given TLI that still exists in
    3890             :  * XLOGDIR, or 0 if none.
    3891             :  */
    3892             : XLogSegNo
    3893          10 : XLogGetOldestSegno(TimeLineID tli)
    3894             : {
    3895             :     DIR        *xldir;
    3896             :     struct dirent *xlde;
    3897          10 :     XLogSegNo   oldest_segno = 0;
    3898             : 
    3899          10 :     xldir = AllocateDir(XLOGDIR);
    3900          66 :     while ((xlde = ReadDir(xldir, XLOGDIR)) != NULL)
    3901             :     {
    3902             :         TimeLineID  file_tli;
    3903             :         XLogSegNo   file_segno;
    3904             : 
    3905             :         /* Ignore files that are not XLOG segments. */
    3906          56 :         if (!IsXLogFileName(xlde->d_name))
    3907          40 :             continue;
    3908             : 
    3909             :         /* Parse filename to get TLI and segno. */
    3910          16 :         XLogFromFileName(xlde->d_name, &file_tli, &file_segno,
    3911             :                          wal_segment_size);
    3912             : 
    3913             :         /* Ignore anything that's not from the TLI of interest. */
    3914          16 :         if (tli != file_tli)
    3915           0 :             continue;
    3916             : 
    3917             :         /* If it's the oldest so far, update oldest_segno. */
    3918          16 :         if (oldest_segno == 0 || file_segno < oldest_segno)
    3919          14 :             oldest_segno = file_segno;
    3920             :     }
    3921             : 
    3922          10 :     FreeDir(xldir);
    3923          10 :     return oldest_segno;
    3924             : }
    3925             : 
    3926             : /*
    3927             :  * Update the last removed segno pointer in shared memory, to reflect that the
    3928             :  * given XLOG file has been removed.
    3929             :  */
    3930             : static void
    3931        5030 : UpdateLastRemovedPtr(char *filename)
    3932             : {
    3933             :     uint32      tli;
    3934             :     XLogSegNo   segno;
    3935             : 
    3936        5030 :     XLogFromFileName(filename, &tli, &segno, wal_segment_size);
    3937             : 
    3938        5030 :     SpinLockAcquire(&XLogCtl->info_lck);
    3939        5030 :     if (segno > XLogCtl->lastRemovedSegNo)
    3940        2098 :         XLogCtl->lastRemovedSegNo = segno;
    3941        5030 :     SpinLockRelease(&XLogCtl->info_lck);
    3942        5030 : }
    3943             : 
    3944             : /*
    3945             :  * Remove all temporary log files in pg_wal
    3946             :  *
    3947             :  * This is called at the beginning of recovery after a previous crash,
    3948             :  * at a point where no other processes write fresh WAL data.
    3949             :  */
    3950             : static void
    3951         350 : RemoveTempXlogFiles(void)
    3952             : {
    3953             :     DIR        *xldir;
    3954             :     struct dirent *xlde;
    3955             : 
    3956         350 :     elog(DEBUG2, "removing all temporary WAL segments");
    3957             : 
    3958         350 :     xldir = AllocateDir(XLOGDIR);
    3959        2384 :     while ((xlde = ReadDir(xldir, XLOGDIR)) != NULL)
    3960             :     {
    3961             :         char        path[MAXPGPATH];
    3962             : 
    3963        2034 :         if (strncmp(xlde->d_name, "xlogtemp.", 9) != 0)
    3964        2034 :             continue;
    3965             : 
    3966           0 :         snprintf(path, MAXPGPATH, XLOGDIR "/%s", xlde->d_name);
    3967           0 :         unlink(path);
    3968           0 :         elog(DEBUG2, "removed temporary WAL segment \"%s\"", path);
    3969             :     }
    3970         350 :     FreeDir(xldir);
    3971         350 : }
    3972             : 
    3973             : /*
    3974             :  * Recycle or remove all log files older or equal to passed segno.
    3975             :  *
    3976             :  * endptr is current (or recent) end of xlog, and lastredoptr is the
    3977             :  * redo pointer of the last checkpoint. These are used to determine
    3978             :  * whether we want to recycle rather than delete no-longer-wanted log files.
    3979             :  *
    3980             :  * insertTLI is the current timeline for XLOG insertion. Any recycled
    3981             :  * segments should be reused for this timeline.
    3982             :  */
    3983             : static void
    3984        3378 : RemoveOldXlogFiles(XLogSegNo segno, XLogRecPtr lastredoptr, XLogRecPtr endptr,
    3985             :                    TimeLineID insertTLI)
    3986             : {
    3987             :     DIR        *xldir;
    3988             :     struct dirent *xlde;
    3989             :     char        lastoff[MAXFNAMELEN];
    3990             :     XLogSegNo   endlogSegNo;
    3991             :     XLogSegNo   recycleSegNo;
    3992             : 
    3993             :     /* Initialize info about where to try to recycle to */
    3994        3378 :     XLByteToSeg(endptr, endlogSegNo, wal_segment_size);
    3995        3378 :     recycleSegNo = XLOGfileslop(lastredoptr);
    3996             : 
    3997             :     /*
    3998             :      * Construct a filename of the last segment to be kept. The timeline ID
    3999             :      * doesn't matter, we ignore that in the comparison. (During recovery,
    4000             :      * InsertTimeLineID isn't set, so we can't use that.)
    4001             :      */
    4002        3378 :     XLogFileName(lastoff, 0, segno, wal_segment_size);
    4003             : 
    4004        3378 :     elog(DEBUG2, "attempting to remove WAL segments older than log file %s",
    4005             :          lastoff);
    4006             : 
    4007        3378 :     xldir = AllocateDir(XLOGDIR);
    4008             : 
    4009       87118 :     while ((xlde = ReadDir(xldir, XLOGDIR)) != NULL)
    4010             :     {
    4011             :         /* Ignore files that are not XLOG segments */
    4012       83740 :         if (!IsXLogFileName(xlde->d_name) &&
    4013       14596 :             !IsPartialXLogFileName(xlde->d_name))
    4014       14592 :             continue;
    4015             : 
    4016             :         /*
    4017             :          * We ignore the timeline part of the XLOG segment identifiers in
    4018             :          * deciding whether a segment is still needed.  This ensures that we
    4019             :          * won't prematurely remove a segment from a parent timeline. We could
    4020             :          * probably be a little more proactive about removing segments of
    4021             :          * non-parent timelines, but that would be a whole lot more
    4022             :          * complicated.
    4023             :          *
    4024             :          * We use the alphanumeric sorting property of the filenames to decide
    4025             :          * which ones are earlier than the lastoff segment.
    4026             :          */
    4027       69148 :         if (strcmp(xlde->d_name + 8, lastoff + 8) <= 0)
    4028             :         {
    4029       45528 :             if (XLogArchiveCheckDone(xlde->d_name))
    4030             :             {
    4031             :                 /* Update the last removed location in shared memory first */
    4032        5030 :                 UpdateLastRemovedPtr(xlde->d_name);
    4033             : 
    4034        5030 :                 RemoveXlogFile(xlde, recycleSegNo, &endlogSegNo, insertTLI);
    4035             :             }
    4036             :         }
    4037             :     }
    4038             : 
    4039        3378 :     FreeDir(xldir);
    4040        3378 : }
    4041             : 
    4042             : /*
    4043             :  * Recycle or remove WAL files that are not part of the given timeline's
    4044             :  * history.
    4045             :  *
    4046             :  * This is called during recovery, whenever we switch to follow a new
    4047             :  * timeline, and at the end of recovery when we create a new timeline. We
    4048             :  * wouldn't otherwise care about extra WAL files lying in pg_wal, but they
    4049             :  * might be leftover pre-allocated or recycled WAL segments on the old timeline
    4050             :  * that we haven't used yet, and contain garbage. If we just leave them in
    4051             :  * pg_wal, they will eventually be archived, and we can't let that happen.
    4052             :  * Files that belong to our timeline history are valid, because we have
    4053             :  * successfully replayed them, but from others we can't be sure.
    4054             :  *
    4055             :  * 'switchpoint' is the current point in WAL where we switch to new timeline,
    4056             :  * and 'newTLI' is the new timeline we switch to.
    4057             :  */
    4058             : void
    4059         118 : RemoveNonParentXlogFiles(XLogRecPtr switchpoint, TimeLineID newTLI)
    4060             : {
    4061             :     DIR        *xldir;
    4062             :     struct dirent *xlde;
    4063             :     char        switchseg[MAXFNAMELEN];
    4064             :     XLogSegNo   endLogSegNo;
    4065             :     XLogSegNo   switchLogSegNo;
    4066             :     XLogSegNo   recycleSegNo;
    4067             : 
    4068             :     /*
    4069             :      * Initialize info about where to begin the work.  This will recycle,
    4070             :      * somewhat arbitrarily, 10 future segments.
    4071             :      */
    4072         118 :     XLByteToPrevSeg(switchpoint, switchLogSegNo, wal_segment_size);
    4073         118 :     XLByteToSeg(switchpoint, endLogSegNo, wal_segment_size);
    4074         118 :     recycleSegNo = endLogSegNo + 10;
    4075             : 
    4076             :     /*
    4077             :      * Construct a filename of the last segment to be kept.
    4078             :      */
    4079         118 :     XLogFileName(switchseg, newTLI, switchLogSegNo, wal_segment_size);
    4080             : 
    4081         118 :     elog(DEBUG2, "attempting to remove WAL segments newer than log file %s",
    4082             :          switchseg);
    4083             : 
    4084         118 :     xldir = AllocateDir(XLOGDIR);
    4085             : 
    4086        1120 :     while ((xlde = ReadDir(xldir, XLOGDIR)) != NULL)
    4087             :     {
    4088             :         /* Ignore files that are not XLOG segments */
    4089        1002 :         if (!IsXLogFileName(xlde->d_name))
    4090         626 :             continue;
    4091             : 
    4092             :         /*
    4093             :          * Remove files that are on a timeline older than the new one we're
    4094             :          * switching to, but with a segment number >= the first segment on the
    4095             :          * new timeline.
    4096             :          */
    4097         376 :         if (strncmp(xlde->d_name, switchseg, 8) < 0 &&
    4098         240 :             strcmp(xlde->d_name + 8, switchseg + 8) > 0)
    4099             :         {
    4100             :             /*
    4101             :              * If the file has already been marked as .ready, however, don't
    4102             :              * remove it yet. It should be OK to remove it - files that are
    4103             :              * not part of our timeline history are not required for recovery
    4104             :              * - but seems safer to let them be archived and removed later.
    4105             :              */
    4106          32 :             if (!XLogArchiveIsReady(xlde->d_name))
    4107          32 :                 RemoveXlogFile(xlde, recycleSegNo, &endLogSegNo, newTLI);
    4108             :         }
    4109             :     }
    4110             : 
    4111         118 :     FreeDir(xldir);
    4112         118 : }
    4113             : 
    4114             : /*
    4115             :  * Recycle or remove a log file that's no longer needed.
    4116             :  *
    4117             :  * segment_de is the dirent structure of the segment to recycle or remove.
    4118             :  * recycleSegNo is the segment number to recycle up to.  endlogSegNo is
    4119             :  * the segment number of the current (or recent) end of WAL.
    4120             :  *
    4121             :  * endlogSegNo gets incremented if the segment is recycled so as it is not
    4122             :  * checked again with future callers of this function.
    4123             :  *
    4124             :  * insertTLI is the current timeline for XLOG insertion. Any recycled segments
    4125             :  * should be used for this timeline.
    4126             :  */
    4127             : static void
    4128        5062 : RemoveXlogFile(const struct dirent *segment_de,
    4129             :                XLogSegNo recycleSegNo, XLogSegNo *endlogSegNo,
    4130             :                TimeLineID insertTLI)
    4131             : {
    4132             :     char        path[MAXPGPATH];
    4133             : #ifdef WIN32
    4134             :     char        newpath[MAXPGPATH];
    4135             : #endif
    4136        5062 :     const char *segname = segment_de->d_name;
    4137             : 
    4138        5062 :     snprintf(path, MAXPGPATH, XLOGDIR "/%s", segname);
    4139             : 
    4140             :     /*
    4141             :      * Before deleting the file, see if it can be recycled as a future log
    4142             :      * segment. Only recycle normal files, because we don't want to recycle
    4143             :      * symbolic links pointing to a separate archive directory.
    4144             :      */
    4145        5062 :     if (wal_recycle &&
    4146        5062 :         *endlogSegNo <= recycleSegNo &&
    4147        6136 :         XLogCtl->InstallXLogFileSegmentActive && /* callee rechecks this */
    4148        5484 :         get_dirent_type(path, segment_de, false, DEBUG2) == PGFILETYPE_REG &&
    4149        2742 :         InstallXLogFileSegment(endlogSegNo, path,
    4150             :                                true, recycleSegNo, insertTLI))
    4151             :     {
    4152        2692 :         ereport(DEBUG2,
    4153             :                 (errmsg_internal("recycled write-ahead log file \"%s\"",
    4154             :                                  segname)));
    4155        2692 :         CheckpointStats.ckpt_segs_recycled++;
    4156             :         /* Needn't recheck that slot on future iterations */
    4157        2692 :         (*endlogSegNo)++;
    4158             :     }
    4159             :     else
    4160             :     {
    4161             :         /* No need for any more future segments, or recycling failed ... */
    4162             :         int         rc;
    4163             : 
    4164        2370 :         ereport(DEBUG2,
    4165             :                 (errmsg_internal("removing write-ahead log file \"%s\"",
    4166             :                                  segname)));
    4167             : 
    4168             : #ifdef WIN32
    4169             : 
    4170             :         /*
    4171             :          * On Windows, if another process (e.g another backend) holds the file
    4172             :          * open in FILE_SHARE_DELETE mode, unlink will succeed, but the file
    4173             :          * will still show up in directory listing until the last handle is
    4174             :          * closed. To avoid confusing the lingering deleted file for a live
    4175             :          * WAL file that needs to be archived, rename it before deleting it.
    4176             :          *
    4177             :          * If another process holds the file open without FILE_SHARE_DELETE
    4178             :          * flag, rename will fail. We'll try again at the next checkpoint.
    4179             :          */
    4180             :         snprintf(newpath, MAXPGPATH, "%s.deleted", path);
    4181             :         if (rename(path, newpath) != 0)
    4182             :         {
    4183             :             ereport(LOG,
    4184             :                     (errcode_for_file_access(),
    4185             :                      errmsg("could not rename file \"%s\": %m",
    4186             :                             path)));
    4187             :             return;
    4188             :         }
    4189             :         rc = durable_unlink(newpath, LOG);
    4190             : #else
    4191        2370 :         rc = durable_unlink(path, LOG);
    4192             : #endif
    4193        2370 :         if (rc != 0)
    4194             :         {
    4195             :             /* Message already logged by durable_unlink() */
    4196           0 :             return;
    4197             :         }
    4198        2370 :         CheckpointStats.ckpt_segs_removed++;
    4199             :     }
    4200             : 
    4201        5062 :     XLogArchiveCleanup(segname);
    4202             : }
    4203             : 
    4204             : /*
    4205             :  * Verify whether pg_wal, pg_wal/archive_status, and pg_wal/summaries exist.
    4206             :  * If the latter do not exist, recreate them.
    4207             :  *
    4208             :  * It is not the goal of this function to verify the contents of these
    4209             :  * directories, but to help in cases where someone has performed a cluster
    4210             :  * copy for PITR purposes but omitted pg_wal from the copy.
    4211             :  *
    4212             :  * We could also recreate pg_wal if it doesn't exist, but a deliberate
    4213             :  * policy decision was made not to.  It is fairly common for pg_wal to be
    4214             :  * a symlink, and if that was the DBA's intent then automatically making a
    4215             :  * plain directory would result in degraded performance with no notice.
    4216             :  */
    4217             : static void
    4218        1864 : ValidateXLOGDirectoryStructure(void)
    4219             : {
    4220             :     char        path[MAXPGPATH];
    4221             :     struct stat stat_buf;
    4222             : 
    4223             :     /* Check for pg_wal; if it doesn't exist, error out */
    4224        1864 :     if (stat(XLOGDIR, &stat_buf) != 0 ||
    4225        1864 :         !S_ISDIR(stat_buf.st_mode))
    4226           0 :         ereport(FATAL,
    4227             :                 (errcode_for_file_access(),
    4228             :                  errmsg("required WAL directory \"%s\" does not exist",
    4229             :                         XLOGDIR)));
    4230             : 
    4231             :     /* Check for archive_status */
    4232        1864 :     snprintf(path, MAXPGPATH, XLOGDIR "/archive_status");
    4233        1864 :     if (stat(path, &stat_buf) == 0)
    4234             :     {
    4235             :         /* Check for weird cases where it exists but isn't a directory */
    4236        1862 :         if (!S_ISDIR(stat_buf.st_mode))
    4237           0 :             ereport(FATAL,
    4238             :                     (errcode_for_file_access(),
    4239             :                      errmsg("required WAL directory \"%s\" does not exist",
    4240             :                             path)));
    4241             :     }
    4242             :     else
    4243             :     {
    4244           2 :         ereport(LOG,
    4245             :                 (errmsg("creating missing WAL directory \"%s\"", path)));
    4246           2 :         if (MakePGDirectory(path) < 0)
    4247           0 :             ereport(FATAL,
    4248             :                     (errcode_for_file_access(),
    4249             :                      errmsg("could not create missing directory \"%s\": %m",
    4250             :                             path)));
    4251             :     }
    4252             : 
    4253             :     /* Check for summaries */
    4254        1864 :     snprintf(path, MAXPGPATH, XLOGDIR "/summaries");
    4255        1864 :     if (stat(path, &stat_buf) == 0)
    4256             :     {
    4257             :         /* Check for weird cases where it exists but isn't a directory */
    4258        1862 :         if (!S_ISDIR(stat_buf.st_mode))
    4259           0 :             ereport(FATAL,
    4260             :                     (errmsg("required WAL directory \"%s\" does not exist",
    4261             :                             path)));
    4262             :     }
    4263             :     else
    4264             :     {
    4265           2 :         ereport(LOG,
    4266             :                 (errmsg("creating missing WAL directory \"%s\"", path)));
    4267           2 :         if (MakePGDirectory(path) < 0)
    4268           0 :             ereport(FATAL,
    4269             :                     (errmsg("could not create missing directory \"%s\": %m",
    4270             :                             path)));
    4271             :     }
    4272        1864 : }
    4273             : 
    4274             : /*
    4275             :  * Remove previous backup history files.  This also retries creation of
    4276             :  * .ready files for any backup history files for which XLogArchiveNotify
    4277             :  * failed earlier.
    4278             :  */
    4279             : static void
    4280         298 : CleanupBackupHistory(void)
    4281             : {
    4282             :     DIR        *xldir;
    4283             :     struct dirent *xlde;
    4284             :     char        path[MAXPGPATH + sizeof(XLOGDIR)];
    4285             : 
    4286         298 :     xldir = AllocateDir(XLOGDIR);
    4287             : 
    4288        3010 :     while ((xlde = ReadDir(xldir, XLOGDIR)) != NULL)
    4289             :     {
    4290        2414 :         if (IsBackupHistoryFileName(xlde->d_name))
    4291             :         {
    4292         314 :             if (XLogArchiveCheckDone(xlde->d_name))
    4293             :             {
    4294         248 :                 elog(DEBUG2, "removing WAL backup history file \"%s\"",
    4295             :                      xlde->d_name);
    4296         248 :                 snprintf(path, sizeof(path), XLOGDIR "/%s", xlde->d_name);
    4297         248 :                 unlink(path);
    4298         248 :                 XLogArchiveCleanup(xlde->d_name);
    4299             :             }
    4300             :         }
    4301             :     }
    4302             : 
    4303         298 :     FreeDir(xldir);
    4304         298 : }
    4305             : 
    4306             : /*
    4307             :  * I/O routines for pg_control
    4308             :  *
    4309             :  * *ControlFile is a buffer in shared memory that holds an image of the
    4310             :  * contents of pg_control.  WriteControlFile() initializes pg_control
    4311             :  * given a preloaded buffer, ReadControlFile() loads the buffer from
    4312             :  * the pg_control file (during postmaster or standalone-backend startup),
    4313             :  * and UpdateControlFile() rewrites pg_control after we modify xlog state.
    4314             :  * InitControlFile() fills the buffer with initial values.
    4315             :  *
    4316             :  * For simplicity, WriteControlFile() initializes the fields of pg_control
    4317             :  * that are related to checking backend/database compatibility, and
    4318             :  * ReadControlFile() verifies they are correct.  We could split out the
    4319             :  * I/O and compatibility-check functions, but there seems no need currently.
    4320             :  */
    4321             : 
    4322             : static void
    4323         102 : InitControlFile(uint64 sysidentifier, uint32 data_checksum_version)
    4324             : {
    4325             :     char        mock_auth_nonce[MOCK_AUTH_NONCE_LEN];
    4326             : 
    4327             :     /*
    4328             :      * Generate a random nonce. This is used for authentication requests that
    4329             :      * will fail because the user does not exist. The nonce is used to create
    4330             :      * a genuine-looking password challenge for the non-existent user, in lieu
    4331             :      * of an actual stored password.
    4332             :      */
    4333         102 :     if (!pg_strong_random(mock_auth_nonce, MOCK_AUTH_NONCE_LEN))
    4334           0 :         ereport(PANIC,
    4335             :                 (errcode(ERRCODE_INTERNAL_ERROR),
    4336             :                  errmsg("could not generate secret authorization token")));
    4337             : 
    4338         102 :     memset(ControlFile, 0, sizeof(ControlFileData));
    4339             :     /* Initialize pg_control status fields */
    4340         102 :     ControlFile->system_identifier = sysidentifier;
    4341         102 :     memcpy(ControlFile->mock_authentication_nonce, mock_auth_nonce, MOCK_AUTH_NONCE_LEN);
    4342         102 :     ControlFile->state = DB_SHUTDOWNED;
    4343         102 :     ControlFile->unloggedLSN = FirstNormalUnloggedLSN;
    4344             : 
    4345             :     /* Set important parameter values for use when replaying WAL */
    4346         102 :     ControlFile->MaxConnections = MaxConnections;
    4347         102 :     ControlFile->max_worker_processes = max_worker_processes;
    4348         102 :     ControlFile->max_wal_senders = max_wal_senders;
    4349         102 :     ControlFile->max_prepared_xacts = max_prepared_xacts;
    4350         102 :     ControlFile->max_locks_per_xact = max_locks_per_xact;
    4351         102 :     ControlFile->wal_level = wal_level;
    4352         102 :     ControlFile->wal_log_hints = wal_log_hints;
    4353         102 :     ControlFile->track_commit_timestamp = track_commit_timestamp;
    4354         102 :     ControlFile->data_checksum_version = data_checksum_version;
    4355         102 : }
    4356             : 
    4357             : static void
    4358         102 : WriteControlFile(void)
    4359             : {
    4360             :     int         fd;
    4361             :     char        buffer[PG_CONTROL_FILE_SIZE];   /* need not be aligned */
    4362             : 
    4363             :     /*
    4364             :      * Initialize version and compatibility-check fields
    4365             :      */
    4366         102 :     ControlFile->pg_control_version = PG_CONTROL_VERSION;
    4367         102 :     ControlFile->catalog_version_no = CATALOG_VERSION_NO;
    4368             : 
    4369         102 :     ControlFile->maxAlign = MAXIMUM_ALIGNOF;
    4370         102 :     ControlFile->floatFormat = FLOATFORMAT_VALUE;
    4371             : 
    4372         102 :     ControlFile->blcksz = BLCKSZ;
    4373         102 :     ControlFile->relseg_size = RELSEG_SIZE;
    4374         102 :     ControlFile->xlog_blcksz = XLOG_BLCKSZ;
    4375         102 :     ControlFile->xlog_seg_size = wal_segment_size;
    4376             : 
    4377         102 :     ControlFile->nameDataLen = NAMEDATALEN;
    4378         102 :     ControlFile->indexMaxKeys = INDEX_MAX_KEYS;
    4379             : 
    4380         102 :     ControlFile->toast_max_chunk_size = TOAST_MAX_CHUNK_SIZE;
    4381         102 :     ControlFile->loblksize = LOBLKSIZE;
    4382             : 
    4383         102 :     ControlFile->float8ByVal = FLOAT8PASSBYVAL;
    4384             : 
    4385             :     /*
    4386             :      * Initialize the default 'char' signedness.
    4387             :      *
    4388             :      * The signedness of the char type is implementation-defined. For instance
    4389             :      * on x86 architecture CPUs, the char data type is typically treated as
    4390             :      * signed by default, whereas on aarch architecture CPUs, it is typically
    4391             :      * treated as unsigned by default. In v17 or earlier, we accidentally let
    4392             :      * C implementation signedness affect persistent data. This led to
    4393             :      * inconsistent results when comparing char data across different
    4394             :      * platforms.
    4395             :      *
    4396             :      * This flag can be used as a hint to ensure consistent behavior for
    4397             :      * pre-v18 data files that store data sorted by the 'char' type on disk,
    4398             :      * especially in cross-platform replication scenarios.
    4399             :      *
    4400             :      * Newly created database clusters unconditionally set the default char
    4401             :      * signedness to true. pg_upgrade changes this flag for clusters that were
    4402             :      * initialized on signedness=false platforms. As a result,
    4403             :      * signedness=false setting will become rare over time. If we had known
    4404             :      * about this problem during the last development cycle that forced initdb
    4405             :      * (v8.3), we would have made all clusters signed or all clusters
    4406             :      * unsigned. Making pg_upgrade the only source of signedness=false will
    4407             :      * cause the population of database clusters to converge toward that
    4408             :      * retrospective ideal.
    4409             :      */
    4410         102 :     ControlFile->default_char_signedness = true;
    4411             : 
    4412             :     /* Contents are protected with a CRC */
    4413         102 :     INIT_CRC32C(ControlFile->crc);
    4414         102 :     COMP_CRC32C(ControlFile->crc,
    4415             :                 ControlFile,
    4416             :                 offsetof(ControlFileData, crc));
    4417         102 :     FIN_CRC32C(ControlFile->crc);
    4418             : 
    4419             :     /*
    4420             :      * We write out PG_CONTROL_FILE_SIZE bytes into pg_control, zero-padding
    4421             :      * the excess over sizeof(ControlFileData).  This reduces the odds of
    4422             :      * premature-EOF errors when reading pg_control.  We'll still fail when we
    4423             :      * check the contents of the file, but hopefully with a more specific
    4424             :      * error than "couldn't read pg_control".
    4425             :      */
    4426         102 :     memset(buffer, 0, PG_CONTROL_FILE_SIZE);
    4427         102 :     memcpy(buffer, ControlFile, sizeof(ControlFileData));
    4428             : 
    4429         102 :     fd = BasicOpenFile(XLOG_CONTROL_FILE,
    4430             :                        O_RDWR | O_CREAT | O_EXCL | PG_BINARY);
    4431         102 :     if (fd < 0)
    4432           0 :         ereport(PANIC,
    4433             :                 (errcode_for_file_access(),
    4434             :                  errmsg("could not create file \"%s\": %m",
    4435             :                         XLOG_CONTROL_FILE)));
    4436             : 
    4437         102 :     errno = 0;
    4438         102 :     pgstat_report_wait_start(WAIT_EVENT_CONTROL_FILE_WRITE);
    4439         102 :     if (write(fd, buffer, PG_CONTROL_FILE_SIZE) != PG_CONTROL_FILE_SIZE)
    4440             :     {
    4441             :         /* if write didn't set errno, assume problem is no disk space */
    4442           0 :         if (errno == 0)
    4443           0 :             errno = ENOSPC;
    4444           0 :         ereport(PANIC,
    4445             :                 (errcode_for_file_access(),
    4446             :                  errmsg("could not write to file \"%s\": %m",
    4447             :                         XLOG_CONTROL_FILE)));
    4448             :     }
    4449         102 :     pgstat_report_wait_end();
    4450             : 
    4451         102 :     pgstat_report_wait_start(WAIT_EVENT_CONTROL_FILE_SYNC);
    4452         102 :     if (pg_fsync(fd) != 0)
    4453           0 :         ereport(PANIC,
    4454             :                 (errcode_for_file_access(),
    4455             :                  errmsg("could not fsync file \"%s\": %m",
    4456             :                         XLOG_CONTROL_FILE)));
    4457         102 :     pgstat_report_wait_end();
    4458             : 
    4459         102 :     if (close(fd) != 0)
    4460           0 :         ereport(PANIC,
    4461             :                 (errcode_for_file_access(),
    4462             :                  errmsg("could not close file \"%s\": %m",
    4463             :                         XLOG_CONTROL_FILE)));
    4464         102 : }
    4465             : 
    4466             : static void
    4467        1964 : ReadControlFile(void)
    4468             : {
    4469             :     pg_crc32c   crc;
    4470             :     int         fd;
    4471             :     char        wal_segsz_str[20];
    4472             :     int         r;
    4473             : 
    4474             :     /*
    4475             :      * Read data...
    4476             :      */
    4477        1964 :     fd = BasicOpenFile(XLOG_CONTROL_FILE,
    4478             :                        O_RDWR | PG_BINARY);
    4479        1964 :     if (fd < 0)
    4480           0 :         ereport(PANIC,
    4481             :                 (errcode_for_file_access(),
    4482             :                  errmsg("could not open file \"%s\": %m",
    4483             :                         XLOG_CONTROL_FILE)));
    4484             : 
    4485        1964 :     pgstat_report_wait_start(WAIT_EVENT_CONTROL_FILE_READ);
    4486        1964 :     r = read(fd, ControlFile, sizeof(ControlFileData));
    4487        1964 :     if (r != sizeof(ControlFileData))
    4488             :     {
    4489           0 :         if (r < 0)
    4490           0 :             ereport(PANIC,
    4491             :                     (errcode_for_file_access(),
    4492             :                      errmsg("could not read file \"%s\": %m",
    4493             :                             XLOG_CONTROL_FILE)));
    4494             :         else
    4495           0 :             ereport(PANIC,
    4496             :                     (errcode(ERRCODE_DATA_CORRUPTED),
    4497             :                      errmsg("could not read file \"%s\": read %d of %zu",
    4498             :                             XLOG_CONTROL_FILE, r, sizeof(ControlFileData))));
    4499             :     }
    4500        1964 :     pgstat_report_wait_end();
    4501             : 
    4502        1964 :     close(fd);
    4503             : 
    4504             :     /*
    4505             :      * Check for expected pg_control format version.  If this is wrong, the
    4506             :      * CRC check will likely fail because we'll be checking the wrong number
    4507             :      * of bytes.  Complaining about wrong version will probably be more
    4508             :      * enlightening than complaining about wrong CRC.
    4509             :      */
    4510             : 
    4511        1964 :     if (ControlFile->pg_control_version != PG_CONTROL_VERSION && ControlFile->pg_control_version % 65536 == 0 && ControlFile->pg_control_version / 65536 != 0)
    4512           0 :         ereport(FATAL,
    4513             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4514             :                  errmsg("database files are incompatible with server"),
    4515             :                  errdetail("The database cluster was initialized with PG_CONTROL_VERSION %d (0x%08x),"
    4516             :                            " but the server was compiled with PG_CONTROL_VERSION %d (0x%08x).",
    4517             :                            ControlFile->pg_control_version, ControlFile->pg_control_version,
    4518             :                            PG_CONTROL_VERSION, PG_CONTROL_VERSION),
    4519             :                  errhint("This could be a problem of mismatched byte ordering.  It looks like you need to initdb.")));
    4520             : 
    4521        1964 :     if (ControlFile->pg_control_version != PG_CONTROL_VERSION)
    4522           0 :         ereport(FATAL,
    4523             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4524             :                  errmsg("database files are incompatible with server"),
    4525             :                  errdetail("The database cluster was initialized with PG_CONTROL_VERSION %d,"
    4526             :                            " but the server was compiled with PG_CONTROL_VERSION %d.",
    4527             :                            ControlFile->pg_control_version, PG_CONTROL_VERSION),
    4528             :                  errhint("It looks like you need to initdb.")));
    4529             : 
    4530             :     /* Now check the CRC. */
    4531        1964 :     INIT_CRC32C(crc);
    4532        1964 :     COMP_CRC32C(crc,
    4533             :                 ControlFile,
    4534             :                 offsetof(ControlFileData, crc));
    4535        1964 :     FIN_CRC32C(crc);
    4536             : 
    4537        1964 :     if (!EQ_CRC32C(crc, ControlFile->crc))
    4538           0 :         ereport(FATAL,
    4539             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4540             :                  errmsg("incorrect checksum in control file")));
    4541             : 
    4542             :     /*
    4543             :      * Do compatibility checking immediately.  If the database isn't
    4544             :      * compatible with the backend executable, we want to abort before we can
    4545             :      * possibly do any damage.
    4546             :      */
    4547        1964 :     if (ControlFile->catalog_version_no != CATALOG_VERSION_NO)
    4548           0 :         ereport(FATAL,
    4549             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4550             :                  errmsg("database files are incompatible with server"),
    4551             :         /* translator: %s is a variable name and %d is its value */
    4552             :                  errdetail("The database cluster was initialized with %s %d,"
    4553             :                            " but the server was compiled with %s %d.",
    4554             :                            "CATALOG_VERSION_NO", ControlFile->catalog_version_no,
    4555             :                            "CATALOG_VERSION_NO", CATALOG_VERSION_NO),
    4556             :                  errhint("It looks like you need to initdb.")));
    4557        1964 :     if (ControlFile->maxAlign != MAXIMUM_ALIGNOF)
    4558           0 :         ereport(FATAL,
    4559             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4560             :                  errmsg("database files are incompatible with server"),
    4561             :         /* translator: %s is a variable name and %d is its value */
    4562             :                  errdetail("The database cluster was initialized with %s %d,"
    4563             :                            " but the server was compiled with %s %d.",
    4564             :                            "MAXALIGN", ControlFile->maxAlign,
    4565             :                            "MAXALIGN", MAXIMUM_ALIGNOF),
    4566             :                  errhint("It looks like you need to initdb.")));
    4567        1964 :     if (ControlFile->floatFormat != FLOATFORMAT_VALUE)
    4568           0 :         ereport(FATAL,
    4569             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4570             :                  errmsg("database files are incompatible with server"),
    4571             :                  errdetail("The database cluster appears to use a different floating-point number format than the server executable."),
    4572             :                  errhint("It looks like you need to initdb.")));
    4573        1964 :     if (ControlFile->blcksz != BLCKSZ)
    4574           0 :         ereport(FATAL,
    4575             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4576             :                  errmsg("database files are incompatible with server"),
    4577             :         /* translator: %s is a variable name and %d is its value */
    4578             :                  errdetail("The database cluster was initialized with %s %d,"
    4579             :                            " but the server was compiled with %s %d.",
    4580             :                            "BLCKSZ", ControlFile->blcksz,
    4581             :                            "BLCKSZ", BLCKSZ),
    4582             :                  errhint("It looks like you need to recompile or initdb.")));
    4583        1964 :     if (ControlFile->relseg_size != RELSEG_SIZE)
    4584           0 :         ereport(FATAL,
    4585             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4586             :                  errmsg("database files are incompatible with server"),
    4587             :         /* translator: %s is a variable name and %d is its value */
    4588             :                  errdetail("The database cluster was initialized with %s %d,"
    4589             :                            " but the server was compiled with %s %d.",
    4590             :                            "RELSEG_SIZE", ControlFile->relseg_size,
    4591             :                            "RELSEG_SIZE", RELSEG_SIZE),
    4592             :                  errhint("It looks like you need to recompile or initdb.")));
    4593        1964 :     if (ControlFile->xlog_blcksz != XLOG_BLCKSZ)
    4594           0 :         ereport(FATAL,
    4595             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4596             :                  errmsg("database files are incompatible with server"),
    4597             :         /* translator: %s is a variable name and %d is its value */
    4598             :                  errdetail("The database cluster was initialized with %s %d,"
    4599             :                            " but the server was compiled with %s %d.",
    4600             :                            "XLOG_BLCKSZ", ControlFile->xlog_blcksz,
    4601             :                            "XLOG_BLCKSZ", XLOG_BLCKSZ),
    4602             :                  errhint("It looks like you need to recompile or initdb.")));
    4603        1964 :     if (ControlFile->nameDataLen != NAMEDATALEN)
    4604           0 :         ereport(FATAL,
    4605             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4606             :                  errmsg("database files are incompatible with server"),
    4607             :         /* translator: %s is a variable name and %d is its value */
    4608             :                  errdetail("The database cluster was initialized with %s %d,"
    4609             :                            " but the server was compiled with %s %d.",
    4610             :                            "NAMEDATALEN", ControlFile->nameDataLen,
    4611             :                            "NAMEDATALEN", NAMEDATALEN),
    4612             :                  errhint("It looks like you need to recompile or initdb.")));
    4613        1964 :     if (ControlFile->indexMaxKeys != INDEX_MAX_KEYS)
    4614           0 :         ereport(FATAL,
    4615             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4616             :                  errmsg("database files are incompatible with server"),
    4617             :         /* translator: %s is a variable name and %d is its value */
    4618             :                  errdetail("The database cluster was initialized with %s %d,"
    4619             :                            " but the server was compiled with %s %d.",
    4620             :                            "INDEX_MAX_KEYS", ControlFile->indexMaxKeys,
    4621             :                            "INDEX_MAX_KEYS", INDEX_MAX_KEYS),
    4622             :                  errhint("It looks like you need to recompile or initdb.")));
    4623        1964 :     if (ControlFile->toast_max_chunk_size != TOAST_MAX_CHUNK_SIZE)
    4624           0 :         ereport(FATAL,
    4625             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4626             :                  errmsg("database files are incompatible with server"),
    4627             :         /* translator: %s is a variable name and %d is its value */
    4628             :                  errdetail("The database cluster was initialized with %s %d,"
    4629             :                            " but the server was compiled with %s %d.",
    4630             :                            "TOAST_MAX_CHUNK_SIZE", ControlFile->toast_max_chunk_size,
    4631             :                            "TOAST_MAX_CHUNK_SIZE", (int) TOAST_MAX_CHUNK_SIZE),
    4632             :                  errhint("It looks like you need to recompile or initdb.")));
    4633        1964 :     if (ControlFile->loblksize != LOBLKSIZE)
    4634           0 :         ereport(FATAL,
    4635             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4636             :                  errmsg("database files are incompatible with server"),
    4637             :         /* translator: %s is a variable name and %d is its value */
    4638             :                  errdetail("The database cluster was initialized with %s %d,"
    4639             :                            " but the server was compiled with %s %d.",
    4640             :                            "LOBLKSIZE", ControlFile->loblksize,
    4641             :                            "LOBLKSIZE", (int) LOBLKSIZE),
    4642             :                  errhint("It looks like you need to recompile or initdb.")));
    4643             : 
    4644             : #ifdef USE_FLOAT8_BYVAL
    4645        1964 :     if (ControlFile->float8ByVal != true)
    4646           0 :         ereport(FATAL,
    4647             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4648             :                  errmsg("database files are incompatible with server"),
    4649             :                  errdetail("The database cluster was initialized without USE_FLOAT8_BYVAL"
    4650             :                            " but the server was compiled with USE_FLOAT8_BYVAL."),
    4651             :                  errhint("It looks like you need to recompile or initdb.")));
    4652             : #else
    4653             :     if (ControlFile->float8ByVal != false)
    4654             :         ereport(FATAL,
    4655             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4656             :                  errmsg("database files are incompatible with server"),
    4657             :                  errdetail("The database cluster was initialized with USE_FLOAT8_BYVAL"
    4658             :                            " but the server was compiled without USE_FLOAT8_BYVAL."),
    4659             :                  errhint("It looks like you need to recompile or initdb.")));
    4660             : #endif
    4661             : 
    4662        1964 :     wal_segment_size = ControlFile->xlog_seg_size;
    4663             : 
    4664        1964 :     if (!IsValidWalSegSize(wal_segment_size))
    4665           0 :         ereport(ERROR, (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    4666             :                         errmsg_plural("invalid WAL segment size in control file (%d byte)",
    4667             :                                       "invalid WAL segment size in control file (%d bytes)",
    4668             :                                       wal_segment_size,
    4669             :                                       wal_segment_size),
    4670             :                         errdetail("The WAL segment size must be a power of two between 1 MB and 1 GB.")));
    4671             : 
    4672        1964 :     snprintf(wal_segsz_str, sizeof(wal_segsz_str), "%d", wal_segment_size);
    4673        1964 :     SetConfigOption("wal_segment_size", wal_segsz_str, PGC_INTERNAL,
    4674             :                     PGC_S_DYNAMIC_DEFAULT);
    4675             : 
    4676             :     /* check and update variables dependent on wal_segment_size */
    4677        1964 :     if (ConvertToXSegs(min_wal_size_mb, wal_segment_size) < 2)
    4678           0 :         ereport(ERROR, (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    4679             :         /* translator: both %s are GUC names */
    4680             :                         errmsg("\"%s\" must be at least twice \"%s\"",
    4681             :                                "min_wal_size", "wal_segment_size")));
    4682             : 
    4683        1964 :     if (ConvertToXSegs(max_wal_size_mb, wal_segment_size) < 2)
    4684           0 :         ereport(ERROR, (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    4685             :         /* translator: both %s are GUC names */
    4686             :                         errmsg("\"%s\" must be at least twice \"%s\"",
    4687             :                                "max_wal_size", "wal_segment_size")));
    4688             : 
    4689        1964 :     UsableBytesInSegment =
    4690        1964 :         (wal_segment_size / XLOG_BLCKSZ * UsableBytesInPage) -
    4691             :         (SizeOfXLogLongPHD - SizeOfXLogShortPHD);
    4692             : 
    4693        1964 :     CalculateCheckpointSegments();
    4694             : 
    4695             :     /* Make the initdb settings visible as GUC variables, too */
    4696        1964 :     SetConfigOption("data_checksums", DataChecksumsEnabled() ? "yes" : "no",
    4697             :                     PGC_INTERNAL, PGC_S_DYNAMIC_DEFAULT);
    4698        1964 : }
    4699             : 
    4700             : /*
    4701             :  * Utility wrapper to update the control file.  Note that the control
    4702             :  * file gets flushed.
    4703             :  */
    4704             : static void
    4705       17882 : UpdateControlFile(void)
    4706             : {
    4707       17882 :     update_controlfile(DataDir, ControlFile, true);
    4708       17882 : }
    4709             : 
    4710             : /*
    4711             :  * Returns the unique system identifier from control file.
    4712             :  */
    4713             : uint64
    4714        2740 : GetSystemIdentifier(void)
    4715             : {
    4716             :     Assert(ControlFile != NULL);
    4717        2740 :     return ControlFile->system_identifier;
    4718             : }
    4719             : 
    4720             : /*
    4721             :  * Returns the random nonce from control file.
    4722             :  */
    4723             : char *
    4724           2 : GetMockAuthenticationNonce(void)
    4725             : {
    4726             :     Assert(ControlFile != NULL);
    4727           2 :     return ControlFile->mock_authentication_nonce;
    4728             : }
    4729             : 
    4730             : /*
    4731             :  * Are checksums enabled for data pages?
    4732             :  */
    4733             : bool
    4734    20089760 : DataChecksumsEnabled(void)
    4735             : {
    4736             :     Assert(ControlFile != NULL);
    4737    20089760 :     return (ControlFile->data_checksum_version > 0);
    4738             : }
    4739             : 
    4740             : /*
    4741             :  * Return true if the cluster was initialized on a platform where the
    4742             :  * default signedness of char is "signed". This function exists for code
    4743             :  * that deals with pre-v18 data files that store data sorted by the 'char'
    4744             :  * type on disk (e.g., GIN and GiST indexes). See the comments in
    4745             :  * WriteControlFile() for details.
    4746             :  */
    4747             : bool
    4748           6 : GetDefaultCharSignedness(void)
    4749             : {
    4750           6 :     return ControlFile->default_char_signedness;
    4751             : }
    4752             : 
    4753             : /*
    4754             :  * Returns a fake LSN for unlogged relations.
    4755             :  *
    4756             :  * Each call generates an LSN that is greater than any previous value
    4757             :  * returned. The current counter value is saved and restored across clean
    4758             :  * shutdowns, but like unlogged relations, does not survive a crash. This can
    4759             :  * be used in lieu of real LSN values returned by XLogInsert, if you need an
    4760             :  * LSN-like increasing sequence of numbers without writing any WAL.
    4761             :  */
    4762             : XLogRecPtr
    4763          66 : GetFakeLSNForUnloggedRel(void)
    4764             : {
    4765          66 :     return pg_atomic_fetch_add_u64(&XLogCtl->unloggedLSN, 1);
    4766             : }
    4767             : 
    4768             : /*
    4769             :  * Auto-tune the number of XLOG buffers.
    4770             :  *
    4771             :  * The preferred setting for wal_buffers is about 3% of shared_buffers, with
    4772             :  * a maximum of one XLOG segment (there is little reason to think that more
    4773             :  * is helpful, at least so long as we force an fsync when switching log files)
    4774             :  * and a minimum of 8 blocks (which was the default value prior to PostgreSQL
    4775             :  * 9.1, when auto-tuning was added).
    4776             :  *
    4777             :  * This should not be called until NBuffers has received its final value.
    4778             :  */
    4779             : static int
    4780        2148 : XLOGChooseNumBuffers(void)
    4781             : {
    4782             :     int         xbuffers;
    4783             : 
    4784        2148 :     xbuffers = NBuffers / 32;
    4785        2148 :     if (xbuffers > (wal_segment_size / XLOG_BLCKSZ))
    4786          54 :         xbuffers = (wal_segment_size / XLOG_BLCKSZ);
    4787        2148 :     if (xbuffers < 8)
    4788         818 :         xbuffers = 8;
    4789        2148 :     return xbuffers;
    4790             : }
    4791             : 
    4792             : /*
    4793             :  * GUC check_hook for wal_buffers
    4794             :  */
    4795             : bool
    4796        4374 : check_wal_buffers(int *newval, void **extra, GucSource source)
    4797             : {
    4798             :     /*
    4799             :      * -1 indicates a request for auto-tune.
    4800             :      */
    4801        4374 :     if (*newval == -1)
    4802             :     {
    4803             :         /*
    4804             :          * If we haven't yet changed the boot_val default of -1, just let it
    4805             :          * be.  We'll fix it when XLOGShmemSize is called.
    4806             :          */
    4807        2226 :         if (XLOGbuffers == -1)
    4808        2226 :             return true;
    4809             : 
    4810             :         /* Otherwise, substitute the auto-tune value */
    4811           0 :         *newval = XLOGChooseNumBuffers();
    4812             :     }
    4813             : 
    4814             :     /*
    4815             :      * We clamp manually-set values to at least 4 blocks.  Prior to PostgreSQL
    4816             :      * 9.1, a minimum of 4 was enforced by guc.c, but since that is no longer
    4817             :      * the case, we just silently treat such values as a request for the
    4818             :      * minimum.  (We could throw an error instead, but that doesn't seem very
    4819             :      * helpful.)
    4820             :      */
    4821        2148 :     if (*newval < 4)
    4822           0 :         *newval = 4;
    4823             : 
    4824        2148 :     return true;
    4825             : }
    4826             : 
    4827             : /*
    4828             :  * GUC check_hook for wal_consistency_checking
    4829             :  */
    4830             : bool
    4831        4018 : check_wal_consistency_checking(char **newval, void **extra, GucSource source)
    4832             : {
    4833             :     char       *rawstring;
    4834             :     List       *elemlist;
    4835             :     ListCell   *l;
    4836             :     bool        newwalconsistency[RM_MAX_ID + 1];
    4837             : 
    4838             :     /* Initialize the array */
    4839      132594 :     MemSet(newwalconsistency, 0, (RM_MAX_ID + 1) * sizeof(bool));
    4840             : 
    4841             :     /* Need a modifiable copy of string */
    4842        4018 :     rawstring = pstrdup(*newval);
    4843             : 
    4844             :     /* Parse string into list of identifiers */
    4845        4018 :     if (!SplitIdentifierString(rawstring, ',', &elemlist))
    4846             :     {
    4847             :         /* syntax error in list */
    4848           0 :         GUC_check_errdetail("List syntax is invalid.");
    4849           0 :         pfree(rawstring);
    4850           0 :         list_free(elemlist);
    4851           0 :         return false;
    4852             :     }
    4853             : 
    4854        4920 :     foreach(l, elemlist)
    4855             :     {
    4856         902 :         char       *tok = (char *) lfirst(l);
    4857             :         int         rmid;
    4858             : 
    4859             :         /* Check for 'all'. */
    4860         902 :         if (pg_strcasecmp(tok, "all") == 0)
    4861             :         {
    4862      230786 :             for (rmid = 0; rmid <= RM_MAX_ID; rmid++)
    4863      229888 :                 if (RmgrIdExists(rmid) && GetRmgr(rmid).rm_mask != NULL)
    4864        8980 :                     newwalconsistency[rmid] = true;
    4865             :         }
    4866             :         else
    4867             :         {
    4868             :             /* Check if the token matches any known resource manager. */
    4869           4 :             bool        found = false;
    4870             : 
    4871          72 :             for (rmid = 0; rmid <= RM_MAX_ID; rmid++)
    4872             :             {
    4873         108 :                 if (RmgrIdExists(rmid) && GetRmgr(rmid).rm_mask != NULL &&
    4874          36 :                     pg_strcasecmp(tok, GetRmgr(rmid).rm_name) == 0)
    4875             :                 {
    4876           4 :                     newwalconsistency[rmid] = true;
    4877           4 :                     found = true;
    4878           4 :                     break;
    4879             :                 }
    4880             :             }
    4881           4 :             if (!found)
    4882             :             {
    4883             :                 /*
    4884             :                  * During startup, it might be a not-yet-loaded custom
    4885             :                  * resource manager.  Defer checking until
    4886             :                  * InitializeWalConsistencyChecking().
    4887             :                  */
    4888           0 :                 if (!process_shared_preload_libraries_done)
    4889             :                 {
    4890           0 :                     check_wal_consistency_checking_deferred = true;
    4891             :                 }
    4892             :                 else
    4893             :                 {
    4894           0 :                     GUC_check_errdetail("Unrecognized key word: \"%s\".", tok);
    4895           0 :                     pfree(rawstring);
    4896           0 :                     list_free(elemlist);
    4897           0 :                     return false;
    4898             :                 }
    4899             :             }
    4900             :         }
    4901             :     }
    4902             : 
    4903        4018 :     pfree(rawstring);
    4904        4018 :     list_free(elemlist);
    4905             : 
    4906             :     /* assign new value */
    4907        4018 :     *extra = guc_malloc(LOG, (RM_MAX_ID + 1) * sizeof(bool));
    4908        4018 :     if (!*extra)
    4909           0 :         return false;
    4910        4018 :     memcpy(*extra, newwalconsistency, (RM_MAX_ID + 1) * sizeof(bool));
    4911        4018 :     return true;
    4912             : }
    4913             : 
    4914             : /*
    4915             :  * GUC assign_hook for wal_consistency_checking
    4916             :  */
    4917             : void
    4918        4016 : assign_wal_consistency_checking(const char *newval, void *extra)
    4919             : {
    4920             :     /*
    4921             :      * If some checks were deferred, it's possible that the checks will fail
    4922             :      * later during InitializeWalConsistencyChecking(). But in that case, the
    4923             :      * postmaster will exit anyway, so it's safe to proceed with the
    4924             :      * assignment.
    4925             :      *
    4926             :      * Any built-in resource managers specified are assigned immediately,
    4927             :      * which affects WAL created before shared_preload_libraries are
    4928             :      * processed. Any custom resource managers specified won't be assigned
    4929             :      * until after shared_preload_libraries are processed, but that's OK
    4930             :      * because WAL for a custom resource manager can't be written before the
    4931             :      * module is loaded anyway.
    4932             :      */
    4933        4016 :     wal_consistency_checking = extra;
    4934        4016 : }
    4935             : 
    4936             : /*
    4937             :  * InitializeWalConsistencyChecking: run after loading custom resource managers
    4938             :  *
    4939             :  * If any unknown resource managers were specified in the
    4940             :  * wal_consistency_checking GUC, processing was deferred.  Now that
    4941             :  * shared_preload_libraries have been loaded, process wal_consistency_checking
    4942             :  * again.
    4943             :  */
    4944             : void
    4945        1842 : InitializeWalConsistencyChecking(void)
    4946             : {
    4947             :     Assert(process_shared_preload_libraries_done);
    4948             : 
    4949        1842 :     if (check_wal_consistency_checking_deferred)
    4950             :     {
    4951             :         struct config_generic *guc;
    4952             : 
    4953           0 :         guc = find_option("wal_consistency_checking", false, false, ERROR);
    4954             : 
    4955           0 :         check_wal_consistency_checking_deferred = false;
    4956             : 
    4957           0 :         set_config_option_ext("wal_consistency_checking",
    4958             :                               wal_consistency_checking_string,
    4959             :                               guc->scontext, guc->source, guc->srole,
    4960             :                               GUC_ACTION_SET, true, ERROR, false);
    4961             : 
    4962             :         /* checking should not be deferred again */
    4963             :         Assert(!check_wal_consistency_checking_deferred);
    4964             :     }
    4965        1842 : }
    4966             : 
    4967             : /*
    4968             :  * GUC show_hook for archive_command
    4969             :  */
    4970             : const char *
    4971        3566 : show_archive_command(void)
    4972             : {
    4973        3566 :     if (XLogArchivingActive())
    4974           4 :         return XLogArchiveCommand;
    4975             :     else
    4976        3562 :         return "(disabled)";
    4977             : }
    4978             : 
    4979             : /*
    4980             :  * GUC show_hook for in_hot_standby
    4981             :  */
    4982             : const char *
    4983       29816 : show_in_hot_standby(void)
    4984             : {
    4985             :     /*
    4986             :      * We display the actual state based on shared memory, so that this GUC
    4987             :      * reports up-to-date state if examined intra-query.  The underlying
    4988             :      * variable (in_hot_standby_guc) changes only when we transmit a new value
    4989             :      * to the client.
    4990             :      */
    4991       29816 :     return RecoveryInProgress() ? "on" : "off";
    4992             : }
    4993             : 
    4994             : /*
    4995             :  * Read the control file, set respective GUCs.
    4996             :  *
    4997             :  * This is to be called during startup, including a crash recovery cycle,
    4998             :  * unless in bootstrap mode, where no control file yet exists.  As there's no
    4999             :  * usable shared memory yet (its sizing can depend on the contents of the
    5000             :  * control file!), first store the contents in local memory. XLOGShmemInit()
    5001             :  * will then copy it to shared memory later.
    5002             :  *
    5003             :  * reset just controls whether previous contents are to be expected (in the
    5004             :  * reset case, there's a dangling pointer into old shared memory), or not.
    5005             :  */
    5006             : void
    5007        1862 : LocalProcessControlFile(bool reset)
    5008             : {
    5009             :     Assert(reset || ControlFile == NULL);
    5010        1862 :     ControlFile = palloc(sizeof(ControlFileData));
    5011        1862 :     ReadControlFile();
    5012        1862 : }
    5013             : 
    5014             : /*
    5015             :  * Get the wal_level from the control file. For a standby, this value should be
    5016             :  * considered as its active wal_level, because it may be different from what
    5017             :  * was originally configured on standby.
    5018             :  */
    5019             : WalLevel
    5020         138 : GetActiveWalLevelOnStandby(void)
    5021             : {
    5022         138 :     return ControlFile->wal_level;
    5023             : }
    5024             : 
    5025             : /*
    5026             :  * Initialization of shared memory for XLOG
    5027             :  */
    5028             : Size
    5029        6150 : XLOGShmemSize(void)
    5030             : {
    5031             :     Size        size;
    5032             : 
    5033             :     /*
    5034             :      * If the value of wal_buffers is -1, use the preferred auto-tune value.
    5035             :      * This isn't an amazingly clean place to do this, but we must wait till
    5036             :      * NBuffers has received its final value, and must do it before using the
    5037             :      * value of XLOGbuffers to do anything important.
    5038             :      *
    5039             :      * We prefer to report this value's source as PGC_S_DYNAMIC_DEFAULT.
    5040             :      * However, if the DBA explicitly set wal_buffers = -1 in the config file,
    5041             :      * then PGC_S_DYNAMIC_DEFAULT will fail to override that and we must force
    5042             :      * the matter with PGC_S_OVERRIDE.
    5043             :      */
    5044        6150 :     if (XLOGbuffers == -1)
    5045             :     {
    5046             :         char        buf[32];
    5047             : 
    5048        2148 :         snprintf(buf, sizeof(buf), "%d", XLOGChooseNumBuffers());
    5049        2148 :         SetConfigOption("wal_buffers", buf, PGC_POSTMASTER,
    5050             :                         PGC_S_DYNAMIC_DEFAULT);
    5051        2148 :         if (XLOGbuffers == -1)  /* failed to apply it? */
    5052           0 :             SetConfigOption("wal_buffers", buf, PGC_POSTMASTER,
    5053             :                             PGC_S_OVERRIDE);
    5054             :     }
    5055             :     Assert(XLOGbuffers > 0);
    5056             : 
    5057             :     /* XLogCtl */
    5058        6150 :     size = sizeof(XLogCtlData);
    5059             : 
    5060             :     /* WAL insertion locks, plus alignment */
    5061        6150 :     size = add_size(size, mul_size(sizeof(WALInsertLockPadded), NUM_XLOGINSERT_LOCKS + 1));
    5062             :     /* xlblocks array */
    5063        6150 :     size = add_size(size, mul_size(sizeof(pg_atomic_uint64), XLOGbuffers));
    5064             :     /* extra alignment padding for XLOG I/O buffers */
    5065        6150 :     size = add_size(size, Max(XLOG_BLCKSZ, PG_IO_ALIGN_SIZE));
    5066             :     /* and the buffers themselves */
    5067        6150 :     size = add_size(size, mul_size(XLOG_BLCKSZ, XLOGbuffers));
    5068             : 
    5069             :     /*
    5070             :      * Note: we don't count ControlFileData, it comes out of the "slop factor"
    5071             :      * added by CreateSharedMemoryAndSemaphores.  This lets us use this
    5072             :      * routine again below to compute the actual allocation size.
    5073             :      */
    5074             : 
    5075        6150 :     return size;
    5076             : }
    5077             : 
    5078             : void
    5079        2152 : XLOGShmemInit(void)
    5080             : {
    5081             :     bool        foundCFile,
    5082             :                 foundXLog;
    5083             :     char       *allocptr;
    5084             :     int         i;
    5085             :     ControlFileData *localControlFile;
    5086             : 
    5087             : #ifdef WAL_DEBUG
    5088             : 
    5089             :     /*
    5090             :      * Create a memory context for WAL debugging that's exempt from the normal
    5091             :      * "no pallocs in critical section" rule. Yes, that can lead to a PANIC if
    5092             :      * an allocation fails, but wal_debug is not for production use anyway.
    5093             :      */
    5094             :     if (walDebugCxt == NULL)
    5095             :     {
    5096             :         walDebugCxt = AllocSetContextCreate(TopMemoryContext,
    5097             :                                             "WAL Debug",
    5098             :                                             ALLOCSET_DEFAULT_SIZES);
    5099             :         MemoryContextAllowInCriticalSection(walDebugCxt, true);
    5100             :     }
    5101             : #endif
    5102             : 
    5103             : 
    5104        2152 :     XLogCtl = (XLogCtlData *)
    5105        2152 :         ShmemInitStruct("XLOG Ctl", XLOGShmemSize(), &foundXLog);
    5106             : 
    5107        2152 :     localControlFile = ControlFile;
    5108        2152 :     ControlFile = (ControlFileData *)
    5109        2152 :         ShmemInitStruct("Control File", sizeof(ControlFileData), &foundCFile);
    5110             : 
    5111        2152 :     if (foundCFile || foundXLog)
    5112             :     {
    5113             :         /* both should be present or neither */
    5114             :         Assert(foundCFile && foundXLog);
    5115             : 
    5116             :         /* Initialize local copy of WALInsertLocks */
    5117           0 :         WALInsertLocks = XLogCtl->Insert.WALInsertLocks;
    5118             : 
    5119           0 :         if (localControlFile)
    5120           0 :             pfree(localControlFile);
    5121           0 :         return;
    5122             :     }
    5123        2152 :     memset(XLogCtl, 0, sizeof(XLogCtlData));
    5124             : 
    5125             :     /*
    5126             :      * Already have read control file locally, unless in bootstrap mode. Move
    5127             :      * contents into shared memory.
    5128             :      */
    5129        2152 :     if (localControlFile)
    5130             :     {
    5131        1846 :         memcpy(ControlFile, localControlFile, sizeof(ControlFileData));
    5132        1846 :         pfree(localControlFile);
    5133             :     }
    5134             : 
    5135             :     /*
    5136             :      * Since XLogCtlData contains XLogRecPtr fields, its sizeof should be a
    5137             :      * multiple of the alignment for same, so no extra alignment padding is
    5138             :      * needed here.
    5139             :      */
    5140        2152 :     allocptr = ((char *) XLogCtl) + sizeof(XLogCtlData);
    5141        2152 :     XLogCtl->xlblocks = (pg_atomic_uint64 *) allocptr;
    5142        2152 :     allocptr += sizeof(pg_atomic_uint64) * XLOGbuffers;
    5143             : 
    5144      618882 :     for (i = 0; i < XLOGbuffers; i++)
    5145             :     {
    5146      616730 :         pg_atomic_init_u64(&XLogCtl->xlblocks[i], InvalidXLogRecPtr);
    5147             :     }
    5148             : 
    5149             :     /* WAL insertion locks. Ensure they're aligned to the full padded size */
    5150        2152 :     allocptr += sizeof(WALInsertLockPadded) -
    5151        2152 :         ((uintptr_t) allocptr) % sizeof(WALInsertLockPadded);
    5152        2152 :     WALInsertLocks = XLogCtl->Insert.WALInsertLocks =
    5153             :         (WALInsertLockPadded *) allocptr;
    5154        2152 :     allocptr += sizeof(WALInsertLockPadded) * NUM_XLOGINSERT_LOCKS;
    5155             : 
    5156       19368 :     for (i = 0; i < NUM_XLOGINSERT_LOCKS; i++)
    5157             :     {
    5158       17216 :         LWLockInitialize(&WALInsertLocks[i].l.lock, LWTRANCHE_WAL_INSERT);
    5159       17216 :         pg_atomic_init_u64(&WALInsertLocks[i].l.insertingAt, InvalidXLogRecPtr);
    5160       17216 :         WALInsertLocks[i].l.lastImportantAt = InvalidXLogRecPtr;
    5161             :     }
    5162             : 
    5163             :     /*
    5164             :      * Align the start of the page buffers to a full xlog block size boundary.
    5165             :      * This simplifies some calculations in XLOG insertion. It is also
    5166             :      * required for O_DIRECT.
    5167             :      */
    5168        2152 :     allocptr = (char *) TYPEALIGN(XLOG_BLCKSZ, allocptr);
    5169        2152 :     XLogCtl->pages = allocptr;
    5170        2152 :     memset(XLogCtl->pages, 0, (Size) XLOG_BLCKSZ * XLOGbuffers);
    5171             : 
    5172             :     /*
    5173             :      * Do basic initialization of XLogCtl shared data. (StartupXLOG will fill
    5174             :      * in additional info.)
    5175             :      */
    5176        2152 :     XLogCtl->XLogCacheBlck = XLOGbuffers - 1;
    5177        2152 :     XLogCtl->SharedRecoveryState = RECOVERY_STATE_CRASH;
    5178        2152 :     XLogCtl->InstallXLogFileSegmentActive = false;
    5179        2152 :     XLogCtl->WalWriterSleeping = false;
    5180             : 
    5181        2152 :     SpinLockInit(&XLogCtl->Insert.insertpos_lck);
    5182        2152 :     SpinLockInit(&XLogCtl->info_lck);
    5183        2152 :     pg_atomic_init_u64(&XLogCtl->logInsertResult, InvalidXLogRecPtr);
    5184        2152 :     pg_atomic_init_u64(&XLogCtl->logWriteResult, InvalidXLogRecPtr);
    5185        2152 :     pg_atomic_init_u64(&XLogCtl->logFlushResult, InvalidXLogRecPtr);
    5186        2152 :     pg_atomic_init_u64(&XLogCtl->unloggedLSN, InvalidXLogRecPtr);
    5187             : 
    5188        2152 :     pg_atomic_init_u64(&XLogCtl->InitializeReserved, InvalidXLogRecPtr);
    5189        2152 :     pg_atomic_init_u64(&XLogCtl->InitializedUpTo, InvalidXLogRecPtr);
    5190        2152 :     ConditionVariableInit(&XLogCtl->InitializedUpToCondVar);
    5191             : }
    5192             : 
    5193             : /*
    5194             :  * This func must be called ONCE on system install.  It creates pg_control
    5195             :  * and the initial XLOG segment.
    5196             :  */
    5197             : void
    5198         102 : BootStrapXLOG(uint32 data_checksum_version)
    5199             : {
    5200             :     CheckPoint  checkPoint;
    5201             :     char       *buffer;
    5202             :     XLogPageHeader page;
    5203             :     XLogLongPageHeader longpage;
    5204             :     XLogRecord *record;
    5205             :     char       *recptr;
    5206             :     uint64      sysidentifier;
    5207             :     struct timeval tv;
    5208             :     pg_crc32c   crc;
    5209             : 
    5210             :     /* allow ordinary WAL segment creation, like StartupXLOG() would */
    5211         102 :     SetInstallXLogFileSegmentActive();
    5212             : 
    5213             :     /*
    5214             :      * Select a hopefully-unique system identifier code for this installation.
    5215             :      * We use the result of gettimeofday(), including the fractional seconds
    5216             :      * field, as being about as unique as we can easily get.  (Think not to
    5217             :      * use random(), since it hasn't been seeded and there's no portable way
    5218             :      * to seed it other than the system clock value...)  The upper half of the
    5219             :      * uint64 value is just the tv_sec part, while the lower half contains the
    5220             :      * tv_usec part (which must fit in 20 bits), plus 12 bits from our current
    5221             :      * PID for a little extra uniqueness.  A person knowing this encoding can
    5222             :      * determine the initialization time of the installation, which could
    5223             :      * perhaps be useful sometimes.
    5224             :      */
    5225         102 :     gettimeofday(&tv, NULL);
    5226         102 :     sysidentifier = ((uint64) tv.tv_sec) << 32;
    5227         102 :     sysidentifier |= ((uint64) tv.tv_usec) << 12;
    5228         102 :     sysidentifier |= getpid() & 0xFFF;
    5229             : 
    5230             :     /* page buffer must be aligned suitably for O_DIRECT */
    5231         102 :     buffer = (char *) palloc(XLOG_BLCKSZ + XLOG_BLCKSZ);
    5232         102 :     page = (XLogPageHeader) TYPEALIGN(XLOG_BLCKSZ, buffer);
    5233         102 :     memset(page, 0, XLOG_BLCKSZ);
    5234             : 
    5235             :     /*
    5236             :      * Set up information for the initial checkpoint record
    5237             :      *
    5238             :      * The initial checkpoint record is written to the beginning of the WAL
    5239             :      * segment with logid=0 logseg=1. The very first WAL segment, 0/0, is not
    5240             :      * used, so that we can use 0/0 to mean "before any valid WAL segment".
    5241             :      */
    5242         102 :     checkPoint.redo = wal_segment_size + SizeOfXLogLongPHD;
    5243         102 :     checkPoint.ThisTimeLineID = BootstrapTimeLineID;
    5244         102 :     checkPoint.PrevTimeLineID = BootstrapTimeLineID;
    5245         102 :     checkPoint.fullPageWrites = fullPageWrites;
    5246         102 :     checkPoint.wal_level = wal_level;
    5247             :     checkPoint.nextXid =
    5248         102 :         FullTransactionIdFromEpochAndXid(0, FirstNormalTransactionId);
    5249         102 :     checkPoint.nextOid = FirstGenbkiObjectId;
    5250         102 :     checkPoint.nextMulti = FirstMultiXactId;
    5251         102 :     checkPoint.nextMultiOffset = 0;
    5252         102 :     checkPoint.oldestXid = FirstNormalTransactionId;
    5253         102 :     checkPoint.oldestXidDB = Template1DbOid;
    5254         102 :     checkPoint.oldestMulti = FirstMultiXactId;
    5255         102 :     checkPoint.oldestMultiDB = Template1DbOid;
    5256         102 :     checkPoint.oldestCommitTsXid = InvalidTransactionId;
    5257         102 :     checkPoint.newestCommitTsXid = InvalidTransactionId;
    5258         102 :     checkPoint.time = (pg_time_t) time(NULL);
    5259         102 :     checkPoint.oldestActiveXid = InvalidTransactionId;
    5260             : 
    5261         102 :     TransamVariables->nextXid = checkPoint.nextXid;
    5262         102 :     TransamVariables->nextOid = checkPoint.nextOid;
    5263         102 :     TransamVariables->oidCount = 0;
    5264         102 :     MultiXactSetNextMXact(checkPoint.nextMulti, checkPoint.nextMultiOffset);
    5265         102 :     AdvanceOldestClogXid(checkPoint.oldestXid);
    5266         102 :     SetTransactionIdLimit(checkPoint.oldestXid, checkPoint.oldestXidDB);
    5267         102 :     SetMultiXactIdLimit(checkPoint.oldestMulti, checkPoint.oldestMultiDB, true);
    5268         102 :     SetCommitTsLimit(InvalidTransactionId, InvalidTransactionId);
    5269             : 
    5270             :     /* Set up the XLOG page header */
    5271         102 :     page->xlp_magic = XLOG_PAGE_MAGIC;
    5272         102 :     page->xlp_info = XLP_LONG_HEADER;
    5273         102 :     page->xlp_tli = BootstrapTimeLineID;
    5274         102 :     page->xlp_pageaddr = wal_segment_size;
    5275         102 :     longpage = (XLogLongPageHeader) page;
    5276         102 :     longpage->xlp_sysid = sysidentifier;
    5277         102 :     longpage->xlp_seg_size = wal_segment_size;
    5278         102 :     longpage->xlp_xlog_blcksz = XLOG_BLCKSZ;
    5279             : 
    5280             :     /* Insert the initial checkpoint record */
    5281         102 :     recptr = ((char *) page + SizeOfXLogLongPHD);
    5282         102 :     record = (XLogRecord *) recptr;
    5283         102 :     record->xl_prev = 0;
    5284         102 :     record->xl_xid = InvalidTransactionId;
    5285         102 :     record->xl_tot_len = SizeOfXLogRecord + SizeOfXLogRecordDataHeaderShort + sizeof(checkPoint);
    5286         102 :     record->xl_info = XLOG_CHECKPOINT_SHUTDOWN;
    5287         102 :     record->xl_rmid = RM_XLOG_ID;
    5288         102 :     recptr += SizeOfXLogRecord;
    5289             :     /* fill the XLogRecordDataHeaderShort struct */
    5290         102 :     *(recptr++) = (char) XLR_BLOCK_ID_DATA_SHORT;
    5291         102 :     *(recptr++) = sizeof(checkPoint);
    5292         102 :     memcpy(recptr, &checkPoint, sizeof(checkPoint));
    5293         102 :     recptr += sizeof(checkPoint);
    5294             :     Assert(recptr - (char *) record == record->xl_tot_len);
    5295             : 
    5296         102 :     INIT_CRC32C(crc);
    5297         102 :     COMP_CRC32C(crc, ((char *) record) + SizeOfXLogRecord, record->xl_tot_len - SizeOfXLogRecord);
    5298         102 :     COMP_CRC32C(crc, (char *) record, offsetof(XLogRecord, xl_crc));
    5299         102 :     FIN_CRC32C(crc);
    5300         102 :     record->xl_crc = crc;
    5301             : 
    5302             :     /* Create first XLOG segment file */
    5303         102 :     openLogTLI = BootstrapTimeLineID;
    5304         102 :     openLogFile = XLogFileInit(1, BootstrapTimeLineID);
    5305             : 
    5306             :     /*
    5307             :      * We needn't bother with Reserve/ReleaseExternalFD here, since we'll
    5308             :      * close the file again in a moment.
    5309             :      */
    5310             : 
    5311             :     /* Write the first page with the initial record */
    5312         102 :     errno = 0;
    5313         102 :     pgstat_report_wait_start(WAIT_EVENT_WAL_BOOTSTRAP_WRITE);
    5314         102 :     if (write(openLogFile, page, XLOG_BLCKSZ) != XLOG_BLCKSZ)
    5315             :     {
    5316             :         /* if write didn't set errno, assume problem is no disk space */
    5317           0 :         if (errno == 0)
    5318           0 :             errno = ENOSPC;
    5319           0 :         ereport(PANIC,
    5320             :                 (errcode_for_file_access(),
    5321             :                  errmsg("could not write bootstrap write-ahead log file: %m")));
    5322             :     }
    5323         102 :     pgstat_report_wait_end();
    5324             : 
    5325         102 :     pgstat_report_wait_start(WAIT_EVENT_WAL_BOOTSTRAP_SYNC);
    5326         102 :     if (pg_fsync(openLogFile) != 0)
    5327           0 :         ereport(PANIC,
    5328             :                 (errcode_for_file_access(),
    5329             :                  errmsg("could not fsync bootstrap write-ahead log file: %m")));
    5330         102 :     pgstat_report_wait_end();
    5331             : 
    5332         102 :     if (close(openLogFile) != 0)
    5333           0 :         ereport(PANIC,
    5334             :                 (errcode_for_file_access(),
    5335             :                  errmsg("could not close bootstrap write-ahead log file: %m")));
    5336             : 
    5337         102 :     openLogFile = -1;
    5338             : 
    5339             :     /* Now create pg_control */
    5340         102 :     InitControlFile(sysidentifier, data_checksum_version);
    5341         102 :     ControlFile->time = checkPoint.time;
    5342         102 :     ControlFile->checkPoint = checkPoint.redo;
    5343         102 :     ControlFile->checkPointCopy = checkPoint;
    5344             : 
    5345             :     /* some additional ControlFile fields are set in WriteControlFile() */
    5346         102 :     WriteControlFile();
    5347             : 
    5348             :     /* Bootstrap the commit log, too */
    5349         102 :     BootStrapCLOG();
    5350         102 :     BootStrapCommitTs();
    5351         102 :     BootStrapSUBTRANS();
    5352         102 :     BootStrapMultiXact();
    5353             : 
    5354         102 :     pfree(buffer);
    5355             : 
    5356             :     /*
    5357             :      * Force control file to be read - in contrast to normal processing we'd
    5358             :      * otherwise never run the checks and GUC related initializations therein.
    5359             :      */
    5360         102 :     ReadControlFile();
    5361         102 : }
    5362             : 
    5363             : static char *
    5364        1660 : str_time(pg_time_t tnow)
    5365             : {
    5366        1660 :     char       *buf = palloc(128);
    5367             : 
    5368        1660 :     pg_strftime(buf, 128,
    5369             :                 "%Y-%m-%d %H:%M:%S %Z",
    5370        1660 :                 pg_localtime(&tnow, log_timezone));
    5371             : 
    5372        1660 :     return buf;
    5373             : }
    5374             : 
    5375             : /*
    5376             :  * Initialize the first WAL segment on new timeline.
    5377             :  */
    5378             : static void
    5379          96 : XLogInitNewTimeline(TimeLineID endTLI, XLogRecPtr endOfLog, TimeLineID newTLI)
    5380             : {
    5381             :     char        xlogfname[MAXFNAMELEN];
    5382             :     XLogSegNo   endLogSegNo;
    5383             :     XLogSegNo   startLogSegNo;
    5384             : 
    5385             :     /* we always switch to a new timeline after archive recovery */
    5386             :     Assert(endTLI != newTLI);
    5387             : 
    5388             :     /*
    5389             :      * Update min recovery point one last time.
    5390             :      */
    5391          96 :     UpdateMinRecoveryPoint(InvalidXLogRecPtr, true);
    5392             : 
    5393             :     /*
    5394             :      * Calculate the last segment on the old timeline, and the first segment
    5395             :      * on the new timeline. If the switch happens in the middle of a segment,
    5396             :      * they are the same, but if the switch happens exactly at a segment
    5397             :      * boundary, startLogSegNo will be endLogSegNo + 1.
    5398             :      */
    5399          96 :     XLByteToPrevSeg(endOfLog, endLogSegNo, wal_segment_size);
    5400          96 :     XLByteToSeg(endOfLog, startLogSegNo, wal_segment_size);
    5401             : 
    5402             :     /*
    5403             :      * Initialize the starting WAL segment for the new timeline. If the switch
    5404             :      * happens in the middle of a segment, copy data from the last WAL segment
    5405             :      * of the old timeline up to the switch point, to the starting WAL segment
    5406             :      * on the new timeline.
    5407             :      */
    5408          96 :     if (endLogSegNo == startLogSegNo)
    5409             :     {
    5410             :         /*
    5411             :          * Make a copy of the file on the new timeline.
    5412             :          *
    5413             :          * Writing WAL isn't allowed yet, so there are no locking
    5414             :          * considerations. But we should be just as tense as XLogFileInit to
    5415             :          * avoid emplacing a bogus file.
    5416             :          */
    5417          74 :         XLogFileCopy(newTLI, endLogSegNo, endTLI, endLogSegNo,
    5418          74 :                      XLogSegmentOffset(endOfLog, wal_segment_size));
    5419             :     }
    5420             :     else
    5421             :     {
    5422             :         /*
    5423             :          * The switch happened at a segment boundary, so just create the next
    5424             :          * segment on the new timeline.
    5425             :          */
    5426             :         int         fd;
    5427             : 
    5428          22 :         fd = XLogFileInit(startLogSegNo, newTLI);
    5429             : 
    5430          22 :         if (close(fd) != 0)
    5431             :         {
    5432           0 :             int         save_errno = errno;
    5433             : 
    5434           0 :             XLogFileName(xlogfname, newTLI, startLogSegNo, wal_segment_size);
    5435           0 :             errno = save_errno;
    5436           0 :             ereport(ERROR,
    5437             :                     (errcode_for_file_access(),
    5438             :                      errmsg("could not close file \"%s\": %m", xlogfname)));
    5439             :         }
    5440             :     }
    5441             : 
    5442             :     /*
    5443             :      * Let's just make real sure there are not .ready or .done flags posted
    5444             :      * for the new segment.
    5445             :      */
    5446          96 :     XLogFileName(xlogfname, newTLI, startLogSegNo, wal_segment_size);
    5447          96 :     XLogArchiveCleanup(xlogfname);
    5448          96 : }
    5449             : 
    5450             : /*
    5451             :  * Perform cleanup actions at the conclusion of archive recovery.
    5452             :  */
    5453             : static void
    5454          96 : CleanupAfterArchiveRecovery(TimeLineID EndOfLogTLI, XLogRecPtr EndOfLog,
    5455             :                             TimeLineID newTLI)
    5456             : {
    5457             :     /*
    5458             :      * Execute the recovery_end_command, if any.
    5459             :      */
    5460          96 :     if (recoveryEndCommand && strcmp(recoveryEndCommand, "") != 0)
    5461           4 :         ExecuteRecoveryCommand(recoveryEndCommand,
    5462             :                                "recovery_end_command",
    5463             :                                true,
    5464             :                                WAIT_EVENT_RECOVERY_END_COMMAND);
    5465             : 
    5466             :     /*
    5467             :      * We switched to a new timeline. Clean up segments on the old timeline.
    5468             :      *
    5469             :      * If there are any higher-numbered segments on the old timeline, remove
    5470             :      * them. They might contain valid WAL, but they might also be
    5471             :      * pre-allocated files containing garbage. In any case, they are not part
    5472             :      * of the new timeline's history so we don't need them.
    5473             :      */
    5474          96 :     RemoveNonParentXlogFiles(EndOfLog, newTLI);
    5475             : 
    5476             :     /*
    5477             :      * If the switch happened in the middle of a segment, what to do with the
    5478             :      * last, partial segment on the old timeline? If we don't archive it, and
    5479             :      * the server that created the WAL never archives it either (e.g. because
    5480             :      * it was hit by a meteor), it will never make it to the archive. That's
    5481             :      * OK from our point of view, because the new segment that we created with
    5482             :      * the new TLI contains all the WAL from the old timeline up to the switch
    5483             :      * point. But if you later try to do PITR to the "missing" WAL on the old
    5484             :      * timeline, recovery won't find it in the archive. It's physically
    5485             :      * present in the new file with new TLI, but recovery won't look there
    5486             :      * when it's recovering to the older timeline. On the other hand, if we
    5487             :      * archive the partial segment, and the original server on that timeline
    5488             :      * is still running and archives the completed version of the same segment
    5489             :      * later, it will fail. (We used to do that in 9.4 and below, and it
    5490             :      * caused such problems).
    5491             :      *
    5492             :      * As a compromise, we rename the last segment with the .partial suffix,
    5493             :      * and archive it. Archive recovery will never try to read .partial
    5494             :      * segments, so they will normally go unused. But in the odd PITR case,
    5495             :      * the administrator can copy them manually to the pg_wal directory
    5496             :      * (removing the suffix). They can be useful in debugging, too.
    5497             :      *
    5498             :      * If a .done or .ready file already exists for the old timeline, however,
    5499             :      * we had already determined that the segment is complete, so we can let
    5500             :      * it be archived normally. (In particular, if it was restored from the
    5501             :      * archive to begin with, it's expected to have a .done file).
    5502             :      */
    5503          96 :     if (XLogSegmentOffset(EndOfLog, wal_segment_size) != 0 &&
    5504             :         XLogArchivingActive())
    5505             :     {
    5506             :         char        origfname[MAXFNAMELEN];
    5507             :         XLogSegNo   endLogSegNo;
    5508             : 
    5509          18 :         XLByteToPrevSeg(EndOfLog, endLogSegNo, wal_segment_size);
    5510          18 :         XLogFileName(origfname, EndOfLogTLI, endLogSegNo, wal_segment_size);
    5511             : 
    5512          18 :         if (!XLogArchiveIsReadyOrDone(origfname))
    5513             :         {
    5514             :             char        origpath[MAXPGPATH];
    5515             :             char        partialfname[MAXFNAMELEN];
    5516             :             char        partialpath[MAXPGPATH];
    5517             : 
    5518             :             /*
    5519             :              * If we're summarizing WAL, we can't rename the partial file
    5520             :              * until the summarizer finishes with it, else it will fail.
    5521             :              */
    5522          10 :             if (summarize_wal)
    5523           2 :                 WaitForWalSummarization(EndOfLog);
    5524             : 
    5525          10 :             XLogFilePath(origpath, EndOfLogTLI, endLogSegNo, wal_segment_size);
    5526          10 :             snprintf(partialfname, MAXFNAMELEN, "%s.partial", origfname);
    5527          10 :             snprintf(partialpath, MAXPGPATH, "%s.partial", origpath);
    5528             : 
    5529             :             /*
    5530             :              * Make sure there's no .done or .ready file for the .partial
    5531             :              * file.
    5532             :              */
    5533          10 :             XLogArchiveCleanup(partialfname);
    5534             : 
    5535          10 :             durable_rename(origpath, partialpath, ERROR);
    5536          10 :             XLogArchiveNotify(partialfname);
    5537             :         }
    5538             :     }
    5539          96 : }
    5540             : 
    5541             : /*
    5542             :  * Check to see if required parameters are set high enough on this server
    5543             :  * for various aspects of recovery operation.
    5544             :  *
    5545             :  * Note that all the parameters which this function tests need to be
    5546             :  * listed in Administrator's Overview section in high-availability.sgml.
    5547             :  * If you change them, don't forget to update the list.
    5548             :  */
    5549             : static void
    5550         490 : CheckRequiredParameterValues(void)
    5551             : {
    5552             :     /*
    5553             :      * For archive recovery, the WAL must be generated with at least 'replica'
    5554             :      * wal_level.
    5555             :      */
    5556         490 :     if (ArchiveRecoveryRequested && ControlFile->wal_level == WAL_LEVEL_MINIMAL)
    5557             :     {
    5558           4 :         ereport(FATAL,
    5559             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    5560             :                  errmsg("WAL was generated with \"wal_level=minimal\", cannot continue recovering"),
    5561             :                  errdetail("This happens if you temporarily set \"wal_level=minimal\" on the server."),
    5562             :                  errhint("Use a backup taken after setting \"wal_level\" to higher than \"minimal\".")));
    5563             :     }
    5564             : 
    5565             :     /*
    5566             :      * For Hot Standby, the WAL must be generated with 'replica' mode, and we
    5567             :      * must have at least as many backend slots as the primary.
    5568             :      */
    5569         486 :     if (ArchiveRecoveryRequested && EnableHotStandby)
    5570             :     {
    5571             :         /* We ignore autovacuum_worker_slots when we make this test. */
    5572         244 :         RecoveryRequiresIntParameter("max_connections",
    5573             :                                      MaxConnections,
    5574         244 :                                      ControlFile->MaxConnections);
    5575         244 :         RecoveryRequiresIntParameter("max_worker_processes",
    5576             :                                      max_worker_processes,
    5577         244 :                                      ControlFile->max_worker_processes);
    5578         244 :         RecoveryRequiresIntParameter("max_wal_senders",
    5579             :                                      max_wal_senders,
    5580         244 :                                      ControlFile->max_wal_senders);
    5581         244 :         RecoveryRequiresIntParameter("max_prepared_transactions",
    5582             :                                      max_prepared_xacts,
    5583         244 :                                      ControlFile->max_prepared_xacts);
    5584         244 :         RecoveryRequiresIntParameter("max_locks_per_transaction",
    5585             :                                      max_locks_per_xact,
    5586         244 :                                      ControlFile->max_locks_per_xact);
    5587             :     }
    5588         486 : }
    5589             : 
    5590             : /*
    5591             :  * This must be called ONCE during postmaster or standalone-backend startup
    5592             :  */
    5593             : void
    5594        1864 : StartupXLOG(void)
    5595             : {
    5596             :     XLogCtlInsert *Insert;
    5597             :     CheckPoint  checkPoint;
    5598             :     bool        wasShutdown;
    5599             :     bool        didCrash;
    5600             :     bool        haveTblspcMap;
    5601             :     bool        haveBackupLabel;
    5602             :     XLogRecPtr  EndOfLog;
    5603             :     TimeLineID  EndOfLogTLI;
    5604             :     TimeLineID  newTLI;
    5605             :     bool        performedWalRecovery;
    5606             :     EndOfWalRecoveryInfo *endOfRecoveryInfo;
    5607             :     XLogRecPtr  abortedRecPtr;
    5608             :     XLogRecPtr  missingContrecPtr;
    5609             :     TransactionId oldestActiveXID;
    5610        1864 :     bool        promoted = false;
    5611             : 
    5612             :     /*
    5613             :      * We should have an aux process resource owner to use, and we should not
    5614             :      * be in a transaction that's installed some other resowner.
    5615             :      */
    5616             :     Assert(AuxProcessResourceOwner != NULL);
    5617             :     Assert(CurrentResourceOwner == NULL ||
    5618             :            CurrentResourceOwner == AuxProcessResourceOwner);
    5619        1864 :     CurrentResourceOwner = AuxProcessResourceOwner;
    5620             : 
    5621             :     /*
    5622             :      * Check that contents look valid.
    5623             :      */
    5624        1864 :     if (!XRecOffIsValid(ControlFile->checkPoint))
    5625           0 :         ereport(FATAL,
    5626             :                 (errcode(ERRCODE_DATA_CORRUPTED),
    5627             :                  errmsg("control file contains invalid checkpoint location")));
    5628             : 
    5629        1864 :     switch (ControlFile->state)
    5630             :     {
    5631        1450 :         case DB_SHUTDOWNED:
    5632             : 
    5633             :             /*
    5634             :              * This is the expected case, so don't be chatty in standalone
    5635             :              * mode
    5636             :              */
    5637        1450 :             ereport(IsPostmasterEnvironment ? LOG : NOTICE,
    5638             :                     (errmsg("database system was shut down at %s",
    5639             :                             str_time(ControlFile->time))));
    5640        1450 :             break;
    5641             : 
    5642          64 :         case DB_SHUTDOWNED_IN_RECOVERY:
    5643          64 :             ereport(LOG,
    5644             :                     (errmsg("database system was shut down in recovery at %s",
    5645             :                             str_time(ControlFile->time))));
    5646          64 :             break;
    5647             : 
    5648           0 :         case DB_SHUTDOWNING:
    5649           0 :             ereport(LOG,
    5650             :                     (errmsg("database system shutdown was interrupted; last known up at %s",
    5651             :                             str_time(ControlFile->time))));
    5652           0 :             break;
    5653             : 
    5654           0 :         case DB_IN_CRASH_RECOVERY:
    5655           0 :             ereport(LOG,
    5656             :                     (errmsg("database system was interrupted while in recovery at %s",
    5657             :                             str_time(ControlFile->time)),
    5658             :                      errhint("This probably means that some data is corrupted and"
    5659             :                              " you will have to use the last backup for recovery.")));
    5660           0 :             break;
    5661             : 
    5662          12 :         case DB_IN_ARCHIVE_RECOVERY:
    5663          12 :             ereport(LOG,
    5664             :                     (errmsg("database system was interrupted while in recovery at log time %s",
    5665             :                             str_time(ControlFile->checkPointCopy.time)),
    5666             :                      errhint("If this has occurred more than once some data might be corrupted"
    5667             :                              " and you might need to choose an earlier recovery target.")));
    5668          12 :             break;
    5669             : 
    5670         338 :         case DB_IN_PRODUCTION:
    5671         338 :             ereport(LOG,
    5672             :                     (errmsg("database system was interrupted; last known up at %s",
    5673             :                             str_time(ControlFile->time))));
    5674         338 :             break;
    5675             : 
    5676           0 :         default:
    5677           0 :             ereport(FATAL,
    5678             :                     (errcode(ERRCODE_DATA_CORRUPTED),
    5679             :                      errmsg("control file contains invalid database cluster state")));
    5680             :     }
    5681             : 
    5682             :     /* This is just to allow attaching to startup process with a debugger */
    5683             : #ifdef XLOG_REPLAY_DELAY
    5684             :     if (ControlFile->state != DB_SHUTDOWNED)
    5685             :         pg_usleep(60000000L);
    5686             : #endif
    5687             : 
    5688             :     /*
    5689             :      * Verify that pg_wal, pg_wal/archive_status, and pg_wal/summaries exist.
    5690             :      * In cases where someone has performed a copy for PITR, these directories
    5691             :      * may have been excluded and need to be re-created.
    5692             :      */
    5693        1864 :     ValidateXLOGDirectoryStructure();
    5694             : 
    5695             :     /* Set up timeout handler needed to report startup progress. */
    5696        1864 :     if (!IsBootstrapProcessingMode())
    5697        1762 :         RegisterTimeout(STARTUP_PROGRESS_TIMEOUT,
    5698             :                         startup_progress_timeout_handler);
    5699             : 
    5700             :     /*----------
    5701             :      * If we previously crashed, perform a couple of actions:
    5702             :      *
    5703             :      * - The pg_wal directory may still include some temporary WAL segments
    5704             :      *   used when creating a new segment, so perform some clean up to not
    5705             :      *   bloat this path.  This is done first as there is no point to sync
    5706             :      *   this temporary data.
    5707             :      *
    5708             :      * - There might be data which we had written, intending to fsync it, but
    5709             :      *   which we had not actually fsync'd yet.  Therefore, a power failure in
    5710             :      *   the near future might cause earlier unflushed writes to be lost, even
    5711             :      *   though more recent data written to disk from here on would be
    5712             :      *   persisted.  To avoid that, fsync the entire data directory.
    5713             :      */
    5714        1864 :     if (ControlFile->state != DB_SHUTDOWNED &&
    5715         414 :         ControlFile->state != DB_SHUTDOWNED_IN_RECOVERY)
    5716             :     {
    5717         350 :         RemoveTempXlogFiles();
    5718         350 :         SyncDataDirectory();
    5719         350 :         didCrash = true;
    5720             :     }
    5721             :     else
    5722        1514 :         didCrash = false;
    5723             : 
    5724             :     /*
    5725             :      * Prepare for WAL recovery if needed.
    5726             :      *
    5727             :      * InitWalRecovery analyzes the control file and the backup label file, if
    5728             :      * any.  It updates the in-memory ControlFile buffer according to the
    5729             :      * starting checkpoint, and sets InRecovery and ArchiveRecoveryRequested.
    5730             :      * It also applies the tablespace map file, if any.
    5731             :      */
    5732        1864 :     InitWalRecovery(ControlFile, &wasShutdown,
    5733             :                     &haveBackupLabel, &haveTblspcMap);
    5734        1864 :     checkPoint = ControlFile->checkPointCopy;
    5735             : 
    5736             :     /* initialize shared memory variables from the checkpoint record */
    5737        1864 :     TransamVariables->nextXid = checkPoint.nextXid;
    5738        1864 :     TransamVariables->nextOid = checkPoint.nextOid;
    5739        1864 :     TransamVariables->oidCount = 0;
    5740        1864 :     MultiXactSetNextMXact(checkPoint.nextMulti, checkPoint.nextMultiOffset);
    5741        1864 :     AdvanceOldestClogXid(checkPoint.oldestXid);
    5742        1864 :     SetTransactionIdLimit(checkPoint.oldestXid, checkPoint.oldestXidDB);
    5743        1864 :     SetMultiXactIdLimit(checkPoint.oldestMulti, checkPoint.oldestMultiDB, true);
    5744        1864 :     SetCommitTsLimit(checkPoint.oldestCommitTsXid,
    5745             :                      checkPoint.newestCommitTsXid);
    5746             : 
    5747             :     /*
    5748             :      * Clear out any old relcache cache files.  This is *necessary* if we do
    5749             :      * any WAL replay, since that would probably result in the cache files
    5750             :      * being out of sync with database reality.  In theory we could leave them
    5751             :      * in place if the database had been cleanly shut down, but it seems
    5752             :      * safest to just remove them always and let them be rebuilt during the
    5753             :      * first backend startup.  These files needs to be removed from all
    5754             :      * directories including pg_tblspc, however the symlinks are created only
    5755             :      * after reading tablespace_map file in case of archive recovery from
    5756             :      * backup, so needs to clear old relcache files here after creating
    5757             :      * symlinks.
    5758             :      */
    5759        1864 :     RelationCacheInitFileRemove();
    5760             : 
    5761             :     /*
    5762             :      * Initialize replication slots, before there's a chance to remove
    5763             :      * required resources.
    5764             :      */
    5765        1864 :     StartupReplicationSlots();
    5766             : 
    5767             :     /*
    5768             :      * Startup logical state, needs to be setup now so we have proper data
    5769             :      * during crash recovery.
    5770             :      */
    5771        1862 :     StartupReorderBuffer();
    5772             : 
    5773             :     /*
    5774             :      * Startup CLOG. This must be done after TransamVariables->nextXid has
    5775             :      * been initialized and before we accept connections or begin WAL replay.
    5776             :      */
    5777        1862 :     StartupCLOG();
    5778             : 
    5779             :     /*
    5780             :      * Startup MultiXact. We need to do this early to be able to replay
    5781             :      * truncations.
    5782             :      */
    5783        1862 :     StartupMultiXact();
    5784             : 
    5785             :     /*
    5786             :      * Ditto for commit timestamps.  Activate the facility if the setting is
    5787             :      * enabled in the control file, as there should be no tracking of commit
    5788             :      * timestamps done when the setting was disabled.  This facility can be
    5789             :      * started or stopped when replaying a XLOG_PARAMETER_CHANGE record.
    5790             :      */
    5791        1862 :     if (ControlFile->track_commit_timestamp)
    5792          26 :         StartupCommitTs();
    5793             : 
    5794             :     /*
    5795             :      * Recover knowledge about replay progress of known replication partners.
    5796             :      */
    5797        1862 :     StartupReplicationOrigin();
    5798             : 
    5799             :     /*
    5800             :      * Initialize unlogged LSN. On a clean shutdown, it's restored from the
    5801             :      * control file. On recovery, all unlogged relations are blown away, so
    5802             :      * the unlogged LSN counter can be reset too.
    5803             :      */
    5804        1862 :     if (ControlFile->state == DB_SHUTDOWNED)
    5805        1436 :         pg_atomic_write_membarrier_u64(&XLogCtl->unloggedLSN,
    5806        1436 :                                        ControlFile->unloggedLSN);
    5807             :     else
    5808         426 :         pg_atomic_write_membarrier_u64(&XLogCtl->unloggedLSN,
    5809             :                                        FirstNormalUnloggedLSN);
    5810             : 
    5811             :     /*
    5812             :      * Copy any missing timeline history files between 'now' and the recovery
    5813             :      * target timeline from archive to pg_wal. While we don't need those files
    5814             :      * ourselves - the history file of the recovery target timeline covers all
    5815             :      * the previous timelines in the history too - a cascading standby server
    5816             :      * might be interested in them. Or, if you archive the WAL from this
    5817             :      * server to a different archive than the primary, it'd be good for all
    5818             :      * the history files to get archived there after failover, so that you can
    5819             :      * use one of the old timelines as a PITR target. Timeline history files
    5820             :      * are small, so it's better to copy them unnecessarily than not copy them
    5821             :      * and regret later.
    5822             :      */
    5823        1862 :     restoreTimeLineHistoryFiles(checkPoint.ThisTimeLineID, recoveryTargetTLI);
    5824             : 
    5825             :     /*
    5826             :      * Before running in recovery, scan pg_twophase and fill in its status to
    5827             :      * be able to work on entries generated by redo.  Doing a scan before
    5828             :      * taking any recovery action has the merit to discard any 2PC files that
    5829             :      * are newer than the first record to replay, saving from any conflicts at
    5830             :      * replay.  This avoids as well any subsequent scans when doing recovery
    5831             :      * of the on-disk two-phase data.
    5832             :      */
    5833        1862 :     restoreTwoPhaseData();
    5834             : 
    5835             :     /*
    5836             :      * When starting with crash recovery, reset pgstat data - it might not be
    5837             :      * valid. Otherwise restore pgstat data. It's safe to do this here,
    5838             :      * because postmaster will not yet have started any other processes.
    5839             :      *
    5840             :      * NB: Restoring replication slot stats relies on slot state to have
    5841             :      * already been restored from disk.
    5842             :      *
    5843             :      * TODO: With a bit of extra work we could just start with a pgstat file
    5844             :      * associated with the checkpoint redo location we're starting from.
    5845             :      */
    5846        1862 :     if (didCrash)
    5847         350 :         pgstat_discard_stats();
    5848             :     else
    5849        1512 :         pgstat_restore_stats();
    5850             : 
    5851        1862 :     lastFullPageWrites = checkPoint.fullPageWrites;
    5852             : 
    5853        1862 :     RedoRecPtr = XLogCtl->RedoRecPtr = XLogCtl->Insert.RedoRecPtr = checkPoint.redo;
    5854        1862 :     doPageWrites = lastFullPageWrites;
    5855             : 
    5856             :     /* REDO */
    5857        1862 :     if (InRecovery)
    5858             :     {
    5859             :         /* Initialize state for RecoveryInProgress() */
    5860         426 :         SpinLockAcquire(&XLogCtl->info_lck);
    5861         426 :         if (InArchiveRecovery)
    5862         222 :             XLogCtl->SharedRecoveryState = RECOVERY_STATE_ARCHIVE;
    5863             :         else
    5864         204 :             XLogCtl->SharedRecoveryState = RECOVERY_STATE_CRASH;
    5865         426 :         SpinLockRelease(&XLogCtl->info_lck);
    5866             : 
    5867             :         /*
    5868             :          * Update pg_control to show that we are recovering and to show the
    5869             :          * selected checkpoint as the place we are starting from. We also mark
    5870             :          * pg_control with any minimum recovery stop point obtained from a
    5871             :          * backup history file.
    5872             :          *
    5873             :          * No need to hold ControlFileLock yet, we aren't up far enough.
    5874             :          */
    5875         426 :         UpdateControlFile();
    5876             : 
    5877             :         /*
    5878             :          * If there was a backup label file, it's done its job and the info
    5879             :          * has now been propagated into pg_control.  We must get rid of the
    5880             :          * label file so that if we crash during recovery, we'll pick up at
    5881             :          * the latest recovery restartpoint instead of going all the way back
    5882             :          * to the backup start point.  It seems prudent though to just rename
    5883             :          * the file out of the way rather than delete it completely.
    5884             :          */
    5885         426 :         if (haveBackupLabel)
    5886             :         {
    5887         142 :             unlink(BACKUP_LABEL_OLD);
    5888         142 :             durable_rename(BACKUP_LABEL_FILE, BACKUP_LABEL_OLD, FATAL);
    5889             :         }
    5890             : 
    5891             :         /*
    5892             :          * If there was a tablespace_map file, it's done its job and the
    5893             :          * symlinks have been created.  We must get rid of the map file so
    5894             :          * that if we crash during recovery, we don't create symlinks again.
    5895             :          * It seems prudent though to just rename the file out of the way
    5896             :          * rather than delete it completely.
    5897             :          */
    5898         426 :         if (haveTblspcMap)
    5899             :         {
    5900           4 :             unlink(TABLESPACE_MAP_OLD);
    5901           4 :             durable_rename(TABLESPACE_MAP, TABLESPACE_MAP_OLD, FATAL);
    5902             :         }
    5903             : 
    5904             :         /*
    5905             :          * Initialize our local copy of minRecoveryPoint.  When doing crash
    5906             :          * recovery we want to replay up to the end of WAL.  Particularly, in
    5907             :          * the case of a promoted standby minRecoveryPoint value in the
    5908             :          * control file is only updated after the first checkpoint.  However,
    5909             :          * if the instance crashes before the first post-recovery checkpoint
    5910             :          * is completed then recovery will use a stale location causing the
    5911             :          * startup process to think that there are still invalid page
    5912             :          * references when checking for data consistency.
    5913             :          */
    5914         426 :         if (InArchiveRecovery)
    5915             :         {
    5916         222 :             LocalMinRecoveryPoint = ControlFile->minRecoveryPoint;
    5917         222 :             LocalMinRecoveryPointTLI = ControlFile->minRecoveryPointTLI;
    5918             :         }
    5919             :         else
    5920             :         {
    5921         204 :             LocalMinRecoveryPoint = InvalidXLogRecPtr;
    5922         204 :             LocalMinRecoveryPointTLI = 0;
    5923             :         }
    5924             : 
    5925             :         /* Check that the GUCs used to generate the WAL allow recovery */
    5926         426 :         CheckRequiredParameterValues();
    5927             : 
    5928             :         /*
    5929             :          * We're in recovery, so unlogged relations may be trashed and must be
    5930             :          * reset.  This should be done BEFORE allowing Hot Standby
    5931             :          * connections, so that read-only backends don't try to read whatever
    5932             :          * garbage is left over from before.
    5933             :          */
    5934         426 :         ResetUnloggedRelations(UNLOGGED_RELATION_CLEANUP);
    5935             : 
    5936             :         /*
    5937             :          * Likewise, delete any saved transaction snapshot files that got left
    5938             :          * behind by crashed backends.
    5939             :          */
    5940         426 :         DeleteAllExportedSnapshotFiles();
    5941             : 
    5942             :         /*
    5943             :          * Initialize for Hot Standby, if enabled. We won't let backends in
    5944             :          * yet, not until we've reached the min recovery point specified in
    5945             :          * control file and we've established a recovery snapshot from a
    5946             :          * running-xacts WAL record.
    5947             :          */
    5948         426 :         if (ArchiveRecoveryRequested && EnableHotStandby)
    5949             :         {
    5950             :             TransactionId *xids;
    5951             :             int         nxids;
    5952             : 
    5953         210 :             ereport(DEBUG1,
    5954             :                     (errmsg_internal("initializing for hot standby")));
    5955             : 
    5956         210 :             InitRecoveryTransactionEnvironment();
    5957             : 
    5958         210 :             if (wasShutdown)
    5959          52 :                 oldestActiveXID = PrescanPreparedTransactions(&xids, &nxids);
    5960             :             else
    5961         158 :                 oldestActiveXID = checkPoint.oldestActiveXid;
    5962             :             Assert(TransactionIdIsValid(oldestActiveXID));
    5963             : 
    5964             :             /* Tell procarray about the range of xids it has to deal with */
    5965         210 :             ProcArrayInitRecovery(XidFromFullTransactionId(TransamVariables->nextXid));
    5966             : 
    5967             :             /*
    5968             :              * Startup subtrans only.  CLOG, MultiXact and commit timestamp
    5969             :              * have already been started up and other SLRUs are not maintained
    5970             :              * during recovery and need not be started yet.
    5971             :              */
    5972         210 :             StartupSUBTRANS(oldestActiveXID);
    5973             : 
    5974             :             /*
    5975             :              * If we're beginning at a shutdown checkpoint, we know that
    5976             :              * nothing was running on the primary at this point. So fake-up an
    5977             :              * empty running-xacts record and use that here and now. Recover
    5978             :              * additional standby state for prepared transactions.
    5979             :              */
    5980         210 :             if (wasShutdown)
    5981             :             {
    5982             :                 RunningTransactionsData running;
    5983             :                 TransactionId latestCompletedXid;
    5984             : 
    5985             :                 /* Update pg_subtrans entries for any prepared transactions */
    5986          52 :                 StandbyRecoverPreparedTransactions();
    5987             : 
    5988             :                 /*
    5989             :                  * Construct a RunningTransactions snapshot representing a
    5990             :                  * shut down server, with only prepared transactions still
    5991             :                  * alive. We're never overflowed at this point because all
    5992             :                  * subxids are listed with their parent prepared transactions.
    5993             :                  */
    5994          52 :                 running.xcnt = nxids;
    5995          52 :                 running.subxcnt = 0;
    5996          52 :                 running.subxid_status = SUBXIDS_IN_SUBTRANS;
    5997          52 :                 running.nextXid = XidFromFullTransactionId(checkPoint.nextXid);
    5998          52 :                 running.oldestRunningXid = oldestActiveXID;
    5999          52 :                 latestCompletedXid = XidFromFullTransactionId(checkPoint.nextXid);
    6000          52 :                 TransactionIdRetreat(latestCompletedXid);
    6001             :                 Assert(TransactionIdIsNormal(latestCompletedXid));
    6002          52 :                 running.latestCompletedXid = latestCompletedXid;
    6003          52 :                 running.xids = xids;
    6004             : 
    6005          52 :                 ProcArrayApplyRecoveryInfo(&running);
    6006             :             }
    6007             :         }
    6008             : 
    6009             :         /*
    6010             :          * We're all set for replaying the WAL now. Do it.
    6011             :          */
    6012         426 :         PerformWalRecovery();
    6013         308 :         performedWalRecovery = true;
    6014             :     }
    6015             :     else
    6016        1436 :         performedWalRecovery = false;
    6017             : 
    6018             :     /*
    6019             :      * Finish WAL recovery.
    6020             :      */
    6021        1744 :     endOfRecoveryInfo = FinishWalRecovery();
    6022        1744 :     EndOfLog = endOfRecoveryInfo->endOfLog;
    6023        1744 :     EndOfLogTLI = endOfRecoveryInfo->endOfLogTLI;
    6024        1744 :     abortedRecPtr = endOfRecoveryInfo->abortedRecPtr;
    6025        1744 :     missingContrecPtr = endOfRecoveryInfo->missingContrecPtr;
    6026             : 
    6027             :     /*
    6028             :      * Reset ps status display, so as no information related to recovery shows
    6029             :      * up.
    6030             :      */
    6031        1744 :     set_ps_display("");
    6032             : 
    6033             :     /*
    6034             :      * When recovering from a backup (we are in recovery, and archive recovery
    6035             :      * was requested), complain if we did not roll forward far enough to reach
    6036             :      * the point where the database is consistent.  For regular online
    6037             :      * backup-from-primary, that means reaching the end-of-backup WAL record
    6038             :      * (at which point we reset backupStartPoint to be Invalid), for
    6039             :      * backup-from-replica (which can't inject records into the WAL stream),
    6040             :      * that point is when we reach the minRecoveryPoint in pg_control (which
    6041             :      * we purposefully copy last when backing up from a replica).  For
    6042             :      * pg_rewind (which creates a backup_label with a method of "pg_rewind")
    6043             :      * or snapshot-style backups (which don't), backupEndRequired will be set
    6044             :      * to false.
    6045             :      *
    6046             :      * Note: it is indeed okay to look at the local variable
    6047             :      * LocalMinRecoveryPoint here, even though ControlFile->minRecoveryPoint
    6048             :      * might be further ahead --- ControlFile->minRecoveryPoint cannot have
    6049             :      * been advanced beyond the WAL we processed.
    6050             :      */
    6051        1744 :     if (InRecovery &&
    6052         308 :         (EndOfLog < LocalMinRecoveryPoint ||
    6053         308 :          !XLogRecPtrIsInvalid(ControlFile->backupStartPoint)))
    6054             :     {
    6055             :         /*
    6056             :          * Ran off end of WAL before reaching end-of-backup WAL record, or
    6057             :          * minRecoveryPoint. That's a bad sign, indicating that you tried to
    6058             :          * recover from an online backup but never called pg_backup_stop(), or
    6059             :          * you didn't archive all the WAL needed.
    6060             :          */
    6061           0 :         if (ArchiveRecoveryRequested || ControlFile->backupEndRequired)
    6062             :         {
    6063           0 :             if (!XLogRecPtrIsInvalid(ControlFile->backupStartPoint) || ControlFile->backupEndRequired)
    6064           0 :                 ereport(FATAL,
    6065             :                         (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    6066             :                          errmsg("WAL ends before end of online backup"),
    6067             :                          errhint("All WAL generated while online backup was taken must be available at recovery.")));
    6068             :             else
    6069           0 :                 ereport(FATAL,
    6070             :                         (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    6071             :                          errmsg("WAL ends before consistent recovery point")));
    6072             :         }
    6073             :     }
    6074             : 
    6075             :     /*
    6076             :      * Reset unlogged relations to the contents of their INIT fork. This is
    6077             :      * done AFTER recovery is complete so as to include any unlogged relations
    6078             :      * created during recovery, but BEFORE recovery is marked as having
    6079             :      * completed successfully. Otherwise we'd not retry if any of the post
    6080             :      * end-of-recovery steps fail.
    6081             :      */
    6082        1744 :     if (InRecovery)
    6083         308 :         ResetUnloggedRelations(UNLOGGED_RELATION_INIT);
    6084             : 
    6085             :     /*
    6086             :      * Pre-scan prepared transactions to find out the range of XIDs present.
    6087             :      * This information is not quite needed yet, but it is positioned here so
    6088             :      * as potential problems are detected before any on-disk change is done.
    6089             :      */
    6090        1744 :     oldestActiveXID = PrescanPreparedTransactions(NULL, NULL);
    6091             : 
    6092             :     /*
    6093             :      * Allow ordinary WAL segment creation before possibly switching to a new
    6094             :      * timeline, which creates a new segment, and after the last ReadRecord().
    6095             :      */
    6096        1744 :     SetInstallXLogFileSegmentActive();
    6097             : 
    6098             :     /*
    6099             :      * Consider whether we need to assign a new timeline ID.
    6100             :      *
    6101             :      * If we did archive recovery, we always assign a new ID.  This handles a
    6102             :      * couple of issues.  If we stopped short of the end of WAL during
    6103             :      * recovery, then we are clearly generating a new timeline and must assign
    6104             :      * it a unique new ID.  Even if we ran to the end, modifying the current
    6105             :      * last segment is problematic because it may result in trying to
    6106             :      * overwrite an already-archived copy of that segment, and we encourage
    6107             :      * DBAs to make their archive_commands reject that.  We can dodge the
    6108             :      * problem by making the new active segment have a new timeline ID.
    6109             :      *
    6110             :      * In a normal crash recovery, we can just extend the timeline we were in.
    6111             :      */
    6112        1744 :     newTLI = endOfRecoveryInfo->lastRecTLI;
    6113        1744 :     if (ArchiveRecoveryRequested)
    6114             :     {
    6115          96 :         newTLI = findNewestTimeLine(recoveryTargetTLI) + 1;
    6116          96 :         ereport(LOG,
    6117             :                 (errmsg("selected new timeline ID: %u", newTLI)));
    6118             : 
    6119             :         /*
    6120             :          * Make a writable copy of the last WAL segment.  (Note that we also
    6121             :          * have a copy of the last block of the old WAL in
    6122             :          * endOfRecovery->lastPage; we will use that below.)
    6123             :          */
    6124          96 :         XLogInitNewTimeline(EndOfLogTLI, EndOfLog, newTLI);
    6125             : 
    6126             :         /*
    6127             :          * Remove the signal files out of the way, so that we don't
    6128             :          * accidentally re-enter archive recovery mode in a subsequent crash.
    6129             :          */
    6130          96 :         if (endOfRecoveryInfo->standby_signal_file_found)
    6131          90 :             durable_unlink(STANDBY_SIGNAL_FILE, FATAL);
    6132             : 
    6133          96 :         if (endOfRecoveryInfo->recovery_signal_file_found)
    6134           6 :             durable_unlink(RECOVERY_SIGNAL_FILE, FATAL);
    6135             : 
    6136             :         /*
    6137             :          * Write the timeline history file, and have it archived. After this
    6138             :          * point (or rather, as soon as the file is archived), the timeline
    6139             :          * will appear as "taken" in the WAL archive and to any standby
    6140             :          * servers.  If we crash before actually switching to the new
    6141             :          * timeline, standby servers will nevertheless think that we switched
    6142             :          * to the new timeline, and will try to connect to the new timeline.
    6143             :          * To minimize the window for that, try to do as little as possible
    6144             :          * between here and writing the end-of-recovery record.
    6145             :          */
    6146          96 :         writeTimeLineHistory(newTLI, recoveryTargetTLI,
    6147             :                              EndOfLog, endOfRecoveryInfo->recoveryStopReason);
    6148             : 
    6149          96 :         ereport(LOG,
    6150             :                 (errmsg("archive recovery complete")));
    6151             :     }
    6152             : 
    6153             :     /* Save the selected TimeLineID in shared memory, too */
    6154        1744 :     SpinLockAcquire(&XLogCtl->info_lck);
    6155        1744 :     XLogCtl->InsertTimeLineID = newTLI;
    6156        1744 :     XLogCtl->PrevTimeLineID = endOfRecoveryInfo->lastRecTLI;
    6157        1744 :     SpinLockRelease(&XLogCtl->info_lck);
    6158             : 
    6159             :     /*
    6160             :      * Actually, if WAL ended in an incomplete record, skip the parts that
    6161             :      * made it through and start writing after the portion that persisted.
    6162             :      * (It's critical to first write an OVERWRITE_CONTRECORD message, which
    6163             :      * we'll do as soon as we're open for writing new WAL.)
    6164             :      */
    6165        1744 :     if (!XLogRecPtrIsInvalid(missingContrecPtr))
    6166             :     {
    6167             :         /*
    6168             :          * We should only have a missingContrecPtr if we're not switching to a
    6169             :          * new timeline. When a timeline switch occurs, WAL is copied from the
    6170             :          * old timeline to the new only up to the end of the last complete
    6171             :          * record, so there can't be an incomplete WAL record that we need to
    6172             :          * disregard.
    6173             :          */
    6174             :         Assert(newTLI == endOfRecoveryInfo->lastRecTLI);
    6175             :         Assert(!XLogRecPtrIsInvalid(abortedRecPtr));
    6176          20 :         EndOfLog = missingContrecPtr;
    6177             :     }
    6178             : 
    6179             :     /*
    6180             :      * Prepare to write WAL starting at EndOfLog location, and init xlog
    6181             :      * buffer cache using the block containing the last record from the
    6182             :      * previous incarnation.
    6183             :      */
    6184        1744 :     Insert = &XLogCtl->Insert;
    6185        1744 :     Insert->PrevBytePos = XLogRecPtrToBytePos(endOfRecoveryInfo->lastRec);
    6186        1744 :     Insert->CurrBytePos = XLogRecPtrToBytePos(EndOfLog);
    6187             : 
    6188             :     /*
    6189             :      * Tricky point here: lastPage contains the *last* block that the LastRec
    6190             :      * record spans, not the one it starts in.  The last block is indeed the
    6191             :      * one we want to use.
    6192             :      */
    6193        1744 :     if (EndOfLog % XLOG_BLCKSZ != 0)
    6194             :     {
    6195             :         char       *page;
    6196             :         int         len;
    6197             :         int         firstIdx;
    6198             : 
    6199        1688 :         firstIdx = XLogRecPtrToBufIdx(EndOfLog);
    6200        1688 :         len = EndOfLog - endOfRecoveryInfo->lastPageBeginPtr;
    6201             :         Assert(len < XLOG_BLCKSZ);
    6202             : 
    6203             :         /* Copy the valid part of the last block, and zero the rest */
    6204        1688 :         page = &XLogCtl->pages[firstIdx * XLOG_BLCKSZ];
    6205        1688 :         memcpy(page, endOfRecoveryInfo->lastPage, len);
    6206        1688 :         memset(page + len, 0, XLOG_BLCKSZ - len);
    6207             : 
    6208        1688 :         pg_atomic_write_u64(&XLogCtl->xlblocks[firstIdx], endOfRecoveryInfo->lastPageBeginPtr + XLOG_BLCKSZ);
    6209        1688 :         pg_atomic_write_u64(&XLogCtl->InitializedUpTo, endOfRecoveryInfo->lastPageBeginPtr + XLOG_BLCKSZ);
    6210        1688 :         XLogCtl->InitializedFrom = endOfRecoveryInfo->lastPageBeginPtr;
    6211             :     }
    6212             :     else
    6213             :     {
    6214             :         /*
    6215             :          * There is no partial block to copy. Just set InitializedUpTo, and
    6216             :          * let the first attempt to insert a log record to initialize the next
    6217             :          * buffer.
    6218             :          */
    6219          56 :         pg_atomic_write_u64(&XLogCtl->InitializedUpTo, EndOfLog);
    6220          56 :         XLogCtl->InitializedFrom = EndOfLog;
    6221             :     }
    6222        1744 :     pg_atomic_write_u64(&XLogCtl->InitializeReserved, pg_atomic_read_u64(&XLogCtl->InitializedUpTo));
    6223             : 
    6224             :     /*
    6225             :      * Update local and shared status.  This is OK to do without any locks
    6226             :      * because no other process can be reading or writing WAL yet.
    6227             :      */
    6228        1744 :     LogwrtResult.Write = LogwrtResult.Flush = EndOfLog;
    6229        1744 :     pg_atomic_write_u64(&XLogCtl->logInsertResult, EndOfLog);
    6230        1744 :     pg_atomic_write_u64(&XLogCtl->logWriteResult, EndOfLog);
    6231        1744 :     pg_atomic_write_u64(&XLogCtl->logFlushResult, EndOfLog);
    6232        1744 :     XLogCtl->LogwrtRqst.Write = EndOfLog;
    6233        1744 :     XLogCtl->LogwrtRqst.Flush = EndOfLog;
    6234             : 
    6235             :     /*
    6236             :      * Preallocate additional log files, if wanted.
    6237             :      */
    6238        1744 :     PreallocXlogFiles(EndOfLog, newTLI);
    6239             : 
    6240             :     /*
    6241             :      * Okay, we're officially UP.
    6242             :      */
    6243        1744 :     InRecovery = false;
    6244             : 
    6245             :     /* start the archive_timeout timer and LSN running */
    6246        1744 :     XLogCtl->lastSegSwitchTime = (pg_time_t) time(NULL);
    6247        1744 :     XLogCtl->lastSegSwitchLSN = EndOfLog;
    6248             : 
    6249             :     /* also initialize latestCompletedXid, to nextXid - 1 */
    6250        1744 :     LWLockAcquire(ProcArrayLock, LW_EXCLUSIVE);
    6251        1744 :     TransamVariables->latestCompletedXid = TransamVariables->nextXid;
    6252        1744 :     FullTransactionIdRetreat(&TransamVariables->latestCompletedXid);
    6253        1744 :     LWLockRelease(ProcArrayLock);
    6254             : 
    6255             :     /*
    6256             :      * Start up subtrans, if not already done for hot standby.  (commit
    6257             :      * timestamps are started below, if necessary.)
    6258             :      */
    6259        1744 :     if (standbyState == STANDBY_DISABLED)
    6260        1648 :         StartupSUBTRANS(oldestActiveXID);
    6261             : 
    6262             :     /*
    6263             :      * Perform end of recovery actions for any SLRUs that need it.
    6264             :      */
    6265        1744 :     TrimCLOG();
    6266        1744 :     TrimMultiXact();
    6267             : 
    6268             :     /*
    6269             :      * Reload shared-memory state for prepared transactions.  This needs to
    6270             :      * happen before renaming the last partial segment of the old timeline as
    6271             :      * it may be possible that we have to recover some transactions from it.
    6272             :      */
    6273        1744 :     RecoverPreparedTransactions();
    6274             : 
    6275             :     /* Shut down xlogreader */
    6276        1744 :     ShutdownWalRecovery();
    6277             : 
    6278             :     /* Enable WAL writes for this backend only. */
    6279        1744 :     LocalSetXLogInsertAllowed();
    6280             : 
    6281             :     /* If necessary, write overwrite-contrecord before doing anything else */
    6282        1744 :     if (!XLogRecPtrIsInvalid(abortedRecPtr))
    6283             :     {
    6284             :         Assert(!XLogRecPtrIsInvalid(missingContrecPtr));
    6285          20 :         CreateOverwriteContrecordRecord(abortedRecPtr, missingContrecPtr, newTLI);
    6286             :     }
    6287             : 
    6288             :     /*
    6289             :      * Update full_page_writes in shared memory and write an XLOG_FPW_CHANGE
    6290             :      * record before resource manager writes cleanup WAL records or checkpoint
    6291             :      * record is written.
    6292             :      */
    6293        1744 :     Insert->fullPageWrites = lastFullPageWrites;
    6294        1744 :     UpdateFullPageWrites();
    6295             : 
    6296             :     /*
    6297             :      * Emit checkpoint or end-of-recovery record in XLOG, if required.
    6298             :      */
    6299        1744 :     if (performedWalRecovery)
    6300         308 :         promoted = PerformRecoveryXLogAction();
    6301             : 
    6302             :     /*
    6303             :      * If any of the critical GUCs have changed, log them before we allow
    6304             :      * backends to write WAL.
    6305             :      */
    6306        1744 :     XLogReportParameters();
    6307             : 
    6308             :     /* If this is archive recovery, perform post-recovery cleanup actions. */
    6309        1744 :     if (ArchiveRecoveryRequested)
    6310          96 :         CleanupAfterArchiveRecovery(EndOfLogTLI, EndOfLog, newTLI);
    6311             : 
    6312             :     /*
    6313             :      * Local WAL inserts enabled, so it's time to finish initialization of
    6314             :      * commit timestamp.
    6315             :      */
    6316        1744 :     CompleteCommitTsInitialization();
    6317             : 
    6318             :     /*
    6319             :      * All done with end-of-recovery actions.
    6320             :      *
    6321             :      * Now allow backends to write WAL and update the control file status in
    6322             :      * consequence.  SharedRecoveryState, that controls if backends can write
    6323             :      * WAL, is updated while holding ControlFileLock to prevent other backends
    6324             :      * to look at an inconsistent state of the control file in shared memory.
    6325             :      * There is still a small window during which backends can write WAL and
    6326             :      * the control file is still referring to a system not in DB_IN_PRODUCTION
    6327             :      * state while looking at the on-disk control file.
    6328             :      *
    6329             :      * Also, we use info_lck to update SharedRecoveryState to ensure that
    6330             :      * there are no race conditions concerning visibility of other recent
    6331             :      * updates to shared memory.
    6332             :      */
    6333        1744 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    6334        1744 :     ControlFile->state = DB_IN_PRODUCTION;
    6335             : 
    6336        1744 :     SpinLockAcquire(&XLogCtl->info_lck);
    6337        1744 :     XLogCtl->SharedRecoveryState = RECOVERY_STATE_DONE;
    6338        1744 :     SpinLockRelease(&XLogCtl->info_lck);
    6339             : 
    6340        1744 :     UpdateControlFile();
    6341        1744 :     LWLockRelease(ControlFileLock);
    6342             : 
    6343             :     /*
    6344             :      * Shutdown the recovery environment.  This must occur after
    6345             :      * RecoverPreparedTransactions() (see notes in lock_twophase_recover())
    6346             :      * and after switching SharedRecoveryState to RECOVERY_STATE_DONE so as
    6347             :      * any session building a snapshot will not rely on KnownAssignedXids as
    6348             :      * RecoveryInProgress() would return false at this stage.  This is
    6349             :      * particularly critical for prepared 2PC transactions, that would still
    6350             :      * need to be included in snapshots once recovery has ended.
    6351             :      */
    6352        1744 :     if (standbyState != STANDBY_DISABLED)
    6353          96 :         ShutdownRecoveryTransactionEnvironment();
    6354             : 
    6355             :     /*
    6356             :      * If there were cascading standby servers connected to us, nudge any wal
    6357             :      * sender processes to notice that we've been promoted.
    6358             :      */
    6359        1744 :     WalSndWakeup(true, true);
    6360             : 
    6361             :     /*
    6362             :      * If this was a promotion, request an (online) checkpoint now. This isn't
    6363             :      * required for consistency, but the last restartpoint might be far back,
    6364             :      * and in case of a crash, recovering from it might take a longer than is
    6365             :      * appropriate now that we're not in standby mode anymore.
    6366             :      */
    6367        1744 :     if (promoted)
    6368          82 :         RequestCheckpoint(CHECKPOINT_FORCE);
    6369        1744 : }
    6370             : 
    6371             : /*
    6372             :  * Callback from PerformWalRecovery(), called when we switch from crash
    6373             :  * recovery to archive recovery mode.  Updates the control file accordingly.
    6374             :  */
    6375             : void
    6376           4 : SwitchIntoArchiveRecovery(XLogRecPtr EndRecPtr, TimeLineID replayTLI)
    6377             : {
    6378             :     /* initialize minRecoveryPoint to this record */
    6379           4 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    6380           4 :     ControlFile->state = DB_IN_ARCHIVE_RECOVERY;
    6381           4 :     if (ControlFile->minRecoveryPoint < EndRecPtr)
    6382             :     {
    6383           4 :         ControlFile->minRecoveryPoint = EndRecPtr;
    6384           4 :         ControlFile->minRecoveryPointTLI = replayTLI;
    6385             :     }
    6386             :     /* update local copy */
    6387           4 :     LocalMinRecoveryPoint = ControlFile->minRecoveryPoint;
    6388           4 :     LocalMinRecoveryPointTLI = ControlFile->minRecoveryPointTLI;
    6389             : 
    6390             :     /*
    6391             :      * The startup process can update its local copy of minRecoveryPoint from
    6392             :      * this point.
    6393             :      */
    6394           4 :     updateMinRecoveryPoint = true;
    6395             : 
    6396           4 :     UpdateControlFile();
    6397             : 
    6398             :     /*
    6399             :      * We update SharedRecoveryState while holding the lock on ControlFileLock
    6400             :      * so both states are consistent in shared memory.
    6401             :      */
    6402           4 :     SpinLockAcquire(&XLogCtl->info_lck);
    6403           4 :     XLogCtl->SharedRecoveryState = RECOVERY_STATE_ARCHIVE;
    6404           4 :     SpinLockRelease(&XLogCtl->info_lck);
    6405             : 
    6406           4 :     LWLockRelease(ControlFileLock);
    6407           4 : }
    6408             : 
    6409             : /*
    6410             :  * Callback from PerformWalRecovery(), called when we reach the end of backup.
    6411             :  * Updates the control file accordingly.
    6412             :  */
    6413             : void
    6414         142 : ReachedEndOfBackup(XLogRecPtr EndRecPtr, TimeLineID tli)
    6415             : {
    6416             :     /*
    6417             :      * We have reached the end of base backup, as indicated by pg_control. The
    6418             :      * data on disk is now consistent (unless minRecoveryPoint is further
    6419             :      * ahead, which can happen if we crashed during previous recovery).  Reset
    6420             :      * backupStartPoint and backupEndPoint, and update minRecoveryPoint to
    6421             :      * make sure we don't allow starting up at an earlier point even if
    6422             :      * recovery is stopped and restarted soon after this.
    6423             :      */
    6424         142 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    6425             : 
    6426         142 :     if (ControlFile->minRecoveryPoint < EndRecPtr)
    6427             :     {
    6428         134 :         ControlFile->minRecoveryPoint = EndRecPtr;
    6429         134 :         ControlFile->minRecoveryPointTLI = tli;
    6430             :     }
    6431             : 
    6432         142 :     ControlFile->backupStartPoint = InvalidXLogRecPtr;
    6433         142 :     ControlFile->backupEndPoint = InvalidXLogRecPtr;
    6434         142 :     ControlFile->backupEndRequired = false;
    6435         142 :     UpdateControlFile();
    6436             : 
    6437         142 :     LWLockRelease(ControlFileLock);
    6438         142 : }
    6439             : 
    6440             : /*
    6441             :  * Perform whatever XLOG actions are necessary at end of REDO.
    6442             :  *
    6443             :  * The goal here is to make sure that we'll be able to recover properly if
    6444             :  * we crash again. If we choose to write a checkpoint, we'll write a shutdown
    6445             :  * checkpoint rather than an on-line one. This is not particularly critical,
    6446             :  * but since we may be assigning a new TLI, using a shutdown checkpoint allows
    6447             :  * us to have the rule that TLI only changes in shutdown checkpoints, which
    6448             :  * allows some extra error checking in xlog_redo.
    6449             :  */
    6450             : static bool
    6451         308 : PerformRecoveryXLogAction(void)
    6452             : {
    6453         308 :     bool        promoted = false;
    6454             : 
    6455             :     /*
    6456             :      * Perform a checkpoint to update all our recovery activity to disk.
    6457             :      *
    6458             :      * Note that we write a shutdown checkpoint rather than an on-line one.
    6459             :      * This is not particularly critical, but since we may be assigning a new
    6460             :      * TLI, using a shutdown checkpoint allows us to have the rule that TLI
    6461             :      * only changes in shutdown checkpoints, which allows some extra error
    6462             :      * checking in xlog_redo.
    6463             :      *
    6464             :      * In promotion, only create a lightweight end-of-recovery record instead
    6465             :      * of a full checkpoint. A checkpoint is requested later, after we're
    6466             :      * fully out of recovery mode and already accepting queries.
    6467             :      */
    6468         404 :     if (ArchiveRecoveryRequested && IsUnderPostmaster &&
    6469          96 :         PromoteIsTriggered())
    6470             :     {
    6471          82 :         promoted = true;
    6472             : 
    6473             :         /*
    6474             :          * Insert a special WAL record to mark the end of recovery, since we
    6475             :          * aren't doing a checkpoint. That means that the checkpointer process
    6476             :          * may likely be in the middle of a time-smoothed restartpoint and
    6477             :          * could continue to be for minutes after this.  That sounds strange,
    6478             :          * but the effect is roughly the same and it would be stranger to try
    6479             :          * to come out of the restartpoint and then checkpoint. We request a
    6480             :          * checkpoint later anyway, just for safety.
    6481             :          */
    6482          82 :         CreateEndOfRecoveryRecord();
    6483             :     }
    6484             :     else
    6485             :     {
    6486         226 :         RequestCheckpoint(CHECKPOINT_END_OF_RECOVERY |
    6487             :                           CHECKPOINT_FAST |
    6488             :                           CHECKPOINT_WAIT);
    6489             :     }
    6490             : 
    6491         308 :     return promoted;
    6492             : }
    6493             : 
    6494             : /*
    6495             :  * Is the system still in recovery?
    6496             :  *
    6497             :  * Unlike testing InRecovery, this works in any process that's connected to
    6498             :  * shared memory.
    6499             :  */
    6500             : bool
    6501   178382206 : RecoveryInProgress(void)
    6502             : {
    6503             :     /*
    6504             :      * We check shared state each time only until we leave recovery mode. We
    6505             :      * can't re-enter recovery, so there's no need to keep checking after the
    6506             :      * shared variable has once been seen false.
    6507             :      */
    6508   178382206 :     if (!LocalRecoveryInProgress)
    6509   173881926 :         return false;
    6510             :     else
    6511             :     {
    6512             :         /*
    6513             :          * use volatile pointer to make sure we make a fresh read of the
    6514             :          * shared variable.
    6515             :          */
    6516     4500280 :         volatile XLogCtlData *xlogctl = XLogCtl;
    6517             : 
    6518     4500280 :         LocalRecoveryInProgress = (xlogctl->SharedRecoveryState != RECOVERY_STATE_DONE);
    6519             : 
    6520             :         /*
    6521             :          * Note: We don't need a memory barrier when we're still in recovery.
    6522             :          * We might exit recovery immediately after return, so the caller
    6523             :          * can't rely on 'true' meaning that we're still in recovery anyway.
    6524             :          */
    6525             : 
    6526     4500280 :         return LocalRecoveryInProgress;
    6527             :     }
    6528             : }
    6529             : 
    6530             : /*
    6531             :  * Returns current recovery state from shared memory.
    6532             :  *
    6533             :  * This returned state is kept consistent with the contents of the control
    6534             :  * file.  See details about the possible values of RecoveryState in xlog.h.
    6535             :  */
    6536             : RecoveryState
    6537       41664 : GetRecoveryState(void)
    6538             : {
    6539             :     RecoveryState retval;
    6540             : 
    6541       41664 :     SpinLockAcquire(&XLogCtl->info_lck);
    6542       41664 :     retval = XLogCtl->SharedRecoveryState;
    6543       41664 :     SpinLockRelease(&XLogCtl->info_lck);
    6544             : 
    6545       41664 :     return retval;
    6546             : }
    6547             : 
    6548             : /*
    6549             :  * Is this process allowed to insert new WAL records?
    6550             :  *
    6551             :  * Ordinarily this is essentially equivalent to !RecoveryInProgress().
    6552             :  * But we also have provisions for forcing the result "true" or "false"
    6553             :  * within specific processes regardless of the global state.
    6554             :  */
    6555             : bool
    6556    61064540 : XLogInsertAllowed(void)
    6557             : {
    6558             :     /*
    6559             :      * If value is "unconditionally true" or "unconditionally false", just
    6560             :      * return it.  This provides the normal fast path once recovery is known
    6561             :      * done.
    6562             :      */
    6563    61064540 :     if (LocalXLogInsertAllowed >= 0)
    6564    60841782 :         return (bool) LocalXLogInsertAllowed;
    6565             : 
    6566             :     /*
    6567             :      * Else, must check to see if we're still in recovery.
    6568             :      */
    6569      222758 :     if (RecoveryInProgress())
    6570      206328 :         return false;
    6571             : 
    6572             :     /*
    6573             :      * On exit from recovery, reset to "unconditionally true", since there is
    6574             :      * no need to keep checking.
    6575             :      */
    6576       16430 :     LocalXLogInsertAllowed = 1;
    6577       16430 :     return true;
    6578             : }
    6579             : 
    6580             : /*
    6581             :  * Make XLogInsertAllowed() return true in the current process only.
    6582             :  *
    6583             :  * Note: it is allowed to switch LocalXLogInsertAllowed back to -1 later,
    6584             :  * and even call LocalSetXLogInsertAllowed() again after that.
    6585             :  *
    6586             :  * Returns the previous value of LocalXLogInsertAllowed.
    6587             :  */
    6588             : static int
    6589        1802 : LocalSetXLogInsertAllowed(void)
    6590             : {
    6591        1802 :     int         oldXLogAllowed = LocalXLogInsertAllowed;
    6592             : 
    6593        1802 :     LocalXLogInsertAllowed = 1;
    6594             : 
    6595        1802 :     return oldXLogAllowed;
    6596             : }
    6597             : 
    6598             : /*
    6599             :  * Return the current Redo pointer from shared memory.
    6600             :  *
    6601             :  * As a side-effect, the local RedoRecPtr copy is updated.
    6602             :  */
    6603             : XLogRecPtr
    6604      593360 : GetRedoRecPtr(void)
    6605             : {
    6606             :     XLogRecPtr  ptr;
    6607             : 
    6608             :     /*
    6609             :      * The possibly not up-to-date copy in XlogCtl is enough. Even if we
    6610             :      * grabbed a WAL insertion lock to read the authoritative value in
    6611             :      * Insert->RedoRecPtr, someone might update it just after we've released
    6612             :      * the lock.
    6613             :      */
    6614      593360 :     SpinLockAcquire(&XLogCtl->info_lck);
    6615      593360 :     ptr = XLogCtl->RedoRecPtr;
    6616      593360 :     SpinLockRelease(&XLogCtl->info_lck);
    6617             : 
    6618      593360 :     if (RedoRecPtr < ptr)
    6619        2922 :         RedoRecPtr = ptr;
    6620             : 
    6621      593360 :     return RedoRecPtr;
    6622             : }
    6623             : 
    6624             : /*
    6625             :  * Return information needed to decide whether a modified block needs a
    6626             :  * full-page image to be included in the WAL record.
    6627             :  *
    6628             :  * The returned values are cached copies from backend-private memory, and
    6629             :  * possibly out-of-date or, indeed, uninitialized, in which case they will
    6630             :  * be InvalidXLogRecPtr and false, respectively.  XLogInsertRecord will
    6631             :  * re-check them against up-to-date values, while holding the WAL insert lock.
    6632             :  */
    6633             : void
    6634    29514322 : GetFullPageWriteInfo(XLogRecPtr *RedoRecPtr_p, bool *doPageWrites_p)
    6635             : {
    6636    29514322 :     *RedoRecPtr_p = RedoRecPtr;
    6637    29514322 :     *doPageWrites_p = doPageWrites;
    6638    29514322 : }
    6639             : 
    6640             : /*
    6641             :  * GetInsertRecPtr -- Returns the current insert position.
    6642             :  *
    6643             :  * NOTE: The value *actually* returned is the position of the last full
    6644             :  * xlog page. It lags behind the real insert position by at most 1 page.
    6645             :  * For that, we don't need to scan through WAL insertion locks, and an
    6646             :  * approximation is enough for the current usage of this function.
    6647             :  */
    6648             : XLogRecPtr
    6649       17218 : GetInsertRecPtr(void)
    6650             : {
    6651             :     XLogRecPtr  recptr;
    6652             : 
    6653       17218 :     SpinLockAcquire(&XLogCtl->info_lck);
    6654       17218 :     recptr = XLogCtl->LogwrtRqst.Write;
    6655       17218 :     SpinLockRelease(&XLogCtl->info_lck);
    6656             : 
    6657       17218 :     return recptr;
    6658             : }
    6659             : 
    6660             : /*
    6661             :  * GetFlushRecPtr -- Returns the current flush position, ie, the last WAL
    6662             :  * position known to be fsync'd to disk. This should only be used on a
    6663             :  * system that is known not to be in recovery.
    6664             :  */
    6665             : XLogRecPtr
    6666      419820 : GetFlushRecPtr(TimeLineID *insertTLI)
    6667             : {
    6668             :     Assert(XLogCtl->SharedRecoveryState == RECOVERY_STATE_DONE);
    6669             : 
    6670      419820 :     RefreshXLogWriteResult(LogwrtResult);
    6671             : 
    6672             :     /*
    6673             :      * If we're writing and flushing WAL, the time line can't be changing, so
    6674             :      * no lock is required.
    6675             :      */
    6676      419820 :     if (insertTLI)
    6677       43642 :         *insertTLI = XLogCtl->InsertTimeLineID;
    6678             : 
    6679      419820 :     return LogwrtResult.Flush;
    6680             : }
    6681             : 
    6682             : /*
    6683             :  * GetWALInsertionTimeLine -- Returns the current timeline of a system that
    6684             :  * is not in recovery.
    6685             :  */
    6686             : TimeLineID
    6687      212122 : GetWALInsertionTimeLine(void)
    6688             : {
    6689             :     Assert(XLogCtl->SharedRecoveryState == RECOVERY_STATE_DONE);
    6690             : 
    6691             :     /* Since the value can't be changing, no lock is required. */
    6692      212122 :     return XLogCtl->InsertTimeLineID;
    6693             : }
    6694             : 
    6695             : /*
    6696             :  * GetWALInsertionTimeLineIfSet -- If the system is not in recovery, returns
    6697             :  * the WAL insertion timeline; else, returns 0. Wherever possible, use
    6698             :  * GetWALInsertionTimeLine() instead, since it's cheaper. Note that this
    6699             :  * function decides recovery has ended as soon as the insert TLI is set, which
    6700             :  * happens before we set XLogCtl->SharedRecoveryState to RECOVERY_STATE_DONE.
    6701             :  */
    6702             : TimeLineID
    6703           0 : GetWALInsertionTimeLineIfSet(void)
    6704             : {
    6705             :     TimeLineID  insertTLI;
    6706             : 
    6707           0 :     SpinLockAcquire(&XLogCtl->info_lck);
    6708           0 :     insertTLI = XLogCtl->InsertTimeLineID;
    6709           0 :     SpinLockRelease(&XLogCtl->info_lck);
    6710             : 
    6711           0 :     return insertTLI;
    6712             : }
    6713             : 
    6714             : /*
    6715             :  * GetLastImportantRecPtr -- Returns the LSN of the last important record
    6716             :  * inserted. All records not explicitly marked as unimportant are considered
    6717             :  * important.
    6718             :  *
    6719             :  * The LSN is determined by computing the maximum of
    6720             :  * WALInsertLocks[i].lastImportantAt.
    6721             :  */
    6722             : XLogRecPtr
    6723        3094 : GetLastImportantRecPtr(void)
    6724             : {
    6725        3094 :     XLogRecPtr  res = InvalidXLogRecPtr;
    6726             :     int         i;
    6727             : 
    6728       27846 :     for (i = 0; i < NUM_XLOGINSERT_LOCKS; i++)
    6729             :     {
    6730             :         XLogRecPtr  last_important;
    6731             : 
    6732             :         /*
    6733             :          * Need to take a lock to prevent torn reads of the LSN, which are
    6734             :          * possible on some of the supported platforms. WAL insert locks only
    6735             :          * support exclusive mode, so we have to use that.
    6736             :          */
    6737       24752 :         LWLockAcquire(&WALInsertLocks[i].l.lock, LW_EXCLUSIVE);
    6738       24752 :         last_important = WALInsertLocks[i].l.lastImportantAt;
    6739       24752 :         LWLockRelease(&WALInsertLocks[i].l.lock);
    6740             : 
    6741       24752 :         if (res < last_important)
    6742        5434 :             res = last_important;
    6743             :     }
    6744             : 
    6745        3094 :     return res;
    6746             : }
    6747             : 
    6748             : /*
    6749             :  * Get the time and LSN of the last xlog segment switch
    6750             :  */
    6751             : pg_time_t
    6752           0 : GetLastSegSwitchData(XLogRecPtr *lastSwitchLSN)
    6753             : {
    6754             :     pg_time_t   result;
    6755             : 
    6756             :     /* Need WALWriteLock, but shared lock is sufficient */
    6757           0 :     LWLockAcquire(WALWriteLock, LW_SHARED);
    6758           0 :     result = XLogCtl->lastSegSwitchTime;
    6759           0 :     *lastSwitchLSN = XLogCtl->lastSegSwitchLSN;
    6760           0 :     LWLockRelease(WALWriteLock);
    6761             : 
    6762           0 :     return result;
    6763             : }
    6764             : 
    6765             : /*
    6766             :  * This must be called ONCE during postmaster or standalone-backend shutdown
    6767             :  */
    6768             : void
    6769        1252 : ShutdownXLOG(int code, Datum arg)
    6770             : {
    6771             :     /*
    6772             :      * We should have an aux process resource owner to use, and we should not
    6773             :      * be in a transaction that's installed some other resowner.
    6774             :      */
    6775             :     Assert(AuxProcessResourceOwner != NULL);
    6776             :     Assert(CurrentResourceOwner == NULL ||
    6777             :            CurrentResourceOwner == AuxProcessResourceOwner);
    6778        1252 :     CurrentResourceOwner = AuxProcessResourceOwner;
    6779             : 
    6780             :     /* Don't be chatty in standalone mode */
    6781        1252 :     ereport(IsPostmasterEnvironment ? LOG : NOTICE,
    6782             :             (errmsg("shutting down")));
    6783             : 
    6784             :     /*
    6785             :      * Signal walsenders to move to stopping state.
    6786             :      */
    6787        1252 :     WalSndInitStopping();
    6788             : 
    6789             :     /*
    6790             :      * Wait for WAL senders to be in stopping state.  This prevents commands
    6791             :      * from writing new WAL.
    6792             :      */
    6793        1252 :     WalSndWaitStopping();
    6794             : 
    6795        1252 :     if (RecoveryInProgress())
    6796         110 :         CreateRestartPoint(CHECKPOINT_IS_SHUTDOWN | CHECKPOINT_FAST);
    6797             :     else
    6798             :     {
    6799             :         /*
    6800             :          * If archiving is enabled, rotate the last XLOG file so that all the
    6801             :          * remaining records are archived (postmaster wakes up the archiver
    6802             :          * process one more time at the end of shutdown). The checkpoint
    6803             :          * record will go to the next XLOG file and won't be archived (yet).
    6804             :          */
    6805        1142 :         if (XLogArchivingActive())
    6806          28 :             RequestXLogSwitch(false);
    6807             : 
    6808        1142 :         CreateCheckPoint(CHECKPOINT_IS_SHUTDOWN | CHECKPOINT_FAST);
    6809             :     }
    6810        1252 : }
    6811             : 
    6812             : /*
    6813             :  * Log start of a checkpoint.
    6814             :  */
    6815             : static void
    6816        2782 : LogCheckpointStart(int flags, bool restartpoint)
    6817             : {
    6818        2782 :     if (restartpoint)
    6819         374 :         ereport(LOG,
    6820             :         /* translator: the placeholders show checkpoint options */
    6821             :                 (errmsg("restartpoint starting:%s%s%s%s%s%s%s%s",
    6822             :                         (flags & CHECKPOINT_IS_SHUTDOWN) ? " shutdown" : "",
    6823             :                         (flags & CHECKPOINT_END_OF_RECOVERY) ? " end-of-recovery" : "",
    6824             :                         (flags & CHECKPOINT_FAST) ? " fast" : "",
    6825             :                         (flags & CHECKPOINT_FORCE) ? " force" : "",
    6826             :                         (flags & CHECKPOINT_WAIT) ? " wait" : "",
    6827             :                         (flags & CHECKPOINT_CAUSE_XLOG) ? " wal" : "",
    6828             :                         (flags & CHECKPOINT_CAUSE_TIME) ? " time" : "",
    6829             :                         (flags & CHECKPOINT_FLUSH_UNLOGGED) ? " flush-unlogged" : "")));
    6830             :     else
    6831        2408 :         ereport(LOG,
    6832             :         /* translator: the placeholders show checkpoint options */
    6833             :                 (errmsg("checkpoint starting:%s%s%s%s%s%s%s%s",
    6834             :                         (flags & CHECKPOINT_IS_SHUTDOWN) ? " shutdown" : "",
    6835             :                         (flags & CHECKPOINT_END_OF_RECOVERY) ? " end-of-recovery" : "",
    6836             :                         (flags & CHECKPOINT_FAST) ? " fast" : "",
    6837             :                         (flags & CHECKPOINT_FORCE) ? " force" : "",
    6838             :                         (flags & CHECKPOINT_WAIT) ? " wait" : "",
    6839             :                         (flags & CHECKPOINT_CAUSE_XLOG) ? " wal" : "",
    6840             :                         (flags & CHECKPOINT_CAUSE_TIME) ? " time" : "",
    6841             :                         (flags & CHECKPOINT_FLUSH_UNLOGGED) ? " flush-unlogged" : "")));
    6842        2782 : }
    6843             : 
    6844             : /*
    6845             :  * Log end of a checkpoint.
    6846             :  */
    6847             : static void
    6848        3378 : LogCheckpointEnd(bool restartpoint)
    6849             : {
    6850             :     long        write_msecs,
    6851             :                 sync_msecs,
    6852             :                 total_msecs,
    6853             :                 longest_msecs,
    6854             :                 average_msecs;
    6855             :     uint64      average_sync_time;
    6856             : 
    6857        3378 :     CheckpointStats.ckpt_end_t = GetCurrentTimestamp();
    6858             : 
    6859        3378 :     write_msecs = TimestampDifferenceMilliseconds(CheckpointStats.ckpt_write_t,
    6860             :                                                   CheckpointStats.ckpt_sync_t);
    6861             : 
    6862        3378 :     sync_msecs = TimestampDifferenceMilliseconds(CheckpointStats.ckpt_sync_t,
    6863             :                                                  CheckpointStats.ckpt_sync_end_t);
    6864             : 
    6865             :     /* Accumulate checkpoint timing summary data, in milliseconds. */
    6866        3378 :     PendingCheckpointerStats.write_time += write_msecs;
    6867        3378 :     PendingCheckpointerStats.sync_time += sync_msecs;
    6868             : 
    6869             :     /*
    6870             :      * All of the published timing statistics are accounted for.  Only
    6871             :      * continue if a log message is to be written.
    6872             :      */
    6873        3378 :     if (!log_checkpoints)
    6874         596 :         return;
    6875             : 
    6876        2782 :     total_msecs = TimestampDifferenceMilliseconds(CheckpointStats.ckpt_start_t,
    6877             :                                                   CheckpointStats.ckpt_end_t);
    6878             : 
    6879             :     /*
    6880             :      * Timing values returned from CheckpointStats are in microseconds.
    6881             :      * Convert to milliseconds for consistent printing.
    6882             :      */
    6883        2782 :     longest_msecs = (long) ((CheckpointStats.ckpt_longest_sync + 999) / 1000);
    6884             : 
    6885        2782 :     average_sync_time = 0;
    6886        2782 :     if (CheckpointStats.ckpt_sync_rels > 0)
    6887           0 :         average_sync_time = CheckpointStats.ckpt_agg_sync_time /
    6888           0 :             CheckpointStats.ckpt_sync_rels;
    6889        2782 :     average_msecs = (long) ((average_sync_time + 999) / 1000);
    6890             : 
    6891             :     /*
    6892             :      * ControlFileLock is not required to see ControlFile->checkPoint and
    6893             :      * ->checkPointCopy here as we are the only updator of those variables at
    6894             :      * this moment.
    6895             :      */
    6896        2782 :     if (restartpoint)
    6897         374 :         ereport(LOG,
    6898             :                 (errmsg("restartpoint complete: wrote %d buffers (%.1f%%), "
    6899             :                         "wrote %d SLRU buffers; %d WAL file(s) added, "
    6900             :                         "%d removed, %d recycled; write=%ld.%03d s, "
    6901             :                         "sync=%ld.%03d s, total=%ld.%03d s; sync files=%d, "
    6902             :                         "longest=%ld.%03d s, average=%ld.%03d s; distance=%d kB, "
    6903             :                         "estimate=%d kB; lsn=%X/%08X, redo lsn=%X/%08X",
    6904             :                         CheckpointStats.ckpt_bufs_written,
    6905             :                         (double) CheckpointStats.ckpt_bufs_written * 100 / NBuffers,
    6906             :                         CheckpointStats.ckpt_slru_written,
    6907             :                         CheckpointStats.ckpt_segs_added,
    6908             :                         CheckpointStats.ckpt_segs_removed,
    6909             :                         CheckpointStats.ckpt_segs_recycled,
    6910             :                         write_msecs / 1000, (int) (write_msecs % 1000),
    6911             :                         sync_msecs / 1000, (int) (sync_msecs % 1000),
    6912             :                         total_msecs / 1000, (int) (total_msecs % 1000),
    6913             :                         CheckpointStats.ckpt_sync_rels,
    6914             :                         longest_msecs / 1000, (int) (longest_msecs % 1000),
    6915             :                         average_msecs / 1000, (int) (average_msecs % 1000),
    6916             :                         (int) (PrevCheckPointDistance / 1024.0),
    6917             :                         (int) (CheckPointDistanceEstimate / 1024.0),
    6918             :                         LSN_FORMAT_ARGS(ControlFile->checkPoint),
    6919             :                         LSN_FORMAT_ARGS(ControlFile->checkPointCopy.redo))));
    6920             :     else
    6921        2408 :         ereport(LOG,
    6922             :                 (errmsg("checkpoint complete: wrote %d buffers (%.1f%%), "
    6923             :                         "wrote %d SLRU buffers; %d WAL file(s) added, "
    6924             :                         "%d removed, %d recycled; write=%ld.%03d s, "
    6925             :                         "sync=%ld.%03d s, total=%ld.%03d s; sync files=%d, "
    6926             :                         "longest=%ld.%03d s, average=%ld.%03d s; distance=%d kB, "
    6927             :                         "estimate=%d kB; lsn=%X/%08X, redo lsn=%X/%08X",
    6928             :                         CheckpointStats.ckpt_bufs_written,
    6929             :                         (double) CheckpointStats.ckpt_bufs_written * 100 / NBuffers,
    6930             :                         CheckpointStats.ckpt_slru_written,
    6931             :                         CheckpointStats.ckpt_segs_added,
    6932             :                         CheckpointStats.ckpt_segs_removed,
    6933             :                         CheckpointStats.ckpt_segs_recycled,
    6934             :                         write_msecs / 1000, (int) (write_msecs % 1000),
    6935             :                         sync_msecs / 1000, (int) (sync_msecs % 1000),
    6936             :                         total_msecs / 1000, (int) (total_msecs % 1000),
    6937             :                         CheckpointStats.ckpt_sync_rels,
    6938             :                         longest_msecs / 1000, (int) (longest_msecs % 1000),
    6939             :                         average_msecs / 1000, (int) (average_msecs % 1000),
    6940             :                         (int) (PrevCheckPointDistance / 1024.0),
    6941             :                         (int) (CheckPointDistanceEstimate / 1024.0),
    6942             :                         LSN_FORMAT_ARGS(ControlFile->checkPoint),
    6943             :                         LSN_FORMAT_ARGS(ControlFile->checkPointCopy.redo))));
    6944             : }
    6945             : 
    6946             : /*
    6947             :  * Update the estimate of distance between checkpoints.
    6948             :  *
    6949             :  * The estimate is used to calculate the number of WAL segments to keep
    6950             :  * preallocated, see XLOGfileslop().
    6951             :  */
    6952             : static void
    6953        3378 : UpdateCheckPointDistanceEstimate(uint64 nbytes)
    6954             : {
    6955             :     /*
    6956             :      * To estimate the number of segments consumed between checkpoints, keep a
    6957             :      * moving average of the amount of WAL generated in previous checkpoint
    6958             :      * cycles. However, if the load is bursty, with quiet periods and busy
    6959             :      * periods, we want to cater for the peak load. So instead of a plain
    6960             :      * moving average, let the average decline slowly if the previous cycle
    6961             :      * used less WAL than estimated, but bump it up immediately if it used
    6962             :      * more.
    6963             :      *
    6964             :      * When checkpoints are triggered by max_wal_size, this should converge to
    6965             :      * CheckpointSegments * wal_segment_size,
    6966             :      *
    6967             :      * Note: This doesn't pay any attention to what caused the checkpoint.
    6968             :      * Checkpoints triggered manually with CHECKPOINT command, or by e.g.
    6969             :      * starting a base backup, are counted the same as those created
    6970             :      * automatically. The slow-decline will largely mask them out, if they are
    6971             :      * not frequent. If they are frequent, it seems reasonable to count them
    6972             :      * in as any others; if you issue a manual checkpoint every 5 minutes and
    6973             :      * never let a timed checkpoint happen, it makes sense to base the
    6974             :      * preallocation on that 5 minute interval rather than whatever
    6975             :      * checkpoint_timeout is set to.
    6976             :      */
    6977        3378 :     PrevCheckPointDistance = nbytes;
    6978        3378 :     if (CheckPointDistanceEstimate < nbytes)
    6979        1416 :         CheckPointDistanceEstimate = nbytes;
    6980             :     else
    6981        1962 :         CheckPointDistanceEstimate =
    6982        1962 :             (0.90 * CheckPointDistanceEstimate + 0.10 * (double) nbytes);
    6983        3378 : }
    6984             : 
    6985             : /*
    6986             :  * Update the ps display for a process running a checkpoint.  Note that
    6987             :  * this routine should not do any allocations so as it can be called
    6988             :  * from a critical section.
    6989             :  */
    6990             : static void
    6991        6756 : update_checkpoint_display(int flags, bool restartpoint, bool reset)
    6992             : {
    6993             :     /*
    6994             :      * The status is reported only for end-of-recovery and shutdown
    6995             :      * checkpoints or shutdown restartpoints.  Updating the ps display is
    6996             :      * useful in those situations as it may not be possible to rely on
    6997             :      * pg_stat_activity to see the status of the checkpointer or the startup
    6998             :      * process.
    6999             :      */
    7000        6756 :     if ((flags & (CHECKPOINT_END_OF_RECOVERY | CHECKPOINT_IS_SHUTDOWN)) == 0)
    7001        4280 :         return;
    7002             : 
    7003        2476 :     if (reset)
    7004        1238 :         set_ps_display("");
    7005             :     else
    7006             :     {
    7007             :         char        activitymsg[128];
    7008             : 
    7009        3714 :         snprintf(activitymsg, sizeof(activitymsg), "performing %s%s%s",
    7010        1238 :                  (flags & CHECKPOINT_END_OF_RECOVERY) ? "end-of-recovery " : "",
    7011        1238 :                  (flags & CHECKPOINT_IS_SHUTDOWN) ? "shutdown " : "",
    7012             :                  restartpoint ? "restartpoint" : "checkpoint");
    7013        1238 :         set_ps_display(activitymsg);
    7014             :     }
    7015             : }
    7016             : 
    7017             : 
    7018             : /*
    7019             :  * Perform a checkpoint --- either during shutdown, or on-the-fly
    7020             :  *
    7021             :  * flags is a bitwise OR of the following:
    7022             :  *  CHECKPOINT_IS_SHUTDOWN: checkpoint is for database shutdown.
    7023             :  *  CHECKPOINT_END_OF_RECOVERY: checkpoint is for end of WAL recovery.
    7024             :  *  CHECKPOINT_FAST: finish the checkpoint ASAP, ignoring
    7025             :  *      checkpoint_completion_target parameter.
    7026             :  *  CHECKPOINT_FORCE: force a checkpoint even if no XLOG activity has occurred
    7027             :  *      since the last one (implied by CHECKPOINT_IS_SHUTDOWN or
    7028             :  *      CHECKPOINT_END_OF_RECOVERY).
    7029             :  *  CHECKPOINT_FLUSH_UNLOGGED: also flush buffers of unlogged tables.
    7030             :  *
    7031             :  * Note: flags contains other bits, of interest here only for logging purposes.
    7032             :  * In particular note that this routine is synchronous and does not pay
    7033             :  * attention to CHECKPOINT_WAIT.
    7034             :  *
    7035             :  * If !shutdown then we are writing an online checkpoint. An XLOG_CHECKPOINT_REDO
    7036             :  * record is inserted into WAL at the logical location of the checkpoint, before
    7037             :  * flushing anything to disk, and when the checkpoint is eventually completed,
    7038             :  * and it is from this point that WAL replay will begin in the case of a recovery
    7039             :  * from this checkpoint. Once everything is written to disk, an
    7040             :  * XLOG_CHECKPOINT_ONLINE record is written to complete the checkpoint, and
    7041             :  * points back to the earlier XLOG_CHECKPOINT_REDO record. This mechanism allows
    7042             :  * other write-ahead log records to be written while the checkpoint is in
    7043             :  * progress, but we must be very careful about order of operations. This function
    7044             :  * may take many minutes to execute on a busy system.
    7045             :  *
    7046             :  * On the other hand, when shutdown is true, concurrent insertion into the
    7047             :  * write-ahead log is impossible, so there is no need for two separate records.
    7048             :  * In this case, we only insert an XLOG_CHECKPOINT_SHUTDOWN record, and it's
    7049             :  * both the record marking the completion of the checkpoint and the location
    7050             :  * from which WAL replay would begin if needed.
    7051             :  *
    7052             :  * Returns true if a new checkpoint was performed, or false if it was skipped
    7053             :  * because the system was idle.
    7054             :  */
    7055             : bool
    7056        3004 : CreateCheckPoint(int flags)
    7057             : {
    7058             :     bool        shutdown;
    7059             :     CheckPoint  checkPoint;
    7060             :     XLogRecPtr  recptr;
    7061             :     XLogSegNo   _logSegNo;
    7062        3004 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    7063             :     uint32      freespace;
    7064             :     XLogRecPtr  PriorRedoPtr;
    7065             :     XLogRecPtr  last_important_lsn;
    7066             :     VirtualTransactionId *vxids;
    7067             :     int         nvxids;
    7068        3004 :     int         oldXLogAllowed = 0;
    7069             : 
    7070             :     /*
    7071             :      * An end-of-recovery checkpoint is really a shutdown checkpoint, just
    7072             :      * issued at a different time.
    7073             :      */
    7074        3004 :     if (flags & (CHECKPOINT_IS_SHUTDOWN | CHECKPOINT_END_OF_RECOVERY))
    7075        1200 :         shutdown = true;
    7076             :     else
    7077        1804 :         shutdown = false;
    7078             : 
    7079             :     /* sanity check */
    7080        3004 :     if (RecoveryInProgress() && (flags & CHECKPOINT_END_OF_RECOVERY) == 0)
    7081           0 :         elog(ERROR, "can't create a checkpoint during recovery");
    7082             : 
    7083             :     /*
    7084             :      * Prepare to accumulate statistics.
    7085             :      *
    7086             :      * Note: because it is possible for log_checkpoints to change while a
    7087             :      * checkpoint proceeds, we always accumulate stats, even if
    7088             :      * log_checkpoints is currently off.
    7089             :      */
    7090       33044 :     MemSet(&CheckpointStats, 0, sizeof(CheckpointStats));
    7091        3004 :     CheckpointStats.ckpt_start_t = GetCurrentTimestamp();
    7092             : 
    7093             :     /*
    7094             :      * Let smgr prepare for checkpoint; this has to happen outside the
    7095             :      * critical section and before we determine the REDO pointer.  Note that
    7096             :      * smgr must not do anything that'd have to be undone if we decide no
    7097             :      * checkpoint is needed.
    7098             :      */
    7099        3004 :     SyncPreCheckpoint();
    7100             : 
    7101             :     /*
    7102             :      * Use a critical section to force system panic if we have trouble.
    7103             :      */
    7104        3004 :     START_CRIT_SECTION();
    7105             : 
    7106        3004 :     if (shutdown)
    7107             :     {
    7108        1200 :         LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    7109        1200 :         ControlFile->state = DB_SHUTDOWNING;
    7110        1200 :         UpdateControlFile();
    7111        1200 :         LWLockRelease(ControlFileLock);
    7112             :     }
    7113             : 
    7114             :     /* Begin filling in the checkpoint WAL record */
    7115       36048 :     MemSet(&checkPoint, 0, sizeof(checkPoint));
    7116        3004 :     checkPoint.time = (pg_time_t) time(NULL);
    7117             : 
    7118             :     /*
    7119             :      * For Hot Standby, derive the oldestActiveXid before we fix the redo
    7120             :      * pointer. This allows us to begin accumulating changes to assemble our
    7121             :      * starting snapshot of locks and transactions.
    7122             :      */
    7123        3004 :     if (!shutdown && XLogStandbyInfoActive())
    7124        1708 :         checkPoint.oldestActiveXid = GetOldestActiveTransactionId(false, true);
    7125             :     else
    7126        1296 :         checkPoint.oldestActiveXid = InvalidTransactionId;
    7127             : 
    7128             :     /*
    7129             :      * Get location of last important record before acquiring insert locks (as
    7130             :      * GetLastImportantRecPtr() also locks WAL locks).
    7131             :      */
    7132        3004 :     last_important_lsn = GetLastImportantRecPtr();
    7133             : 
    7134             :     /*
    7135             :      * If this isn't a shutdown or forced checkpoint, and if there has been no
    7136             :      * WAL activity requiring a checkpoint, skip it.  The idea here is to
    7137             :      * avoid inserting duplicate checkpoints when the system is idle.
    7138             :      */
    7139        3004 :     if ((flags & (CHECKPOINT_IS_SHUTDOWN | CHECKPOINT_END_OF_RECOVERY |
    7140             :                   CHECKPOINT_FORCE)) == 0)
    7141             :     {
    7142         378 :         if (last_important_lsn == ControlFile->checkPoint)
    7143             :         {
    7144           0 :             END_CRIT_SECTION();
    7145           0 :             ereport(DEBUG1,
    7146             :                     (errmsg_internal("checkpoint skipped because system is idle")));
    7147           0 :             return false;
    7148             :         }
    7149             :     }
    7150             : 
    7151             :     /*
    7152             :      * An end-of-recovery checkpoint is created before anyone is allowed to
    7153             :      * write WAL. To allow us to write the checkpoint record, temporarily
    7154             :      * enable XLogInsertAllowed.
    7155             :      */
    7156        3004 :     if (flags & CHECKPOINT_END_OF_RECOVERY)
    7157          58 :         oldXLogAllowed = LocalSetXLogInsertAllowed();
    7158             : 
    7159        3004 :     checkPoint.ThisTimeLineID = XLogCtl->InsertTimeLineID;
    7160        3004 :     if (flags & CHECKPOINT_END_OF_RECOVERY)
    7161          58 :         checkPoint.PrevTimeLineID = XLogCtl->PrevTimeLineID;
    7162             :     else
    7163        2946 :         checkPoint.PrevTimeLineID = checkPoint.ThisTimeLineID;
    7164             : 
    7165             :     /*
    7166             :      * We must block concurrent insertions while examining insert state.
    7167             :      */
    7168        3004 :     WALInsertLockAcquireExclusive();
    7169             : 
    7170        3004 :     checkPoint.fullPageWrites = Insert->fullPageWrites;
    7171        3004 :     checkPoint.wal_level = wal_level;
    7172             : 
    7173        3004 :     if (shutdown)
    7174             :     {
    7175        1200 :         XLogRecPtr  curInsert = XLogBytePosToRecPtr(Insert->CurrBytePos);
    7176             : 
    7177             :         /*
    7178             :          * Compute new REDO record ptr = location of next XLOG record.
    7179             :          *
    7180             :          * Since this is a shutdown checkpoint, there can't be any concurrent
    7181             :          * WAL insertion.
    7182             :          */
    7183        1200 :         freespace = INSERT_FREESPACE(curInsert);
    7184        1200 :         if (freespace == 0)
    7185             :         {
    7186           0 :             if (XLogSegmentOffset(curInsert, wal_segment_size) == 0)
    7187           0 :                 curInsert += SizeOfXLogLongPHD;
    7188             :             else
    7189           0 :                 curInsert += SizeOfXLogShortPHD;
    7190             :         }
    7191        1200 :         checkPoint.redo = curInsert;
    7192             : 
    7193             :         /*
    7194             :          * Here we update the shared RedoRecPtr for future XLogInsert calls;
    7195             :          * this must be done while holding all the insertion locks.
    7196             :          *
    7197             :          * Note: if we fail to complete the checkpoint, RedoRecPtr will be
    7198             :          * left pointing past where it really needs to point.  This is okay;
    7199             :          * the only consequence is that XLogInsert might back up whole buffers
    7200             :          * that it didn't really need to.  We can't postpone advancing
    7201             :          * RedoRecPtr because XLogInserts that happen while we are dumping
    7202             :          * buffers must assume that their buffer changes are not included in
    7203             :          * the checkpoint.
    7204             :          */
    7205        1200 :         RedoRecPtr = XLogCtl->Insert.RedoRecPtr = checkPoint.redo;
    7206             :     }
    7207             : 
    7208             :     /*
    7209             :      * Now we can release the WAL insertion locks, allowing other xacts to
    7210             :      * proceed while we are flushing disk buffers.
    7211             :      */
    7212        3004 :     WALInsertLockRelease();
    7213             : 
    7214             :     /*
    7215             :      * If this is an online checkpoint, we have not yet determined the redo
    7216             :      * point. We do so now by inserting the special XLOG_CHECKPOINT_REDO
    7217             :      * record; the LSN at which it starts becomes the new redo pointer. We
    7218             :      * don't do this for a shutdown checkpoint, because in that case no WAL
    7219             :      * can be written between the redo point and the insertion of the
    7220             :      * checkpoint record itself, so the checkpoint record itself serves to
    7221             :      * mark the redo point.
    7222             :      */
    7223        3004 :     if (!shutdown)
    7224             :     {
    7225             :         /* Include WAL level in record for WAL summarizer's benefit. */
    7226        1804 :         XLogBeginInsert();
    7227        1804 :         XLogRegisterData(&wal_level, sizeof(wal_level));
    7228        1804 :         (void) XLogInsert(RM_XLOG_ID, XLOG_CHECKPOINT_REDO);
    7229             : 
    7230             :         /*
    7231             :          * XLogInsertRecord will have updated XLogCtl->Insert.RedoRecPtr in
    7232             :          * shared memory and RedoRecPtr in backend-local memory, but we need
    7233             :          * to copy that into the record that will be inserted when the
    7234             :          * checkpoint is complete.
    7235             :          */
    7236        1804 :         checkPoint.redo = RedoRecPtr;
    7237             :     }
    7238             : 
    7239             :     /* Update the info_lck-protected copy of RedoRecPtr as well */
    7240        3004 :     SpinLockAcquire(&XLogCtl->info_lck);
    7241        3004 :     XLogCtl->RedoRecPtr = checkPoint.redo;
    7242        3004 :     SpinLockRelease(&XLogCtl->info_lck);
    7243             : 
    7244             :     /*
    7245             :      * If enabled, log checkpoint start.  We postpone this until now so as not
    7246             :      * to log anything if we decided to skip the checkpoint.
    7247             :      */
    7248        3004 :     if (log_checkpoints)
    7249        2408 :         LogCheckpointStart(flags, false);
    7250             : 
    7251             :     /* Update the process title */
    7252        3004 :     update_checkpoint_display(flags, false, false);
    7253             : 
    7254             :     TRACE_POSTGRESQL_CHECKPOINT_START(flags);
    7255             : 
    7256             :     /*
    7257             :      * Get the other info we need for the checkpoint record.
    7258             :      *
    7259             :      * We don't need to save oldestClogXid in the checkpoint, it only matters
    7260             :      * for the short period in which clog is being truncated, and if we crash
    7261             :      * during that we'll redo the clog truncation and fix up oldestClogXid
    7262             :      * there.
    7263             :      */
    7264        3004 :     LWLockAcquire(XidGenLock, LW_SHARED);
    7265        3004 :     checkPoint.nextXid = TransamVariables->nextXid;
    7266        3004 :     checkPoint.oldestXid = TransamVariables->oldestXid;
    7267        3004 :     checkPoint.oldestXidDB = TransamVariables->oldestXidDB;
    7268        3004 :     LWLockRelease(XidGenLock);
    7269             : 
    7270        3004 :     LWLockAcquire(CommitTsLock, LW_SHARED);
    7271        3004 :     checkPoint.oldestCommitTsXid = TransamVariables->oldestCommitTsXid;
    7272        3004 :     checkPoint.newestCommitTsXid = TransamVariables->newestCommitTsXid;
    7273        3004 :     LWLockRelease(CommitTsLock);
    7274             : 
    7275        3004 :     LWLockAcquire(OidGenLock, LW_SHARED);
    7276        3004 :     checkPoint.nextOid = TransamVariables->nextOid;
    7277        3004 :     if (!shutdown)
    7278        1804 :         checkPoint.nextOid += TransamVariables->oidCount;
    7279        3004 :     LWLockRelease(OidGenLock);
    7280             : 
    7281        3004 :     MultiXactGetCheckptMulti(shutdown,
    7282             :                              &checkPoint.nextMulti,
    7283             :                              &checkPoint.nextMultiOffset,
    7284             :                              &checkPoint.oldestMulti,
    7285             :                              &checkPoint.oldestMultiDB);
    7286             : 
    7287             :     /*
    7288             :      * Having constructed the checkpoint record, ensure all shmem disk buffers
    7289             :      * and commit-log buffers are flushed to disk.
    7290             :      *
    7291             :      * This I/O could fail for various reasons.  If so, we will fail to
    7292             :      * complete the checkpoint, but there is no reason to force a system
    7293             :      * panic. Accordingly, exit critical section while doing it.
    7294             :      */
    7295        3004 :     END_CRIT_SECTION();
    7296             : 
    7297             :     /*
    7298             :      * In some cases there are groups of actions that must all occur on one
    7299             :      * side or the other of a checkpoint record. Before flushing the
    7300             :      * checkpoint record we must explicitly wait for any backend currently
    7301             :      * performing those groups of actions.
    7302             :      *
    7303             :      * One example is end of transaction, so we must wait for any transactions
    7304             :      * that are currently in commit critical sections.  If an xact inserted
    7305             :      * its commit record into XLOG just before the REDO point, then a crash
    7306             :      * restart from the REDO point would not replay that record, which means
    7307             :      * that our flushing had better include the xact's update of pg_xact.  So
    7308             :      * we wait till he's out of his commit critical section before proceeding.
    7309             :      * See notes in RecordTransactionCommit().
    7310             :      *
    7311             :      * Because we've already released the insertion locks, this test is a bit
    7312             :      * fuzzy: it is possible that we will wait for xacts we didn't really need
    7313             :      * to wait for.  But the delay should be short and it seems better to make
    7314             :      * checkpoint take a bit longer than to hold off insertions longer than
    7315             :      * necessary. (In fact, the whole reason we have this issue is that xact.c
    7316             :      * does commit record XLOG insertion and clog update as two separate steps
    7317             :      * protected by different locks, but again that seems best on grounds of
    7318             :      * minimizing lock contention.)
    7319             :      *
    7320             :      * A transaction that has not yet set delayChkptFlags when we look cannot
    7321             :      * be at risk, since it has not inserted its commit record yet; and one
    7322             :      * that's already cleared it is not at risk either, since it's done fixing
    7323             :      * clog and we will correctly flush the update below.  So we cannot miss
    7324             :      * any xacts we need to wait for.
    7325             :      */
    7326        3004 :     vxids = GetVirtualXIDsDelayingChkpt(&nvxids, DELAY_CHKPT_START);
    7327        3004 :     if (nvxids > 0)
    7328             :     {
    7329             :         do
    7330             :         {
    7331             :             /*
    7332             :              * Keep absorbing fsync requests while we wait. There could even
    7333             :              * be a deadlock if we don't, if the process that prevents the
    7334             :              * checkpoint is trying to add a request to the queue.
    7335             :              */
    7336         124 :             AbsorbSyncRequests();
    7337             : 
    7338         124 :             pgstat_report_wait_start(WAIT_EVENT_CHECKPOINT_DELAY_START);
    7339         124 :             pg_usleep(10000L);  /* wait for 10 msec */
    7340         124 :             pgstat_report_wait_end();
    7341         124 :         } while (HaveVirtualXIDsDelayingChkpt(vxids, nvxids,
    7342             :                                               DELAY_CHKPT_START));
    7343             :     }
    7344        3004 :     pfree(vxids);
    7345             : 
    7346        3004 :     CheckPointGuts(checkPoint.redo, flags);
    7347             : 
    7348        3004 :     vxids = GetVirtualXIDsDelayingChkpt(&nvxids, DELAY_CHKPT_COMPLETE);
    7349        3004 :     if (nvxids > 0)
    7350             :     {
    7351             :         do
    7352             :         {
    7353           0 :             AbsorbSyncRequests();
    7354             : 
    7355           0 :             pgstat_report_wait_start(WAIT_EVENT_CHECKPOINT_DELAY_COMPLETE);
    7356           0 :             pg_usleep(10000L);  /* wait for 10 msec */
    7357           0 :             pgstat_report_wait_end();
    7358           0 :         } while (HaveVirtualXIDsDelayingChkpt(vxids, nvxids,
    7359             :                                               DELAY_CHKPT_COMPLETE));
    7360             :     }
    7361        3004 :     pfree(vxids);
    7362             : 
    7363             :     /*
    7364             :      * Take a snapshot of running transactions and write this to WAL. This
    7365             :      * allows us to reconstruct the state of running transactions during
    7366             :      * archive recovery, if required. Skip, if this info disabled.
    7367             :      *
    7368             :      * If we are shutting down, or Startup process is completing crash
    7369             :      * recovery we don't need to write running xact data.
    7370             :      */
    7371        3004 :     if (!shutdown && XLogStandbyInfoActive())
    7372        1708 :         LogStandbySnapshot();
    7373             : 
    7374        3004 :     START_CRIT_SECTION();
    7375             : 
    7376             :     /*
    7377             :      * Now insert the checkpoint record into XLOG.
    7378             :      */
    7379        3004 :     XLogBeginInsert();
    7380        3004 :     XLogRegisterData(&checkPoint, sizeof(checkPoint));
    7381        3004 :     recptr = XLogInsert(RM_XLOG_ID,
    7382             :                         shutdown ? XLOG_CHECKPOINT_SHUTDOWN :
    7383             :                         XLOG_CHECKPOINT_ONLINE);
    7384             : 
    7385        3004 :     XLogFlush(recptr);
    7386             : 
    7387             :     /*
    7388             :      * We mustn't write any new WAL after a shutdown checkpoint, or it will be
    7389             :      * overwritten at next startup.  No-one should even try, this just allows
    7390             :      * sanity-checking.  In the case of an end-of-recovery checkpoint, we want
    7391             :      * to just temporarily disable writing until the system has exited
    7392             :      * recovery.
    7393             :      */
    7394        3004 :     if (shutdown)
    7395             :     {
    7396        1200 :         if (flags & CHECKPOINT_END_OF_RECOVERY)
    7397          58 :             LocalXLogInsertAllowed = oldXLogAllowed;
    7398             :         else
    7399        1142 :             LocalXLogInsertAllowed = 0; /* never again write WAL */
    7400             :     }
    7401             : 
    7402             :     /*
    7403             :      * We now have ProcLastRecPtr = start of actual checkpoint record, recptr
    7404             :      * = end of actual checkpoint record.
    7405             :      */
    7406        3004 :     if (shutdown && checkPoint.redo != ProcLastRecPtr)
    7407           0 :         ereport(PANIC,
    7408             :                 (errmsg("concurrent write-ahead log activity while database system is shutting down")));
    7409             : 
    7410             :     /*
    7411             :      * Remember the prior checkpoint's redo ptr for
    7412             :      * UpdateCheckPointDistanceEstimate()
    7413             :      */
    7414        3004 :     PriorRedoPtr = ControlFile->checkPointCopy.redo;
    7415             : 
    7416             :     /*
    7417             :      * Update the control file.
    7418             :      */
    7419        3004 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    7420        3004 :     if (shutdown)
    7421        1200 :         ControlFile->state = DB_SHUTDOWNED;
    7422        3004 :     ControlFile->checkPoint = ProcLastRecPtr;
    7423        3004 :     ControlFile->checkPointCopy = checkPoint;
    7424             :     /* crash recovery should always recover to the end of WAL */
    7425        3004 :     ControlFile->minRecoveryPoint = InvalidXLogRecPtr;
    7426        3004 :     ControlFile->minRecoveryPointTLI = 0;
    7427             : 
    7428             :     /*
    7429             :      * Persist unloggedLSN value. It's reset on crash recovery, so this goes
    7430             :      * unused on non-shutdown checkpoints, but seems useful to store it always
    7431             :      * for debugging purposes.
    7432             :      */
    7433        3004 :     ControlFile->unloggedLSN = pg_atomic_read_membarrier_u64(&XLogCtl->unloggedLSN);
    7434             : 
    7435        3004 :     UpdateControlFile();
    7436        3004 :     LWLockRelease(ControlFileLock);
    7437             : 
    7438             :     /*
    7439             :      * We are now done with critical updates; no need for system panic if we
    7440             :      * have trouble while fooling with old log segments.
    7441             :      */
    7442        3004 :     END_CRIT_SECTION();
    7443             : 
    7444             :     /*
    7445             :      * WAL summaries end when the next XLOG_CHECKPOINT_REDO or
    7446             :      * XLOG_CHECKPOINT_SHUTDOWN record is reached. This is the first point
    7447             :      * where (a) we're not inside of a critical section and (b) we can be
    7448             :      * certain that the relevant record has been flushed to disk, which must
    7449             :      * happen before it can be summarized.
    7450             :      *
    7451             :      * If this is a shutdown checkpoint, then this happens reasonably
    7452             :      * promptly: we've only just inserted and flushed the
    7453             :      * XLOG_CHECKPOINT_SHUTDOWN record. If this is not a shutdown checkpoint,
    7454             :      * then this might not be very prompt at all: the XLOG_CHECKPOINT_REDO
    7455             :      * record was written before we began flushing data to disk, and that
    7456             :      * could be many minutes ago at this point. However, we don't XLogFlush()
    7457             :      * after inserting that record, so we're not guaranteed that it's on disk
    7458             :      * until after the above call that flushes the XLOG_CHECKPOINT_ONLINE
    7459             :      * record.
    7460             :      */
    7461        3004 :     WakeupWalSummarizer();
    7462             : 
    7463             :     /*
    7464             :      * Let smgr do post-checkpoint cleanup (eg, deleting old files).
    7465             :      */
    7466        3004 :     SyncPostCheckpoint();
    7467             : 
    7468             :     /*
    7469             :      * Update the average distance between checkpoints if the prior checkpoint
    7470             :      * exists.
    7471             :      */
    7472        3004 :     if (PriorRedoPtr != InvalidXLogRecPtr)
    7473        3004 :         UpdateCheckPointDistanceEstimate(RedoRecPtr - PriorRedoPtr);
    7474             : 
    7475             : #ifdef USE_INJECTION_POINTS
    7476        3004 :     INJECTION_POINT("checkpoint-before-old-wal-removal", NULL);
    7477             : #endif
    7478             : 
    7479             :     /*
    7480             :      * Delete old log files, those no longer needed for last checkpoint to
    7481             :      * prevent the disk holding the xlog from growing full.
    7482             :      */
    7483        3004 :     XLByteToSeg(RedoRecPtr, _logSegNo, wal_segment_size);
    7484        3004 :     KeepLogSeg(recptr, &_logSegNo);
    7485        3004 :     if (InvalidateObsoleteReplicationSlots(RS_INVAL_WAL_REMOVED | RS_INVAL_IDLE_TIMEOUT,
    7486             :                                            _logSegNo, InvalidOid,
    7487             :                                            InvalidTransactionId))
    7488             :     {
    7489             :         /*
    7490             :          * Some slots have been invalidated; recalculate the old-segment
    7491             :          * horizon, starting again from RedoRecPtr.
    7492             :          */
    7493           6 :         XLByteToSeg(RedoRecPtr, _logSegNo, wal_segment_size);
    7494           6 :         KeepLogSeg(recptr, &_logSegNo);
    7495             :     }
    7496        3004 :     _logSegNo--;
    7497        3004 :     RemoveOldXlogFiles(_logSegNo, RedoRecPtr, recptr,
    7498             :                        checkPoint.ThisTimeLineID);
    7499             : 
    7500             :     /*
    7501             :      * Make more log segments if needed.  (Do this after recycling old log
    7502             :      * segments, since that may supply some of the needed files.)
    7503             :      */
    7504        3004 :     if (!shutdown)
    7505        1804 :         PreallocXlogFiles(recptr, checkPoint.ThisTimeLineID);
    7506             : 
    7507             :     /*
    7508             :      * Truncate pg_subtrans if possible.  We can throw away all data before
    7509             :      * the oldest XMIN of any running transaction.  No future transaction will
    7510             :      * attempt to reference any pg_subtrans entry older than that (see Asserts
    7511             :      * in subtrans.c).  During recovery, though, we mustn't do this because
    7512             :      * StartupSUBTRANS hasn't been called yet.
    7513             :      */
    7514        3004 :     if (!RecoveryInProgress())
    7515        2946 :         TruncateSUBTRANS(GetOldestTransactionIdConsideredRunning());
    7516             : 
    7517             :     /* Real work is done; log and update stats. */
    7518        3004 :     LogCheckpointEnd(false);
    7519             : 
    7520             :     /* Reset the process title */
    7521        3004 :     update_checkpoint_display(flags, false, true);
    7522             : 
    7523             :     TRACE_POSTGRESQL_CHECKPOINT_DONE(CheckpointStats.ckpt_bufs_written,
    7524             :                                      NBuffers,
    7525             :                                      CheckpointStats.ckpt_segs_added,
    7526             :                                      CheckpointStats.ckpt_segs_removed,
    7527             :                                      CheckpointStats.ckpt_segs_recycled);
    7528             : 
    7529        3004 :     return true;
    7530             : }
    7531             : 
    7532             : /*
    7533             :  * Mark the end of recovery in WAL though without running a full checkpoint.
    7534             :  * We can expect that a restartpoint is likely to be in progress as we
    7535             :  * do this, though we are unwilling to wait for it to complete.
    7536             :  *
    7537             :  * CreateRestartPoint() allows for the case where recovery may end before
    7538             :  * the restartpoint completes so there is no concern of concurrent behaviour.
    7539             :  */
    7540             : static void
    7541          82 : CreateEndOfRecoveryRecord(void)
    7542             : {
    7543             :     xl_end_of_recovery xlrec;
    7544             :     XLogRecPtr  recptr;
    7545             : 
    7546             :     /* sanity check */
    7547          82 :     if (!RecoveryInProgress())
    7548           0 :         elog(ERROR, "can only be used to end recovery");
    7549             : 
    7550          82 :     xlrec.end_time = GetCurrentTimestamp();
    7551          82 :     xlrec.wal_level = wal_level;
    7552             : 
    7553          82 :     WALInsertLockAcquireExclusive();
    7554          82 :     xlrec.ThisTimeLineID = XLogCtl->InsertTimeLineID;
    7555          82 :     xlrec.PrevTimeLineID = XLogCtl->PrevTimeLineID;
    7556          82 :     WALInsertLockRelease();
    7557             : 
    7558          82 :     START_CRIT_SECTION();
    7559             : 
    7560          82 :     XLogBeginInsert();
    7561          82 :     XLogRegisterData(&xlrec, sizeof(xl_end_of_recovery));
    7562          82 :     recptr = XLogInsert(RM_XLOG_ID, XLOG_END_OF_RECOVERY);
    7563             : 
    7564          82 :     XLogFlush(recptr);
    7565             : 
    7566             :     /*
    7567             :      * Update the control file so that crash recovery can follow the timeline
    7568             :      * changes to this point.
    7569             :      */
    7570          82 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    7571          82 :     ControlFile->minRecoveryPoint = recptr;
    7572          82 :     ControlFile->minRecoveryPointTLI = xlrec.ThisTimeLineID;
    7573          82 :     UpdateControlFile();
    7574          82 :     LWLockRelease(ControlFileLock);
    7575             : 
    7576          82 :     END_CRIT_SECTION();
    7577          82 : }
    7578             : 
    7579             : /*
    7580             :  * Write an OVERWRITE_CONTRECORD message.
    7581             :  *
    7582             :  * When on WAL replay we expect a continuation record at the start of a page
    7583             :  * that is not there, recovery ends and WAL writing resumes at that point.
    7584             :  * But it's wrong to resume writing new WAL back at the start of the record
    7585             :  * that was broken, because downstream consumers of that WAL (physical
    7586             :  * replicas) are not prepared to "rewind".  So the first action after
    7587             :  * finishing replay of all valid WAL must be to write a record of this type
    7588             :  * at the point where the contrecord was missing; to support xlogreader
    7589             :  * detecting the special case, XLP_FIRST_IS_OVERWRITE_CONTRECORD is also added
    7590             :  * to the page header where the record occurs.  xlogreader has an ad-hoc
    7591             :  * mechanism to report metadata about the broken record, which is what we
    7592             :  * use here.
    7593             :  *
    7594             :  * At replay time, XLP_FIRST_IS_OVERWRITE_CONTRECORD instructs xlogreader to
    7595             :  * skip the record it was reading, and pass back the LSN of the skipped
    7596             :  * record, so that its caller can verify (on "replay" of that record) that the
    7597             :  * XLOG_OVERWRITE_CONTRECORD matches what was effectively overwritten.
    7598             :  *
    7599             :  * 'aborted_lsn' is the beginning position of the record that was incomplete.
    7600             :  * It is included in the WAL record.  'pagePtr' and 'newTLI' point to the
    7601             :  * beginning of the XLOG page where the record is to be inserted.  They must
    7602             :  * match the current WAL insert position, they're passed here just so that we
    7603             :  * can verify that.
    7604             :  */
    7605             : static XLogRecPtr
    7606          20 : CreateOverwriteContrecordRecord(XLogRecPtr aborted_lsn, XLogRecPtr pagePtr,
    7607             :                                 TimeLineID newTLI)
    7608             : {
    7609             :     xl_overwrite_contrecord xlrec;
    7610             :     XLogRecPtr  recptr;
    7611             :     XLogPageHeader pagehdr;
    7612             :     XLogRecPtr  startPos;
    7613             : 
    7614             :     /* sanity checks */
    7615          20 :     if (!RecoveryInProgress())
    7616           0 :         elog(ERROR, "can only be used at end of recovery");
    7617          20 :     if (pagePtr % XLOG_BLCKSZ != 0)
    7618           0 :         elog(ERROR, "invalid position for missing continuation record %X/%08X",
    7619             :              LSN_FORMAT_ARGS(pagePtr));
    7620             : 
    7621             :     /* The current WAL insert position should be right after the page header */
    7622          20 :     startPos = pagePtr;
    7623          20 :     if (XLogSegmentOffset(startPos, wal_segment_size) == 0)
    7624           2 :         startPos += SizeOfXLogLongPHD;
    7625             :     else
    7626          18 :         startPos += SizeOfXLogShortPHD;
    7627          20 :     recptr = GetXLogInsertRecPtr();
    7628          20 :     if (recptr != startPos)
    7629           0 :         elog(ERROR, "invalid WAL insert position %X/%08X for OVERWRITE_CONTRECORD",
    7630             :              LSN_FORMAT_ARGS(recptr));
    7631             : 
    7632          20 :     START_CRIT_SECTION();
    7633             : 
    7634             :     /*
    7635             :      * Initialize the XLOG page header (by GetXLogBuffer), and set the
    7636             :      * XLP_FIRST_IS_OVERWRITE_CONTRECORD flag.
    7637             :      *
    7638             :      * No other backend is allowed to write WAL yet, so acquiring the WAL
    7639             :      * insertion lock is just pro forma.
    7640             :      */
    7641          20 :     WALInsertLockAcquire();
    7642          20 :     pagehdr = (XLogPageHeader) GetXLogBuffer(pagePtr, newTLI);
    7643          20 :     pagehdr->xlp_info |= XLP_FIRST_IS_OVERWRITE_CONTRECORD;
    7644          20 :     WALInsertLockRelease();
    7645             : 
    7646             :     /*
    7647             :      * Insert the XLOG_OVERWRITE_CONTRECORD record as the first record on the
    7648             :      * page.  We know it becomes the first record, because no other backend is
    7649             :      * allowed to write WAL yet.
    7650             :      */
    7651          20 :     XLogBeginInsert();
    7652          20 :     xlrec.overwritten_lsn = aborted_lsn;
    7653          20 :     xlrec.overwrite_time = GetCurrentTimestamp();
    7654          20 :     XLogRegisterData(&xlrec, sizeof(xl_overwrite_contrecord));
    7655          20 :     recptr = XLogInsert(RM_XLOG_ID, XLOG_OVERWRITE_CONTRECORD);
    7656             : 
    7657             :     /* check that the record was inserted to the right place */
    7658          20 :     if (ProcLastRecPtr != startPos)
    7659           0 :         elog(ERROR, "OVERWRITE_CONTRECORD was inserted to unexpected position %X/%08X",
    7660             :              LSN_FORMAT_ARGS(ProcLastRecPtr));
    7661             : 
    7662          20 :     XLogFlush(recptr);
    7663             : 
    7664          20 :     END_CRIT_SECTION();
    7665             : 
    7666          20 :     return recptr;
    7667             : }
    7668             : 
    7669             : /*
    7670             :  * Flush all data in shared memory to disk, and fsync
    7671             :  *
    7672             :  * This is the common code shared between regular checkpoints and
    7673             :  * recovery restartpoints.
    7674             :  */
    7675             : static void
    7676        3378 : CheckPointGuts(XLogRecPtr checkPointRedo, int flags)
    7677             : {
    7678        3378 :     CheckPointRelationMap();
    7679        3378 :     CheckPointReplicationSlots(flags & CHECKPOINT_IS_SHUTDOWN);
    7680        3378 :     CheckPointSnapBuild();
    7681        3378 :     CheckPointLogicalRewriteHeap();
    7682        3378 :     CheckPointReplicationOrigin();
    7683             : 
    7684             :     /* Write out all dirty data in SLRUs and the main buffer pool */
    7685             :     TRACE_POSTGRESQL_BUFFER_CHECKPOINT_START(flags);
    7686        3378 :     CheckpointStats.ckpt_write_t = GetCurrentTimestamp();
    7687        3378 :     CheckPointCLOG();
    7688        3378 :     CheckPointCommitTs();
    7689        3378 :     CheckPointSUBTRANS();
    7690        3378 :     CheckPointMultiXact();
    7691        3378 :     CheckPointPredicate();
    7692        3378 :     CheckPointBuffers(flags);
    7693             : 
    7694             :     /* Perform all queued up fsyncs */
    7695             :     TRACE_POSTGRESQL_BUFFER_CHECKPOINT_SYNC_START();
    7696        3378 :     CheckpointStats.ckpt_sync_t = GetCurrentTimestamp();
    7697        3378 :     ProcessSyncRequests();
    7698        3378 :     CheckpointStats.ckpt_sync_end_t = GetCurrentTimestamp();
    7699             :     TRACE_POSTGRESQL_BUFFER_CHECKPOINT_DONE();
    7700             : 
    7701             :     /* We deliberately delay 2PC checkpointing as long as possible */
    7702        3378 :     CheckPointTwoPhase(checkPointRedo);
    7703        3378 : }
    7704             : 
    7705             : /*
    7706             :  * Save a checkpoint for recovery restart if appropriate
    7707             :  *
    7708             :  * This function is called each time a checkpoint record is read from XLOG.
    7709             :  * It must determine whether the checkpoint represents a safe restartpoint or
    7710             :  * not.  If so, the checkpoint record is stashed in shared memory so that
    7711             :  * CreateRestartPoint can consult it.  (Note that the latter function is
    7712             :  * executed by the checkpointer, while this one will be executed by the
    7713             :  * startup process.)
    7714             :  */
    7715             : static void
    7716        1410 : RecoveryRestartPoint(const CheckPoint *checkPoint, XLogReaderState *record)
    7717             : {
    7718             :     /*
    7719             :      * Also refrain from creating a restartpoint if we have seen any
    7720             :      * references to non-existent pages. Restarting recovery from the
    7721             :      * restartpoint would not see the references, so we would lose the
    7722             :      * cross-check that the pages belonged to a relation that was dropped
    7723             :      * later.
    7724             :      */
    7725        1410 :     if (XLogHaveInvalidPages())
    7726             :     {
    7727           0 :         elog(DEBUG2,
    7728             :              "could not record restart point at %X/%08X because there are unresolved references to invalid pages",
    7729             :              LSN_FORMAT_ARGS(checkPoint->redo));
    7730           0 :         return;
    7731             :     }
    7732             : 
    7733             :     /*
    7734             :      * Copy the checkpoint record to shared memory, so that checkpointer can
    7735             :      * work out the next time it wants to perform a restartpoint.
    7736             :      */
    7737        1410 :     SpinLockAcquire(&XLogCtl->info_lck);
    7738        1410 :     XLogCtl->lastCheckPointRecPtr = record->ReadRecPtr;
    7739        1410 :     XLogCtl->lastCheckPointEndPtr = record->EndRecPtr;
    7740        1410 :     XLogCtl->lastCheckPoint = *checkPoint;
    7741        1410 :     SpinLockRelease(&XLogCtl->info_lck);
    7742             : }
    7743             : 
    7744             : /*
    7745             :  * Establish a restartpoint if possible.
    7746             :  *
    7747             :  * This is similar to CreateCheckPoint, but is used during WAL recovery
    7748             :  * to establish a point from which recovery can roll forward without
    7749             :  * replaying the entire recovery log.
    7750             :  *
    7751             :  * Returns true if a new restartpoint was established. We can only establish
    7752             :  * a restartpoint if we have replayed a safe checkpoint record since last
    7753             :  * restartpoint.
    7754             :  */
    7755             : bool
    7756        1160 : CreateRestartPoint(int flags)
    7757             : {
    7758             :     XLogRecPtr  lastCheckPointRecPtr;
    7759             :     XLogRecPtr  lastCheckPointEndPtr;
    7760             :     CheckPoint  lastCheckPoint;
    7761             :     XLogRecPtr  PriorRedoPtr;
    7762             :     XLogRecPtr  receivePtr;
    7763             :     XLogRecPtr  replayPtr;
    7764             :     TimeLineID  replayTLI;
    7765             :     XLogRecPtr  endptr;
    7766             :     XLogSegNo   _logSegNo;
    7767             :     TimestampTz xtime;
    7768             : 
    7769             :     /* Concurrent checkpoint/restartpoint cannot happen */
    7770             :     Assert(!IsUnderPostmaster || MyBackendType == B_CHECKPOINTER);
    7771             : 
    7772             :     /* Get a local copy of the last safe checkpoint record. */
    7773        1160 :     SpinLockAcquire(&XLogCtl->info_lck);
    7774        1160 :     lastCheckPointRecPtr = XLogCtl->lastCheckPointRecPtr;
    7775        1160 :     lastCheckPointEndPtr = XLogCtl->lastCheckPointEndPtr;
    7776        1160 :     lastCheckPoint = XLogCtl->lastCheckPoint;
    7777        1160 :     SpinLockRelease(&XLogCtl->info_lck);
    7778             : 
    7779             :     /*
    7780             :      * Check that we're still in recovery mode. It's ok if we exit recovery
    7781             :      * mode after this check, the restart point is valid anyway.
    7782             :      */
    7783        1160 :     if (!RecoveryInProgress())
    7784             :     {
    7785           0 :         ereport(DEBUG2,
    7786             :                 (errmsg_internal("skipping restartpoint, recovery has already ended")));
    7787           0 :         return false;
    7788             :     }
    7789             : 
    7790             :     /*
    7791             :      * If the last checkpoint record we've replayed is already our last
    7792             :      * restartpoint, we can't perform a new restart point. We still update
    7793             :      * minRecoveryPoint in that case, so that if this is a shutdown restart
    7794             :      * point, we won't start up earlier than before. That's not strictly
    7795             :      * necessary, but when hot standby is enabled, it would be rather weird if
    7796             :      * the database opened up for read-only connections at a point-in-time
    7797             :      * before the last shutdown. Such time travel is still possible in case of
    7798             :      * immediate shutdown, though.
    7799             :      *
    7800             :      * We don't explicitly advance minRecoveryPoint when we do create a
    7801             :      * restartpoint. It's assumed that flushing the buffers will do that as a
    7802             :      * side-effect.
    7803             :      */
    7804        1160 :     if (XLogRecPtrIsInvalid(lastCheckPointRecPtr) ||
    7805         498 :         lastCheckPoint.redo <= ControlFile->checkPointCopy.redo)
    7806             :     {
    7807         786 :         ereport(DEBUG2,
    7808             :                 errmsg_internal("skipping restartpoint, already performed at %X/%08X",
    7809             :                                 LSN_FORMAT_ARGS(lastCheckPoint.redo)));
    7810             : 
    7811         786 :         UpdateMinRecoveryPoint(InvalidXLogRecPtr, true);
    7812         786 :         if (flags & CHECKPOINT_IS_SHUTDOWN)
    7813             :         {
    7814          72 :             LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    7815          72 :             ControlFile->state = DB_SHUTDOWNED_IN_RECOVERY;
    7816          72 :             UpdateControlFile();
    7817          72 :             LWLockRelease(ControlFileLock);
    7818             :         }
    7819         786 :         return false;
    7820             :     }
    7821             : 
    7822             :     /*
    7823             :      * Update the shared RedoRecPtr so that the startup process can calculate
    7824             :      * the number of segments replayed since last restartpoint, and request a
    7825             :      * restartpoint if it exceeds CheckPointSegments.
    7826             :      *
    7827             :      * Like in CreateCheckPoint(), hold off insertions to update it, although
    7828             :      * during recovery this is just pro forma, because no WAL insertions are
    7829             :      * happening.
    7830             :      */
    7831         374 :     WALInsertLockAcquireExclusive();
    7832         374 :     RedoRecPtr = XLogCtl->Insert.RedoRecPtr = lastCheckPoint.redo;
    7833         374 :     WALInsertLockRelease();
    7834             : 
    7835             :     /* Also update the info_lck-protected copy */
    7836         374 :     SpinLockAcquire(&XLogCtl->info_lck);
    7837         374 :     XLogCtl->RedoRecPtr = lastCheckPoint.redo;
    7838         374 :     SpinLockRelease(&XLogCtl->info_lck);
    7839             : 
    7840             :     /*
    7841             :      * Prepare to accumulate statistics.
    7842             :      *
    7843             :      * Note: because it is possible for log_checkpoints to change while a
    7844             :      * checkpoint proceeds, we always accumulate stats, even if
    7845             :      * log_checkpoints is currently off.
    7846             :      */
    7847        4114 :     MemSet(&CheckpointStats, 0, sizeof(CheckpointStats));
    7848         374 :     CheckpointStats.ckpt_start_t = GetCurrentTimestamp();
    7849             : 
    7850         374 :     if (log_checkpoints)
    7851         374 :         LogCheckpointStart(flags, true);
    7852             : 
    7853             :     /* Update the process title */
    7854         374 :     update_checkpoint_display(flags, true, false);
    7855             : 
    7856         374 :     CheckPointGuts(lastCheckPoint.redo, flags);
    7857             : 
    7858             :     /*
    7859             :      * This location needs to be after CheckPointGuts() to ensure that some
    7860             :      * work has already happened during this checkpoint.
    7861             :      */
    7862         374 :     INJECTION_POINT("create-restart-point", NULL);
    7863             : 
    7864             :     /*
    7865             :      * Remember the prior checkpoint's redo ptr for
    7866             :      * UpdateCheckPointDistanceEstimate()
    7867             :      */
    7868         374 :     PriorRedoPtr = ControlFile->checkPointCopy.redo;
    7869             : 
    7870             :     /*
    7871             :      * Update pg_control, using current time.  Check that it still shows an
    7872             :      * older checkpoint, else do nothing; this is a quick hack to make sure
    7873             :      * nothing really bad happens if somehow we get here after the
    7874             :      * end-of-recovery checkpoint.
    7875             :      */
    7876         374 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    7877         374 :     if (ControlFile->checkPointCopy.redo < lastCheckPoint.redo)
    7878             :     {
    7879             :         /*
    7880             :          * Update the checkpoint information.  We do this even if the cluster
    7881             :          * does not show DB_IN_ARCHIVE_RECOVERY to match with the set of WAL
    7882             :          * segments recycled below.
    7883             :          */
    7884         374 :         ControlFile->checkPoint = lastCheckPointRecPtr;
    7885         374 :         ControlFile->checkPointCopy = lastCheckPoint;
    7886             : 
    7887             :         /*
    7888             :          * Ensure minRecoveryPoint is past the checkpoint record and update it
    7889             :          * if the control file still shows DB_IN_ARCHIVE_RECOVERY.  Normally,
    7890             :          * this will have happened already while writing out dirty buffers,
    7891             :          * but not necessarily - e.g. because no buffers were dirtied.  We do
    7892             :          * this because a backup performed in recovery uses minRecoveryPoint
    7893             :          * to determine which WAL files must be included in the backup, and
    7894             :          * the file (or files) containing the checkpoint record must be
    7895             :          * included, at a minimum.  Note that for an ordinary restart of
    7896             :          * recovery there's no value in having the minimum recovery point any
    7897             :          * earlier than this anyway, because redo will begin just after the
    7898             :          * checkpoint record.
    7899             :          */
    7900         374 :         if (ControlFile->state == DB_IN_ARCHIVE_RECOVERY)
    7901             :         {
    7902         374 :             if (ControlFile->minRecoveryPoint < lastCheckPointEndPtr)
    7903             :             {
    7904          40 :                 ControlFile->minRecoveryPoint = lastCheckPointEndPtr;
    7905          40 :                 ControlFile->minRecoveryPointTLI = lastCheckPoint.ThisTimeLineID;
    7906             : 
    7907             :                 /* update local copy */
    7908          40 :                 LocalMinRecoveryPoint = ControlFile->minRecoveryPoint;
    7909          40 :                 LocalMinRecoveryPointTLI = ControlFile->minRecoveryPointTLI;
    7910             :             }
    7911         374 :             if (flags & CHECKPOINT_IS_SHUTDOWN)
    7912          38 :                 ControlFile->state = DB_SHUTDOWNED_IN_RECOVERY;
    7913             :         }
    7914         374 :         UpdateControlFile();
    7915             :     }
    7916         374 :     LWLockRelease(ControlFileLock);
    7917             : 
    7918             :     /*
    7919             :      * Update the average distance between checkpoints/restartpoints if the
    7920             :      * prior checkpoint exists.
    7921             :      */
    7922         374 :     if (PriorRedoPtr != InvalidXLogRecPtr)
    7923         374 :         UpdateCheckPointDistanceEstimate(RedoRecPtr - PriorRedoPtr);
    7924             : 
    7925             :     /*
    7926             :      * Delete old log files, those no longer needed for last restartpoint to
    7927             :      * prevent the disk holding the xlog from growing full.
    7928             :      */
    7929         374 :     XLByteToSeg(RedoRecPtr, _logSegNo, wal_segment_size);
    7930             : 
    7931             :     /*
    7932             :      * Retreat _logSegNo using the current end of xlog replayed or received,
    7933             :      * whichever is later.
    7934             :      */
    7935         374 :     receivePtr = GetWalRcvFlushRecPtr(NULL, NULL);
    7936         374 :     replayPtr = GetXLogReplayRecPtr(&replayTLI);
    7937         374 :     endptr = (receivePtr < replayPtr) ? replayPtr : receivePtr;
    7938         374 :     KeepLogSeg(endptr, &_logSegNo);
    7939         374 :     if (InvalidateObsoleteReplicationSlots(RS_INVAL_WAL_REMOVED | RS_INVAL_IDLE_TIMEOUT,
    7940             :                                            _logSegNo, InvalidOid,
    7941             :                                            InvalidTransactionId))
    7942             :     {
    7943             :         /*
    7944             :          * Some slots have been invalidated; recalculate the old-segment
    7945             :          * horizon, starting again from RedoRecPtr.
    7946             :          */
    7947           2 :         XLByteToSeg(RedoRecPtr, _logSegNo, wal_segment_size);
    7948           2 :         KeepLogSeg(endptr, &_logSegNo);
    7949             :     }
    7950         374 :     _logSegNo--;
    7951             : 
    7952             :     /*
    7953             :      * Try to recycle segments on a useful timeline. If we've been promoted
    7954             :      * since the beginning of this restartpoint, use the new timeline chosen
    7955             :      * at end of recovery.  If we're still in recovery, use the timeline we're
    7956             :      * currently replaying.
    7957             :      *
    7958             :      * There is no guarantee that the WAL segments will be useful on the
    7959             :      * current timeline; if recovery proceeds to a new timeline right after
    7960             :      * this, the pre-allocated WAL segments on this timeline will not be used,
    7961             :      * and will go wasted until recycled on the next restartpoint. We'll live
    7962             :      * with that.
    7963             :      */
    7964         374 :     if (!RecoveryInProgress())
    7965           0 :         replayTLI = XLogCtl->InsertTimeLineID;
    7966             : 
    7967         374 :     RemoveOldXlogFiles(_logSegNo, RedoRecPtr, endptr, replayTLI);
    7968             : 
    7969             :     /*
    7970             :      * Make more log segments if needed.  (Do this after recycling old log
    7971             :      * segments, since that may supply some of the needed files.)
    7972             :      */
    7973         374 :     PreallocXlogFiles(endptr, replayTLI);
    7974             : 
    7975             :     /*
    7976             :      * Truncate pg_subtrans if possible.  We can throw away all data before
    7977             :      * the oldest XMIN of any running transaction.  No future transaction will
    7978             :      * attempt to reference any pg_subtrans entry older than that (see Asserts
    7979             :      * in subtrans.c).  When hot standby is disabled, though, we mustn't do
    7980             :      * this because StartupSUBTRANS hasn't been called yet.
    7981             :      */
    7982         374 :     if (EnableHotStandby)
    7983         374 :         TruncateSUBTRANS(GetOldestTransactionIdConsideredRunning());
    7984             : 
    7985             :     /* Real work is done; log and update stats. */
    7986         374 :     LogCheckpointEnd(true);
    7987             : 
    7988             :     /* Reset the process title */
    7989         374 :     update_checkpoint_display(flags, true, true);
    7990             : 
    7991         374 :     xtime = GetLatestXTime();
    7992         374 :     ereport((log_checkpoints ? LOG : DEBUG2),
    7993             :             errmsg("recovery restart point at %X/%08X",
    7994             :                    LSN_FORMAT_ARGS(lastCheckPoint.redo)),
    7995             :             xtime ? errdetail("Last completed transaction was at log time %s.",
    7996             :                               timestamptz_to_str(xtime)) : 0);
    7997             : 
    7998             :     /*
    7999             :      * Finally, execute archive_cleanup_command, if any.
    8000             :      */
    8001         374 :     if (archiveCleanupCommand && strcmp(archiveCleanupCommand, "") != 0)
    8002           0 :         ExecuteRecoveryCommand(archiveCleanupCommand,
    8003             :                                "archive_cleanup_command",
    8004             :                                false,
    8005             :                                WAIT_EVENT_ARCHIVE_CLEANUP_COMMAND);
    8006             : 
    8007         374 :     return true;
    8008             : }
    8009             : 
    8010             : /*
    8011             :  * Report availability of WAL for the given target LSN
    8012             :  *      (typically a slot's restart_lsn)
    8013             :  *
    8014             :  * Returns one of the following enum values:
    8015             :  *
    8016             :  * * WALAVAIL_RESERVED means targetLSN is available and it is in the range of
    8017             :  *   max_wal_size.
    8018             :  *
    8019             :  * * WALAVAIL_EXTENDED means it is still available by preserving extra
    8020             :  *   segments beyond max_wal_size. If max_slot_wal_keep_size is smaller
    8021             :  *   than max_wal_size, this state is not returned.
    8022             :  *
    8023             :  * * WALAVAIL_UNRESERVED means it is being lost and the next checkpoint will
    8024             :  *   remove reserved segments. The walsender using this slot may return to the
    8025             :  *   above.
    8026             :  *
    8027             :  * * WALAVAIL_REMOVED means it has been removed. A replication stream on
    8028             :  *   a slot with this LSN cannot continue.  (Any associated walsender
    8029             :  *   processes should have been terminated already.)
    8030             :  *
    8031             :  * * WALAVAIL_INVALID_LSN means the slot hasn't been set to reserve WAL.
    8032             :  */
    8033             : WALAvailability
    8034         992 : GetWALAvailability(XLogRecPtr targetLSN)
    8035             : {
    8036             :     XLogRecPtr  currpos;        /* current write LSN */
    8037             :     XLogSegNo   currSeg;        /* segid of currpos */
    8038             :     XLogSegNo   targetSeg;      /* segid of targetLSN */
    8039             :     XLogSegNo   oldestSeg;      /* actual oldest segid */
    8040             :     XLogSegNo   oldestSegMaxWalSize;    /* oldest segid kept by max_wal_size */
    8041             :     XLogSegNo   oldestSlotSeg;  /* oldest segid kept by slot */
    8042             :     uint64      keepSegs;
    8043             : 
    8044             :     /*
    8045             :      * slot does not reserve WAL. Either deactivated, or has never been active
    8046             :      */
    8047         992 :     if (XLogRecPtrIsInvalid(targetLSN))
    8048          44 :         return WALAVAIL_INVALID_LSN;
    8049             : 
    8050             :     /*
    8051             :      * Calculate the oldest segment currently reserved by all slots,
    8052             :      * considering wal_keep_size and max_slot_wal_keep_size.  Initialize
    8053             :      * oldestSlotSeg to the current segment.
    8054             :      */
    8055         948 :     currpos = GetXLogWriteRecPtr();
    8056         948 :     XLByteToSeg(currpos, oldestSlotSeg, wal_segment_size);
    8057         948 :     KeepLogSeg(currpos, &oldestSlotSeg);
    8058             : 
    8059             :     /*
    8060             :      * Find the oldest extant segment file. We get 1 until checkpoint removes
    8061             :      * the first WAL segment file since startup, which causes the status being
    8062             :      * wrong under certain abnormal conditions but that doesn't actually harm.
    8063             :      */
    8064         948 :     oldestSeg = XLogGetLastRemovedSegno() + 1;
    8065             : 
    8066             :     /* calculate oldest segment by max_wal_size */
    8067         948 :     XLByteToSeg(currpos, currSeg, wal_segment_size);
    8068         948 :     keepSegs = ConvertToXSegs(max_wal_size_mb, wal_segment_size) + 1;
    8069             : 
    8070         948 :     if (currSeg > keepSegs)
    8071          16 :         oldestSegMaxWalSize = currSeg - keepSegs;
    8072             :     else
    8073         932 :         oldestSegMaxWalSize = 1;
    8074             : 
    8075             :     /* the segment we care about */
    8076         948 :     XLByteToSeg(targetLSN, targetSeg, wal_segment_size);
    8077             : 
    8078             :     /*
    8079             :      * No point in returning reserved or extended status values if the
    8080             :      * targetSeg is known to be lost.
    8081             :      */
    8082         948 :     if (targetSeg >= oldestSlotSeg)
    8083             :     {
    8084             :         /* show "reserved" when targetSeg is within max_wal_size */
    8085         946 :         if (targetSeg >= oldestSegMaxWalSize)
    8086         942 :             return WALAVAIL_RESERVED;
    8087             : 
    8088             :         /* being retained by slots exceeding max_wal_size */
    8089           4 :         return WALAVAIL_EXTENDED;
    8090             :     }
    8091             : 
    8092             :     /* WAL segments are no longer retained but haven't been removed yet */
    8093           2 :     if (targetSeg >= oldestSeg)
    8094           2 :         return WALAVAIL_UNRESERVED;
    8095             : 
    8096             :     /* Definitely lost */
    8097           0 :     return WALAVAIL_REMOVED;
    8098             : }
    8099             : 
    8100             : 
    8101             : /*
    8102             :  * Retreat *logSegNo to the last segment that we need to retain because of
    8103             :  * either wal_keep_size or replication slots.
    8104             :  *
    8105             :  * This is calculated by subtracting wal_keep_size from the given xlog
    8106             :  * location, recptr and by making sure that that result is below the
    8107             :  * requirement of replication slots.  For the latter criterion we do consider
    8108             :  * the effects of max_slot_wal_keep_size: reserve at most that much space back
    8109             :  * from recptr.
    8110             :  *
    8111             :  * Note about replication slots: if this function calculates a value
    8112             :  * that's further ahead than what slots need reserved, then affected
    8113             :  * slots need to be invalidated and this function invoked again.
    8114             :  * XXX it might be a good idea to rewrite this function so that
    8115             :  * invalidation is optionally done here, instead.
    8116             :  */
    8117             : static void
    8118        4334 : KeepLogSeg(XLogRecPtr recptr, XLogSegNo *logSegNo)
    8119             : {
    8120             :     XLogSegNo   currSegNo;
    8121             :     XLogSegNo   segno;
    8122             :     XLogRecPtr  keep;
    8123             : 
    8124        4334 :     XLByteToSeg(recptr, currSegNo, wal_segment_size);
    8125        4334 :     segno = currSegNo;
    8126             : 
    8127             :     /* Calculate how many segments are kept by slots. */
    8128        4334 :     keep = XLogGetReplicationSlotMinimumLSN();
    8129        4334 :     if (keep != InvalidXLogRecPtr && keep < recptr)
    8130             :     {
    8131        1222 :         XLByteToSeg(keep, segno, wal_segment_size);
    8132             : 
    8133             :         /*
    8134             :          * Account for max_slot_wal_keep_size to avoid keeping more than
    8135             :          * configured.  However, don't do that during a binary upgrade: if
    8136             :          * slots were to be invalidated because of this, it would not be
    8137             :          * possible to preserve logical ones during the upgrade.
    8138             :          */
    8139        1222 :         if (max_slot_wal_keep_size_mb >= 0 && !IsBinaryUpgrade)
    8140             :         {
    8141             :             uint64      slot_keep_segs;
    8142             : 
    8143          42 :             slot_keep_segs =
    8144          42 :                 ConvertToXSegs(max_slot_wal_keep_size_mb, wal_segment_size);
    8145             : 
    8146          42 :             if (currSegNo - segno > slot_keep_segs)
    8147          10 :                 segno = currSegNo - slot_keep_segs;
    8148             :         }
    8149             :     }
    8150             : 
    8151             :     /*
    8152             :      * If WAL summarization is in use, don't remove WAL that has yet to be
    8153             :      * summarized.
    8154             :      */
    8155        4334 :     keep = GetOldestUnsummarizedLSN(NULL, NULL);
    8156        4334 :     if (keep != InvalidXLogRecPtr)
    8157             :     {
    8158             :         XLogSegNo   unsummarized_segno;
    8159             : 
    8160           4 :         XLByteToSeg(keep, unsummarized_segno, wal_segment_size);
    8161           4 :         if (unsummarized_segno < segno)
    8162           4 :             segno = unsummarized_segno;
    8163             :     }
    8164             : 
    8165             :     /* but, keep at least wal_keep_size if that's set */
    8166        4334 :     if (wal_keep_size_mb > 0)
    8167             :     {
    8168             :         uint64      keep_segs;
    8169             : 
    8170         138 :         keep_segs = ConvertToXSegs(wal_keep_size_mb, wal_segment_size);
    8171         138 :         if (currSegNo - segno < keep_segs)
    8172             :         {
    8173             :             /* avoid underflow, don't go below 1 */
    8174         138 :             if (currSegNo <= keep_segs)
    8175         130 :                 segno = 1;
    8176             :             else
    8177           8 :                 segno = currSegNo - keep_segs;
    8178             :         }
    8179             :     }
    8180             : 
    8181             :     /* don't delete WAL segments newer than the calculated segment */
    8182        4334 :     if (segno < *logSegNo)
    8183         750 :         *logSegNo = segno;
    8184        4334 : }
    8185             : 
    8186             : /*
    8187             :  * Write a NEXTOID log record
    8188             :  */
    8189             : void
    8190        1202 : XLogPutNextOid(Oid nextOid)
    8191             : {
    8192        1202 :     XLogBeginInsert();
    8193        1202 :     XLogRegisterData(&nextOid, sizeof(Oid));
    8194        1202 :     (void) XLogInsert(RM_XLOG_ID, XLOG_NEXTOID);
    8195             : 
    8196             :     /*
    8197             :      * We need not flush the NEXTOID record immediately, because any of the
    8198             :      * just-allocated OIDs could only reach disk as part of a tuple insert or
    8199             :      * update that would have its own XLOG record that must follow the NEXTOID
    8200             :      * record.  Therefore, the standard buffer LSN interlock applied to those
    8201             :      * records will ensure no such OID reaches disk before the NEXTOID record
    8202             :      * does.
    8203             :      *
    8204             :      * Note, however, that the above statement only covers state "within" the
    8205             :      * database.  When we use a generated OID as a file or directory name, we
    8206             :      * are in a sense violating the basic WAL rule, because that filesystem
    8207             :      * change may reach disk before the NEXTOID WAL record does.  The impact
    8208             :      * of this is that if a database crash occurs immediately afterward, we
    8209             :      * might after restart re-generate the same OID and find that it conflicts
    8210             :      * with the leftover file or directory.  But since for safety's sake we
    8211             :      * always loop until finding a nonconflicting filename, this poses no real
    8212             :      * problem in practice. See pgsql-hackers discussion 27-Sep-2006.
    8213             :      */
    8214        1202 : }
    8215             : 
    8216             : /*
    8217             :  * Write an XLOG SWITCH record.
    8218             :  *
    8219             :  * Here we just blindly issue an XLogInsert request for the record.
    8220             :  * All the magic happens inside XLogInsert.
    8221             :  *
    8222             :  * The return value is either the end+1 address of the switch record,
    8223             :  * or the end+1 address of the prior segment if we did not need to
    8224             :  * write a switch record because we are already at segment start.
    8225             :  */
    8226             : XLogRecPtr
    8227        1558 : RequestXLogSwitch(bool mark_unimportant)
    8228             : {
    8229             :     XLogRecPtr  RecPtr;
    8230             : 
    8231             :     /* XLOG SWITCH has no data */
    8232        1558 :     XLogBeginInsert();
    8233             : 
    8234        1558 :     if (mark_unimportant)
    8235           0 :         XLogSetRecordFlags(XLOG_MARK_UNIMPORTANT);
    8236        1558 :     RecPtr = XLogInsert(RM_XLOG_ID, XLOG_SWITCH);
    8237             : 
    8238        1558 :     return RecPtr;
    8239             : }
    8240             : 
    8241             : /*
    8242             :  * Write a RESTORE POINT record
    8243             :  */
    8244             : XLogRecPtr
    8245           6 : XLogRestorePoint(const char *rpName)
    8246             : {
    8247             :     XLogRecPtr  RecPtr;
    8248             :     xl_restore_point xlrec;
    8249             : 
    8250           6 :     xlrec.rp_time = GetCurrentTimestamp();
    8251           6 :     strlcpy(xlrec.rp_name, rpName, MAXFNAMELEN);
    8252             : 
    8253           6 :     XLogBeginInsert();
    8254           6 :     XLogRegisterData(&xlrec, sizeof(xl_restore_point));
    8255             : 
    8256           6 :     RecPtr = XLogInsert(RM_XLOG_ID, XLOG_RESTORE_POINT);
    8257             : 
    8258           6 :     ereport(LOG,
    8259             :             errmsg("restore point \"%s\" created at %X/%08X",
    8260             :                    rpName, LSN_FORMAT_ARGS(RecPtr)));
    8261             : 
    8262           6 :     return RecPtr;
    8263             : }
    8264             : 
    8265             : /*
    8266             :  * Check if any of the GUC parameters that are critical for hot standby
    8267             :  * have changed, and update the value in pg_control file if necessary.
    8268             :  */
    8269             : static void
    8270        1744 : XLogReportParameters(void)
    8271             : {
    8272        1744 :     if (wal_level != ControlFile->wal_level ||
    8273        1266 :         wal_log_hints != ControlFile->wal_log_hints ||
    8274        1100 :         MaxConnections != ControlFile->MaxConnections ||
    8275        1098 :         max_worker_processes != ControlFile->max_worker_processes ||
    8276        1096 :         max_wal_senders != ControlFile->max_wal_senders ||
    8277        1054 :         max_prepared_xacts != ControlFile->max_prepared_xacts ||
    8278         872 :         max_locks_per_xact != ControlFile->max_locks_per_xact ||
    8279         872 :         track_commit_timestamp != ControlFile->track_commit_timestamp)
    8280             :     {
    8281             :         /*
    8282             :          * The change in number of backend slots doesn't need to be WAL-logged
    8283             :          * if archiving is not enabled, as you can't start archive recovery
    8284             :          * with wal_level=minimal anyway. We don't really care about the
    8285             :          * values in pg_control either if wal_level=minimal, but seems better
    8286             :          * to keep them up-to-date to avoid confusion.
    8287             :          */
    8288         894 :         if (wal_level != ControlFile->wal_level || XLogIsNeeded())
    8289             :         {
    8290             :             xl_parameter_change xlrec;
    8291             :             XLogRecPtr  recptr;
    8292             : 
    8293         854 :             xlrec.MaxConnections = MaxConnections;
    8294         854 :             xlrec.max_worker_processes = max_worker_processes;
    8295         854 :             xlrec.max_wal_senders = max_wal_senders;
    8296         854 :             xlrec.max_prepared_xacts = max_prepared_xacts;
    8297         854 :             xlrec.max_locks_per_xact = max_locks_per_xact;
    8298         854 :             xlrec.wal_level = wal_level;
    8299         854 :             xlrec.wal_log_hints = wal_log_hints;
    8300         854 :             xlrec.track_commit_timestamp = track_commit_timestamp;
    8301             : 
    8302         854 :             XLogBeginInsert();
    8303         854 :             XLogRegisterData(&xlrec, sizeof(xlrec));
    8304             : 
    8305         854 :             recptr = XLogInsert(RM_XLOG_ID, XLOG_PARAMETER_CHANGE);
    8306         854 :             XLogFlush(recptr);
    8307             :         }
    8308             : 
    8309         894 :         LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    8310             : 
    8311         894 :         ControlFile->MaxConnections = MaxConnections;
    8312         894 :         ControlFile->max_worker_processes = max_worker_processes;
    8313         894 :         ControlFile->max_wal_senders = max_wal_senders;
    8314         894 :         ControlFile->max_prepared_xacts = max_prepared_xacts;
    8315         894 :         ControlFile->max_locks_per_xact = max_locks_per_xact;
    8316         894 :         ControlFile->wal_level = wal_level;
    8317         894 :         ControlFile->wal_log_hints = wal_log_hints;
    8318         894 :         ControlFile->track_commit_timestamp = track_commit_timestamp;
    8319         894 :         UpdateControlFile();
    8320             : 
    8321         894 :         LWLockRelease(ControlFileLock);
    8322             :     }
    8323        1744 : }
    8324             : 
    8325             : /*
    8326             :  * Update full_page_writes in shared memory, and write an
    8327             :  * XLOG_FPW_CHANGE record if necessary.
    8328             :  *
    8329             :  * Note: this function assumes there is no other process running
    8330             :  * concurrently that could update it.
    8331             :  */
    8332             : void
    8333        2900 : UpdateFullPageWrites(void)
    8334             : {
    8335        2900 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    8336             :     bool        recoveryInProgress;
    8337             : 
    8338             :     /*
    8339             :      * Do nothing if full_page_writes has not been changed.
    8340             :      *
    8341             :      * It's safe to check the shared full_page_writes without the lock,
    8342             :      * because we assume that there is no concurrently running process which
    8343             :      * can update it.
    8344             :      */
    8345        2900 :     if (fullPageWrites == Insert->fullPageWrites)
    8346        2160 :         return;
    8347             : 
    8348             :     /*
    8349             :      * Perform this outside critical section so that the WAL insert
    8350             :      * initialization done by RecoveryInProgress() doesn't trigger an
    8351             :      * assertion failure.
    8352             :      */
    8353         740 :     recoveryInProgress = RecoveryInProgress();
    8354             : 
    8355         740 :     START_CRIT_SECTION();
    8356             : 
    8357             :     /*
    8358             :      * It's always safe to take full page images, even when not strictly
    8359             :      * required, but not the other round. So if we're setting full_page_writes
    8360             :      * to true, first set it true and then write the WAL record. If we're
    8361             :      * setting it to false, first write the WAL record and then set the global
    8362             :      * flag.
    8363             :      */
    8364         740 :     if (fullPageWrites)
    8365             :     {
    8366         720 :         WALInsertLockAcquireExclusive();
    8367         720 :         Insert->fullPageWrites = true;
    8368         720 :         WALInsertLockRelease();
    8369             :     }
    8370             : 
    8371             :     /*
    8372             :      * Write an XLOG_FPW_CHANGE record. This allows us to keep track of
    8373             :      * full_page_writes during archive recovery, if required.
    8374             :      */
    8375         740 :     if (XLogStandbyInfoActive() && !recoveryInProgress)
    8376             :     {
    8377           0 :         XLogBeginInsert();
    8378           0 :         XLogRegisterData(&fullPageWrites, sizeof(bool));
    8379             : 
    8380           0 :         XLogInsert(RM_XLOG_ID, XLOG_FPW_CHANGE);
    8381             :     }
    8382             : 
    8383         740 :     if (!fullPageWrites)
    8384             :     {
    8385          20 :         WALInsertLockAcquireExclusive();
    8386          20 :         Insert->fullPageWrites = false;
    8387          20 :         WALInsertLockRelease();
    8388             :     }
    8389         740 :     END_CRIT_SECTION();
    8390             : }
    8391             : 
    8392             : /*
    8393             :  * XLOG resource manager's routines
    8394             :  *
    8395             :  * Definitions of info values are in include/catalog/pg_control.h, though
    8396             :  * not all record types are related to control file updates.
    8397             :  *
    8398             :  * NOTE: Some XLOG record types that are directly related to WAL recovery
    8399             :  * are handled in xlogrecovery_redo().
    8400             :  */
    8401             : void
    8402       86792 : xlog_redo(XLogReaderState *record)
    8403             : {
    8404       86792 :     uint8       info = XLogRecGetInfo(record) & ~XLR_INFO_MASK;
    8405       86792 :     XLogRecPtr  lsn = record->EndRecPtr;
    8406             : 
    8407             :     /*
    8408             :      * In XLOG rmgr, backup blocks are only used by XLOG_FPI and
    8409             :      * XLOG_FPI_FOR_HINT records.
    8410             :      */
    8411             :     Assert(info == XLOG_FPI || info == XLOG_FPI_FOR_HINT ||
    8412             :            !XLogRecHasAnyBlockRefs(record));
    8413             : 
    8414       86792 :     if (info == XLOG_NEXTOID)
    8415             :     {
    8416             :         Oid         nextOid;
    8417             : 
    8418             :         /*
    8419             :          * We used to try to take the maximum of TransamVariables->nextOid and
    8420             :          * the recorded nextOid, but that fails if the OID counter wraps
    8421             :          * around.  Since no OID allocation should be happening during replay
    8422             :          * anyway, better to just believe the record exactly.  We still take
    8423             :          * OidGenLock while setting the variable, just in case.
    8424             :          */
    8425         184 :         memcpy(&nextOid, XLogRecGetData(record), sizeof(Oid));
    8426         184 :         LWLockAcquire(OidGenLock, LW_EXCLUSIVE);
    8427         184 :         TransamVariables->nextOid = nextOid;
    8428         184 :         TransamVariables->oidCount = 0;
    8429         184 :         LWLockRelease(OidGenLock);
    8430             :     }
    8431       86608 :     else if (info == XLOG_CHECKPOINT_SHUTDOWN)
    8432             :     {
    8433             :         CheckPoint  checkPoint;
    8434             :         TimeLineID  replayTLI;
    8435             : 
    8436          66 :         memcpy(&checkPoint, XLogRecGetData(record), sizeof(CheckPoint));
    8437             :         /* In a SHUTDOWN checkpoint, believe the counters exactly */
    8438          66 :         LWLockAcquire(XidGenLock, LW_EXCLUSIVE);
    8439          66 :         TransamVariables->nextXid = checkPoint.nextXid;
    8440          66 :         LWLockRelease(XidGenLock);
    8441          66 :         LWLockAcquire(OidGenLock, LW_EXCLUSIVE);
    8442          66 :         TransamVariables->nextOid = checkPoint.nextOid;
    8443          66 :         TransamVariables->oidCount = 0;
    8444          66 :         LWLockRelease(OidGenLock);
    8445          66 :         MultiXactSetNextMXact(checkPoint.nextMulti,
    8446             :                               checkPoint.nextMultiOffset);
    8447             : 
    8448          66 :         MultiXactAdvanceOldest(checkPoint.oldestMulti,
    8449             :                                checkPoint.oldestMultiDB);
    8450             : 
    8451             :         /*
    8452             :          * No need to set oldestClogXid here as well; it'll be set when we
    8453             :          * redo an xl_clog_truncate if it changed since initialization.
    8454             :          */
    8455          66 :         SetTransactionIdLimit(checkPoint.oldestXid, checkPoint.oldestXidDB);
    8456             : 
    8457             :         /*
    8458             :          * If we see a shutdown checkpoint while waiting for an end-of-backup
    8459             :          * record, the backup was canceled and the end-of-backup record will
    8460             :          * never arrive.
    8461             :          */
    8462          66 :         if (ArchiveRecoveryRequested &&
    8463          64 :             !XLogRecPtrIsInvalid(ControlFile->backupStartPoint) &&
    8464           0 :             XLogRecPtrIsInvalid(ControlFile->backupEndPoint))
    8465           0 :             ereport(PANIC,
    8466             :                     (errmsg("online backup was canceled, recovery cannot continue")));
    8467             : 
    8468             :         /*
    8469             :          * If we see a shutdown checkpoint, we know that nothing was running
    8470             :          * on the primary at this point. So fake-up an empty running-xacts
    8471             :          * record and use that here and now. Recover additional standby state
    8472             :          * for prepared transactions.
    8473             :          */
    8474          66 :         if (standbyState >= STANDBY_INITIALIZED)
    8475             :         {
    8476             :             TransactionId *xids;
    8477             :             int         nxids;
    8478             :             TransactionId oldestActiveXID;
    8479             :             TransactionId latestCompletedXid;
    8480             :             RunningTransactionsData running;
    8481             : 
    8482          60 :             oldestActiveXID = PrescanPreparedTransactions(&xids, &nxids);
    8483             : 
    8484             :             /* Update pg_subtrans entries for any prepared transactions */
    8485          60 :             StandbyRecoverPreparedTransactions();
    8486             : 
    8487             :             /*
    8488             :              * Construct a RunningTransactions snapshot representing a shut
    8489             :              * down server, with only prepared transactions still alive. We're
    8490             :              * never overflowed at this point because all subxids are listed
    8491             :              * with their parent prepared transactions.
    8492             :              */
    8493          60 :             running.xcnt = nxids;
    8494          60 :             running.subxcnt = 0;
    8495          60 :             running.subxid_status = SUBXIDS_IN_SUBTRANS;
    8496          60 :             running.nextXid = XidFromFullTransactionId(checkPoint.nextXid);
    8497          60 :             running.oldestRunningXid = oldestActiveXID;
    8498          60 :             latestCompletedXid = XidFromFullTransactionId(checkPoint.nextXid);
    8499          60 :             TransactionIdRetreat(latestCompletedXid);
    8500             :             Assert(TransactionIdIsNormal(latestCompletedXid));
    8501          60 :             running.latestCompletedXid = latestCompletedXid;
    8502          60 :             running.xids = xids;
    8503             : 
    8504          60 :             ProcArrayApplyRecoveryInfo(&running);
    8505             :         }
    8506             : 
    8507             :         /* ControlFile->checkPointCopy always tracks the latest ckpt XID */
    8508          66 :         LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    8509          66 :         ControlFile->checkPointCopy.nextXid = checkPoint.nextXid;
    8510          66 :         LWLockRelease(ControlFileLock);
    8511             : 
    8512             :         /*
    8513             :          * We should've already switched to the new TLI before replaying this
    8514             :          * record.
    8515             :          */
    8516          66 :         (void) GetCurrentReplayRecPtr(&replayTLI);
    8517          66 :         if (checkPoint.ThisTimeLineID != replayTLI)
    8518           0 :             ereport(PANIC,
    8519             :                     (errmsg("unexpected timeline ID %u (should be %u) in shutdown checkpoint record",
    8520             :                             checkPoint.ThisTimeLineID, replayTLI)));
    8521             : 
    8522          66 :         RecoveryRestartPoint(&checkPoint, record);
    8523             :     }
    8524       86542 :     else if (info == XLOG_CHECKPOINT_ONLINE)
    8525             :     {
    8526             :         CheckPoint  checkPoint;
    8527             :         TimeLineID  replayTLI;
    8528             : 
    8529        1344 :         memcpy(&checkPoint, XLogRecGetData(record), sizeof(CheckPoint));
    8530             :         /* In an ONLINE checkpoint, treat the XID counter as a minimum */
    8531        1344 :         LWLockAcquire(XidGenLock, LW_EXCLUSIVE);
    8532        1344 :         if (FullTransactionIdPrecedes(TransamVariables->nextXid,
    8533             :                                       checkPoint.nextXid))
    8534           0 :             TransamVariables->nextXid = checkPoint.nextXid;
    8535        1344 :         LWLockRelease(XidGenLock);
    8536             : 
    8537             :         /*
    8538             :          * We ignore the nextOid counter in an ONLINE checkpoint, preferring
    8539             :          * to track OID assignment through XLOG_NEXTOID records.  The nextOid
    8540             :          * counter is from the start of the checkpoint and might well be stale
    8541             :          * compared to later XLOG_NEXTOID records.  We could try to take the
    8542             :          * maximum of the nextOid counter and our latest value, but since
    8543             :          * there's no particular guarantee about the speed with which the OID
    8544             :          * counter wraps around, that's a risky thing to do.  In any case,
    8545             :          * users of the nextOid counter are required to avoid assignment of
    8546             :          * duplicates, so that a somewhat out-of-date value should be safe.
    8547             :          */
    8548             : 
    8549             :         /* Handle multixact */
    8550        1344 :         MultiXactAdvanceNextMXact(checkPoint.nextMulti,
    8551             :                                   checkPoint.nextMultiOffset);
    8552             : 
    8553             :         /*
    8554             :          * NB: This may perform multixact truncation when replaying WAL
    8555             :          * generated by an older primary.
    8556             :          */
    8557        1344 :         MultiXactAdvanceOldest(checkPoint.oldestMulti,
    8558             :                                checkPoint.oldestMultiDB);
    8559        1344 :         if (TransactionIdPrecedes(TransamVariables->oldestXid,
    8560             :                                   checkPoint.oldestXid))
    8561           0 :             SetTransactionIdLimit(checkPoint.oldestXid,
    8562             :                                   checkPoint.oldestXidDB);
    8563             :         /* ControlFile->checkPointCopy always tracks the latest ckpt XID */
    8564        1344 :         LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    8565        1344 :         ControlFile->checkPointCopy.nextXid = checkPoint.nextXid;
    8566        1344 :         LWLockRelease(ControlFileLock);
    8567             : 
    8568             :         /* TLI should not change in an on-line checkpoint */
    8569        1344 :         (void) GetCurrentReplayRecPtr(&replayTLI);
    8570        1344 :         if (checkPoint.ThisTimeLineID != replayTLI)
    8571           0 :             ereport(PANIC,
    8572             :                     (errmsg("unexpected timeline ID %u (should be %u) in online checkpoint record",
    8573             :                             checkPoint.ThisTimeLineID, replayTLI)));
    8574             : 
    8575        1344 :         RecoveryRestartPoint(&checkPoint, record);
    8576             :     }
    8577       85198 :     else if (info == XLOG_OVERWRITE_CONTRECORD)
    8578             :     {
    8579             :         /* nothing to do here, handled in xlogrecovery_redo() */
    8580             :     }
    8581       85196 :     else if (info == XLOG_END_OF_RECOVERY)
    8582             :     {
    8583             :         xl_end_of_recovery xlrec;
    8584             :         TimeLineID  replayTLI;
    8585             : 
    8586          20 :         memcpy(&xlrec, XLogRecGetData(record), sizeof(xl_end_of_recovery));
    8587             : 
    8588             :         /*
    8589             :          * For Hot Standby, we could treat this like a Shutdown Checkpoint,
    8590             :          * but this case is rarer and harder to test, so the benefit doesn't
    8591             :          * outweigh the potential extra cost of maintenance.
    8592             :          */
    8593             : 
    8594             :         /*
    8595             :          * We should've already switched to the new TLI before replaying this
    8596             :          * record.
    8597             :          */
    8598          20 :         (void) GetCurrentReplayRecPtr(&replayTLI);
    8599          20 :         if (xlrec.ThisTimeLineID != replayTLI)
    8600           0 :             ereport(PANIC,
    8601             :                     (errmsg("unexpected timeline ID %u (should be %u) in end-of-recovery record",
    8602             :                             xlrec.ThisTimeLineID, replayTLI)));
    8603             :     }
    8604       85176 :     else if (info == XLOG_NOOP)
    8605             :     {
    8606             :         /* nothing to do here */
    8607             :     }
    8608       85176 :     else if (info == XLOG_SWITCH)
    8609             :     {
    8610             :         /* nothing to do here */
    8611             :     }
    8612       84294 :     else if (info == XLOG_RESTORE_POINT)
    8613             :     {
    8614             :         /* nothing to do here, handled in xlogrecovery.c */
    8615             :     }
    8616       84284 :     else if (info == XLOG_FPI || info == XLOG_FPI_FOR_HINT)
    8617             :     {
    8618             :         /*
    8619             :          * XLOG_FPI records contain nothing else but one or more block
    8620             :          * references. Every block reference must include a full-page image
    8621             :          * even if full_page_writes was disabled when the record was generated
    8622             :          * - otherwise there would be no point in this record.
    8623             :          *
    8624             :          * XLOG_FPI_FOR_HINT records are generated when a page needs to be
    8625             :          * WAL-logged because of a hint bit update. They are only generated
    8626             :          * when checksums and/or wal_log_hints are enabled. They may include
    8627             :          * no full-page images if full_page_writes was disabled when they were
    8628             :          * generated. In this case there is nothing to do here.
    8629             :          *
    8630             :          * No recovery conflicts are generated by these generic records - if a
    8631             :          * resource manager needs to generate conflicts, it has to define a
    8632             :          * separate WAL record type and redo routine.
    8633             :          */
    8634      174828 :         for (uint8 block_id = 0; block_id <= XLogRecMaxBlockId(record); block_id++)
    8635             :         {
    8636             :             Buffer      buffer;
    8637             : 
    8638       92124 :             if (!XLogRecHasBlockImage(record, block_id))
    8639             :             {
    8640         132 :                 if (info == XLOG_FPI)
    8641           0 :                     elog(ERROR, "XLOG_FPI record did not contain a full-page image");
    8642         132 :                 continue;
    8643             :             }
    8644             : 
    8645       91992 :             if (XLogReadBufferForRedo(record, block_id, &buffer) != BLK_RESTORED)
    8646           0 :                 elog(ERROR, "unexpected XLogReadBufferForRedo result when restoring backup block");
    8647       91992 :             UnlockReleaseBuffer(buffer);
    8648             :         }
    8649             :     }
    8650        1580 :     else if (info == XLOG_BACKUP_END)
    8651             :     {
    8652             :         /* nothing to do here, handled in xlogrecovery_redo() */
    8653             :     }
    8654        1410 :     else if (info == XLOG_PARAMETER_CHANGE)
    8655             :     {
    8656             :         xl_parameter_change xlrec;
    8657             : 
    8658             :         /* Update our copy of the parameters in pg_control */
    8659          64 :         memcpy(&xlrec, XLogRecGetData(record), sizeof(xl_parameter_change));
    8660             : 
    8661             :         /*
    8662             :          * Invalidate logical slots if we are in hot standby and the primary
    8663             :          * does not have a WAL level sufficient for logical decoding. No need
    8664             :          * to search for potentially conflicting logically slots if standby is
    8665             :          * running with wal_level lower than logical, because in that case, we
    8666             :          * would have either disallowed creation of logical slots or
    8667             :          * invalidated existing ones.
    8668             :          */
    8669          64 :         if (InRecovery && InHotStandby &&
    8670          34 :             xlrec.wal_level < WAL_LEVEL_LOGICAL &&
    8671          12 :             wal_level >= WAL_LEVEL_LOGICAL)
    8672           8 :             InvalidateObsoleteReplicationSlots(RS_INVAL_WAL_LEVEL,
    8673             :                                                0, InvalidOid,
    8674             :                                                InvalidTransactionId);
    8675             : 
    8676          64 :         LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    8677          64 :         ControlFile->MaxConnections = xlrec.MaxConnections;
    8678          64 :         ControlFile->max_worker_processes = xlrec.max_worker_processes;
    8679          64 :         ControlFile->max_wal_senders = xlrec.max_wal_senders;
    8680          64 :         ControlFile->max_prepared_xacts = xlrec.max_prepared_xacts;
    8681          64 :         ControlFile->max_locks_per_xact = xlrec.max_locks_per_xact;
    8682          64 :         ControlFile->wal_level = xlrec.wal_level;
    8683          64 :         ControlFile->wal_log_hints = xlrec.wal_log_hints;
    8684             : 
    8685             :         /*
    8686             :          * Update minRecoveryPoint to ensure that if recovery is aborted, we
    8687             :          * recover back up to this point before allowing hot standby again.
    8688             :          * This is important if the max_* settings are decreased, to ensure
    8689             :          * you don't run queries against the WAL preceding the change. The
    8690             :          * local copies cannot be updated as long as crash recovery is
    8691             :          * happening and we expect all the WAL to be replayed.
    8692             :          */
    8693          64 :         if (InArchiveRecovery)
    8694             :         {
    8695          36 :             LocalMinRecoveryPoint = ControlFile->minRecoveryPoint;
    8696          36 :             LocalMinRecoveryPointTLI = ControlFile->minRecoveryPointTLI;
    8697             :         }
    8698          64 :         if (LocalMinRecoveryPoint != InvalidXLogRecPtr && LocalMinRecoveryPoint < lsn)
    8699             :         {
    8700             :             TimeLineID  replayTLI;
    8701             : 
    8702          14 :             (void) GetCurrentReplayRecPtr(&replayTLI);
    8703          14 :             ControlFile->minRecoveryPoint = lsn;
    8704          14 :             ControlFile->minRecoveryPointTLI = replayTLI;
    8705             :         }
    8706             : 
    8707          64 :         CommitTsParameterChange(xlrec.track_commit_timestamp,
    8708          64 :                                 ControlFile->track_commit_timestamp);
    8709          64 :         ControlFile->track_commit_timestamp = xlrec.track_commit_timestamp;
    8710             : 
    8711          64 :         UpdateControlFile();
    8712          64 :         LWLockRelease(ControlFileLock);
    8713             : 
    8714             :         /* Check to see if any parameter change gives a problem on recovery */
    8715          64 :         CheckRequiredParameterValues();
    8716             :     }
    8717        1346 :     else if (info == XLOG_FPW_CHANGE)
    8718             :     {
    8719             :         bool        fpw;
    8720             : 
    8721           0 :         memcpy(&fpw, XLogRecGetData(record), sizeof(bool));
    8722             : 
    8723             :         /*
    8724             :          * Update the LSN of the last replayed XLOG_FPW_CHANGE record so that
    8725             :          * do_pg_backup_start() and do_pg_backup_stop() can check whether
    8726             :          * full_page_writes has been disabled during online backup.
    8727             :          */
    8728           0 :         if (!fpw)
    8729             :         {
    8730           0 :             SpinLockAcquire(&XLogCtl->info_lck);
    8731           0 :             if (XLogCtl->lastFpwDisableRecPtr < record->ReadRecPtr)
    8732           0 :                 XLogCtl->lastFpwDisableRecPtr = record->ReadRecPtr;
    8733           0 :             SpinLockRelease(&XLogCtl->info_lck);
    8734             :         }
    8735             : 
    8736             :         /* Keep track of full_page_writes */
    8737           0 :         lastFullPageWrites = fpw;
    8738             :     }
    8739             :     else if (info == XLOG_CHECKPOINT_REDO)
    8740             :     {
    8741             :         /* nothing to do here, just for informational purposes */
    8742             :     }
    8743       86788 : }
    8744             : 
    8745             : /*
    8746             :  * Return the extra open flags used for opening a file, depending on the
    8747             :  * value of the GUCs wal_sync_method, fsync and debug_io_direct.
    8748             :  */
    8749             : static int
    8750       31788 : get_sync_bit(int method)
    8751             : {
    8752       31788 :     int         o_direct_flag = 0;
    8753             : 
    8754             :     /*
    8755             :      * Use O_DIRECT if requested, except in walreceiver process.  The WAL
    8756             :      * written by walreceiver is normally read by the startup process soon
    8757             :      * after it's written.  Also, walreceiver performs unaligned writes, which
    8758             :      * don't work with O_DIRECT, so it is required for correctness too.
    8759             :      */
    8760       31788 :     if ((io_direct_flags & IO_DIRECT_WAL) && !AmWalReceiverProcess())
    8761          16 :         o_direct_flag = PG_O_DIRECT;
    8762             : 
    8763             :     /* If fsync is disabled, never open in sync mode */
    8764       31788 :     if (!enableFsync)
    8765       31788 :         return o_direct_flag;
    8766             : 
    8767           0 :     switch (method)
    8768             :     {
    8769             :             /*
    8770             :              * enum values for all sync options are defined even if they are
    8771             :              * not supported on the current platform.  But if not, they are
    8772             :              * not included in the enum option array, and therefore will never
    8773             :              * be seen here.
    8774             :              */
    8775           0 :         case WAL_SYNC_METHOD_FSYNC:
    8776             :         case WAL_SYNC_METHOD_FSYNC_WRITETHROUGH:
    8777             :         case WAL_SYNC_METHOD_FDATASYNC:
    8778           0 :             return o_direct_flag;
    8779             : #ifdef O_SYNC
    8780           0 :         case WAL_SYNC_METHOD_OPEN:
    8781           0 :             return O_SYNC | o_direct_flag;
    8782             : #endif
    8783             : #ifdef O_DSYNC
    8784           0 :         case WAL_SYNC_METHOD_OPEN_DSYNC:
    8785           0 :             return O_DSYNC | o_direct_flag;
    8786             : #endif
    8787           0 :         default:
    8788             :             /* can't happen (unless we are out of sync with option array) */
    8789           0 :             elog(ERROR, "unrecognized \"wal_sync_method\": %d", method);
    8790             :             return 0;           /* silence warning */
    8791             :     }
    8792             : }
    8793             : 
    8794             : /*
    8795             :  * GUC support
    8796             :  */
    8797             : void
    8798        2226 : assign_wal_sync_method(int new_wal_sync_method, void *extra)
    8799             : {
    8800        2226 :     if (wal_sync_method != new_wal_sync_method)
    8801             :     {
    8802             :         /*
    8803             :          * To ensure that no blocks escape unsynced, force an fsync on the
    8804             :          * currently open log segment (if any).  Also, if the open flag is
    8805             :          * changing, close the log file so it will be reopened (with new flag
    8806             :          * bit) at next use.
    8807             :          */
    8808           0 :         if (openLogFile >= 0)
    8809             :         {
    8810           0 :             pgstat_report_wait_start(WAIT_EVENT_WAL_SYNC_METHOD_ASSIGN);
    8811           0 :             if (pg_fsync(openLogFile) != 0)
    8812             :             {
    8813             :                 char        xlogfname[MAXFNAMELEN];
    8814             :                 int         save_errno;
    8815             : 
    8816           0 :                 save_errno = errno;
    8817           0 :                 XLogFileName(xlogfname, openLogTLI, openLogSegNo,
    8818             :                              wal_segment_size);
    8819           0 :                 errno = save_errno;
    8820           0 :                 ereport(PANIC,
    8821             :                         (errcode_for_file_access(),
    8822             :                          errmsg("could not fsync file \"%s\": %m", xlogfname)));
    8823             :             }
    8824             : 
    8825           0 :             pgstat_report_wait_end();
    8826           0 :             if (get_sync_bit(wal_sync_method) != get_sync_bit(new_wal_sync_method))
    8827           0 :                 XLogFileClose();
    8828             :         }
    8829             :     }
    8830        2226 : }
    8831             : 
    8832             : 
    8833             : /*
    8834             :  * Issue appropriate kind of fsync (if any) for an XLOG output file.
    8835             :  *
    8836             :  * 'fd' is a file descriptor for the XLOG file to be fsync'd.
    8837             :  * 'segno' is for error reporting purposes.
    8838             :  */
    8839             : void
    8840      318276 : issue_xlog_fsync(int fd, XLogSegNo segno, TimeLineID tli)
    8841             : {
    8842      318276 :     char       *msg = NULL;
    8843             :     instr_time  start;
    8844             : 
    8845             :     Assert(tli != 0);
    8846             : 
    8847             :     /*
    8848             :      * Quick exit if fsync is disabled or write() has already synced the WAL
    8849             :      * file.
    8850             :      */
    8851      318276 :     if (!enableFsync ||
    8852           0 :         wal_sync_method == WAL_SYNC_METHOD_OPEN ||
    8853           0 :         wal_sync_method == WAL_SYNC_METHOD_OPEN_DSYNC)
    8854      318276 :         return;
    8855             : 
    8856             :     /*
    8857             :      * Measure I/O timing to sync the WAL file for pg_stat_io.
    8858             :      */
    8859           0 :     start = pgstat_prepare_io_time(track_wal_io_timing);
    8860             : 
    8861           0 :     pgstat_report_wait_start(WAIT_EVENT_WAL_SYNC);
    8862           0 :     switch (wal_sync_method)
    8863             :     {
    8864           0 :         case WAL_SYNC_METHOD_FSYNC:
    8865           0 :             if (pg_fsync_no_writethrough(fd) != 0)
    8866           0 :                 msg = _("could not fsync file \"%s\": %m");
    8867           0 :             break;
    8868             : #ifdef HAVE_FSYNC_WRITETHROUGH
    8869             :         case WAL_SYNC_METHOD_FSYNC_WRITETHROUGH:
    8870             :             if (pg_fsync_writethrough(fd) != 0)
    8871             :                 msg = _("could not fsync write-through file \"%s\": %m");
    8872             :             break;
    8873             : #endif
    8874           0 :         case WAL_SYNC_METHOD_FDATASYNC:
    8875           0 :             if (pg_fdatasync(fd) != 0)
    8876           0 :                 msg = _("could not fdatasync file \"%s\": %m");
    8877           0 :             break;
    8878           0 :         case WAL_SYNC_METHOD_OPEN:
    8879             :         case WAL_SYNC_METHOD_OPEN_DSYNC:
    8880             :             /* not reachable */
    8881             :             Assert(false);
    8882           0 :             break;
    8883           0 :         default:
    8884           0 :             ereport(PANIC,
    8885             :                     errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    8886             :                     errmsg_internal("unrecognized \"wal_sync_method\": %d", wal_sync_method));
    8887             :             break;
    8888             :     }
    8889             : 
    8890             :     /* PANIC if failed to fsync */
    8891           0 :     if (msg)
    8892             :     {
    8893             :         char        xlogfname[MAXFNAMELEN];
    8894           0 :         int         save_errno = errno;
    8895             : 
    8896           0 :         XLogFileName(xlogfname, tli, segno, wal_segment_size);
    8897           0 :         errno = save_errno;
    8898           0 :         ereport(PANIC,
    8899             :                 (errcode_for_file_access(),
    8900             :                  errmsg(msg, xlogfname)));
    8901             :     }
    8902             : 
    8903           0 :     pgstat_report_wait_end();
    8904             : 
    8905           0 :     pgstat_count_io_op_time(IOOBJECT_WAL, IOCONTEXT_NORMAL, IOOP_FSYNC,
    8906             :                             start, 1, 0);
    8907             : }
    8908             : 
    8909             : /*
    8910             :  * do_pg_backup_start is the workhorse of the user-visible pg_backup_start()
    8911             :  * function. It creates the necessary starting checkpoint and constructs the
    8912             :  * backup state and tablespace map.
    8913             :  *
    8914             :  * Input parameters are "state" (the backup state), "fast" (if true, we do
    8915             :  * the checkpoint in fast mode), and "tablespaces" (if non-NULL, indicates a
    8916             :  * list of tablespaceinfo structs describing the cluster's tablespaces.).
    8917             :  *
    8918             :  * The tablespace map contents are appended to passed-in parameter
    8919             :  * tablespace_map and the caller is responsible for including it in the backup
    8920             :  * archive as 'tablespace_map'. The tablespace_map file is required mainly for
    8921             :  * tar format in windows as native windows utilities are not able to create
    8922             :  * symlinks while extracting files from tar. However for consistency and
    8923             :  * platform-independence, we do it the same way everywhere.
    8924             :  *
    8925             :  * It fills in "state" with the information required for the backup, such
    8926             :  * as the minimum WAL location that must be present to restore from this
    8927             :  * backup (starttli) and the corresponding timeline ID (starttli).
    8928             :  *
    8929             :  * Every successfully started backup must be stopped by calling
    8930             :  * do_pg_backup_stop() or do_pg_abort_backup(). There can be many
    8931             :  * backups active at the same time.
    8932             :  *
    8933             :  * It is the responsibility of the caller of this function to verify the
    8934             :  * permissions of the calling user!
    8935             :  */
    8936             : void
    8937         326 : do_pg_backup_start(const char *backupidstr, bool fast, List **tablespaces,
    8938             :                    BackupState *state, StringInfo tblspcmapfile)
    8939             : {
    8940             :     bool        backup_started_in_recovery;
    8941             : 
    8942             :     Assert(state != NULL);
    8943         326 :     backup_started_in_recovery = RecoveryInProgress();
    8944             : 
    8945             :     /*
    8946             :      * During recovery, we don't need to check WAL level. Because, if WAL
    8947             :      * level is not sufficient, it's impossible to get here during recovery.
    8948             :      */
    8949         326 :     if (!backup_started_in_recovery && !XLogIsNeeded())
    8950           0 :         ereport(ERROR,
    8951             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    8952             :                  errmsg("WAL level not sufficient for making an online backup"),
    8953             :                  errhint("\"wal_level\" must be set to \"replica\" or \"logical\" at server start.")));
    8954             : 
    8955         326 :     if (strlen(backupidstr) > MAXPGPATH)
    8956           2 :         ereport(ERROR,
    8957             :                 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    8958             :                  errmsg("backup label too long (max %d bytes)",
    8959             :                         MAXPGPATH)));
    8960             : 
    8961         324 :     strlcpy(state->name, backupidstr, sizeof(state->name));
    8962             : 
    8963             :     /*
    8964             :      * Mark backup active in shared memory.  We must do full-page WAL writes
    8965             :      * during an on-line backup even if not doing so at other times, because
    8966             :      * it's quite possible for the backup dump to obtain a "torn" (partially
    8967             :      * written) copy of a database page if it reads the page concurrently with
    8968             :      * our write to the same page.  This can be fixed as long as the first
    8969             :      * write to the page in the WAL sequence is a full-page write. Hence, we
    8970             :      * increment runningBackups then force a CHECKPOINT, to ensure there are
    8971             :      * no dirty pages in shared memory that might get dumped while the backup
    8972             :      * is in progress without having a corresponding WAL record.  (Once the
    8973             :      * backup is complete, we need not force full-page writes anymore, since
    8974             :      * we expect that any pages not modified during the backup interval must
    8975             :      * have been correctly captured by the backup.)
    8976             :      *
    8977             :      * Note that forcing full-page writes has no effect during an online
    8978             :      * backup from the standby.
    8979             :      *
    8980             :      * We must hold all the insertion locks to change the value of
    8981             :      * runningBackups, to ensure adequate interlocking against
    8982             :      * XLogInsertRecord().
    8983             :      */
    8984         324 :     WALInsertLockAcquireExclusive();
    8985         324 :     XLogCtl->Insert.runningBackups++;
    8986         324 :     WALInsertLockRelease();
    8987             : 
    8988             :     /*
    8989             :      * Ensure we decrement runningBackups if we fail below. NB -- for this to
    8990             :      * work correctly, it is critical that sessionBackupState is only updated
    8991             :      * after this block is over.
    8992             :      */
    8993         324 :     PG_ENSURE_ERROR_CLEANUP(do_pg_abort_backup, DatumGetBool(true));
    8994             :     {
    8995         324 :         bool        gotUniqueStartpoint = false;
    8996             :         DIR        *tblspcdir;
    8997             :         struct dirent *de;
    8998             :         tablespaceinfo *ti;
    8999             :         int         datadirpathlen;
    9000             : 
    9001             :         /*
    9002             :          * Force an XLOG file switch before the checkpoint, to ensure that the
    9003             :          * WAL segment the checkpoint is written to doesn't contain pages with
    9004             :          * old timeline IDs.  That would otherwise happen if you called
    9005             :          * pg_backup_start() right after restoring from a PITR archive: the
    9006             :          * first WAL segment containing the startup checkpoint has pages in
    9007             :          * the beginning with the old timeline ID.  That can cause trouble at
    9008             :          * recovery: we won't have a history file covering the old timeline if
    9009             :          * pg_wal directory was not included in the base backup and the WAL
    9010             :          * archive was cleared too before starting the backup.
    9011             :          *
    9012             :          * This also ensures that we have emitted a WAL page header that has
    9013             :          * XLP_BKP_REMOVABLE off before we emit the checkpoint record.
    9014             :          * Therefore, if a WAL archiver (such as pglesslog) is trying to
    9015             :          * compress out removable backup blocks, it won't remove any that
    9016             :          * occur after this point.
    9017             :          *
    9018             :          * During recovery, we skip forcing XLOG file switch, which means that
    9019             :          * the backup taken during recovery is not available for the special
    9020             :          * recovery case described above.
    9021             :          */
    9022         324 :         if (!backup_started_in_recovery)
    9023         310 :             RequestXLogSwitch(false);
    9024             : 
    9025             :         do
    9026             :         {
    9027             :             bool        checkpointfpw;
    9028             : 
    9029             :             /*
    9030             :              * Force a CHECKPOINT.  Aside from being necessary to prevent torn
    9031             :              * page problems, this guarantees that two successive backup runs
    9032             :              * will have different checkpoint positions and hence different
    9033             :              * history file names, even if nothing happened in between.
    9034             :              *
    9035             :              * During recovery, establish a restartpoint if possible. We use
    9036             :              * the last restartpoint as the backup starting checkpoint. This
    9037             :              * means that two successive backup runs can have same checkpoint
    9038             :              * positions.
    9039             :              *
    9040             :              * Since the fact that we are executing do_pg_backup_start()
    9041             :              * during recovery means that checkpointer is running, we can use
    9042             :              * RequestCheckpoint() to establish a restartpoint.
    9043             :              *
    9044             :              * We use CHECKPOINT_FAST only if requested by user (via passing
    9045             :              * fast = true).  Otherwise this can take awhile.
    9046             :              */
    9047         324 :             RequestCheckpoint(CHECKPOINT_FORCE | CHECKPOINT_WAIT |
    9048             :                               (fast ? CHECKPOINT_FAST : 0));
    9049             : 
    9050             :             /*
    9051             :              * Now we need to fetch the checkpoint record location, and also
    9052             :              * its REDO pointer.  The oldest point in WAL that would be needed
    9053             :              * to restore starting from the checkpoint is precisely the REDO
    9054             :              * pointer.
    9055             :              */
    9056         324 :             LWLockAcquire(ControlFileLock, LW_SHARED);
    9057         324 :             state->checkpointloc = ControlFile->checkPoint;
    9058         324 :             state->startpoint = ControlFile->checkPointCopy.redo;
    9059         324 :             state->starttli = ControlFile->checkPointCopy.ThisTimeLineID;
    9060         324 :             checkpointfpw = ControlFile->checkPointCopy.fullPageWrites;
    9061         324 :             LWLockRelease(ControlFileLock);
    9062             : 
    9063         324 :             if (backup_started_in_recovery)
    9064             :             {
    9065             :                 XLogRecPtr  recptr;
    9066             : 
    9067             :                 /*
    9068             :                  * Check to see if all WAL replayed during online backup
    9069             :                  * (i.e., since last restartpoint used as backup starting
    9070             :                  * checkpoint) contain full-page writes.
    9071             :                  */
    9072          14 :                 SpinLockAcquire(&XLogCtl->info_lck);
    9073          14 :                 recptr = XLogCtl->lastFpwDisableRecPtr;
    9074          14 :                 SpinLockRelease(&XLogCtl->info_lck);
    9075             : 
    9076          14 :                 if (!checkpointfpw || state->startpoint <= recptr)
    9077           0 :                     ereport(ERROR,
    9078             :                             (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    9079             :                              errmsg("WAL generated with \"full_page_writes=off\" was replayed "
    9080             :                                     "since last restartpoint"),
    9081             :                              errhint("This means that the backup being taken on the standby "
    9082             :                                      "is corrupt and should not be used. "
    9083             :                                      "Enable \"full_page_writes\" and run CHECKPOINT on the primary, "
    9084             :                                      "and then try an online backup again.")));
    9085             : 
    9086             :                 /*
    9087             :                  * During recovery, since we don't use the end-of-backup WAL
    9088             :                  * record and don't write the backup history file, the
    9089             :                  * starting WAL location doesn't need to be unique. This means
    9090             :                  * that two base backups started at the same time might use
    9091             :                  * the same checkpoint as starting locations.
    9092             :                  */
    9093          14 :                 gotUniqueStartpoint = true;
    9094             :             }
    9095             : 
    9096             :             /*
    9097             :              * If two base backups are started at the same time (in WAL sender
    9098             :              * processes), we need to make sure that they use different
    9099             :              * checkpoints as starting locations, because we use the starting
    9100             :              * WAL location as a unique identifier for the base backup in the
    9101             :              * end-of-backup WAL record and when we write the backup history
    9102             :              * file. Perhaps it would be better generate a separate unique ID
    9103             :              * for each backup instead of forcing another checkpoint, but
    9104             :              * taking a checkpoint right after another is not that expensive
    9105             :              * either because only few buffers have been dirtied yet.
    9106             :              */
    9107         324 :             WALInsertLockAcquireExclusive();
    9108         324 :             if (XLogCtl->Insert.lastBackupStart < state->startpoint)
    9109             :             {
    9110         324 :                 XLogCtl->Insert.lastBackupStart = state->startpoint;
    9111         324 :                 gotUniqueStartpoint = true;
    9112             :             }
    9113         324 :             WALInsertLockRelease();
    9114         324 :         } while (!gotUniqueStartpoint);
    9115             : 
    9116             :         /*
    9117             :          * Construct tablespace_map file.
    9118             :          */
    9119         324 :         datadirpathlen = strlen(DataDir);
    9120             : 
    9121             :         /* Collect information about all tablespaces */
    9122         324 :         tblspcdir = AllocateDir(PG_TBLSPC_DIR);
    9123        1046 :         while ((de = ReadDir(tblspcdir, PG_TBLSPC_DIR)) != NULL)
    9124             :         {
    9125             :             char        fullpath[MAXPGPATH + sizeof(PG_TBLSPC_DIR)];
    9126             :             char        linkpath[MAXPGPATH];
    9127         722 :             char       *relpath = NULL;
    9128             :             char       *s;
    9129             :             PGFileType  de_type;
    9130             :             char       *badp;
    9131             :             Oid         tsoid;
    9132             : 
    9133             :             /*
    9134             :              * Try to parse the directory name as an unsigned integer.
    9135             :              *
    9136             :              * Tablespace directories should be positive integers that can be
    9137             :              * represented in 32 bits, with no leading zeroes or trailing
    9138             :              * garbage. If we come across a name that doesn't meet those
    9139             :              * criteria, skip it.
    9140             :              */
    9141         722 :             if (de->d_name[0] < '1' || de->d_name[1] > '9')
    9142         648 :                 continue;
    9143          74 :             errno = 0;
    9144          74 :             tsoid = strtoul(de->d_name, &badp, 10);
    9145          74 :             if (*badp != '\0' || errno == EINVAL || errno == ERANGE)
    9146           0 :                 continue;
    9147             : 
    9148          74 :             snprintf(fullpath, sizeof(fullpath), "%s/%s", PG_TBLSPC_DIR, de->d_name);
    9149             : 
    9150          74 :             de_type = get_dirent_type(fullpath, de, false, ERROR);
    9151             : 
    9152          74 :             if (de_type == PGFILETYPE_LNK)
    9153             :             {
    9154             :                 StringInfoData escapedpath;
    9155             :                 int         rllen;
    9156             : 
    9157          46 :                 rllen = readlink(fullpath, linkpath, sizeof(linkpath));
    9158          46 :                 if (rllen < 0)
    9159             :                 {
    9160           0 :                     ereport(WARNING,
    9161             :                             (errmsg("could not read symbolic link \"%s\": %m",
    9162             :                                     fullpath)));
    9163           0 :                     continue;
    9164             :                 }
    9165          46 :                 else if (rllen >= sizeof(linkpath))
    9166             :                 {
    9167           0 :                     ereport(WARNING,
    9168             :                             (errmsg("symbolic link \"%s\" target is too long",
    9169             :                                     fullpath)));
    9170           0 :                     continue;
    9171             :                 }
    9172          46 :                 linkpath[rllen] = '\0';
    9173             : 
    9174             :                 /*
    9175             :                  * Relpath holds the relative path of the tablespace directory
    9176             :                  * when it's located within PGDATA, or NULL if it's located
    9177             :                  * elsewhere.
    9178             :                  */
    9179          46 :                 if (rllen > datadirpathlen &&
    9180           2 :                     strncmp(linkpath, DataDir, datadirpathlen) == 0 &&
    9181           0 :                     IS_DIR_SEP(linkpath[datadirpathlen]))
    9182           0 :                     relpath = pstrdup(linkpath + datadirpathlen + 1);
    9183             : 
    9184             :                 /*
    9185             :                  * Add a backslash-escaped version of the link path to the
    9186             :                  * tablespace map file.
    9187             :                  */
    9188          46 :                 initStringInfo(&escapedpath);
    9189        1124 :                 for (s = linkpath; *s; s++)
    9190             :                 {
    9191        1078 :                     if (*s == '\n' || *s == '\r' || *s == '\\')
    9192           0 :                         appendStringInfoChar(&escapedpath, '\\');
    9193        1078 :                     appendStringInfoChar(&escapedpath, *s);
    9194             :                 }
    9195          46 :                 appendStringInfo(tblspcmapfile, "%s %s\n",
    9196          46 :                                  de->d_name, escapedpath.data);
    9197          46 :                 pfree(escapedpath.data);
    9198             :             }
    9199          28 :             else if (de_type == PGFILETYPE_DIR)
    9200             :             {
    9201             :                 /*
    9202             :                  * It's possible to use allow_in_place_tablespaces to create
    9203             :                  * directories directly under pg_tblspc, for testing purposes
    9204             :                  * only.
    9205             :                  *
    9206             :                  * In this case, we store a relative path rather than an
    9207             :                  * absolute path into the tablespaceinfo.
    9208             :                  */
    9209          28 :                 snprintf(linkpath, sizeof(linkpath), "%s/%s",
    9210          28 :                          PG_TBLSPC_DIR, de->d_name);
    9211          28 :                 relpath = pstrdup(linkpath);
    9212             :             }
    9213             :             else
    9214             :             {
    9215             :                 /* Skip any other file type that appears here. */
    9216           0 :                 continue;
    9217             :             }
    9218             : 
    9219          74 :             ti = palloc(sizeof(tablespaceinfo));
    9220          74 :             ti->oid = tsoid;
    9221          74 :             ti->path = pstrdup(linkpath);
    9222          74 :             ti->rpath = relpath;
    9223          74 :             ti->size = -1;
    9224             : 
    9225          74 :             if (tablespaces)
    9226          74 :                 *tablespaces = lappend(*tablespaces, ti);
    9227             :         }
    9228         324 :         FreeDir(tblspcdir);
    9229             : 
    9230         324 :         state->starttime = (pg_time_t) time(NULL);
    9231             :     }
    9232         324 :     PG_END_ENSURE_ERROR_CLEANUP(do_pg_abort_backup, DatumGetBool(true));
    9233             : 
    9234         324 :     state->started_in_recovery = backup_started_in_recovery;
    9235             : 
    9236             :     /*
    9237             :      * Mark that the start phase has correctly finished for the backup.
    9238             :      */
    9239         324 :     sessionBackupState = SESSION_BACKUP_RUNNING;
    9240         324 : }
    9241             : 
    9242             : /*
    9243             :  * Utility routine to fetch the session-level status of a backup running.
    9244             :  */
    9245             : SessionBackupState
    9246         366 : get_backup_status(void)
    9247             : {
    9248         366 :     return sessionBackupState;
    9249             : }
    9250             : 
    9251             : /*
    9252             :  * do_pg_backup_stop
    9253             :  *
    9254             :  * Utility function called at the end of an online backup.  It creates history
    9255             :  * file (if required), resets sessionBackupState and so on.  It can optionally
    9256             :  * wait for WAL segments to be archived.
    9257             :  *
    9258             :  * "state" is filled with the information necessary to restore from this
    9259             :  * backup with its stop LSN (stoppoint), its timeline ID (stoptli), etc.
    9260             :  *
    9261             :  * It is the responsibility of the caller of this function to verify the
    9262             :  * permissions of the calling user!
    9263             :  */
    9264             : void
    9265         312 : do_pg_backup_stop(BackupState *state, bool waitforarchive)
    9266             : {
    9267         312 :     bool        backup_stopped_in_recovery = false;
    9268             :     char        histfilepath[MAXPGPATH];
    9269             :     char        lastxlogfilename[MAXFNAMELEN];
    9270             :     char        histfilename[MAXFNAMELEN];
    9271             :     XLogSegNo   _logSegNo;
    9272             :     FILE       *fp;
    9273             :     int         seconds_before_warning;
    9274         312 :     int         waits = 0;
    9275         312 :     bool        reported_waiting = false;
    9276             : 
    9277             :     Assert(state != NULL);
    9278             : 
    9279         312 :     backup_stopped_in_recovery = RecoveryInProgress();
    9280             : 
    9281             :     /*
    9282             :      * During recovery, we don't need to check WAL level. Because, if WAL
    9283             :      * level is not sufficient, it's impossible to get here during recovery.
    9284             :      */
    9285         312 :     if (!backup_stopped_in_recovery && !XLogIsNeeded())
    9286           0 :         ereport(ERROR,
    9287             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    9288             :                  errmsg("WAL level not sufficient for making an online backup"),
    9289             :                  errhint("\"wal_level\" must be set to \"replica\" or \"logical\" at server start.")));
    9290             : 
    9291             :     /*
    9292             :      * OK to update backup counter and session-level lock.
    9293             :      *
    9294             :      * Note that CHECK_FOR_INTERRUPTS() must not occur while updating them,
    9295             :      * otherwise they can be updated inconsistently, which might cause
    9296             :      * do_pg_abort_backup() to fail.
    9297             :      */
    9298         312 :     WALInsertLockAcquireExclusive();
    9299             : 
    9300             :     /*
    9301             :      * It is expected that each do_pg_backup_start() call is matched by
    9302             :      * exactly one do_pg_backup_stop() call.
    9303             :      */
    9304             :     Assert(XLogCtl->Insert.runningBackups > 0);
    9305         312 :     XLogCtl->Insert.runningBackups--;
    9306             : 
    9307             :     /*
    9308             :      * Clean up session-level lock.
    9309             :      *
    9310             :      * You might think that WALInsertLockRelease() can be called before
    9311             :      * cleaning up session-level lock because session-level lock doesn't need
    9312             :      * to be protected with WAL insertion lock. But since
    9313             :      * CHECK_FOR_INTERRUPTS() can occur in it, session-level lock must be
    9314             :      * cleaned up before it.
    9315             :      */
    9316         312 :     sessionBackupState = SESSION_BACKUP_NONE;
    9317             : 
    9318         312 :     WALInsertLockRelease();
    9319             : 
    9320             :     /*
    9321             :      * If we are taking an online backup from the standby, we confirm that the
    9322             :      * standby has not been promoted during the backup.
    9323             :      */
    9324         312 :     if (state->started_in_recovery && !backup_stopped_in_recovery)
    9325           0 :         ereport(ERROR,
    9326             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    9327             :                  errmsg("the standby was promoted during online backup"),
    9328             :                  errhint("This means that the backup being taken is corrupt "
    9329             :                          "and should not be used. "
    9330             :                          "Try taking another online backup.")));
    9331             : 
    9332             :     /*
    9333             :      * During recovery, we don't write an end-of-backup record. We assume that
    9334             :      * pg_control was backed up last and its minimum recovery point can be
    9335             :      * available as the backup end location. Since we don't have an
    9336             :      * end-of-backup record, we use the pg_control value to check whether
    9337             :      * we've reached the end of backup when starting recovery from this
    9338             :      * backup. We have no way of checking if pg_control wasn't backed up last
    9339             :      * however.
    9340             :      *
    9341             :      * We don't force a switch to new WAL file but it is still possible to
    9342             :      * wait for all the required files to be archived if waitforarchive is
    9343             :      * true. This is okay if we use the backup to start a standby and fetch
    9344             :      * the missing WAL using streaming replication. But in the case of an
    9345             :      * archive recovery, a user should set waitforarchive to true and wait for
    9346             :      * them to be archived to ensure that all the required files are
    9347             :      * available.
    9348             :      *
    9349             :      * We return the current minimum recovery point as the backup end
    9350             :      * location. Note that it can be greater than the exact backup end
    9351             :      * location if the minimum recovery point is updated after the backup of
    9352             :      * pg_control. This is harmless for current uses.
    9353             :      *
    9354             :      * XXX currently a backup history file is for informational and debug
    9355             :      * purposes only. It's not essential for an online backup. Furthermore,
    9356             :      * even if it's created, it will not be archived during recovery because
    9357             :      * an archiver is not invoked. So it doesn't seem worthwhile to write a
    9358             :      * backup history file during recovery.
    9359             :      */
    9360         312 :     if (backup_stopped_in_recovery)
    9361             :     {
    9362             :         XLogRecPtr  recptr;
    9363             : 
    9364             :         /*
    9365             :          * Check to see if all WAL replayed during online backup contain
    9366             :          * full-page writes.
    9367             :          */
    9368          14 :         SpinLockAcquire(&XLogCtl->info_lck);
    9369          14 :         recptr = XLogCtl->lastFpwDisableRecPtr;
    9370          14 :         SpinLockRelease(&XLogCtl->info_lck);
    9371             : 
    9372          14 :         if (state->startpoint <= recptr)
    9373           0 :             ereport(ERROR,
    9374             :                     (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    9375             :                      errmsg("WAL generated with \"full_page_writes=off\" was replayed "
    9376             :                             "during online backup"),
    9377             :                      errhint("This means that the backup being taken on the standby "
    9378             :                              "is corrupt and should not be used. "
    9379             :                              "Enable \"full_page_writes\" and run CHECKPOINT on the primary, "
    9380             :                              "and then try an online backup again.")));
    9381             : 
    9382             : 
    9383          14 :         LWLockAcquire(ControlFileLock, LW_SHARED);
    9384          14 :         state->stoppoint = ControlFile->minRecoveryPoint;
    9385          14 :         state->stoptli = ControlFile->minRecoveryPointTLI;
    9386          14 :         LWLockRelease(ControlFileLock);
    9387             :     }
    9388             :     else
    9389             :     {
    9390             :         char       *history_file;
    9391             : 
    9392             :         /*
    9393             :          * Write the backup-end xlog record
    9394             :          */
    9395         298 :         XLogBeginInsert();
    9396         298 :         XLogRegisterData(&state->startpoint,
    9397             :                          sizeof(state->startpoint));
    9398         298 :         state->stoppoint = XLogInsert(RM_XLOG_ID, XLOG_BACKUP_END);
    9399             : 
    9400             :         /*
    9401             :          * Given that we're not in recovery, InsertTimeLineID is set and can't
    9402             :          * change, so we can read it without a lock.
    9403             :          */
    9404         298 :         state->stoptli = XLogCtl->InsertTimeLineID;
    9405             : 
    9406             :         /*
    9407             :          * Force a switch to a new xlog segment file, so that the backup is
    9408             :          * valid as soon as archiver moves out the current segment file.
    9409             :          */
    9410         298 :         RequestXLogSwitch(false);
    9411             : 
    9412         298 :         state->stoptime = (pg_time_t) time(NULL);
    9413             : 
    9414             :         /*
    9415             :          * Write the backup history file
    9416             :          */
    9417         298 :         XLByteToSeg(state->startpoint, _logSegNo, wal_segment_size);
    9418         298 :         BackupHistoryFilePath(histfilepath, state->stoptli, _logSegNo,
    9419             :                               state->startpoint, wal_segment_size);
    9420         298 :         fp = AllocateFile(histfilepath, "w");
    9421         298 :         if (!fp)
    9422           0 :             ereport(ERROR,
    9423             :                     (errcode_for_file_access(),
    9424             :                      errmsg("could not create file \"%s\": %m",
    9425             :                             histfilepath)));
    9426             : 
    9427             :         /* Build and save the contents of the backup history file */
    9428         298 :         history_file = build_backup_content(state, true);
    9429         298 :         fprintf(fp, "%s", history_file);
    9430         298 :         pfree(history_file);
    9431             : 
    9432         298 :         if (fflush(fp) || ferror(fp) || FreeFile(fp))
    9433           0 :             ereport(ERROR,
    9434             :                     (errcode_for_file_access(),
    9435             :                      errmsg("could not write file \"%s\": %m",
    9436             :                             histfilepath)));
    9437             : 
    9438             :         /*
    9439             :          * Clean out any no-longer-needed history files.  As a side effect,
    9440             :          * this will post a .ready file for the newly created history file,
    9441             :          * notifying the archiver that history file may be archived
    9442             :          * immediately.
    9443             :          */
    9444         298 :         CleanupBackupHistory();
    9445             :     }
    9446             : 
    9447             :     /*
    9448             :      * If archiving is enabled, wait for all the required WAL files to be
    9449             :      * archived before returning. If archiving isn't enabled, the required WAL
    9450             :      * needs to be transported via streaming replication (hopefully with
    9451             :      * wal_keep_size set high enough), or some more exotic mechanism like
    9452             :      * polling and copying files from pg_wal with script. We have no knowledge
    9453             :      * of those mechanisms, so it's up to the user to ensure that he gets all
    9454             :      * the required WAL.
    9455             :      *
    9456             :      * We wait until both the last WAL file filled during backup and the
    9457             :      * history file have been archived, and assume that the alphabetic sorting
    9458             :      * property of the WAL files ensures any earlier WAL files are safely
    9459             :      * archived as well.
    9460             :      *
    9461             :      * We wait forever, since archive_command is supposed to work and we
    9462             :      * assume the admin wanted his backup to work completely. If you don't
    9463             :      * wish to wait, then either waitforarchive should be passed in as false,
    9464             :      * or you can set statement_timeout.  Also, some notices are issued to
    9465             :      * clue in anyone who might be doing this interactively.
    9466             :      */
    9467             : 
    9468         312 :     if (waitforarchive &&
    9469          20 :         ((!backup_stopped_in_recovery && XLogArchivingActive()) ||
    9470           2 :          (backup_stopped_in_recovery && XLogArchivingAlways())))
    9471             :     {
    9472           8 :         XLByteToPrevSeg(state->stoppoint, _logSegNo, wal_segment_size);
    9473           8 :         XLogFileName(lastxlogfilename, state->stoptli, _logSegNo,
    9474             :                      wal_segment_size);
    9475             : 
    9476           8 :         XLByteToSeg(state->startpoint, _logSegNo, wal_segment_size);
    9477           8 :         BackupHistoryFileName(histfilename, state->stoptli, _logSegNo,
    9478             :                               state->startpoint, wal_segment_size);
    9479             : 
    9480           8 :         seconds_before_warning = 60;
    9481           8 :         waits = 0;
    9482             : 
    9483          28 :         while (XLogArchiveIsBusy(lastxlogfilename) ||
    9484           8 :                XLogArchiveIsBusy(histfilename))
    9485             :         {
    9486          12 :             CHECK_FOR_INTERRUPTS();
    9487             : 
    9488          12 :             if (!reported_waiting && waits > 5)
    9489             :             {
    9490           0 :                 ereport(NOTICE,
    9491             :                         (errmsg("base backup done, waiting for required WAL segments to be archived")));
    9492           0 :                 reported_waiting = true;
    9493             :             }
    9494             : 
    9495          12 :             (void) WaitLatch(MyLatch,
    9496             :                              WL_LATCH_SET | WL_TIMEOUT | WL_EXIT_ON_PM_DEATH,
    9497             :                              1000L,
    9498             :                              WAIT_EVENT_BACKUP_WAIT_WAL_ARCHIVE);
    9499          12 :             ResetLatch(MyLatch);
    9500             : 
    9501          12 :             if (++waits >= seconds_before_warning)
    9502             :             {
    9503           0 :                 seconds_before_warning *= 2;    /* This wraps in >10 years... */
    9504           0 :                 ereport(WARNING,
    9505             :                         (errmsg("still waiting for all required WAL segments to be archived (%d seconds elapsed)",
    9506             :                                 waits),
    9507             :                          errhint("Check that your \"archive_command\" is executing properly.  "
    9508             :                                  "You can safely cancel this backup, "
    9509             :                                  "but the database backup will not be usable without all the WAL segments.")));
    9510             :             }
    9511             :         }
    9512             : 
    9513           8 :         ereport(NOTICE,
    9514             :                 (errmsg("all required WAL segments have been archived")));
    9515             :     }
    9516         304 :     else if (waitforarchive)
    9517          12 :         ereport(NOTICE,
    9518             :                 (errmsg("WAL archiving is not enabled; you must ensure that all required WAL segments are copied through other means to complete the backup")));
    9519         312 : }
    9520             : 
    9521             : 
    9522             : /*
    9523             :  * do_pg_abort_backup: abort a running backup
    9524             :  *
    9525             :  * This does just the most basic steps of do_pg_backup_stop(), by taking the
    9526             :  * system out of backup mode, thus making it a lot more safe to call from
    9527             :  * an error handler.
    9528             :  *
    9529             :  * 'arg' indicates that it's being called during backup setup; so
    9530             :  * sessionBackupState has not been modified yet, but runningBackups has
    9531             :  * already been incremented.  When it's false, then it's invoked as a
    9532             :  * before_shmem_exit handler, and therefore we must not change state
    9533             :  * unless sessionBackupState indicates that a backup is actually running.
    9534             :  *
    9535             :  * NB: This gets used as a PG_ENSURE_ERROR_CLEANUP callback and
    9536             :  * before_shmem_exit handler, hence the odd-looking signature.
    9537             :  */
    9538             : void
    9539          16 : do_pg_abort_backup(int code, Datum arg)
    9540             : {
    9541          16 :     bool        during_backup_start = DatumGetBool(arg);
    9542             : 
    9543             :     /* If called during backup start, there shouldn't be one already running */
    9544             :     Assert(!during_backup_start || sessionBackupState == SESSION_BACKUP_NONE);
    9545             : 
    9546          16 :     if (during_backup_start || sessionBackupState != SESSION_BACKUP_NONE)
    9547             :     {
    9548          12 :         WALInsertLockAcquireExclusive();
    9549             :         Assert(XLogCtl->Insert.runningBackups > 0);
    9550          12 :         XLogCtl->Insert.runningBackups--;
    9551             : 
    9552          12 :         sessionBackupState = SESSION_BACKUP_NONE;
    9553          12 :         WALInsertLockRelease();
    9554             : 
    9555          12 :         if (!during_backup_start)
    9556          12 :             ereport(WARNING,
    9557             :                     errmsg("aborting backup due to backend exiting before pg_backup_stop was called"));
    9558             :     }
    9559          16 : }
    9560             : 
    9561             : /*
    9562             :  * Register a handler that will warn about unterminated backups at end of
    9563             :  * session, unless this has already been done.
    9564             :  */
    9565             : void
    9566           8 : register_persistent_abort_backup_handler(void)
    9567             : {
    9568             :     static bool already_done = false;
    9569             : 
    9570           8 :     if (already_done)
    9571           2 :         return;
    9572           6 :     before_shmem_exit(do_pg_abort_backup, DatumGetBool(false));
    9573           6 :     already_done = true;
    9574             : }
    9575             : 
    9576             : /*
    9577             :  * Get latest WAL insert pointer
    9578             :  */
    9579             : XLogRecPtr
    9580        3964 : GetXLogInsertRecPtr(void)
    9581             : {
    9582        3964 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    9583             :     uint64      current_bytepos;
    9584             : 
    9585        3964 :     SpinLockAcquire(&Insert->insertpos_lck);
    9586        3964 :     current_bytepos = Insert->CurrBytePos;
    9587        3964 :     SpinLockRelease(&Insert->insertpos_lck);
    9588             : 
    9589        3964 :     return XLogBytePosToRecPtr(current_bytepos);
    9590             : }
    9591             : 
    9592             : /*
    9593             :  * Get latest WAL write pointer
    9594             :  */
    9595             : XLogRecPtr
    9596        2992 : GetXLogWriteRecPtr(void)
    9597             : {
    9598        2992 :     RefreshXLogWriteResult(LogwrtResult);
    9599             : 
    9600        2992 :     return LogwrtResult.Write;
    9601             : }
    9602             : 
    9603             : /*
    9604             :  * Returns the redo pointer of the last checkpoint or restartpoint. This is
    9605             :  * the oldest point in WAL that we still need, if we have to restart recovery.
    9606             :  */
    9607             : void
    9608         780 : GetOldestRestartPoint(XLogRecPtr *oldrecptr, TimeLineID *oldtli)
    9609             : {
    9610         780 :     LWLockAcquire(ControlFileLock, LW_SHARED);
    9611         780 :     *oldrecptr = ControlFile->checkPointCopy.redo;
    9612         780 :     *oldtli = ControlFile->checkPointCopy.ThisTimeLineID;
    9613         780 :     LWLockRelease(ControlFileLock);
    9614         780 : }
    9615             : 
    9616             : /* Thin wrapper around ShutdownWalRcv(). */
    9617             : void
    9618        2118 : XLogShutdownWalRcv(void)
    9619             : {
    9620        2118 :     ShutdownWalRcv();
    9621             : 
    9622        2118 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    9623        2118 :     XLogCtl->InstallXLogFileSegmentActive = false;
    9624        2118 :     LWLockRelease(ControlFileLock);
    9625        2118 : }
    9626             : 
    9627             : /* Enable WAL file recycling and preallocation. */
    9628             : void
    9629        2224 : SetInstallXLogFileSegmentActive(void)
    9630             : {
    9631        2224 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    9632        2224 :     XLogCtl->InstallXLogFileSegmentActive = true;
    9633        2224 :     LWLockRelease(ControlFileLock);
    9634        2224 : }
    9635             : 
    9636             : bool
    9637           0 : IsInstallXLogFileSegmentActive(void)
    9638             : {
    9639             :     bool        result;
    9640             : 
    9641           0 :     LWLockAcquire(ControlFileLock, LW_SHARED);
    9642           0 :     result = XLogCtl->InstallXLogFileSegmentActive;
    9643           0 :     LWLockRelease(ControlFileLock);
    9644             : 
    9645           0 :     return result;
    9646             : }
    9647             : 
    9648             : /*
    9649             :  * Update the WalWriterSleeping flag.
    9650             :  */
    9651             : void
    9652         968 : SetWalWriterSleeping(bool sleeping)
    9653             : {
    9654         968 :     SpinLockAcquire(&XLogCtl->info_lck);
    9655         968 :     XLogCtl->WalWriterSleeping = sleeping;
    9656         968 :     SpinLockRelease(&XLogCtl->info_lck);
    9657         968 : }

Generated by: LCOV version 1.16