LCOV - code coverage report
Current view: top level - src/backend/access/transam - xlog.c (source / functions) Hit Total Coverage
Test: PostgreSQL 13devel Lines: 2655 3286 80.8 %
Date: 2019-11-15 22:06:47 Functions: 124 138 89.9 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /*-------------------------------------------------------------------------
       2             :  *
       3             :  * xlog.c
       4             :  *      PostgreSQL write-ahead log manager
       5             :  *
       6             :  *
       7             :  * Portions Copyright (c) 1996-2019, PostgreSQL Global Development Group
       8             :  * Portions Copyright (c) 1994, Regents of the University of California
       9             :  *
      10             :  * src/backend/access/transam/xlog.c
      11             :  *
      12             :  *-------------------------------------------------------------------------
      13             :  */
      14             : 
      15             : #include "postgres.h"
      16             : 
      17             : #include <ctype.h>
      18             : #include <math.h>
      19             : #include <time.h>
      20             : #include <fcntl.h>
      21             : #include <sys/stat.h>
      22             : #include <sys/time.h>
      23             : #include <unistd.h>
      24             : 
      25             : #include "access/clog.h"
      26             : #include "access/commit_ts.h"
      27             : #include "access/heaptoast.h"
      28             : #include "access/multixact.h"
      29             : #include "access/rewriteheap.h"
      30             : #include "access/subtrans.h"
      31             : #include "access/timeline.h"
      32             : #include "access/transam.h"
      33             : #include "access/twophase.h"
      34             : #include "access/xact.h"
      35             : #include "access/xlog_internal.h"
      36             : #include "access/xloginsert.h"
      37             : #include "access/xlogreader.h"
      38             : #include "access/xlogutils.h"
      39             : #include "catalog/catversion.h"
      40             : #include "catalog/pg_control.h"
      41             : #include "catalog/pg_database.h"
      42             : #include "commands/tablespace.h"
      43             : #include "common/controldata_utils.h"
      44             : #include "miscadmin.h"
      45             : #include "pg_trace.h"
      46             : #include "pgstat.h"
      47             : #include "port/atomics.h"
      48             : #include "postmaster/bgwriter.h"
      49             : #include "postmaster/startup.h"
      50             : #include "postmaster/walwriter.h"
      51             : #include "replication/basebackup.h"
      52             : #include "replication/logical.h"
      53             : #include "replication/origin.h"
      54             : #include "replication/slot.h"
      55             : #include "replication/snapbuild.h"
      56             : #include "replication/walreceiver.h"
      57             : #include "replication/walsender.h"
      58             : #include "storage/bufmgr.h"
      59             : #include "storage/fd.h"
      60             : #include "storage/ipc.h"
      61             : #include "storage/large_object.h"
      62             : #include "storage/latch.h"
      63             : #include "storage/pmsignal.h"
      64             : #include "storage/predicate.h"
      65             : #include "storage/proc.h"
      66             : #include "storage/procarray.h"
      67             : #include "storage/reinit.h"
      68             : #include "storage/smgr.h"
      69             : #include "storage/spin.h"
      70             : #include "storage/sync.h"
      71             : #include "utils/builtins.h"
      72             : #include "utils/guc.h"
      73             : #include "utils/memutils.h"
      74             : #include "utils/ps_status.h"
      75             : #include "utils/relmapper.h"
      76             : #include "utils/snapmgr.h"
      77             : #include "utils/timestamp.h"
      78             : 
      79             : extern uint32 bootstrap_data_checksum_version;
      80             : 
      81             : /* Unsupported old recovery command file names (relative to $PGDATA) */
      82             : #define RECOVERY_COMMAND_FILE   "recovery.conf"
      83             : #define RECOVERY_COMMAND_DONE   "recovery.done"
      84             : 
      85             : /* User-settable parameters */
      86             : int         max_wal_size_mb = 1024; /* 1 GB */
      87             : int         min_wal_size_mb = 80;   /* 80 MB */
      88             : int         wal_keep_segments = 0;
      89             : int         XLOGbuffers = -1;
      90             : int         XLogArchiveTimeout = 0;
      91             : int         XLogArchiveMode = ARCHIVE_MODE_OFF;
      92             : char       *XLogArchiveCommand = NULL;
      93             : bool        EnableHotStandby = false;
      94             : bool        fullPageWrites = true;
      95             : bool        wal_log_hints = false;
      96             : bool        wal_compression = false;
      97             : char       *wal_consistency_checking_string = NULL;
      98             : bool       *wal_consistency_checking = NULL;
      99             : bool        wal_init_zero = true;
     100             : bool        wal_recycle = true;
     101             : bool        log_checkpoints = false;
     102             : int         sync_method = DEFAULT_SYNC_METHOD;
     103             : int         wal_level = WAL_LEVEL_MINIMAL;
     104             : int         CommitDelay = 0;    /* precommit delay in microseconds */
     105             : int         CommitSiblings = 5; /* # concurrent xacts needed to sleep */
     106             : int         wal_retrieve_retry_interval = 5000;
     107             : 
     108             : #ifdef WAL_DEBUG
     109             : bool        XLOG_DEBUG = false;
     110             : #endif
     111             : 
     112             : int         wal_segment_size = DEFAULT_XLOG_SEG_SIZE;
     113             : 
     114             : /*
     115             :  * Number of WAL insertion locks to use. A higher value allows more insertions
     116             :  * to happen concurrently, but adds some CPU overhead to flushing the WAL,
     117             :  * which needs to iterate all the locks.
     118             :  */
     119             : #define NUM_XLOGINSERT_LOCKS  8
     120             : 
     121             : /*
     122             :  * Max distance from last checkpoint, before triggering a new xlog-based
     123             :  * checkpoint.
     124             :  */
     125             : int         CheckPointSegments;
     126             : 
     127             : /* Estimated distance between checkpoints, in bytes */
     128             : static double CheckPointDistanceEstimate = 0;
     129             : static double PrevCheckPointDistance = 0;
     130             : 
     131             : /*
     132             :  * GUC support
     133             :  */
     134             : const struct config_enum_entry sync_method_options[] = {
     135             :     {"fsync", SYNC_METHOD_FSYNC, false},
     136             : #ifdef HAVE_FSYNC_WRITETHROUGH
     137             :     {"fsync_writethrough", SYNC_METHOD_FSYNC_WRITETHROUGH, false},
     138             : #endif
     139             : #ifdef HAVE_FDATASYNC
     140             :     {"fdatasync", SYNC_METHOD_FDATASYNC, false},
     141             : #endif
     142             : #ifdef OPEN_SYNC_FLAG
     143             :     {"open_sync", SYNC_METHOD_OPEN, false},
     144             : #endif
     145             : #ifdef OPEN_DATASYNC_FLAG
     146             :     {"open_datasync", SYNC_METHOD_OPEN_DSYNC, false},
     147             : #endif
     148             :     {NULL, 0, false}
     149             : };
     150             : 
     151             : 
     152             : /*
     153             :  * Although only "on", "off", and "always" are documented,
     154             :  * we accept all the likely variants of "on" and "off".
     155             :  */
     156             : const struct config_enum_entry archive_mode_options[] = {
     157             :     {"always", ARCHIVE_MODE_ALWAYS, false},
     158             :     {"on", ARCHIVE_MODE_ON, false},
     159             :     {"off", ARCHIVE_MODE_OFF, false},
     160             :     {"true", ARCHIVE_MODE_ON, true},
     161             :     {"false", ARCHIVE_MODE_OFF, true},
     162             :     {"yes", ARCHIVE_MODE_ON, true},
     163             :     {"no", ARCHIVE_MODE_OFF, true},
     164             :     {"1", ARCHIVE_MODE_ON, true},
     165             :     {"0", ARCHIVE_MODE_OFF, true},
     166             :     {NULL, 0, false}
     167             : };
     168             : 
     169             : const struct config_enum_entry recovery_target_action_options[] = {
     170             :     {"pause", RECOVERY_TARGET_ACTION_PAUSE, false},
     171             :     {"promote", RECOVERY_TARGET_ACTION_PROMOTE, false},
     172             :     {"shutdown", RECOVERY_TARGET_ACTION_SHUTDOWN, false},
     173             :     {NULL, 0, false}
     174             : };
     175             : 
     176             : /*
     177             :  * Statistics for current checkpoint are collected in this global struct.
     178             :  * Because only the checkpointer or a stand-alone backend can perform
     179             :  * checkpoints, this will be unused in normal backends.
     180             :  */
     181             : CheckpointStatsData CheckpointStats;
     182             : 
     183             : /*
     184             :  * ThisTimeLineID will be same in all backends --- it identifies current
     185             :  * WAL timeline for the database system.
     186             :  */
     187             : TimeLineID  ThisTimeLineID = 0;
     188             : 
     189             : /*
     190             :  * Are we doing recovery from XLOG?
     191             :  *
     192             :  * This is only ever true in the startup process; it should be read as meaning
     193             :  * "this process is replaying WAL records", rather than "the system is in
     194             :  * recovery mode".  It should be examined primarily by functions that need
     195             :  * to act differently when called from a WAL redo function (e.g., to skip WAL
     196             :  * logging).  To check whether the system is in recovery regardless of which
     197             :  * process you're running in, use RecoveryInProgress() but only after shared
     198             :  * memory startup and lock initialization.
     199             :  */
     200             : bool        InRecovery = false;
     201             : 
     202             : /* Are we in Hot Standby mode? Only valid in startup process, see xlog.h */
     203             : HotStandbyState standbyState = STANDBY_DISABLED;
     204             : 
     205             : static XLogRecPtr LastRec;
     206             : 
     207             : /* Local copy of WalRcv->receivedUpto */
     208             : static XLogRecPtr receivedUpto = 0;
     209             : static TimeLineID receiveTLI = 0;
     210             : 
     211             : /*
     212             :  * During recovery, lastFullPageWrites keeps track of full_page_writes that
     213             :  * the replayed WAL records indicate. It's initialized with full_page_writes
     214             :  * that the recovery starting checkpoint record indicates, and then updated
     215             :  * each time XLOG_FPW_CHANGE record is replayed.
     216             :  */
     217             : static bool lastFullPageWrites;
     218             : 
     219             : /*
     220             :  * Local copy of SharedRecoveryInProgress variable. True actually means "not
     221             :  * known, need to check the shared state".
     222             :  */
     223             : static bool LocalRecoveryInProgress = true;
     224             : 
     225             : /*
     226             :  * Local copy of SharedHotStandbyActive variable. False actually means "not
     227             :  * known, need to check the shared state".
     228             :  */
     229             : static bool LocalHotStandbyActive = false;
     230             : 
     231             : /*
     232             :  * Local state for XLogInsertAllowed():
     233             :  *      1: unconditionally allowed to insert XLOG
     234             :  *      0: unconditionally not allowed to insert XLOG
     235             :  *      -1: must check RecoveryInProgress(); disallow until it is false
     236             :  * Most processes start with -1 and transition to 1 after seeing that recovery
     237             :  * is not in progress.  But we can also force the value for special cases.
     238             :  * The coding in XLogInsertAllowed() depends on the first two of these states
     239             :  * being numerically the same as bool true and false.
     240             :  */
     241             : static int  LocalXLogInsertAllowed = -1;
     242             : 
     243             : /*
     244             :  * When ArchiveRecoveryRequested is set, archive recovery was requested,
     245             :  * ie. signal files were present. When InArchiveRecovery is set, we are
     246             :  * currently recovering using offline XLOG archives. These variables are only
     247             :  * valid in the startup process.
     248             :  *
     249             :  * When ArchiveRecoveryRequested is true, but InArchiveRecovery is false, we're
     250             :  * currently performing crash recovery using only XLOG files in pg_wal, but
     251             :  * will switch to using offline XLOG archives as soon as we reach the end of
     252             :  * WAL in pg_wal.
     253             : */
     254             : bool        ArchiveRecoveryRequested = false;
     255             : bool        InArchiveRecovery = false;
     256             : 
     257             : static bool standby_signal_file_found = false;
     258             : static bool recovery_signal_file_found = false;
     259             : 
     260             : /* Was the last xlog file restored from archive, or local? */
     261             : static bool restoredFromArchive = false;
     262             : 
     263             : /* Buffers dedicated to consistency checks of size BLCKSZ */
     264             : static char *replay_image_masked = NULL;
     265             : static char *master_image_masked = NULL;
     266             : 
     267             : /* options formerly taken from recovery.conf for archive recovery */
     268             : char       *recoveryRestoreCommand = NULL;
     269             : char       *recoveryEndCommand = NULL;
     270             : char       *archiveCleanupCommand = NULL;
     271             : RecoveryTargetType recoveryTarget = RECOVERY_TARGET_UNSET;
     272             : bool        recoveryTargetInclusive = true;
     273             : int         recoveryTargetAction = RECOVERY_TARGET_ACTION_PAUSE;
     274             : TransactionId recoveryTargetXid;
     275             : char       *recovery_target_time_string;
     276             : static TimestampTz recoveryTargetTime;
     277             : const char *recoveryTargetName;
     278             : XLogRecPtr  recoveryTargetLSN;
     279             : int         recovery_min_apply_delay = 0;
     280             : TimestampTz recoveryDelayUntilTime;
     281             : 
     282             : /* options formerly taken from recovery.conf for XLOG streaming */
     283             : bool        StandbyModeRequested = false;
     284             : char       *PrimaryConnInfo = NULL;
     285             : char       *PrimarySlotName = NULL;
     286             : char       *PromoteTriggerFile = NULL;
     287             : 
     288             : /* are we currently in standby mode? */
     289             : bool        StandbyMode = false;
     290             : 
     291             : /* whether request for fast promotion has been made yet */
     292             : static bool fast_promote = false;
     293             : 
     294             : /*
     295             :  * if recoveryStopsBefore/After returns true, it saves information of the stop
     296             :  * point here
     297             :  */
     298             : static TransactionId recoveryStopXid;
     299             : static TimestampTz recoveryStopTime;
     300             : static XLogRecPtr recoveryStopLSN;
     301             : static char recoveryStopName[MAXFNAMELEN];
     302             : static bool recoveryStopAfter;
     303             : 
     304             : /*
     305             :  * During normal operation, the only timeline we care about is ThisTimeLineID.
     306             :  * During recovery, however, things are more complicated.  To simplify life
     307             :  * for rmgr code, we keep ThisTimeLineID set to the "current" timeline as we
     308             :  * scan through the WAL history (that is, it is the line that was active when
     309             :  * the currently-scanned WAL record was generated).  We also need these
     310             :  * timeline values:
     311             :  *
     312             :  * recoveryTargetTimeLineGoal: what the user requested, if any
     313             :  *
     314             :  * recoveryTargetTLIRequested: numeric value of requested timeline, if constant
     315             :  *
     316             :  * recoveryTargetTLI: the currently understood target timeline; changes
     317             :  *
     318             :  * expectedTLEs: a list of TimeLineHistoryEntries for recoveryTargetTLI and the timelines of
     319             :  * its known parents, newest first (so recoveryTargetTLI is always the
     320             :  * first list member).  Only these TLIs are expected to be seen in the WAL
     321             :  * segments we read, and indeed only these TLIs will be considered as
     322             :  * candidate WAL files to open at all.
     323             :  *
     324             :  * curFileTLI: the TLI appearing in the name of the current input WAL file.
     325             :  * (This is not necessarily the same as ThisTimeLineID, because we could
     326             :  * be scanning data that was copied from an ancestor timeline when the current
     327             :  * file was created.)  During a sequential scan we do not allow this value
     328             :  * to decrease.
     329             :  */
     330             : RecoveryTargetTimeLineGoal recoveryTargetTimeLineGoal = RECOVERY_TARGET_TIMELINE_LATEST;
     331             : TimeLineID  recoveryTargetTLIRequested = 0;
     332             : TimeLineID  recoveryTargetTLI = 0;
     333             : static List *expectedTLEs;
     334             : static TimeLineID curFileTLI;
     335             : 
     336             : /*
     337             :  * ProcLastRecPtr points to the start of the last XLOG record inserted by the
     338             :  * current backend.  It is updated for all inserts.  XactLastRecEnd points to
     339             :  * end+1 of the last record, and is reset when we end a top-level transaction,
     340             :  * or start a new one; so it can be used to tell if the current transaction has
     341             :  * created any XLOG records.
     342             :  *
     343             :  * While in parallel mode, this may not be fully up to date.  When committing,
     344             :  * a transaction can assume this covers all xlog records written either by the
     345             :  * user backend or by any parallel worker which was present at any point during
     346             :  * the transaction.  But when aborting, or when still in parallel mode, other
     347             :  * parallel backends may have written WAL records at later LSNs than the value
     348             :  * stored here.  The parallel leader advances its own copy, when necessary,
     349             :  * in WaitForParallelWorkersToFinish.
     350             :  */
     351             : XLogRecPtr  ProcLastRecPtr = InvalidXLogRecPtr;
     352             : XLogRecPtr  XactLastRecEnd = InvalidXLogRecPtr;
     353             : XLogRecPtr  XactLastCommitEnd = InvalidXLogRecPtr;
     354             : 
     355             : /*
     356             :  * RedoRecPtr is this backend's local copy of the REDO record pointer
     357             :  * (which is almost but not quite the same as a pointer to the most recent
     358             :  * CHECKPOINT record).  We update this from the shared-memory copy,
     359             :  * XLogCtl->Insert.RedoRecPtr, whenever we can safely do so (ie, when we
     360             :  * hold an insertion lock).  See XLogInsertRecord for details.  We are also
     361             :  * allowed to update from XLogCtl->RedoRecPtr if we hold the info_lck;
     362             :  * see GetRedoRecPtr.  A freshly spawned backend obtains the value during
     363             :  * InitXLOGAccess.
     364             :  */
     365             : static XLogRecPtr RedoRecPtr;
     366             : 
     367             : /*
     368             :  * doPageWrites is this backend's local copy of (forcePageWrites ||
     369             :  * fullPageWrites).  It is used together with RedoRecPtr to decide whether
     370             :  * a full-page image of a page need to be taken.
     371             :  */
     372             : static bool doPageWrites;
     373             : 
     374             : /* Has the recovery code requested a walreceiver wakeup? */
     375             : static bool doRequestWalReceiverReply;
     376             : 
     377             : /*
     378             :  * RedoStartLSN points to the checkpoint's REDO location which is specified
     379             :  * in a backup label file, backup history file or control file. In standby
     380             :  * mode, XLOG streaming usually starts from the position where an invalid
     381             :  * record was found. But if we fail to read even the initial checkpoint
     382             :  * record, we use the REDO location instead of the checkpoint location as
     383             :  * the start position of XLOG streaming. Otherwise we would have to jump
     384             :  * backwards to the REDO location after reading the checkpoint record,
     385             :  * because the REDO record can precede the checkpoint record.
     386             :  */
     387             : static XLogRecPtr RedoStartLSN = InvalidXLogRecPtr;
     388             : 
     389             : /*----------
     390             :  * Shared-memory data structures for XLOG control
     391             :  *
     392             :  * LogwrtRqst indicates a byte position that we need to write and/or fsync
     393             :  * the log up to (all records before that point must be written or fsynced).
     394             :  * LogwrtResult indicates the byte positions we have already written/fsynced.
     395             :  * These structs are identical but are declared separately to indicate their
     396             :  * slightly different functions.
     397             :  *
     398             :  * To read XLogCtl->LogwrtResult, you must hold either info_lck or
     399             :  * WALWriteLock.  To update it, you need to hold both locks.  The point of
     400             :  * this arrangement is that the value can be examined by code that already
     401             :  * holds WALWriteLock without needing to grab info_lck as well.  In addition
     402             :  * to the shared variable, each backend has a private copy of LogwrtResult,
     403             :  * which is updated when convenient.
     404             :  *
     405             :  * The request bookkeeping is simpler: there is a shared XLogCtl->LogwrtRqst
     406             :  * (protected by info_lck), but we don't need to cache any copies of it.
     407             :  *
     408             :  * info_lck is only held long enough to read/update the protected variables,
     409             :  * so it's a plain spinlock.  The other locks are held longer (potentially
     410             :  * over I/O operations), so we use LWLocks for them.  These locks are:
     411             :  *
     412             :  * WALBufMappingLock: must be held to replace a page in the WAL buffer cache.
     413             :  * It is only held while initializing and changing the mapping.  If the
     414             :  * contents of the buffer being replaced haven't been written yet, the mapping
     415             :  * lock is released while the write is done, and reacquired afterwards.
     416             :  *
     417             :  * WALWriteLock: must be held to write WAL buffers to disk (XLogWrite or
     418             :  * XLogFlush).
     419             :  *
     420             :  * ControlFileLock: must be held to read/update control file or create
     421             :  * new log file.
     422             :  *
     423             :  * CheckpointLock: must be held to do a checkpoint or restartpoint (ensures
     424             :  * only one checkpointer at a time; currently, with all checkpoints done by
     425             :  * the checkpointer, this is just pro forma).
     426             :  *
     427             :  *----------
     428             :  */
     429             : 
     430             : typedef struct XLogwrtRqst
     431             : {
     432             :     XLogRecPtr  Write;          /* last byte + 1 to write out */
     433             :     XLogRecPtr  Flush;          /* last byte + 1 to flush */
     434             : } XLogwrtRqst;
     435             : 
     436             : typedef struct XLogwrtResult
     437             : {
     438             :     XLogRecPtr  Write;          /* last byte + 1 written out */
     439             :     XLogRecPtr  Flush;          /* last byte + 1 flushed */
     440             : } XLogwrtResult;
     441             : 
     442             : /*
     443             :  * Inserting to WAL is protected by a small fixed number of WAL insertion
     444             :  * locks. To insert to the WAL, you must hold one of the locks - it doesn't
     445             :  * matter which one. To lock out other concurrent insertions, you must hold
     446             :  * of them. Each WAL insertion lock consists of a lightweight lock, plus an
     447             :  * indicator of how far the insertion has progressed (insertingAt).
     448             :  *
     449             :  * The insertingAt values are read when a process wants to flush WAL from
     450             :  * the in-memory buffers to disk, to check that all the insertions to the
     451             :  * region the process is about to write out have finished. You could simply
     452             :  * wait for all currently in-progress insertions to finish, but the
     453             :  * insertingAt indicator allows you to ignore insertions to later in the WAL,
     454             :  * so that you only wait for the insertions that are modifying the buffers
     455             :  * you're about to write out.
     456             :  *
     457             :  * This isn't just an optimization. If all the WAL buffers are dirty, an
     458             :  * inserter that's holding a WAL insert lock might need to evict an old WAL
     459             :  * buffer, which requires flushing the WAL. If it's possible for an inserter
     460             :  * to block on another inserter unnecessarily, deadlock can arise when two
     461             :  * inserters holding a WAL insert lock wait for each other to finish their
     462             :  * insertion.
     463             :  *
     464             :  * Small WAL records that don't cross a page boundary never update the value,
     465             :  * the WAL record is just copied to the page and the lock is released. But
     466             :  * to avoid the deadlock-scenario explained above, the indicator is always
     467             :  * updated before sleeping while holding an insertion lock.
     468             :  *
     469             :  * lastImportantAt contains the LSN of the last important WAL record inserted
     470             :  * using a given lock. This value is used to detect if there has been
     471             :  * important WAL activity since the last time some action, like a checkpoint,
     472             :  * was performed - allowing to not repeat the action if not. The LSN is
     473             :  * updated for all insertions, unless the XLOG_MARK_UNIMPORTANT flag was
     474             :  * set. lastImportantAt is never cleared, only overwritten by the LSN of newer
     475             :  * records.  Tracking the WAL activity directly in WALInsertLock has the
     476             :  * advantage of not needing any additional locks to update the value.
     477             :  */
     478             : typedef struct
     479             : {
     480             :     LWLock      lock;
     481             :     XLogRecPtr  insertingAt;
     482             :     XLogRecPtr  lastImportantAt;
     483             : } WALInsertLock;
     484             : 
     485             : /*
     486             :  * All the WAL insertion locks are allocated as an array in shared memory. We
     487             :  * force the array stride to be a power of 2, which saves a few cycles in
     488             :  * indexing, but more importantly also ensures that individual slots don't
     489             :  * cross cache line boundaries. (Of course, we have to also ensure that the
     490             :  * array start address is suitably aligned.)
     491             :  */
     492             : typedef union WALInsertLockPadded
     493             : {
     494             :     WALInsertLock l;
     495             :     char        pad[PG_CACHE_LINE_SIZE];
     496             : } WALInsertLockPadded;
     497             : 
     498             : /*
     499             :  * State of an exclusive backup, necessary to control concurrent activities
     500             :  * across sessions when working on exclusive backups.
     501             :  *
     502             :  * EXCLUSIVE_BACKUP_NONE means that there is no exclusive backup actually
     503             :  * running, to be more precise pg_start_backup() is not being executed for
     504             :  * an exclusive backup and there is no exclusive backup in progress.
     505             :  * EXCLUSIVE_BACKUP_STARTING means that pg_start_backup() is starting an
     506             :  * exclusive backup.
     507             :  * EXCLUSIVE_BACKUP_IN_PROGRESS means that pg_start_backup() has finished
     508             :  * running and an exclusive backup is in progress. pg_stop_backup() is
     509             :  * needed to finish it.
     510             :  * EXCLUSIVE_BACKUP_STOPPING means that pg_stop_backup() is stopping an
     511             :  * exclusive backup.
     512             :  */
     513             : typedef enum ExclusiveBackupState
     514             : {
     515             :     EXCLUSIVE_BACKUP_NONE = 0,
     516             :     EXCLUSIVE_BACKUP_STARTING,
     517             :     EXCLUSIVE_BACKUP_IN_PROGRESS,
     518             :     EXCLUSIVE_BACKUP_STOPPING
     519             : } ExclusiveBackupState;
     520             : 
     521             : /*
     522             :  * Session status of running backup, used for sanity checks in SQL-callable
     523             :  * functions to start and stop backups.
     524             :  */
     525             : static SessionBackupState sessionBackupState = SESSION_BACKUP_NONE;
     526             : 
     527             : /*
     528             :  * Shared state data for WAL insertion.
     529             :  */
     530             : typedef struct XLogCtlInsert
     531             : {
     532             :     slock_t     insertpos_lck;  /* protects CurrBytePos and PrevBytePos */
     533             : 
     534             :     /*
     535             :      * CurrBytePos is the end of reserved WAL. The next record will be
     536             :      * inserted at that position. PrevBytePos is the start position of the
     537             :      * previously inserted (or rather, reserved) record - it is copied to the
     538             :      * prev-link of the next record. These are stored as "usable byte
     539             :      * positions" rather than XLogRecPtrs (see XLogBytePosToRecPtr()).
     540             :      */
     541             :     uint64      CurrBytePos;
     542             :     uint64      PrevBytePos;
     543             : 
     544             :     /*
     545             :      * Make sure the above heavily-contended spinlock and byte positions are
     546             :      * on their own cache line. In particular, the RedoRecPtr and full page
     547             :      * write variables below should be on a different cache line. They are
     548             :      * read on every WAL insertion, but updated rarely, and we don't want
     549             :      * those reads to steal the cache line containing Curr/PrevBytePos.
     550             :      */
     551             :     char        pad[PG_CACHE_LINE_SIZE];
     552             : 
     553             :     /*
     554             :      * fullPageWrites is the master copy used by all backends to determine
     555             :      * whether to write full-page to WAL, instead of using process-local one.
     556             :      * This is required because, when full_page_writes is changed by SIGHUP,
     557             :      * we must WAL-log it before it actually affects WAL-logging by backends.
     558             :      * Checkpointer sets at startup or after SIGHUP.
     559             :      *
     560             :      * To read these fields, you must hold an insertion lock. To modify them,
     561             :      * you must hold ALL the locks.
     562             :      */
     563             :     XLogRecPtr  RedoRecPtr;     /* current redo point for insertions */
     564             :     bool        forcePageWrites;    /* forcing full-page writes for PITR? */
     565             :     bool        fullPageWrites;
     566             : 
     567             :     /*
     568             :      * exclusiveBackupState indicates the state of an exclusive backup (see
     569             :      * comments of ExclusiveBackupState for more details). nonExclusiveBackups
     570             :      * is a counter indicating the number of streaming base backups currently
     571             :      * in progress. forcePageWrites is set to true when either of these is
     572             :      * non-zero. lastBackupStart is the latest checkpoint redo location used
     573             :      * as a starting point for an online backup.
     574             :      */
     575             :     ExclusiveBackupState exclusiveBackupState;
     576             :     int         nonExclusiveBackups;
     577             :     XLogRecPtr  lastBackupStart;
     578             : 
     579             :     /*
     580             :      * WAL insertion locks.
     581             :      */
     582             :     WALInsertLockPadded *WALInsertLocks;
     583             : } XLogCtlInsert;
     584             : 
     585             : /*
     586             :  * Total shared-memory state for XLOG.
     587             :  */
     588             : typedef struct XLogCtlData
     589             : {
     590             :     XLogCtlInsert Insert;
     591             : 
     592             :     /* Protected by info_lck: */
     593             :     XLogwrtRqst LogwrtRqst;
     594             :     XLogRecPtr  RedoRecPtr;     /* a recent copy of Insert->RedoRecPtr */
     595             :     FullTransactionId ckptFullXid;  /* nextFullXid of latest checkpoint */
     596             :     XLogRecPtr  asyncXactLSN;   /* LSN of newest async commit/abort */
     597             :     XLogRecPtr  replicationSlotMinLSN;  /* oldest LSN needed by any slot */
     598             : 
     599             :     XLogSegNo   lastRemovedSegNo;   /* latest removed/recycled XLOG segment */
     600             : 
     601             :     /* Fake LSN counter, for unlogged relations. Protected by ulsn_lck. */
     602             :     XLogRecPtr  unloggedLSN;
     603             :     slock_t     ulsn_lck;
     604             : 
     605             :     /* Time and LSN of last xlog segment switch. Protected by WALWriteLock. */
     606             :     pg_time_t   lastSegSwitchTime;
     607             :     XLogRecPtr  lastSegSwitchLSN;
     608             : 
     609             :     /*
     610             :      * Protected by info_lck and WALWriteLock (you must hold either lock to
     611             :      * read it, but both to update)
     612             :      */
     613             :     XLogwrtResult LogwrtResult;
     614             : 
     615             :     /*
     616             :      * Latest initialized page in the cache (last byte position + 1).
     617             :      *
     618             :      * To change the identity of a buffer (and InitializedUpTo), you need to
     619             :      * hold WALBufMappingLock.  To change the identity of a buffer that's
     620             :      * still dirty, the old page needs to be written out first, and for that
     621             :      * you need WALWriteLock, and you need to ensure that there are no
     622             :      * in-progress insertions to the page by calling
     623             :      * WaitXLogInsertionsToFinish().
     624             :      */
     625             :     XLogRecPtr  InitializedUpTo;
     626             : 
     627             :     /*
     628             :      * These values do not change after startup, although the pointed-to pages
     629             :      * and xlblocks values certainly do.  xlblocks values are protected by
     630             :      * WALBufMappingLock.
     631             :      */
     632             :     char       *pages;          /* buffers for unwritten XLOG pages */
     633             :     XLogRecPtr *xlblocks;       /* 1st byte ptr-s + XLOG_BLCKSZ */
     634             :     int         XLogCacheBlck;  /* highest allocated xlog buffer index */
     635             : 
     636             :     /*
     637             :      * Shared copy of ThisTimeLineID. Does not change after end-of-recovery.
     638             :      * If we created a new timeline when the system was started up,
     639             :      * PrevTimeLineID is the old timeline's ID that we forked off from.
     640             :      * Otherwise it's equal to ThisTimeLineID.
     641             :      */
     642             :     TimeLineID  ThisTimeLineID;
     643             :     TimeLineID  PrevTimeLineID;
     644             : 
     645             :     /*
     646             :      * SharedRecoveryInProgress indicates if we're still in crash or archive
     647             :      * recovery.  Protected by info_lck.
     648             :      */
     649             :     bool        SharedRecoveryInProgress;
     650             : 
     651             :     /*
     652             :      * SharedHotStandbyActive indicates if we're still in crash or archive
     653             :      * recovery.  Protected by info_lck.
     654             :      */
     655             :     bool        SharedHotStandbyActive;
     656             : 
     657             :     /*
     658             :      * WalWriterSleeping indicates whether the WAL writer is currently in
     659             :      * low-power mode (and hence should be nudged if an async commit occurs).
     660             :      * Protected by info_lck.
     661             :      */
     662             :     bool        WalWriterSleeping;
     663             : 
     664             :     /*
     665             :      * recoveryWakeupLatch is used to wake up the startup process to continue
     666             :      * WAL replay, if it is waiting for WAL to arrive or failover trigger file
     667             :      * to appear.
     668             :      */
     669             :     Latch       recoveryWakeupLatch;
     670             : 
     671             :     /*
     672             :      * During recovery, we keep a copy of the latest checkpoint record here.
     673             :      * lastCheckPointRecPtr points to start of checkpoint record and
     674             :      * lastCheckPointEndPtr points to end+1 of checkpoint record.  Used by the
     675             :      * checkpointer when it wants to create a restartpoint.
     676             :      *
     677             :      * Protected by info_lck.
     678             :      */
     679             :     XLogRecPtr  lastCheckPointRecPtr;
     680             :     XLogRecPtr  lastCheckPointEndPtr;
     681             :     CheckPoint  lastCheckPoint;
     682             : 
     683             :     /*
     684             :      * lastReplayedEndRecPtr points to end+1 of the last record successfully
     685             :      * replayed. When we're currently replaying a record, ie. in a redo
     686             :      * function, replayEndRecPtr points to the end+1 of the record being
     687             :      * replayed, otherwise it's equal to lastReplayedEndRecPtr.
     688             :      */
     689             :     XLogRecPtr  lastReplayedEndRecPtr;
     690             :     TimeLineID  lastReplayedTLI;
     691             :     XLogRecPtr  replayEndRecPtr;
     692             :     TimeLineID  replayEndTLI;
     693             :     /* timestamp of last COMMIT/ABORT record replayed (or being replayed) */
     694             :     TimestampTz recoveryLastXTime;
     695             : 
     696             :     /*
     697             :      * timestamp of when we started replaying the current chunk of WAL data,
     698             :      * only relevant for replication or archive recovery
     699             :      */
     700             :     TimestampTz currentChunkStartTime;
     701             :     /* Are we requested to pause recovery? */
     702             :     bool        recoveryPause;
     703             : 
     704             :     /*
     705             :      * lastFpwDisableRecPtr points to the start of the last replayed
     706             :      * XLOG_FPW_CHANGE record that instructs full_page_writes is disabled.
     707             :      */
     708             :     XLogRecPtr  lastFpwDisableRecPtr;
     709             : 
     710             :     slock_t     info_lck;       /* locks shared variables shown above */
     711             : } XLogCtlData;
     712             : 
     713             : static XLogCtlData *XLogCtl = NULL;
     714             : 
     715             : /* a private copy of XLogCtl->Insert.WALInsertLocks, for convenience */
     716             : static WALInsertLockPadded *WALInsertLocks = NULL;
     717             : 
     718             : /*
     719             :  * We maintain an image of pg_control in shared memory.
     720             :  */
     721             : static ControlFileData *ControlFile = NULL;
     722             : 
     723             : /*
     724             :  * Calculate the amount of space left on the page after 'endptr'. Beware
     725             :  * multiple evaluation!
     726             :  */
     727             : #define INSERT_FREESPACE(endptr)    \
     728             :     (((endptr) % XLOG_BLCKSZ == 0) ? 0 : (XLOG_BLCKSZ - (endptr) % XLOG_BLCKSZ))
     729             : 
     730             : /* Macro to advance to next buffer index. */
     731             : #define NextBufIdx(idx)     \
     732             :         (((idx) == XLogCtl->XLogCacheBlck) ? 0 : ((idx) + 1))
     733             : 
     734             : /*
     735             :  * XLogRecPtrToBufIdx returns the index of the WAL buffer that holds, or
     736             :  * would hold if it was in cache, the page containing 'recptr'.
     737             :  */
     738             : #define XLogRecPtrToBufIdx(recptr)  \
     739             :     (((recptr) / XLOG_BLCKSZ) % (XLogCtl->XLogCacheBlck + 1))
     740             : 
     741             : /*
     742             :  * These are the number of bytes in a WAL page usable for WAL data.
     743             :  */
     744             : #define UsableBytesInPage (XLOG_BLCKSZ - SizeOfXLogShortPHD)
     745             : 
     746             : /* Convert min_wal_size_mb and max_wal_size_mb to equivalent segment count */
     747             : #define ConvertToXSegs(x, segsize)  \
     748             :     (x / ((segsize) / (1024 * 1024)))
     749             : 
     750             : /* The number of bytes in a WAL segment usable for WAL data. */
     751             : static int  UsableBytesInSegment;
     752             : 
     753             : /*
     754             :  * Private, possibly out-of-date copy of shared LogwrtResult.
     755             :  * See discussion above.
     756             :  */
     757             : static XLogwrtResult LogwrtResult = {0, 0};
     758             : 
     759             : /*
     760             :  * Codes indicating where we got a WAL file from during recovery, or where
     761             :  * to attempt to get one.
     762             :  */
     763             : typedef enum
     764             : {
     765             :     XLOG_FROM_ANY = 0,          /* request to read WAL from any source */
     766             :     XLOG_FROM_ARCHIVE,          /* restored using restore_command */
     767             :     XLOG_FROM_PG_WAL,           /* existing file in pg_wal */
     768             :     XLOG_FROM_STREAM            /* streamed from master */
     769             : } XLogSource;
     770             : 
     771             : /* human-readable names for XLogSources, for debugging output */
     772             : static const char *const xlogSourceNames[] = {"any", "archive", "pg_wal", "stream"};
     773             : 
     774             : /*
     775             :  * openLogFile is -1 or a kernel FD for an open log file segment.
     776             :  * openLogSegNo identifies the segment.  These variables are only used to
     777             :  * write the XLOG, and so will normally refer to the active segment.
     778             :  */
     779             : static int  openLogFile = -1;
     780             : static XLogSegNo openLogSegNo = 0;
     781             : 
     782             : /*
     783             :  * These variables are used similarly to the ones above, but for reading
     784             :  * the XLOG.  Note, however, that readOff generally represents the offset
     785             :  * of the page just read, not the seek position of the FD itself, which
     786             :  * will be just past that page. readLen indicates how much of the current
     787             :  * page has been read into readBuf, and readSource indicates where we got
     788             :  * the currently open file from.
     789             :  */
     790             : static int  readFile = -1;
     791             : static XLogSegNo readSegNo = 0;
     792             : static uint32 readOff = 0;
     793             : static uint32 readLen = 0;
     794             : static XLogSource readSource = 0;   /* XLOG_FROM_* code */
     795             : 
     796             : /*
     797             :  * Keeps track of which source we're currently reading from. This is
     798             :  * different from readSource in that this is always set, even when we don't
     799             :  * currently have a WAL file open. If lastSourceFailed is set, our last
     800             :  * attempt to read from currentSource failed, and we should try another source
     801             :  * next.
     802             :  */
     803             : static XLogSource currentSource = 0;    /* XLOG_FROM_* code */
     804             : static bool lastSourceFailed = false;
     805             : 
     806             : typedef struct XLogPageReadPrivate
     807             : {
     808             :     int         emode;
     809             :     bool        fetching_ckpt;  /* are we fetching a checkpoint record? */
     810             :     bool        randAccess;
     811             : } XLogPageReadPrivate;
     812             : 
     813             : /*
     814             :  * These variables track when we last obtained some WAL data to process,
     815             :  * and where we got it from.  (XLogReceiptSource is initially the same as
     816             :  * readSource, but readSource gets reset to zero when we don't have data
     817             :  * to process right now.  It is also different from currentSource, which
     818             :  * also changes when we try to read from a source and fail, while
     819             :  * XLogReceiptSource tracks where we last successfully read some WAL.)
     820             :  */
     821             : static TimestampTz XLogReceiptTime = 0;
     822             : static XLogSource XLogReceiptSource = 0;    /* XLOG_FROM_* code */
     823             : 
     824             : /* State information for XLOG reading */
     825             : static XLogRecPtr ReadRecPtr;   /* start of last record read */
     826             : static XLogRecPtr EndRecPtr;    /* end+1 of last record read */
     827             : 
     828             : /*
     829             :  * Local copies of equivalent fields in the control file.  When running
     830             :  * crash recovery, minRecoveryPoint is set to InvalidXLogRecPtr as we
     831             :  * expect to replay all the WAL available, and updateMinRecoveryPoint is
     832             :  * switched to false to prevent any updates while replaying records.
     833             :  * Those values are kept consistent as long as crash recovery runs.
     834             :  */
     835             : static XLogRecPtr minRecoveryPoint;
     836             : static TimeLineID minRecoveryPointTLI;
     837             : static bool updateMinRecoveryPoint = true;
     838             : 
     839             : /*
     840             :  * Have we reached a consistent database state? In crash recovery, we have
     841             :  * to replay all the WAL, so reachedConsistency is never set. During archive
     842             :  * recovery, the database is consistent once minRecoveryPoint is reached.
     843             :  */
     844             : bool        reachedConsistency = false;
     845             : 
     846             : static bool InRedo = false;
     847             : 
     848             : /* Have we launched bgwriter during recovery? */
     849             : static bool bgwriterLaunched = false;
     850             : 
     851             : /* For WALInsertLockAcquire/Release functions */
     852             : static int  MyLockNo = 0;
     853             : static bool holdingAllLocks = false;
     854             : 
     855             : #ifdef WAL_DEBUG
     856             : static MemoryContext walDebugCxt = NULL;
     857             : #endif
     858             : 
     859             : static void readRecoverySignalFile(void);
     860             : static void validateRecoveryParameters(void);
     861             : static void exitArchiveRecovery(TimeLineID endTLI, XLogRecPtr endOfLog);
     862             : static bool recoveryStopsBefore(XLogReaderState *record);
     863             : static bool recoveryStopsAfter(XLogReaderState *record);
     864             : static void recoveryPausesHere(void);
     865             : static bool recoveryApplyDelay(XLogReaderState *record);
     866             : static void SetLatestXTime(TimestampTz xtime);
     867             : static void SetCurrentChunkStartTime(TimestampTz xtime);
     868             : static void CheckRequiredParameterValues(void);
     869             : static void XLogReportParameters(void);
     870             : static void checkTimeLineSwitch(XLogRecPtr lsn, TimeLineID newTLI,
     871             :                                 TimeLineID prevTLI);
     872             : static void LocalSetXLogInsertAllowed(void);
     873             : static void CreateEndOfRecoveryRecord(void);
     874             : static void CheckPointGuts(XLogRecPtr checkPointRedo, int flags);
     875             : static void KeepLogSeg(XLogRecPtr recptr, XLogSegNo *logSegNo);
     876             : static XLogRecPtr XLogGetReplicationSlotMinimumLSN(void);
     877             : 
     878             : static void AdvanceXLInsertBuffer(XLogRecPtr upto, bool opportunistic);
     879             : static bool XLogCheckpointNeeded(XLogSegNo new_segno);
     880             : static void XLogWrite(XLogwrtRqst WriteRqst, bool flexible);
     881             : static bool InstallXLogFileSegment(XLogSegNo *segno, char *tmppath,
     882             :                                    bool find_free, XLogSegNo max_segno,
     883             :                                    bool use_lock);
     884             : static int  XLogFileRead(XLogSegNo segno, int emode, TimeLineID tli,
     885             :                          int source, bool notfoundOk);
     886             : static int  XLogFileReadAnyTLI(XLogSegNo segno, int emode, int source);
     887             : static int  XLogPageRead(XLogReaderState *xlogreader, XLogRecPtr targetPagePtr,
     888             :                          int reqLen, XLogRecPtr targetRecPtr, char *readBuf);
     889             : static bool WaitForWALToBecomeAvailable(XLogRecPtr RecPtr, bool randAccess,
     890             :                                         bool fetching_ckpt, XLogRecPtr tliRecPtr);
     891             : static int  emode_for_corrupt_record(int emode, XLogRecPtr RecPtr);
     892             : static void XLogFileClose(void);
     893             : static void PreallocXlogFiles(XLogRecPtr endptr);
     894             : static void RemoveTempXlogFiles(void);
     895             : static void RemoveOldXlogFiles(XLogSegNo segno, XLogRecPtr RedoRecPtr, XLogRecPtr endptr);
     896             : static void RemoveXlogFile(const char *segname, XLogRecPtr RedoRecPtr, XLogRecPtr endptr);
     897             : static void UpdateLastRemovedPtr(char *filename);
     898             : static void ValidateXLOGDirectoryStructure(void);
     899             : static void CleanupBackupHistory(void);
     900             : static void UpdateMinRecoveryPoint(XLogRecPtr lsn, bool force);
     901             : static XLogRecord *ReadRecord(XLogReaderState *xlogreader, XLogRecPtr RecPtr,
     902             :                               int emode, bool fetching_ckpt);
     903             : static void CheckRecoveryConsistency(void);
     904             : static XLogRecord *ReadCheckpointRecord(XLogReaderState *xlogreader,
     905             :                                         XLogRecPtr RecPtr, int whichChkpt, bool report);
     906             : static bool rescanLatestTimeLine(void);
     907             : static void WriteControlFile(void);
     908             : static void ReadControlFile(void);
     909             : static char *str_time(pg_time_t tnow);
     910             : static bool CheckForStandbyTrigger(void);
     911             : 
     912             : #ifdef WAL_DEBUG
     913             : static void xlog_outrec(StringInfo buf, XLogReaderState *record);
     914             : #endif
     915             : static void xlog_outdesc(StringInfo buf, XLogReaderState *record);
     916             : static void pg_start_backup_callback(int code, Datum arg);
     917             : static void pg_stop_backup_callback(int code, Datum arg);
     918             : static bool read_backup_label(XLogRecPtr *checkPointLoc,
     919             :                               bool *backupEndRequired, bool *backupFromStandby);
     920             : static bool read_tablespace_map(List **tablespaces);
     921             : 
     922             : static void rm_redo_error_callback(void *arg);
     923             : static int  get_sync_bit(int method);
     924             : 
     925             : static void CopyXLogRecordToWAL(int write_len, bool isLogSwitch,
     926             :                                 XLogRecData *rdata,
     927             :                                 XLogRecPtr StartPos, XLogRecPtr EndPos);
     928             : static void ReserveXLogInsertLocation(int size, XLogRecPtr *StartPos,
     929             :                                       XLogRecPtr *EndPos, XLogRecPtr *PrevPtr);
     930             : static bool ReserveXLogSwitch(XLogRecPtr *StartPos, XLogRecPtr *EndPos,
     931             :                               XLogRecPtr *PrevPtr);
     932             : static XLogRecPtr WaitXLogInsertionsToFinish(XLogRecPtr upto);
     933             : static char *GetXLogBuffer(XLogRecPtr ptr);
     934             : static XLogRecPtr XLogBytePosToRecPtr(uint64 bytepos);
     935             : static XLogRecPtr XLogBytePosToEndRecPtr(uint64 bytepos);
     936             : static uint64 XLogRecPtrToBytePos(XLogRecPtr ptr);
     937             : static void checkXLogConsistency(XLogReaderState *record);
     938             : 
     939             : static void WALInsertLockAcquire(void);
     940             : static void WALInsertLockAcquireExclusive(void);
     941             : static void WALInsertLockRelease(void);
     942             : static void WALInsertLockUpdateInsertingAt(XLogRecPtr insertingAt);
     943             : 
     944             : /*
     945             :  * Insert an XLOG record represented by an already-constructed chain of data
     946             :  * chunks.  This is a low-level routine; to construct the WAL record header
     947             :  * and data, use the higher-level routines in xloginsert.c.
     948             :  *
     949             :  * If 'fpw_lsn' is valid, it is the oldest LSN among the pages that this
     950             :  * WAL record applies to, that were not included in the record as full page
     951             :  * images.  If fpw_lsn <= RedoRecPtr, the function does not perform the
     952             :  * insertion and returns InvalidXLogRecPtr.  The caller can then recalculate
     953             :  * which pages need a full-page image, and retry.  If fpw_lsn is invalid, the
     954             :  * record is always inserted.
     955             :  *
     956             :  * 'flags' gives more in-depth control on the record being inserted. See
     957             :  * XLogSetRecordFlags() for details.
     958             :  *
     959             :  * The first XLogRecData in the chain must be for the record header, and its
     960             :  * data must be MAXALIGNed.  XLogInsertRecord fills in the xl_prev and
     961             :  * xl_crc fields in the header, the rest of the header must already be filled
     962             :  * by the caller.
     963             :  *
     964             :  * Returns XLOG pointer to end of record (beginning of next record).
     965             :  * This can be used as LSN for data pages affected by the logged action.
     966             :  * (LSN is the XLOG point up to which the XLOG must be flushed to disk
     967             :  * before the data page can be written out.  This implements the basic
     968             :  * WAL rule "write the log before the data".)
     969             :  */
     970             : XLogRecPtr
     971    29477740 : XLogInsertRecord(XLogRecData *rdata,
     972             :                  XLogRecPtr fpw_lsn,
     973             :                  uint8 flags)
     974             : {
     975    29477740 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
     976             :     pg_crc32c   rdata_crc;
     977             :     bool        inserted;
     978    29477740 :     XLogRecord *rechdr = (XLogRecord *) rdata->data;
     979    29477740 :     uint8       info = rechdr->xl_info & ~XLR_INFO_MASK;
     980    29477740 :     bool        isLogSwitch = (rechdr->xl_rmid == RM_XLOG_ID &&
     981             :                                info == XLOG_SWITCH);
     982             :     XLogRecPtr  StartPos;
     983             :     XLogRecPtr  EndPos;
     984    29477740 :     bool        prevDoPageWrites = doPageWrites;
     985             : 
     986             :     /* we assume that all of the record header is in the first chunk */
     987             :     Assert(rdata->len >= SizeOfXLogRecord);
     988             : 
     989             :     /* cross-check on whether we should be here or not */
     990    29477740 :     if (!XLogInsertAllowed())
     991           0 :         elog(ERROR, "cannot make new WAL entries during recovery");
     992             : 
     993             :     /*----------
     994             :      *
     995             :      * We have now done all the preparatory work we can without holding a
     996             :      * lock or modifying shared state. From here on, inserting the new WAL
     997             :      * record to the shared WAL buffer cache is a two-step process:
     998             :      *
     999             :      * 1. Reserve the right amount of space from the WAL. The current head of
    1000             :      *    reserved space is kept in Insert->CurrBytePos, and is protected by
    1001             :      *    insertpos_lck.
    1002             :      *
    1003             :      * 2. Copy the record to the reserved WAL space. This involves finding the
    1004             :      *    correct WAL buffer containing the reserved space, and copying the
    1005             :      *    record in place. This can be done concurrently in multiple processes.
    1006             :      *
    1007             :      * To keep track of which insertions are still in-progress, each concurrent
    1008             :      * inserter acquires an insertion lock. In addition to just indicating that
    1009             :      * an insertion is in progress, the lock tells others how far the inserter
    1010             :      * has progressed. There is a small fixed number of insertion locks,
    1011             :      * determined by NUM_XLOGINSERT_LOCKS. When an inserter crosses a page
    1012             :      * boundary, it updates the value stored in the lock to the how far it has
    1013             :      * inserted, to allow the previous buffer to be flushed.
    1014             :      *
    1015             :      * Holding onto an insertion lock also protects RedoRecPtr and
    1016             :      * fullPageWrites from changing until the insertion is finished.
    1017             :      *
    1018             :      * Step 2 can usually be done completely in parallel. If the required WAL
    1019             :      * page is not initialized yet, you have to grab WALBufMappingLock to
    1020             :      * initialize it, but the WAL writer tries to do that ahead of insertions
    1021             :      * to avoid that from happening in the critical path.
    1022             :      *
    1023             :      *----------
    1024             :      */
    1025    29477740 :     START_CRIT_SECTION();
    1026    29477740 :     if (isLogSwitch)
    1027         192 :         WALInsertLockAcquireExclusive();
    1028             :     else
    1029    29477548 :         WALInsertLockAcquire();
    1030             : 
    1031             :     /*
    1032             :      * Check to see if my copy of RedoRecPtr is out of date. If so, may have
    1033             :      * to go back and have the caller recompute everything. This can only
    1034             :      * happen just after a checkpoint, so it's better to be slow in this case
    1035             :      * and fast otherwise.
    1036             :      *
    1037             :      * Also check to see if fullPageWrites or forcePageWrites was just turned
    1038             :      * on; if we weren't already doing full-page writes then go back and
    1039             :      * recompute.
    1040             :      *
    1041             :      * If we aren't doing full-page writes then RedoRecPtr doesn't actually
    1042             :      * affect the contents of the XLOG record, so we'll update our local copy
    1043             :      * but not force a recomputation.  (If doPageWrites was just turned off,
    1044             :      * we could recompute the record without full pages, but we choose not to
    1045             :      * bother.)
    1046             :      */
    1047    29477740 :     if (RedoRecPtr != Insert->RedoRecPtr)
    1048             :     {
    1049             :         Assert(RedoRecPtr < Insert->RedoRecPtr);
    1050         666 :         RedoRecPtr = Insert->RedoRecPtr;
    1051             :     }
    1052    29477740 :     doPageWrites = (Insert->fullPageWrites || Insert->forcePageWrites);
    1053             : 
    1054    58806252 :     if (doPageWrites &&
    1055    58657024 :         (!prevDoPageWrites ||
    1056    28366490 :          (fpw_lsn != InvalidXLogRecPtr && fpw_lsn <= RedoRecPtr)))
    1057             :     {
    1058             :         /*
    1059             :          * Oops, some buffer now needs to be backed up that the caller didn't
    1060             :          * back up.  Start over.
    1061             :          */
    1062          26 :         WALInsertLockRelease();
    1063          26 :         END_CRIT_SECTION();
    1064          26 :         return InvalidXLogRecPtr;
    1065             :     }
    1066             : 
    1067             :     /*
    1068             :      * Reserve space for the record in the WAL. This also sets the xl_prev
    1069             :      * pointer.
    1070             :      */
    1071    29477714 :     if (isLogSwitch)
    1072         192 :         inserted = ReserveXLogSwitch(&StartPos, &EndPos, &rechdr->xl_prev);
    1073             :     else
    1074             :     {
    1075    29477522 :         ReserveXLogInsertLocation(rechdr->xl_tot_len, &StartPos, &EndPos,
    1076             :                                   &rechdr->xl_prev);
    1077    29477522 :         inserted = true;
    1078             :     }
    1079             : 
    1080    29477714 :     if (inserted)
    1081             :     {
    1082             :         /*
    1083             :          * Now that xl_prev has been filled in, calculate CRC of the record
    1084             :          * header.
    1085             :          */
    1086    29477690 :         rdata_crc = rechdr->xl_crc;
    1087    29477690 :         COMP_CRC32C(rdata_crc, rechdr, offsetof(XLogRecord, xl_crc));
    1088    29477690 :         FIN_CRC32C(rdata_crc);
    1089    29477690 :         rechdr->xl_crc = rdata_crc;
    1090             : 
    1091             :         /*
    1092             :          * All the record data, including the header, is now ready to be
    1093             :          * inserted. Copy the record in the space reserved.
    1094             :          */
    1095    29477690 :         CopyXLogRecordToWAL(rechdr->xl_tot_len, isLogSwitch, rdata,
    1096             :                             StartPos, EndPos);
    1097             : 
    1098             :         /*
    1099             :          * Unless record is flagged as not important, update LSN of last
    1100             :          * important record in the current slot. When holding all locks, just
    1101             :          * update the first one.
    1102             :          */
    1103    29477690 :         if ((flags & XLOG_MARK_UNIMPORTANT) == 0)
    1104             :         {
    1105    29338020 :             int         lockno = holdingAllLocks ? 0 : MyLockNo;
    1106             : 
    1107    29338020 :             WALInsertLocks[lockno].l.lastImportantAt = StartPos;
    1108             :         }
    1109             :     }
    1110             :     else
    1111             :     {
    1112             :         /*
    1113             :          * This was an xlog-switch record, but the current insert location was
    1114             :          * already exactly at the beginning of a segment, so there was no need
    1115             :          * to do anything.
    1116             :          */
    1117             :     }
    1118             : 
    1119             :     /*
    1120             :      * Done! Let others know that we're finished.
    1121             :      */
    1122    29477714 :     WALInsertLockRelease();
    1123             : 
    1124    29477714 :     MarkCurrentTransactionIdLoggedIfAny();
    1125             : 
    1126    29477714 :     END_CRIT_SECTION();
    1127             : 
    1128             :     /*
    1129             :      * Update shared LogwrtRqst.Write, if we crossed page boundary.
    1130             :      */
    1131    29477714 :     if (StartPos / XLOG_BLCKSZ != EndPos / XLOG_BLCKSZ)
    1132             :     {
    1133      457296 :         SpinLockAcquire(&XLogCtl->info_lck);
    1134             :         /* advance global request to include new block(s) */
    1135      457296 :         if (XLogCtl->LogwrtRqst.Write < EndPos)
    1136      457234 :             XLogCtl->LogwrtRqst.Write = EndPos;
    1137             :         /* update local result copy while I have the chance */
    1138      457296 :         LogwrtResult = XLogCtl->LogwrtResult;
    1139      457296 :         SpinLockRelease(&XLogCtl->info_lck);
    1140             :     }
    1141             : 
    1142             :     /*
    1143             :      * If this was an XLOG_SWITCH record, flush the record and the empty
    1144             :      * padding space that fills the rest of the segment, and perform
    1145             :      * end-of-segment actions (eg, notifying archiver).
    1146             :      */
    1147    29477714 :     if (isLogSwitch)
    1148             :     {
    1149             :         TRACE_POSTGRESQL_WAL_SWITCH();
    1150         192 :         XLogFlush(EndPos);
    1151             : 
    1152             :         /*
    1153             :          * Even though we reserved the rest of the segment for us, which is
    1154             :          * reflected in EndPos, we return a pointer to just the end of the
    1155             :          * xlog-switch record.
    1156             :          */
    1157         192 :         if (inserted)
    1158             :         {
    1159         168 :             EndPos = StartPos + SizeOfXLogRecord;
    1160         168 :             if (StartPos / XLOG_BLCKSZ != EndPos / XLOG_BLCKSZ)
    1161             :             {
    1162           0 :                 uint64      offset = XLogSegmentOffset(EndPos, wal_segment_size);
    1163             : 
    1164           0 :                 if (offset == EndPos % XLOG_BLCKSZ)
    1165           0 :                     EndPos += SizeOfXLogLongPHD;
    1166             :                 else
    1167           0 :                     EndPos += SizeOfXLogShortPHD;
    1168             :             }
    1169             :         }
    1170             :     }
    1171             : 
    1172             : #ifdef WAL_DEBUG
    1173             :     if (XLOG_DEBUG)
    1174             :     {
    1175             :         static XLogReaderState *debug_reader = NULL;
    1176             :         StringInfoData buf;
    1177             :         StringInfoData recordBuf;
    1178             :         char       *errormsg = NULL;
    1179             :         MemoryContext oldCxt;
    1180             : 
    1181             :         oldCxt = MemoryContextSwitchTo(walDebugCxt);
    1182             : 
    1183             :         initStringInfo(&buf);
    1184             :         appendStringInfo(&buf, "INSERT @ %X/%X: ",
    1185             :                          (uint32) (EndPos >> 32), (uint32) EndPos);
    1186             : 
    1187             :         /*
    1188             :          * We have to piece together the WAL record data from the XLogRecData
    1189             :          * entries, so that we can pass it to the rm_desc function as one
    1190             :          * contiguous chunk.
    1191             :          */
    1192             :         initStringInfo(&recordBuf);
    1193             :         for (; rdata != NULL; rdata = rdata->next)
    1194             :             appendBinaryStringInfo(&recordBuf, rdata->data, rdata->len);
    1195             : 
    1196             :         if (!debug_reader)
    1197             :             debug_reader = XLogReaderAllocate(wal_segment_size, NULL,
    1198             :                                               NULL, NULL);
    1199             : 
    1200             :         if (!debug_reader)
    1201             :         {
    1202             :             appendStringInfoString(&buf, "error decoding record: out of memory");
    1203             :         }
    1204             :         else if (!DecodeXLogRecord(debug_reader, (XLogRecord *) recordBuf.data,
    1205             :                                    &errormsg))
    1206             :         {
    1207             :             appendStringInfo(&buf, "error decoding record: %s",
    1208             :                              errormsg ? errormsg : "no error message");
    1209             :         }
    1210             :         else
    1211             :         {
    1212             :             appendStringInfoString(&buf, " - ");
    1213             :             xlog_outdesc(&buf, debug_reader);
    1214             :         }
    1215             :         elog(LOG, "%s", buf.data);
    1216             : 
    1217             :         pfree(buf.data);
    1218             :         pfree(recordBuf.data);
    1219             :         MemoryContextSwitchTo(oldCxt);
    1220             :     }
    1221             : #endif
    1222             : 
    1223             :     /*
    1224             :      * Update our global variables
    1225             :      */
    1226    29477714 :     ProcLastRecPtr = StartPos;
    1227    29477714 :     XactLastRecEnd = EndPos;
    1228             : 
    1229    29477714 :     return EndPos;
    1230             : }
    1231             : 
    1232             : /*
    1233             :  * Reserves the right amount of space for a record of given size from the WAL.
    1234             :  * *StartPos is set to the beginning of the reserved section, *EndPos to
    1235             :  * its end+1. *PrevPtr is set to the beginning of the previous record; it is
    1236             :  * used to set the xl_prev of this record.
    1237             :  *
    1238             :  * This is the performance critical part of XLogInsert that must be serialized
    1239             :  * across backends. The rest can happen mostly in parallel. Try to keep this
    1240             :  * section as short as possible, insertpos_lck can be heavily contended on a
    1241             :  * busy system.
    1242             :  *
    1243             :  * NB: The space calculation here must match the code in CopyXLogRecordToWAL,
    1244             :  * where we actually copy the record to the reserved space.
    1245             :  */
    1246             : static void
    1247    29477522 : ReserveXLogInsertLocation(int size, XLogRecPtr *StartPos, XLogRecPtr *EndPos,
    1248             :                           XLogRecPtr *PrevPtr)
    1249             : {
    1250    29477522 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    1251             :     uint64      startbytepos;
    1252             :     uint64      endbytepos;
    1253             :     uint64      prevbytepos;
    1254             : 
    1255    29477522 :     size = MAXALIGN(size);
    1256             : 
    1257             :     /* All (non xlog-switch) records should contain data. */
    1258             :     Assert(size > SizeOfXLogRecord);
    1259             : 
    1260             :     /*
    1261             :      * The duration the spinlock needs to be held is minimized by minimizing
    1262             :      * the calculations that have to be done while holding the lock. The
    1263             :      * current tip of reserved WAL is kept in CurrBytePos, as a byte position
    1264             :      * that only counts "usable" bytes in WAL, that is, it excludes all WAL
    1265             :      * page headers. The mapping between "usable" byte positions and physical
    1266             :      * positions (XLogRecPtrs) can be done outside the locked region, and
    1267             :      * because the usable byte position doesn't include any headers, reserving
    1268             :      * X bytes from WAL is almost as simple as "CurrBytePos += X".
    1269             :      */
    1270    29477522 :     SpinLockAcquire(&Insert->insertpos_lck);
    1271             : 
    1272    29477522 :     startbytepos = Insert->CurrBytePos;
    1273    29477522 :     endbytepos = startbytepos + size;
    1274    29477522 :     prevbytepos = Insert->PrevBytePos;
    1275    29477522 :     Insert->CurrBytePos = endbytepos;
    1276    29477522 :     Insert->PrevBytePos = startbytepos;
    1277             : 
    1278    29477522 :     SpinLockRelease(&Insert->insertpos_lck);
    1279             : 
    1280    29477522 :     *StartPos = XLogBytePosToRecPtr(startbytepos);
    1281    29477522 :     *EndPos = XLogBytePosToEndRecPtr(endbytepos);
    1282    29477522 :     *PrevPtr = XLogBytePosToRecPtr(prevbytepos);
    1283             : 
    1284             :     /*
    1285             :      * Check that the conversions between "usable byte positions" and
    1286             :      * XLogRecPtrs work consistently in both directions.
    1287             :      */
    1288             :     Assert(XLogRecPtrToBytePos(*StartPos) == startbytepos);
    1289             :     Assert(XLogRecPtrToBytePos(*EndPos) == endbytepos);
    1290             :     Assert(XLogRecPtrToBytePos(*PrevPtr) == prevbytepos);
    1291    29477522 : }
    1292             : 
    1293             : /*
    1294             :  * Like ReserveXLogInsertLocation(), but for an xlog-switch record.
    1295             :  *
    1296             :  * A log-switch record is handled slightly differently. The rest of the
    1297             :  * segment will be reserved for this insertion, as indicated by the returned
    1298             :  * *EndPos value. However, if we are already at the beginning of the current
    1299             :  * segment, *StartPos and *EndPos are set to the current location without
    1300             :  * reserving any space, and the function returns false.
    1301             : */
    1302             : static bool
    1303         192 : ReserveXLogSwitch(XLogRecPtr *StartPos, XLogRecPtr *EndPos, XLogRecPtr *PrevPtr)
    1304             : {
    1305         192 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    1306             :     uint64      startbytepos;
    1307             :     uint64      endbytepos;
    1308             :     uint64      prevbytepos;
    1309         192 :     uint32      size = MAXALIGN(SizeOfXLogRecord);
    1310             :     XLogRecPtr  ptr;
    1311             :     uint32      segleft;
    1312             : 
    1313             :     /*
    1314             :      * These calculations are a bit heavy-weight to be done while holding a
    1315             :      * spinlock, but since we're holding all the WAL insertion locks, there
    1316             :      * are no other inserters competing for it. GetXLogInsertRecPtr() does
    1317             :      * compete for it, but that's not called very frequently.
    1318             :      */
    1319         192 :     SpinLockAcquire(&Insert->insertpos_lck);
    1320             : 
    1321         192 :     startbytepos = Insert->CurrBytePos;
    1322             : 
    1323         192 :     ptr = XLogBytePosToEndRecPtr(startbytepos);
    1324         192 :     if (XLogSegmentOffset(ptr, wal_segment_size) == 0)
    1325             :     {
    1326          24 :         SpinLockRelease(&Insert->insertpos_lck);
    1327          24 :         *EndPos = *StartPos = ptr;
    1328          24 :         return false;
    1329             :     }
    1330             : 
    1331         168 :     endbytepos = startbytepos + size;
    1332         168 :     prevbytepos = Insert->PrevBytePos;
    1333             : 
    1334         168 :     *StartPos = XLogBytePosToRecPtr(startbytepos);
    1335         168 :     *EndPos = XLogBytePosToEndRecPtr(endbytepos);
    1336             : 
    1337         168 :     segleft = wal_segment_size - XLogSegmentOffset(*EndPos, wal_segment_size);
    1338         168 :     if (segleft != wal_segment_size)
    1339             :     {
    1340             :         /* consume the rest of the segment */
    1341         168 :         *EndPos += segleft;
    1342         168 :         endbytepos = XLogRecPtrToBytePos(*EndPos);
    1343             :     }
    1344         168 :     Insert->CurrBytePos = endbytepos;
    1345         168 :     Insert->PrevBytePos = startbytepos;
    1346             : 
    1347         168 :     SpinLockRelease(&Insert->insertpos_lck);
    1348             : 
    1349         168 :     *PrevPtr = XLogBytePosToRecPtr(prevbytepos);
    1350             : 
    1351             :     Assert(XLogSegmentOffset(*EndPos, wal_segment_size) == 0);
    1352             :     Assert(XLogRecPtrToBytePos(*EndPos) == endbytepos);
    1353             :     Assert(XLogRecPtrToBytePos(*StartPos) == startbytepos);
    1354             :     Assert(XLogRecPtrToBytePos(*PrevPtr) == prevbytepos);
    1355             : 
    1356         168 :     return true;
    1357             : }
    1358             : 
    1359             : /*
    1360             :  * Checks whether the current buffer page and backup page stored in the
    1361             :  * WAL record are consistent or not. Before comparing the two pages, a
    1362             :  * masking can be applied to the pages to ignore certain areas like hint bits,
    1363             :  * unused space between pd_lower and pd_upper among other things. This
    1364             :  * function should be called once WAL replay has been completed for a
    1365             :  * given record.
    1366             :  */
    1367             : static void
    1368           0 : checkXLogConsistency(XLogReaderState *record)
    1369             : {
    1370           0 :     RmgrId      rmid = XLogRecGetRmid(record);
    1371             :     RelFileNode rnode;
    1372             :     ForkNumber  forknum;
    1373             :     BlockNumber blkno;
    1374             :     int         block_id;
    1375             : 
    1376             :     /* Records with no backup blocks have no need for consistency checks. */
    1377           0 :     if (!XLogRecHasAnyBlockRefs(record))
    1378           0 :         return;
    1379             : 
    1380             :     Assert((XLogRecGetInfo(record) & XLR_CHECK_CONSISTENCY) != 0);
    1381             : 
    1382           0 :     for (block_id = 0; block_id <= record->max_block_id; block_id++)
    1383             :     {
    1384             :         Buffer      buf;
    1385             :         Page        page;
    1386             : 
    1387           0 :         if (!XLogRecGetBlockTag(record, block_id, &rnode, &forknum, &blkno))
    1388             :         {
    1389             :             /*
    1390             :              * WAL record doesn't contain a block reference with the given id.
    1391             :              * Do nothing.
    1392             :              */
    1393           0 :             continue;
    1394             :         }
    1395             : 
    1396             :         Assert(XLogRecHasBlockImage(record, block_id));
    1397             : 
    1398           0 :         if (XLogRecBlockImageApply(record, block_id))
    1399             :         {
    1400             :             /*
    1401             :              * WAL record has already applied the page, so bypass the
    1402             :              * consistency check as that would result in comparing the full
    1403             :              * page stored in the record with itself.
    1404             :              */
    1405           0 :             continue;
    1406             :         }
    1407             : 
    1408             :         /*
    1409             :          * Read the contents from the current buffer and store it in a
    1410             :          * temporary page.
    1411             :          */
    1412           0 :         buf = XLogReadBufferExtended(rnode, forknum, blkno,
    1413             :                                      RBM_NORMAL_NO_LOG);
    1414           0 :         if (!BufferIsValid(buf))
    1415           0 :             continue;
    1416             : 
    1417           0 :         LockBuffer(buf, BUFFER_LOCK_EXCLUSIVE);
    1418           0 :         page = BufferGetPage(buf);
    1419             : 
    1420             :         /*
    1421             :          * Take a copy of the local page where WAL has been applied to have a
    1422             :          * comparison base before masking it...
    1423             :          */
    1424           0 :         memcpy(replay_image_masked, page, BLCKSZ);
    1425             : 
    1426             :         /* No need for this page anymore now that a copy is in. */
    1427           0 :         UnlockReleaseBuffer(buf);
    1428             : 
    1429             :         /*
    1430             :          * If the block LSN is already ahead of this WAL record, we can't
    1431             :          * expect contents to match.  This can happen if recovery is
    1432             :          * restarted.
    1433             :          */
    1434           0 :         if (PageGetLSN(replay_image_masked) > record->EndRecPtr)
    1435           0 :             continue;
    1436             : 
    1437             :         /*
    1438             :          * Read the contents from the backup copy, stored in WAL record and
    1439             :          * store it in a temporary page. There is no need to allocate a new
    1440             :          * page here, a local buffer is fine to hold its contents and a mask
    1441             :          * can be directly applied on it.
    1442             :          */
    1443           0 :         if (!RestoreBlockImage(record, block_id, master_image_masked))
    1444           0 :             elog(ERROR, "failed to restore block image");
    1445             : 
    1446             :         /*
    1447             :          * If masking function is defined, mask both the master and replay
    1448             :          * images
    1449             :          */
    1450           0 :         if (RmgrTable[rmid].rm_mask != NULL)
    1451             :         {
    1452           0 :             RmgrTable[rmid].rm_mask(replay_image_masked, blkno);
    1453           0 :             RmgrTable[rmid].rm_mask(master_image_masked, blkno);
    1454             :         }
    1455             : 
    1456             :         /* Time to compare the master and replay images. */
    1457           0 :         if (memcmp(replay_image_masked, master_image_masked, BLCKSZ) != 0)
    1458             :         {
    1459           0 :             elog(FATAL,
    1460             :                  "inconsistent page found, rel %u/%u/%u, forknum %u, blkno %u",
    1461             :                  rnode.spcNode, rnode.dbNode, rnode.relNode,
    1462             :                  forknum, blkno);
    1463             :         }
    1464             :     }
    1465             : }
    1466             : 
    1467             : /*
    1468             :  * Subroutine of XLogInsertRecord.  Copies a WAL record to an already-reserved
    1469             :  * area in the WAL.
    1470             :  */
    1471             : static void
    1472    29477690 : CopyXLogRecordToWAL(int write_len, bool isLogSwitch, XLogRecData *rdata,
    1473             :                     XLogRecPtr StartPos, XLogRecPtr EndPos)
    1474             : {
    1475             :     char       *currpos;
    1476             :     int         freespace;
    1477             :     int         written;
    1478             :     XLogRecPtr  CurrPos;
    1479             :     XLogPageHeader pagehdr;
    1480             : 
    1481             :     /*
    1482             :      * Get a pointer to the right place in the right WAL buffer to start
    1483             :      * inserting to.
    1484             :      */
    1485    29477690 :     CurrPos = StartPos;
    1486    29477690 :     currpos = GetXLogBuffer(CurrPos);
    1487    29477690 :     freespace = INSERT_FREESPACE(CurrPos);
    1488             : 
    1489             :     /*
    1490             :      * there should be enough space for at least the first field (xl_tot_len)
    1491             :      * on this page.
    1492             :      */
    1493             :     Assert(freespace >= sizeof(uint32));
    1494             : 
    1495             :     /* Copy record data */
    1496    29477690 :     written = 0;
    1497   161638350 :     while (rdata != NULL)
    1498             :     {
    1499   102682970 :         char       *rdata_data = rdata->data;
    1500   102682970 :         int         rdata_len = rdata->len;
    1501             : 
    1502   205797994 :         while (rdata_len > freespace)
    1503             :         {
    1504             :             /*
    1505             :              * Write what fits on this page, and continue on the next page.
    1506             :              */
    1507             :             Assert(CurrPos % XLOG_BLCKSZ >= SizeOfXLogShortPHD || freespace == 0);
    1508      432054 :             memcpy(currpos, rdata_data, freespace);
    1509      432054 :             rdata_data += freespace;
    1510      432054 :             rdata_len -= freespace;
    1511      432054 :             written += freespace;
    1512      432054 :             CurrPos += freespace;
    1513             : 
    1514             :             /*
    1515             :              * Get pointer to beginning of next page, and set the xlp_rem_len
    1516             :              * in the page header. Set XLP_FIRST_IS_CONTRECORD.
    1517             :              *
    1518             :              * It's safe to set the contrecord flag and xlp_rem_len without a
    1519             :              * lock on the page. All the other flags were already set when the
    1520             :              * page was initialized, in AdvanceXLInsertBuffer, and we're the
    1521             :              * only backend that needs to set the contrecord flag.
    1522             :              */
    1523      432054 :             currpos = GetXLogBuffer(CurrPos);
    1524      432054 :             pagehdr = (XLogPageHeader) currpos;
    1525      432054 :             pagehdr->xlp_rem_len = write_len - written;
    1526      432054 :             pagehdr->xlp_info |= XLP_FIRST_IS_CONTRECORD;
    1527             : 
    1528             :             /* skip over the page header */
    1529      432054 :             if (XLogSegmentOffset(CurrPos, wal_segment_size) == 0)
    1530             :             {
    1531         546 :                 CurrPos += SizeOfXLogLongPHD;
    1532         546 :                 currpos += SizeOfXLogLongPHD;
    1533             :             }
    1534             :             else
    1535             :             {
    1536      431508 :                 CurrPos += SizeOfXLogShortPHD;
    1537      431508 :                 currpos += SizeOfXLogShortPHD;
    1538             :             }
    1539      432054 :             freespace = INSERT_FREESPACE(CurrPos);
    1540             :         }
    1541             : 
    1542             :         Assert(CurrPos % XLOG_BLCKSZ >= SizeOfXLogShortPHD || rdata_len == 0);
    1543   102682970 :         memcpy(currpos, rdata_data, rdata_len);
    1544   102682970 :         currpos += rdata_len;
    1545   102682970 :         CurrPos += rdata_len;
    1546   102682970 :         freespace -= rdata_len;
    1547   102682970 :         written += rdata_len;
    1548             : 
    1549   102682970 :         rdata = rdata->next;
    1550             :     }
    1551             :     Assert(written == write_len);
    1552             : 
    1553             :     /*
    1554             :      * If this was an xlog-switch, it's not enough to write the switch record,
    1555             :      * we also have to consume all the remaining space in the WAL segment.  We
    1556             :      * have already reserved that space, but we need to actually fill it.
    1557             :      */
    1558    29477858 :     if (isLogSwitch && XLogSegmentOffset(CurrPos, wal_segment_size) != 0)
    1559             :     {
    1560             :         /* An xlog-switch record doesn't contain any data besides the header */
    1561             :         Assert(write_len == SizeOfXLogRecord);
    1562             : 
    1563             :         /* Assert that we did reserve the right amount of space */
    1564             :         Assert(XLogSegmentOffset(EndPos, wal_segment_size) == 0);
    1565             : 
    1566             :         /* Use up all the remaining space on the current page */
    1567         168 :         CurrPos += freespace;
    1568             : 
    1569             :         /*
    1570             :          * Cause all remaining pages in the segment to be flushed, leaving the
    1571             :          * XLog position where it should be, at the start of the next segment.
    1572             :          * We do this one page at a time, to make sure we don't deadlock
    1573             :          * against ourselves if wal_buffers < wal_segment_size.
    1574             :          */
    1575      304718 :         while (CurrPos < EndPos)
    1576             :         {
    1577             :             /*
    1578             :              * The minimal action to flush the page would be to call
    1579             :              * WALInsertLockUpdateInsertingAt(CurrPos) followed by
    1580             :              * AdvanceXLInsertBuffer(...).  The page would be left initialized
    1581             :              * mostly to zeros, except for the page header (always the short
    1582             :              * variant, as this is never a segment's first page).
    1583             :              *
    1584             :              * The large vistas of zeros are good for compressibility, but the
    1585             :              * headers interrupting them every XLOG_BLCKSZ (with values that
    1586             :              * differ from page to page) are not.  The effect varies with
    1587             :              * compression tool, but bzip2 for instance compresses about an
    1588             :              * order of magnitude worse if those headers are left in place.
    1589             :              *
    1590             :              * Rather than complicating AdvanceXLInsertBuffer itself (which is
    1591             :              * called in heavily-loaded circumstances as well as this lightly-
    1592             :              * loaded one) with variant behavior, we just use GetXLogBuffer
    1593             :              * (which itself calls the two methods we need) to get the pointer
    1594             :              * and zero most of the page.  Then we just zero the page header.
    1595             :              */
    1596      304382 :             currpos = GetXLogBuffer(CurrPos);
    1597      304382 :             MemSet(currpos, 0, SizeOfXLogShortPHD);
    1598             : 
    1599      304382 :             CurrPos += XLOG_BLCKSZ;
    1600             :         }
    1601             :     }
    1602             :     else
    1603             :     {
    1604             :         /* Align the end position, so that the next record starts aligned */
    1605    29477522 :         CurrPos = MAXALIGN64(CurrPos);
    1606             :     }
    1607             : 
    1608    29477690 :     if (CurrPos != EndPos)
    1609           0 :         elog(PANIC, "space reserved for WAL record does not match what was written");
    1610    29477690 : }
    1611             : 
    1612             : /*
    1613             :  * Acquire a WAL insertion lock, for inserting to WAL.
    1614             :  */
    1615             : static void
    1616    29477548 : WALInsertLockAcquire(void)
    1617             : {
    1618             :     bool        immed;
    1619             : 
    1620             :     /*
    1621             :      * It doesn't matter which of the WAL insertion locks we acquire, so try
    1622             :      * the one we used last time.  If the system isn't particularly busy, it's
    1623             :      * a good bet that it's still available, and it's good to have some
    1624             :      * affinity to a particular lock so that you don't unnecessarily bounce
    1625             :      * cache lines between processes when there's no contention.
    1626             :      *
    1627             :      * If this is the first time through in this backend, pick a lock
    1628             :      * (semi-)randomly.  This allows the locks to be used evenly if you have a
    1629             :      * lot of very short connections.
    1630             :      */
    1631             :     static int  lockToTry = -1;
    1632             : 
    1633    29477548 :     if (lockToTry == -1)
    1634        6036 :         lockToTry = MyProc->pgprocno % NUM_XLOGINSERT_LOCKS;
    1635    29477548 :     MyLockNo = lockToTry;
    1636             : 
    1637             :     /*
    1638             :      * The insertingAt value is initially set to 0, as we don't know our
    1639             :      * insert location yet.
    1640             :      */
    1641    29477548 :     immed = LWLockAcquire(&WALInsertLocks[MyLockNo].l.lock, LW_EXCLUSIVE);
    1642    29477548 :     if (!immed)
    1643             :     {
    1644             :         /*
    1645             :          * If we couldn't get the lock immediately, try another lock next
    1646             :          * time.  On a system with more insertion locks than concurrent
    1647             :          * inserters, this causes all the inserters to eventually migrate to a
    1648             :          * lock that no-one else is using.  On a system with more inserters
    1649             :          * than locks, it still helps to distribute the inserters evenly
    1650             :          * across the locks.
    1651             :          */
    1652         144 :         lockToTry = (lockToTry + 1) % NUM_XLOGINSERT_LOCKS;
    1653             :     }
    1654    29477548 : }
    1655             : 
    1656             : /*
    1657             :  * Acquire all WAL insertion locks, to prevent other backends from inserting
    1658             :  * to WAL.
    1659             :  */
    1660             : static void
    1661        3418 : WALInsertLockAcquireExclusive(void)
    1662             : {
    1663             :     int         i;
    1664             : 
    1665             :     /*
    1666             :      * When holding all the locks, all but the last lock's insertingAt
    1667             :      * indicator is set to 0xFFFFFFFFFFFFFFFF, which is higher than any real
    1668             :      * XLogRecPtr value, to make sure that no-one blocks waiting on those.
    1669             :      */
    1670       27344 :     for (i = 0; i < NUM_XLOGINSERT_LOCKS - 1; i++)
    1671             :     {
    1672       23926 :         LWLockAcquire(&WALInsertLocks[i].l.lock, LW_EXCLUSIVE);
    1673       23926 :         LWLockUpdateVar(&WALInsertLocks[i].l.lock,
    1674       23926 :                         &WALInsertLocks[i].l.insertingAt,
    1675             :                         PG_UINT64_MAX);
    1676             :     }
    1677             :     /* Variable value reset to 0 at release */
    1678        3418 :     LWLockAcquire(&WALInsertLocks[i].l.lock, LW_EXCLUSIVE);
    1679             : 
    1680        3418 :     holdingAllLocks = true;
    1681        3418 : }
    1682             : 
    1683             : /*
    1684             :  * Release our insertion lock (or locks, if we're holding them all).
    1685             :  *
    1686             :  * NB: Reset all variables to 0, so they cause LWLockWaitForVar to block the
    1687             :  * next time the lock is acquired.
    1688             :  */
    1689             : static void
    1690    29480966 : WALInsertLockRelease(void)
    1691             : {
    1692    29480966 :     if (holdingAllLocks)
    1693             :     {
    1694             :         int         i;
    1695             : 
    1696       30762 :         for (i = 0; i < NUM_XLOGINSERT_LOCKS; i++)
    1697       27344 :             LWLockReleaseClearVar(&WALInsertLocks[i].l.lock,
    1698       27344 :                                   &WALInsertLocks[i].l.insertingAt,
    1699             :                                   0);
    1700             : 
    1701        3418 :         holdingAllLocks = false;
    1702             :     }
    1703             :     else
    1704             :     {
    1705    29477548 :         LWLockReleaseClearVar(&WALInsertLocks[MyLockNo].l.lock,
    1706    29477548 :                               &WALInsertLocks[MyLockNo].l.insertingAt,
    1707             :                               0);
    1708             :     }
    1709    29480966 : }
    1710             : 
    1711             : /*
    1712             :  * Update our insertingAt value, to let others know that we've finished
    1713             :  * inserting up to that point.
    1714             :  */
    1715             : static void
    1716      591516 : WALInsertLockUpdateInsertingAt(XLogRecPtr insertingAt)
    1717             : {
    1718      591516 :     if (holdingAllLocks)
    1719             :     {
    1720             :         /*
    1721             :          * We use the last lock to mark our actual position, see comments in
    1722             :          * WALInsertLockAcquireExclusive.
    1723             :          */
    1724      302330 :         LWLockUpdateVar(&WALInsertLocks[NUM_XLOGINSERT_LOCKS - 1].l.lock,
    1725      302330 :                         &WALInsertLocks[NUM_XLOGINSERT_LOCKS - 1].l.insertingAt,
    1726             :                         insertingAt);
    1727             :     }
    1728             :     else
    1729      289186 :         LWLockUpdateVar(&WALInsertLocks[MyLockNo].l.lock,
    1730      289186 :                         &WALInsertLocks[MyLockNo].l.insertingAt,
    1731             :                         insertingAt);
    1732      591516 : }
    1733             : 
    1734             : /*
    1735             :  * Wait for any WAL insertions < upto to finish.
    1736             :  *
    1737             :  * Returns the location of the oldest insertion that is still in-progress.
    1738             :  * Any WAL prior to that point has been fully copied into WAL buffers, and
    1739             :  * can be flushed out to disk. Because this waits for any insertions older
    1740             :  * than 'upto' to finish, the return value is always >= 'upto'.
    1741             :  *
    1742             :  * Note: When you are about to write out WAL, you must call this function
    1743             :  * *before* acquiring WALWriteLock, to avoid deadlocks. This function might
    1744             :  * need to wait for an insertion to finish (or at least advance to next
    1745             :  * uninitialized page), and the inserter might need to evict an old WAL buffer
    1746             :  * to make room for a new one, which in turn requires WALWriteLock.
    1747             :  */
    1748             : static XLogRecPtr
    1749      534096 : WaitXLogInsertionsToFinish(XLogRecPtr upto)
    1750             : {
    1751             :     uint64      bytepos;
    1752             :     XLogRecPtr  reservedUpto;
    1753             :     XLogRecPtr  finishedUpto;
    1754      534096 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    1755             :     int         i;
    1756             : 
    1757      534096 :     if (MyProc == NULL)
    1758           0 :         elog(PANIC, "cannot wait without a PGPROC structure");
    1759             : 
    1760             :     /* Read the current insert position */
    1761      534096 :     SpinLockAcquire(&Insert->insertpos_lck);
    1762      534096 :     bytepos = Insert->CurrBytePos;
    1763      534096 :     SpinLockRelease(&Insert->insertpos_lck);
    1764      534096 :     reservedUpto = XLogBytePosToEndRecPtr(bytepos);
    1765             : 
    1766             :     /*
    1767             :      * No-one should request to flush a piece of WAL that hasn't even been
    1768             :      * reserved yet. However, it can happen if there is a block with a bogus
    1769             :      * LSN on disk, for example. XLogFlush checks for that situation and
    1770             :      * complains, but only after the flush. Here we just assume that to mean
    1771             :      * that all WAL that has been reserved needs to be finished. In this
    1772             :      * corner-case, the return value can be smaller than 'upto' argument.
    1773             :      */
    1774      534096 :     if (upto > reservedUpto)
    1775             :     {
    1776           0 :         elog(LOG, "request to flush past end of generated WAL; request %X/%X, currpos %X/%X",
    1777             :              (uint32) (upto >> 32), (uint32) upto,
    1778             :              (uint32) (reservedUpto >> 32), (uint32) reservedUpto);
    1779           0 :         upto = reservedUpto;
    1780             :     }
    1781             : 
    1782             :     /*
    1783             :      * Loop through all the locks, sleeping on any in-progress insert older
    1784             :      * than 'upto'.
    1785             :      *
    1786             :      * finishedUpto is our return value, indicating the point upto which all
    1787             :      * the WAL insertions have been finished. Initialize it to the head of
    1788             :      * reserved WAL, and as we iterate through the insertion locks, back it
    1789             :      * out for any insertion that's still in progress.
    1790             :      */
    1791      534096 :     finishedUpto = reservedUpto;
    1792     4806864 :     for (i = 0; i < NUM_XLOGINSERT_LOCKS; i++)
    1793             :     {
    1794     4272768 :         XLogRecPtr  insertingat = InvalidXLogRecPtr;
    1795             : 
    1796             :         do
    1797             :         {
    1798             :             /*
    1799             :              * See if this insertion is in progress.  LWLockWaitForVar will
    1800             :              * wait for the lock to be released, or for the 'value' to be set
    1801             :              * by a LWLockUpdateVar call.  When a lock is initially acquired,
    1802             :              * its value is 0 (InvalidXLogRecPtr), which means that we don't
    1803             :              * know where it's inserting yet.  We will have to wait for it. If
    1804             :              * it's a small insertion, the record will most likely fit on the
    1805             :              * same page and the inserter will release the lock without ever
    1806             :              * calling LWLockUpdateVar.  But if it has to sleep, it will
    1807             :              * advertise the insertion point with LWLockUpdateVar before
    1808             :              * sleeping.
    1809             :              */
    1810     8545904 :             if (LWLockWaitForVar(&WALInsertLocks[i].l.lock,
    1811     4272952 :                                  &WALInsertLocks[i].l.insertingAt,
    1812             :                                  insertingat, &insertingat))
    1813             :             {
    1814             :                 /* the lock was free, so no insertion in progress */
    1815     2098512 :                 insertingat = InvalidXLogRecPtr;
    1816     2098512 :                 break;
    1817             :             }
    1818             : 
    1819             :             /*
    1820             :              * This insertion is still in progress. Have to wait, unless the
    1821             :              * inserter has proceeded past 'upto'.
    1822             :              */
    1823     2174440 :         } while (insertingat < upto);
    1824             : 
    1825     4272768 :         if (insertingat != InvalidXLogRecPtr && insertingat < finishedUpto)
    1826      284538 :             finishedUpto = insertingat;
    1827             :     }
    1828      534096 :     return finishedUpto;
    1829             : }
    1830             : 
    1831             : /*
    1832             :  * Get a pointer to the right location in the WAL buffer containing the
    1833             :  * given XLogRecPtr.
    1834             :  *
    1835             :  * If the page is not initialized yet, it is initialized. That might require
    1836             :  * evicting an old dirty buffer from the buffer cache, which means I/O.
    1837             :  *
    1838             :  * The caller must ensure that the page containing the requested location
    1839             :  * isn't evicted yet, and won't be evicted. The way to ensure that is to
    1840             :  * hold onto a WAL insertion lock with the insertingAt position set to
    1841             :  * something <= ptr. GetXLogBuffer() will update insertingAt if it needs
    1842             :  * to evict an old page from the buffer. (This means that once you call
    1843             :  * GetXLogBuffer() with a given 'ptr', you must not access anything before
    1844             :  * that point anymore, and must not call GetXLogBuffer() with an older 'ptr'
    1845             :  * later, because older buffers might be recycled already)
    1846             :  */
    1847             : static char *
    1848    30214126 : GetXLogBuffer(XLogRecPtr ptr)
    1849             : {
    1850             :     int         idx;
    1851             :     XLogRecPtr  endptr;
    1852             :     static uint64 cachedPage = 0;
    1853             :     static char *cachedPos = NULL;
    1854             :     XLogRecPtr  expectedEndPtr;
    1855             : 
    1856             :     /*
    1857             :      * Fast path for the common case that we need to access again the same
    1858             :      * page as last time.
    1859             :      */
    1860    30214126 :     if (ptr / XLOG_BLCKSZ == cachedPage)
    1861             :     {
    1862             :         Assert(((XLogPageHeader) cachedPos)->xlp_magic == XLOG_PAGE_MAGIC);
    1863             :         Assert(((XLogPageHeader) cachedPos)->xlp_pageaddr == ptr - (ptr % XLOG_BLCKSZ));
    1864    29359044 :         return cachedPos + ptr % XLOG_BLCKSZ;
    1865             :     }
    1866             : 
    1867             :     /*
    1868             :      * The XLog buffer cache is organized so that a page is always loaded to a
    1869             :      * particular buffer.  That way we can easily calculate the buffer a given
    1870             :      * page must be loaded into, from the XLogRecPtr alone.
    1871             :      */
    1872      855082 :     idx = XLogRecPtrToBufIdx(ptr);
    1873             : 
    1874             :     /*
    1875             :      * See what page is loaded in the buffer at the moment. It could be the
    1876             :      * page we're looking for, or something older. It can't be anything newer
    1877             :      * - that would imply the page we're looking for has already been written
    1878             :      * out to disk and evicted, and the caller is responsible for making sure
    1879             :      * that doesn't happen.
    1880             :      *
    1881             :      * However, we don't hold a lock while we read the value. If someone has
    1882             :      * just initialized the page, it's possible that we get a "torn read" of
    1883             :      * the XLogRecPtr if 64-bit fetches are not atomic on this platform. In
    1884             :      * that case we will see a bogus value. That's ok, we'll grab the mapping
    1885             :      * lock (in AdvanceXLInsertBuffer) and retry if we see anything else than
    1886             :      * the page we're looking for. But it means that when we do this unlocked
    1887             :      * read, we might see a value that appears to be ahead of the page we're
    1888             :      * looking for. Don't PANIC on that, until we've verified the value while
    1889             :      * holding the lock.
    1890             :      */
    1891      855082 :     expectedEndPtr = ptr;
    1892      855082 :     expectedEndPtr += XLOG_BLCKSZ - ptr % XLOG_BLCKSZ;
    1893             : 
    1894      855082 :     endptr = XLogCtl->xlblocks[idx];
    1895      855082 :     if (expectedEndPtr != endptr)
    1896             :     {
    1897             :         XLogRecPtr  initializedUpto;
    1898             : 
    1899             :         /*
    1900             :          * Before calling AdvanceXLInsertBuffer(), which can block, let others
    1901             :          * know how far we're finished with inserting the record.
    1902             :          *
    1903             :          * NB: If 'ptr' points to just after the page header, advertise a
    1904             :          * position at the beginning of the page rather than 'ptr' itself. If
    1905             :          * there are no other insertions running, someone might try to flush
    1906             :          * up to our advertised location. If we advertised a position after
    1907             :          * the page header, someone might try to flush the page header, even
    1908             :          * though page might actually not be initialized yet. As the first
    1909             :          * inserter on the page, we are effectively responsible for making
    1910             :          * sure that it's initialized, before we let insertingAt to move past
    1911             :          * the page header.
    1912             :          */
    1913      609436 :         if (ptr % XLOG_BLCKSZ == SizeOfXLogShortPHD &&
    1914       17920 :             XLogSegmentOffset(ptr, wal_segment_size) > XLOG_BLCKSZ)
    1915       17920 :             initializedUpto = ptr - SizeOfXLogShortPHD;
    1916      573830 :         else if (ptr % XLOG_BLCKSZ == SizeOfXLogLongPHD &&
    1917         234 :                  XLogSegmentOffset(ptr, wal_segment_size) < XLOG_BLCKSZ)
    1918         140 :             initializedUpto = ptr - SizeOfXLogLongPHD;
    1919             :         else
    1920      573456 :             initializedUpto = ptr;
    1921             : 
    1922      591516 :         WALInsertLockUpdateInsertingAt(initializedUpto);
    1923             : 
    1924      591516 :         AdvanceXLInsertBuffer(ptr, false);
    1925      591516 :         endptr = XLogCtl->xlblocks[idx];
    1926             : 
    1927      591516 :         if (expectedEndPtr != endptr)
    1928           0 :             elog(PANIC, "could not find WAL buffer for %X/%X",
    1929             :                  (uint32) (ptr >> 32), (uint32) ptr);
    1930             :     }
    1931             :     else
    1932             :     {
    1933             :         /*
    1934             :          * Make sure the initialization of the page is visible to us, and
    1935             :          * won't arrive later to overwrite the WAL data we write on the page.
    1936             :          */
    1937      263566 :         pg_memory_barrier();
    1938             :     }
    1939             : 
    1940             :     /*
    1941             :      * Found the buffer holding this page. Return a pointer to the right
    1942             :      * offset within the page.
    1943             :      */
    1944      855082 :     cachedPage = ptr / XLOG_BLCKSZ;
    1945      855082 :     cachedPos = XLogCtl->pages + idx * (Size) XLOG_BLCKSZ;
    1946             : 
    1947             :     Assert(((XLogPageHeader) cachedPos)->xlp_magic == XLOG_PAGE_MAGIC);
    1948             :     Assert(((XLogPageHeader) cachedPos)->xlp_pageaddr == ptr - (ptr % XLOG_BLCKSZ));
    1949             : 
    1950      855082 :     return cachedPos + ptr % XLOG_BLCKSZ;
    1951             : }
    1952             : 
    1953             : /*
    1954             :  * Converts a "usable byte position" to XLogRecPtr. A usable byte position
    1955             :  * is the position starting from the beginning of WAL, excluding all WAL
    1956             :  * page headers.
    1957             :  */
    1958             : static XLogRecPtr
    1959    58982110 : XLogBytePosToRecPtr(uint64 bytepos)
    1960             : {
    1961             :     uint64      fullsegs;
    1962             :     uint64      fullpages;
    1963             :     uint64      bytesleft;
    1964             :     uint32      seg_offset;
    1965             :     XLogRecPtr  result;
    1966             : 
    1967    58982110 :     fullsegs = bytepos / UsableBytesInSegment;
    1968    58982110 :     bytesleft = bytepos % UsableBytesInSegment;
    1969             : 
    1970    58982110 :     if (bytesleft < XLOG_BLCKSZ - SizeOfXLogLongPHD)
    1971             :     {
    1972             :         /* fits on first page of segment */
    1973       94566 :         seg_offset = bytesleft + SizeOfXLogLongPHD;
    1974             :     }
    1975             :     else
    1976             :     {
    1977             :         /* account for the first page on segment with long header */
    1978    58887544 :         seg_offset = XLOG_BLCKSZ;
    1979    58887544 :         bytesleft -= XLOG_BLCKSZ - SizeOfXLogLongPHD;
    1980             : 
    1981    58887544 :         fullpages = bytesleft / UsableBytesInPage;
    1982    58887544 :         bytesleft = bytesleft % UsableBytesInPage;
    1983             : 
    1984    58887544 :         seg_offset += fullpages * XLOG_BLCKSZ + bytesleft + SizeOfXLogShortPHD;
    1985             :     }
    1986             : 
    1987    58982110 :     XLogSegNoOffsetToRecPtr(fullsegs, seg_offset, wal_segment_size, result);
    1988             : 
    1989    58982110 :     return result;
    1990             : }
    1991             : 
    1992             : /*
    1993             :  * Like XLogBytePosToRecPtr, but if the position is at a page boundary,
    1994             :  * returns a pointer to the beginning of the page (ie. before page header),
    1995             :  * not to where the first xlog record on that page would go to. This is used
    1996             :  * when converting a pointer to the end of a record.
    1997             :  */
    1998             : static XLogRecPtr
    1999    30011978 : XLogBytePosToEndRecPtr(uint64 bytepos)
    2000             : {
    2001             :     uint64      fullsegs;
    2002             :     uint64      fullpages;
    2003             :     uint64      bytesleft;
    2004             :     uint32      seg_offset;
    2005             :     XLogRecPtr  result;
    2006             : 
    2007    30011978 :     fullsegs = bytepos / UsableBytesInSegment;
    2008    30011978 :     bytesleft = bytepos % UsableBytesInSegment;
    2009             : 
    2010    30011978 :     if (bytesleft < XLOG_BLCKSZ - SizeOfXLogLongPHD)
    2011             :     {
    2012             :         /* fits on first page of segment */
    2013      317366 :         if (bytesleft == 0)
    2014      270178 :             seg_offset = 0;
    2015             :         else
    2016       47188 :             seg_offset = bytesleft + SizeOfXLogLongPHD;
    2017             :     }
    2018             :     else
    2019             :     {
    2020             :         /* account for the first page on segment with long header */
    2021    29694612 :         seg_offset = XLOG_BLCKSZ;
    2022    29694612 :         bytesleft -= XLOG_BLCKSZ - SizeOfXLogLongPHD;
    2023             : 
    2024    29694612 :         fullpages = bytesleft / UsableBytesInPage;
    2025    29694612 :         bytesleft = bytesleft % UsableBytesInPage;
    2026             : 
    2027    29694612 :         if (bytesleft == 0)
    2028       30790 :             seg_offset += fullpages * XLOG_BLCKSZ + bytesleft;
    2029             :         else
    2030    29663822 :             seg_offset += fullpages * XLOG_BLCKSZ + bytesleft + SizeOfXLogShortPHD;
    2031             :     }
    2032             : 
    2033    30011978 :     XLogSegNoOffsetToRecPtr(fullsegs, seg_offset, wal_segment_size, result);
    2034             : 
    2035    30011978 :     return result;
    2036             : }
    2037             : 
    2038             : /*
    2039             :  * Convert an XLogRecPtr to a "usable byte position".
    2040             :  */
    2041             : static uint64
    2042        2508 : XLogRecPtrToBytePos(XLogRecPtr ptr)
    2043             : {
    2044             :     uint64      fullsegs;
    2045             :     uint32      fullpages;
    2046             :     uint32      offset;
    2047             :     uint64      result;
    2048             : 
    2049        2508 :     XLByteToSeg(ptr, fullsegs, wal_segment_size);
    2050             : 
    2051        2508 :     fullpages = (XLogSegmentOffset(ptr, wal_segment_size)) / XLOG_BLCKSZ;
    2052        2508 :     offset = ptr % XLOG_BLCKSZ;
    2053             : 
    2054        2508 :     if (fullpages == 0)
    2055             :     {
    2056         892 :         result = fullsegs * UsableBytesInSegment;
    2057         892 :         if (offset > 0)
    2058             :         {
    2059             :             Assert(offset >= SizeOfXLogLongPHD);
    2060         706 :             result += offset - SizeOfXLogLongPHD;
    2061             :         }
    2062             :     }
    2063             :     else
    2064             :     {
    2065        3232 :         result = fullsegs * UsableBytesInSegment +
    2066        3232 :             (XLOG_BLCKSZ - SizeOfXLogLongPHD) + /* account for first page */
    2067        1616 :             (fullpages - 1) * UsableBytesInPage;    /* full pages */
    2068        1616 :         if (offset > 0)
    2069             :         {
    2070             :             Assert(offset >= SizeOfXLogShortPHD);
    2071        1616 :             result += offset - SizeOfXLogShortPHD;
    2072             :         }
    2073             :     }
    2074             : 
    2075        2508 :     return result;
    2076             : }
    2077             : 
    2078             : /*
    2079             :  * Initialize XLOG buffers, writing out old buffers if they still contain
    2080             :  * unwritten data, upto the page containing 'upto'. Or if 'opportunistic' is
    2081             :  * true, initialize as many pages as we can without having to write out
    2082             :  * unwritten data. Any new pages are initialized to zeros, with pages headers
    2083             :  * initialized properly.
    2084             :  */
    2085             : static void
    2086      600386 : AdvanceXLInsertBuffer(XLogRecPtr upto, bool opportunistic)
    2087             : {
    2088      600386 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    2089             :     int         nextidx;
    2090             :     XLogRecPtr  OldPageRqstPtr;
    2091             :     XLogwrtRqst WriteRqst;
    2092      600386 :     XLogRecPtr  NewPageEndPtr = InvalidXLogRecPtr;
    2093             :     XLogRecPtr  NewPageBeginPtr;
    2094             :     XLogPageHeader NewPage;
    2095      600386 :     int         npages = 0;
    2096             : 
    2097      600386 :     LWLockAcquire(WALBufMappingLock, LW_EXCLUSIVE);
    2098             : 
    2099             :     /*
    2100             :      * Now that we have the lock, check if someone initialized the page
    2101             :      * already.
    2102             :      */
    2103     2290204 :     while (upto >= XLogCtl->InitializedUpTo || opportunistic)
    2104             :     {
    2105     1098302 :         nextidx = XLogRecPtrToBufIdx(XLogCtl->InitializedUpTo);
    2106             : 
    2107             :         /*
    2108             :          * Get ending-offset of the buffer page we need to replace (this may
    2109             :          * be zero if the buffer hasn't been used yet).  Fall through if it's
    2110             :          * already written out.
    2111             :          */
    2112     1098302 :         OldPageRqstPtr = XLogCtl->xlblocks[nextidx];
    2113     1098302 :         if (LogwrtResult.Write < OldPageRqstPtr)
    2114             :         {
    2115             :             /*
    2116             :              * Nope, got work to do. If we just want to pre-initialize as much
    2117             :              * as we can without flushing, give up now.
    2118             :              */
    2119      293642 :             if (opportunistic)
    2120        8870 :                 break;
    2121             : 
    2122             :             /* Before waiting, get info_lck and update LogwrtResult */
    2123      284772 :             SpinLockAcquire(&XLogCtl->info_lck);
    2124      284772 :             if (XLogCtl->LogwrtRqst.Write < OldPageRqstPtr)
    2125      269942 :                 XLogCtl->LogwrtRqst.Write = OldPageRqstPtr;
    2126      284772 :             LogwrtResult = XLogCtl->LogwrtResult;
    2127      284772 :             SpinLockRelease(&XLogCtl->info_lck);
    2128             : 
    2129             :             /*
    2130             :              * Now that we have an up-to-date LogwrtResult value, see if we
    2131             :              * still need to write it or if someone else already did.
    2132             :              */
    2133      284772 :             if (LogwrtResult.Write < OldPageRqstPtr)
    2134             :             {
    2135             :                 /*
    2136             :                  * Must acquire write lock. Release WALBufMappingLock first,
    2137             :                  * to make sure that all insertions that we need to wait for
    2138             :                  * can finish (up to this same position). Otherwise we risk
    2139             :                  * deadlock.
    2140             :                  */
    2141      284442 :                 LWLockRelease(WALBufMappingLock);
    2142             : 
    2143      284442 :                 WaitXLogInsertionsToFinish(OldPageRqstPtr);
    2144             : 
    2145      284442 :                 LWLockAcquire(WALWriteLock, LW_EXCLUSIVE);
    2146             : 
    2147      284442 :                 LogwrtResult = XLogCtl->LogwrtResult;
    2148      284442 :                 if (LogwrtResult.Write >= OldPageRqstPtr)
    2149             :                 {
    2150             :                     /* OK, someone wrote it already */
    2151          66 :                     LWLockRelease(WALWriteLock);
    2152             :                 }
    2153             :                 else
    2154             :                 {
    2155             :                     /* Have to write it ourselves */
    2156             :                     TRACE_POSTGRESQL_WAL_BUFFER_WRITE_DIRTY_START();
    2157      284376 :                     WriteRqst.Write = OldPageRqstPtr;
    2158      284376 :                     WriteRqst.Flush = 0;
    2159      284376 :                     XLogWrite(WriteRqst, false);
    2160      284376 :                     LWLockRelease(WALWriteLock);
    2161             :                     TRACE_POSTGRESQL_WAL_BUFFER_WRITE_DIRTY_DONE();
    2162             :                 }
    2163             :                 /* Re-acquire WALBufMappingLock and retry */
    2164      284442 :                 LWLockAcquire(WALBufMappingLock, LW_EXCLUSIVE);
    2165      284442 :                 continue;
    2166             :             }
    2167             :         }
    2168             : 
    2169             :         /*
    2170             :          * Now the next buffer slot is free and we can set it up to be the
    2171             :          * next output page.
    2172             :          */
    2173      804990 :         NewPageBeginPtr = XLogCtl->InitializedUpTo;
    2174      804990 :         NewPageEndPtr = NewPageBeginPtr + XLOG_BLCKSZ;
    2175             : 
    2176             :         Assert(XLogRecPtrToBufIdx(NewPageBeginPtr) == nextidx);
    2177             : 
    2178      804990 :         NewPage = (XLogPageHeader) (XLogCtl->pages + nextidx * (Size) XLOG_BLCKSZ);
    2179             : 
    2180             :         /*
    2181             :          * Be sure to re-zero the buffer so that bytes beyond what we've
    2182             :          * written will look like zeroes and not valid XLOG records...
    2183             :          */
    2184      804990 :         MemSet((char *) NewPage, 0, XLOG_BLCKSZ);
    2185             : 
    2186             :         /*
    2187             :          * Fill the new page's header
    2188             :          */
    2189      804990 :         NewPage->xlp_magic = XLOG_PAGE_MAGIC;
    2190             : 
    2191             :         /* NewPage->xlp_info = 0; */ /* done by memset */
    2192      804990 :         NewPage->xlp_tli = ThisTimeLineID;
    2193      804990 :         NewPage->xlp_pageaddr = NewPageBeginPtr;
    2194             : 
    2195             :         /* NewPage->xlp_rem_len = 0; */  /* done by memset */
    2196             : 
    2197             :         /*
    2198             :          * If online backup is not in progress, mark the header to indicate
    2199             :          * that WAL records beginning in this page have removable backup
    2200             :          * blocks.  This allows the WAL archiver to know whether it is safe to
    2201             :          * compress archived WAL data by transforming full-block records into
    2202             :          * the non-full-block format.  It is sufficient to record this at the
    2203             :          * page level because we force a page switch (in fact a segment
    2204             :          * switch) when starting a backup, so the flag will be off before any
    2205             :          * records can be written during the backup.  At the end of a backup,
    2206             :          * the last page will be marked as all unsafe when perhaps only part
    2207             :          * is unsafe, but at worst the archiver would miss the opportunity to
    2208             :          * compress a few records.
    2209             :          */
    2210      804990 :         if (!Insert->forcePageWrites)
    2211      697460 :             NewPage->xlp_info |= XLP_BKP_REMOVABLE;
    2212             : 
    2213             :         /*
    2214             :          * If first page of an XLOG segment file, make it a long header.
    2215             :          */
    2216      804990 :         if ((XLogSegmentOffset(NewPage->xlp_pageaddr, wal_segment_size)) == 0)
    2217             :         {
    2218         732 :             XLogLongPageHeader NewLongPage = (XLogLongPageHeader) NewPage;
    2219             : 
    2220         732 :             NewLongPage->xlp_sysid = ControlFile->system_identifier;
    2221         732 :             NewLongPage->xlp_seg_size = wal_segment_size;
    2222         732 :             NewLongPage->xlp_xlog_blcksz = XLOG_BLCKSZ;
    2223         732 :             NewPage->xlp_info |= XLP_LONG_HEADER;
    2224             :         }
    2225             : 
    2226             :         /*
    2227             :          * Make sure the initialization of the page becomes visible to others
    2228             :          * before the xlblocks update. GetXLogBuffer() reads xlblocks without
    2229             :          * holding a lock.
    2230             :          */
    2231      804990 :         pg_write_barrier();
    2232             : 
    2233      804990 :         *((volatile XLogRecPtr *) &XLogCtl->xlblocks[nextidx]) = NewPageEndPtr;
    2234             : 
    2235      804990 :         XLogCtl->InitializedUpTo = NewPageEndPtr;
    2236             : 
    2237      804990 :         npages++;
    2238             :     }
    2239      600386 :     LWLockRelease(WALBufMappingLock);
    2240             : 
    2241             : #ifdef WAL_DEBUG
    2242             :     if (XLOG_DEBUG && npages > 0)
    2243             :     {
    2244             :         elog(DEBUG1, "initialized %d pages, up to %X/%X",
    2245             :              npages, (uint32) (NewPageEndPtr >> 32), (uint32) NewPageEndPtr);
    2246             :     }
    2247             : #endif
    2248      600386 : }
    2249             : 
    2250             : /*
    2251             :  * Calculate CheckPointSegments based on max_wal_size_mb and
    2252             :  * checkpoint_completion_target.
    2253             :  */
    2254             : static void
    2255        7640 : CalculateCheckpointSegments(void)
    2256             : {
    2257             :     double      target;
    2258             : 
    2259             :     /*-------
    2260             :      * Calculate the distance at which to trigger a checkpoint, to avoid
    2261             :      * exceeding max_wal_size_mb. This is based on two assumptions:
    2262             :      *
    2263             :      * a) we keep WAL for only one checkpoint cycle (prior to PG11 we kept
    2264             :      *    WAL for two checkpoint cycles to allow us to recover from the
    2265             :      *    secondary checkpoint if the first checkpoint failed, though we
    2266             :      *    only did this on the master anyway, not on standby. Keeping just
    2267             :      *    one checkpoint simplifies processing and reduces disk space in
    2268             :      *    many smaller databases.)
    2269             :      * b) during checkpoint, we consume checkpoint_completion_target *
    2270             :      *    number of segments consumed between checkpoints.
    2271             :      *-------
    2272             :      */
    2273       15280 :     target = (double) ConvertToXSegs(max_wal_size_mb, wal_segment_size) /
    2274        7640 :         (1.0 + CheckPointCompletionTarget);
    2275             : 
    2276             :     /* round down */
    2277        7640 :     CheckPointSegments = (int) target;
    2278             : 
    2279        7640 :     if (CheckPointSegments < 1)
    2280           0 :         CheckPointSegments = 1;
    2281        7640 : }
    2282             : 
    2283             : void
    2284        6388 : assign_max_wal_size(int newval, void *extra)
    2285             : {
    2286        6388 :     max_wal_size_mb = newval;
    2287        6388 :     CalculateCheckpointSegments();
    2288        6388 : }
    2289             : 
    2290             : void
    2291           0 : assign_checkpoint_completion_target(double newval, void *extra)
    2292             : {
    2293           0 :     CheckPointCompletionTarget = newval;
    2294           0 :     CalculateCheckpointSegments();
    2295           0 : }
    2296             : 
    2297             : /*
    2298             :  * At a checkpoint, how many WAL segments to recycle as preallocated future
    2299             :  * XLOG segments? Returns the highest segment that should be preallocated.
    2300             :  */
    2301             : static XLogSegNo
    2302         660 : XLOGfileslop(XLogRecPtr RedoRecPtr)
    2303             : {
    2304             :     XLogSegNo   minSegNo;
    2305             :     XLogSegNo   maxSegNo;
    2306             :     double      distance;
    2307             :     XLogSegNo   recycleSegNo;
    2308             : 
    2309             :     /*
    2310             :      * Calculate the segment numbers that min_wal_size_mb and max_wal_size_mb
    2311             :      * correspond to. Always recycle enough segments to meet the minimum, and
    2312             :      * remove enough segments to stay below the maximum.
    2313             :      */
    2314        1320 :     minSegNo = RedoRecPtr / wal_segment_size +
    2315         660 :         ConvertToXSegs(min_wal_size_mb, wal_segment_size) - 1;
    2316        1320 :     maxSegNo = RedoRecPtr / wal_segment_size +
    2317         660 :         ConvertToXSegs(max_wal_size_mb, wal_segment_size) - 1;
    2318             : 
    2319             :     /*
    2320             :      * Between those limits, recycle enough segments to get us through to the
    2321             :      * estimated end of next checkpoint.
    2322             :      *
    2323             :      * To estimate where the next checkpoint will finish, assume that the
    2324             :      * system runs steadily consuming CheckPointDistanceEstimate bytes between
    2325             :      * every checkpoint.
    2326             :      */
    2327         660 :     distance = (1.0 + CheckPointCompletionTarget) * CheckPointDistanceEstimate;
    2328             :     /* add 10% for good measure. */
    2329         660 :     distance *= 1.10;
    2330             : 
    2331         660 :     recycleSegNo = (XLogSegNo) ceil(((double) RedoRecPtr + distance) /
    2332             :                                     wal_segment_size);
    2333             : 
    2334         660 :     if (recycleSegNo < minSegNo)
    2335          62 :         recycleSegNo = minSegNo;
    2336         660 :     if (recycleSegNo > maxSegNo)
    2337         466 :         recycleSegNo = maxSegNo;
    2338             : 
    2339         660 :     return recycleSegNo;
    2340             : }
    2341             : 
    2342             : /*
    2343             :  * Check whether we've consumed enough xlog space that a checkpoint is needed.
    2344             :  *
    2345             :  * new_segno indicates a log file that has just been filled up (or read
    2346             :  * during recovery). We measure the distance from RedoRecPtr to new_segno
    2347             :  * and see if that exceeds CheckPointSegments.
    2348             :  *
    2349             :  * Note: it is caller's responsibility that RedoRecPtr is up-to-date.
    2350             :  */
    2351             : static bool
    2352         810 : XLogCheckpointNeeded(XLogSegNo new_segno)
    2353             : {
    2354             :     XLogSegNo   old_segno;
    2355             : 
    2356         810 :     XLByteToSeg(RedoRecPtr, old_segno, wal_segment_size);
    2357             : 
    2358         810 :     if (new_segno >= old_segno + (uint64) (CheckPointSegments - 1))
    2359          30 :         return true;
    2360         780 :     return false;
    2361             : }
    2362             : 
    2363             : /*
    2364             :  * Write and/or fsync the log at least as far as WriteRqst indicates.
    2365             :  *
    2366             :  * If flexible == true, we don't have to write as far as WriteRqst, but
    2367             :  * may stop at any convenient boundary (such as a cache or logfile boundary).
    2368             :  * This option allows us to avoid uselessly issuing multiple writes when a
    2369             :  * single one would do.
    2370             :  *
    2371             :  * Must be called with WALWriteLock held. WaitXLogInsertionsToFinish(WriteRqst)
    2372             :  * must be called before grabbing the lock, to make sure the data is ready to
    2373             :  * write.
    2374             :  */
    2375             : static void
    2376      529600 : XLogWrite(XLogwrtRqst WriteRqst, bool flexible)
    2377             : {
    2378             :     bool        ispartialpage;
    2379             :     bool        last_iteration;
    2380             :     bool        finishing_seg;
    2381             :     bool        use_existent;
    2382             :     int         curridx;
    2383             :     int         npages;
    2384             :     int         startidx;
    2385             :     uint32      startoffset;
    2386             : 
    2387             :     /* We should always be inside a critical section here */
    2388             :     Assert(CritSectionCount > 0);
    2389             : 
    2390             :     /*
    2391             :      * Update local LogwrtResult (caller probably did this already, but...)
    2392             :      */
    2393      529600 :     LogwrtResult = XLogCtl->LogwrtResult;
    2394             : 
    2395             :     /*
    2396             :      * Since successive pages in the xlog cache are consecutively allocated,
    2397             :      * we can usually gather multiple pages together and issue just one
    2398             :      * write() call.  npages is the number of pages we have determined can be
    2399             :      * written together; startidx is the cache block index of the first one,
    2400             :      * and startoffset is the file offset at which it should go. The latter
    2401             :      * two variables are only valid when npages > 0, but we must initialize
    2402             :      * all of them to keep the compiler quiet.
    2403             :      */
    2404      529600 :     npages = 0;
    2405      529600 :     startidx = 0;
    2406      529600 :     startoffset = 0;
    2407             : 
    2408             :     /*
    2409             :      * Within the loop, curridx is the cache block index of the page to
    2410             :      * consider writing.  Begin at the buffer containing the next unwritten
    2411             :      * page, or last partially written page.
    2412             :      */
    2413      529600 :     curridx = XLogRecPtrToBufIdx(LogwrtResult.Write);
    2414             : 
    2415     1821252 :     while (LogwrtResult.Write < WriteRqst.Write)
    2416             :     {
    2417             :         /*
    2418             :          * Make sure we're not ahead of the insert process.  This could happen
    2419             :          * if we're passed a bogus WriteRqst.Write that is past the end of the
    2420             :          * last page that's been initialized by AdvanceXLInsertBuffer.
    2421             :          */
    2422     1006958 :         XLogRecPtr  EndPtr = XLogCtl->xlblocks[curridx];
    2423             : 
    2424     1006958 :         if (LogwrtResult.Write >= EndPtr)
    2425           0 :             elog(PANIC, "xlog write request %X/%X is past end of log %X/%X",
    2426             :                  (uint32) (LogwrtResult.Write >> 32),
    2427             :                  (uint32) LogwrtResult.Write,
    2428             :                  (uint32) (EndPtr >> 32), (uint32) EndPtr);
    2429             : 
    2430             :         /* Advance LogwrtResult.Write to end of current buffer page */
    2431     1006958 :         LogwrtResult.Write = EndPtr;
    2432     1006958 :         ispartialpage = WriteRqst.Write < LogwrtResult.Write;
    2433             : 
    2434     1006958 :         if (!XLByteInPrevSeg(LogwrtResult.Write, openLogSegNo,
    2435             :                              wal_segment_size))
    2436             :         {
    2437             :             /*
    2438             :              * Switch to new logfile segment.  We cannot have any pending
    2439             :              * pages here (since we dump what we have at segment end).
    2440             :              */
    2441             :             Assert(npages == 0);
    2442        7512 :             if (openLogFile >= 0)
    2443        1948 :                 XLogFileClose();
    2444        7512 :             XLByteToPrevSeg(LogwrtResult.Write, openLogSegNo,
    2445             :                             wal_segment_size);
    2446             : 
    2447             :             /* create/use new log file */
    2448        7512 :             use_existent = true;
    2449        7512 :             openLogFile = XLogFileInit(openLogSegNo, &use_existent, true);
    2450             :         }
    2451             : 
    2452             :         /* Make sure we have the current logfile open */
    2453     1006958 :         if (openLogFile < 0)
    2454             :         {
    2455           0 :             XLByteToPrevSeg(LogwrtResult.Write, openLogSegNo,
    2456             :                             wal_segment_size);
    2457           0 :             openLogFile = XLogFileOpen(openLogSegNo);
    2458             :         }
    2459             : 
    2460             :         /* Add current page to the set of pending pages-to-dump */
    2461     1006958 :         if (npages == 0)
    2462             :         {
    2463             :             /* first of group */
    2464      530820 :             startidx = curridx;
    2465      530820 :             startoffset = XLogSegmentOffset(LogwrtResult.Write - XLOG_BLCKSZ,
    2466             :                                             wal_segment_size);
    2467             :         }
    2468     1006958 :         npages++;
    2469             : 
    2470             :         /*
    2471             :          * Dump the set if this will be the last loop iteration, or if we are
    2472             :          * at the last page of the cache area (since the next page won't be
    2473             :          * contiguous in memory), or if we are at the end of the logfile
    2474             :          * segment.
    2475             :          */
    2476     1006958 :         last_iteration = WriteRqst.Write <= LogwrtResult.Write;
    2477             : 
    2478     1773756 :         finishing_seg = !ispartialpage &&
    2479      766798 :             (startoffset + npages * XLOG_BLCKSZ) >= wal_segment_size;
    2480             : 
    2481     1484512 :         if (last_iteration ||
    2482      953692 :             curridx == XLogCtl->XLogCacheBlck ||
    2483             :             finishing_seg)
    2484             :         {
    2485             :             char       *from;
    2486             :             Size        nbytes;
    2487             :             Size        nleft;
    2488             :             int         written;
    2489             : 
    2490             :             /* OK to write the page(s) */
    2491      530820 :             from = XLogCtl->pages + startidx * (Size) XLOG_BLCKSZ;
    2492      530820 :             nbytes = npages * (Size) XLOG_BLCKSZ;
    2493      530820 :             nleft = nbytes;
    2494             :             do
    2495             :             {
    2496      530820 :                 errno = 0;
    2497      530820 :                 pgstat_report_wait_start(WAIT_EVENT_WAL_WRITE);
    2498      530820 :                 written = pg_pwrite(openLogFile, from, nleft, startoffset);
    2499      530820 :                 pgstat_report_wait_end();
    2500      530820 :                 if (written <= 0)
    2501             :                 {
    2502           0 :                     if (errno == EINTR)
    2503           0 :                         continue;
    2504           0 :                     ereport(PANIC,
    2505             :                             (errcode_for_file_access(),
    2506             :                              errmsg("could not write to log file %s "
    2507             :                                     "at offset %u, length %zu: %m",
    2508             :                                     XLogFileNameP(ThisTimeLineID, openLogSegNo),
    2509             :                                     startoffset, nleft)));
    2510             :                 }
    2511      530820 :                 nleft -= written;
    2512      530820 :                 from += written;
    2513      530820 :                 startoffset += written;
    2514      530820 :             } while (nleft > 0);
    2515             : 
    2516      530820 :             npages = 0;
    2517             : 
    2518             :             /*
    2519             :              * If we just wrote the whole last page of a logfile segment,
    2520             :              * fsync the segment immediately.  This avoids having to go back
    2521             :              * and re-open prior segments when an fsync request comes along
    2522             :              * later. Doing it here ensures that one and only one backend will
    2523             :              * perform this fsync.
    2524             :              *
    2525             :              * This is also the right place to notify the Archiver that the
    2526             :              * segment is ready to copy to archival storage, and to update the
    2527             :              * timer for archive_timeout, and to signal for a checkpoint if
    2528             :              * too many logfile segments have been used since the last
    2529             :              * checkpoint.
    2530             :              */
    2531      530820 :             if (finishing_seg)
    2532             :             {
    2533         750 :                 issue_xlog_fsync(openLogFile, openLogSegNo);
    2534             : 
    2535             :                 /* signal that we need to wakeup walsenders later */
    2536         750 :                 WalSndWakeupRequest();
    2537             : 
    2538         750 :                 LogwrtResult.Flush = LogwrtResult.Write;    /* end of page */
    2539             : 
    2540         750 :                 if (XLogArchivingActive())
    2541          16 :                     XLogArchiveNotifySeg(openLogSegNo);
    2542             : 
    2543         750 :                 XLogCtl->lastSegSwitchTime = (pg_time_t) time(NULL);
    2544         750 :                 XLogCtl->lastSegSwitchLSN = LogwrtResult.Flush;
    2545             : 
    2546             :                 /*
    2547             :                  * Request a checkpoint if we've consumed too much xlog since
    2548             :                  * the last one.  For speed, we first check using the local
    2549             :                  * copy of RedoRecPtr, which might be out of date; if it looks
    2550             :                  * like a checkpoint is needed, forcibly update RedoRecPtr and
    2551             :                  * recheck.
    2552             :                  */
    2553         750 :                 if (IsUnderPostmaster && XLogCheckpointNeeded(openLogSegNo))
    2554             :                 {
    2555          20 :                     (void) GetRedoRecPtr();
    2556          20 :                     if (XLogCheckpointNeeded(openLogSegNo))
    2557          10 :                         RequestCheckpoint(CHECKPOINT_CAUSE_XLOG);
    2558             :                 }
    2559             :             }
    2560             :         }
    2561             : 
    2562     1006958 :         if (ispartialpage)
    2563             :         {
    2564             :             /* Only asked to write a partial page */
    2565      240160 :             LogwrtResult.Write = WriteRqst.Write;
    2566      240160 :             break;
    2567             :         }
    2568      766798 :         curridx = NextBufIdx(curridx);
    2569             : 
    2570             :         /* If flexible, break out of loop as soon as we wrote something */
    2571      766798 :         if (flexible && npages == 0)
    2572        4746 :             break;
    2573             :     }
    2574             : 
    2575             :     Assert(npages == 0);
    2576             : 
    2577             :     /*
    2578             :      * If asked to flush, do so
    2579             :      */
    2580      770952 :     if (LogwrtResult.Flush < WriteRqst.Flush &&
    2581      241352 :         LogwrtResult.Flush < LogwrtResult.Write)
    2582             : 
    2583             :     {
    2584             :         /*
    2585             :          * Could get here without iterating above loop, in which case we might
    2586             :          * have no open file or the wrong one.  However, we do not need to
    2587             :          * fsync more than one file.
    2588             :          */
    2589      482612 :         if (sync_method != SYNC_METHOD_OPEN &&
    2590      241306 :             sync_method != SYNC_METHOD_OPEN_DSYNC)
    2591             :         {
    2592      482604 :             if (openLogFile >= 0 &&
    2593      241298 :                 !XLByteInPrevSeg(LogwrtResult.Write, openLogSegNo,
    2594             :                                  wal_segment_size))
    2595           0 :                 XLogFileClose();
    2596      241306 :             if (openLogFile < 0)
    2597             :             {
    2598           8 :                 XLByteToPrevSeg(LogwrtResult.Write, openLogSegNo,
    2599             :                                 wal_segment_size);
    2600           8 :                 openLogFile = XLogFileOpen(openLogSegNo);
    2601             :             }
    2602             : 
    2603      241306 :             issue_xlog_fsync(openLogFile, openLogSegNo);
    2604             :         }
    2605             : 
    2606             :         /* signal that we need to wakeup walsenders later */
    2607      241306 :         WalSndWakeupRequest();
    2608             : 
    2609      241306 :         LogwrtResult.Flush = LogwrtResult.Write;
    2610             :     }
    2611             : 
    2612             :     /*
    2613             :      * Update shared-memory status
    2614             :      *
    2615             :      * We make sure that the shared 'request' values do not fall behind the
    2616             :      * 'result' values.  This is not absolutely essential, but it saves some
    2617             :      * code in a couple of places.
    2618             :      */
    2619             :     {
    2620      529600 :         SpinLockAcquire(&XLogCtl->info_lck);
    2621      529600 :         XLogCtl->LogwrtResult = LogwrtResult;
    2622      529600 :         if (XLogCtl->LogwrtRqst.Write < LogwrtResult.Write)
    2623      231610 :             XLogCtl->LogwrtRqst.Write = LogwrtResult.Write;
    2624      529600 :         if (XLogCtl->LogwrtRqst.Flush < LogwrtResult.Flush)
    2625      241612 :             XLogCtl->LogwrtRqst.Flush = LogwrtResult.Flush;
    2626      529600 :         SpinLockRelease(&XLogCtl->info_lck);
    2627             :     }
    2628      529600 : }
    2629             : 
    2630             : /*
    2631             :  * Record the LSN for an asynchronous transaction commit/abort
    2632             :  * and nudge the WALWriter if there is work for it to do.
    2633             :  * (This should not be called for synchronous commits.)
    2634             :  */
    2635             : void
    2636       59238 : XLogSetAsyncXactLSN(XLogRecPtr asyncXactLSN)
    2637             : {
    2638       59238 :     XLogRecPtr  WriteRqstPtr = asyncXactLSN;
    2639             :     bool        sleeping;
    2640             : 
    2641       59238 :     SpinLockAcquire(&XLogCtl->info_lck);
    2642       59238 :     LogwrtResult = XLogCtl->LogwrtResult;
    2643       59238 :     sleeping = XLogCtl->WalWriterSleeping;
    2644       59238 :     if (XLogCtl->asyncXactLSN < asyncXactLSN)
    2645       58982 :         XLogCtl->asyncXactLSN = asyncXactLSN;
    2646       59238 :     SpinLockRelease(&XLogCtl->info_lck);
    2647             : 
    2648             :     /*
    2649             :      * If the WALWriter is sleeping, we should kick it to make it come out of
    2650             :      * low-power mode.  Otherwise, determine whether there's a full page of
    2651             :      * WAL available to write.
    2652             :      */
    2653       59238 :     if (!sleeping)
    2654             :     {
    2655             :         /* back off to last completed page boundary */
    2656       59216 :         WriteRqstPtr -= WriteRqstPtr % XLOG_BLCKSZ;
    2657             : 
    2658             :         /* if we have already flushed that far, we're done */
    2659       59216 :         if (WriteRqstPtr <= LogwrtResult.Flush)
    2660       12546 :             return;
    2661             :     }
    2662             : 
    2663             :     /*
    2664             :      * Nudge the WALWriter: it has a full page of WAL to write, or we want it
    2665             :      * to come out of low-power mode so that this async commit will reach disk
    2666             :      * within the expected amount of time.
    2667             :      */
    2668       46692 :     if (ProcGlobal->walwriterLatch)
    2669       11916 :         SetLatch(ProcGlobal->walwriterLatch);
    2670             : }
    2671             : 
    2672             : /*
    2673             :  * Record the LSN up to which we can remove WAL because it's not required by
    2674             :  * any replication slot.
    2675             :  */
    2676             : void
    2677        1968 : XLogSetReplicationSlotMinimumLSN(XLogRecPtr lsn)
    2678             : {
    2679        1968 :     SpinLockAcquire(&XLogCtl->info_lck);
    2680        1968 :     XLogCtl->replicationSlotMinLSN = lsn;
    2681        1968 :     SpinLockRelease(&XLogCtl->info_lck);
    2682        1968 : }
    2683             : 
    2684             : 
    2685             : /*
    2686             :  * Return the oldest LSN we must retain to satisfy the needs of some
    2687             :  * replication slot.
    2688             :  */
    2689             : static XLogRecPtr
    2690        2832 : XLogGetReplicationSlotMinimumLSN(void)
    2691             : {
    2692             :     XLogRecPtr  retval;
    2693             : 
    2694        2832 :     SpinLockAcquire(&XLogCtl->info_lck);
    2695        2832 :     retval = XLogCtl->replicationSlotMinLSN;
    2696        2832 :     SpinLockRelease(&XLogCtl->info_lck);
    2697             : 
    2698        2832 :     return retval;
    2699             : }
    2700             : 
    2701             : /*
    2702             :  * Advance minRecoveryPoint in control file.
    2703             :  *
    2704             :  * If we crash during recovery, we must reach this point again before the
    2705             :  * database is consistent.
    2706             :  *
    2707             :  * If 'force' is true, 'lsn' argument is ignored. Otherwise, minRecoveryPoint
    2708             :  * is only updated if it's not already greater than or equal to 'lsn'.
    2709             :  */
    2710             : static void
    2711        3848 : UpdateMinRecoveryPoint(XLogRecPtr lsn, bool force)
    2712             : {
    2713             :     /* Quick check using our local copy of the variable */
    2714        3848 :     if (!updateMinRecoveryPoint || (!force && lsn <= minRecoveryPoint))
    2715        3502 :         return;
    2716             : 
    2717             :     /*
    2718             :      * An invalid minRecoveryPoint means that we need to recover all the WAL,
    2719             :      * i.e., we're doing crash recovery.  We never modify the control file's
    2720             :      * value in that case, so we can short-circuit future checks here too. The
    2721             :      * local values of minRecoveryPoint and minRecoveryPointTLI should not be
    2722             :      * updated until crash recovery finishes.  We only do this for the startup
    2723             :      * process as it should not update its own reference of minRecoveryPoint
    2724             :      * until it has finished crash recovery to make sure that all WAL
    2725             :      * available is replayed in this case.  This also saves from extra locks
    2726             :      * taken on the control file from the startup process.
    2727             :      */
    2728         346 :     if (XLogRecPtrIsInvalid(minRecoveryPoint) && InRecovery)
    2729             :     {
    2730          10 :         updateMinRecoveryPoint = false;
    2731          10 :         return;
    2732             :     }
    2733             : 
    2734         336 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    2735             : 
    2736             :     /* update local copy */
    2737         336 :     minRecoveryPoint = ControlFile->minRecoveryPoint;
    2738         336 :     minRecoveryPointTLI = ControlFile->minRecoveryPointTLI;
    2739             : 
    2740         336 :     if (XLogRecPtrIsInvalid(minRecoveryPoint))
    2741           0 :         updateMinRecoveryPoint = false;
    2742         336 :     else if (force || minRecoveryPoint < lsn)
    2743             :     {
    2744             :         XLogRecPtr  newMinRecoveryPoint;
    2745             :         TimeLineID  newMinRecoveryPointTLI;
    2746             : 
    2747             :         /*
    2748             :          * To avoid having to update the control file too often, we update it
    2749             :          * all the way to the last record being replayed, even though 'lsn'
    2750             :          * would suffice for correctness.  This also allows the 'force' case
    2751             :          * to not need a valid 'lsn' value.
    2752             :          *
    2753             :          * Another important reason for doing it this way is that the passed
    2754             :          * 'lsn' value could be bogus, i.e., past the end of available WAL, if
    2755             :          * the caller got it from a corrupted heap page.  Accepting such a
    2756             :          * value as the min recovery point would prevent us from coming up at
    2757             :          * all.  Instead, we just log a warning and continue with recovery.
    2758             :          * (See also the comments about corrupt LSNs in XLogFlush.)
    2759             :          */
    2760         288 :         SpinLockAcquire(&XLogCtl->info_lck);
    2761         288 :         newMinRecoveryPoint = XLogCtl->replayEndRecPtr;
    2762         288 :         newMinRecoveryPointTLI = XLogCtl->replayEndTLI;
    2763         288 :         SpinLockRelease(&XLogCtl->info_lck);
    2764             : 
    2765         288 :         if (!force && newMinRecoveryPoint < lsn)
    2766           0 :             elog(WARNING,
    2767             :                  "xlog min recovery request %X/%X is past current point %X/%X",
    2768             :                  (uint32) (lsn >> 32), (uint32) lsn,
    2769             :                  (uint32) (newMinRecoveryPoint >> 32),
    2770             :                  (uint32) newMinRecoveryPoint);
    2771             : 
    2772             :         /* update control file */
    2773         288 :         if (ControlFile->minRecoveryPoint < newMinRecoveryPoint)
    2774             :         {
    2775         274 :             ControlFile->minRecoveryPoint = newMinRecoveryPoint;
    2776         274 :             ControlFile->minRecoveryPointTLI = newMinRecoveryPointTLI;
    2777         274 :             UpdateControlFile();
    2778         274 :             minRecoveryPoint = newMinRecoveryPoint;
    2779         274 :             minRecoveryPointTLI = newMinRecoveryPointTLI;
    2780             : 
    2781         274 :             ereport(DEBUG2,
    2782             :                     (errmsg("updated min recovery point to %X/%X on timeline %u",
    2783             :                             (uint32) (minRecoveryPoint >> 32),
    2784             :                             (uint32) minRecoveryPoint,
    2785             :                             newMinRecoveryPointTLI)));
    2786             :         }
    2787             :     }
    2788         336 :     LWLockRelease(ControlFileLock);
    2789             : }
    2790             : 
    2791             : /*
    2792             :  * Ensure that all XLOG data through the given position is flushed to disk.
    2793             :  *
    2794             :  * NOTE: this differs from XLogWrite mainly in that the WALWriteLock is not
    2795             :  * already held, and we try to avoid acquiring it if possible.
    2796             :  */
    2797             : void
    2798      711440 : XLogFlush(XLogRecPtr record)
    2799             : {
    2800             :     XLogRecPtr  WriteRqstPtr;
    2801             :     XLogwrtRqst WriteRqst;
    2802             : 
    2803             :     /*
    2804             :      * During REDO, we are reading not writing WAL.  Therefore, instead of
    2805             :      * trying to flush the WAL, we should update minRecoveryPoint instead. We
    2806             :      * test XLogInsertAllowed(), not InRecovery, because we need checkpointer
    2807             :      * to act this way too, and because when it tries to write the
    2808             :      * end-of-recovery checkpoint, it should indeed flush.
    2809             :      */
    2810      711440 :     if (!XLogInsertAllowed())
    2811             :     {
    2812        3784 :         UpdateMinRecoveryPoint(record, false);
    2813        3784 :         return;
    2814             :     }
    2815             : 
    2816             :     /* Quick exit if already known flushed */
    2817      707656 :     if (record <= LogwrtResult.Flush)
    2818      466308 :         return;
    2819             : 
    2820             : #ifdef WAL_DEBUG
    2821             :     if (XLOG_DEBUG)
    2822             :         elog(LOG, "xlog flush request %X/%X; write %X/%X; flush %X/%X",
    2823             :              (uint32) (record >> 32), (uint32) record,
    2824             :              (uint32) (LogwrtResult.Write >> 32), (uint32) LogwrtResult.Write,
    2825             :              (uint32) (LogwrtResult.Flush >> 32), (uint32) LogwrtResult.Flush);
    2826             : #endif
    2827             : 
    2828      241348 :     START_CRIT_SECTION();
    2829             : 
    2830             :     /*
    2831             :      * Since fsync is usually a horribly expensive operation, we try to
    2832             :      * piggyback as much data as we can on each fsync: if we see any more data
    2833             :      * entered into the xlog buffer, we'll write and fsync that too, so that
    2834             :      * the final value of LogwrtResult.Flush is as large as possible. This
    2835             :      * gives us some chance of avoiding another fsync immediately after.
    2836             :      */
    2837             : 
    2838             :     /* initialize to given target; may increase below */
    2839      241348 :     WriteRqstPtr = record;
    2840             : 
    2841             :     /*
    2842             :      * Now wait until we get the write lock, or someone else does the flush
    2843             :      * for us.
    2844             :      */
    2845             :     for (;;)
    2846         520 :     {
    2847             :         XLogRecPtr  insertpos;
    2848             : 
    2849             :         /* read LogwrtResult and update local state */
    2850      241868 :         SpinLockAcquire(&XLogCtl->info_lck);
    2851      241868 :         if (WriteRqstPtr < XLogCtl->LogwrtRqst.Write)
    2852        2068 :             WriteRqstPtr = XLogCtl->LogwrtRqst.Write;
    2853      241868 :         LogwrtResult = XLogCtl->LogwrtResult;
    2854      241868 :         SpinLockRelease(&XLogCtl->info_lck);
    2855             : 
    2856             :         /* done already? */
    2857      241868 :         if (record <= LogwrtResult.Flush)
    2858        1084 :             break;
    2859             : 
    2860             :         /*
    2861             :          * Before actually performing the write, wait for all in-flight
    2862             :          * insertions to the pages we're about to write to finish.
    2863             :          */
    2864      240784 :         insertpos = WaitXLogInsertionsToFinish(WriteRqstPtr);
    2865             : 
    2866             :         /*
    2867             :          * Try to get the write lock. If we can't get it immediately, wait
    2868             :          * until it's released, and recheck if we still need to do the flush
    2869             :          * or if the backend that held the lock did it for us already. This
    2870             :          * helps to maintain a good rate of group committing when the system
    2871             :          * is bottlenecked by the speed of fsyncing.
    2872             :          */
    2873      240784 :         if (!LWLockAcquireOrWait(WALWriteLock, LW_EXCLUSIVE))
    2874             :         {
    2875             :             /*
    2876             :              * The lock is now free, but we didn't acquire it yet. Before we
    2877             :              * do, loop back to check if someone else flushed the record for
    2878             :              * us already.
    2879             :              */
    2880         520 :             continue;
    2881             :         }
    2882             : 
    2883             :         /* Got the lock; recheck whether request is satisfied */
    2884      240264 :         LogwrtResult = XLogCtl->LogwrtResult;
    2885      240264 :         if (record <= LogwrtResult.Flush)
    2886             :         {
    2887         150 :             LWLockRelease(WALWriteLock);
    2888         150 :             break;
    2889             :         }
    2890             : 
    2891             :         /*
    2892             :          * Sleep before flush! By adding a delay here, we may give further
    2893             :          * backends the opportunity to join the backlog of group commit
    2894             :          * followers; this can significantly improve transaction throughput,
    2895             :          * at the risk of increasing transaction latency.
    2896             :          *
    2897             :          * We do not sleep if enableFsync is not turned on, nor if there are
    2898             :          * fewer than CommitSiblings other backends with active transactions.
    2899             :          */
    2900      240114 :         if (CommitDelay > 0 && enableFsync &&
    2901           0 :             MinimumActiveBackends(CommitSiblings))
    2902             :         {
    2903           0 :             pg_usleep(CommitDelay);
    2904             : 
    2905             :             /*
    2906             :              * Re-check how far we can now flush the WAL. It's generally not
    2907             :              * safe to call WaitXLogInsertionsToFinish while holding
    2908             :              * WALWriteLock, because an in-progress insertion might need to
    2909             :              * also grab WALWriteLock to make progress. But we know that all
    2910             :              * the insertions up to insertpos have already finished, because
    2911             :              * that's what the earlier WaitXLogInsertionsToFinish() returned.
    2912             :              * We're only calling it again to allow insertpos to be moved
    2913             :              * further forward, not to actually wait for anyone.
    2914             :              */
    2915           0 :             insertpos = WaitXLogInsertionsToFinish(insertpos);
    2916             :         }
    2917             : 
    2918             :         /* try to write/flush later additions to XLOG as well */
    2919      240114 :         WriteRqst.Write = insertpos;
    2920      240114 :         WriteRqst.Flush = insertpos;
    2921             : 
    2922      240114 :         XLogWrite(WriteRqst, false);
    2923             : 
    2924      240114 :         LWLockRelease(WALWriteLock);
    2925             :         /* done */
    2926      240114 :         break;
    2927             :     }
    2928             : 
    2929      241348 :     END_CRIT_SECTION();
    2930             : 
    2931             :     /* wake up walsenders now that we've released heavily contended locks */
    2932      241348 :     WalSndWakeupProcessRequests();
    2933             : 
    2934             :     /*
    2935             :      * If we still haven't flushed to the request point then we have a
    2936             :      * problem; most likely, the requested flush point is past end of XLOG.
    2937             :      * This has been seen to occur when a disk page has a corrupted LSN.
    2938             :      *
    2939             :      * Formerly we treated this as a PANIC condition, but that hurts the
    2940             :      * system's robustness rather than helping it: we do not want to take down
    2941             :      * the whole system due to corruption on one data page.  In particular, if
    2942             :      * the bad page is encountered again during recovery then we would be
    2943             :      * unable to restart the database at all!  (This scenario actually
    2944             :      * happened in the field several times with 7.1 releases.)  As of 8.4, bad
    2945             :      * LSNs encountered during recovery are UpdateMinRecoveryPoint's problem;
    2946             :      * the only time we can reach here during recovery is while flushing the
    2947             :      * end-of-recovery checkpoint record, and we don't expect that to have a
    2948             :      * bad LSN.
    2949             :      *
    2950             :      * Note that for calls from xact.c, the ERROR will be promoted to PANIC
    2951             :      * since xact.c calls this routine inside a critical section.  However,
    2952             :      * calls from bufmgr.c are not within critical sections and so we will not
    2953             :      * force a restart for a bad LSN on a data page.
    2954             :      */
    2955      241348 :     if (LogwrtResult.Flush < record)
    2956           0 :         elog(ERROR,
    2957             :              "xlog flush request %X/%X is not satisfied --- flushed only to %X/%X",
    2958             :              (uint32) (record >> 32), (uint32) record,
    2959             :              (uint32) (LogwrtResult.Flush >> 32), (uint32) LogwrtResult.Flush);
    2960             : }
    2961             : 
    2962             : /*
    2963             :  * Write & flush xlog, but without specifying exactly where to.
    2964             :  *
    2965             :  * We normally write only completed blocks; but if there is nothing to do on
    2966             :  * that basis, we check for unwritten async commits in the current incomplete
    2967             :  * block, and write through the latest one of those.  Thus, if async commits
    2968             :  * are not being used, we will write complete blocks only.
    2969             :  *
    2970             :  * If, based on the above, there's anything to write we do so immediately. But
    2971             :  * to avoid calling fsync, fdatasync et. al. at a rate that'd impact
    2972             :  * concurrent IO, we only flush WAL every wal_writer_delay ms, or if there's
    2973             :  * more than wal_writer_flush_after unflushed blocks.
    2974             :  *
    2975             :  * We can guarantee that async commits reach disk after at most three
    2976             :  * wal_writer_delay cycles. (When flushing complete blocks, we allow XLogWrite
    2977             :  * to write "flexibly", meaning it can stop at the end of the buffer ring;
    2978             :  * this makes a difference only with very high load or long wal_writer_delay,
    2979             :  * but imposes one extra cycle for the worst case for async commits.)
    2980             :  *
    2981             :  * This routine is invoked periodically by the background walwriter process.
    2982             :  *
    2983             :  * Returns true if there was any work to do, even if we skipped flushing due
    2984             :  * to wal_writer_delay/wal_writer_flush_after.
    2985             :  */
    2986             : bool
    2987       16262 : XLogBackgroundFlush(void)
    2988             : {
    2989             :     XLogwrtRqst WriteRqst;
    2990       16262 :     bool        flexible = true;
    2991             :     static TimestampTz lastflush;
    2992             :     TimestampTz now;
    2993             :     int         flushbytes;
    2994             : 
    2995             :     /* XLOG doesn't need flushing during recovery */
    2996       16262 :     if (RecoveryInProgress())
    2997           0 :         return false;
    2998             : 
    2999             :     /* read LogwrtResult and update local state */
    3000       16262 :     SpinLockAcquire(&XLogCtl->info_lck);
    3001       16262 :     LogwrtResult = XLogCtl->LogwrtResult;
    3002       16262 :     WriteRqst = XLogCtl->LogwrtRqst;
    3003       16262 :     SpinLockRelease(&XLogCtl->info_lck);
    3004             : 
    3005             :     /* back off to last completed page boundary */
    3006       16262 :     WriteRqst.Write -= WriteRqst.Write % XLOG_BLCKSZ;
    3007             : 
    3008             :     /* if we have already flushed that far, consider async commit records */
    3009       16262 :     if (WriteRqst.Write <= LogwrtResult.Flush)
    3010             :     {
    3011        7722 :         SpinLockAcquire(&XLogCtl->info_lck);
    3012        7722 :         WriteRqst.Write = XLogCtl->asyncXactLSN;
    3013        7722 :         SpinLockRelease(&XLogCtl->info_lck);
    3014        7722 :         flexible = false;       /* ensure it all gets written */
    3015             :     }
    3016             : 
    3017             :     /*
    3018             :      * If already known flushed, we're done. Just need to check if we are
    3019             :      * holding an open file handle to a logfile that's no longer in use,
    3020             :      * preventing the file from being deleted.
    3021             :      */
    3022       16262 :     if (WriteRqst.Write <= LogwrtResult.Flush)
    3023             :     {
    3024        7392 :         if (openLogFile >= 0)
    3025             :         {
    3026        4054 :             if (!XLByteInPrevSeg(LogwrtResult.Write, openLogSegNo,
    3027             :                                  wal_segment_size))
    3028             :             {
    3029          80 :                 XLogFileClose();
    3030             :             }
    3031             :         }
    3032        7392 :         return false;
    3033             :     }
    3034             : 
    3035             :     /*
    3036             :      * Determine how far to flush WAL, based on the wal_writer_delay and
    3037             :      * wal_writer_flush_after GUCs.
    3038             :      */
    3039        8870 :     now = GetCurrentTimestamp();
    3040        8870 :     flushbytes =
    3041        8870 :         WriteRqst.Write / XLOG_BLCKSZ - LogwrtResult.Flush / XLOG_BLCKSZ;
    3042             : 
    3043        8870 :     if (WalWriterFlushAfter == 0 || lastflush == 0)
    3044             :     {
    3045             :         /* first call, or block based limits disabled */
    3046         140 :         WriteRqst.Flush = WriteRqst.Write;
    3047         140 :         lastflush = now;
    3048             :     }
    3049        8730 :     else if (TimestampDifferenceExceeds(lastflush, now, WalWriterDelay))
    3050             :     {
    3051             :         /*
    3052             :          * Flush the writes at least every WalWriterDelay ms. This is
    3053             :          * important to bound the amount of time it takes for an asynchronous
    3054             :          * commit to hit disk.
    3055             :          */
    3056        1276 :         WriteRqst.Flush = WriteRqst.Write;
    3057        1276 :         lastflush = now;
    3058             :     }
    3059        7454 :     else if (flushbytes >= WalWriterFlushAfter)
    3060             :     {
    3061             :         /* exceeded wal_writer_flush_after blocks, flush */
    3062          10 :         WriteRqst.Flush = WriteRqst.Write;
    3063          10 :         lastflush = now;
    3064             :     }
    3065             :     else
    3066             :     {
    3067             :         /* no flushing, this time round */
    3068        7444 :         WriteRqst.Flush = 0;
    3069             :     }
    3070             : 
    3071             : #ifdef WAL_DEBUG
    3072             :     if (XLOG_DEBUG)
    3073             :         elog(LOG, "xlog bg flush request write %X/%X; flush: %X/%X, current is write %X/%X; flush %X/%X",
    3074             :              (uint32) (WriteRqst.Write >> 32), (uint32) WriteRqst.Write,
    3075             :              (uint32) (WriteRqst.Flush >> 32), (uint32) WriteRqst.Flush,
    3076             :              (uint32) (LogwrtResult.Write >> 32), (uint32) LogwrtResult.Write,
    3077             :              (uint32) (LogwrtResult.Flush >> 32), (uint32) LogwrtResult.Flush);
    3078             : #endif
    3079             : 
    3080        8870 :     START_CRIT_SECTION();
    3081             : 
    3082             :     /* now wait for any in-progress insertions to finish and get write lock */
    3083        8870 :     WaitXLogInsertionsToFinish(WriteRqst.Write);
    3084        8870 :     LWLockAcquire(WALWriteLock, LW_EXCLUSIVE);
    3085        8870 :     LogwrtResult = XLogCtl->LogwrtResult;
    3086       12666 :     if (WriteRqst.Write > LogwrtResult.Write ||
    3087        3796 :         WriteRqst.Flush > LogwrtResult.Flush)
    3088             :     {
    3089        5110 :         XLogWrite(WriteRqst, flexible);
    3090             :     }
    3091        8870 :     LWLockRelease(WALWriteLock);
    3092             : 
    3093        8870 :     END_CRIT_SECTION();
    3094             : 
    3095             :     /* wake up walsenders now that we've released heavily contended locks */
    3096        8870 :     WalSndWakeupProcessRequests();
    3097             : 
    3098             :     /*
    3099             :      * Great, done. To take some work off the critical path, try to initialize
    3100             :      * as many of the no-longer-needed WAL buffers for future use as we can.
    3101             :      */
    3102        8870 :     AdvanceXLInsertBuffer(InvalidXLogRecPtr, true);
    3103             : 
    3104             :     /*
    3105             :      * If we determined that we need to write data, but somebody else
    3106             :      * wrote/flushed already, it should be considered as being active, to
    3107             :      * avoid hibernating too early.
    3108             :      */
    3109        8870 :     return true;
    3110             : }
    3111             : 
    3112             : /*
    3113             :  * Test whether XLOG data has been flushed up to (at least) the given position.
    3114             :  *
    3115             :  * Returns true if a flush is still needed.  (It may be that someone else
    3116             :  * is already in process of flushing that far, however.)
    3117             :  */
    3118             : bool
    3119    15411688 : XLogNeedsFlush(XLogRecPtr record)
    3120             : {
    3121             :     /*
    3122             :      * During recovery, we don't flush WAL but update minRecoveryPoint
    3123             :      * instead. So "needs flush" is taken to mean whether minRecoveryPoint
    3124             :      * would need to be updated.
    3125             :      */
    3126    15411688 :     if (RecoveryInProgress())
    3127             :     {
    3128             :         /*
    3129             :          * An invalid minRecoveryPoint means that we need to recover all the
    3130             :          * WAL, i.e., we're doing crash recovery.  We never modify the control
    3131             :          * file's value in that case, so we can short-circuit future checks
    3132             :          * here too.  This triggers a quick exit path for the startup process,
    3133             :          * which cannot update its local copy of minRecoveryPoint as long as
    3134             :          * it has not replayed all WAL available when doing crash recovery.
    3135             :          */
    3136      112860 :         if (XLogRecPtrIsInvalid(minRecoveryPoint) && InRecovery)
    3137           0 :             updateMinRecoveryPoint = false;
    3138             : 
    3139             :         /* Quick exit if already known to be updated or cannot be updated */
    3140      112860 :         if (record <= minRecoveryPoint || !updateMinRecoveryPoint)
    3141      100072 :             return false;
    3142             : 
    3143             :         /*
    3144             :          * Update local copy of minRecoveryPoint. But if the lock is busy,
    3145             :          * just return a conservative guess.
    3146             :          */
    3147       12788 :         if (!LWLockConditionalAcquire(ControlFileLock, LW_SHARED))
    3148           0 :             return true;
    3149       12788 :         minRecoveryPoint = ControlFile->minRecoveryPoint;
    3150       12788 :         minRecoveryPointTLI = ControlFile->minRecoveryPointTLI;
    3151       12788 :         LWLockRelease(ControlFileLock);
    3152             : 
    3153             :         /*
    3154             :          * Check minRecoveryPoint for any other process than the startup
    3155             :          * process doing crash recovery, which should not update the control
    3156             :          * file value if crash recovery is still running.
    3157             :          */
    3158       12788 :         if (XLogRecPtrIsInvalid(minRecoveryPoint))
    3159           0 :             updateMinRecoveryPoint = false;
    3160             : 
    3161             :         /* check again */
    3162       12788 :         if (record <= minRecoveryPoint || !updateMinRecoveryPoint)
    3163          22 :             return false;
    3164             :         else
    3165       12766 :             return true;
    3166             :     }
    3167             : 
    3168             :     /* Quick exit if already known flushed */
    3169    15298828 :     if (record <= LogwrtResult.Flush)
    3170    15222858 :         return false;
    3171             : 
    3172             :     /* read LogwrtResult and update local state */
    3173       75970 :     SpinLockAcquire(&XLogCtl->info_lck);
    3174       75970 :     LogwrtResult = XLogCtl->LogwrtResult;
    3175       75970 :     SpinLockRelease(&XLogCtl->info_lck);
    3176             : 
    3177             :     /* check again */
    3178       75970 :     if (record <= LogwrtResult.Flush)
    3179         970 :         return false;
    3180             : 
    3181       75000 :     return true;
    3182             : }
    3183             : 
    3184             : /*
    3185             :  * Create a new XLOG file segment, or open a pre-existing one.
    3186             :  *
    3187             :  * logsegno: identify segment to be created/opened.
    3188             :  *
    3189             :  * *use_existent: if true, OK to use a pre-existing file (else, any
    3190             :  * pre-existing file will be deleted).  On return, true if a pre-existing
    3191             :  * file was used.
    3192             :  *
    3193             :  * use_lock: if true, acquire ControlFileLock while moving file into
    3194             :  * place.  This should be true except during bootstrap log creation.  The
    3195             :  * caller must *not* hold the lock at call.
    3196             :  *
    3197             :  * Returns FD of opened file.
    3198             :  *
    3199             :  * Note: errors here are ERROR not PANIC because we might or might not be
    3200             :  * inside a critical section (eg, during checkpoint there is no reason to
    3201             :  * take down the system on failure).  They will promote to PANIC if we are
    3202             :  * in a critical section.
    3203             :  */
    3204             : int
    3205        7992 : XLogFileInit(XLogSegNo logsegno, bool *use_existent, bool use_lock)
    3206             : {
    3207             :     char        path[MAXPGPATH];
    3208             :     char        tmppath[MAXPGPATH];
    3209             :     PGAlignedXLogBlock zbuffer;
    3210             :     XLogSegNo   installed_segno;
    3211             :     XLogSegNo   max_segno;
    3212             :     int         fd;
    3213             :     int         nbytes;
    3214             :     int         save_errno;
    3215             : 
    3216        7992 :     XLogFilePath(path, ThisTimeLineID, logsegno, wal_segment_size);
    3217             : 
    3218             :     /*
    3219             :      * Try to use existent file (checkpoint maker may have created it already)
    3220             :      */
    3221        7992 :     if (*use_existent)
    3222             :     {
    3223        7670 :         fd = BasicOpenFile(path, O_RDWR | PG_BINARY | get_sync_bit(sync_method));
    3224        7670 :         if (fd < 0)
    3225             :         {
    3226         348 :             if (errno != ENOENT)
    3227           0 :                 ereport(ERROR,
    3228             :                         (errcode_for_file_access(),
    3229             :                          errmsg("could not open file \"%s\": %m", path)));
    3230             :         }
    3231             :         else
    3232        7322 :             return fd;
    3233             :     }
    3234             : 
    3235             :     /*
    3236             :      * Initialize an empty (all zeroes) segment.  NOTE: it is possible that
    3237             :      * another process is doing the same thing.  If so, we will end up
    3238             :      * pre-creating an extra log segment.  That seems OK, and better than
    3239             :      * holding the lock throughout this lengthy process.
    3240             :      */
    3241         670 :     elog(DEBUG2, "creating and filling new WAL file");
    3242             : 
    3243         670 :     snprintf(tmppath, MAXPGPATH, XLOGDIR "/xlogtemp.%d", (int) getpid());
    3244             : 
    3245         670 :     unlink(tmppath);
    3246             : 
    3247             :     /* do not use get_sync_bit() here --- want to fsync only at end of fill */
    3248         670 :     fd = BasicOpenFile(tmppath, O_RDWR | O_CREAT | O_EXCL | PG_BINARY);
    3249         670 :     if (fd < 0)
    3250           0 :         ereport(ERROR,
    3251             :                 (errcode_for_file_access(),
    3252             :                  errmsg("could not create file \"%s\": %m", tmppath)));
    3253             : 
    3254         670 :     memset(zbuffer.data, 0, XLOG_BLCKSZ);
    3255             : 
    3256         670 :     pgstat_report_wait_start(WAIT_EVENT_WAL_INIT_WRITE);
    3257         670 :     save_errno = 0;
    3258         670 :     if (wal_init_zero)
    3259             :     {
    3260             :         /*
    3261             :          * Zero-fill the file.  With this setting, we do this the hard way to
    3262             :          * ensure that all the file space has really been allocated.  On
    3263             :          * platforms that allow "holes" in files, just seeking to the end
    3264             :          * doesn't allocate intermediate space.  This way, we know that we
    3265             :          * have all the space and (after the fsync below) that all the
    3266             :          * indirect blocks are down on disk.  Therefore, fdatasync(2) or
    3267             :          * O_DSYNC will be sufficient to sync future writes to the log file.
    3268             :          */
    3269     1038750 :         for (nbytes = 0; nbytes < wal_segment_size; nbytes += XLOG_BLCKSZ)
    3270             :         {
    3271     1038080 :             errno = 0;
    3272     1038080 :             if (write(fd, zbuffer.data, XLOG_BLCKSZ) != XLOG_BLCKSZ)
    3273             :             {
    3274             :                 /* if write didn't set errno, assume no disk space */
    3275           0 :                 save_errno = errno ? errno : ENOSPC;
    3276           0 :                 break;
    3277             :             }
    3278             :         }
    3279             :     }
    3280             :     else
    3281             :     {
    3282             :         /*
    3283             :          * Otherwise, seeking to the end and writing a solitary byte is
    3284             :          * enough.
    3285             :          */
    3286           0 :         errno = 0;
    3287           0 :         if (pg_pwrite(fd, zbuffer.data, 1, wal_segment_size - 1) != 1)
    3288             :         {
    3289             :             /* if write didn't set errno, assume no disk space */
    3290           0 :             save_errno = errno ? errno : ENOSPC;
    3291             :         }
    3292             :     }
    3293         670 :     pgstat_report_wait_end();
    3294             : 
    3295         670 :     if (save_errno)
    3296             :     {
    3297             :         /*
    3298             :          * If we fail to make the file, delete it to release disk space
    3299             :          */
    3300           0 :         unlink(tmppath);
    3301             : 
    3302           0 :         close(fd);
    3303             : 
    3304           0 :         errno = save_errno;
    3305             : 
    3306           0 :         ereport(ERROR,
    3307             :                 (errcode_for_file_access(),
    3308             :                  errmsg("could not write to file \"%s\": %m", tmppath)));
    3309             :     }
    3310             : 
    3311         670 :     pgstat_report_wait_start(WAIT_EVENT_WAL_INIT_SYNC);
    3312         670 :     if (pg_fsync(fd) != 0)
    3313             :     {
    3314           0 :         int         save_errno = errno;
    3315             : 
    3316           0 :         close(fd);
    3317           0 :         errno = save_errno;
    3318           0 :         ereport(ERROR,
    3319             :                 (errcode_for_file_access(),
    3320             :                  errmsg("could not fsync file \"%s\": %m", tmppath)));
    3321             :     }
    3322         670 :     pgstat_report_wait_end();
    3323             : 
    3324         670 :     if (close(fd) != 0)
    3325           0 :         ereport(ERROR,
    3326             :                 (errcode_for_file_access(),
    3327             :                  errmsg("could not close file \"%s\": %m", tmppath)));
    3328             : 
    3329             :     /*
    3330             :      * Now move the segment into place with its final name.
    3331             :      *
    3332             :      * If caller didn't want to use a pre-existing file, get rid of any
    3333             :      * pre-existing file.  Otherwise, cope with possibility that someone else
    3334             :      * has created the file while we were filling ours: if so, use ours to
    3335             :      * pre-create a future log segment.
    3336             :      */
    3337         670 :     installed_segno = logsegno;
    3338             : 
    3339             :     /*
    3340             :      * XXX: What should we use as max_segno? We used to use XLOGfileslop when
    3341             :      * that was a constant, but that was always a bit dubious: normally, at a
    3342             :      * checkpoint, XLOGfileslop was the offset from the checkpoint record, but
    3343             :      * here, it was the offset from the insert location. We can't do the
    3344             :      * normal XLOGfileslop calculation here because we don't have access to
    3345             :      * the prior checkpoint's redo location. So somewhat arbitrarily, just use
    3346             :      * CheckPointSegments.
    3347             :      */
    3348         670 :     max_segno = logsegno + CheckPointSegments;
    3349        1340 :     if (!InstallXLogFileSegment(&installed_segno, tmppath,
    3350         670 :                                 *use_existent, max_segno,
    3351             :                                 use_lock))
    3352             :     {
    3353             :         /*
    3354             :          * No need for any more future segments, or InstallXLogFileSegment()
    3355             :          * failed to rename the file into place. If the rename failed, opening
    3356             :          * the file below will fail.
    3357             :          */
    3358           0 :         unlink(tmppath);
    3359             :     }
    3360             : 
    3361             :     /* Set flag to tell caller there was no existent file */
    3362         670 :     *use_existent = false;
    3363             : 
    3364             :     /* Now open original target segment (might not be file I just made) */
    3365         670 :     fd = BasicOpenFile(path, O_RDWR | PG_BINARY | get_sync_bit(sync_method));
    3366         670 :     if (fd < 0)
    3367           0 :         ereport(ERROR,
    3368             :                 (errcode_for_file_access(),
    3369             :                  errmsg("could not open file \"%s\": %m", path)));
    3370             : 
    3371         670 :     elog(DEBUG2, "done creating and filling new WAL file");
    3372             : 
    3373         670 :     return fd;
    3374             : }
    3375             : 
    3376             : /*
    3377             :  * Create a new XLOG file segment by copying a pre-existing one.
    3378             :  *
    3379             :  * destsegno: identify segment to be created.
    3380             :  *
    3381             :  * srcTLI, srcsegno: identify segment to be copied (could be from
    3382             :  *      a different timeline)
    3383             :  *
    3384             :  * upto: how much of the source file to copy (the rest is filled with
    3385             :  *      zeros)
    3386             :  *
    3387             :  * Currently this is only used during recovery, and so there are no locking
    3388             :  * considerations.  But we should be just as tense as XLogFileInit to avoid
    3389             :  * emplacing a bogus file.
    3390             :  */
    3391             : static void
    3392          34 : XLogFileCopy(XLogSegNo destsegno, TimeLineID srcTLI, XLogSegNo srcsegno,
    3393             :              int upto)
    3394             : {
    3395             :     char        path[MAXPGPATH];
    3396             :     char        tmppath[MAXPGPATH];
    3397             :     PGAlignedXLogBlock buffer;
    3398             :     int         srcfd;
    3399             :     int         fd;
    3400             :     int         nbytes;
    3401             : 
    3402             :     /*
    3403             :      * Open the source file
    3404             :      */
    3405          34 :     XLogFilePath(path, srcTLI, srcsegno, wal_segment_size);
    3406          34 :     srcfd = OpenTransientFile(path, O_RDONLY | PG_BINARY);
    3407          34 :     if (srcfd < 0)
    3408           0 :         ereport(ERROR,
    3409             :                 (errcode_for_file_access(),
    3410             :                  errmsg("could not open file \"%s\": %m", path)));
    3411             : 
    3412             :     /*
    3413             :      * Copy into a temp file name.
    3414             :      */
    3415          34 :     snprintf(tmppath, MAXPGPATH, XLOGDIR "/xlogtemp.%d", (int) getpid());
    3416             : 
    3417          34 :     unlink(tmppath);
    3418             : 
    3419             :     /* do not use get_sync_bit() here --- want to fsync only at end of fill */
    3420          34 :     fd = OpenTransientFile(tmppath, O_RDWR | O_CREAT | O_EXCL | PG_BINARY);
    3421          34 :     if (fd < 0)
    3422           0 :         ereport(ERROR,
    3423             :                 (errcode_for_file_access(),
    3424             :                  errmsg("could not create file \"%s\": %m", tmppath)));
    3425             : 
    3426             :     /*
    3427             :      * Do the data copying.
    3428             :      */
    3429       69666 :     for (nbytes = 0; nbytes < wal_segment_size; nbytes += sizeof(buffer))
    3430             :     {
    3431             :         int         nread;
    3432             : 
    3433       69632 :         nread = upto - nbytes;
    3434             : 
    3435             :         /*
    3436             :          * The part that is not read from the source file is filled with
    3437             :          * zeros.
    3438             :          */
    3439       69632 :         if (nread < sizeof(buffer))
    3440          34 :             memset(buffer.data, 0, sizeof(buffer));
    3441             : 
    3442       69632 :         if (nread > 0)
    3443             :         {
    3444             :             int         r;
    3445             : 
    3446        1566 :             if (nread > sizeof(buffer))
    3447        1532 :                 nread = sizeof(buffer);
    3448        1566 :             pgstat_report_wait_start(WAIT_EVENT_WAL_COPY_READ);
    3449        1566 :             r = read(srcfd, buffer.data, nread);
    3450        1566 :             if (r != nread)
    3451             :             {
    3452           0 :                 if (r < 0)
    3453           0 :                     ereport(ERROR,
    3454             :                             (errcode_for_file_access(),
    3455             :                              errmsg("could not read file \"%s\": %m",
    3456             :                                     path)));
    3457             :                 else
    3458           0 :                     ereport(ERROR,
    3459             :                             (errcode(ERRCODE_DATA_CORRUPTED),
    3460             :                              errmsg("could not read file \"%s\": read %d of %zu",
    3461             :                                     path, r, (Size) nread)));
    3462             :             }
    3463        1566 :             pgstat_report_wait_end();
    3464             :         }
    3465       69632 :         errno = 0;
    3466       69632 :         pgstat_report_wait_start(WAIT_EVENT_WAL_COPY_WRITE);
    3467       69632 :         if ((int) write(fd, buffer.data, sizeof(buffer)) != (int) sizeof(buffer))
    3468             :         {
    3469           0 :             int         save_errno = errno;
    3470             : 
    3471             :             /*
    3472             :              * If we fail to make the file, delete it to release disk space
    3473             :              */
    3474           0 :             unlink(tmppath);
    3475             :             /* if write didn't set errno, assume problem is no disk space */
    3476           0 :             errno = save_errno ? save_errno : ENOSPC;
    3477             : 
    3478           0 :             ereport(ERROR,
    3479             :                     (errcode_for_file_access(),
    3480             :                      errmsg("could not write to file \"%s\": %m", tmppath)));
    3481             :         }
    3482       69632 :         pgstat_report_wait_end();
    3483             :     }
    3484             : 
    3485          34 :     pgstat_report_wait_start(WAIT_EVENT_WAL_COPY_SYNC);
    3486          34 :     if (pg_fsync(fd) != 0)
    3487           0 :         ereport(data_sync_elevel(ERROR),
    3488             :                 (errcode_for_file_access(),
    3489             :                  errmsg("could not fsync file \"%s\": %m", tmppath)));
    3490          34 :     pgstat_report_wait_end();
    3491             : 
    3492          34 :     if (CloseTransientFile(fd) != 0)
    3493           0 :         ereport(ERROR,
    3494             :                 (errcode_for_file_access(),
    3495             :                  errmsg("could not close file \"%s\": %m", tmppath)));
    3496             : 
    3497          34 :     if (CloseTransientFile(srcfd) != 0)
    3498           0 :         ereport(ERROR,
    3499             :                 (errcode_for_file_access(),
    3500             :                  errmsg("could not close file \"%s\": %m", path)));
    3501             : 
    3502             :     /*
    3503             :      * Now move the segment into place with its final name.
    3504             :      */
    3505          34 :     if (!InstallXLogFileSegment(&destsegno, tmppath, false, 0, false))
    3506           0 :         elog(ERROR, "InstallXLogFileSegment should not have failed");
    3507          34 : }
    3508             : 
    3509             : /*
    3510             :  * Install a new XLOG segment file as a current or future log segment.
    3511             :  *
    3512             :  * This is used both to install a newly-created segment (which has a temp
    3513             :  * filename while it's being created) and to recycle an old segment.
    3514             :  *
    3515             :  * *segno: identify segment to install as (or first possible target).
    3516             :  * When find_free is true, this is modified on return to indicate the
    3517             :  * actual installation location or last segment searched.
    3518             :  *
    3519             :  * tmppath: initial name of file to install.  It will be renamed into place.
    3520             :  *
    3521             :  * find_free: if true, install the new segment at the first empty segno
    3522             :  * number at or after the passed numbers.  If false, install the new segment
    3523             :  * exactly where specified, deleting any existing segment file there.
    3524             :  *
    3525             :  * max_segno: maximum segment number to install the new file as.  Fail if no
    3526             :  * free slot is found between *segno and max_segno. (Ignored when find_free
    3527             :  * is false.)
    3528             :  *
    3529             :  * use_lock: if true, acquire ControlFileLock while moving file into
    3530             :  * place.  This should be true except during bootstrap log creation.  The
    3531             :  * caller must *not* hold the lock at call.
    3532             :  *
    3533             :  * Returns true if the file was installed successfully.  false indicates that
    3534             :  * max_segno limit was exceeded, or an error occurred while renaming the
    3535             :  * file into place.
    3536             :  */
    3537             : static bool
    3538        1386 : InstallXLogFileSegment(XLogSegNo *segno, char *tmppath,
    3539             :                        bool find_free, XLogSegNo max_segno,
    3540             :                        bool use_lock)
    3541             : {
    3542             :     char        path[MAXPGPATH];
    3543             :     struct stat stat_buf;
    3544             : 
    3545        1386 :     XLogFilePath(path, ThisTimeLineID, *segno, wal_segment_size);
    3546             : 
    3547             :     /*
    3548             :      * We want to be sure that only one process does this at a time.
    3549             :      */
    3550        1386 :     if (use_lock)
    3551        1030 :         LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    3552             : 
    3553        1386 :     if (!find_free)
    3554             :     {
    3555             :         /* Force installation: get rid of any pre-existing segment file */
    3556         356 :         durable_unlink(path, DEBUG1);
    3557             :     }
    3558             :     else
    3559             :     {
    3560             :         /* Find a free slot to put it in */
    3561       14250 :         while (stat(path, &stat_buf) == 0)
    3562             :         {
    3563       12200 :             if ((*segno) >= max_segno)
    3564             :             {
    3565             :                 /* Failed to find a free slot within specified range */
    3566          10 :                 if (use_lock)
    3567          10 :                     LWLockRelease(ControlFileLock);
    3568          10 :                 return false;
    3569             :             }
    3570       12190 :             (*segno)++;
    3571       12190 :             XLogFilePath(path, ThisTimeLineID, *segno, wal_segment_size);
    3572             :         }
    3573             :     }
    3574             : 
    3575             :     /*
    3576             :      * Perform the rename using link if available, paranoidly trying to avoid
    3577             :      * overwriting an existing file (there shouldn't be one).
    3578             :      */
    3579        1376 :     if (durable_link_or_rename(tmppath, path, LOG) != 0)
    3580             :     {
    3581           0 :         if (use_lock)
    3582           0 :             LWLockRelease(ControlFileLock);
    3583             :         /* durable_link_or_rename already emitted log message */
    3584           0 :         return false;
    3585             :     }
    3586             : 
    3587        1376 :     if (use_lock)
    3588        1020 :         LWLockRelease(ControlFileLock);
    3589             : 
    3590        1376 :     return true;
    3591             : }
    3592             : 
    3593             : /*
    3594             :  * Open a pre-existing logfile segment for writing.
    3595             :  */
    3596             : int
    3597           8 : XLogFileOpen(XLogSegNo segno)
    3598             : {
    3599             :     char        path[MAXPGPATH];
    3600             :     int         fd;
    3601             : 
    3602           8 :     XLogFilePath(path, ThisTimeLineID, segno, wal_segment_size);
    3603             : 
    3604           8 :     fd = BasicOpenFile(path, O_RDWR | PG_BINARY | get_sync_bit(sync_method));
    3605           8 :     if (fd < 0)
    3606           0 :         ereport(PANIC,
    3607             :                 (errcode_for_file_access(),
    3608             :                  errmsg("could not open file \"%s\": %m", path)));
    3609             : 
    3610           8 :     return fd;
    3611             : }
    3612             : 
    3613             : /*
    3614             :  * Open a logfile segment for reading (during recovery).
    3615             :  *
    3616             :  * If source == XLOG_FROM_ARCHIVE, the segment is retrieved from archive.
    3617             :  * Otherwise, it's assumed to be already available in pg_wal.
    3618             :  */
    3619             : static int
    3620        1988 : XLogFileRead(XLogSegNo segno, int emode, TimeLineID tli,
    3621             :              int source, bool notfoundOk)
    3622             : {
    3623             :     char        xlogfname[MAXFNAMELEN];
    3624             :     char        activitymsg[MAXFNAMELEN + 16];
    3625             :     char        path[MAXPGPATH];
    3626             :     int         fd;
    3627             : 
    3628        1988 :     XLogFileName(xlogfname, tli, segno, wal_segment_size);
    3629             : 
    3630        1988 :     switch (source)
    3631             :     {
    3632             :         case XLOG_FROM_ARCHIVE:
    3633             :             /* Report recovery progress in PS display */
    3634         342 :             snprintf(activitymsg, sizeof(activitymsg), "waiting for %s",
    3635             :                      xlogfname);
    3636         342 :             set_ps_display(activitymsg, false);
    3637             : 
    3638         342 :             restoredFromArchive = RestoreArchivedFile(path, xlogfname,
    3639             :                                                       "RECOVERYXLOG",
    3640             :                                                       wal_segment_size,
    3641             :                                                       InRedo);
    3642         342 :             if (!restoredFromArchive)
    3643         328 :                 return -1;
    3644          14 :             break;
    3645             : 
    3646             :         case XLOG_FROM_PG_WAL:
    3647             :         case XLOG_FROM_STREAM:
    3648        1646 :             XLogFilePath(path, tli, segno, wal_segment_size);
    3649        1646 :             restoredFromArchive = false;
    3650        1646 :             break;
    3651             : 
    3652             :         default:
    3653           0 :             elog(ERROR, "invalid XLogFileRead source %d", source);
    3654             :     }
    3655             : 
    3656             :     /*
    3657             :      * If the segment was fetched from archival storage, replace the existing
    3658             :      * xlog segment (if any) with the archival version.
    3659             :      */
    3660        1660 :     if (source == XLOG_FROM_ARCHIVE)
    3661             :     {
    3662          14 :         KeepFileRestoredFromArchive(path, xlogfname);
    3663             : 
    3664             :         /*
    3665             :          * Set path to point at the new file in pg_wal.
    3666             :          */
    3667          14 :         snprintf(path, MAXPGPATH, XLOGDIR "/%s", xlogfname);
    3668             :     }
    3669             : 
    3670        1660 :     fd = BasicOpenFile(path, O_RDONLY | PG_BINARY);
    3671        1660 :     if (fd >= 0)
    3672             :     {
    3673             :         /* Success! */
    3674        1542 :         curFileTLI = tli;
    3675             : 
    3676             :         /* Report recovery progress in PS display */
    3677        1542 :         snprintf(activitymsg, sizeof(activitymsg), "recovering %s",
    3678             :                  xlogfname);
    3679        1542 :         set_ps_display(activitymsg, false);
    3680             : 
    3681             :         /* Track source of data in assorted state variables */
    3682        1542 :         readSource = source;
    3683        1542 :         XLogReceiptSource = source;
    3684             :         /* In FROM_STREAM case, caller tracks receipt time, not me */
    3685        1542 :         if (source != XLOG_FROM_STREAM)
    3686        1438 :             XLogReceiptTime = GetCurrentTimestamp();
    3687             : 
    3688        1542 :         return fd;
    3689             :     }
    3690         118 :     if (errno != ENOENT || !notfoundOk) /* unexpected failure? */
    3691           0 :         ereport(PANIC,
    3692             :                 (errcode_for_file_access(),
    3693             :                  errmsg("could not open file \"%s\": %m", path)));
    3694         118 :     return -1;
    3695             : }
    3696             : 
    3697             : /*
    3698             :  * Open a logfile segment for reading (during recovery).
    3699             :  *
    3700             :  * This version searches for the segment with any TLI listed in expectedTLEs.
    3701             :  */
    3702             : static int
    3703        1536 : XLogFileReadAnyTLI(XLogSegNo segno, int emode, int source)
    3704             : {
    3705             :     char        path[MAXPGPATH];
    3706             :     ListCell   *cell;
    3707             :     int         fd;
    3708             :     List       *tles;
    3709             : 
    3710             :     /*
    3711             :      * Loop looking for a suitable timeline ID: we might need to read any of
    3712             :      * the timelines listed in expectedTLEs.
    3713             :      *
    3714             :      * We expect curFileTLI on entry to be the TLI of the preceding file in
    3715             :      * sequence, or 0 if there was no predecessor.  We do not allow curFileTLI
    3716             :      * to go backwards; this prevents us from picking up the wrong file when a
    3717             :      * parent timeline extends to higher segment numbers than the child we
    3718             :      * want to read.
    3719             :      *
    3720             :      * If we haven't read the timeline history file yet, read it now, so that
    3721             :      * we know which TLIs to scan.  We don't save the list in expectedTLEs,
    3722             :      * however, unless we actually find a valid segment.  That way if there is
    3723             :      * neither a timeline history file nor a WAL segment in the archive, and
    3724             :      * streaming replication is set up, we'll read the timeline history file
    3725             :      * streamed from the master when we start streaming, instead of recovering
    3726             :      * with a dummy history generated here.
    3727             :      */
    3728        1536 :     if (expectedTLEs)
    3729         344 :         tles = expectedTLEs;
    3730             :     else
    3731        1192 :         tles = readTimeLineHistory(recoveryTargetTLI);
    3732             : 
    3733        1654 :     foreach(cell, tles)
    3734             :     {
    3735        1556 :         TimeLineID  tli = ((TimeLineHistoryEntry *) lfirst(cell))->tli;
    3736             : 
    3737        1556 :         if (tli < curFileTLI)
    3738           0 :             break;              /* don't bother looking at too-old TLIs */
    3739             : 
    3740        1556 :         if (source == XLOG_FROM_ANY || source == XLOG_FROM_ARCHIVE)
    3741             :         {
    3742         342 :             fd = XLogFileRead(segno, emode, tli,
    3743             :                               XLOG_FROM_ARCHIVE, true);
    3744         342 :             if (fd != -1)
    3745             :             {
    3746          14 :                 elog(DEBUG1, "got WAL segment from archive");
    3747          14 :                 if (!expectedTLEs)
    3748           6 :                     expectedTLEs = tles;
    3749        1452 :                 return fd;
    3750             :             }
    3751             :         }
    3752             : 
    3753        1542 :         if (source == XLOG_FROM_ANY || source == XLOG_FROM_PG_WAL)
    3754             :         {
    3755        1542 :             fd = XLogFileRead(segno, emode, tli,
    3756             :                               XLOG_FROM_PG_WAL, true);
    3757        1542 :             if (fd != -1)
    3758             :             {
    3759        1424 :                 if (!expectedTLEs)
    3760        1186 :                     expectedTLEs = tles;
    3761        1424 :                 return fd;
    3762             :             }
    3763             :         }
    3764             :     }
    3765             : 
    3766             :     /* Couldn't find it.  For simplicity, complain about front timeline */
    3767          98 :     XLogFilePath(path, recoveryTargetTLI, segno, wal_segment_size);
    3768          98 :     errno = ENOENT;
    3769         100 :     ereport(emode,
    3770             :             (errcode_for_file_access(),
    3771             :              errmsg("could not open file \"%s\": %m", path)));
    3772          98 :     return -1;
    3773             : }
    3774             : 
    3775             : /*
    3776             :  * Close the current logfile segment for writing.
    3777             :  */
    3778             : static void
    3779        2028 : XLogFileClose(void)
    3780             : {
    3781             :     Assert(openLogFile >= 0);
    3782             : 
    3783             :     /*
    3784             :      * WAL segment files will not be re-read in normal operation, so we advise
    3785             :      * the OS to release any cached pages.  But do not do so if WAL archiving
    3786             :      * or streaming is active, because archiver and walsender process could
    3787             :      * use the cache to read the WAL segment.
    3788             :      */
    3789             : #if defined(USE_POSIX_FADVISE) && defined(POSIX_FADV_DONTNEED)
    3790        2028 :     if (!XLogIsNeeded())
    3791          36 :         (void) posix_fadvise(openLogFile, 0, 0, POSIX_FADV_DONTNEED);
    3792             : #endif
    3793             : 
    3794        2028 :     if (close(openLogFile) != 0)
    3795           0 :         ereport(PANIC,
    3796             :                 (errcode_for_file_access(),
    3797             :                  errmsg("could not close file \"%s\": %m",
    3798             :                         XLogFileNameP(ThisTimeLineID, openLogSegNo))));
    3799        2028 :     openLogFile = -1;
    3800        2028 : }
    3801             : 
    3802             : /*
    3803             :  * Preallocate log files beyond the specified log endpoint.
    3804             :  *
    3805             :  * XXX this is currently extremely conservative, since it forces only one
    3806             :  * future log segment to exist, and even that only if we are 75% done with
    3807             :  * the current one.  This is only appropriate for very low-WAL-volume systems.
    3808             :  * High-volume systems will be OK once they've built up a sufficient set of
    3809             :  * recycled log segments, but the startup transient is likely to include
    3810             :  * a lot of segment creations by foreground processes, which is not so good.
    3811             :  */
    3812             : static void
    3813        2952 : PreallocXlogFiles(XLogRecPtr endptr)
    3814             : {
    3815             :     XLogSegNo   _logSegNo;
    3816             :     int         lf;
    3817             :     bool        use_existent;
    3818             :     uint64      offset;
    3819             : 
    3820        2952 :     XLByteToPrevSeg(endptr, _logSegNo, wal_segment_size);
    3821        2952 :     offset = XLogSegmentOffset(endptr - 1, wal_segment_size);
    3822        2952 :     if (offset >= (uint32) (0.75 * wal_segment_size))
    3823             :     {
    3824          54 :         _logSegNo++;
    3825          54 :         use_existent = true;
    3826          54 :         lf = XLogFileInit(_logSegNo, &use_existent, true);
    3827          54 :         close(lf);
    3828          54 :         if (!use_existent)
    3829           2 :             CheckpointStats.ckpt_segs_added++;
    3830             :     }
    3831        2952 : }
    3832             : 
    3833             : /*
    3834             :  * Throws an error if the given log segment has already been removed or
    3835             :  * recycled. The caller should only pass a segment that it knows to have
    3836             :  * existed while the server has been running, as this function always
    3837             :  * succeeds if no WAL segments have been removed since startup.
    3838             :  * 'tli' is only used in the error message.
    3839             :  *
    3840             :  * Note: this function guarantees to keep errno unchanged on return.
    3841             :  * This supports callers that use this to possibly deliver a better
    3842             :  * error message about a missing file, while still being able to throw
    3843             :  * a normal file-access error afterwards, if this does return.
    3844             :  */
    3845             : void
    3846        5924 : CheckXLogRemoved(XLogSegNo segno, TimeLineID tli)
    3847             : {
    3848        5924 :     int         save_errno = errno;
    3849             :     XLogSegNo   lastRemovedSegNo;
    3850             : 
    3851        5924 :     SpinLockAcquire(&XLogCtl->info_lck);
    3852        5924 :     lastRemovedSegNo = XLogCtl->lastRemovedSegNo;
    3853        5924 :     SpinLockRelease(&XLogCtl->info_lck);
    3854             : 
    3855        5924 :     if (segno <= lastRemovedSegNo)
    3856             :     {
    3857             :         char        filename[MAXFNAMELEN];
    3858             : 
    3859           0 :         XLogFileName(filename, tli, segno, wal_segment_size);
    3860           0 :         errno = save_errno;
    3861           0 :         ereport(ERROR,
    3862             :                 (errcode_for_file_access(),
    3863             :                  errmsg("requested WAL segment %s has already been removed",
    3864             :                         filename)));
    3865             :     }
    3866        5924 :     errno = save_errno;
    3867        5924 : }
    3868             : 
    3869             : /*
    3870             :  * Return the last WAL segment removed, or 0 if no segment has been removed
    3871             :  * since startup.
    3872             :  *
    3873             :  * NB: the result can be out of date arbitrarily fast, the caller has to deal
    3874             :  * with that.
    3875             :  */
    3876             : XLogSegNo
    3877         326 : XLogGetLastRemovedSegno(void)
    3878             : {
    3879             :     XLogSegNo   lastRemovedSegNo;
    3880             : 
    3881         326 :     SpinLockAcquire(&XLogCtl->info_lck);
    3882         326 :     lastRemovedSegNo = XLogCtl->lastRemovedSegNo;
    3883         326 :     SpinLockRelease(&XLogCtl->info_lck);
    3884             : 
    3885         326 :     return lastRemovedSegNo;
    3886             : }
    3887             : 
    3888             : /*
    3889             :  * Update the last removed segno pointer in shared memory, to reflect
    3890             :  * that the given XLOG file has been removed.
    3891             :  */
    3892             : static void
    3893         660 : UpdateLastRemovedPtr(char *filename)
    3894             : {
    3895             :     uint32      tli;
    3896             :     XLogSegNo   segno;
    3897             : 
    3898         660 :     XLogFromFileName(filename, &tli, &segno, wal_segment_size);
    3899             : 
    3900         660 :     SpinLockAcquire(&XLogCtl->info_lck);
    3901         660 :     if (segno > XLogCtl->lastRemovedSegNo)
    3902         164 :         XLogCtl->lastRemovedSegNo = segno;
    3903         660 :     SpinLockRelease(&XLogCtl->info_lck);
    3904         660 : }
    3905             : 
    3906             : /*
    3907             :  * Remove all temporary log files in pg_wal
    3908             :  *
    3909             :  * This is called at the beginning of recovery after a previous crash,
    3910             :  * at a point where no other processes write fresh WAL data.
    3911             :  */
    3912             : static void
    3913         106 : RemoveTempXlogFiles(void)
    3914             : {
    3915             :     DIR        *xldir;
    3916             :     struct dirent *xlde;
    3917             : 
    3918         106 :     elog(DEBUG2, "removing all temporary WAL segments");
    3919             : 
    3920         106 :     xldir = AllocateDir(XLOGDIR);
    3921         706 :     while ((xlde = ReadDir(xldir, XLOGDIR)) != NULL)
    3922             :     {
    3923             :         char        path[MAXPGPATH];
    3924             : 
    3925         494 :         if (strncmp(xlde->d_name, "xlogtemp.", 9) != 0)
    3926         494 :             continue;
    3927             : 
    3928           0 :         snprintf(path, MAXPGPATH, XLOGDIR "/%s", xlde->d_name);
    3929           0 :         unlink(path);
    3930           0 :         elog(DEBUG2, "removed temporary WAL segment \"%s\"", path);
    3931             :     }
    3932         106 :     FreeDir(xldir);
    3933         106 : }
    3934             : 
    3935             : /*
    3936             :  * Recycle or remove all log files older or equal to passed segno.
    3937             :  *
    3938             :  * endptr is current (or recent) end of xlog, and RedoRecPtr is the
    3939             :  * redo pointer of the last checkpoint. These are used to determine
    3940             :  * whether we want to recycle rather than delete no-longer-wanted log files.
    3941             :  */
    3942             : static void
    3943        2832 : RemoveOldXlogFiles(XLogSegNo segno, XLogRecPtr RedoRecPtr, XLogRecPtr endptr)
    3944             : {
    3945             :     DIR        *xldir;
    3946             :     struct dirent *xlde;
    3947             :     char        lastoff[MAXFNAMELEN];
    3948             : 
    3949             :     /*
    3950             :      * Construct a filename of the last segment to be kept. The timeline ID
    3951             :      * doesn't matter, we ignore that in the comparison. (During recovery,
    3952             :      * ThisTimeLineID isn't set, so we can't use that.)
    3953             :      */
    3954        2832 :     XLogFileName(lastoff, 0, segno, wal_segment_size);
    3955             : 
    3956        2832 :     elog(DEBUG2, "attempting to remove WAL segments older than log file %s",
    3957             :          lastoff);
    3958             : 
    3959        2832 :     xldir = AllocateDir(XLOGDIR);
    3960             : 
    3961       18748 :     while ((xlde = ReadDir(xldir, XLOGDIR)) != NULL)
    3962             :     {
    3963             :         /* Ignore files that are not XLOG segments */
    3964       21656 :         if (!IsXLogFileName(xlde->d_name) &&
    3965        8572 :             !IsPartialXLogFileName(xlde->d_name))
    3966        8572 :             continue;
    3967             : 
    3968             :         /*
    3969             :          * We ignore the timeline part of the XLOG segment identifiers in
    3970             :          * deciding whether a segment is still needed.  This ensures that we
    3971             :          * won't prematurely remove a segment from a parent timeline. We could
    3972             :          * probably be a little more proactive about removing segments of
    3973             :          * non-parent timelines, but that would be a whole lot more
    3974             :          * complicated.
    3975             :          *
    3976             :          * We use the alphanumeric sorting property of the filenames to decide
    3977             :          * which ones are earlier than the lastoff segment.
    3978             :          */
    3979        4512 :         if (strcmp(xlde->d_name + 8, lastoff + 8) <= 0)
    3980             :         {
    3981         660 :             if (XLogArchiveCheckDone(xlde->d_name))
    3982             :             {
    3983             :                 /* Update the last removed location in shared memory first */
    3984         660 :                 UpdateLastRemovedPtr(xlde->d_name);
    3985             : 
    3986         660 :                 RemoveXlogFile(xlde->d_name, RedoRecPtr, endptr);
    3987             :             }
    3988             :         }
    3989             :     }
    3990             : 
    3991        2832 :     FreeDir(xldir);
    3992        2832 : }
    3993             : 
    3994             : /*
    3995             :  * Remove WAL files that are not part of the given timeline's history.
    3996             :  *
    3997             :  * This is called during recovery, whenever we switch to follow a new
    3998             :  * timeline, and at the end of recovery when we create a new timeline. We
    3999             :  * wouldn't otherwise care about extra WAL files lying in pg_wal, but they
    4000             :  * might be leftover pre-allocated or recycled WAL segments on the old timeline
    4001             :  * that we haven't used yet, and contain garbage. If we just leave them in
    4002             :  * pg_wal, they will eventually be archived, and we can't let that happen.
    4003             :  * Files that belong to our timeline history are valid, because we have
    4004             :  * successfully replayed them, but from others we can't be sure.
    4005             :  *
    4006             :  * 'switchpoint' is the current point in WAL where we switch to new timeline,
    4007             :  * and 'newTLI' is the new timeline we switch to.
    4008             :  */
    4009             : static void
    4010          56 : RemoveNonParentXlogFiles(XLogRecPtr switchpoint, TimeLineID newTLI)
    4011             : {
    4012             :     DIR        *xldir;
    4013             :     struct dirent *xlde;
    4014             :     char        switchseg[MAXFNAMELEN];
    4015             :     XLogSegNo   endLogSegNo;
    4016             : 
    4017          56 :     XLByteToPrevSeg(switchpoint, endLogSegNo, wal_segment_size);
    4018             : 
    4019             :     /*
    4020             :      * Construct a filename of the last segment to be kept.
    4021             :      */
    4022          56 :     XLogFileName(switchseg, newTLI, endLogSegNo, wal_segment_size);
    4023             : 
    4024          56 :     elog(DEBUG2, "attempting to remove WAL segments newer than log file %s",
    4025             :          switchseg);
    4026             : 
    4027          56 :     xldir = AllocateDir(XLOGDIR);
    4028             : 
    4029         532 :     while ((xlde = ReadDir(xldir, XLOGDIR)) != NULL)
    4030             :     {
    4031             :         /* Ignore files that are not XLOG segments */
    4032         420 :         if (!IsXLogFileName(xlde->d_name))
    4033         242 :             continue;
    4034             : 
    4035             :         /*
    4036             :          * Remove files that are on a timeline older than the new one we're
    4037             :          * switching to, but with a segment number >= the first segment on the
    4038             :          * new timeline.
    4039             :          */
    4040         296 :         if (strncmp(xlde->d_name, switchseg, 8) < 0 &&
    4041         118 :             strcmp(xlde->d_name + 8, switchseg + 8) > 0)
    4042             :         {
    4043             :             /*
    4044             :              * If the file has already been marked as .ready, however, don't
    4045             :              * remove it yet. It should be OK to remove it - files that are
    4046             :              * not part of our timeline history are not required for recovery
    4047             :              * - but seems safer to let them be archived and removed later.
    4048             :              */
    4049          22 :             if (!XLogArchiveIsReady(xlde->d_name))
    4050          22 :                 RemoveXlogFile(xlde->d_name, InvalidXLogRecPtr, switchpoint);
    4051             :         }
    4052             :     }
    4053             : 
    4054          56 :     FreeDir(xldir);
    4055          56 : }
    4056             : 
    4057             : /*
    4058             :  * Recycle or remove a log file that's no longer needed.
    4059             :  *
    4060             :  * endptr is current (or recent) end of xlog, and RedoRecPtr is the
    4061             :  * redo pointer of the last checkpoint. These are used to determine
    4062             :  * whether we want to recycle rather than delete no-longer-wanted log files.
    4063             :  * If RedoRecPtr is not known, pass invalid, and the function will recycle,
    4064             :  * somewhat arbitrarily, 10 future segments.
    4065             :  */
    4066             : static void
    4067         682 : RemoveXlogFile(const char *segname, XLogRecPtr RedoRecPtr, XLogRecPtr endptr)
    4068             : {
    4069             :     char        path[MAXPGPATH];
    4070             : #ifdef WIN32
    4071             :     char        newpath[MAXPGPATH];
    4072             : #endif
    4073             :     struct stat statbuf;
    4074             :     XLogSegNo   endlogSegNo;
    4075             :     XLogSegNo   recycleSegNo;
    4076             : 
    4077         682 :     if (wal_recycle)
    4078             :     {
    4079             :         /*
    4080             :          * Initialize info about where to try to recycle to.
    4081             :          */
    4082         682 :         XLByteToSeg(endptr, endlogSegNo, wal_segment_size);
    4083         682 :         if (RedoRecPtr == InvalidXLogRecPtr)
    4084          22 :             recycleSegNo = endlogSegNo + 10;
    4085             :         else
    4086         660 :             recycleSegNo = XLOGfileslop(RedoRecPtr);
    4087             :     }
    4088             :     else
    4089           0 :         recycleSegNo = 0;       /* keep compiler quiet */
    4090             : 
    4091         682 :     snprintf(path, MAXPGPATH, XLOGDIR "/%s", segname);
    4092             : 
    4093             :     /*
    4094             :      * Before deleting the file, see if it can be recycled as a future log
    4095             :      * segment. Only recycle normal files, pg_standby for example can create
    4096             :      * symbolic links pointing to a separate archive directory.
    4097             :      */
    4098        1364 :     if (wal_recycle &&
    4099        1364 :         endlogSegNo <= recycleSegNo &&
    4100        2046 :         lstat(path, &statbuf) == 0 && S_ISREG(statbuf.st_mode) &&
    4101         682 :         InstallXLogFileSegment(&endlogSegNo, path,
    4102             :                                true, recycleSegNo, true))
    4103             :     {
    4104         672 :         ereport(DEBUG2,
    4105             :                 (errmsg("recycled write-ahead log file \"%s\"",
    4106             :                         segname)));
    4107         672 :         CheckpointStats.ckpt_segs_recycled++;
    4108             :         /* Needn't recheck that slot on future iterations */
    4109         672 :         endlogSegNo++;
    4110             :     }
    4111             :     else
    4112             :     {
    4113             :         /* No need for any more future segments... */
    4114             :         int         rc;
    4115             : 
    4116          10 :         ereport(DEBUG2,
    4117             :                 (errmsg("removing write-ahead log file \"%s\"",
    4118             :                         segname)));
    4119             : 
    4120             : #ifdef WIN32
    4121             : 
    4122             :         /*
    4123             :          * On Windows, if another process (e.g another backend) holds the file
    4124             :          * open in FILE_SHARE_DELETE mode, unlink will succeed, but the file
    4125             :          * will still show up in directory listing until the last handle is
    4126             :          * closed. To avoid confusing the lingering deleted file for a live
    4127             :          * WAL file that needs to be archived, rename it before deleting it.
    4128             :          *
    4129             :          * If another process holds the file open without FILE_SHARE_DELETE
    4130             :          * flag, rename will fail. We'll try again at the next checkpoint.
    4131             :          */
    4132             :         snprintf(newpath, MAXPGPATH, "%s.deleted", path);
    4133             :         if (rename(path, newpath) != 0)
    4134             :         {
    4135             :             ereport(LOG,
    4136             :                     (errcode_for_file_access(),
    4137             :                      errmsg("could not rename file \"%s\": %m",
    4138             :                             path)));
    4139             :             return;
    4140             :         }
    4141             :         rc = durable_unlink(newpath, LOG);
    4142             : #else
    4143          10 :         rc = durable_unlink(path, LOG);
    4144             : #endif
    4145          10 :         if (rc != 0)
    4146             :         {
    4147             :             /* Message already logged by durable_unlink() */
    4148           0 :             return;
    4149             :         }
    4150          10 :         CheckpointStats.ckpt_segs_removed++;
    4151             :     }
    4152             : 
    4153         682 :     XLogArchiveCleanup(segname);
    4154             : }
    4155             : 
    4156             : /*
    4157             :  * Verify whether pg_wal and pg_wal/archive_status exist.
    4158             :  * If the latter does not exist, recreate it.
    4159             :  *
    4160             :  * It is not the goal of this function to verify the contents of these
    4161             :  * directories, but to help in cases where someone has performed a cluster
    4162             :  * copy for PITR purposes but omitted pg_wal from the copy.
    4163             :  *
    4164             :  * We could also recreate pg_wal if it doesn't exist, but a deliberate
    4165             :  * policy decision was made not to.  It is fairly common for pg_wal to be
    4166             :  * a symlink, and if that was the DBA's intent then automatically making a
    4167             :  * plain directory would result in degraded performance with no notice.
    4168             :  */
    4169             : static void
    4170        1192 : ValidateXLOGDirectoryStructure(void)
    4171             : {
    4172             :     char        path[MAXPGPATH];
    4173             :     struct stat stat_buf;
    4174             : 
    4175             :     /* Check for pg_wal; if it doesn't exist, error out */
    4176        2384 :     if (stat(XLOGDIR, &stat_buf) != 0 ||
    4177        1192 :         !S_ISDIR(stat_buf.st_mode))
    4178           0 :         ereport(FATAL,
    4179             :                 (errmsg("required WAL directory \"%s\" does not exist",
    4180             :                         XLOGDIR)));
    4181             : 
    4182             :     /* Check for archive_status */
    4183        1192 :     snprintf(path, MAXPGPATH, XLOGDIR "/archive_status");
    4184        1192 :     if (stat(path, &stat_buf) == 0)
    4185             :     {
    4186             :         /* Check for weird cases where it exists but isn't a directory */
    4187        1192 :         if (!S_ISDIR(stat_buf.st_mode))
    4188           0 :             ereport(FATAL,
    4189             :                     (errmsg("required WAL directory \"%s\" does not exist",
    4190             :                             path)));
    4191             :     }
    4192             :     else
    4193             :     {
    4194           0 :         ereport(LOG,
    4195             :                 (errmsg("creating missing WAL directory \"%s\"", path)));
    4196           0 :         if (MakePGDirectory(path) < 0)
    4197           0 :             ereport(FATAL,
    4198             :                     (errmsg("could not create missing directory \"%s\": %m",
    4199             :                             path)));
    4200             :     }
    4201        1192 : }
    4202             : 
    4203             : /*
    4204             :  * Remove previous backup history files.  This also retries creation of
    4205             :  * .ready files for any backup history files for which XLogArchiveNotify
    4206             :  * failed earlier.
    4207             :  */
    4208             : static void
    4209          90 : CleanupBackupHistory(void)
    4210             : {
    4211             :     DIR        *xldir;
    4212             :     struct dirent *xlde;
    4213             :     char        path[MAXPGPATH + sizeof(XLOGDIR)];
    4214             : 
    4215          90 :     xldir = AllocateDir(XLOGDIR);
    4216             : 
    4217         802 :     while ((xlde = ReadDir(xldir, XLOGDIR)) != NULL)
    4218             :     {
    4219         622 :         if (IsBackupHistoryFileName(xlde->d_name))
    4220             :         {
    4221          90 :             if (XLogArchiveCheckDone(xlde->d_name))
    4222             :             {
    4223          84 :                 elog(DEBUG2, "removing WAL backup history file \"%s\"",
    4224             :                      xlde->d_name);
    4225          84 :                 snprintf(path, sizeof(path), XLOGDIR "/%s", xlde->d_name);
    4226          84 :                 unlink(path);
    4227          84 :                 XLogArchiveCleanup(xlde->d_name);
    4228             :             }
    4229             :         }
    4230             :     }
    4231             : 
    4232          90 :     FreeDir(xldir);
    4233          90 : }
    4234             : 
    4235             : /*
    4236             :  * Attempt to read an XLOG record.
    4237             :  *
    4238             :  * If RecPtr is valid, try to read a record at that position.  Otherwise
    4239             :  * try to read a record just after the last one previously read.
    4240             :  *
    4241             :  * If no valid record is available, returns NULL, or fails if emode is PANIC.
    4242             :  * (emode must be either PANIC, LOG). In standby mode, retries until a valid
    4243             :  * record is available.
    4244             :  */
    4245             : static XLogRecord *
    4246      241050 : ReadRecord(XLogReaderState *xlogreader, XLogRecPtr RecPtr, int emode,
    4247             :            bool fetching_ckpt)
    4248             : {
    4249             :     XLogRecord *record;
    4250      241050 :     XLogPageReadPrivate *private = (XLogPageReadPrivate *) xlogreader->private_data;
    4251             : 
    4252             :     /* Pass through parameters to XLogPageRead */
    4253      241050 :     private->fetching_ckpt = fetching_ckpt;
    4254      241050 :     private->emode = emode;
    4255      241050 :     private->randAccess = (RecPtr != InvalidXLogRecPtr);
    4256             : 
    4257             :     /* This is the first attempt to read this page. */
    4258      241050 :     lastSourceFailed = false;
    4259             : 
    4260             :     for (;;)
    4261          90 :     {
    4262             :         char       *errormsg;
    4263             : 
    4264      241140 :         record = XLogReadRecord(xlogreader, RecPtr, &errormsg);
    4265      241118 :         ReadRecPtr = xlogreader->ReadRecPtr;
    4266      241118 :         EndRecPtr = xlogreader->EndRecPtr;
    4267      241118 :         if (record == NULL)
    4268             :         {
    4269         184 :             if (readFile >= 0)
    4270             :             {
    4271         164 :                 close(readFile);
    4272         164 :                 readFile = -1;
    4273             :             }
    4274             : 
    4275             :             /*
    4276             :              * We only end up here without a message when XLogPageRead()
    4277             :              * failed - in that case we already logged something. In
    4278             :              * StandbyMode that only happens if we have been triggered, so we
    4279             :              * shouldn't loop anymore in that case.
    4280             :              */
    4281         184 :             if (errormsg)
    4282         164 :                 ereport(emode_for_corrupt_record(emode,
    4283             :                                                  RecPtr ? RecPtr : EndRecPtr),
    4284             :                         (errmsg_internal("%s", errormsg) /* already translated */ ));
    4285             :         }
    4286             : 
    4287             :         /*
    4288             :          * Check page TLI is one of the expected values.
    4289             :          */
    4290      240934 :         else if (!tliInHistory(xlogreader->latestPageTLI, expectedTLEs))
    4291             :         {
    4292             :             char        fname[MAXFNAMELEN];
    4293             :             XLogSegNo   segno;
    4294             :             int32       offset;
    4295             : 
    4296           0 :             XLByteToSeg(xlogreader->latestPagePtr, segno, wal_segment_size);
    4297           0 :             offset = XLogSegmentOffset(xlogreader->latestPagePtr,
    4298             :                                        wal_segment_size);
    4299           0 :             XLogFileName(fname, xlogreader->seg.ws_tli, segno,
    4300             :                          wal_segment_size);
    4301           0 :             ereport(emode_for_corrupt_record(emode,
    4302             :                                              RecPtr ? RecPtr : EndRecPtr),
    4303             :                     (errmsg("unexpected timeline ID %u in log segment %s, offset %u",
    4304             :                             xlogreader->latestPageTLI,
    4305             :                             fname,
    4306             :                             offset)));
    4307           0 :             record = NULL;
    4308             :         }
    4309             : 
    4310      241118 :         if (record)
    4311             :         {
    4312             :             /* Great, got a record */
    4313      481962 :             return record;
    4314             :         }
    4315             :         else
    4316             :         {
    4317             :             /* No valid record available from this source */
    4318         184 :             lastSourceFailed = true;
    4319             : 
    4320             :             /*
    4321             :              * If archive recovery was requested, but we were still doing
    4322             :              * crash recovery, switch to archive recovery and retry using the
    4323             :              * offline archive. We have now replayed all the valid WAL in
    4324             :              * pg_wal, so we are presumably now consistent.
    4325             :              *
    4326             :              * We require that there's at least some valid WAL present in
    4327             :              * pg_wal, however (!fetching_ckpt).  We could recover using the
    4328             :              * WAL from the archive, even if pg_wal is completely empty, but
    4329             :              * we'd have no idea how far we'd have to replay to reach
    4330             :              * consistency.  So err on the safe side and give up.
    4331             :              */
    4332         186 :             if (!InArchiveRecovery && ArchiveRecoveryRequested &&
    4333           2 :                 !fetching_ckpt)
    4334             :             {
    4335           2 :                 ereport(DEBUG1,
    4336             :                         (errmsg_internal("reached end of WAL in pg_wal, entering archive recovery")));
    4337           2 :                 InArchiveRecovery = true;
    4338           2 :                 if (StandbyModeRequested)
    4339           2 :                     StandbyMode = true;
    4340             : 
    4341             :                 /* initialize minRecoveryPoint to this record */
    4342           2 :                 LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    4343           2 :                 ControlFile->state = DB_IN_ARCHIVE_RECOVERY;
    4344           2 :                 if (ControlFile->minRecoveryPoint < EndRecPtr)
    4345             :                 {
    4346           2 :                     ControlFile->minRecoveryPoint = EndRecPtr;
    4347           2 :                     ControlFile->minRecoveryPointTLI = ThisTimeLineID;
    4348             :                 }
    4349             :                 /* update local copy */
    4350           2 :                 minRecoveryPoint = ControlFile->minRecoveryPoint;
    4351           2 :                 minRecoveryPointTLI = ControlFile->minRecoveryPointTLI;
    4352             : 
    4353             :                 /*
    4354             :                  * The startup process can update its local copy of
    4355             :                  * minRecoveryPoint from this point.
    4356             :                  */
    4357           2 :                 updateMinRecoveryPoint = true;
    4358             : 
    4359           2 :                 UpdateControlFile();
    4360           2 :                 LWLockRelease(ControlFileLock);
    4361             : 
    4362           2 :                 CheckRecoveryConsistency();
    4363             : 
    4364             :                 /*
    4365             :                  * Before we retry, reset lastSourceFailed and currentSource
    4366             :                  * so that we will check the archive next.
    4367             :                  */
    4368           2 :                 lastSourceFailed = false;
    4369           2 :                 currentSource = 0;
    4370             : 
    4371          92 :                 continue;
    4372             :             }
    4373             : 
    4374             :             /* In standby mode, loop back to retry. Otherwise, give up. */
    4375         182 :             if (StandbyMode && !CheckForStandbyTrigger())
    4376          88 :                 continue;
    4377             :             else
    4378          94 :                 return NULL;
    4379             :         }
    4380             :     }
    4381             : }
    4382             : 
    4383             : /*
    4384             :  * Scan for new timelines that might have appeared in the archive since we
    4385             :  * started recovery.
    4386             :  *
    4387             :  * If there are any, the function changes recovery target TLI to the latest
    4388             :  * one and returns 'true'.
    4389             :  */
    4390             : static bool
    4391         150 : rescanLatestTimeLine(void)
    4392             : {
    4393             :     List       *newExpectedTLEs;
    4394             :     bool        found;
    4395             :     ListCell   *cell;
    4396             :     TimeLineID  newtarget;
    4397         150 :     TimeLineID  oldtarget = recoveryTargetTLI;
    4398         150 :     TimeLineHistoryEntry *currentTle = NULL;
    4399             : 
    4400         150 :     newtarget = findNewestTimeLine(recoveryTargetTLI);
    4401         150 :     if (newtarget == recoveryTargetTLI)
    4402             :     {
    4403             :         /* No new timelines found */
    4404         144 :         return false;
    4405             :     }
    4406             : 
    4407             :     /*
    4408             :      * Determine the list of expected TLIs for the new TLI
    4409             :      */
    4410             : 
    4411           6 :     newExpectedTLEs = readTimeLineHistory(newtarget);
    4412             : 
    4413             :     /*
    4414             :      * If the current timeline is not part of the history of the new timeline,
    4415             :      * we cannot proceed to it.
    4416             :      */
    4417           6 :     found = false;
    4418          12 :     foreach(cell, newExpectedTLEs)
    4419             :     {
    4420          12 :         currentTle = (TimeLineHistoryEntry *) lfirst(cell);
    4421             : 
    4422          12 :         if (currentTle->tli == recoveryTargetTLI)
    4423             :         {
    4424           6 :             found = true;
    4425           6 :             break;
    4426             :         }
    4427             :     }
    4428           6 :     if (!found)
    4429             :     {
    4430           0 :         ereport(LOG,
    4431             :                 (errmsg("new timeline %u is not a child of database system timeline %u",
    4432             :                         newtarget,
    4433             :                         ThisTimeLineID)));
    4434           0 :         return false;
    4435             :     }
    4436             : 
    4437             :     /*
    4438             :      * The current timeline was found in the history file, but check that the
    4439             :      * next timeline was forked off from it *after* the current recovery
    4440             :      * location.
    4441             :      */
    4442           6 :     if (currentTle->end < EndRecPtr)
    4443             :     {
    4444           0 :         ereport(LOG,
    4445             :                 (errmsg("new timeline %u forked off current database system timeline %u before current recovery point %X/%X",
    4446             :                         newtarget,
    4447             :                         ThisTimeLineID,
    4448             :                         (uint32) (EndRecPtr >> 32), (uint32) EndRecPtr)));
    4449           0 :         return false;
    4450             :     }
    4451             : 
    4452             :     /* The new timeline history seems valid. Switch target */
    4453           6 :     recoveryTargetTLI = newtarget;
    4454           6 :     list_free_deep(expectedTLEs);
    4455           6 :     expectedTLEs = newExpectedTLEs;
    4456             : 
    4457             :     /*
    4458             :      * As in StartupXLOG(), try to ensure we have all the history files
    4459             :      * between the old target and new target in pg_wal.
    4460             :      */
    4461           6 :     restoreTimeLineHistoryFiles(oldtarget + 1, newtarget);
    4462             : 
    4463           6 :     ereport(LOG,
    4464             :             (errmsg("new target timeline is %u",
    4465             :                     recoveryTargetTLI)));
    4466             : 
    4467           6 :     return true;
    4468             : }
    4469             : 
    4470             : /*
    4471             :  * I/O routines for pg_control
    4472             :  *
    4473             :  * *ControlFile is a buffer in shared memory that holds an image of the
    4474             :  * contents of pg_control.  WriteControlFile() initializes pg_control
    4475             :  * given a preloaded buffer, ReadControlFile() loads the buffer from
    4476             :  * the pg_control file (during postmaster or standalone-backend startup),
    4477             :  * and UpdateControlFile() rewrites pg_control after we modify xlog state.
    4478             :  *
    4479             :  * For simplicity, WriteControlFile() initializes the fields of pg_control
    4480             :  * that are related to checking backend/database compatibility, and
    4481             :  * ReadControlFile() verifies they are correct.  We could split out the
    4482             :  * I/O and compatibility-check functions, but there seems no need currently.
    4483             :  */
    4484             : static void
    4485         322 : WriteControlFile(void)
    4486             : {
    4487             :     int         fd;
    4488             :     char        buffer[PG_CONTROL_FILE_SIZE];   /* need not be aligned */
    4489             : 
    4490             :     /*
    4491             :      * Ensure that the size of the pg_control data structure is sane.  See the
    4492             :      * comments for these symbols in pg_control.h.
    4493             :      */
    4494             :     StaticAssertStmt(sizeof(ControlFileData) <= PG_CONTROL_MAX_SAFE_SIZE,
    4495             :                      "pg_control is too large for atomic disk writes");
    4496             :     StaticAssertStmt(sizeof(ControlFileData) <= PG_CONTROL_FILE_SIZE,
    4497             :                      "sizeof(ControlFileData) exceeds PG_CONTROL_FILE_SIZE");
    4498             : 
    4499             :     /*
    4500             :      * Initialize version and compatibility-check fields
    4501             :      */
    4502         322 :     ControlFile->pg_control_version = PG_CONTROL_VERSION;
    4503         322 :     ControlFile->catalog_version_no = CATALOG_VERSION_NO;
    4504             : 
    4505         322 :     ControlFile->maxAlign = MAXIMUM_ALIGNOF;
    4506         322 :     ControlFile->floatFormat = FLOATFORMAT_VALUE;
    4507             : 
    4508         322 :     ControlFile->blcksz = BLCKSZ;
    4509         322 :     ControlFile->relseg_size = RELSEG_SIZE;
    4510         322 :     ControlFile->xlog_blcksz = XLOG_BLCKSZ;
    4511         322 :     ControlFile->xlog_seg_size = wal_segment_size;
    4512             : 
    4513         322 :     ControlFile->nameDataLen = NAMEDATALEN;
    4514         322 :     ControlFile->indexMaxKeys = INDEX_MAX_KEYS;
    4515             : 
    4516         322 :     ControlFile->toast_max_chunk_size = TOAST_MAX_CHUNK_SIZE;
    4517         322 :     ControlFile->loblksize = LOBLKSIZE;
    4518             : 
    4519         322 :     ControlFile->float4ByVal = FLOAT4PASSBYVAL;
    4520         322 :     ControlFile->float8ByVal = FLOAT8PASSBYVAL;
    4521             : 
    4522             :     /* Contents are protected with a CRC */
    4523         322 :     INIT_CRC32C(ControlFile->crc);
    4524         322 :     COMP_CRC32C(ControlFile->crc,
    4525             :                 (char *) ControlFile,
    4526             :                 offsetof(ControlFileData, crc));
    4527         322 :     FIN_CRC32C(ControlFile->crc);
    4528             : 
    4529             :     /*
    4530             :      * We write out PG_CONTROL_FILE_SIZE bytes into pg_control, zero-padding
    4531             :      * the excess over sizeof(ControlFileData).  This reduces the odds of
    4532             :      * premature-EOF errors when reading pg_control.  We'll still fail when we
    4533             :      * check the contents of the file, but hopefully with a more specific
    4534             :      * error than "couldn't read pg_control".
    4535             :      */
    4536         322 :     memset(buffer, 0, PG_CONTROL_FILE_SIZE);
    4537         322 :     memcpy(buffer, ControlFile, sizeof(ControlFileData));
    4538             : 
    4539         322 :     fd = BasicOpenFile(XLOG_CONTROL_FILE,
    4540             :                        O_RDWR | O_CREAT | O_EXCL | PG_BINARY);
    4541         322 :     if (fd < 0)
    4542           0 :         ereport(PANIC,
    4543             :                 (errcode_for_file_access(),
    4544             :                  errmsg("could not create file \"%s\": %m",
    4545             :                         XLOG_CONTROL_FILE)));
    4546             : 
    4547         322 :     errno = 0;
    4548         322 :     pgstat_report_wait_start(WAIT_EVENT_CONTROL_FILE_WRITE);
    4549         322 :     if (write(fd, buffer, PG_CONTROL_FILE_SIZE) != PG_CONTROL_FILE_SIZE)
    4550             :     {
    4551             :         /* if write didn't set errno, assume problem is no disk space */
    4552           0 :         if (errno == 0)
    4553           0 :             errno = ENOSPC;
    4554           0 :         ereport(PANIC,
    4555             :                 (errcode_for_file_access(),
    4556             :                  errmsg("could not write to file \"%s\": %m",
    4557             :                         XLOG_CONTROL_FILE)));
    4558             :     }
    4559         322 :     pgstat_report_wait_end();
    4560             : 
    4561         322 :     pgstat_report_wait_start(WAIT_EVENT_CONTROL_FILE_SYNC);
    4562         322 :     if (pg_fsync(fd) != 0)
    4563           0 :         ereport(PANIC,
    4564             :                 (errcode_for_file_access(),
    4565             :                  errmsg("could not fsync file \"%s\": %m",
    4566             :                         XLOG_CONTROL_FILE)));
    4567         322 :     pgstat_report_wait_end();
    4568             : 
    4569         322 :     if (close(fd) != 0)
    4570           0 :         ereport(PANIC,
    4571             :                 (errcode_for_file_access(),
    4572             :                  errmsg("could not close file \"%s\": %m",
    4573             :                         XLOG_CONTROL_FILE)));
    4574         322 : }
    4575             : 
    4576             : static void
    4577        1252 : ReadControlFile(void)
    4578             : {
    4579             :     pg_crc32c   crc;
    4580             :     int         fd;
    4581             :     static char wal_segsz_str[20];
    4582             :     int         r;
    4583             : 
    4584             :     /*
    4585             :      * Read data...
    4586             :      */
    4587        1252 :     fd = BasicOpenFile(XLOG_CONTROL_FILE,
    4588             :                        O_RDWR | PG_BINARY);
    4589        1252 :     if (fd < 0)
    4590           0 :         ereport(PANIC,
    4591             :                 (errcode_for_file_access(),
    4592             :                  errmsg("could not open file \"%s\": %m",
    4593             :                         XLOG_CONTROL_FILE)));
    4594             : 
    4595        1252 :     pgstat_report_wait_start(WAIT_EVENT_CONTROL_FILE_READ);
    4596        1252 :     r = read(fd, ControlFile, sizeof(ControlFileData));
    4597        1252 :     if (r != sizeof(ControlFileData))
    4598             :     {
    4599           0 :         if (r < 0)
    4600           0 :             ereport(PANIC,
    4601             :                     (errcode_for_file_access(),
    4602             :                      errmsg("could not read file \"%s\": %m",
    4603             :                             XLOG_CONTROL_FILE)));
    4604             :         else
    4605           0 :             ereport(PANIC,
    4606             :                     (errcode(ERRCODE_DATA_CORRUPTED),
    4607             :                      errmsg("could not read file \"%s\": read %d of %zu",
    4608             :                             XLOG_CONTROL_FILE, r, sizeof(ControlFileData))));
    4609             :     }
    4610        1252 :     pgstat_report_wait_end();
    4611             : 
    4612        1252 :     close(fd);
    4613             : 
    4614             :     /*
    4615             :      * Check for expected pg_control format version.  If this is wrong, the
    4616             :      * CRC check will likely fail because we'll be checking the wrong number
    4617             :      * of bytes.  Complaining about wrong version will probably be more
    4618             :      * enlightening than complaining about wrong CRC.
    4619             :      */
    4620             : 
    4621        1252 :     if (ControlFile->pg_control_version != PG_CONTROL_VERSION && ControlFile->pg_control_version % 65536 == 0 && ControlFile->pg_control_version / 65536 != 0)
    4622           0 :         ereport(FATAL,
    4623             :                 (errmsg("database files are incompatible with server"),
    4624             :                  errdetail("The database cluster was initialized with PG_CONTROL_VERSION %d (0x%08x),"
    4625             :                            " but the server was compiled with PG_CONTROL_VERSION %d (0x%08x).",
    4626             :                            ControlFile->pg_control_version, ControlFile->pg_control_version,
    4627             :                            PG_CONTROL_VERSION, PG_CONTROL_VERSION),
    4628             :                  errhint("This could be a problem of mismatched byte ordering.  It looks like you need to initdb.")));
    4629             : 
    4630        1252 :     if (ControlFile->pg_control_version != PG_CONTROL_VERSION)
    4631           0 :         ereport(FATAL,
    4632             :                 (errmsg("database files are incompatible with server"),
    4633             :                  errdetail("The database cluster was initialized with PG_CONTROL_VERSION %d,"
    4634             :                            " but the server was compiled with PG_CONTROL_VERSION %d.",
    4635             :                            ControlFile->pg_control_version, PG_CONTROL_VERSION),
    4636             :                  errhint("It looks like you need to initdb.")));
    4637             : 
    4638             :     /* Now check the CRC. */
    4639        1252 :     INIT_CRC32C(crc);
    4640        1252 :     COMP_CRC32C(crc,
    4641             :                 (char *) ControlFile,
    4642             :                 offsetof(ControlFileData, crc));
    4643        1252 :     FIN_CRC32C(crc);
    4644             : 
    4645        1252 :     if (!EQ_CRC32C(crc, ControlFile->crc))
    4646           0 :         ereport(FATAL,
    4647             :                 (errmsg("incorrect checksum in control file")));
    4648             : 
    4649             :     /*
    4650             :      * Do compatibility checking immediately.  If the database isn't
    4651             :      * compatible with the backend executable, we want to abort before we can
    4652             :      * possibly do any damage.
    4653             :      */
    4654        1252 :     if (ControlFile->catalog_version_no != CATALOG_VERSION_NO)
    4655           0 :         ereport(FATAL,
    4656             :                 (errmsg("database files are incompatible with server"),
    4657             :                  errdetail("The database cluster was initialized with CATALOG_VERSION_NO %d,"
    4658             :                            " but the server was compiled with CATALOG_VERSION_NO %d.",
    4659             :                            ControlFile->catalog_version_no, CATALOG_VERSION_NO),
    4660             :                  errhint("It looks like you need to initdb.")));
    4661        1252 :     if (ControlFile->maxAlign != MAXIMUM_ALIGNOF)
    4662           0 :         ereport(FATAL,
    4663             :                 (errmsg("database files are incompatible with server"),
    4664             :                  errdetail("The database cluster was initialized with MAXALIGN %d,"
    4665             :                            " but the server was compiled with MAXALIGN %d.",
    4666             :                            ControlFile->maxAlign, MAXIMUM_ALIGNOF),
    4667             :                  errhint("It looks like you need to initdb.")));
    4668        1252 :     if (ControlFile->floatFormat != FLOATFORMAT_VALUE)
    4669           0 :         ereport(FATAL,
    4670             :                 (errmsg("database files are incompatible with server"),
    4671             :                  errdetail("The database cluster appears to use a different floating-point number format than the server executable."),
    4672             :                  errhint("It looks like you need to initdb.")));
    4673        1252 :     if (ControlFile->blcksz != BLCKSZ)
    4674           0 :         ereport(FATAL,
    4675             :                 (errmsg("database files are incompatible with server"),
    4676             :                  errdetail("The database cluster was initialized with BLCKSZ %d,"
    4677             :                            " but the server was compiled with BLCKSZ %d.",
    4678             :                            ControlFile->blcksz, BLCKSZ),
    4679             :                  errhint("It looks like you need to recompile or initdb.")));
    4680        1252 :     if (ControlFile->relseg_size != RELSEG_SIZE)
    4681           0 :         ereport(FATAL,
    4682             :                 (errmsg("database files are incompatible with server"),
    4683             :                  errdetail("The database cluster was initialized with RELSEG_SIZE %d,"
    4684             :                            " but the server was compiled with RELSEG_SIZE %d.",
    4685             :                            ControlFile->relseg_size, RELSEG_SIZE),
    4686             :                  errhint("It looks like you need to recompile or initdb.")));
    4687        1252 :     if (ControlFile->xlog_blcksz != XLOG_BLCKSZ)
    4688           0 :         ereport(FATAL,
    4689             :                 (errmsg("database files are incompatible with server"),
    4690             :                  errdetail("The database cluster was initialized with XLOG_BLCKSZ %d,"
    4691             :                            " but the server was compiled with XLOG_BLCKSZ %d.",
    4692             :                            ControlFile->xlog_blcksz, XLOG_BLCKSZ),
    4693             :                  errhint("It looks like you need to recompile or initdb.")));
    4694        1252 :     if (ControlFile->nameDataLen != NAMEDATALEN)
    4695           0 :         ereport(FATAL,
    4696             :                 (errmsg("database files are incompatible with server"),
    4697             :                  errdetail("The database cluster was initialized with NAMEDATALEN %d,"
    4698             :                            " but the server was compiled with NAMEDATALEN %d.",
    4699             :                            ControlFile->nameDataLen, NAMEDATALEN),
    4700             :                  errhint("It looks like you need to recompile or initdb.")));
    4701        1252 :     if (ControlFile->indexMaxKeys != INDEX_MAX_KEYS)
    4702           0 :         ereport(FATAL,
    4703             :                 (errmsg("database files are incompatible with server"),
    4704             :                  errdetail("The database cluster was initialized with INDEX_MAX_KEYS %d,"
    4705             :                            " but the server was compiled with INDEX_MAX_KEYS %d.",
    4706             :                            ControlFile->indexMaxKeys, INDEX_MAX_KEYS),
    4707             :                  errhint("It looks like you need to recompile or initdb.")));
    4708        1252 :     if (ControlFile->toast_max_chunk_size != TOAST_MAX_CHUNK_SIZE)
    4709           0 :         ereport(FATAL,
    4710             :                 (errmsg("database files are incompatible with server"),
    4711             :                  errdetail("The database cluster was initialized with TOAST_MAX_CHUNK_SIZE %d,"
    4712             :                            " but the server was compiled with TOAST_MAX_CHUNK_SIZE %d.",
    4713             :                            ControlFile->toast_max_chunk_size, (int) TOAST_MAX_CHUNK_SIZE),
    4714             :                  errhint("It looks like you need to recompile or initdb.")));
    4715        1252 :     if (ControlFile->loblksize != LOBLKSIZE)
    4716           0 :         ereport(FATAL,
    4717             :                 (errmsg("database files are incompatible with server"),
    4718             :                  errdetail("The database cluster was initialized with LOBLKSIZE %d,"
    4719             :                            " but the server was compiled with LOBLKSIZE %d.",
    4720             :                            ControlFile->loblksize, (int) LOBLKSIZE),
    4721             :                  errhint("It looks like you need to recompile or initdb.")));
    4722             : 
    4723             : #ifdef USE_FLOAT4_BYVAL
    4724        1252 :     if (ControlFile->float4ByVal != true)
    4725           0 :         ereport(FATAL,
    4726             :                 (errmsg("database files are incompatible with server"),
    4727             :                  errdetail("The database cluster was initialized without USE_FLOAT4_BYVAL"
    4728             :                            " but the server was compiled with USE_FLOAT4_BYVAL."),
    4729             :                  errhint("It looks like you need to recompile or initdb.")));
    4730             : #else
    4731             :     if (ControlFile->float4ByVal != false)
    4732             :         ereport(FATAL,
    4733             :                 (errmsg("database files are incompatible with server"),
    4734             :                  errdetail("The database cluster was initialized with USE_FLOAT4_BYVAL"
    4735             :                            " but the server was compiled without USE_FLOAT4_BYVAL."),
    4736             :                  errhint("It looks like you need to recompile or initdb.")));
    4737             : #endif
    4738             : 
    4739             : #ifdef USE_FLOAT8_BYVAL
    4740        1252 :     if (ControlFile->float8ByVal != true)
    4741           0 :         ereport(FATAL,
    4742             :                 (errmsg("database files are incompatible with server"),
    4743             :                  errdetail("The database cluster was initialized without USE_FLOAT8_BYVAL"
    4744             :                            " but the server was compiled with USE_FLOAT8_BYVAL."),
    4745             :                  errhint("It looks like you need to recompile or initdb.")));
    4746             : #else
    4747             :     if (ControlFile->float8ByVal != false)
    4748             :         ereport(FATAL,
    4749             :                 (errmsg("database files are incompatible with server"),
    4750             :                  errdetail("The database cluster was initialized with USE_FLOAT8_BYVAL"
    4751             :                            " but the server was compiled without USE_FLOAT8_BYVAL."),
    4752             :                  errhint("It looks like you need to recompile or initdb.")));
    4753             : #endif
    4754             : 
    4755        1252 :     wal_segment_size = ControlFile->xlog_seg_size;
    4756             : 
    4757        1252 :     if (!IsValidWalSegSize(wal_segment_size))
    4758           0 :         ereport(ERROR, (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    4759             :                         errmsg_plural("WAL segment size must be a power of two between 1 MB and 1 GB, but the control file specifies %d byte",
    4760             :                                       "WAL segment size must be a power of two between 1 MB and 1 GB, but the control file specifies %d bytes",
    4761             :                                       wal_segment_size,
    4762             :                                       wal_segment_size)));
    4763             : 
    4764        1252 :     snprintf(wal_segsz_str, sizeof(wal_segsz_str), "%d", wal_segment_size);
    4765        1252 :     SetConfigOption("wal_segment_size", wal_segsz_str, PGC_INTERNAL,
    4766             :                     PGC_S_OVERRIDE);
    4767             : 
    4768             :     /* check and update variables dependent on wal_segment_size */
    4769        1252 :     if (ConvertToXSegs(min_wal_size_mb, wal_segment_size) < 2)
    4770           0 :         ereport(ERROR, (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    4771             :                         errmsg("\"min_wal_size\" must be at least twice \"wal_segment_size\"")));
    4772             : 
    4773        1252 :     if (ConvertToXSegs(max_wal_size_mb, wal_segment_size) < 2)
    4774           0 :         ereport(ERROR, (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    4775             :                         errmsg("\"max_wal_size\" must be at least twice \"wal_segment_size\"")));
    4776             : 
    4777        1252 :     UsableBytesInSegment =
    4778        1252 :         (wal_segment_size / XLOG_BLCKSZ * UsableBytesInPage) -
    4779             :         (SizeOfXLogLongPHD - SizeOfXLogShortPHD);
    4780             : 
    4781        1252 :     CalculateCheckpointSegments();
    4782             : 
    4783             :     /* Make the initdb settings visible as GUC variables, too */
    4784        1252 :     SetConfigOption("data_checksums", DataChecksumsEnabled() ? "yes" : "no",
    4785             :                     PGC_INTERNAL, PGC_S_OVERRIDE);
    4786        1252 : }
    4787             : 
    4788             : /*
    4789             :  * Utility wrapper to update the control file.  Note that the control
    4790             :  * file gets flushed.
    4791             :  */
    4792             : void
    4793        5900 : UpdateControlFile(void)
    4794             : {
    4795        5900 :     update_controlfile(DataDir, ControlFile, true);
    4796        5900 : }
    4797             : 
    4798             : /*
    4799             :  * Returns the unique system identifier from control file.
    4800             :  */
    4801             : uint64
    4802         450 : GetSystemIdentifier(void)
    4803             : {
    4804             :     Assert(ControlFile != NULL);
    4805         450 :     return ControlFile->system_identifier;
    4806             : }
    4807             : 
    4808             : /*
    4809             :  * Returns the random nonce from control file.
    4810             :  */
    4811             : char *
    4812           2 : GetMockAuthenticationNonce(void)
    4813             : {
    4814             :     Assert(ControlFile != NULL);
    4815           2 :     return ControlFile->mock_authentication_nonce;
    4816             : }
    4817             : 
    4818             : /*
    4819             :  * Are checksums enabled for data pages?
    4820             :  */
    4821             : bool
    4822    13209796 : DataChecksumsEnabled(void)
    4823             : {
    4824             :     Assert(ControlFile != NULL);
    4825    13209796 :     return (ControlFile->data_checksum_version > 0);
    4826             : }
    4827             : 
    4828             : /*
    4829             :  * Returns a fake LSN for unlogged relations.
    4830             :  *
    4831             :  * Each call generates an LSN that is greater than any previous value
    4832             :  * returned. The current counter value is saved and restored across clean
    4833             :  * shutdowns, but like unlogged relations, does not survive a crash. This can
    4834             :  * be used in lieu of real LSN values returned by XLogInsert, if you need an
    4835             :  * LSN-like increasing sequence of numbers without writing any WAL.
    4836             :  */
    4837             : XLogRecPtr
    4838           0 : GetFakeLSNForUnloggedRel(void)
    4839             : {
    4840             :     XLogRecPtr  nextUnloggedLSN;
    4841             : 
    4842             :     /* increment the unloggedLSN counter, need SpinLock */
    4843           0 :     SpinLockAcquire(&XLogCtl->ulsn_lck);
    4844           0 :     nextUnloggedLSN = XLogCtl->unloggedLSN++;
    4845           0 :     SpinLockRelease(&XLogCtl->ulsn_lck);
    4846             : 
    4847           0 :     return nextUnloggedLSN;
    4848             : }
    4849             : 
    4850             : /*
    4851             :  * Auto-tune the number of XLOG buffers.
    4852             :  *
    4853             :  * The preferred setting for wal_buffers is about 3% of shared_buffers, with
    4854             :  * a maximum of one XLOG segment (there is little reason to think that more
    4855             :  * is helpful, at least so long as we force an fsync when switching log files)
    4856             :  * and a minimum of 8 blocks (which was the default value prior to PostgreSQL
    4857             :  * 9.1, when auto-tuning was added).
    4858             :  *
    4859             :  * This should not be called until NBuffers has received its final value.
    4860             :  */
    4861             : static int
    4862        1890 : XLOGChooseNumBuffers(void)
    4863             : {
    4864             :     int         xbuffers;
    4865             : 
    4866        1890 :     xbuffers = NBuffers / 32;
    4867        1890 :     if (xbuffers > (wal_segment_size / XLOG_BLCKSZ))
    4868          20 :         xbuffers = (wal_segment_size / XLOG_BLCKSZ);
    4869        1890 :     if (xbuffers < 8)
    4870         302 :         xbuffers = 8;
    4871        1890 :     return xbuffers;
    4872             : }
    4873             : 
    4874             : /*
    4875             :  * GUC check_hook for wal_buffers
    4876             :  */
    4877             : bool
    4878        3788 : check_wal_buffers(int *newval, void **extra, GucSource source)
    4879             : {
    4880             :     /*
    4881             :      * -1 indicates a request for auto-tune.
    4882             :      */
    4883        3788 :     if (*newval == -1)
    4884             :     {
    4885             :         /*
    4886             :          * If we haven't yet changed the boot_val default of -1, just let it
    4887             :          * be.  We'll fix it when XLOGShmemSize is called.
    4888             :          */
    4889        1898 :         if (XLOGbuffers == -1)
    4890        1898 :             return true;
    4891             : 
    4892             :         /* Otherwise, substitute the auto-tune value */
    4893           0 :         *newval = XLOGChooseNumBuffers();
    4894             :     }
    4895             : 
    4896             :     /*
    4897             :      * We clamp manually-set values to at least 4 blocks.  Prior to PostgreSQL
    4898             :      * 9.1, a minimum of 4 was enforced by guc.c, but since that is no longer
    4899             :      * the case, we just silently treat such values as a request for the
    4900             :      * minimum.  (We could throw an error instead, but that doesn't seem very
    4901             :      * helpful.)
    4902             :      */
    4903        1890 :     if (*newval < 4)
    4904           0 :         *newval = 4;
    4905             : 
    4906        1890 :     return true;
    4907             : }
    4908             : 
    4909             : /*
    4910             :  * Read the control file, set respective GUCs.
    4911             :  *
    4912             :  * This is to be called during startup, including a crash recovery cycle,
    4913             :  * unless in bootstrap mode, where no control file yet exists.  As there's no
    4914             :  * usable shared memory yet (its sizing can depend on the contents of the
    4915             :  * control file!), first store the contents in local memory. XLOGShmemInit()
    4916             :  * will then copy it to shared memory later.
    4917             :  *
    4918             :  * reset just controls whether previous contents are to be expected (in the
    4919             :  * reset case, there's a dangling pointer into old shared memory), or not.
    4920             :  */
    4921             : void
    4922         930 : LocalProcessControlFile(bool reset)
    4923             : {
    4924             :     Assert(reset || ControlFile == NULL);
    4925         930 :     ControlFile = palloc(sizeof(ControlFileData));
    4926         930 :     ReadControlFile();
    4927         930 : }
    4928             : 
    4929             : /*
    4930             :  * Initialization of shared memory for XLOG
    4931             :  */
    4932             : Size
    4933        3784 : XLOGShmemSize(void)
    4934             : {
    4935             :     Size        size;
    4936             : 
    4937             :     /*
    4938             :      * If the value of wal_buffers is -1, use the preferred auto-tune value.
    4939             :      * This isn't an amazingly clean place to do this, but we must wait till
    4940             :      * NBuffers has received its final value, and must do it before using the
    4941             :      * value of XLOGbuffers to do anything important.
    4942             :      */
    4943        3784 :     if (XLOGbuffers == -1)
    4944             :     {
    4945             :         char        buf[32];
    4946             : 
    4947        1890 :         snprintf(buf, sizeof(buf), "%d", XLOGChooseNumBuffers());
    4948        1890 :         SetConfigOption("wal_buffers", buf, PGC_POSTMASTER, PGC_S_OVERRIDE);
    4949             :     }
    4950             :     Assert(XLOGbuffers > 0);
    4951             : 
    4952             :     /* XLogCtl */
    4953        3784 :     size = sizeof(XLogCtlData);
    4954             : 
    4955             :     /* WAL insertion locks, plus alignment */
    4956        3784 :     size = add_size(size, mul_size(sizeof(WALInsertLockPadded), NUM_XLOGINSERT_LOCKS + 1));
    4957             :     /* xlblocks array */
    4958        3784 :     size = add_size(size, mul_size(sizeof(XLogRecPtr), XLOGbuffers));
    4959             :     /* extra alignment padding for XLOG I/O buffers */
    4960        3784 :     size = add_size(size, XLOG_BLCKSZ);
    4961             :     /* and the buffers themselves */
    4962        3784 :     size = add_size(size, mul_size(XLOG_BLCKSZ, XLOGbuffers));
    4963             : 
    4964             :     /*
    4965             :      * Note: we don't count ControlFileData, it comes out of the "slop factor"
    4966             :      * added by CreateSharedMemoryAndSemaphores.  This lets us use this
    4967             :      * routine again below to compute the actual allocation size.
    4968             :      */
    4969             : 
    4970        3784 :     return size;
    4971             : }
    4972             : 
    4973             : void
    4974        1890 : XLOGShmemInit(void)
    4975             : {
    4976             :     bool        foundCFile,
    4977             :                 foundXLog;
    4978             :     char       *allocptr;
    4979             :     int         i;
    4980             :     ControlFileData *localControlFile;
    4981             : 
    4982             : #ifdef WAL_DEBUG
    4983             : 
    4984             :     /*
    4985             :      * Create a memory context for WAL debugging that's exempt from the normal
    4986             :      * "no pallocs in critical section" rule. Yes, that can lead to a PANIC if
    4987             :      * an allocation fails, but wal_debug is not for production use anyway.
    4988             :      */
    4989             :     if (walDebugCxt == NULL)
    4990             :     {
    4991             :         walDebugCxt = AllocSetContextCreate(TopMemoryContext,
    4992             :                                             "WAL Debug",
    4993             :                                             ALLOCSET_DEFAULT_SIZES);
    4994             :         MemoryContextAllowInCriticalSection(walDebugCxt, true);
    4995             :     }
    4996             : #endif
    4997             : 
    4998             : 
    4999        1890 :     XLogCtl = (XLogCtlData *)
    5000        1890 :         ShmemInitStruct("XLOG Ctl", XLOGShmemSize(), &foundXLog);
    5001             : 
    5002        1890 :     localControlFile = ControlFile;
    5003        1890 :     ControlFile = (ControlFileData *)
    5004        1890 :         ShmemInitStruct("Control File", sizeof(ControlFileData), &foundCFile);
    5005             : 
    5006        1890 :     if (foundCFile || foundXLog)
    5007             :     {
    5008             :         /* both should be present or neither */
    5009             :         Assert(foundCFile && foundXLog);
    5010             : 
    5011             :         /* Initialize local copy of WALInsertLocks and register the tranche */
    5012           0 :         WALInsertLocks = XLogCtl->Insert.WALInsertLocks;
    5013           0 :         LWLockRegisterTranche(LWTRANCHE_WAL_INSERT,
    5014             :                               "wal_insert");
    5015             : 
    5016           0 :         if (localControlFile)
    5017           0 :             pfree(localControlFile);
    5018           0 :         return;
    5019             :     }
    5020        1890 :     memset(XLogCtl, 0, sizeof(XLogCtlData));
    5021             : 
    5022             :     /*
    5023             :      * Already have read control file locally, unless in bootstrap mode. Move
    5024             :      * contents into shared memory.
    5025             :      */
    5026        1890 :     if (localControlFile)
    5027             :     {
    5028         924 :         memcpy(ControlFile, localControlFile, sizeof(ControlFileData));
    5029         924 :         pfree(localControlFile);
    5030             :     }
    5031             : 
    5032             :     /*
    5033             :      * Since XLogCtlData contains XLogRecPtr fields, its sizeof should be a
    5034             :      * multiple of the alignment for same, so no extra alignment padding is
    5035             :      * needed here.
    5036             :      */
    5037        1890 :     allocptr = ((char *) XLogCtl) + sizeof(XLogCtlData);
    5038        1890 :     XLogCtl->xlblocks = (XLogRecPtr *) allocptr;
    5039        1890 :     memset(XLogCtl->xlblocks, 0, sizeof(XLogRecPtr) * XLOGbuffers);
    5040        1890 :     allocptr += sizeof(XLogRecPtr) * XLOGbuffers;
    5041             : 
    5042             : 
    5043             :     /* WAL insertion locks. Ensure they're aligned to the full padded size */
    5044        1890 :     allocptr += sizeof(WALInsertLockPadded) -
    5045        1890 :         ((uintptr_t) allocptr) % sizeof(WALInsertLockPadded);
    5046        1890 :     WALInsertLocks = XLogCtl->Insert.WALInsertLocks =
    5047             :         (WALInsertLockPadded *) allocptr;
    5048        1890 :     allocptr += sizeof(WALInsertLockPadded) * NUM_XLOGINSERT_LOCKS;
    5049             : 
    5050        1890 :     LWLockRegisterTranche(LWTRANCHE_WAL_INSERT, "wal_insert");
    5051       17010 :     for (i = 0; i < NUM_XLOGINSERT_LOCKS; i++)
    5052             :     {
    5053       15120 :         LWLockInitialize(&WALInsertLocks[i].l.lock, LWTRANCHE_WAL_INSERT);
    5054       15120 :         WALInsertLocks[i].l.insertingAt = InvalidXLogRecPtr;
    5055       15120 :         WALInsertLocks[i].l.lastImportantAt = InvalidXLogRecPtr;
    5056             :     }
    5057             : 
    5058             :     /*
    5059             :      * Align the start of the page buffers to a full xlog block size boundary.
    5060             :      * This simplifies some calculations in XLOG insertion. It is also
    5061             :      * required for O_DIRECT.
    5062             :      */
    5063        1890 :     allocptr = (char *) TYPEALIGN(XLOG_BLCKSZ, allocptr);
    5064        1890 :     XLogCtl->pages = allocptr;
    5065        1890 :     memset(XLogCtl->pages, 0, (Size) XLOG_BLCKSZ * XLOGbuffers);
    5066             : 
    5067             :     /*
    5068             :      * Do basic initialization of XLogCtl shared data. (StartupXLOG will fill
    5069             :      * in additional info.)
    5070             :      */
    5071        1890 :     XLogCtl->XLogCacheBlck = XLOGbuffers - 1;
    5072        1890 :     XLogCtl->SharedRecoveryInProgress = true;
    5073        1890 :     XLogCtl->SharedHotStandbyActive = false;
    5074        1890 :     XLogCtl->WalWriterSleeping = false;
    5075             : 
    5076        1890 :     SpinLockInit(&XLogCtl->Insert.insertpos_lck);
    5077        1890 :     SpinLockInit(&XLogCtl->info_lck);
    5078        1890 :     SpinLockInit(&XLogCtl->ulsn_lck);
    5079        1890 :     InitSharedLatch(&XLogCtl->recoveryWakeupLatch);
    5080             : }
    5081             : 
    5082             : /*
    5083             :  * This func must be called ONCE on system install.  It creates pg_control
    5084             :  * and the initial XLOG segment.
    5085             :  */
    5086             : void
    5087         322 : BootStrapXLOG(void)
    5088             : {
    5089             :     CheckPoint  checkPoint;
    5090             :     char       *buffer;
    5091             :     XLogPageHeader page;
    5092             :     XLogLongPageHeader longpage;
    5093             :     XLogRecord *record;
    5094             :     char       *recptr;
    5095             :     bool        use_existent;
    5096             :     uint64      sysidentifier;
    5097             :     char        mock_auth_nonce[MOCK_AUTH_NONCE_LEN];
    5098             :     struct timeval tv;
    5099             :     pg_crc32c   crc;
    5100             : 
    5101             :     /*
    5102             :      * Select a hopefully-unique system identifier code for this installation.
    5103             :      * We use the result of gettimeofday(), including the fractional seconds
    5104             :      * field, as being about as unique as we can easily get.  (Think not to
    5105             :      * use random(), since it hasn't been seeded and there's no portable way
    5106             :      * to seed it other than the system clock value...)  The upper half of the
    5107             :      * uint64 value is just the tv_sec part, while the lower half contains the
    5108             :      * tv_usec part (which must fit in 20 bits), plus 12 bits from our current
    5109             :      * PID for a little extra uniqueness.  A person knowing this encoding can
    5110             :      * determine the initialization time of the installation, which could
    5111             :      * perhaps be useful sometimes.
    5112             :      */
    5113         322 :     gettimeofday(&tv, NULL);
    5114         322 :     sysidentifier = ((uint64) tv.tv_sec) << 32;
    5115         322 :     sysidentifier |= ((uint64) tv.tv_usec) << 12;
    5116         322 :     sysidentifier |= getpid() & 0xFFF;
    5117             : 
    5118             :     /*
    5119             :      * Generate a random nonce. This is used for authentication requests that
    5120             :      * will fail because the user does not exist. The nonce is used to create
    5121             :      * a genuine-looking password challenge for the non-existent user, in lieu
    5122             :      * of an actual stored password.
    5123             :      */
    5124         322 :     if (!pg_strong_random(mock_auth_nonce, MOCK_AUTH_NONCE_LEN))
    5125           0 :         ereport(PANIC,
    5126             :                 (errcode(ERRCODE_INTERNAL_ERROR),
    5127             :                  errmsg("could not generate secret authorization token")));
    5128             : 
    5129             :     /* First timeline ID is always 1 */
    5130         322 :     ThisTimeLineID = 1;
    5131             : 
    5132             :     /* page buffer must be aligned suitably for O_DIRECT */
    5133         322 :     buffer = (char *) palloc(XLOG_BLCKSZ + XLOG_BLCKSZ);
    5134         322 :     page = (XLogPageHeader) TYPEALIGN(XLOG_BLCKSZ, buffer);
    5135         322 :     memset(page, 0, XLOG_BLCKSZ);
    5136             : 
    5137             :     /*
    5138             :      * Set up information for the initial checkpoint record
    5139             :      *
    5140             :      * The initial checkpoint record is written to the beginning of the WAL
    5141             :      * segment with logid=0 logseg=1. The very first WAL segment, 0/0, is not
    5142             :      * used, so that we can use 0/0 to mean "before any valid WAL segment".
    5143             :      */
    5144         322 :     checkPoint.redo = wal_segment_size + SizeOfXLogLongPHD;
    5145         322 :     checkPoint.ThisTimeLineID = ThisTimeLineID;
    5146         322 :     checkPoint.PrevTimeLineID = ThisTimeLineID;
    5147         322 :     checkPoint.fullPageWrites = fullPageWrites;
    5148         322 :     checkPoint.nextFullXid =
    5149             :         FullTransactionIdFromEpochAndXid(0, FirstNormalTransactionId);
    5150         322 :     checkPoint.nextOid = FirstBootstrapObjectId;
    5151         322 :     checkPoint.nextMulti = FirstMultiXactId;
    5152         322 :     checkPoint.nextMultiOffset = 0;
    5153         322 :     checkPoint.oldestXid = FirstNormalTransactionId;
    5154         322 :     checkPoint.oldestXidDB = TemplateDbOid;
    5155         322 :     checkPoint.oldestMulti = FirstMultiXactId;
    5156         322 :     checkPoint.oldestMultiDB = TemplateDbOid;
    5157         322 :     checkPoint.oldestCommitTsXid = InvalidTransactionId;
    5158         322 :     checkPoint.newestCommitTsXid = InvalidTransactionId;
    5159         322 :     checkPoint.time = (pg_time_t) time(NULL);
    5160         322 :     checkPoint.oldestActiveXid = InvalidTransactionId;
    5161             : 
    5162         322 :     ShmemVariableCache->nextFullXid = checkPoint.nextFullXid;
    5163         322 :     ShmemVariableCache->nextOid = checkPoint.nextOid;
    5164         322 :     ShmemVariableCache->oidCount = 0;
    5165         322 :     MultiXactSetNextMXact(checkPoint.nextMulti, checkPoint.nextMultiOffset);
    5166         322 :     AdvanceOldestClogXid(checkPoint.oldestXid);
    5167         322 :     SetTransactionIdLimit(checkPoint.oldestXid, checkPoint.oldestXidDB);
    5168         322 :     SetMultiXactIdLimit(checkPoint.oldestMulti, checkPoint.oldestMultiDB, true);
    5169         322 :     SetCommitTsLimit(InvalidTransactionId, InvalidTransactionId);
    5170             : 
    5171             :     /* Set up the XLOG page header */
    5172         322 :     page->xlp_magic = XLOG_PAGE_MAGIC;
    5173         322 :     page->xlp_info = XLP_LONG_HEADER;
    5174         322 :     page->xlp_tli = ThisTimeLineID;
    5175         322 :     page->xlp_pageaddr = wal_segment_size;
    5176         322 :     longpage = (XLogLongPageHeader) page;
    5177         322 :     longpage->xlp_sysid = sysidentifier;
    5178         322 :     longpage->xlp_seg_size = wal_segment_size;
    5179         322 :     longpage->xlp_xlog_blcksz = XLOG_BLCKSZ;
    5180             : 
    5181             :     /* Insert the initial checkpoint record */
    5182         322 :     recptr = ((char *) page + SizeOfXLogLongPHD);
    5183         322 :     record = (XLogRecord *) recptr;
    5184         322 :     record->xl_prev = 0;
    5185         322 :     record->xl_xid = InvalidTransactionId;
    5186         322 :     record->xl_tot_len = SizeOfXLogRecord + SizeOfXLogRecordDataHeaderShort + sizeof(checkPoint);
    5187         322 :     record->xl_info = XLOG_CHECKPOINT_SHUTDOWN;
    5188         322 :     record->xl_rmid = RM_XLOG_ID;
    5189         322 :     recptr += SizeOfXLogRecord;
    5190             :     /* fill the XLogRecordDataHeaderShort struct */
    5191         322 :     *(recptr++) = (char) XLR_BLOCK_ID_DATA_SHORT;
    5192         322 :     *(recptr++) = sizeof(checkPoint);
    5193         322 :     memcpy(recptr, &checkPoint, sizeof(checkPoint));
    5194         322 :     recptr += sizeof(checkPoint);
    5195             :     Assert(recptr - (char *) record == record->xl_tot_len);
    5196             : 
    5197         322 :     INIT_CRC32C(crc);
    5198         322 :     COMP_CRC32C(crc, ((char *) record) + SizeOfXLogRecord, record->xl_tot_len - SizeOfXLogRecord);
    5199         322 :     COMP_CRC32C(crc, (char *) record, offsetof(XLogRecord, xl_crc));
    5200         322 :     FIN_CRC32C(crc);
    5201         322 :     record->xl_crc = crc;
    5202             : 
    5203             :     /* Create first XLOG segment file */
    5204         322 :     use_existent = false;
    5205         322 :     openLogFile = XLogFileInit(1, &use_existent, false);
    5206             : 
    5207             :     /* Write the first page with the initial record */
    5208         322 :     errno = 0;
    5209         322 :     pgstat_report_wait_start(WAIT_EVENT_WAL_BOOTSTRAP_WRITE);
    5210         322 :     if (write(openLogFile, page, XLOG_BLCKSZ) != XLOG_BLCKSZ)
    5211             :     {
    5212             :         /* if write didn't set errno, assume problem is no disk space */
    5213           0 :         if (errno == 0)
    5214           0 :             errno = ENOSPC;
    5215           0 :         ereport(PANIC,
    5216             :                 (errcode_for_file_access(),
    5217             :                  errmsg("could not write bootstrap write-ahead log file: %m")));
    5218             :     }
    5219         322 :     pgstat_report_wait_end();
    5220             : 
    5221         322 :     pgstat_report_wait_start(WAIT_EVENT_WAL_BOOTSTRAP_SYNC);
    5222         322 :     if (pg_fsync(openLogFile) != 0)
    5223           0 :         ereport(PANIC,
    5224             :                 (errcode_for_file_access(),
    5225             :                  errmsg("could not fsync bootstrap write-ahead log file: %m")));
    5226         322 :     pgstat_report_wait_end();
    5227             : 
    5228         322 :     if (close(openLogFile) != 0)
    5229           0 :         ereport(PANIC,
    5230             :                 (errcode_for_file_access(),
    5231             :                  errmsg("could not close bootstrap write-ahead log file: %m")));
    5232             : 
    5233         322 :     openLogFile = -1;
    5234             : 
    5235             :     /* Now create pg_control */
    5236             : 
    5237         322 :     memset(ControlFile, 0, sizeof(ControlFileData));
    5238             :     /* Initialize pg_control status fields */
    5239         322 :     ControlFile->system_identifier = sysidentifier;
    5240         322 :     memcpy(ControlFile->mock_authentication_nonce, mock_auth_nonce, MOCK_AUTH_NONCE_LEN);
    5241         322 :     ControlFile->state = DB_SHUTDOWNED;
    5242         322 :     ControlFile->time = checkPoint.time;
    5243         322 :     ControlFile->checkPoint = checkPoint.redo;
    5244         322 :     ControlFile->checkPointCopy = checkPoint;
    5245         322 :     ControlFile->unloggedLSN = FirstNormalUnloggedLSN;
    5246             : 
    5247             :     /* Set important parameter values for use when replaying WAL */
    5248         322 :     ControlFile->MaxConnections = MaxConnections;
    5249         322 :     ControlFile->max_worker_processes = max_worker_processes;
    5250         322 :     ControlFile->max_wal_senders = max_wal_senders;
    5251         322 :     ControlFile->max_prepared_xacts = max_prepared_xacts;
    5252         322 :     ControlFile->max_locks_per_xact = max_locks_per_xact;
    5253         322 :     ControlFile->wal_level = wal_level;
    5254         322 :     ControlFile->wal_log_hints = wal_log_hints;
    5255         322 :     ControlFile->track_commit_timestamp = track_commit_timestamp;
    5256         322 :     ControlFile->data_checksum_version = bootstrap_data_checksum_version;
    5257             : 
    5258             :     /* some additional ControlFile fields are set in WriteControlFile() */
    5259             : 
    5260         322 :     WriteControlFile();
    5261             : 
    5262             :     /* Bootstrap the commit log, too */
    5263         322 :     BootStrapCLOG();
    5264         322 :     BootStrapCommitTs();
    5265         322 :     BootStrapSUBTRANS();
    5266         322 :     BootStrapMultiXact();
    5267             : 
    5268         322 :     pfree(buffer);
    5269             : 
    5270             :     /*
    5271             :      * Force control file to be read - in contrast to normal processing we'd
    5272             :      * otherwise never run the checks and GUC related initializations therein.
    5273             :      */
    5274         322 :     ReadControlFile();
    5275         322 : }
    5276             : 
    5277             : static char *
    5278         548 : str_time(pg_time_t tnow)
    5279             : {
    5280             :     static char buf[128];
    5281             : 
    5282         548 :     pg_strftime(buf, sizeof(buf),
    5283             :                 "%Y-%m-%d %H:%M:%S %Z",
    5284         548 :                 pg_localtime(&tnow, log_timezone));
    5285             : 
    5286         548 :     return buf;
    5287             : }
    5288             : 
    5289             : /*
    5290             :  * See if there are any recovery signal files and if so, set state for
    5291             :  * recovery.
    5292             :  *
    5293             :  * See if there is a recovery command file (recovery.conf), and if so
    5294             :  * throw an ERROR since as of PG12 we no longer recognize that.
    5295             :  */
    5296             : static void
    5297        1192 : readRecoverySignalFile(void)
    5298             : {
    5299             :     struct stat stat_buf;
    5300             : 
    5301        1192 :     if (IsBootstrapProcessingMode())
    5302        1446 :         return;
    5303             : 
    5304             :     /*
    5305             :      * Check for old recovery API file: recovery.conf
    5306             :      */
    5307         870 :     if (stat(RECOVERY_COMMAND_FILE, &stat_buf) == 0)
    5308           0 :         ereport(FATAL,
    5309             :                 (errcode_for_file_access(),
    5310             :                  errmsg("using recovery command file \"%s\" is not supported",
    5311             :                         RECOVERY_COMMAND_FILE)));
    5312             : 
    5313             :     /*
    5314             :      * Remove unused .done file, if present. Ignore if absent.
    5315             :      */
    5316         870 :     unlink(RECOVERY_COMMAND_DONE);
    5317             : 
    5318             :     /*
    5319             :      * Check for recovery signal files and if found, fsync them since they
    5320             :      * represent server state information.  We don't sweat too much about the
    5321             :      * possibility of fsync failure, however.
    5322             :      *
    5323             :      * If present, standby signal file takes precedence. If neither is present
    5324             :      * then we won't enter archive recovery.
    5325             :      */
    5326         870 :     if (stat(STANDBY_SIGNAL_FILE, &stat_buf) == 0)
    5327             :     {
    5328             :         int         fd;
    5329             : 
    5330          68 :         fd = BasicOpenFilePerm(STANDBY_SIGNAL_FILE, O_RDWR | PG_BINARY | get_sync_bit(sync_method),
    5331             :                                S_IRUSR | S_IWUSR);
    5332          68 :         if (fd >= 0)
    5333             :         {
    5334          68 :             (void) pg_fsync(fd);
    5335          68 :             close(fd);
    5336             :         }
    5337          68 :         standby_signal_file_found = true;
    5338             :     }
    5339         802 :     else if (stat(RECOVERY_SIGNAL_FILE, &stat_buf) == 0)
    5340             :     {
    5341             :         int         fd;
    5342             : 
    5343           0 :         fd = BasicOpenFilePerm(RECOVERY_SIGNAL_FILE, O_RDWR | PG_BINARY | get_sync_bit(sync_method),
    5344             :                                S_IRUSR | S_IWUSR);
    5345           0 :         if (fd >= 0)
    5346             :         {
    5347           0 :             (void) pg_fsync(fd);
    5348           0 :             close(fd);
    5349             :         }
    5350           0 :         recovery_signal_file_found = true;
    5351             :     }
    5352             : 
    5353         870 :     StandbyModeRequested = false;
    5354         870 :     ArchiveRecoveryRequested = false;
    5355         870 :     if (standby_signal_file_found)
    5356             :     {
    5357          68 :         StandbyModeRequested = true;
    5358          68 :         ArchiveRecoveryRequested = true;
    5359             :     }
    5360         802 :     else if (recovery_signal_file_found)
    5361             :     {
    5362           0 :         StandbyModeRequested = false;
    5363           0 :         ArchiveRecoveryRequested = true;
    5364             :     }
    5365             :     else
    5366         802 :         return;
    5367             : 
    5368             :     /*
    5369             :      * We don't support standby mode in standalone backends; that requires
    5370             :      * other processes such as the WAL receiver to be alive.
    5371             :      */
    5372          68 :     if (StandbyModeRequested && !IsUnderPostmaster)
    5373           0 :         ereport(FATAL,
    5374             :                 (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
    5375             :                  errmsg("standby mode is not supported by single-user servers")));
    5376             : }
    5377             : 
    5378             : static void
    5379        1192 : validateRecoveryParameters(void)
    5380             : {
    5381        1192 :     if (!ArchiveRecoveryRequested)
    5382        1124 :         return;
    5383             : 
    5384             :     /*
    5385             :      * Check for compulsory parameters
    5386             :      */
    5387          68 :     if (StandbyModeRequested)
    5388             :     {
    5389          72 :         if ((PrimaryConnInfo == NULL || strcmp(PrimaryConnInfo, "") == 0) &&
    5390           8 :             (recoveryRestoreCommand == NULL || strcmp(recoveryRestoreCommand, "") == 0))
    5391           0 :             ereport(WARNING,
    5392             :                     (errmsg("specified neither primary_conninfo nor restore_command"),
    5393             :                      errhint("The database server will regularly poll the pg_wal subdirectory to check for files placed there.")));
    5394             :     }
    5395             :     else
    5396             :     {
    5397           0 :         if (recoveryRestoreCommand == NULL ||
    5398           0 :             strcmp(recoveryRestoreCommand, "") == 0)
    5399           0 :             ereport(FATAL,
    5400             :                     (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    5401             :                      errmsg("must specify restore_command when standby mode is not enabled")));
    5402             :     }
    5403             : 
    5404             :     /*
    5405             :      * Override any inconsistent requests. Note that this is a change of
    5406             :      * behaviour in 9.5; prior to this we simply ignored a request to pause if
    5407             :      * hot_standby = off, which was surprising behaviour.
    5408             :      */
    5409         136 :     if (recoveryTargetAction == RECOVERY_TARGET_ACTION_PAUSE &&
    5410          68 :         !EnableHotStandby)
    5411           0 :         recoveryTargetAction = RECOVERY_TARGET_ACTION_SHUTDOWN;
    5412             : 
    5413             :     /*
    5414             :      * Final parsing of recovery_target_time string; see also
    5415             :      * check_recovery_target_time().
    5416             :      */
    5417          68 :     if (recoveryTarget == RECOVERY_TARGET_TIME)
    5418             :     {
    5419           0 :         recoveryTargetTime = DatumGetTimestampTz(DirectFunctionCall3(timestamptz_in,
    5420             :                                                                      CStringGetDatum(recovery_target_time_string),
    5421             :                                                                      ObjectIdGetDatum(InvalidOid),
    5422             :                                                                      Int32GetDatum(-1)));
    5423             :     }
    5424             : 
    5425             :     /*
    5426             :      * If user specified recovery_target_timeline, validate it or compute the
    5427             :      * "latest" value.  We can't do this until after we've gotten the restore
    5428             :      * command and set InArchiveRecovery, because we need to fetch timeline
    5429             :      * history files from the archive.
    5430             :      */
    5431          68 :     if (recoveryTargetTimeLineGoal == RECOVERY_TARGET_TIMELINE_NUMERIC)
    5432             :     {
    5433           0 :         TimeLineID  rtli = recoveryTargetTLIRequested;
    5434             : 
    5435             :         /* Timeline 1 does not have a history file, all else should */
    5436           0 :         if (rtli != 1 && !existsTimeLineHistory(rtli))
    5437           0 :             ereport(FATAL,
    5438             :                     (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    5439             :                      errmsg("recovery target timeline %u does not exist",
    5440             :                             rtli)));
    5441           0 :         recoveryTargetTLI = rtli;
    5442             :     }
    5443          68 :     else if (recoveryTargetTimeLineGoal == RECOVERY_TARGET_TIMELINE_LATEST)
    5444             :     {
    5445             :         /* We start the "latest" search from pg_control's timeline */
    5446          68 :         recoveryTargetTLI = findNewestTimeLine(recoveryTargetTLI);
    5447             :     }
    5448             :     else
    5449             :     {
    5450             :         /*
    5451             :          * else we just use the recoveryTargetTLI as already read from
    5452             :          * ControlFile
    5453             :          */
    5454             :         Assert(recoveryTargetTimeLineGoal == RECOVERY_TARGET_TIMELINE_CONTROLFILE);
    5455             :     }
    5456             : }
    5457             : 
    5458             : /*
    5459             :  * Exit archive-recovery state
    5460             :  */
    5461             : static void
    5462          46 : exitArchiveRecovery(TimeLineID endTLI, XLogRecPtr endOfLog)
    5463             : {
    5464             :     char        xlogfname[MAXFNAMELEN];
    5465             :     XLogSegNo   endLogSegNo;
    5466             :     XLogSegNo   startLogSegNo;
    5467             : 
    5468             :     /* we always switch to a new timeline after archive recovery */
    5469             :     Assert(endTLI != ThisTimeLineID);
    5470             : 
    5471             :     /*
    5472             :      * We are no longer in archive recovery state.
    5473             :      */
    5474          46 :     InArchiveRecovery = false;
    5475             : 
    5476             :     /*
    5477             :      * Update min recovery point one last time.
    5478             :      */
    5479          46 :     UpdateMinRecoveryPoint(InvalidXLogRecPtr, true);
    5480             : 
    5481             :     /*
    5482             :      * If the ending log segment is still open, close it (to avoid problems on
    5483             :      * Windows with trying to rename or delete an open file).
    5484             :      */
    5485          46 :     if (readFile >= 0)
    5486             :     {
    5487          46 :         close(readFile);
    5488          46 :         readFile = -1;
    5489             :     }
    5490             : 
    5491             :     /*
    5492             :      * Calculate the last segment on the old timeline, and the first segment
    5493             :      * on the new timeline. If the switch happens in the middle of a segment,
    5494             :      * they are the same, but if the switch happens exactly at a segment
    5495             :      * boundary, startLogSegNo will be endLogSegNo + 1.
    5496             :      */
    5497          46 :     XLByteToPrevSeg(endOfLog, endLogSegNo, wal_segment_size);
    5498          46 :     XLByteToSeg(endOfLog, startLogSegNo, wal_segment_size);
    5499             : 
    5500             :     /*
    5501             :      * Initialize the starting WAL segment for the new timeline. If the switch
    5502             :      * happens in the middle of a segment, copy data from the last WAL segment
    5503             :      * of the old timeline up to the switch point, to the starting WAL segment
    5504             :      * on the new timeline.
    5505             :      */
    5506          46 :     if (endLogSegNo == startLogSegNo)
    5507             :     {
    5508             :         /*
    5509             :          * Make a copy of the file on the new timeline.
    5510             :          *
    5511             :          * Writing WAL isn't allowed yet, so there are no locking
    5512             :          * considerations. But we should be just as tense as XLogFileInit to
    5513             :          * avoid emplacing a bogus file.
    5514             :          */
    5515          34 :         XLogFileCopy(endLogSegNo, endTLI, endLogSegNo,
    5516          34 :                      XLogSegmentOffset(endOfLog, wal_segment_size));
    5517             :     }
    5518             :     else
    5519             :     {
    5520             :         /*
    5521             :          * The switch happened at a segment boundary, so just create the next
    5522             :          * segment on the new timeline.
    5523             :          */
    5524          12 :         bool        use_existent = true;
    5525             :         int         fd;
    5526             : 
    5527          12 :         fd = XLogFileInit(startLogSegNo, &use_existent, true);
    5528             : 
    5529          12 :         if (close(fd) != 0)
    5530           0 :             ereport(ERROR,
    5531             :                     (errcode_for_file_access(),
    5532             :                      errmsg("could not close file \"%s\": %m",
    5533             :                             XLogFileNameP(ThisTimeLineID, startLogSegNo))));
    5534             :     }
    5535             : 
    5536             :     /*
    5537             :      * Let's just make real sure there are not .ready or .done flags posted
    5538             :      * for the new segment.
    5539             :      */
    5540          46 :     XLogFileName(xlogfname, ThisTimeLineID, startLogSegNo, wal_segment_size);
    5541          46 :     XLogArchiveCleanup(xlogfname);
    5542             : 
    5543             :     /*
    5544             :      * Remove the signal files out of the way, so that we don't accidentally
    5545             :      * re-enter archive recovery mode in a subsequent crash.
    5546             :      */
    5547          46 :     if (standby_signal_file_found)
    5548          46 :         durable_unlink(STANDBY_SIGNAL_FILE, FATAL);
    5549             : 
    5550          46 :     if (recovery_signal_file_found)
    5551           0 :         durable_unlink(RECOVERY_SIGNAL_FILE, FATAL);
    5552             : 
    5553          46 :     ereport(LOG,
    5554             :             (errmsg("archive recovery complete")));
    5555          46 : }
    5556             : 
    5557             : /*
    5558             :  * Extract timestamp from WAL record.
    5559             :  *
    5560             :  * If the record contains a timestamp, returns true, and saves the timestamp
    5561             :  * in *recordXtime. If the record type has no timestamp, returns false.
    5562             :  * Currently, only transaction commit/abort records and restore points contain
    5563             :  * timestamps.
    5564             :  */
    5565             : static bool
    5566         158 : getRecordTimestamp(XLogReaderState *record, TimestampTz *recordXtime)
    5567             : {
    5568         158 :     uint8       info = XLogRecGetInfo(record) & ~XLR_INFO_MASK;
    5569         158 :     uint8       xact_info = info & XLOG_XACT_OPMASK;
    5570         158 :     uint8       rmid = XLogRecGetRmid(record);
    5571             : 
    5572         158 :     if (rmid == RM_XLOG_ID && info == XLOG_RESTORE_POINT)
    5573             :     {
    5574           0 :         *recordXtime = ((xl_restore_point *) XLogRecGetData(record))->rp_time;
    5575           0 :         return true;
    5576             :     }
    5577         158 :     if (rmid == RM_XACT_ID && (xact_info == XLOG_XACT_COMMIT ||
    5578             :                                xact_info == XLOG_XACT_COMMIT_PREPARED))
    5579             :     {
    5580         150 :         *recordXtime = ((xl_xact_commit *) XLogRecGetData(record))->xact_time;
    5581         150 :         return true;
    5582             :     }
    5583           8 :     if (rmid == RM_XACT_ID && (xact_info == XLOG_XACT_ABORT ||
    5584             :                                xact_info == XLOG_XACT_ABORT_PREPARED))
    5585             :     {
    5586           8 :         *recordXtime = ((xl_xact_abort *) XLogRecGetData(record))->xact_time;
    5587           8 :         return true;
    5588             :     }
    5589           0 :     return false;
    5590             : }
    5591             : 
    5592             : /*
    5593             :  * For point-in-time recovery, this function decides whether we want to
    5594             :  * stop applying the XLOG before the current record.
    5595             :  *
    5596             :  * Returns true if we are stopping, false otherwise. If stopping, some
    5597             :  * information is saved in recoveryStopXid et al for use in annotating the
    5598             :  * new timeline's history file.
    5599             :  */
    5600             : static bool
    5601      238472 : recoveryStopsBefore(XLogReaderState *record)
    5602             : {
    5603      238472 :     bool        stopsHere = false;
    5604             :     uint8       xact_info;
    5605             :     bool        isCommit;
    5606      238472 :     TimestampTz recordXtime = 0;
    5607             :     TransactionId recordXid;
    5608             : 
    5609             :     /*
    5610             :      * Ignore recovery target settings when not in archive recovery (meaning
    5611             :      * we are in crash recovery).
    5612             :      */
    5613      238472 :     if (!ArchiveRecoveryRequested)
    5614       68572 :         return false;
    5615             : 
    5616             :     /* Check if we should stop as soon as reaching consistency */
    5617      169900 :     if (recoveryTarget == RECOVERY_TARGET_IMMEDIATE && reachedConsistency)
    5618             :     {
    5619           0 :         ereport(LOG,
    5620             :                 (errmsg("recovery stopping after reaching consistency")));
    5621             : 
    5622           0 :         recoveryStopAfter = false;
    5623           0 :         recoveryStopXid = InvalidTransactionId;
    5624           0 :         recoveryStopLSN = InvalidXLogRecPtr;
    5625           0 :         recoveryStopTime = 0;
    5626           0 :         recoveryStopName[0] = '\0';
    5627           0 :         return true;
    5628             :     }
    5629             : 
    5630             :     /* Check if target LSN has been reached */
    5631      169900 :     if (recoveryTarget == RECOVERY_TARGET_LSN &&
    5632           0 :         !recoveryTargetInclusive &&
    5633           0 :         record->ReadRecPtr >= recoveryTargetLSN)
    5634             :     {
    5635           0 :         recoveryStopAfter = false;
    5636           0 :         recoveryStopXid = InvalidTransactionId;
    5637           0 :         recoveryStopLSN = record->ReadRecPtr;
    5638           0 :         recoveryStopTime = 0;
    5639           0 :         recoveryStopName[0] = '\0';
    5640           0 :         ereport(LOG,
    5641             :                 (errmsg("recovery stopping before WAL location (LSN) \"%X/%X\"",
    5642             :                         (uint32) (recoveryStopLSN >> 32),
    5643             :                         (uint32) recoveryStopLSN)));
    5644           0 :         return true;
    5645             :     }
    5646             : 
    5647             :     /* Otherwise we only consider stopping before COMMIT or ABORT records. */
    5648      169900 :     if (XLogRecGetRmid(record) != RM_XACT_ID)
    5649      169690 :         return false;
    5650             : 
    5651         210 :     xact_info = XLogRecGetInfo(record) & XLOG_XACT_OPMASK;
    5652             : 
    5653         210 :     if (xact_info == XLOG_XACT_COMMIT)
    5654             :     {
    5655         120 :         isCommit = true;
    5656         120 :         recordXid = XLogRecGetXid(record);
    5657             :     }
    5658          90 :     else if (xact_info == XLOG_XACT_COMMIT_PREPARED)
    5659             :     {
    5660          30 :         xl_xact_commit *xlrec = (xl_xact_commit *) XLogRecGetData(record);
    5661             :         xl_xact_parsed_commit parsed;
    5662             : 
    5663          30 :         isCommit = true;
    5664          30 :         ParseCommitRecord(XLogRecGetInfo(record),
    5665             :                           xlrec,
    5666             :                           &parsed);
    5667          30 :         recordXid = parsed.twophase_xid;
    5668             :     }
    5669          60 :     else if (xact_info == XLOG_XACT_ABORT)
    5670             :     {
    5671           2 :         isCommit = false;
    5672           2 :         recordXid = XLogRecGetXid(record);
    5673             :     }
    5674          58 :     else if (xact_info == XLOG_XACT_ABORT_PREPARED)
    5675             :     {
    5676           6 :         xl_xact_abort *xlrec = (xl_xact_abort *) XLogRecGetData(record);
    5677             :         xl_xact_parsed_abort parsed;
    5678             : 
    5679           6 :         isCommit = true;
    5680           6 :         ParseAbortRecord(XLogRecGetInfo(record),
    5681             :                          xlrec,
    5682             :                          &parsed);
    5683           6 :         recordXid = parsed.twophase_xid;
    5684             :     }
    5685             :     else
    5686          52 :         return false;
    5687             : 
    5688         158 :     if (recoveryTarget == RECOVERY_TARGET_XID && !recoveryTargetInclusive)
    5689             :     {
    5690             :         /*
    5691             :          * There can be only one transaction end record with this exact
    5692             :          * transactionid
    5693             :          *
    5694             :          * when testing for an xid, we MUST test for equality only, since
    5695             :          * transactions are numbered in the order they start, not the order
    5696             :          * they complete. A higher numbered xid will complete before you about
    5697             :          * 50% of the time...
    5698             :          */
    5699           0 :         stopsHere = (recordXid == recoveryTargetXid);
    5700             :     }
    5701             : 
    5702         158 :     if (recoveryTarget == RECOVERY_TARGET_TIME &&
    5703           0 :         getRecordTimestamp(record, &recordXtime))
    5704             :     {
    5705             :         /*
    5706             :          * There can be many transactions that share the same commit time, so
    5707             :          * we stop after the last one, if we are inclusive, or stop at the
    5708             :          * first one if we are exclusive
    5709             :          */
    5710           0 :         if (recoveryTargetInclusive)
    5711           0 :             stopsHere = (recordXtime > recoveryTargetTime);
    5712             :         else
    5713           0 :             stopsHere = (recordXtime >= recoveryTargetTime);
    5714             :     }
    5715             : 
    5716         158 :     if (stopsHere)
    5717             :     {
    5718           0 :         recoveryStopAfter = false;
    5719           0 :         recoveryStopXid = recordXid;
    5720           0 :         recoveryStopTime = recordXtime;
    5721           0 :         recoveryStopLSN = InvalidXLogRecPtr;
    5722           0 :         recoveryStopName[0] = '\0';
    5723             : 
    5724           0 :         if (isCommit)
    5725             :         {
    5726           0 :             ereport(LOG,
    5727             :                     (errmsg("recovery stopping before commit of transaction %u, time %s",
    5728             :                             recoveryStopXid,
    5729             :                             timestamptz_to_str(recoveryStopTime))));
    5730             :         }
    5731             :         else
    5732             :         {
    5733           0 :             ereport(LOG,
    5734             :                     (errmsg("recovery stopping before abort of transaction %u, time %s",
    5735             :                             recoveryStopXid,
    5736             :                             timestamptz_to_str(recoveryStopTime))));
    5737             :         }
    5738             :     }
    5739             : 
    5740         158 :     return stopsHere;
    5741             : }
    5742             : 
    5743             : /*
    5744             :  * Same as recoveryStopsBefore, but called after applying the record.
    5745             :  *
    5746             :  * We also track the timestamp of the latest applied COMMIT/ABORT
    5747             :  * record in XLogCtl->recoveryLastXTime.
    5748             :  */
    5749             : static bool
    5750      238472 : recoveryStopsAfter(XLogReaderState *record)
    5751             : {
    5752             :     uint8       info;
    5753             :     uint8       xact_info;
    5754             :     uint8       rmid;
    5755             :     TimestampTz recordXtime;
    5756             : 
    5757             :     /*
    5758             :      * Ignore recovery target settings when not in archive recovery (meaning
    5759             :      * we are in crash recovery).
    5760             :      */
    5761      238472 :     if (!ArchiveRecoveryRequested)
    5762       68572 :         return false;
    5763             : 
    5764      169900 :     info = XLogRecGetInfo(record) & ~XLR_INFO_MASK;
    5765      169900 :     rmid = XLogRecGetRmid(record);
    5766             : 
    5767             :     /*
    5768             :      * There can be many restore points that share the same name; we stop at
    5769             :      * the first one.
    5770             :      */
    5771      169900 :     if (recoveryTarget == RECOVERY_TARGET_NAME &&
    5772           0 :         rmid == RM_XLOG_ID && info == XLOG_RESTORE_POINT)
    5773             :     {
    5774             :         xl_restore_point *recordRestorePointData;
    5775             : 
    5776           0 :         recordRestorePointData = (xl_restore_point *) XLogRecGetData(record);
    5777             : 
    5778           0 :         if (strcmp(recordRestorePointData->rp_name, recoveryTargetName) == 0)
    5779             :         {
    5780           0 :             recoveryStopAfter = true;
    5781           0 :             recoveryStopXid = InvalidTransactionId;
    5782           0 :             recoveryStopLSN = InvalidXLogRecPtr;
    5783           0 :             (void) getRecordTimestamp(record, &recoveryStopTime);
    5784           0 :             strlcpy(recoveryStopName, recordRestorePointData->rp_name, MAXFNAMELEN);
    5785             : 
    5786           0 :             ereport(LOG,
    5787             :                     (errmsg("recovery stopping at restore point \"%s\", time %s",
    5788             :                             recoveryStopName,
    5789             :                             timestamptz_to_str(recoveryStopTime))));
    5790           0 :             return true;
    5791             :         }
    5792             :     }
    5793             : 
    5794             :     /* Check if the target LSN has been reached */
    5795      169900 :     if (recoveryTarget == RECOVERY_TARGET_LSN &&
    5796           0 :         recoveryTargetInclusive &&
    5797           0 :         record->ReadRecPtr >= recoveryTargetLSN)
    5798             :     {
    5799           0 :         recoveryStopAfter = true;
    5800           0 :         recoveryStopXid = InvalidTransactionId;
    5801           0 :         recoveryStopLSN = record->ReadRecPtr;
    5802           0 :         recoveryStopTime = 0;
    5803           0 :         recoveryStopName[0] = '\0';
    5804           0 :         ereport(LOG,
    5805             :                 (errmsg("recovery stopping after WAL location (LSN) \"%X/%X\"",
    5806             :                         (uint32) (recoveryStopLSN >> 32),
    5807             :                         (uint32) recoveryStopLSN)));
    5808           0 :         return true;
    5809             :     }
    5810             : 
    5811      169900 :     if (rmid != RM_XACT_ID)
    5812      169690 :         return false;
    5813             : 
    5814         210 :     xact_info = info & XLOG_XACT_OPMASK;
    5815             : 
    5816         210 :     if (xact_info == XLOG_XACT_COMMIT ||
    5817          60 :         xact_info == XLOG_XACT_COMMIT_PREPARED ||
    5818          58 :         xact_info == XLOG_XACT_ABORT ||
    5819             :         xact_info == XLOG_XACT_ABORT_PREPARED)
    5820             :     {
    5821             :         TransactionId recordXid;
    5822             : 
    5823             :         /* Update the last applied transaction timestamp */
    5824         158 :         if (getRecordTimestamp(record, &recordXtime))
    5825         158 :             SetLatestXTime(recordXtime);
    5826             : 
    5827             :         /* Extract the XID of the committed/aborted transaction */
    5828         158 :         if (xact_info == XLOG_XACT_COMMIT_PREPARED)
    5829             :         {
    5830          30 :             xl_xact_commit *xlrec = (xl_xact_commit *) XLogRecGetData(record);
    5831             :             xl_xact_parsed_commit parsed;
    5832             : 
    5833          30 :             ParseCommitRecord(XLogRecGetInfo(record),
    5834             :                               xlrec,
    5835             :                               &parsed);
    5836          30 :             recordXid = parsed.twophase_xid;
    5837             :         }
    5838         128 :         else if (xact_info == XLOG_XACT_ABORT_PREPARED)
    5839             :         {
    5840           6 :             xl_xact_abort *xlrec = (xl_xact_abort *) XLogRecGetData(record);
    5841             :             xl_xact_parsed_abort parsed;
    5842             : 
    5843           6 :             ParseAbortRecord(XLogRecGetInfo(record),
    5844             :                              xlrec,
    5845             :                              &parsed);
    5846           6 :             recordXid = parsed.twophase_xid;
    5847             :         }
    5848             :         else
    5849         122 :             recordXid = XLogRecGetXid(record);
    5850             : 
    5851             :         /*
    5852             :          * There can be only one transaction end record with this exact
    5853             :          * transactionid
    5854             :          *
    5855             :          * when testing for an xid, we MUST test for equality only, since
    5856             :          * transactions are numbered in the order they start, not the order
    5857             :          * they complete. A higher numbered xid will complete before you about
    5858             :          * 50% of the time...
    5859             :          */
    5860         158 :         if (recoveryTarget == RECOVERY_TARGET_XID && recoveryTargetInclusive &&
    5861           0 :             recordXid == recoveryTargetXid)
    5862             :         {
    5863           0 :             recoveryStopAfter = true;
    5864           0 :             recoveryStopXid = recordXid;
    5865           0 :             recoveryStopTime = recordXtime;
    5866           0 :             recoveryStopLSN = InvalidXLogRecPtr;
    5867           0 :             recoveryStopName[0] = '\0';
    5868             : 
    5869           0 :             if (xact_info == XLOG_XACT_COMMIT ||
    5870             :                 xact_info == XLOG_XACT_COMMIT_PREPARED)
    5871             :             {
    5872           0 :                 ereport(LOG,
    5873             :                         (errmsg("recovery stopping after commit of transaction %u, time %s",
    5874             :                                 recoveryStopXid,
    5875             :                                 timestamptz_to_str(recoveryStopTime))));
    5876             :             }
    5877           0 :             else if (xact_info == XLOG_XACT_ABORT ||
    5878             :                      xact_info == XLOG_XACT_ABORT_PREPARED)
    5879             :             {
    5880           0 :                 ereport(LOG,
    5881             :                         (errmsg("recovery stopping after abort of transaction %u, time %s",
    5882             :                                 recoveryStopXid,
    5883             :                                 timestamptz_to_str(recoveryStopTime))));
    5884             :             }
    5885           0 :             return true;
    5886             :         }
    5887             :     }
    5888             : 
    5889             :     /* Check if we should stop as soon as reaching consistency */
    5890         210 :     if (recoveryTarget == RECOVERY_TARGET_IMMEDIATE && reachedConsistency)
    5891             :     {
    5892           0 :         ereport(LOG,
    5893             :                 (errmsg("recovery stopping after reaching consistency")));
    5894             : 
    5895           0 :         recoveryStopAfter = true;
    5896           0 :         recoveryStopXid = InvalidTransactionId;
    5897           0 :         recoveryStopTime = 0;
    5898           0 :         recoveryStopLSN = InvalidXLogRecPtr;
    5899           0 :         recoveryStopName[0] = '\0';
    5900           0 :         return true;
    5901             :     }
    5902             : 
    5903         210 :     return false;
    5904             : }
    5905             : 
    5906             : /*
    5907             :  * Wait until shared recoveryPause flag is cleared.
    5908             :  *
    5909             :  * XXX Could also be done with shared latch, avoiding the pg_usleep loop.
    5910             :  * Probably not worth the trouble though.  This state shouldn't be one that
    5911             :  * anyone cares about server power consumption in.
    5912             :  */
    5913             : static void
    5914           0 : recoveryPausesHere(void)
    5915             : {
    5916             :     /* Don't pause unless users can connect! */
    5917           0 :     if (!LocalHotStandbyActive)
    5918           0 :         return;
    5919             : 
    5920           0 :     ereport(LOG,
    5921             :             (errmsg("recovery has paused"),
    5922             :              errhint("Execute pg_wal_replay_resume() to continue.")));
    5923             : 
    5924           0 :     while (RecoveryIsPaused())
    5925             :     {
    5926           0 :         pg_usleep(1000000L);    /* 1000 ms */
    5927           0 :         HandleStartupProcInterrupts();
    5928             :     }
    5929             : }
    5930             : 
    5931             : bool
    5932           0 : RecoveryIsPaused(void)
    5933             : {
    5934             :     bool        recoveryPause;
    5935             : 
    5936           0 :     SpinLockAcquire(&XLogCtl->info_lck);
    5937           0 :     recoveryPause = XLogCtl->recoveryPause;
    5938           0 :     SpinLockRelease(&XLogCtl->info_lck);
    5939             : 
    5940           0 :     return recoveryPause;
    5941             : }
    5942             : 
    5943             : void
    5944           0 : SetRecoveryPause(bool recoveryPause)
    5945             : {
    5946           0 :     SpinLockAcquire(&XLogCtl->info_lck);
    5947           0 :     XLogCtl->recoveryPause = recoveryPause;
    5948           0 :     SpinLockRelease(&XLogCtl->info_lck);
    5949           0 : }
    5950             : 
    5951             : /*
    5952             :  * When recovery_min_apply_delay is set, we wait long enough to make sure
    5953             :  * certain record types are applied at least that interval behind the master.
    5954             :  *
    5955             :  * Returns true if we waited.
    5956             :  *
    5957             :  * Note that the delay is calculated between the WAL record log time and
    5958             :  * the current time on standby. We would prefer to keep track of when this
    5959             :  * standby received each WAL record, which would allow a more consistent
    5960             :  * approach and one not affected by time synchronisation issues, but that
    5961             :  * is significantly more effort and complexity for little actual gain in
    5962             :  * usability.
    5963             :  */
    5964             : static bool
    5965      238472 : recoveryApplyDelay(XLogReaderState *record)
    5966             : {
    5967             :     uint8       xact_info;
    5968             :     TimestampTz xtime;
    5969             :     long        secs;
    5970             :     int         microsecs;
    5971             : 
    5972             :     /* nothing to do if no delay configured */
    5973      238472 :     if (recovery_min_apply_delay <= 0)
    5974      238472 :         return false;
    5975             : 
    5976             :     /* no delay is applied on a database not yet consistent */
    5977           0 :     if (!reachedConsistency)
    5978           0 :         return false;
    5979             : 
    5980             :     /* nothing to do if crash recovery is requested */
    5981           0 :     if (!ArchiveRecoveryRequested)
    5982           0 :         return false;
    5983             : 
    5984             :     /*
    5985             :      * Is it a COMMIT record?
    5986             :      *
    5987             :      * We deliberately choose not to delay aborts since they have no effect on
    5988             :      * MVCC. We already allow replay of records that don't have a timestamp,
    5989             :      * so there is already opportunity for issues caused by early conflicts on
    5990             :      * standbys.
    5991             :      */
    5992           0 :     if (XLogRecGetRmid(record) != RM_XACT_ID)
    5993           0 :         return false;
    5994             : 
    5995           0 :     xact_info = XLogRecGetInfo(record) & XLOG_XACT_OPMASK;
    5996             : 
    5997           0 :     if (xact_info != XLOG_XACT_COMMIT &&
    5998             :         xact_info != XLOG_XACT_COMMIT_PREPARED)
    5999           0 :         return false;
    6000             : 
    6001           0 :     if (!getRecordTimestamp(record, &xtime))
    6002           0 :         return false;
    6003             : 
    6004           0 :     recoveryDelayUntilTime =
    6005           0 :         TimestampTzPlusMilliseconds(xtime, recovery_min_apply_delay);
    6006             : 
    6007             :     /*
    6008             :      * Exit without arming the latch if it's already past time to apply this
    6009             :      * record
    6010             :      */
    6011           0 :     TimestampDifference(GetCurrentTimestamp(), recoveryDelayUntilTime,
    6012             :                         &secs, &microsecs);
    6013           0 :     if (secs <= 0 && microsecs <= 0)
    6014           0 :         return false;
    6015             : 
    6016             :     while (true)
    6017             :     {
    6018           0 :         ResetLatch(&XLogCtl->recoveryWakeupLatch);
    6019             : 
    6020             :         /* might change the trigger file's location */
    6021           0 :         HandleStartupProcInterrupts();
    6022             : 
    6023           0 :         if (CheckForStandbyTrigger())
    6024           0 :             break;
    6025             : 
    6026             :         /*
    6027             :          * Wait for difference between GetCurrentTimestamp() and
    6028             :          * recoveryDelayUntilTime
    6029             :          */
    6030           0 :         TimestampDifference(GetCurrentTimestamp(), recoveryDelayUntilTime,
    6031             :                             &secs, &microsecs);
    6032             : 
    6033             :         /*
    6034             :          * NB: We're ignoring waits below recovery_min_apply_delay's
    6035             :          * resolution.
    6036             :          */
    6037           0 :         if (secs <= 0 && microsecs / 1000 <= 0)
    6038           0 :             break;
    6039             : 
    6040           0 :         elog(DEBUG2, "recovery apply delay %ld seconds, %d milliseconds",
    6041             :              secs, microsecs / 1000);
    6042             : 
    6043           0 :         (void) WaitLatch(&XLogCtl->recoveryWakeupLatch,
    6044             :                          WL_LATCH_SET | WL_TIMEOUT | WL_EXIT_ON_PM_DEATH,
    6045           0 :                          secs * 1000L + microsecs / 1000,
    6046             :                          WAIT_EVENT_RECOVERY_APPLY_DELAY);
    6047             :     }
    6048           0 :     return true;
    6049             : }
    6050             : 
    6051             : /*
    6052             :  * Save timestamp of latest processed commit/abort record.
    6053             :  *
    6054             :  * We keep this in XLogCtl, not a simple static variable, so that it can be
    6055             :  * seen by processes other than the startup process.  Note in particular
    6056             :  * that CreateRestartPoint is executed in the checkpointer.
    6057             :  */
    6058             : static void
    6059         158 : SetLatestXTime(TimestampTz xtime)
    6060             : {
    6061         158 :     SpinLockAcquire(&XLogCtl->info_lck);
    6062         158 :     XLogCtl->recoveryLastXTime = xtime;
    6063         158 :     SpinLockRelease(&XLogCtl->info_lck);
    6064         158 : }
    6065             : 
    6066             : /*
    6067             :  * Fetch timestamp of latest processed commit/abort record.
    6068             :  */
    6069             : TimestampTz
    6070         102 : GetLatestXTime(void)
    6071             : {
    6072             :     TimestampTz xtime;
    6073             : 
    6074         102 :     SpinLockAcquire(&XLogCtl->info_lck);
    6075         102 :     xtime = XLogCtl->recoveryLastXTime;
    6076         102 :     SpinLockRelease(&XLogCtl->info_lck);
    6077             : 
    6078         102 :     return xtime;
    6079             : }
    6080             : 
    6081             : /*
    6082             :  * Save timestamp of the next chunk of WAL records to apply.
    6083             :  *
    6084             :  * We keep this in XLogCtl, not a simple static variable, so that it can be
    6085             :  * seen by all backends.
    6086             :  */
    6087             : static void
    6088         336 : SetCurrentChunkStartTime(TimestampTz xtime)
    6089             : {
    6090         336 :     SpinLockAcquire(&XLogCtl->info_lck);
    6091         336 :     XLogCtl->currentChunkStartTime = xtime;
    6092         336 :     SpinLockRelease(&XLogCtl->info_lck);
    6093         336 : }
    6094             : 
    6095             : /*
    6096             :  * Fetch timestamp of latest processed commit/abort record.
    6097             :  * Startup process maintains an accurate local copy in XLogReceiptTime
    6098             :  */
    6099             : TimestampTz
    6100           0 : GetCurrentChunkReplayStartTime(void)
    6101             : {
    6102             :     TimestampTz xtime;
    6103             : 
    6104           0 :     SpinLockAcquire(&XLogCtl->info_lck);
    6105           0 :     xtime = XLogCtl->currentChunkStartTime;
    6106           0 :     SpinLockRelease(&XLogCtl->info_lck);
    6107             : 
    6108           0 :     return xtime;
    6109             : }
    6110             : 
    6111             : /*
    6112             :  * Returns time of receipt of current chunk of XLOG data, as well as
    6113             :  * whether it was received from streaming replication or from archives.
    6114             :  */
    6115             : void
    6116           0 : GetXLogReceiptTime(TimestampTz *rtime, bool *fromStream)
    6117             : {
    6118             :     /*
    6119             :      * This must be executed in the startup process, since we don't export the
    6120             :      * relevant state to shared memory.
    6121             :      */
    6122             :     Assert(InRecovery);
    6123             : 
    6124           0 :     *rtime = XLogReceiptTime;
    6125           0 :     *fromStream = (XLogReceiptSource == XLOG_FROM_STREAM);
    6126           0 : }
    6127             : 
    6128             : /*
    6129             :  * Note that text field supplied is a parameter name and does not require
    6130             :  * translation
    6131             :  */
    6132             : #define RecoveryRequiresIntParameter(param_name, currValue, minValue) \
    6133             : do { \
    6134             :     if ((currValue) < (minValue)) \
    6135             :         ereport(ERROR, \
    6136             :                 (errcode(ERRCODE_INVALID_PARAMETER_VALUE), \
    6137             :                  errmsg("hot standby is not possible because " \
    6138             :                         "%s = %d is a lower setting than on the master server " \
    6139             :                         "(its value was %d)", \
    6140             :                         param_name, \
    6141             :                         currValue, \
    6142             :                         minValue))); \
    6143             : } while(0)
    6144             : 
    6145             : /*
    6146             :  * Check to see if required parameters are set high enough on this server
    6147             :  * for various aspects of recovery operation.
    6148             :  *
    6149             :  * Note that all the parameters which this function tests need to be
    6150             :  * listed in Administrator's Overview section in high-availability.sgml.
    6151             :  * If you change them, don't forget to update the list.
    6152             :  */
    6153             : static void
    6154         130 : CheckRequiredParameterValues(void)
    6155             : {
    6156             :     /*
    6157             :      * For archive recovery, the WAL must be generated with at least 'replica'
    6158             :      * wal_level.
    6159             :      */
    6160         130 :     if (ArchiveRecoveryRequested && ControlFile->wal_level == WAL_LEVEL_MINIMAL)
    6161             :     {
    6162           0 :         ereport(WARNING,
    6163             :                 (errmsg("WAL was generated with wal_level=minimal, data may be missing"),
    6164             :                  errhint("This happens if you temporarily set wal_level=minimal without taking a new base backup.")));
    6165             :     }
    6166             : 
    6167             :     /*
    6168             :      * For Hot Standby, the WAL must be generated with 'replica' mode, and we
    6169             :      * must have at least as many backend slots as the primary.
    6170             :      */
    6171         130 :     if (ArchiveRecoveryRequested && EnableHotStandby)
    6172             :     {
    6173          72 :         if (ControlFile->wal_level < WAL_LEVEL_REPLICA)
    6174           0 :             ereport(ERROR,
    6175             :                     (errmsg("hot standby is not possible because wal_level was not set to \"replica\" or higher on the master server"),
    6176             :                      errhint("Either set wal_level to \"replica\" on the master, or turn off hot_standby here.")));
    6177             : 
    6178             :         /* We ignore autovacuum_max_workers when we make this test. */
    6179          72 :         RecoveryRequiresIntParameter("max_connections",
    6180             :                                      MaxConnections,
    6181             :                                      ControlFile->MaxConnections);
    6182          72 :         RecoveryRequiresIntParameter("max_worker_processes",
    6183             :                                      max_worker_processes,
    6184             :                                      ControlFile->max_worker_processes);
    6185          72 :         RecoveryRequiresIntParameter("max_wal_senders",
    6186             :                                      max_wal_senders,
    6187             :                                      ControlFile->max_wal_senders);
    6188          72 :         RecoveryRequiresIntParameter("max_prepared_transactions",
    6189             :                                      max_prepared_xacts,
    6190             :                                      ControlFile->max_prepared_xacts);
    6191          72 :         RecoveryRequiresIntParameter("max_locks_per_transaction",
    6192             :                                      max_locks_per_xact,
    6193             :                                      ControlFile->max_locks_per_xact);
    6194             :     }
    6195         130 : }
    6196             : 
    6197             : /*
    6198             :  * This must be called ONCE during postmaster or standalone-backend startup
    6199             :  */
    6200             : void
    6201        1192 : StartupXLOG(void)
    6202             : {
    6203             :     XLogCtlInsert *Insert;
    6204             :     CheckPoint  checkPoint;
    6205             :     bool        wasShutdown;
    6206        1192 :     bool        reachedStopPoint = false;
    6207        1192 :     bool        haveBackupLabel = false;
    6208        1192 :     bool        haveTblspcMap = false;
    6209             :     XLogRecPtr  RecPtr,
    6210             :                 checkPointLoc,
    6211             :                 EndOfLog;
    6212             :     TimeLineID  EndOfLogTLI;
    6213             :     TimeLineID  PrevTimeLineID;
    6214             :     XLogRecord *record;
    6215             :     TransactionId oldestActiveXID;
    6216        1192 :     bool        backupEndRequired = false;
    6217        1192 :     bool        backupFromStandby = false;
    6218             :     DBState     dbstate_at_startup;
    6219             :     XLogReaderState *xlogreader;
    6220             :     XLogPageReadPrivate private;
    6221        1192 :     bool        fast_promoted = false;
    6222             :     struct stat st;
    6223             : 
    6224             :     /*
    6225             :      * We should have an aux process resource owner to use, and we should not
    6226             :      * be in a transaction that's installed some other resowner.
    6227             :      */
    6228             :     Assert(AuxProcessResourceOwner != NULL);
    6229             :     Assert(CurrentResourceOwner == NULL ||
    6230             :            CurrentResourceOwner == AuxProcessResourceOwner);
    6231        1192 :     CurrentResourceOwner = AuxProcessResourceOwner;
    6232             : 
    6233             :     /*
    6234             :      * Check that contents look valid.
    6235             :      */
    6236        1192 :     if (!XRecOffIsValid(ControlFile->checkPoint))
    6237           0 :         ereport(FATAL,
    6238             :                 (errmsg("control file contains invalid checkpoint location")));
    6239             : 
    6240        1192 :     switch (ControlFile->state)
    6241             :     {
    6242             :         case DB_SHUTDOWNED:
    6243             :             /* This is the expected case, so don't be chatty in standalone mode */
    6244        1080 :             ereport(IsPostmasterEnvironment ? LOG : NOTICE,
    6245             :                     (errmsg("database system was shut down at %s",
    6246             :                             str_time(ControlFile->time))));
    6247        1080 :             break;
    6248             : 
    6249             :         case DB_SHUTDOWNED_IN_RECOVERY:
    6250           6 :             ereport(LOG,
    6251             :                     (errmsg("database system was shut down in recovery at %s",
    6252             :                             str_time(ControlFile->time))));
    6253           6 :             break;
    6254             : 
    6255             :         case DB_SHUTDOWNING:
    6256           0 :             ereport(LOG,
    6257             :                     (errmsg("database system shutdown was interrupted; last known up at %s",
    6258             :                             str_time(ControlFile->time))));
    6259           0 :             break;
    6260             : 
    6261             :         case DB_IN_CRASH_RECOVERY:
    6262           0 :             ereport(LOG,
    6263             :                     (errmsg("database system was interrupted while in recovery at %s",
    6264             :                             str_time(ControlFile->time)),
    6265             :                      errhint("This probably means that some data is corrupted and"
    6266             :                              " you will have to use the last backup for recovery.")));
    6267           0 :             break;
    6268             : 
    6269             :         case DB_IN_ARCHIVE_RECOVERY:
    6270           4 :             ereport(LOG,
    6271             :                     (errmsg("database system was interrupted while in recovery at log time %s",
    6272             :                             str_time(ControlFile->checkPointCopy.time)),
    6273             :                      errhint("If this has occurred more than once some data might be corrupted"
    6274             :                              " and you might need to choose an earlier recovery target.")));
    6275           4 :             break;
    6276             : 
    6277             :         case DB_IN_PRODUCTION:
    6278         102 :             ereport(LOG,
    6279             :                     (errmsg("database system was interrupted; last known up at %s",
    6280             :                             str_time(ControlFile->time))));
    6281         102 :             break;
    6282             : 
    6283             :         default:
    6284           0 :             ereport(FATAL,
    6285             :                     (errmsg("control file contains invalid database cluster state")));
    6286             :     }
    6287             : 
    6288             :     /* This is just to allow attaching to startup process with a debugger */
    6289             : #ifdef XLOG_REPLAY_DELAY
    6290             :     if (ControlFile->state != DB_SHUTDOWNED)
    6291             :         pg_usleep(60000000L);
    6292             : #endif
    6293             : 
    6294             :     /*
    6295             :      * Verify that pg_wal and pg_wal/archive_status exist.  In cases where
    6296             :      * someone has performed a copy for PITR, these directories may have been
    6297             :      * excluded and need to be re-created.
    6298             :      */
    6299        1192 :     ValidateXLOGDirectoryStructure();
    6300             : 
    6301             :     /*----------
    6302             :      * If we previously crashed, perform a couple of actions:
    6303             :      *  - The pg_wal directory may still include some temporary WAL segments
    6304             :      * used when creating a new segment, so perform some clean up to not
    6305             :      * bloat this path.  This is done first as there is no point to sync this
    6306             :      * temporary data.
    6307             :      *  - There might be data which we had written, intending to fsync it,
    6308             :      * but which we had not actually fsync'd yet. Therefore, a power failure
    6309             :      * in the near future might cause earlier unflushed writes to be lost,
    6310             :      * even though more recent data written to disk from here on would be
    6311             :      * persisted.  To avoid that, fsync the entire data directory.
    6312             :      *---------
    6313             :      */
    6314        1304 :     if (ControlFile->state != DB_SHUTDOWNED &&
    6315         112 :         ControlFile->state != DB_SHUTDOWNED_IN_RECOVERY)
    6316             :     {
    6317         106 :         RemoveTempXlogFiles();
    6318         106 :         SyncDataDirectory();
    6319             :     }
    6320             : 
    6321             :     /*
    6322             :      * Initialize on the assumption we want to recover to the latest timeline
    6323             :      * that's active according to pg_control.
    6324             :      */
    6325        2384 :     if (ControlFile->minRecoveryPointTLI >
    6326        1192 :         ControlFile->checkPointCopy.ThisTimeLineID)
    6327           2 :         recoveryTargetTLI = ControlFile->minRecoveryPointTLI;
    6328             :     else
    6329        1190 :         recoveryTargetTLI = ControlFile->checkPointCopy.ThisTimeLineID;
    6330             : 
    6331             :     /*
    6332             :      * Check for signal files, and if so set up state for offline recovery
    6333             :      */
    6334        1192 :     readRecoverySignalFile();
    6335        1192 :     validateRecoveryParameters();
    6336             : 
    6337        1192 :     if (ArchiveRecoveryRequested)
    6338             :     {
    6339          68 :         if (StandbyModeRequested)
    6340          68 :             ereport(LOG,
    6341             :                     (errmsg("entering standby mode")));
    6342           0 :         else if (recoveryTarget == RECOVERY_TARGET_XID)
    6343           0 :             ereport(LOG,
    6344             :                     (errmsg("starting point-in-time recovery to XID %u",
    6345             :                             recoveryTargetXid)));
    6346           0 :         else if (recoveryTarget == RECOVERY_TARGET_TIME)
    6347           0 :             ereport(LOG,
    6348             :                     (errmsg("starting point-in-time recovery to %s",
    6349             :                             timestamptz_to_str(recoveryTargetTime))));
    6350           0 :         else if (recoveryTarget == RECOVERY_TARGET_NAME)
    6351           0 :             ereport(LOG,
    6352             :                     (errmsg("starting point-in-time recovery to \"%s\"",
    6353             :                             recoveryTargetName)));
    6354           0 :         else if (recoveryTarget == RECOVERY_TARGET_LSN)
    6355           0 :             ereport(LOG,
    6356             :                     (errmsg("starting point-in-time recovery to WAL location (LSN) \"%X/%X\"",
    6357             :                             (uint32) (recoveryTargetLSN >> 32),
    6358             :                             (uint32) recoveryTargetLSN)));
    6359           0 :         else if (recoveryTarget == RECOVERY_TARGET_IMMEDIATE)
    6360           0 :             ereport(LOG,
    6361             :                     (errmsg("starting point-in-time recovery to earliest consistent point")));
    6362             :         else
    6363           0 :             ereport(LOG,
    6364             :                     (errmsg("starting archive recovery")));
    6365             :     }
    6366             : 
    6367             :     /*
    6368             :      * Take ownership of the wakeup latch if we're going to sleep during
    6369             :      * recovery.
    6370             :      */
    6371        1192 :     if (ArchiveRecoveryRequested)
    6372          68 :         OwnLatch(&XLogCtl->recoveryWakeupLatch);
    6373             : 
    6374             :     /* Set up XLOG reader facility */
    6375        1192 :     MemSet(&private, 0, sizeof(XLogPageReadPrivate));
    6376        1192 :     xlogreader = XLogReaderAllocate(wal_segment_size, NULL,
    6377             :                                     &XLogPageRead, &private);
    6378        1192 :     if (!xlogreader)
    6379           0 :         ereport(ERROR,
    6380             :                 (errcode(ERRCODE_OUT_OF_MEMORY),
    6381             :                  errmsg("out of memory"),
    6382             :                  errdetail("Failed while allocating a WAL reading processor.")));
    6383        1192 :     xlogreader->system_identifier = ControlFile->system_identifier;
    6384             : 
    6385             :     /*
    6386             :      * Allocate two page buffers dedicated to WAL consistency checks.  We do
    6387             :      * it this way, rather than just making static arrays, for two reasons:
    6388             :      * (1) no need to waste the storage in most instantiations of the backend;
    6389             :      * (2) a static char array isn't guaranteed to have any particular
    6390             :      * alignment, whereas palloc() will provide MAXALIGN'd storage.
    6391             :      */
    6392        1192 :     replay_image_masked = (char *) palloc(BLCKSZ);
    6393        1192 :     master_image_masked = (char *) palloc(BLCKSZ);
    6394             : 
    6395        1192 :     if (read_backup_label(&checkPointLoc, &backupEndRequired,
    6396             :                           &backupFromStandby))
    6397             :     {
    6398          54 :         List       *tablespaces = NIL;
    6399             : 
    6400             :         /*
    6401             :          * Archive recovery was requested, and thanks to the backup label
    6402             :          * file, we know how far we need to replay to reach consistency. Enter
    6403             :          * archive recovery directly.
    6404             :          */
    6405          54 :         InArchiveRecovery = true;
    6406          54 :         if (StandbyModeRequested)
    6407          54 :             StandbyMode = true;
    6408             : 
    6409             :         /*
    6410             :          * When a backup_label file is present, we want to roll forward from
    6411             :          * the checkpoint it identifies, rather than using pg_control.
    6412             :          */
    6413          54 :         record = ReadCheckpointRecord(xlogreader, checkPointLoc, 0, true);
    6414          54 :         if (record != NULL)
    6415             :         {
    6416          54 :             memcpy(&checkPoint, XLogRecGetData(xlogreader), sizeof(CheckPoint));
    6417          54 :             wasShutdown = ((record->xl_info & ~XLR_INFO_MASK) == XLOG_CHECKPOINT_SHUTDOWN);
    6418          54 :             ereport(DEBUG1,
    6419             :                     (errmsg("checkpoint record is at %X/%X",
    6420             :                             (uint32) (checkPointLoc >> 32), (uint32) checkPointLoc)));
    6421          54 :             InRecovery = true;  /* force recovery even if SHUTDOWNED */
    6422             : 
    6423             :             /*
    6424             :              * Make sure that REDO location exists. This may not be the case
    6425             :              * if there was a crash during an online backup, which left a
    6426             :              * backup_label around that references a WAL segment that's
    6427             :              * already been archived.
    6428             :              */
    6429          54 :             if (checkPoint.redo < checkPointLoc)
    6430             :             {
    6431          54 :                 if (!ReadRecord(xlogreader, checkPoint.redo, LOG, false))
    6432           0 :                     ereport(FATAL,
    6433             :                             (errmsg("could not find redo location referenced by checkpoint record"),
    6434             :                              errhint("If you are restoring from a backup, touch \"%s/recovery.signal\" and add required recovery options.\n"
    6435             :                                      "If you are not restoring from a backup, try removing the file \"%s/backup_label\".\n"
    6436             :                                      "Be careful: removing \"%s/backup_label\" will result in a corrupt cluster if restoring from a backup.",
    6437             :                                      DataDir, DataDir, DataDir)));
    6438             :             }
    6439             :         }
    6440             :         else
    6441             :         {
    6442           0 :             ereport(FATAL,
    6443             :                     (errmsg("could not locate required checkpoint record"),
    6444             :                      errhint("If you are restoring from a backup, touch \"%s/recovery.signal\" and add required recovery options.\n"
    6445             :                              "If you are not restoring from a backup, try removing the file \"%s/backup_label\".\n"
    6446             :                              "Be careful: removing \"%s/backup_label\" will result in a corrupt cluster if restoring from a backup.",
    6447             :                              DataDir, DataDir, DataDir)));
    6448             :             wasShutdown = false;    /* keep compiler quiet */
    6449             :         }
    6450             : 
    6451             :         /* read the tablespace_map file if present and create symlinks. */
    6452          54 :         if (read_tablespace_map(&tablespaces))
    6453             :         {
    6454             :             ListCell   *lc;
    6455             : 
    6456           0 :             foreach(lc, tablespaces)
    6457             :             {
    6458           0 :                 tablespaceinfo *ti = lfirst(lc);
    6459             :                 char       *linkloc;
    6460             : 
    6461           0 :                 linkloc = psprintf("pg_tblspc/%s", ti->oid);
    6462             : 
    6463             :                 /*
    6464             :                  * Remove the existing symlink if any and Create the symlink
    6465             :                  * under PGDATA.
    6466             :                  */
    6467           0 :                 remove_tablespace_symlink(linkloc);
    6468             : 
    6469           0 :                 if (symlink(ti->path, linkloc) < 0)
    6470           0 :                     ereport(ERROR,
    6471             :                             (errcode_for_file_access(),
    6472             :                              errmsg("could not create symbolic link \"%s\": %m",
    6473             :                                     linkloc)));
    6474             : 
    6475           0 :                 pfree(ti->oid);
    6476           0 :                 pfree(ti->path);
    6477           0 :                 pfree(ti);
    6478             :             }
    6479             : 
    6480             :             /* set flag to delete it later */
    6481           0 :             haveTblspcMap = true;
    6482             :         }
    6483             : 
    6484             :         /* set flag to delete it later */
    6485          54 :         haveBackupLabel = true;
    6486             :     }
    6487             :     else
    6488             :     {
    6489             :         /*
    6490             :          * If tablespace_map file is present without backup_label file, there
    6491             :          * is no use of such file.  There is no harm in retaining it, but it
    6492             :          * is better to get rid of the map file so that we don't have any
    6493             :          * redundant file in data directory and it will avoid any sort of
    6494             :          * confusion.  It seems prudent though to just rename the file out of
    6495             :          * the way rather than delete it completely, also we ignore any error
    6496             :          * that occurs in rename operation as even if map file is present
    6497             :          * without backup_label file, it is harmless.
    6498             :          */
    6499        1138 :         if (stat(TABLESPACE_MAP, &st) == 0)
    6500             :         {
    6501           0 :             unlink(TABLESPACE_MAP_OLD);
    6502           0 :             if (durable_rename(TABLESPACE_MAP, TABLESPACE_MAP_OLD, DEBUG1) == 0)
    6503           0 :                 ereport(LOG,
    6504             :                         (errmsg("ignoring file \"%s\" because no file \"%s\" exists",
    6505             :                                 TABLESPACE_MAP, BACKUP_LABEL_FILE),
    6506             :                          errdetail("File \"%s\" was renamed to \"%s\".",
    6507             :                                    TABLESPACE_MAP, TABLESPACE_MAP_OLD)));
    6508             :             else
    6509           0 :                 ereport(LOG,
    6510             :                         (errmsg("ignoring file \"%s\" because no file \"%s\" exists",
    6511             :                                 TABLESPACE_MAP, BACKUP_LABEL_FILE),
    6512             :                          errdetail("Could not rename file \"%s\" to \"%s\": %m.",
    6513             :                                    TABLESPACE_MAP, TABLESPACE_MAP_OLD)));
    6514             :         }
    6515             : 
    6516             :         /*
    6517             :          * It's possible that archive recovery was requested, but we don't
    6518             :          * know how far we need to replay the WAL before we reach consistency.
    6519             :          * This can happen for example if a base backup is taken from a
    6520             :          * running server using an atomic filesystem snapshot, without calling
    6521             :          * pg_start/stop_backup. Or if you just kill a running master server
    6522             :          * and put it into archive recovery by creating a recovery signal
    6523             :          * file.
    6524             :          *
    6525             :          * Our strategy in that case is to perform crash recovery first,
    6526             :          * replaying all the WAL present in pg_wal, and only enter archive
    6527             :          * recovery after that.
    6528             :          *
    6529             :          * But usually we already know how far we need to replay the WAL (up
    6530             :          * to minRecoveryPoint, up to backupEndPoint, or until we see an
    6531             :          * end-of-backup record), and we can enter archive recovery directly.
    6532             :          */
    6533        1152 :         if (ArchiveRecoveryRequested &&
    6534          20 :             (ControlFile->minRecoveryPoint != InvalidXLogRecPtr ||
    6535          12 :              ControlFile->backupEndRequired ||
    6536          12 :              ControlFile->backupEndPoint != InvalidXLogRecPtr ||
    6537           6 :              ControlFile->state == DB_SHUTDOWNED))
    6538             :         {
    6539          12 :             InArchiveRecovery = true;
    6540          12 :             if (StandbyModeRequested)
    6541          12 :                 StandbyMode = true;
    6542             :         }
    6543             : 
    6544             :         /* Get the last valid checkpoint record. */
    6545        1138 :         checkPointLoc = ControlFile->checkPoint;
    6546        1138 :         RedoStartLSN = ControlFile->checkPointCopy.redo;
    6547        1138 :         record = ReadCheckpointRecord(xlogreader, checkPointLoc, 1, true);
    6548        1138 :         if (record != NULL)
    6549             :         {
    6550        1138 :             ereport(DEBUG1,
    6551             :                     (errmsg("checkpoint record is at %X/%X",
    6552             :                             (uint32) (checkPointLoc >> 32), (uint32) checkPointLoc)));
    6553             :         }
    6554             :         else
    6555             :         {
    6556             :             /*
    6557             :              * We used to attempt to go back to a secondary checkpoint record
    6558             :              * here, but only when not in standby mode. We now just fail if we
    6559             :              * can't read the last checkpoint because this allows us to
    6560             :              * simplify processing around checkpoints.
    6561             :              */
    6562           0 :             ereport(PANIC,
    6563             :                     (errmsg("could not locate a valid checkpoint record")));
    6564             :         }
    6565        1138 :         memcpy(&checkPoint, XLogRecGetData(xlogreader), sizeof(CheckPoint));
    6566        1138 :         wasShutdown = ((record->xl_info & ~XLR_INFO_MASK) == XLOG_CHECKPOINT_SHUTDOWN);
    6567             :     }
    6568             : 
    6569             :     /*
    6570             :      * Clear out any old relcache cache files.  This is *necessary* if we do
    6571             :      * any WAL replay, since that would probably result in the cache files
    6572             :      * being out of sync with database reality.  In theory we could leave them
    6573             :      * in place if the database had been cleanly shut down, but it seems
    6574             :      * safest to just remove them always and let them be rebuilt during the
    6575             :      * first backend startup.  These files needs to be removed from all
    6576             :      * directories including pg_tblspc, however the symlinks are created only
    6577             :      * after reading tablespace_map file in case of archive recovery from
    6578             :      * backup, so needs to clear old relcache files here after creating
    6579             :      * symlinks.
    6580             :      */
    6581        1192 :     RelationCacheInitFileRemove();
    6582             : 
    6583             :     /*
    6584             :      * If the location of the checkpoint record is not on the expected
    6585             :      * timeline in the history of the requested timeline, we cannot proceed:
    6586             :      * the backup is not part of the history of the requested timeline.
    6587             :      */
    6588             :     Assert(expectedTLEs);       /* was initialized by reading checkpoint
    6589             :                                  * record */
    6590        2384 :     if (tliOfPointInHistory(checkPointLoc, expectedTLEs) !=
    6591        1192 :         checkPoint.ThisTimeLineID)
    6592             :     {
    6593             :         XLogRecPtr  switchpoint;
    6594             : 
    6595             :         /*
    6596             :          * tliSwitchPoint will throw an error if the checkpoint's timeline is
    6597             :          * not in expectedTLEs at all.
    6598             :          */
    6599           0 :         switchpoint = tliSwitchPoint(ControlFile->checkPointCopy.ThisTimeLineID, expectedTLEs, NULL);
    6600           0 :         ereport(FATAL,
    6601             :                 (errmsg("requested timeline %u is not a child of this server's history",
    6602             :                         recoveryTargetTLI),
    6603             :                  errdetail("Latest checkpoint is at %X/%X on timeline %u, but in the history of the requested timeline, the server forked off from that timeline at %X/%X.",
    6604             :                            (uint32) (ControlFile->checkPoint >> 32),
    6605             :                            (uint32) ControlFile->checkPoint,
    6606             :                            ControlFile->checkPointCopy.ThisTimeLineID,
    6607             :                            (uint32) (switchpoint >> 32),
    6608             :                            (uint32) switchpoint)));
    6609             :     }
    6610             : 
    6611             :     /*
    6612             :      * The min recovery point should be part of the requested timeline's
    6613             :      * history, too.
    6614             :      */
    6615        1204 :     if (!XLogRecPtrIsInvalid(ControlFile->minRecoveryPoint) &&
    6616          12 :         tliOfPointInHistory(ControlFile->minRecoveryPoint - 1, expectedTLEs) !=
    6617          12 :         ControlFile->minRecoveryPointTLI)
    6618           0 :         ereport(FATAL,
    6619             :                 (errmsg("requested timeline %u does not contain minimum recovery point %X/%X on timeline %u",
    6620             :                         recoveryTargetTLI,
    6621             :                         (uint32) (ControlFile->minRecoveryPoint >> 32),
    6622             :                         (uint32) ControlFile->minRecoveryPoint,
    6623             :                         ControlFile->minRecoveryPointTLI)));
    6624             : 
    6625        1192 :     LastRec = RecPtr = checkPointLoc;
    6626             : 
    6627        1192 :     ereport(DEBUG1,
    6628             :             (errmsg_internal("redo record is at %X/%X; shutdown %s",
    6629             :                              (uint32) (checkPoint.redo >> 32), (uint32) checkPoint.redo,
    6630             :                              wasShutdown ? "true" : "false")));
    6631        1192 :     ereport(DEBUG1,
    6632             :             (errmsg_internal("next transaction ID: " UINT64_FORMAT "; next OID: %u",
    6633             :                              U64FromFullTransactionId(checkPoint.nextFullXid),
    6634             :                              checkPoint.nextOid)));
    6635        1192 :     ereport(DEBUG1,
    6636             :             (errmsg_internal("next MultiXactId: %u; next MultiXactOffset: %u",
    6637             :                              checkPoint.nextMulti, checkPoint.nextMultiOffset)));
    6638        1192 :     ereport(DEBUG1,
    6639             :             (errmsg_internal("oldest unfrozen transaction ID: %u, in database %u",
    6640             :                              checkPoint.oldestXid, checkPoint.oldestXidDB)));
    6641        1192 :     ereport(DEBUG1,
    6642             :             (errmsg_internal("oldest MultiXactId: %u, in database %u",
    6643             :                              checkPoint.oldestMulti, checkPoint.oldestMultiDB)));
    6644        1192 :     ereport(DEBUG1,
    6645             :             (errmsg_internal("commit timestamp Xid oldest/newest: %u/%u",
    6646             :                              checkPoint.oldestCommitTsXid,
    6647             :                              checkPoint.newestCommitTsXid)));
    6648        1192 :     if (!TransactionIdIsNormal(XidFromFullTransactionId(checkPoint.nextFullXid)))
    6649           0 :         ereport(PANIC,
    6650             :                 (errmsg("invalid next transaction ID")));
    6651             : 
    6652             :     /* initialize shared memory variables from the checkpoint record */
    6653        1192 :     ShmemVariableCache->nextFullXid = checkPoint.nextFullXid;
    6654        1192 :     ShmemVariableCache->nextOid = checkPoint.nextOid;
    6655        1192 :     ShmemVariableCache->oidCount = 0;
    6656        1192 :     MultiXactSetNextMXact(checkPoint.nextMulti, checkPoint.nextMultiOffset);
    6657        1192 :     AdvanceOldestClogXid(checkPoint.oldestXid);
    6658        1192 :     SetTransactionIdLimit(checkPoint.oldestXid, checkPoint.oldestXidDB);
    6659        1192 :     SetMultiXactIdLimit(checkPoint.oldestMulti, checkPoint.oldestMultiDB, true);
    6660        1192 :     SetCommitTsLimit(checkPoint.oldestCommitTsXid,
    6661             :                      checkPoint.newestCommitTsXid);
    6662        1192 :     XLogCtl->ckptFullXid = checkPoint.nextFullXid;
    6663             : 
    6664             :     /*
    6665             :      * Initialize replication slots, before there's a chance to remove
    6666             :      * required resources.
    6667             :      */
    6668        1192 :     StartupReplicationSlots();
    6669             : 
    6670             :     /*
    6671             :      * Startup logical state, needs to be setup now so we have proper data
    6672             :      * during crash recovery.
    6673             :      */
    6674        1192 :     StartupReorderBuffer();
    6675             : 
    6676             :     /*
    6677             :      * Startup MultiXact. We need to do this early to be able to replay
    6678             :      * truncations.
    6679             :      */
    6680        1192 :     StartupMultiXact();
    6681             : 
    6682             :     /*
    6683             :      * Ditto for commit timestamps.  Activate the facility if the setting is
    6684             :      * enabled in the control file, as there should be no tracking of commit
    6685             :      * timestamps done when the setting was disabled.  This facility can be
    6686             :      * started or stopped when replaying a XLOG_PARAMETER_CHANGE record.
    6687             :      */
    6688        1192 :     if (ControlFile->track_commit_timestamp)
    6689          16 :         StartupCommitTs();
    6690             : 
    6691             :     /*
    6692             :      * Recover knowledge about replay progress of known replication partners.
    6693             :      */
    6694        1192 :     StartupReplicationOrigin();
    6695             : 
    6696             :     /*
    6697             :      * Initialize unlogged LSN. On a clean shutdown, it's restored from the
    6698             :      * control file. On recovery, all unlogged relations are blown away, so
    6699             :      * the unlogged LSN counter can be reset too.
    6700             :      */
    6701        1192 :     if (ControlFile->state == DB_SHUTDOWNED)
    6702        1080 :         XLogCtl->unloggedLSN = ControlFile->unloggedLSN;
    6703             :     else
    6704         112 :         XLogCtl->unloggedLSN = FirstNormalUnloggedLSN;
    6705             : 
    6706             :     /*
    6707             :      * We must replay WAL entries using the same TimeLineID they were created
    6708             :      * under, so temporarily adopt the TLI indicated by the checkpoint (see
    6709             :      * also xlog_redo()).
    6710             :      */
    6711        1192 :     ThisTimeLineID = checkPoint.ThisTimeLineID;
    6712             : 
    6713             :     /*
    6714             :      * Copy any missing timeline history files between 'now' and the recovery
    6715             :      * target timeline from archive to pg_wal. While we don't need those files
    6716             :      * ourselves - the history file of the recovery target timeline covers all
    6717             :      * the previous timelines in the history too - a cascading standby server
    6718             :      * might be interested in them. Or, if you archive the WAL from this
    6719             :      * server to a different archive than the master, it'd be good for all the
    6720             :      * history files to get archived there after failover, so that you can use
    6721             :      * one of the old timelines as a PITR target. Timeline history files are
    6722             :      * small, so it's better to copy them unnecessarily than not copy them and
    6723             :      * regret later.
    6724             :      */
    6725        1192 :     restoreTimeLineHistoryFiles(ThisTimeLineID, recoveryTargetTLI);
    6726             : 
    6727             :     /*
    6728             :      * Before running in recovery, scan pg_twophase and fill in its status to
    6729             :      * be able to work on entries generated by redo.  Doing a scan before
    6730             :      * taking any recovery action has the merit to discard any 2PC files that
    6731             :      * are newer than the first record to replay, saving from any conflicts at
    6732             :      * replay.  This avoids as well any subsequent scans when doing recovery
    6733             :      * of the on-disk two-phase data.
    6734             :      */
    6735        1192 :     restoreTwoPhaseData();
    6736             : 
    6737        1192 :     lastFullPageWrites = checkPoint.fullPageWrites;
    6738             : 
    6739        1192 :     RedoRecPtr = XLogCtl->RedoRecPtr = XLogCtl->Insert.RedoRecPtr = checkPoint.redo;
    6740        1192 :     doPageWrites = lastFullPageWrites;
    6741             : 
    6742        1192 :     if (RecPtr < checkPoint.redo)
    6743           0 :         ereport(PANIC,
    6744             :                 (errmsg("invalid redo in checkpoint record")));
    6745             : 
    6746             :     /*
    6747             :      * Check whether we need to force recovery from WAL.  If it appears to
    6748             :      * have been a clean shutdown and we did not have a recovery signal file,
    6749             :      * then assume no recovery needed.
    6750             :      */
    6751        1192 :     if (checkPoint.redo < RecPtr)
    6752             :     {
    6753          82 :         if (wasShutdown)
    6754           0 :             ereport(PANIC,
    6755             :                     (errmsg("invalid redo record in shutdown checkpoint")));
    6756          82 :         InRecovery = true;
    6757             :     }
    6758        1110 :     else if (ControlFile->state != DB_SHUTDOWNED)
    6759          30 :         InRecovery = true;
    6760        1080 :     else if (ArchiveRecoveryRequested)
    6761             :     {
    6762             :         /* force recovery due to presence of recovery signal file */
    6763           4 :         InRecovery = true;
    6764             :     }
    6765             : 
    6766             :     /* REDO */
    6767        1192 :     if (InRecovery)
    6768             :     {
    6769             :         int         rmid;
    6770             : 
    6771             :         /*
    6772             :          * Update pg_control to show that we are recovering and to show the
    6773             :          * selected checkpoint as the place we are starting from. We also mark
    6774             :          * pg_control with any minimum recovery stop point obtained from a
    6775             :          * backup history file.
    6776             :          */
    6777         116 :         dbstate_at_startup = ControlFile->state;
    6778         116 :         if (InArchiveRecovery)
    6779          66 :             ControlFile->state = DB_IN_ARCHIVE_RECOVERY;
    6780             :         else
    6781             :         {
    6782          50 :             ereport(LOG,
    6783             :                     (errmsg("database system was not properly shut down; "
    6784             :                             "automatic recovery in progress")));
    6785          50 :             if (recoveryTargetTLI > ControlFile->checkPointCopy.ThisTimeLineID)
    6786           2 :                 ereport(LOG,
    6787             :                         (errmsg("crash recovery starts in timeline %u "
    6788             :                                 "and has target timeline %u",
    6789             :                                 ControlFile->checkPointCopy.ThisTimeLineID,
    6790             :                                 recoveryTargetTLI)));
    6791          50 :             ControlFile->state = DB_IN_CRASH_RECOVERY;
    6792             :         }
    6793         116 :         ControlFile->checkPoint = checkPointLoc;
    6794         116 :         ControlFile->checkPointCopy = checkPoint;
    6795         116 :         if (InArchiveRecovery)
    6796             :         {
    6797             :             /* initialize minRecoveryPoint if not set yet */
    6798          66 :             if (ControlFile->minRecoveryPoint < checkPoint.redo)
    6799             :             {
    6800          56 :                 ControlFile->minRecoveryPoint = checkPoint.redo;
    6801          56 :                 ControlFile->minRecoveryPointTLI = checkPoint.ThisTimeLineID;
    6802             :             }
    6803             :         }
    6804             : 
    6805             :         /*
    6806             :          * Set backupStartPoint if we're starting recovery from a base backup.
    6807             :          *
    6808             :          * Also set backupEndPoint and use minRecoveryPoint as the backup end
    6809             :          * location if we're starting recovery from a base backup which was
    6810             :          * taken from a standby. In this case, the database system status in
    6811             :          * pg_control must indicate that the database was already in recovery.
    6812             :          * Usually that will be DB_IN_ARCHIVE_RECOVERY but also can be
    6813             :          * DB_SHUTDOWNED_IN_RECOVERY if recovery previously was interrupted
    6814             :          * before reaching this point; e.g. because restore_command or
    6815             :          * primary_conninfo were faulty.
    6816             :          *
    6817             :          * Any other state indicates that the backup somehow became corrupted
    6818             :          * and we can't sensibly continue with recovery.
    6819             :          */
    6820         116 :         if (haveBackupLabel)
    6821             :         {
    6822          54 :             ControlFile->backupStartPoint = checkPoint.redo;
    6823          54 :             ControlFile->backupEndRequired = backupEndRequired;
    6824             : 
    6825          54 :             if (backupFromStandby)
    6826             :             {
    6827           2 :                 if (dbstate_at_startup != DB_IN_ARCHIVE_RECOVERY &&
    6828             :                     dbstate_at_startup != DB_SHUTDOWNED_IN_RECOVERY)
    6829           0 :                     ereport(FATAL,
    6830             :                             (errmsg("backup_label contains data inconsistent with control file"),
    6831             :                              errhint("This means that the backup is corrupted and you will "
    6832             :                                      "have to use another backup for recovery.")));
    6833           2 :                 ControlFile->backupEndPoint = ControlFile->minRecoveryPoint;
    6834             :             }
    6835             :         }
    6836         116 :         ControlFile->time = (pg_time_t) time(NULL);
    6837             :         /* No need to hold ControlFileLock yet, we aren't up far enough */
    6838         116 :         UpdateControlFile();
    6839             : 
    6840             :         /*
    6841             :          * Initialize our local copy of minRecoveryPoint.  When doing crash
    6842             :          * recovery we want to replay up to the end of WAL.  Particularly, in
    6843             :          * the case of a promoted standby minRecoveryPoint value in the
    6844             :          * control file is only updated after the first checkpoint.  However,
    6845             :          * if the instance crashes before the first post-recovery checkpoint
    6846             :          * is completed then recovery will use a stale location causing the
    6847             :          * startup process to think that there are still invalid page
    6848             :          * references when checking for data consistency.
    6849             :          */
    6850         116 :         if (InArchiveRecovery)
    6851             :         {
    6852          66 :             minRecoveryPoint = ControlFile->minRecoveryPoint;
    6853          66 :             minRecoveryPointTLI = ControlFile->minRecoveryPointTLI;
    6854             :         }
    6855             :         else
    6856             :         {
    6857          50 :             minRecoveryPoint = InvalidXLogRecPtr;
    6858          50 :             minRecoveryPointTLI = 0;
    6859             :         }
    6860             : 
    6861             :         /*
    6862             :          * Reset pgstat data, because it may be invalid after recovery.
    6863             :          */
    6864         116 :         pgstat_reset_all();
    6865             : 
    6866             :         /*
    6867             :          * If there was a backup label file, it's done its job and the info
    6868             :          * has now been propagated into pg_control.  We must get rid of the
    6869             :          * label file so that if we crash during recovery, we'll pick up at
    6870             :          * the latest recovery restartpoint instead of going all the way back
    6871             :          * to the backup start point.  It seems prudent though to just rename
    6872             :          * the file out of the way rather than delete it completely.
    6873             :          */
    6874         116 :         if (haveBackupLabel)
    6875             :         {
    6876          54 :             unlink(BACKUP_LABEL_OLD);
    6877          54 :             durable_rename(BACKUP_LABEL_FILE, BACKUP_LABEL_OLD, FATAL);
    6878             :         }
    6879             : 
    6880             :         /*
    6881             :          * If there was a tablespace_map file, it's done its job and the
    6882             :          * symlinks have been created.  We must get rid of the map file so
    6883             :          * that if we crash during recovery, we don't create symlinks again.
    6884             :          * It seems prudent though to just rename the file out of the way
    6885             :          * rather than delete it completely.
    6886             :          */
    6887         116 :         if (haveTblspcMap)
    6888             :         {
    6889           0 :             unlink(TABLESPACE_MAP_OLD);
    6890           0 :             durable_rename(TABLESPACE_MAP, TABLESPACE_MAP_OLD, FATAL);
    6891             :         }
    6892             : 
    6893             :         /* Check that the GUCs used to generate the WAL allow recovery */
    6894         116 :         CheckRequiredParameterValues();
    6895             : 
    6896             :         /*
    6897             :          * We're in recovery, so unlogged relations may be trashed and must be
    6898             :          * reset.  This should be done BEFORE allowing Hot Standby
    6899             :          * connections, so that read-only backends don't try to read whatever
    6900             :          * garbage is left over from before.
    6901             :          */
    6902         116 :         ResetUnloggedRelations(UNLOGGED_RELATION_CLEANUP);
    6903             : 
    6904             :         /*
    6905             :          * Likewise, delete any saved transaction snapshot files that got left
    6906             :          * behind by crashed backends.
    6907             :          */
    6908         116 :         DeleteAllExportedSnapshotFiles();
    6909             : 
    6910             :         /*
    6911             :          * Initialize for Hot Standby, if enabled. We won't let backends in
    6912             :          * yet, not until we've reached the min recovery point specified in
    6913             :          * control file and we've established a recovery snapshot from a
    6914             :          * running-xacts WAL record.
    6915             :          */
    6916         116 :         if (ArchiveRecoveryRequested && EnableHotStandby)
    6917             :         {
    6918             :             TransactionId *xids;
    6919             :             int         nxids;
    6920             : 
    6921          68 :             ereport(DEBUG1,
    6922             :                     (errmsg("initializing for hot standby")));
    6923             : 
    6924          68 :             InitRecoveryTransactionEnvironment();
    6925             : 
    6926          68 :             if (wasShutdown)
    6927          10 :                 oldestActiveXID = PrescanPreparedTransactions(&xids, &nxids);
    6928             :             else
    6929          58 :                 oldestActiveXID = checkPoint.oldestActiveXid;
    6930             :             Assert(TransactionIdIsValid(oldestActiveXID));
    6931             : 
    6932             :             /* Tell procarray about the range of xids it has to deal with */
    6933          68 :             ProcArrayInitRecovery(XidFromFullTransactionId(ShmemVariableCache->nextFullXid));
    6934             : 
    6935             :             /*
    6936             :              * Startup commit log and subtrans only.  MultiXact and commit
    6937             :              * timestamp have already been started up and other SLRUs are not
    6938             :              * maintained during recovery and need not be started yet.
    6939             :              */
    6940          68 :             StartupCLOG();
    6941          68 :             StartupSUBTRANS(oldestActiveXID);
    6942             : 
    6943             :             /*
    6944             :              * If we're beginning at a shutdown checkpoint, we know that
    6945             :              * nothing was running on the master at this point. So fake-up an
    6946             :              * empty running-xacts record and use that here and now. Recover
    6947             :              * additional standby state for prepared transactions.
    6948             :              */
    6949          68 :             if (wasShutdown)
    6950             :             {
    6951             :                 RunningTransactionsData running;
    6952             :                 TransactionId latestCompletedXid;
    6953             : 
    6954             :                 /*
    6955             :                  * Construct a RunningTransactions snapshot representing a
    6956             :                  * shut down server, with only prepared transactions still
    6957             :                  * alive. We're never overflowed at this point because all
    6958             :                  * subxids are listed with their parent prepared transactions.
    6959             :                  */
    6960          10 :                 running.xcnt = nxids;
    6961          10 :                 running.subxcnt = 0;
    6962          10 :                 running.subxid_overflow = false;
    6963          10 :                 running.nextXid = XidFromFullTransactionId(checkPoint.nextFullXid);
    6964          10 :                 running.oldestRunningXid = oldestActiveXID;
    6965          10 :                 latestCompletedXid = XidFromFullTransactionId(checkPoint.nextFullXid);
    6966          10 :                 TransactionIdRetreat(latestCompletedXid);
    6967             :                 Assert(TransactionIdIsNormal(latestCompletedXid));
    6968          10 :                 running.latestCompletedXid = latestCompletedXid;
    6969          10 :                 running.xids = xids;
    6970             : 
    6971          10 :                 ProcArrayApplyRecoveryInfo(&running);
    6972             : 
    6973          10 :                 StandbyRecoverPreparedTransactions();
    6974             :             }
    6975             :         }
    6976             : 
    6977             :         /* Initialize resource managers */
    6978        2668 :         for (rmid = 0; rmid <= RM_MAX_ID; rmid++)
    6979             :         {
    6980        2552 :             if (RmgrTable[rmid].rm_startup != NULL)
    6981         348 :                 RmgrTable[rmid].rm_startup();
    6982             :         }
    6983             : 
    6984             :         /*
    6985             :          * Initialize shared variables for tracking progress of WAL replay, as
    6986             :          * if we had just replayed the record before the REDO location (or the
    6987             :          * checkpoint record itself, if it's a shutdown checkpoint).
    6988             :          */
    6989         116 :         SpinLockAcquire(&XLogCtl->info_lck);
    6990         116 :         if (checkPoint.redo < RecPtr)
    6991          82 :             XLogCtl->replayEndRecPtr = checkPoint.redo;
    6992             :         else
    6993          34 :             XLogCtl->replayEndRecPtr = EndRecPtr;
    6994         116 :         XLogCtl->replayEndTLI = ThisTimeLineID;
    6995         116 :         XLogCtl->lastReplayedEndRecPtr = XLogCtl->replayEndRecPtr;
    6996         116 :         XLogCtl->lastReplayedTLI = XLogCtl->replayEndTLI;
    6997         116 :         XLogCtl->recoveryLastXTime = 0;
    6998         116 :         XLogCtl->currentChunkStartTime = 0;
    6999         116 :         XLogCtl->recoveryPause = false;
    7000         116 :         SpinLockRelease(&XLogCtl->info_lck);
    7001             : 
    7002             :         /* Also ensure XLogReceiptTime has a sane value */
    7003         116 :         XLogReceiptTime = GetCurrentTimestamp();
    7004             : 
    7005             :         /*
    7006             :          * Let postmaster know we've started redo now, so that it can launch
    7007             :          * checkpointer to perform restartpoints.  We don't bother during
    7008             :          * crash recovery as restartpoints can only be performed during
    7009             :          * archive recovery.  And we'd like to keep crash recovery simple, to
    7010             :          * avoid introducing bugs that could affect you when recovering after
    7011             :          * crash.
    7012             :          *
    7013             :          * After this point, we can no longer assume that we're the only
    7014             :          * process in addition to postmaster!  Also, fsync requests are
    7015             :          * subsequently to be handled by the checkpointer, not locally.
    7016             :          */
    7017         116 :         if (ArchiveRecoveryRequested && IsUnderPostmaster)
    7018             :         {
    7019          68 :             PublishStartupProcessInformation();
    7020          68 :             EnableSyncRequestForwarding();
    7021          68 :             SendPostmasterSignal(PMSIGNAL_RECOVERY_STARTED);
    7022          68 :             bgwriterLaunched = true;
    7023             :         }
    7024             : 
    7025             :         /*
    7026             :          * Allow read-only connections immediately if we're consistent
    7027             :          * already.
    7028             :          */
    7029         116 :         CheckRecoveryConsistency();
    7030             : 
    7031             :         /*
    7032             :          * Find the first record that logically follows the checkpoint --- it
    7033             :          * might physically precede it, though.
    7034             :          */
    7035         116 :         if (checkPoint.redo < RecPtr)
    7036             :         {
    7037             :             /* back up to find the record */
    7038          82 :             record = ReadRecord(xlogreader, checkPoint.redo, PANIC, false);
    7039             :         }
    7040             :         else
    7041             :         {
    7042             :             /* just have to read next record after CheckPoint */
    7043          34 :             record = ReadRecord(xlogreader, InvalidXLogRecPtr, LOG, false);
    7044             :         }
    7045             : 
    7046         116 :         if (record != NULL)
    7047             :         {
    7048             :             ErrorContextCallback errcallback;
    7049             :             TimestampTz xtime;
    7050             : 
    7051         108 :             InRedo = true;
    7052             : 
    7053         108 :             ereport(LOG,
    7054             :                     (errmsg("redo starts at %X/%X",
    7055             :                             (uint32) (ReadRecPtr >> 32), (uint32) ReadRecPtr)));
    7056             : 
    7057             :             /*
    7058             :              * main redo apply loop
    7059             :              */
    7060             :             do
    7061             :             {
    7062      238472 :                 bool        switchedTLI = false;
    7063             : 
    7064             : #ifdef WAL_DEBUG
    7065             :                 if (XLOG_DEBUG ||
    7066             :                     (rmid == RM_XACT_ID && trace_recovery_messages <= DEBUG2) ||
    7067             :                     (rmid != RM_XACT_ID && trace_recovery_messages <= DEBUG3))
    7068             :                 {
    7069             :                     StringInfoData buf;
    7070             : 
    7071             :                     initStringInfo(&buf);
    7072             :                     appendStringInfo(&buf, "REDO @ %X/%X; LSN %X/%X: ",
    7073             :                                      (uint32) (ReadRecPtr >> 32), (uint32) ReadRecPtr,
    7074             :                                      (uint32) (EndRecPtr >> 32), (uint32) EndRecPtr);
    7075             :                     xlog_outrec(&buf, xlogreader);
    7076             :                     appendStringInfoString(&buf, " - ");
    7077             :                     xlog_outdesc(&buf, xlogreader);
    7078             :                     elog(LOG, "%s", buf.data);
    7079             :                     pfree(buf.data);
    7080             :                 }
    7081             : #endif
    7082             : 
    7083             :                 /* Handle interrupt signals of startup process */
    7084      238472 :                 HandleStartupProcInterrupts();
    7085             : 
    7086             :                 /*
    7087             :                  * Pause WAL replay, if requested by a hot-standby session via
    7088             :                  * SetRecoveryPause().
    7089             :                  *
    7090             :                  * Note that we intentionally don't take the info_lck spinlock
    7091             :                  * here.  We might therefore read a slightly stale value of
    7092             :                  * the recoveryPause flag, but it can't be very stale (no
    7093             :                  * worse than the last spinlock we did acquire).  Since a
    7094             :                  * pause request is a pretty asynchronous thing anyway,
    7095             :                  * possibly responding to it one WAL record later than we
    7096             :                  * otherwise would is a minor issue, so it doesn't seem worth
    7097             :                  * adding another spinlock cycle to prevent that.
    7098             :                  */
    7099      238472 :                 if (((volatile XLogCtlData *) XLogCtl)->recoveryPause)
    7100           0 :                     recoveryPausesHere();
    7101             : 
    7102             :                 /*
    7103             :                  * Have we reached our recovery target?
    7104             :                  */
    7105      238472 :                 if (recoveryStopsBefore(xlogreader))
    7106             :                 {
    7107           0 :                     reachedStopPoint = true;    /* see below */
    7108           0 :                     break;
    7109             :                 }
    7110             : 
    7111             :                 /*
    7112             :                  * If we've been asked to lag the master, wait on latch until
    7113             :                  * enough time has passed.
    7114             :                  */
    7115      238472 :                 if (recoveryApplyDelay(xlogreader))
    7116             :                 {
    7117             :                     /*
    7118             :                      * We test for paused recovery again here. If user sets
    7119             :                      * delayed apply, it may be because they expect to pause
    7120             :                      * recovery in case of problems, so we must test again
    7121             :                      * here otherwise pausing during the delay-wait wouldn't
    7122             :                      * work.
    7123             :                      */
    7124           0 :                     if (((volatile XLogCtlData *) XLogCtl)->recoveryPause)
    7125           0 :                         recoveryPausesHere();
    7126             :                 }
    7127             : 
    7128             :                 /* Setup error traceback support for ereport() */
    7129      238472 :                 errcallback.callback = rm_redo_error_callback;
    7130      238472 :                 errcallback.arg = (void *) xlogreader;
    7131      238472 :                 errcallback.previous = error_context_stack;
    7132      238472 :                 error_context_stack = &errcallback;
    7133             : 
    7134             :                 /*
    7135             :                  * ShmemVariableCache->nextFullXid must be beyond record's
    7136             :                  * xid.
    7137             :                  */
    7138      238472 :                 AdvanceNextFullTransactionIdPastXid(record->xl_xid);
    7139             : 
    7140             :                 /*
    7141             :                  * Before replaying this record, check if this record causes
    7142             :                  * the current timeline to change. The record is already
    7143             :                  * considered to be part of the new timeline, so we update
    7144             :                  * ThisTimeLineID before replaying it. That's important so
    7145             :                  * that replayEndTLI, which is recorded as the minimum
    7146             :                  * recovery point's TLI if recovery stops after this record,
    7147             :                  * is set correctly.
    7148             :                  */
    7149      238472 :                 if (record->xl_rmid == RM_XLOG_ID)
    7150             :                 {
    7151        1602 :                     TimeLineID  newTLI = ThisTimeLineID;
    7152        1602 :                     TimeLineID  prevTLI = ThisTimeLineID;
    7153        1602 :                     uint8       info = record->xl_info & ~XLR_INFO_MASK;
    7154             : 
    7155        1602 :                     if (info == XLOG_CHECKPOINT_SHUTDOWN)
    7156             :                     {
    7157             :                         CheckPoint  checkPoint;
    7158             : 
    7159          34 :                         memcpy(&checkPoint, XLogRecGetData(xlogreader), sizeof(CheckPoint));
    7160          34 :                         newTLI = checkPoint.ThisTimeLineID;
    7161          34 :                         prevTLI = checkPoint.PrevTimeLineID;
    7162             :                     }
    7163        1568 :                     else if (info == XLOG_END_OF_RECOVERY)
    7164             :                     {
    7165             :                         xl_end_of_recovery xlrec;
    7166             : 
    7167          10 :                         memcpy(&xlrec, XLogRecGetData(xlogreader), sizeof(xl_end_of_recovery));
    7168          10 :                         newTLI = xlrec.ThisTimeLineID;
    7169          10 :                         prevTLI = xlrec.PrevTimeLineID;
    7170             :                     }
    7171             : 
    7172        1602 :                     if (newTLI != ThisTimeLineID)
    7173             :                     {
    7174             :                         /* Check that it's OK to switch to this TLI */
    7175          10 :                         checkTimeLineSwitch(EndRecPtr, newTLI, prevTLI);
    7176             : 
    7177             :                         /* Following WAL records should be run with new TLI */
    7178          10 :                         ThisTimeLineID = newTLI;
    7179          10 :                         switchedTLI = true;
    7180             :                     }
    7181             :                 }
    7182             : 
    7183             :                 /*
    7184             :                  * Update shared replayEndRecPtr before replaying this record,
    7185             :                  * so that XLogFlush will update minRecoveryPoint correctly.
    7186             :                  */
    7187      238472 :                 SpinLockAcquire(&XLogCtl->info_lck);
    7188      238472 :                 XLogCtl->replayEndRecPtr = EndRecPtr;
    7189      238472 :                 XLogCtl->replayEndTLI = ThisTimeLineID;
    7190      238472 :                 SpinLockRelease(&XLogCtl->info_lck);
    7191             : 
    7192             :                 /*
    7193             :                  * If we are attempting to enter Hot Standby mode, process
    7194             :                  * XIDs we see
    7195             :                  */
    7196      408372 :                 if (standbyState >= STANDBY_INITIALIZED &&
    7197      169900 :                     TransactionIdIsValid(record->xl_xid))
    7198      168986 :                     RecordKnownAssignedTransactionIds(record->xl_xid);
    7199             : 
    7200             :                 /* Now apply the WAL record itself */
    7201      238472 :                 RmgrTable[record->xl_rmid].rm_redo(xlogreader);
    7202             : 
    7203             :                 /*
    7204             :                  * After redo, check whether the backup pages associated with
    7205             :                  * the WAL record are consistent with the existing pages. This
    7206             :                  * check is done only if consistency check is enabled for this
    7207             :                  * record.
    7208             :                  */
    7209      238472 :                 if ((record->xl_info & XLR_CHECK_CONSISTENCY) != 0)
    7210           0 :                     checkXLogConsistency(xlogreader);
    7211             : 
    7212             :                 /* Pop the error context stack */
    7213      238472 :                 error_context_stack = errcallback.previous;
    7214             : 
    7215             :                 /*
    7216             :                  * Update lastReplayedEndRecPtr after this record has been
    7217             :                  * successfully replayed.
    7218             :                  */
    7219      238472 :                 SpinLockAcquire(&XLogCtl->info_lck);
    7220      238472 :                 XLogCtl->lastReplayedEndRecPtr = EndRecPtr;
    7221      238472 :                 XLogCtl->lastReplayedTLI = ThisTimeLineID;
    7222      238472 :                 SpinLockRelease(&XLogCtl->info_lck);
    7223             : 
    7224             :                 /*
    7225             :                  * If rm_redo called XLogRequestWalReceiverReply, then we wake
    7226             :                  * up the receiver so that it notices the updated
    7227             :                  * lastReplayedEndRecPtr and sends a reply to the master.
    7228             :                  */
    7229      238472 :                 if (doRequestWalReceiverReply)
    7230             :                 {
    7231           0 :                     doRequestWalReceiverReply = false;
    7232           0 :                     WalRcvForceReply();
    7233             :                 }
    7234             : 
    7235             :                 /* Remember this record as the last-applied one */
    7236      238472 :                 LastRec = ReadRecPtr;
    7237             : 
    7238             :                 /* Allow read-only connections if we're consistent now */
    7239      238472 :                 CheckRecoveryConsistency();
    7240             : 
    7241             :                 /* Is this a timeline switch? */
    7242      238472 :                 if (switchedTLI)
    7243             :                 {
    7244             :                     /*
    7245             :                      * Before we continue on the new timeline, clean up any
    7246             :                      * (possibly bogus) future WAL segments on the old
    7247             :                      * timeline.
    7248             :                      */
    7249          10 :                     RemoveNonParentXlogFiles(EndRecPtr, ThisTimeLineID);
    7250             : 
    7251             :                     /*
    7252             :                      * Wake up any walsenders to notice that we are on a new
    7253             :                      * timeline.
    7254             :                      */
    7255          10 :                     if (switchedTLI && AllowCascadeReplication())
    7256          10 :                         WalSndWakeup();
    7257             :                 }
    7258             : 
    7259             :                 /* Exit loop if we reached inclusive recovery target */
    7260      238472 :                 if (recoveryStopsAfter(xlogreader))
    7261             :                 {
    7262           0 :                     reachedStopPoint = true;
    7263           0 :                     break;
    7264             :                 }
    7265             : 
    7266             :                 /* Else, try to fetch the next WAL record */
    7267      238472 :                 record = ReadRecord(xlogreader, InvalidXLogRecPtr, LOG, false);
    7268      238450 :             } while (record != NULL);
    7269             : 
    7270             :             /*
    7271             :              * end of main redo apply loop
    7272             :              */
    7273             : 
    7274          86 :             if (reachedStopPoint)
    7275             :             {
    7276           0 :                 if (!reachedConsistency)
    7277           0 :                     ereport(FATAL,
    7278             :                             (errmsg("requested recovery stop point is before consistent recovery point")));
    7279             : 
    7280             :                 /*
    7281             :                  * This is the last point where we can restart recovery with a
    7282             :                  * new recovery target, if we shutdown and begin again. After
    7283             :                  * this, Resource Managers may choose to do permanent
    7284             :                  * corrective actions at end of recovery.
    7285             :                  */
    7286           0 :                 switch (recoveryTargetAction)
    7287             :                 {
    7288             :                     case RECOVERY_TARGET_ACTION_SHUTDOWN:
    7289             : 
    7290             :                         /*
    7291             :                          * exit with special return code to request shutdown
    7292             :                          * of postmaster.  Log messages issued from
    7293             :                          * postmaster.
    7294             :                          */
    7295           0 :                         proc_exit(3);
    7296             : 
    7297             :                     case RECOVERY_TARGET_ACTION_PAUSE:
    7298           0 :                         SetRecoveryPause(true);
    7299           0 :                         recoveryPausesHere();
    7300             : 
    7301             :                         /* drop into promote */
    7302             : 
    7303             :                     case RECOVERY_TARGET_ACTION_PROMOTE:
    7304           0 :                         break;
    7305             :                 }
    7306             :             }
    7307             : 
    7308             :             /* Allow resource managers to do any required cleanup. */
    7309        1978 :             for (rmid = 0; rmid <= RM_MAX_ID; rmid++)
    7310             :             {
    7311        1892 :                 if (RmgrTable[rmid].rm_cleanup != NULL)
    7312         258 :                     RmgrTable[rmid].rm_cleanup();
    7313             :             }
    7314             : 
    7315          86 :             ereport(LOG,
    7316             :                     (errmsg("redo done at %X/%X",
    7317             :                             (uint32) (ReadRecPtr >> 32), (uint32) ReadRecPtr)));
    7318          86 :             xtime = GetLatestXTime();
    7319          86 :             if (xtime)
    7320          34 :                 ereport(LOG,
    7321             :                         (errmsg("last completed transaction was at log time %s",
    7322             :                                 timestamptz_to_str(xtime))));
    7323             : 
    7324          86 :             InRedo = false;
    7325             :         }
    7326             :         else
    7327             :         {
    7328             :             /* there are no WAL records following the checkpoint */
    7329           8 :             ereport(LOG,
    7330             :                     (errmsg("redo is not required")));
    7331             :         }
    7332             :     }
    7333             : 
    7334             :     /*
    7335             :      * Kill WAL receiver, if it's still running, before we continue to write
    7336             :      * the startup checkpoint record. It will trump over the checkpoint and
    7337             :      * subsequent records if it's still alive when we start writing WAL.
    7338             :      */
    7339        1170 :     ShutdownWalRcv();
    7340             : 
    7341             :     /*
    7342             :      * Reset unlogged relations to the contents of their INIT fork. This is
    7343             :      * done AFTER recovery is complete so as to include any unlogged relations
    7344             :      * created during recovery, but BEFORE recovery is marked as having
    7345             :      * completed successfully. Otherwise we'd not retry if any of the post
    7346             :      * end-of-recovery steps fail.
    7347             :      */
    7348        1170 :     if (InRecovery)
    7349          94 :         ResetUnloggedRelations(UNLOGGED_RELATION_INIT);
    7350             : 
    7351             :     /*
    7352             :      * We don't need the latch anymore. It's not strictly necessary to disown
    7353             :      * it, but let's do it for the sake of tidiness.
    7354             :      */
    7355        1170 :     if (ArchiveRecoveryRequested)
    7356          46 :         DisownLatch(&XLogCtl->recoveryWakeupLatch);
    7357             : 
    7358             :     /*
    7359             :      * We are now done reading the xlog from stream. Turn off streaming
    7360             :      * recovery to force fetching the files (which would be required at end of
    7361             :      * recovery, e.g., timeline history file) from archive or pg_wal.
    7362             :      */
    7363        1170 :     StandbyMode = false;
    7364             : 
    7365             :     /*
    7366             :      * Re-fetch the last valid or last applied record, so we can identify the
    7367             :      * exact endpoint of what we consider the valid portion of WAL.
    7368             :      */
    7369        1170 :     record = ReadRecord(xlogreader, LastRec, PANIC, false);
    7370        1170 :     EndOfLog = EndRecPtr;
    7371             : 
    7372             :     /*
    7373             :      * EndOfLogTLI is the TLI in the filename of the XLOG segment containing
    7374             :      * the end-of-log. It could be different from the timeline that EndOfLog
    7375             :      * nominally belongs to, if there was a timeline switch in that segment,
    7376             :      * and we were reading the old WAL from a segment belonging to a higher
    7377             :      * timeline.
    7378             :      */
    7379        1170 :     EndOfLogTLI = xlogreader->seg.ws_tli;
    7380             : 
    7381             :     /*
    7382             :      * Complain if we did not roll forward far enough to render the backup
    7383             :      * dump consistent.  Note: it is indeed okay to look at the local variable
    7384             :      * minRecoveryPoint here, even though ControlFile->minRecoveryPoint might
    7385             :      * be further ahead --- ControlFile->minRecoveryPoint cannot have been
    7386             :      * advanced beyond the WAL we processed.
    7387             :      */
    7388        1264 :     if (InRecovery &&
    7389         188 :         (EndOfLog < minRecoveryPoint ||
    7390          94 :          !XLogRecPtrIsInvalid(ControlFile->backupStartPoint)))
    7391             :     {
    7392             :         /*
    7393             :          * Ran off end of WAL before reaching end-of-backup WAL record, or
    7394             :          * minRecoveryPoint. That's usually a bad sign, indicating that you
    7395             :          * tried to recover from an online backup but never called
    7396             :          * pg_stop_backup(), or you didn't archive all the WAL up to that
    7397             :          * point. However, this also happens in crash recovery, if the system
    7398             :          * crashes while an online backup is in progress. We must not treat
    7399             :          * that as an error, or the database will refuse to start up.
    7400             :          */
    7401           0 :         if (ArchiveRecoveryRequested || ControlFile->backupEndRequired)
    7402             :         {
    7403           0 :             if (ControlFile->backupEndRequired)
    7404           0 :                 ereport(FATAL,
    7405             :                         (errmsg("WAL ends before end of online backup"),
    7406             :                          errhint("All WAL generated while online backup was taken must be available at recovery.")));
    7407           0 :             else if (!XLogRecPtrIsInvalid(ControlFile->backupStartPoint))
    7408           0 :                 ereport(FATAL,
    7409             :                         (errmsg("WAL ends before end of online backup"),
    7410             :                          errhint("Online backup started with pg_start_backup() must be ended with pg_stop_backup(), and all WAL up to that point must be available at recovery.")));
    7411             :             else
    7412           0 :                 ereport(FATAL,
    7413             :                         (errmsg("WAL ends before consistent recovery point")));
    7414             :         }
    7415             :     }
    7416             : 
    7417             :     /*
    7418             :      * Pre-scan prepared transactions to find out the range of XIDs present.
    7419             :      * This information is not quite needed yet, but it is positioned here so
    7420             :      * as potential problems are detected before any on-disk change is done.
    7421             :      */
    7422        1170 :     oldestActiveXID = PrescanPreparedTransactions(NULL, NULL);
    7423             : 
    7424             :     /*
    7425             :      * Consider whether we need to assign a new timeline ID.
    7426             :      *
    7427             :      * If we are doing an archive recovery, we always assign a new ID.  This
    7428             :      * handles a couple of issues.  If we stopped short of the end of WAL
    7429             :      * during recovery, then we are clearly generating a new timeline and must
    7430             :      * assign it a unique new ID.  Even if we ran to the end, modifying the
    7431             :      * current last segment is problematic because it may result in trying to
    7432             :      * overwrite an already-archived copy of that segment, and we encourage
    7433             :      * DBAs to make their archive_commands reject that.  We can dodge the
    7434             :      * problem by making the new active segment have a new timeline ID.
    7435             :      *
    7436             :      * In a normal crash recovery, we can just extend the timeline we were in.
    7437             :      */
    7438        1170 :     PrevTimeLineID = ThisTimeLineID;
    7439        1170 :     if (ArchiveRecoveryRequested)
    7440             :     {
    7441             :         char        reason[200];
    7442             :         char        recoveryPath[MAXPGPATH];
    7443             : 
    7444             :         Assert(InArchiveRecovery);
    7445             : 
    7446          46 :         ThisTimeLineID = findNewestTimeLine(recoveryTargetTLI) + 1;
    7447          46 :         ereport(LOG,
    7448             :                 (errmsg("selected new timeline ID: %u", ThisTimeLineID)));
    7449             : 
    7450             :         /*
    7451             :          * Create a comment for the history file to explain why and where
    7452             :          * timeline changed.
    7453             :          */
    7454          46 :         if (recoveryTarget == RECOVERY_TARGET_XID)
    7455           0 :             snprintf(reason, sizeof(reason),
    7456             :                      "%s transaction %u",
    7457           0 :                      recoveryStopAfter ? "after" : "before",
    7458             :                      recoveryStopXid);
    7459          46 :         else if (recoveryTarget == RECOVERY_TARGET_TIME)
    7460           0 :             snprintf(reason, sizeof(reason),
    7461             :                      "%s %s\n",
    7462           0 :                      recoveryStopAfter ? "after" : "before",
    7463             :                      timestamptz_to_str(recoveryStopTime));
    7464          46 :         else if (recoveryTarget == RECOVERY_TARGET_LSN)
    7465           0 :             snprintf(reason, sizeof(reason),
    7466             :                      "%s LSN %X/%X\n",
    7467           0 :                      recoveryStopAfter ? "after" : "before",
    7468           0 :                      (uint32) (recoveryStopLSN >> 32),
    7469             :                      (uint32) recoveryStopLSN);
    7470          46 :         else if (recoveryTarget == RECOVERY_TARGET_NAME)
    7471           0 :             snprintf(reason, sizeof(reason),
    7472             :                      "at restore point \"%s\"",
    7473             :                      recoveryStopName);
    7474          46 :         else if (recoveryTarget == RECOVERY_TARGET_IMMEDIATE)
    7475           0 :             snprintf(reason, sizeof(reason), "reached consistency");
    7476             :         else
    7477          46 :             snprintf(reason, sizeof(reason), "no recovery target specified");
    7478             : 
    7479             :         /*
    7480             :          * We are now done reading the old WAL.  Turn off archive fetching if
    7481             :          * it was active, and make a writable copy of the last WAL segment.
    7482             :          * (Note that we also have a copy of the last block of the old WAL in
    7483             :          * readBuf; we will use that below.)
    7484             :          */
    7485          46 :         exitArchiveRecovery(EndOfLogTLI, EndOfLog);
    7486             : 
    7487             :         /*
    7488             :          * Write the timeline history file, and have it archived. After this
    7489             :          * point (or rather, as soon as the file is archived), the timeline
    7490             :          * will appear as "taken" in the WAL archive and to any standby
    7491             :          * servers.  If we crash before actually switching to the new
    7492             :          * timeline, standby servers will nevertheless think that we switched
    7493             :          * to the new timeline, and will try to connect to the new timeline.
    7494             :          * To minimize the window for that, try to do as little as possible
    7495             :          * between here and writing the end-of-recovery record.
    7496             :          */
    7497          46 :         writeTimeLineHistory(ThisTimeLineID, recoveryTargetTLI,
    7498             :                              EndRecPtr, reason);
    7499             : 
    7500             :         /*
    7501             :          * Since there might be a partial WAL segment named RECOVERYXLOG, get
    7502             :          * rid of it.
    7503             :          */
    7504          46 :         snprintf(recoveryPath, MAXPGPATH, XLOGDIR "/RECOVERYXLOG");
    7505          46 :         unlink(recoveryPath);   /* ignore any error */
    7506             : 
    7507             :         /* Get rid of any remaining recovered timeline-history file, too */
    7508          46 :         snprintf(recoveryPath, MAXPGPATH, XLOGDIR "/RECOVERYHISTORY");
    7509          46 :         unlink(recoveryPath);   /* ignore any error */
    7510             :     }
    7511             : 
    7512             :     /* Save the selected TimeLineID in shared memory, too */
    7513        1170 :     XLogCtl->ThisTimeLineID = ThisTimeLineID;
    7514        1170 :     XLogCtl->PrevTimeLineID = PrevTimeLineID;
    7515             : 
    7516             :     /*
    7517             :      * Prepare to write WAL starting at EndOfLog location, and init xlog
    7518             :      * buffer cache using the block containing the last record from the
    7519             :      * previous incarnation.
    7520             :      */
    7521        1170 :     Insert = &XLogCtl->Insert;
    7522        1170 :     Insert->PrevBytePos = XLogRecPtrToBytePos(LastRec);
    7523        1170 :     Insert->CurrBytePos = XLogRecPtrToBytePos(EndOfLog);
    7524             : 
    7525             :     /*
    7526             :      * Tricky point here: readBuf contains the *last* block that the LastRec
    7527             :      * record spans, not the one it starts in.  The last block is indeed the
    7528             :      * one we want to use.
    7529             :      */
    7530        1170 :     if (EndOfLog % XLOG_BLCKSZ != 0)
    7531             :     {
    7532             :         char       *page;
    7533             :         int         len;
    7534             :         int         firstIdx;
    7535             :         XLogRecPtr  pageBeginPtr;
    7536             : 
    7537        1152 :         pageBeginPtr = EndOfLog - (EndOfLog % XLOG_BLCKSZ);
    7538             :         Assert(readOff == XLogSegmentOffset(pageBeginPtr, wal_segment_size));
    7539             : 
    7540        1152 :         firstIdx = XLogRecPtrToBufIdx(EndOfLog);
    7541             : 
    7542             :         /* Copy the valid part of the last block, and zero the rest */
    7543        1152 :         page = &XLogCtl->pages[firstIdx * XLOG_BLCKSZ];
    7544        1152 :         len = EndOfLog % XLOG_BLCKSZ;
    7545        1152 :         memcpy(page, xlogreader->readBuf, len);
    7546        1152 :         memset(page + len, 0, XLOG_BLCKSZ - len);
    7547             : 
    7548        1152 :         XLogCtl->xlblocks[firstIdx] = pageBeginPtr + XLOG_BLCKSZ;
    7549        1152 :         XLogCtl->InitializedUpTo = pageBeginPtr + XLOG_BLCKSZ;
    7550             :     }
    7551             :     else
    7552             :     {
    7553             :         /*
    7554             :          * There is no partial block to copy. Just set InitializedUpTo, and
    7555             :          * let the first attempt to insert a log record to initialize the next
    7556             :          * buffer.
    7557             :          */
    7558          18 :         XLogCtl->InitializedUpTo = EndOfLog;
    7559             :     }
    7560             : 
    7561        1170 :     LogwrtResult.Write = LogwrtResult.Flush = EndOfLog;
    7562             : 
    7563        1170 :     XLogCtl->LogwrtResult = LogwrtResult;
    7564             : 
    7565        1170 :     XLogCtl->LogwrtRqst.Write = EndOfLog;
    7566        1170 :     XLogCtl->LogwrtRqst.Flush = EndOfLog;
    7567             : 
    7568             :     /*
    7569             :      * Update full_page_writes in shared memory and write an XLOG_FPW_CHANGE
    7570             :      * record before resource manager writes cleanup WAL records or checkpoint
    7571             :      * record is written.
    7572             :      */
    7573        1170 :     Insert->fullPageWrites = lastFullPageWrites;
    7574        1170 :     LocalSetXLogInsertAllowed();
    7575        1170 :     UpdateFullPageWrites();
    7576        1170 :     LocalXLogInsertAllowed = -1;
    7577             : 
    7578        1170 :     if (InRecovery)
    7579             :     {
    7580             :         /*
    7581             :          * Perform a checkpoint to update all our recovery activity to disk.
    7582             :          *
    7583             :          * Note that we write a shutdown checkpoint rather than an on-line
    7584             :          * one. This is not particularly critical, but since we may be
    7585             :          * assigning a new TLI, using a shutdown checkpoint allows us to have
    7586             :          * the rule that TLI only changes in shutdown checkpoints, which
    7587             :          * allows some extra error checking in xlog_redo.
    7588             :          *
    7589             :          * In fast promotion, only create a lightweight end-of-recovery record
    7590             :          * instead of a full checkpoint. A checkpoint is requested later,
    7591             :          * after we're fully out of recovery mode and already accepting
    7592             :          * queries.
    7593             :          */
    7594          94 :         if (bgwriterLaunched)
    7595             :         {
    7596          46 :             if (fast_promote)
    7597             :             {
    7598          46 :                 checkPointLoc = ControlFile->checkPoint;
    7599             : 
    7600             :                 /*
    7601             :                  * Confirm the last checkpoint is available for us to recover
    7602             :                  * from if we fail.
    7603             :                  */
    7604          46 :                 record = ReadCheckpointRecord(xlogreader, checkPointLoc, 1, false);
    7605          46 :                 if (record != NULL)
    7606             :                 {
    7607          46 :                     fast_promoted = true;
    7608             : 
    7609             :                     /*
    7610             :                      * Insert a special WAL record to mark the end of
    7611             :                      * recovery, since we aren't doing a checkpoint. That
    7612             :                      * means that the checkpointer process may likely be in
    7613             :                      * the middle of a time-smoothed restartpoint and could
    7614             :                      * continue to be for minutes after this. That sounds
    7615             :                      * strange, but the effect is roughly the same and it
    7616             :                      * would be stranger to try to come out of the
    7617             :                      * restartpoint and then checkpoint. We request a
    7618             :                      * checkpoint later anyway, just for safety.
    7619             :                      */
    7620          46 :                     CreateEndOfRecoveryRecord();
    7621             :                 }
    7622             :             }
    7623             : 
    7624          46 :             if (!fast_promoted)
    7625           0 :                 RequestCheckpoint(CHECKPOINT_END_OF_RECOVERY |
    7626             :                                   CHECKPOINT_IMMEDIATE |
    7627             :                                   CHECKPOINT_WAIT);
    7628             :         }
    7629             :         else
    7630          48 :             CreateCheckPoint(CHECKPOINT_END_OF_RECOVERY | CHECKPOINT_IMMEDIATE);
    7631             :     }
    7632             : 
    7633        1170 :     if (ArchiveRecoveryRequested)
    7634             :     {
    7635             :         /*
    7636             :          * And finally, execute the recovery_end_command, if any.
    7637             :          */
    7638          46 :         if (recoveryEndCommand && strcmp(recoveryEndCommand, "") != 0)
    7639           0 :             ExecuteRecoveryCommand(recoveryEndCommand,
    7640             :                                    "recovery_end_command",
    7641             :                                    true);
    7642             : 
    7643             :         /*
    7644             :          * We switched to a new timeline. Clean up segments on the old
    7645             :          * timeline.
    7646             :          *
    7647             :          * If there are any higher-numbered segments on the old timeline,
    7648             :          * remove them. They might contain valid WAL, but they might also be
    7649             :          * pre-allocated files containing garbage. In any case, they are not
    7650             :          * part of the new timeline's history so we don't need them.
    7651             :          */
    7652          46 :         RemoveNonParentXlogFiles(EndOfLog, ThisTimeLineID);
    7653             : 
    7654             :         /*
    7655             :          * If the switch happened in the middle of a segment, what to do with
    7656             :          * the last, partial segment on the old timeline? If we don't archive
    7657             :          * it, and the server that created the WAL never archives it either
    7658             :          * (e.g. because it was hit by a meteor), it will never make it to the
    7659             :          * archive. That's OK from our point of view, because the new segment
    7660             :          * that we created with the new TLI contains all the WAL from the old
    7661             :          * timeline up to the switch point. But if you later try to do PITR to
    7662             :          * the "missing" WAL on the old timeline, recovery won't find it in
    7663             :          * the archive. It's physically present in the new file with new TLI,
    7664             :          * but recovery won't look there when it's recovering to the older
    7665             :          * timeline. On the other hand, if we archive the partial segment, and
    7666             :          * the original server on that timeline is still running and archives
    7667             :          * the completed version of the same segment later, it will fail. (We
    7668             :          * used to do that in 9.4 and below, and it caused such problems).
    7669             :          *
    7670             :          * As a compromise, we rename the last segment with the .partial
    7671             :          * suffix, and archive it. Archive recovery will never try to read
    7672             :          * .partial segments, so they will normally go unused. But in the odd
    7673             :          * PITR case, the administrator can copy them manually to the pg_wal
    7674             :          * directory (removing the suffix). They can be useful in debugging,
    7675             :          * too.
    7676             :          *
    7677             :          * If a .done or .ready file already exists for the old timeline,
    7678             :          * however, we had already determined that the segment is complete, so
    7679             :          * we can let it be archived normally. (In particular, if it was
    7680             :          * restored from the archive to begin with, it's expected to have a
    7681             :          * .done file).
    7682             :          */
    7683          46 :         if (XLogSegmentOffset(EndOfLog, wal_segment_size) != 0 &&
    7684             :             XLogArchivingActive())
    7685             :         {
    7686             :             char        origfname[MAXFNAMELEN];
    7687             :             XLogSegNo   endLogSegNo;
    7688             : 
    7689           2 :             XLByteToPrevSeg(EndOfLog, endLogSegNo, wal_segment_size);
    7690           2 :             XLogFileName(origfname, EndOfLogTLI, endLogSegNo, wal_segment_size);
    7691             : 
    7692           2 :             if (!XLogArchiveIsReadyOrDone(origfname))
    7693             :             {
    7694             :                 char        origpath[MAXPGPATH];
    7695             :                 char        partialfname[MAXFNAMELEN];
    7696             :                 char        partialpath[MAXPGPATH];
    7697             : 
    7698           2 :                 XLogFilePath(origpath, EndOfLogTLI, endLogSegNo, wal_segment_size);
    7699           2 :                 snprintf(partialfname, MAXFNAMELEN, "%s.partial", origfname);
    7700           2 :                 snprintf(partialpath, MAXPGPATH, "%s.partial", origpath);
    7701             : 
    7702             :                 /*
    7703             :                  * Make sure there's no .done or .ready file for the .partial
    7704             :                  * file.
    7705             :                  */
    7706           2 :                 XLogArchiveCleanup(partialfname);
    7707             : 
    7708           2 :                 durable_rename(origpath, partialpath, ERROR);
    7709           2 :                 XLogArchiveNotify(partialfname);
    7710             :             }
    7711             :         }
    7712             :     }
    7713             : 
    7714             :     /*
    7715             :      * Preallocate additional log files, if wanted.
    7716             :      */
    7717        1170 :     PreallocXlogFiles(EndOfLog);
    7718             : 
    7719             :     /*
    7720             :      * Okay, we're officially UP.
    7721             :      */
    7722        1170 :     InRecovery = false;
    7723             : 
    7724             :     /* start the archive_timeout timer and LSN running */
    7725        1170 :     XLogCtl->lastSegSwitchTime = (pg_time_t) time(NULL);
    7726        1170 :     XLogCtl->lastSegSwitchLSN = EndOfLog;
    7727             : 
    7728             :     /* also initialize latestCompletedXid, to nextXid - 1 */
    7729        1170 :     LWLockAcquire(ProcArrayLock, LW_EXCLUSIVE);
    7730        1170 :     ShmemVariableCache->latestCompletedXid = XidFromFullTransactionId(ShmemVariableCache->nextFullXid);
    7731        3102 :     TransactionIdRetreat(ShmemVariableCache->latestCompletedXid);
    7732        1170 :     LWLockRelease(ProcArrayLock);
    7733             : 
    7734             :     /*
    7735             :      * Start up the commit log and subtrans, if not already done for hot
    7736             :      * standby.  (commit timestamps are started below, if necessary.)
    7737             :      */
    7738        1170 :     if (standbyState == STANDBY_DISABLED)
    7739             :     {
    7740        1124 :         StartupCLOG();
    7741        1124 :         StartupSUBTRANS(oldestActiveXID);
    7742             :     }
    7743             : 
    7744             :     /*
    7745             :      * Perform end of recovery actions for any SLRUs that need it.
    7746             :      */
    7747        1170 :     TrimCLOG();
    7748        1170 :     TrimMultiXact();
    7749             : 
    7750             :     /* Reload shared-memory state for prepared transactions */
    7751        1170 :     RecoverPreparedTransactions();
    7752             : 
    7753             :     /*
    7754             :      * Shutdown the recovery environment. This must occur after
    7755             :      * RecoverPreparedTransactions(), see notes for lock_twophase_recover()
    7756             :      */
    7757        1170 :     if (standbyState != STANDBY_DISABLED)
    7758          46 :         ShutdownRecoveryTransactionEnvironment();
    7759             : 
    7760             :     /* Shut down xlogreader */
    7761        1170 :     if (readFile >= 0)
    7762             :     {
    7763        1156 :         close(readFile);
    7764        1156 :         readFile = -1;
    7765             :     }
    7766        1170 :     XLogReaderFree(xlogreader);
    7767             : 
    7768             :     /*
    7769             :      * If any of the critical GUCs have changed, log them before we allow
    7770             :      * backends to write WAL.
    7771             :      */
    7772        1170 :     LocalSetXLogInsertAllowed();
    7773        1170 :     XLogReportParameters();
    7774             : 
    7775             :     /*
    7776             :      * Local WAL inserts enabled, so it's time to finish initialization of
    7777             :      * commit timestamp.
    7778             :      */
    7779        1170 :     CompleteCommitTsInitialization();
    7780             : 
    7781             :     /*
    7782             :      * All done with end-of-recovery actions.
    7783             :      *
    7784             :      * Now allow backends to write WAL and update the control file status in
    7785             :      * consequence.  The boolean flag allowing backends to write WAL is
    7786             :      * updated while holding ControlFileLock to prevent other backends to look
    7787             :      * at an inconsistent state of the control file in shared memory.  There
    7788             :      * is still a small window during which backends can write WAL and the
    7789             :      * control file is still referring to a system not in DB_IN_PRODUCTION
    7790             :      * state while looking at the on-disk control file.
    7791             :      *
    7792             :      * Also, although the boolean flag to allow WAL is probably atomic in
    7793             :      * itself, we use the info_lck here to ensure that there are no race
    7794             :      * conditions concerning visibility of other recent updates to shared
    7795             :      * memory.
    7796             :      */
    7797        1170 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    7798        1170 :     ControlFile->state = DB_IN_PRODUCTION;
    7799        1170 :     ControlFile->time = (pg_time_t) time(NULL);
    7800             : 
    7801        1170 :     SpinLockAcquire(&XLogCtl->info_lck);
    7802        1170 :     XLogCtl->SharedRecoveryInProgress = false;
    7803        1170 :     SpinLockRelease(&XLogCtl->info_lck);
    7804             : 
    7805        1170 :     UpdateControlFile();
    7806        1170 :     LWLockRelease(ControlFileLock);
    7807             : 
    7808             :     /*
    7809             :      * If there were cascading standby servers connected to us, nudge any wal
    7810             :      * sender processes to notice that we've been promoted.
    7811             :      */
    7812        1170 :     WalSndWakeup();
    7813             : 
    7814             :     /*
    7815             :      * If this was a fast promotion, request an (online) checkpoint now. This
    7816             :      * isn't required for consistency, but the last restartpoint might be far
    7817             :      * back, and in case of a crash, recovering from it might take a longer
    7818             :      * than is appropriate now that we're not in standby mode anymore.
    7819             :      */
    7820        1170 :     if (fast_promoted)
    7821          46 :         RequestCheckpoint(CHECKPOINT_FORCE);
    7822        1170 : }
    7823             : 
    7824             : /*
    7825             :  * Checks if recovery has reached a consistent state. When consistency is
    7826             :  * reached and we have a valid starting standby snapshot, tell postmaster
    7827             :  * that it can start accepting read-only connections.
    7828             :  */
    7829             : static void
    7830      238590 : CheckRecoveryConsistency(void)
    7831             : {
    7832             :     XLogRecPtr  lastReplayedEndRecPtr;
    7833             : 
    7834             :     /*
    7835             :      * During crash recovery, we don't reach a consistent state until we've
    7836             :      * replayed all the WAL.
    7837             :      */
    7838      238590 :     if (XLogRecPtrIsInvalid(minRecoveryPoint))
    7839       68652 :         return;
    7840             : 
    7841             :     Assert(InArchiveRecovery);
    7842             : 
    7843             :     /*
    7844             :      * assume that we are called in the startup process, and hence don't need
    7845             :      * a lock to read lastReplayedEndRecPtr
    7846             :      */
    7847      169938 :     lastReplayedEndRecPtr = XLogCtl->lastReplayedEndRecPtr;
    7848             : 
    7849             :     /*
    7850             :      * Have we reached the point where our base backup was completed?
    7851             :      */
    7852      169948 :     if (!XLogRecPtrIsInvalid(ControlFile->backupEndPoint) &&
    7853          10 :         ControlFile->backupEndPoint <= lastReplayedEndRecPtr)
    7854             :     {
    7855             :         /*
    7856             :          * We have reached the end of base backup, as indicated by pg_control.
    7857             :          * The data on disk is now consistent. Reset backupStartPoint and
    7858             :          * backupEndPoint, and update minRecoveryPoint to make sure we don't
    7859             :          * allow starting up at an earlier point even if recovery is stopped
    7860             :          * and restarted soon after this.
    7861             :          */
    7862           2 :         elog(DEBUG1, "end of backup reached");
    7863             : 
    7864           2 :         LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    7865             : 
    7866           2 :         if (ControlFile->minRecoveryPoint < lastReplayedEndRecPtr)
    7867           0 :             ControlFile->minRecoveryPoint = lastReplayedEndRecPtr;
    7868             : 
    7869           2 :         ControlFile->backupStartPoint = InvalidXLogRecPtr;
    7870           2 :         ControlFile->backupEndPoint = InvalidXLogRecPtr;
    7871           2 :         ControlFile->backupEndRequired = false;
    7872           2 :         UpdateControlFile();
    7873             : 
    7874           2 :         LWLockRelease(ControlFileLock);
    7875             :     }
    7876             : 
    7877             :     /*
    7878             :      * Have we passed our safe starting point? Note that minRecoveryPoint is
    7879             :      * known to be incorrectly set if ControlFile->backupEndRequired, until
    7880             :      * the XLOG_BACKUP_END arrives to advise us of the correct
    7881             :      * minRecoveryPoint. All we know prior to that is that we're not
    7882             :      * consistent yet.
    7883             :      */
    7884      170026 :     if (!reachedConsistency && !ControlFile->backupEndRequired &&
    7885         162 :         minRecoveryPoint <= lastReplayedEndRecPtr &&
    7886          74 :         XLogRecPtrIsInvalid(ControlFile->backupStartPoint))
    7887             :     {
    7888             :         /*
    7889             :          * Check to see if the XLOG sequence contained any unresolved
    7890             :          * references to uninitialized pages.
    7891             :          */
    7892          68 :         XLogCheckInvalidPages();
    7893             : 
    7894          68 :         reachedConsistency = true;
    7895          68 :         ereport(LOG,
    7896             :                 (errmsg("consistent recovery state reached at %X/%X",
    7897             :                         (uint32) (lastReplayedEndRecPtr >> 32),
    7898             :                         (uint32) lastReplayedEndRecPtr)));
    7899             :     }
    7900             : 
    7901             :     /*
    7902             :      * Have we got a valid starting snapshot that will allow queries to be
    7903             :      * run? If so, we can tell postmaster that the database is consistent now,
    7904             :      * enabling connections.
    7905             :      */
    7906      339818 :     if (standbyState == STANDBY_SNAPSHOT_READY &&
    7907      170066 :         !LocalHotStandbyActive &&
    7908          68 :         reachedConsistency &&
    7909             :         IsUnderPostmaster)
    7910             :     {
    7911          68 :         SpinLockAcquire(&XLogCtl->info_lck);
    7912          68 :         XLogCtl->SharedHotStandbyActive = true;
    7913          68 :         SpinLockRelease(&XLogCtl->info_lck);
    7914             : 
    7915          68 :         LocalHotStandbyActive = true;
    7916             : 
    7917          68 :         SendPostmasterSignal(PMSIGNAL_BEGIN_HOT_STANDBY);
    7918             :     }
    7919             : }
    7920             : 
    7921             : /*
    7922             :  * Is the system still in recovery?
    7923             :  *
    7924             :  * Unlike testing InRecovery, this works in any process that's connected to
    7925             :  * shared memory.
    7926             :  *
    7927             :  * As a side-effect, we initialize the local TimeLineID and RedoRecPtr
    7928             :  * variables the first time we see that recovery is finished.
    7929             :  */
    7930             : bool
    7931    59778584 : RecoveryInProgress(void)
    7932             : {
    7933             :     /*
    7934             :      * We check shared state each time only until we leave recovery mode. We
    7935             :      * can't re-enter recovery, so there's no need to keep checking after the
    7936             :      * shared variable has once been seen false.
    7937             :      */
    7938    59778584 :     if (!LocalRecoveryInProgress)
    7939    59400024 :         return false;
    7940             :     else
    7941             :     {
    7942             :         /*
    7943             :          * use volatile pointer to make sure we make a fresh read of the
    7944             :          * shared variable.
    7945             :          */
    7946      378560 :         volatile XLogCtlData *xlogctl = XLogCtl;
    7947             : 
    7948      378560 :         LocalRecoveryInProgress = xlogctl->SharedRecoveryInProgress;
    7949             : 
    7950             :         /*
    7951             :          * Initialize TimeLineID and RedoRecPtr when we discover that recovery
    7952             :          * is finished. InitPostgres() relies upon this behaviour to ensure
    7953             :          * that InitXLOGAccess() is called at backend startup.  (If you change
    7954             :          * this, see also LocalSetXLogInsertAllowed.)
    7955             :          */
    7956      378560 :         if (!LocalRecoveryInProgress)
    7957             :         {
    7958             :             /*
    7959             :              * If we just exited recovery, make sure we read TimeLineID and
    7960             :              * RedoRecPtr after SharedRecoveryInProgress (for machines with
    7961             :              * weak memory ordering).
    7962             :              */
    7963       10598 :             pg_memory_barrier();
    7964       10598 :             InitXLOGAccess();
    7965             :         }
    7966             : 
    7967             :         /*
    7968             :          * Note: We don't need a memory barrier when we're still in recovery.
    7969             :          * We might exit recovery immediately after return, so the caller
    7970             :          * can't rely on 'true' meaning that we're still in recovery anyway.
    7971             :          */
    7972             : 
    7973      378560 :         return LocalRecoveryInProgress;
    7974             :     }
    7975             : }
    7976             : 
    7977             : /*
    7978             :  * Is HotStandby active yet? This is only important in special backends
    7979             :  * since normal backends won't ever be able to connect until this returns
    7980             :  * true. Postmaster knows this by way of signal, not via shared memory.
    7981             :  *
    7982             :  * Unlike testing standbyState, this works in any process that's connected to
    7983             :  * shared memory.  (And note that standbyState alone doesn't tell the truth
    7984             :  * anyway.)
    7985             :  */
    7986             : bool
    7987         120 : HotStandbyActive(void)
    7988             : {
    7989             :     /*
    7990             :      * We check shared state each time only until Hot Standby is active. We
    7991             :      * can't de-activate Hot Standby, so there's no need to keep checking
    7992             :      * after the shared variable has once been seen true.
    7993             :      */
    7994         120 :     if (LocalHotStandbyActive)
    7995          20 :         return true;
    7996             :     else
    7997             :     {
    7998             :         /* spinlock is essential on machines with weak memory ordering! */
    7999         100 :         SpinLockAcquire(&XLogCtl->info_lck);
    8000         100 :         LocalHotStandbyActive = XLogCtl->SharedHotStandbyActive;
    8001         100 :         SpinLockRelease(&XLogCtl->info_lck);
    8002             : 
    8003         100 :         return LocalHotStandbyActive;
    8004             :     }
    8005             : }
    8006             : 
    8007             : /*
    8008             :  * Like HotStandbyActive(), but to be used only in WAL replay code,
    8009             :  * where we don't need to ask any other process what the state is.
    8010             :  */
    8011             : bool
    8012           0 : HotStandbyActiveInReplay(void)
    8013             : {
    8014             :     Assert(AmStartupProcess() || !IsPostmasterEnvironment);
    8015           0 :     return LocalHotStandbyActive;
    8016             : }
    8017             : 
    8018             : /*
    8019             :  * Is this process allowed to insert new WAL records?
    8020             :  *
    8021             :  * Ordinarily this is essentially equivalent to !RecoveryInProgress().
    8022             :  * But we also have provisions for forcing the result "true" or "false"
    8023             :  * within specific processes regardless of the global state.
    8024             :  */
    8025             : bool
    8026    62434806 : XLogInsertAllowed(void)
    8027             : {
    8028             :     /*
    8029             :      * If value is "unconditionally true" or "unconditionally false", just
    8030             :      * return it.  This provides the normal fast path once recovery is known
    8031             :      * done.
    8032             :      */
    8033    62434806 :     if (LocalXLogInsertAllowed >= 0)
    8034    62425828 :         return (bool) LocalXLogInsertAllowed;
    8035             : 
    8036             :     /*
    8037             :      * Else, must check to see if we're still in recovery.
    8038             :      */
    8039        8978 :     if (RecoveryInProgress())
    8040        3784 :         return false;
    8041             : 
    8042             :     /*
    8043             :      * On exit from recovery, reset to "unconditionally true", since there is
    8044             :      * no need to keep checking.
    8045             :      */
    8046        5194 :     LocalXLogInsertAllowed = 1;
    8047        5194 :     return true;
    8048             : }
    8049             : 
    8050             : /*
    8051             :  * Make XLogInsertAllowed() return true in the current process only.
    8052             :  *
    8053             :  * Note: it is allowed to switch LocalXLogInsertAllowed back to -1 later,
    8054             :  * and even call LocalSetXLogInsertAllowed() again after that.
    8055             :  */
    8056             : static void
    8057        2434 : LocalSetXLogInsertAllowed(void)
    8058             : {
    8059             :     Assert(LocalXLogInsertAllowed == -1);
    8060        2434 :     LocalXLogInsertAllowed = 1;
    8061             : 
    8062             :     /* Initialize as RecoveryInProgress() would do when switching state */
    8063        2434 :     InitXLOGAccess();
    8064        2434 : }
    8065             : 
    8066             : /*
    8067             :  * Subroutine to try to fetch and validate a prior checkpoint record.
    8068             :  *
    8069             :  * whichChkpt identifies the checkpoint (merely for reporting purposes).
    8070             :  * 1 for "primary", 0 for "other" (backup_label)
    8071             :  */
    8072             : static XLogRecord *
    8073        1238 : ReadCheckpointRecord(XLogReaderState *xlogreader, XLogRecPtr RecPtr,
    8074             :                      int whichChkpt, bool report)
    8075             : {
    8076             :     XLogRecord *record;
    8077             :     uint8       info;
    8078             : 
    8079        1238 :     if (!XRecOffIsValid(RecPtr))
    8080             :     {
    8081           0 :         if (!report)
    8082           0 :             return NULL;
    8083             : 
    8084           0 :         switch (whichChkpt)
    8085             :         {
    8086             :             case 1:
    8087           0 :                 ereport(LOG,
    8088             :                         (errmsg("invalid primary checkpoint link in control file")));
    8089           0 :                 break;
    8090             :             default:
    8091           0 :                 ereport(LOG,
    8092             :                         (errmsg("invalid checkpoint link in backup_label file")));
    8093           0 :                 break;
    8094             :         }
    8095           0 :         return NULL;
    8096             :     }
    8097             : 
    8098        1238 :     record = ReadRecord(xlogreader, RecPtr, LOG, true);
    8099             : 
    8100        1238 :     if (record == NULL)
    8101             :     {
    8102           0 :         if (!report)
    8103           0 :             return NULL;
    8104             : 
    8105           0 :         switch (whichChkpt)
    8106             :         {
    8107             :             case 1:
    8108           0 :                 ereport(LOG,
    8109             :                         (errmsg("invalid primary checkpoint record")));
    8110           0 :                 break;
    8111             :             default:
    8112           0 :                 ereport(LOG,
    8113             :                         (errmsg("invalid checkpoint record")));
    8114           0 :                 break;
    8115             :         }
    8116           0 :         return NULL;
    8117             :     }
    8118        1238 :     if (record->xl_rmid != RM_XLOG_ID)
    8119             :     {
    8120           0 :         switch (whichChkpt)
    8121             :         {
    8122             :             case 1:
    8123           0 :                 ereport(LOG,
    8124             :                         (errmsg("invalid resource manager ID in primary checkpoint record")));
    8125           0 :                 break;
    8126             :             default:
    8127           0 :                 ereport(LOG,
    8128             :                         (errmsg("invalid resource manager ID in checkpoint record")));
    8129           0 :                 break;
    8130             :         }
    8131           0 :         return NULL;
    8132             :     }
    8133        1238 :     info = record->xl_info & ~XLR_INFO_MASK;
    8134        1238 :     if (info != XLOG_CHECKPOINT_SHUTDOWN &&
    8135             :         info != XLOG_CHECKPOINT_ONLINE)
    8136             :     {
    8137           0 :         switch (whichChkpt)
    8138             :         {
    8139             :             case 1:
    8140           0 :                 ereport(LOG,
    8141             :                         (errmsg("invalid xl_info in primary checkpoint record")));
    8142           0 :                 break;
    8143             :             default:
    8144           0 :                 ereport(LOG,
    8145             :                         (errmsg("invalid xl_info in checkpoint record")));
    8146           0 :                 break;
    8147             :         }
    8148           0 :         return NULL;
    8149             :     }
    8150        1238 :     if (record->xl_tot_len != SizeOfXLogRecord + SizeOfXLogRecordDataHeaderShort + sizeof(CheckPoint))
    8151             :     {
    8152           0 :         switch (whichChkpt)
    8153             :         {
    8154             :             case 1:
    8155           0 :                 ereport(LOG,
    8156             :                         (errmsg("invalid length of primary checkpoint record")));
    8157           0 :                 break;
    8158             :             default:
    8159           0 :                 ereport(LOG,
    8160             :                         (errmsg("invalid length of checkpoint record")));
    8161           0 :                 break;
    8162             :         }
    8163           0 :         return NULL;
    8164             :     }
    8165        1238 :     return record;
    8166             : }
    8167             : 
    8168             : /*
    8169             :  * This must be called in a backend process before creating WAL records
    8170             :  * (except in a standalone backend, which does StartupXLOG instead).  We need
    8171             :  * to initialize the local copies of ThisTimeLineID and RedoRecPtr.
    8172             :  *
    8173             :  * Note: before Postgres 8.0, we went to some effort to keep the postmaster
    8174             :  * process's copies of ThisTimeLineID and RedoRecPtr valid too.  This was
    8175             :  * unnecessary however, since the postmaster itself never touches XLOG anyway.
    8176             :  */
    8177             : void
    8178       13378 : InitXLOGAccess(void)
    8179             : {
    8180       13378 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    8181             : 
    8182             :     /* ThisTimeLineID doesn't change so we need no lock to copy it */
    8183       13378 :     ThisTimeLineID = XLogCtl->ThisTimeLineID;
    8184             :     Assert(ThisTimeLineID != 0 || IsBootstrapProcessingMode());
    8185             : 
    8186             :     /* set wal_segment_size */
    8187       13378 :     wal_segment_size = ControlFile->xlog_seg_size;
    8188             : 
    8189             :     /* Use GetRedoRecPtr to copy the RedoRecPtr safely */
    8190       13378 :     (void) GetRedoRecPtr();
    8191             :     /* Also update our copy of doPageWrites. */
    8192       13378 :     doPageWrites = (Insert->fullPageWrites || Insert->forcePageWrites);
    8193             : 
    8194             :     /* Also initialize the working areas for constructing WAL records */
    8195       13378 :     InitXLogInsert();
    8196       13378 : }
    8197             : 
    8198             : /*
    8199             :  * Return the current Redo pointer from shared memory.
    8200             :  *
    8201             :  * As a side-effect, the local RedoRecPtr copy is updated.
    8202             :  */
    8203             : XLogRecPtr
    8204      158606 : GetRedoRecPtr(void)
    8205             : {
    8206             :     XLogRecPtr  ptr;
    8207             : 
    8208             :     /*
    8209             :      * The possibly not up-to-date copy in XlogCtl is enough. Even if we
    8210             :      * grabbed a WAL insertion lock to read the master copy, someone might
    8211             :      * update it just after we've released the lock.
    8212             :      */
    8213      158606 :     SpinLockAcquire(&XLogCtl->info_lck);
    8214      158606 :     ptr = XLogCtl->RedoRecPtr;
    8215      158606 :     SpinLockRelease(&XLogCtl->info_lck);
    8216             : 
    8217      158606 :     if (RedoRecPtr < ptr)
    8218        9954 :         RedoRecPtr = ptr;
    8219             : 
    8220      158606 :     return RedoRecPtr;
    8221             : }
    8222             : 
    8223             : /*
    8224             :  * Return information needed to decide whether a modified block needs a
    8225             :  * full-page image to be included in the WAL record.
    8226             :  *
    8227             :  * The returned values are cached copies from backend-private memory, and
    8228             :  * possibly out-of-date.  XLogInsertRecord will re-check them against
    8229             :  * up-to-date values, while holding the WAL insert lock.
    8230             :  */
    8231             : void
    8232    29683720 : GetFullPageWriteInfo(XLogRecPtr *RedoRecPtr_p, bool *doPageWrites_p)
    8233             : {
    8234    29683720 :     *RedoRecPtr_p = RedoRecPtr;
    8235    29683720 :     *doPageWrites_p = doPageWrites;
    8236    29683720 : }
    8237             : 
    8238             : /*
    8239             :  * GetInsertRecPtr -- Returns the current insert position.
    8240             :  *
    8241             :  * NOTE: The value *actually* returned is the position of the last full
    8242             :  * xlog page. It lags behind the real insert position by at most 1 page.
    8243             :  * For that, we don't need to scan through WAL insertion locks, and an
    8244             :  * approximation is enough for the current usage of this function.
    8245             :  */
    8246             : XLogRecPtr
    8247        1856 : GetInsertRecPtr(void)
    8248             : {
    8249             :     XLogRecPtr  recptr;
    8250             : 
    8251        1856 :     SpinLockAcquire(&XLogCtl->info_lck);
    8252        1856 :     recptr = XLogCtl->LogwrtRqst.Write;
    8253        1856 :     SpinLockRelease(&XLogCtl->info_lck);
    8254             : 
    8255        1856 :     return recptr;
    8256             : }
    8257             : 
    8258             : /*
    8259             :  * GetFlushRecPtr -- Returns the current flush position, ie, the last WAL
    8260             :  * position known to be fsync'd to disk.
    8261             :  */
    8262             : XLogRecPtr
    8263       56128 : GetFlushRecPtr(void)
    8264             : {
    8265       56128 :     SpinLockAcquire(&XLogCtl->info_lck);
    8266       56128 :     LogwrtResult = XLogCtl->LogwrtResult;
    8267       56128 :     SpinLockRelease(&XLogCtl->info_lck);
    8268             : 
    8269       56128 :     return LogwrtResult.Flush;
    8270             : }
    8271             : 
    8272             : /*
    8273             :  * GetLastImportantRecPtr -- Returns the LSN of the last important record
    8274             :  * inserted. All records not explicitly marked as unimportant are considered
    8275             :  * important.
    8276             :  *
    8277             :  * The LSN is determined by computing the maximum of
    8278             :  * WALInsertLocks[i].lastImportantAt.
    8279             :  */
    8280             : XLogRecPtr
    8281        2872 : GetLastImportantRecPtr(void)
    8282             : {
    8283        2872 :     XLogRecPtr  res = InvalidXLogRecPtr;
    8284             :     int         i;
    8285             : 
    8286       25848 :     for (i = 0; i < NUM_XLOGINSERT_LOCKS; i++)
    8287             :     {
    8288             :         XLogRecPtr  last_important;
    8289             : 
    8290             :         /*
    8291             :          * Need to take a lock to prevent torn reads of the LSN, which are
    8292             :          * possible on some of the supported platforms. WAL insert locks only
    8293             :          * support exclusive mode, so we have to use that.
    8294             :          */
    8295       22976 :         LWLockAcquire(&WALInsertLocks[i].l.lock, LW_EXCLUSIVE);
    8296       22976 :         last_important = WALInsertLocks[i].l.lastImportantAt;
    8297       22976 :         LWLockRelease(&WALInsertLocks[i].l.lock);
    8298             : 
    8299       22976 :         if (res < last_important)
    8300        3420 :             res = last_important;
    8301             :     }
    8302             : 
    8303        2872 :     return res;
    8304             : }
    8305             : 
    8306             : /*
    8307             :  * Get the time and LSN of the last xlog segment switch
    8308             :  */
    8309             : pg_time_t
    8310           0 : GetLastSegSwitchData(XLogRecPtr *lastSwitchLSN)
    8311             : {
    8312             :     pg_time_t   result;
    8313             : 
    8314             :     /* Need WALWriteLock, but shared lock is sufficient */
    8315           0 :     LWLockAcquire(WALWriteLock, LW_SHARED);
    8316           0 :     result = XLogCtl->lastSegSwitchTime;
    8317           0 :     *lastSwitchLSN = XLogCtl->lastSegSwitchLSN;
    8318           0 :     LWLockRelease(WALWriteLock);
    8319             : 
    8320           0 :     return result;
    8321             : }
    8322             : 
    8323             : /*
    8324             :  * This must be called ONCE during postmaster or standalone-backend shutdown
    8325             :  */
    8326             : void
    8327        1024 : ShutdownXLOG(int code, Datum arg)
    8328             : {
    8329             :     /*
    8330             :      * We should have an aux process resource owner to use, and we should not
    8331             :      * be in a transaction that's installed some other resowner.
    8332             :      */
    8333             :     Assert(AuxProcessResourceOwner != NULL);
    8334             :     Assert(CurrentResourceOwner == NULL ||
    8335             :            CurrentResourceOwner == AuxProcessResourceOwner);
    8336        1024 :     CurrentResourceOwner = AuxProcessResourceOwner;
    8337             : 
    8338             :     /* Don't be chatty in standalone mode */
    8339        1024 :     ereport(IsPostmasterEnvironment ? LOG : NOTICE,
    8340             :             (errmsg("shutting down")));
    8341             : 
    8342             :     /*
    8343             :      * Signal walsenders to move to stopping state.
    8344             :      */
    8345        1024 :     WalSndInitStopping();
    8346             : 
    8347             :     /*
    8348             :      * Wait for WAL senders to be in stopping state.  This prevents commands
    8349             :      * from writing new WAL.
    8350             :      */
    8351        1024 :     WalSndWaitStopping();
    8352             : 
    8353        1024 :     if (RecoveryInProgress())
    8354          22 :         CreateRestartPoint(CHECKPOINT_IS_SHUTDOWN | CHECKPOINT_IMMEDIATE);
    8355             :     else
    8356             :     {
    8357             :         /*
    8358             :          * If archiving is enabled, rotate the last XLOG file so that all the
    8359             :          * remaining records are archived (postmaster wakes up the archiver
    8360             :          * process one more time at the end of shutdown). The checkpoint
    8361             :          * record will go to the next XLOG file and won't be archived (yet).
    8362             :          */
    8363        1002 :         if (XLogArchivingActive() && XLogArchiveCommandSet())
    8364           0 :             RequestXLogSwitch(false);
    8365             : 
    8366        1002 :         CreateCheckPoint(CHECKPOINT_IS_SHUTDOWN | CHECKPOINT_IMMEDIATE);
    8367             :     }
    8368        1024 :     ShutdownCLOG();
    8369        1024 :     ShutdownCommitTs();
    8370        1024 :     ShutdownSUBTRANS();
    8371        1024 :     ShutdownMultiXact();
    8372        1024 : }
    8373             : 
    8374             : /*
    8375             :  * Log start of a checkpoint.
    8376             :  */
    8377             : static void
    8378         450 : LogCheckpointStart(int flags, bool restartpoint)
    8379             : {
    8380         450 :     elog(LOG, "%s starting:%s%s%s%s%s%s%s%s",
    8381             :          restartpoint ? "restartpoint" : "checkpoint",
    8382             :          (flags & CHECKPOINT_IS_SHUTDOWN) ? " shutdown" : "",
    8383             :          (flags & CHECKPOINT_END_OF_RECOVERY) ? " end-of-recovery" : "",
    8384             :          (flags & CHECKPOINT_IMMEDIATE) ? " immediate" : "",
    8385             :          (flags & CHECKPOINT_FORCE) ? " force" : "",
    8386             :          (flags & CHECKPOINT_WAIT) ? " wait" : "",
    8387             :          (flags & CHECKPOINT_CAUSE_XLOG) ? " wal" : "",
    8388             :          (flags & CHECKPOINT_CAUSE_TIME) ? " time" : "",
    8389             :          (flags & CHECKPOINT_FLUSH_ALL) ? " flush-all" : "");
    8390         450 : }
    8391             : 
    8392             : /*
    8393             :  * Log end of a checkpoint.
    8394             :  */
    8395             : static void
    8396        2832 : LogCheckpointEnd(bool restartpoint)
    8397             : {
    8398             :     long        write_secs,
    8399             :                 sync_secs,
    8400             :                 total_secs,
    8401             :                 longest_secs,
    8402             :                 average_secs;
    8403             :     int         write_usecs,
    8404             :                 sync_usecs,
    8405             :                 total_usecs,
    8406             :                 longest_usecs,
    8407             :                 average_usecs;
    8408             :     uint64      average_sync_time;
    8409             : 
    8410        2832 :     CheckpointStats.ckpt_end_t = GetCurrentTimestamp();
    8411             : 
    8412        2832 :     TimestampDifference(CheckpointStats.ckpt_write_t,
    8413             :                         CheckpointStats.ckpt_sync_t,
    8414             :                         &write_secs, &write_usecs);
    8415             : 
    8416        2832 :     TimestampDifference(CheckpointStats.ckpt_sync_t,
    8417             :                         CheckpointStats.ckpt_sync_end_t,
    8418             :                         &sync_secs, &sync_usecs);
    8419             : 
    8420             :     /* Accumulate checkpoint timing summary data, in milliseconds. */
    8421        5664 :     BgWriterStats.m_checkpoint_write_time +=
    8422        2832 :         write_secs * 1000 + write_usecs / 1000;
    8423        5664 :     BgWriterStats.m_checkpoint_sync_time +=
    8424        2832 :         sync_secs * 1000 + sync_usecs / 1000;
    8425             : 
    8426             :     /*
    8427             :      * All of the published timing statistics are accounted for.  Only
    8428             :      * continue if a log message is to be written.
    8429             :      */
    8430        2832 :     if (!log_checkpoints)
    8431        2382 :         return;
    8432             : 
    8433         450 :     TimestampDifference(CheckpointStats.ckpt_start_t,
    8434             :                         CheckpointStats.ckpt_end_t,
    8435             :                         &total_secs, &total_usecs);
    8436             : 
    8437             :     /*
    8438             :      * Timing values returned from CheckpointStats are in microseconds.
    8439             :      * Convert to the second plus microsecond form that TimestampDifference
    8440             :      * returns for homogeneous printing.
    8441             :      */
    8442         450 :     longest_secs = (long) (CheckpointStats.ckpt_longest_sync / 1000000);
    8443         450 :     longest_usecs = CheckpointStats.ckpt_longest_sync -
    8444             :         (uint64) longest_secs * 1000000;
    8445             : 
    8446         450 :     average_sync_time = 0;
    8447         450 :     if (CheckpointStats.ckpt_sync_rels > 0)
    8448           0 :         average_sync_time = CheckpointStats.ckpt_agg_sync_time /
    8449           0 :             CheckpointStats.ckpt_sync_rels;
    8450         450 :     average_secs = (long) (average_sync_time / 1000000);
    8451         450 :     average_usecs = average_sync_time - (uint64) average_secs * 1000000;
    8452             : 
    8453         450 :     elog(LOG, "%s complete: wrote %d buffers (%.1f%%); "
    8454             :          "%d WAL file(s) added, %d removed, %d recycled; "
    8455             :          "write=%ld.%03d s, sync=%ld.%03d s, total=%ld.%03d s; "
    8456             :          "sync files=%d, longest=%ld.%03d s, average=%ld.%03d s; "
    8457             :          "distance=%d kB, estimate=%d kB",
    8458             :          restartpoint ? "restartpoint" : "checkpoint",
    8459             :          CheckpointStats.ckpt_bufs_written,
    8460             :          (double) CheckpointStats.ckpt_bufs_written * 100 / NBuffers,
    8461             :          CheckpointStats.ckpt_segs_added,
    8462             :          CheckpointStats.ckpt_segs_removed,
    8463             :          CheckpointStats.ckpt_segs_recycled,
    8464             :          write_secs, write_usecs / 1000,
    8465             :          sync_secs, sync_usecs / 1000,
    8466             :          total_secs, total_usecs / 1000,
    8467             :          CheckpointStats.ckpt_sync_rels,
    8468             :          longest_secs, longest_usecs / 1000,
    8469             :          average_secs, average_usecs / 1000,
    8470             :          (int) (PrevCheckPointDistance / 1024.0),
    8471             :          (int) (CheckPointDistanceEstimate / 1024.0));
    8472             : }
    8473             : 
    8474             : /*
    8475             :  * Update the estimate of distance between checkpoints.
    8476             :  *
    8477             :  * The estimate is used to calculate the number of WAL segments to keep
    8478             :  * preallocated, see XLOGfileslop().
    8479             :  */
    8480             : static void
    8481        2832 : UpdateCheckPointDistanceEstimate(uint64 nbytes)
    8482             : {
    8483             :     /*
    8484             :      * To estimate the number of segments consumed between checkpoints, keep a
    8485             :      * moving average of the amount of WAL generated in previous checkpoint
    8486             :      * cycles. However, if the load is bursty, with quiet periods and busy
    8487             :      * periods, we want to cater for the peak load. So instead of a plain
    8488             :      * moving average, let the average decline slowly if the previous cycle
    8489             :      * used less WAL than estimated, but bump it up immediately if it used
    8490             :      * more.
    8491             :      *
    8492             :      * When checkpoints are triggered by max_wal_size, this should converge to
    8493             :      * CheckpointSegments * wal_segment_size,
    8494             :      *
    8495             :      * Note: This doesn't pay any attention to what caused the checkpoint.
    8496             :      * Checkpoints triggered manually with CHECKPOINT command, or by e.g.
    8497             :      * starting a base backup, are counted the same as those created
    8498             :      * automatically. The slow-decline will largely mask them out, if they are
    8499             :      * not frequent. If they are frequent, it seems reasonable to count them
    8500             :      * in as any others; if you issue a manual checkpoint every 5 minutes and
    8501             :      * never let a timed checkpoint happen, it makes sense to base the
    8502             :      * preallocation on that 5 minute interval rather than whatever
    8503             :      * checkpoint_timeout is set to.
    8504             :      */
    8505        2832 :     PrevCheckPointDistance = nbytes;
    8506        2832 :     if (CheckPointDistanceEstimate < nbytes)
    8507        1228 :         CheckPointDistanceEstimate = nbytes;
    8508             :     else
    8509        1604 :         CheckPointDistanceEstimate =
    8510        1604 :             (0.90 * CheckPointDistanceEstimate + 0.10 * (double) nbytes);
    8511        2832 : }
    8512             : 
    8513             : /*
    8514             :  * Perform a checkpoint --- either during shutdown, or on-the-fly
    8515             :  *
    8516             :  * flags is a bitwise OR of the following:
    8517             :  *  CHECKPOINT_IS_SHUTDOWN: checkpoint is for database shutdown.
    8518             :  *  CHECKPOINT_END_OF_RECOVERY: checkpoint is for end of WAL recovery.
    8519             :  *  CHECKPOINT_IMMEDIATE: finish the checkpoint ASAP,
    8520             :  *      ignoring checkpoint_completion_target parameter.
    8521             :  *  CHECKPOINT_FORCE: force a checkpoint even if no XLOG activity has occurred
    8522             :  *      since the last one (implied by CHECKPOINT_IS_SHUTDOWN or
    8523             :  *      CHECKPOINT_END_OF_RECOVERY).
    8524             :  *  CHECKPOINT_FLUSH_ALL: also flush buffers of unlogged tables.
    8525             :  *
    8526             :  * Note: flags contains other bits, of interest here only for logging purposes.
    8527             :  * In particular note that this routine is synchronous and does not pay
    8528             :  * attention to CHECKPOINT_WAIT.
    8529             :  *
    8530             :  * If !shutdown then we are writing an online checkpoint. This is a very special
    8531             :  * kind of operation and WAL record because the checkpoint action occurs over
    8532             :  * a period of time yet logically occurs at just a single LSN. The logical
    8533             :  * position of the WAL record (redo ptr) is the same or earlier than the
    8534             :  * physical position. When we replay WAL we locate the checkpoint via its
    8535             :  * physical position then read the redo ptr and actually start replay at the
    8536             :  * earlier logical position. Note that we don't write *anything* to WAL at
    8537             :  * the logical position, so that location could be any other kind of WAL record.
    8538             :  * All of this mechanism allows us to continue working while we checkpoint.
    8539             :  * As a result, timing of actions is critical here and be careful to note that
    8540             :  * this function will likely take minutes to execute on a busy system.
    8541             :  */
    8542             : void
    8543        2816 : CreateCheckPoint(int flags)
    8544             : {
    8545             :     bool        shutdown;
    8546             :     CheckPoint  checkPoint;
    8547             :     XLogRecPtr  recptr;
    8548             :     XLogSegNo   _logSegNo;
    8549        2816 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    8550             :     uint32      freespace;
    8551             :     XLogRecPtr  PriorRedoPtr;
    8552             :     XLogRecPtr  curInsert;
    8553             :     XLogRecPtr  last_important_lsn;
    8554             :     VirtualTransactionId *vxids;
    8555             :     int         nvxids;
    8556             : 
    8557             :     /*
    8558             :      * An end-of-recovery checkpoint is really a shutdown checkpoint, just
    8559             :      * issued at a different time.
    8560             :      */
    8561        2816 :     if (flags & (CHECKPOINT_IS_SHUTDOWN | CHECKPOINT_END_OF_RECOVERY))
    8562        1050 :         shutdown = true;
    8563             :     else
    8564        1766 :         shutdown = false;
    8565             : 
    8566             :     /* sanity check */
    8567        2816 :     if (RecoveryInProgress() && (flags & CHECKPOINT_END_OF_RECOVERY) == 0)
    8568           0 :         elog(ERROR, "can't create a checkpoint during recovery");
    8569             : 
    8570             :     /*
    8571             :      * Initialize InitXLogInsert working areas before entering the critical
    8572             :      * section.  Normally, this is done by the first call to
    8573             :      * RecoveryInProgress() or LocalSetXLogInsertAllowed(), but when creating
    8574             :      * an end-of-recovery checkpoint, the LocalSetXLogInsertAllowed call is
    8575             :      * done below in a critical section, and InitXLogInsert cannot be called
    8576             :      * in a critical section.
    8577             :      */
    8578        2816 :     InitXLogInsert();
    8579             : 
    8580             :     /*
    8581             :      * Acquire CheckpointLock to ensure only one checkpoint happens at a time.
    8582             :      * (This is just pro forma, since in the present system structure there is
    8583             :      * only one process that is allowed to issue checkpoints at any given
    8584             :      * time.)
    8585             :      */
    8586        2816 :     LWLockAcquire(CheckpointLock, LW_EXCLUSIVE);
    8587             : 
    8588             :     /*
    8589             :      * Prepare to accumulate statistics.
    8590             :      *
    8591             :      * Note: because it is possible for log_checkpoints to change while a
    8592             :      * checkpoint proceeds, we always accumulate stats, even if
    8593             :      * log_checkpoints is currently off.
    8594             :      */
    8595        2816 :     MemSet(&CheckpointStats, 0, sizeof(CheckpointStats));
    8596        2816 :     CheckpointStats.ckpt_start_t = GetCurrentTimestamp();
    8597             : 
    8598             :     /*
    8599             :      * Use a critical section to force system panic if we have trouble.
    8600             :      */
    8601        2816 :     START_CRIT_SECTION();
    8602             : 
    8603        2816 :     if (shutdown)
    8604             :     {
    8605        1050 :         LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    8606        1050 :         ControlFile->state = DB_SHUTDOWNING;
    8607        1050 :         ControlFile->time = (pg_time_t) time(NULL);
    8608        1050 :         UpdateControlFile();
    8609        1050 :         LWLockRelease(ControlFileLock);
    8610             :     }
    8611             : 
    8612             :     /*
    8613             :      * Let smgr prepare for checkpoint; this has to happen before we determine
    8614             :      * the REDO pointer.  Note that smgr must not do anything that'd have to
    8615             :      * be undone if we decide no checkpoint is needed.
    8616             :      */
    8617        2816 :     SyncPreCheckpoint();
    8618             : 
    8619             :     /* Begin filling in the checkpoint WAL record */
    8620        2816 :     MemSet(&checkPoint, 0, sizeof(checkPoint));
    8621        2816 :     checkPoint.time = (pg_time_t) time(NULL);
    8622             : 
    8623             :     /*
    8624             :      * For Hot Standby, derive the oldestActiveXid before we fix the redo
    8625             :      * pointer. This allows us to begin accumulating changes to assemble our
    8626             :      * starting snapshot of locks and transactions.
    8627             :      */
    8628        2816 :     if (!shutdown && XLogStandbyInfoActive())
    8629        1728 :         checkPoint.oldestActiveXid = GetOldestActiveTransactionId();
    8630             :     else
    8631        1088 :         checkPoint.oldestActiveXid = InvalidTransactionId;
    8632             : 
    8633             :     /*
    8634             :      * Get location of last important record before acquiring insert locks (as
    8635             :      * GetLastImportantRecPtr() also locks WAL locks).
    8636             :      */
    8637        2816 :     last_important_lsn = GetLastImportantRecPtr();
    8638             : 
    8639             :     /*
    8640             :      * We must block concurrent insertions while examining insert state to
    8641             :      * determine the checkpoint REDO pointer.
    8642             :      */
    8643        2816 :     WALInsertLockAcquireExclusive();
    8644        2816 :     curInsert = XLogBytePosToRecPtr(Insert->CurrBytePos);
    8645             : 
    8646             :     /*
    8647             :      * If this isn't a shutdown or forced checkpoint, and if there has been no
    8648             :      * WAL activity requiring a checkpoint, skip it.  The idea here is to
    8649             :      * avoid inserting duplicate checkpoints when the system is idle.
    8650             :      */
    8651        2816 :     if ((flags & (CHECKPOINT_IS_SHUTDOWN | CHECKPOINT_END_OF_RECOVERY |
    8652             :                   CHECKPOINT_FORCE)) == 0)
    8653             :     {
    8654          10 :         if (last_important_lsn == ControlFile->checkPoint)
    8655             :         {
    8656           0 :             WALInsertLockRelease();
    8657           0 :             LWLockRelease(CheckpointLock);
    8658           0 :             END_CRIT_SECTION();
    8659           0 :             ereport(DEBUG1,
    8660             :                     (errmsg("checkpoint skipped because system is idle")));
    8661           0 :             return;
    8662             :         }
    8663             :     }
    8664             : 
    8665             :     /*
    8666             :      * An end-of-recovery checkpoint is created before anyone is allowed to
    8667             :      * write WAL. To allow us to write the checkpoint record, temporarily
    8668             :      * enable XLogInsertAllowed.  (This also ensures ThisTimeLineID is
    8669             :      * initialized, which we need here and in AdvanceXLInsertBuffer.)
    8670             :      */
    8671        2816 :     if (flags & CHECKPOINT_END_OF_RECOVERY)
    8672          48 :         LocalSetXLogInsertAllowed();
    8673             : 
    8674        2816 :     checkPoint.ThisTimeLineID = ThisTimeLineID;
    8675        2816 :     if (flags & CHECKPOINT_END_OF_RECOVERY)
    8676          48 :         checkPoint.PrevTimeLineID = XLogCtl->PrevTimeLineID;
    8677             :     else
    8678        2768 :         checkPoint.PrevTimeLineID = ThisTimeLineID;
    8679             : 
    8680        2816 :     checkPoint.fullPageWrites = Insert->fullPageWrites;
    8681             : 
    8682             :     /*
    8683             :      * Compute new REDO record ptr = location of next XLOG record.
    8684             :      *
    8685             :      * NB: this is NOT necessarily where the checkpoint record itself will be,
    8686             :      * since other backends may insert more XLOG records while we're off doing
    8687             :      * the buffer flush work.  Those XLOG records are logically after the
    8688             :      * checkpoint, even though physically before it.  Got that?
    8689             :      */
    8690        2816 :     freespace = INSERT_FREESPACE(curInsert);
    8691        2816 :     if (freespace == 0)
    8692             :     {
    8693           0 :         if (XLogSegmentOffset(curInsert, wal_segment_size) == 0)
    8694           0 :             curInsert += SizeOfXLogLongPHD;
    8695             :         else
    8696           0 :             curInsert += SizeOfXLogShortPHD;
    8697             :     }
    8698        2816 :     checkPoint.redo = curInsert;
    8699             : 
    8700             :     /*
    8701             :      * Here we update the shared RedoRecPtr for future XLogInsert calls; this
    8702             :      * must be done while holding all the insertion locks.
    8703             :      *
    8704             :      * Note: if we fail to complete the checkpoint, RedoRecPtr will be left
    8705             :      * pointing past where it really needs to point.  This is okay; the only
    8706             :      * consequence is that XLogInsert might back up whole buffers that it
    8707             :      * didn't really need to.  We can't postpone advancing RedoRecPtr because
    8708             :      * XLogInserts that happen while we are dumping buffers must assume that
    8709             :      * their buffer changes are not included in the checkpoint.
    8710             :      */
    8711        2816 :     RedoRecPtr = XLogCtl->Insert.RedoRecPtr = checkPoint.redo;
    8712             : 
    8713             :     /*
    8714             :      * Now we can release the WAL insertion locks, allowing other xacts to
    8715             :      * proceed while we are flushing disk buffers.
    8716             :      */
    8717        2816 :     WALInsertLockRelease();
    8718             : 
    8719             :     /* Update the info_lck-protected copy of RedoRecPtr as well */
    8720        2816 :     SpinLockAcquire(&XLogCtl->info_lck);
    8721        2816 :     XLogCtl->RedoRecPtr = checkPoint.redo;
    8722        2816 :     SpinLockRelease(&XLogCtl->info_lck);
    8723             : 
    8724             :     /*
    8725             :      * If enabled, log checkpoint start.  We postpone this until now so as not
    8726             :      * to log anything if we decided to skip the checkpoint.
    8727             :      */
    8728        2816 :     if (log_checkpoints)
    8729         446 :         LogCheckpointStart(flags, false);
    8730             : 
    8731             :     TRACE_POSTGRESQL_CHECKPOINT_START(flags);
    8732             : 
    8733             :     /*
    8734             :      * Get the other info we need for the checkpoint record.
    8735             :      *
    8736             :      * We don't need to save oldestClogXid in the checkpoint, it only matters
    8737             :      * for the short period in which clog is being truncated, and if we crash
    8738             :      * during that we'll redo the clog truncation and fix up oldestClogXid
    8739             :      * there.
    8740             :      */
    8741        2816 :     LWLockAcquire(XidGenLock, LW_SHARED);
    8742        2816 :     checkPoint.nextFullXid = ShmemVariableCache->nextFullXid;
    8743        2816 :     checkPoint.oldestXid = ShmemVariableCache->oldestXid;
    8744        2816 :     checkPoint.oldestXidDB = ShmemVariableCache->oldestXidDB;
    8745        2816 :     LWLockRelease(XidGenLock);
    8746             : 
    8747        2816 :     LWLockAcquire(CommitTsLock, LW_SHARED);
    8748        2816 :     checkPoint.oldestCommitTsXid = ShmemVariableCache->oldestCommitTsXid;
    8749        2816 :     checkPoint.newestCommitTsXid = ShmemVariableCache->newestCommitTsXid;
    8750        2816 :     LWLockRelease(CommitTsLock);
    8751             : 
    8752        2816 :     LWLockAcquire(OidGenLock, LW_SHARED);
    8753        2816 :     checkPoint.nextOid = ShmemVariableCache->nextOid;
    8754        2816 :     if (!shutdown)
    8755        1766 :         checkPoint.nextOid += ShmemVariableCache->oidCount;
    8756        2816 :     LWLockRelease(OidGenLock);
    8757             : 
    8758        2816 :     MultiXactGetCheckptMulti(shutdown,
    8759             :                              &checkPoint.nextMulti,
    8760             :                              &checkPoint.nextMultiOffset,
    8761             :                              &checkPoint.oldestMulti,
    8762             :                              &checkPoint.oldestMultiDB);
    8763             : 
    8764             :     /*
    8765             :      * Having constructed the checkpoint record, ensure all shmem disk buffers
    8766             :      * and commit-log buffers are flushed to disk.
    8767             :      *
    8768             :      * This I/O could fail for various reasons.  If so, we will fail to
    8769             :      * complete the checkpoint, but there is no reason to force a system
    8770             :      * panic. Accordingly, exit critical section while doing it.
    8771             :      */
    8772        2816 :     END_CRIT_SECTION();
    8773             : 
    8774             :     /*
    8775             :      * In some cases there are groups of actions that must all occur on one
    8776             :      * side or the other of a checkpoint record. Before flushing the
    8777             :      * checkpoint record we must explicitly wait for any backend currently
    8778             :      * performing those groups of actions.
    8779             :      *
    8780             :      * One example is end of transaction, so we must wait for any transactions
    8781             :      * that are currently in commit critical sections.  If an xact inserted
    8782             :      * its commit record into XLOG just before the REDO point, then a crash
    8783             :      * restart from the REDO point would not replay that record, which means
    8784             :      * that our flushing had better include the xact's update of pg_xact.  So
    8785             :      * we wait till he's out of his commit critical section before proceeding.
    8786             :      * See notes in RecordTransactionCommit().
    8787             :      *
    8788             :      * Because we've already released the insertion locks, this test is a bit
    8789             :      * fuzzy: it is possible that we will wait for xacts we didn't really need
    8790             :      * to wait for.  But the delay should be short and it seems better to make
    8791             :      * checkpoint take a bit longer than to hold off insertions longer than
    8792             :      * necessary. (In fact, the whole reason we have this issue is that xact.c
    8793             :      * does commit record XLOG insertion and clog update as two separate steps
    8794             :      * protected by different locks, but again that seems best on grounds of
    8795             :      * minimizing lock contention.)
    8796             :      *
    8797             :      * A transaction that has not yet set delayChkpt when we look cannot be at
    8798             :      * risk, since he's not inserted his commit record yet; and one that's
    8799             :      * already cleared it is not at risk either, since he's done fixing clog
    8800             :      * and we will correctly flush the update below.  So we cannot miss any
    8801             :      * xacts we need to wait for.
    8802             :      */
    8803        2816 :     vxids = GetVirtualXIDsDelayingChkpt(&nvxids);
    8804        2816 :     if (nvxids > 0)
    8805             :     {
    8806             :         do
    8807             :         {
    8808           8 :             pg_usleep(10000L);  /* wait for 10 msec */
    8809           8 :         } while (HaveVirtualXIDsDelayingChkpt(vxids, nvxids));
    8810             :     }
    8811        2816 :     pfree(vxids);
    8812             : 
    8813        2816 :     CheckPointGuts(checkPoint.redo, flags);
    8814             : 
    8815             :     /*
    8816             :      * Take a snapshot of running transactions and write this to WAL. This
    8817             :      * allows us to reconstruct the state of running transactions during
    8818             :      * archive recovery, if required. Skip, if this info disabled.
    8819             :      *
    8820             :      * If we are shutting down, or Startup process is completing crash
    8821             :      * recovery we don't need to write running xact data.
    8822             :      */
    8823        2816 :     if (!shutdown && XLogStandbyInfoActive())
    8824        1728 :         LogStandbySnapshot();
    8825             : 
    8826        2816 :     START_CRIT_SECTION();
    8827             : 
    8828             :     /*
    8829             :      * Now insert the checkpoint record into XLOG.
    8830             :      */
    8831        2816 :     XLogBeginInsert();
    8832        2816 :     XLogRegisterData((char *) (&checkPoint), sizeof(checkPoint));
    8833        2816 :     recptr = XLogInsert(RM_XLOG_ID,
    8834             :                         shutdown ? XLOG_CHECKPOINT_SHUTDOWN :
    8835             :                         XLOG_CHECKPOINT_ONLINE);
    8836             : 
    8837        2816 :     XLogFlush(recptr);
    8838             : 
    8839             :     /*
    8840             :      * We mustn't write any new WAL after a shutdown checkpoint, or it will be
    8841             :      * overwritten at next startup.  No-one should even try, this just allows
    8842             :      * sanity-checking.  In the case of an end-of-recovery checkpoint, we want
    8843             :      * to just temporarily disable writing until the system has exited
    8844             :      * recovery.
    8845             :      */
    8846        2816 :     if (shutdown)
    8847             :     {
    8848        1050 :         if (flags & CHECKPOINT_END_OF_RECOVERY)
    8849          48 :             LocalXLogInsertAllowed = -1;    /* return to "check" state */
    8850             :         else
    8851        1002 :             LocalXLogInsertAllowed = 0; /* never again write WAL */
    8852             :     }
    8853             : 
    8854             :     /*
    8855             :      * We now have ProcLastRecPtr = start of actual checkpoint record, recptr
    8856             :      * = end of actual checkpoint record.
    8857             :      */
    8858        2816 :     if (shutdown && checkPoint.redo != ProcLastRecPtr)
    8859           0 :         ereport(PANIC,
    8860             :                 (errmsg("concurrent write-ahead log activity while database system is shutting down")));
    8861             : 
    8862             :     /*
    8863             :      * Remember the prior checkpoint's redo ptr for
    8864             :      * UpdateCheckPointDistanceEstimate()
    8865             :      */
    8866        2816 :     PriorRedoPtr = ControlFile->checkPointCopy.redo;
    8867             : 
    8868             :     /*
    8869             :      * Update the control file.
    8870             :      */
    8871        2816 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    8872        2816 :     if (shutdown)
    8873        1050 :         ControlFile->state = DB_SHUTDOWNED;
    8874        2816 :     ControlFile->checkPoint = ProcLastRecPtr;
    8875        2816 :     ControlFile->checkPointCopy = checkPoint;
    8876        2816 :     ControlFile->time = (pg_time_t) time(NULL);
    8877             :     /* crash recovery should always recover to the end of WAL */
    8878        2816 :     ControlFile->minRecoveryPoint = InvalidXLogRecPtr;
    8879        2816 :     ControlFile->minRecoveryPointTLI = 0;
    8880             : 
    8881             :     /*
    8882             :      * Persist unloggedLSN value. It's reset on crash recovery, so this goes
    8883             :      * unused on non-shutdown checkpoints, but seems useful to store it always
    8884             :      * for debugging purposes.
    8885             :      */
    8886        2816 :     SpinLockAcquire(&XLogCtl->ulsn_lck);
    8887        2816 :     ControlFile->unloggedLSN = XLogCtl->unloggedLSN;
    8888        2816 :     SpinLockRelease(&XLogCtl->ulsn_lck);
    8889             : 
    8890        2816 :     UpdateControlFile();
    8891        2816 :     LWLockRelease(ControlFileLock);
    8892             : 
    8893             :     /* Update shared-memory copy of checkpoint XID/epoch */
    8894        2816 :     SpinLockAcquire(&XLogCtl->info_lck);
    8895        2816 :     XLogCtl->ckptFullXid = checkPoint.nextFullXid;
    8896        2816 :     SpinLockRelease(&XLogCtl->info_lck);
    8897             : 
    8898             :     /*
    8899             :      * We are now done with critical updates; no need for system panic if we
    8900             :      * have trouble while fooling with old log segments.
    8901             :      */
    8902        2816 :     END_CRIT_SECTION();
    8903             : 
    8904             :     /*
    8905             :      * Let smgr do post-checkpoint cleanup (eg, deleting old files).
    8906             :      */
    8907        2816 :     SyncPostCheckpoint();
    8908             : 
    8909             :     /*
    8910             :      * Update the average distance between checkpoints if the prior checkpoint
    8911             :      * exists.
    8912             :      */
    8913        2816 :     if (PriorRedoPtr != InvalidXLogRecPtr)
    8914        2816 :         UpdateCheckPointDistanceEstimate(RedoRecPtr - PriorRedoPtr);
    8915             : 
    8916             :     /*
    8917             :      * Delete old log files, those no longer needed for last checkpoint to
    8918             :      * prevent the disk holding the xlog from growing full.
    8919             :      */
    8920        2816 :     XLByteToSeg(RedoRecPtr, _logSegNo, wal_segment_size);
    8921        2816 :     KeepLogSeg(recptr, &_logSegNo);
    8922        2816 :     _logSegNo--;
    8923        2816 :     RemoveOldXlogFiles(_logSegNo, RedoRecPtr, recptr);
    8924             : 
    8925             :     /*
    8926             :      * Make more log segments if needed.  (Do this after recycling old log
    8927             :      * segments, since that may supply some of the needed files.)
    8928             :      */
    8929        2816 :     if (!shutdown)
    8930        1766 :         PreallocXlogFiles(recptr);
    8931             : 
    8932             :     /*
    8933             :      * Truncate pg_subtrans if possible.  We can throw away all data before
    8934             :      * the oldest XMIN of any running transaction.  No future transaction will
    8935             :      * attempt to reference any pg_subtrans entry older than that (see Asserts
    8936             :      * in subtrans.c).  During recovery, though, we mustn't do this because
    8937             :      * StartupSUBTRANS hasn't been called yet.
    8938             :      */
    8939        2816 :     if (!RecoveryInProgress())
    8940        2768 :         TruncateSUBTRANS(GetOldestXmin(NULL, PROCARRAY_FLAGS_DEFAULT));
    8941             : 
    8942             :     /* Real work is done, but log and update stats before releasing lock. */
    8943        2816 :     LogCheckpointEnd(false);
    8944             : 
    8945             :     TRACE_POSTGRESQL_CHECKPOINT_DONE(CheckpointStats.ckpt_bufs_written,
    8946             :                                      NBuffers,
    8947             :                                      CheckpointStats.ckpt_segs_added,
    8948             :                                      CheckpointStats.ckpt_segs_removed,
    8949             :                                      CheckpointStats.ckpt_segs_recycled);
    8950             : 
    8951        2816 :     LWLockRelease(CheckpointLock);
    8952             : }
    8953             : 
    8954             : /*
    8955             :  * Mark the end of recovery in WAL though without running a full checkpoint.
    8956             :  * We can expect that a restartpoint is likely to be in progress as we
    8957             :  * do this, though we are unwilling to wait for it to complete. So be
    8958             :  * careful to avoid taking the CheckpointLock anywhere here.
    8959             :  *
    8960             :  * CreateRestartPoint() allows for the case where recovery may end before
    8961             :  * the restartpoint completes so there is no concern of concurrent behaviour.
    8962             :  */
    8963             : static void
    8964          46 : CreateEndOfRecoveryRecord(void)
    8965             : {
    8966             :     xl_end_of_recovery xlrec;
    8967             :     XLogRecPtr  recptr;
    8968             : 
    8969             :     /* sanity check */
    8970          46 :     if (!RecoveryInProgress())
    8971           0 :         elog(ERROR, "can only be used to end recovery");
    8972             : 
    8973          46 :     xlrec.end_time = GetCurrentTimestamp();
    8974             : 
    8975          46 :     WALInsertLockAcquireExclusive();
    8976          46 :     xlrec.ThisTimeLineID = ThisTimeLineID;
    8977          46 :     xlrec.PrevTimeLineID = XLogCtl->PrevTimeLineID;
    8978          46 :     WALInsertLockRelease();
    8979             : 
    8980          46 :     LocalSetXLogInsertAllowed();
    8981             : 
    8982          46 :     START_CRIT_SECTION();
    8983             : 
    8984          46 :     XLogBeginInsert();
    8985          46 :     XLogRegisterData((char *) &xlrec, sizeof(xl_end_of_recovery));
    8986          46 :     recptr = XLogInsert(RM_XLOG_ID, XLOG_END_OF_RECOVERY);
    8987             : 
    8988          46 :     XLogFlush(recptr);
    8989             : 
    8990             :     /*
    8991             :      * Update the control file so that crash recovery can follow the timeline
    8992             :      * changes to this point.
    8993             :      */
    8994          46 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    8995          46 :     ControlFile->time = (pg_time_t) time(NULL);
    8996          46 :     ControlFile->minRecoveryPoint = recptr;
    8997          46 :     ControlFile->minRecoveryPointTLI = ThisTimeLineID;
    8998          46 :     UpdateControlFile();
    8999          46 :     LWLockRelease(ControlFileLock);
    9000             : 
    9001          46 :     END_CRIT_SECTION();
    9002             : 
    9003          46 :     LocalXLogInsertAllowed = -1;    /* return to "check" state */
    9004          46 : }
    9005             : 
    9006             : /*
    9007             :  * Flush all data in shared memory to disk, and fsync
    9008             :  *
    9009             :  * This is the common code shared between regular checkpoints and
    9010             :  * recovery restartpoints.
    9011             :  */
    9012             : static void
    9013        2832 : CheckPointGuts(XLogRecPtr checkPointRedo, int flags)
    9014             : {
    9015        2832 :     CheckPointCLOG();
    9016        2832 :     CheckPointCommitTs();
    9017        2832 :     CheckPointSUBTRANS();
    9018        2832 :     CheckPointMultiXact();
    9019        2832 :     CheckPointPredicate();
    9020        2832 :     CheckPointRelationMap();
    9021        2832 :     CheckPointReplicationSlots();
    9022        2832 :     CheckPointSnapBuild();
    9023        2832 :     CheckPointLogicalRewriteHeap();
    9024        2832 :     CheckPointBuffers(flags);   /* performs all required fsyncs */
    9025        2832 :     CheckPointReplicationOrigin();
    9026             :     /* We deliberately delay 2PC checkpointing as long as possible */
    9027        2832 :     CheckPointTwoPhase(checkPointRedo);
    9028        2832 : }
    9029             : 
    9030             : /*
    9031             :  * Save a checkpoint for recovery restart if appropriate
    9032             :  *
    9033             :  * This function is called each time a checkpoint record is read from XLOG.
    9034             :  * It must determine whether the checkpoint represents a safe restartpoint or
    9035             :  * not.  If so, the checkpoint record is stashed in shared memory so that
    9036             :  * CreateRestartPoint can consult it.  (Note that the latter function is
    9037             :  * executed by the checkpointer, while this one will be executed by the
    9038             :  * startup process.)
    9039             :  */
    9040             : static void
    9041         162 : RecoveryRestartPoint(const CheckPoint *checkPoint)
    9042             : {
    9043             :     /*
    9044             :      * Also refrain from creating a restartpoint if we have seen any
    9045             :      * references to non-existent pages. Restarting recovery from the
    9046             :      * restartpoint would not see the references, so we would lose the
    9047             :      * cross-check that the pages belonged to a relation that was dropped
    9048             :      * later.
    9049             :      */
    9050         162 :     if (XLogHaveInvalidPages())
    9051             :     {
    9052           0 :         elog(trace_recovery(DEBUG2),
    9053             :              "could not record restart point at %X/%X because there "
    9054             :              "are unresolved references to invalid pages",
    9055             :              (uint32) (checkPoint->redo >> 32),
    9056             :              (uint32) checkPoint->redo);
    9057           0 :         return;
    9058             :     }
    9059             : 
    9060             :     /*
    9061             :      * Copy the checkpoint record to shared memory, so that checkpointer can
    9062             :      * work out the next time it wants to perform a restartpoint.
    9063             :      */
    9064         162 :     SpinLockAcquire(&XLogCtl->info_lck);
    9065         162 :     XLogCtl->lastCheckPointRecPtr = ReadRecPtr;
    9066         162 :     XLogCtl->lastCheckPointEndPtr = EndRecPtr;
    9067         162 :     XLogCtl->lastCheckPoint = *checkPoint;
    9068         162 :     SpinLockRelease(&XLogCtl->info_lck);
    9069             : }
    9070             : 
    9071             : /*
    9072             :  * Establish a restartpoint if possible.
    9073             :  *
    9074             :  * This is similar to CreateCheckPoint, but is used during WAL recovery
    9075             :  * to establish a point from which recovery can roll forward without
    9076             :  * replaying the entire recovery log.
    9077             :  *
    9078             :  * Returns true if a new restartpoint was established. We can only establish
    9079             :  * a restartpoint if we have replayed a safe checkpoint record since last
    9080             :  * restartpoint.
    9081             :  */
    9082             : bool
    9083          34 : CreateRestartPoint(int flags)
    9084             : {
    9085             :     XLogRecPtr  lastCheckPointRecPtr;
    9086             :     XLogRecPtr  lastCheckPointEndPtr;
    9087             :     CheckPoint  lastCheckPoint;
    9088             :     XLogRecPtr  PriorRedoPtr;
    9089             :     XLogRecPtr  receivePtr;
    9090             :     XLogRecPtr  replayPtr;
    9091             :     TimeLineID  replayTLI;
    9092             :     XLogRecPtr  endptr;
    9093             :     XLogSegNo   _logSegNo;
    9094             :     TimestampTz xtime;
    9095             : 
    9096             :     /*
    9097             :      * Acquire CheckpointLock to ensure only one restartpoint or checkpoint
    9098             :      * happens at a time.
    9099             :      */
    9100          34 :     LWLockAcquire(CheckpointLock, LW_EXCLUSIVE);
    9101             : 
    9102             :     /* Get a local copy of the last safe checkpoint record. */
    9103          34 :     SpinLockAcquire(&XLogCtl->info_lck);
    9104          34 :     lastCheckPointRecPtr = XLogCtl->lastCheckPointRecPtr;
    9105          34 :     lastCheckPointEndPtr = XLogCtl->lastCheckPointEndPtr;
    9106          34 :     lastCheckPoint = XLogCtl->lastCheckPoint;
    9107          34 :     SpinLockRelease(&XLogCtl->info_lck);
    9108             : 
    9109             :     /*
    9110             :      * Check that we're still in recovery mode. It's ok if we exit recovery
    9111             :      * mode after this check, the restart point is valid anyway.
    9112             :      */
    9113          34 :     if (!RecoveryInProgress())
    9114             :     {
    9115           0 :         ereport(DEBUG2,
    9116             :                 (errmsg("skipping restartpoint, recovery has already ended")));
    9117           0 :         LWLockRelease(CheckpointLock);
    9118           0 :         return false;
    9119             :     }
    9120             : 
    9121             :     /*
    9122             :      * If the last checkpoint record we've replayed is already our last
    9123             :      * restartpoint, we can't perform a new restart point. We still update
    9124             :      * minRecoveryPoint in that case, so that if this is a shutdown restart
    9125             :      * point, we won't start up earlier than before. That's not strictly
    9126             :      * necessary, but when hot standby is enabled, it would be rather weird if
    9127             :      * the database opened up for read-only connections at a point-in-time
    9128             :      * before the last shutdown. Such time travel is still possible in case of
    9129             :      * immediate shutdown, though.
    9130             :      *
    9131             :      * We don't explicitly advance minRecoveryPoint when we do create a
    9132             :      * restartpoint. It's assumed that flushing the buffers will do that as a
    9133             :      * side-effect.
    9134             :      */
    9135          68 :     if (XLogRecPtrIsInvalid(lastCheckPointRecPtr) ||
    9136          34 :         lastCheckPoint.redo <= ControlFile->checkPointCopy.redo)
    9137             :     {
    9138          18 :         ereport(DEBUG2,
    9139             :                 (errmsg("skipping restartpoint, already performed at %X/%X",
    9140             :                         (uint32) (lastCheckPoint.redo >> 32),
    9141             :                         (uint32) lastCheckPoint.redo)));
    9142             : 
    9143          18 :         UpdateMinRecoveryPoint(InvalidXLogRecPtr, true);
    9144          18 :         if (flags & CHECKPOINT_IS_SHUTDOWN)
    9145             :         {
    9146          16 :             LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    9147          16 :             ControlFile->state = DB_SHUTDOWNED_IN_RECOVERY;
    9148          16 :             ControlFile->time = (pg_time_t) time(NULL);
    9149          16 :             UpdateControlFile();
    9150          16 :             LWLockRelease(ControlFileLock);
    9151             :         }
    9152          18 :         LWLockRelease(CheckpointLock);
    9153          18 :         return false;
    9154             :     }
    9155             : 
    9156             :     /*
    9157             :      * Update the shared RedoRecPtr so that the startup process can calculate
    9158             :      * the number of segments replayed since last restartpoint, and request a
    9159             :      * restartpoint if it exceeds CheckPointSegments.
    9160             :      *
    9161             :      * Like in CreateCheckPoint(), hold off insertions to update it, although
    9162             :      * during recovery this is just pro forma, because no WAL insertions are
    9163             :      * happening.
    9164             :      */
    9165          16 :     WALInsertLockAcquireExclusive();
    9166          16 :     RedoRecPtr = XLogCtl->Insert.RedoRecPtr = lastCheckPoint.redo;
    9167          16 :     WALInsertLockRelease();
    9168             : 
    9169             :     /* Also update the info_lck-protected copy */
    9170          16 :     SpinLockAcquire(&XLogCtl->info_lck);
    9171          16 :     XLogCtl->RedoRecPtr = lastCheckPoint.redo;
    9172          16 :     SpinLockRelease(&XLogCtl->info_lck);
    9173             : 
    9174             :     /*
    9175             :      * Prepare to accumulate statistics.
    9176             :      *
    9177             :      * Note: because it is possible for log_checkpoints to change while a
    9178             :      * checkpoint proceeds, we always accumulate stats, even if
    9179             :      * log_checkpoints is currently off.
    9180             :      */
    9181          16 :     MemSet(&CheckpointStats, 0, sizeof(CheckpointStats));
    9182          16 :     CheckpointStats.ckpt_start_t = GetCurrentTimestamp();
    9183             : 
    9184          16 :     if (log_checkpoints)
    9185           4 :         LogCheckpointStart(flags, true);
    9186             : 
    9187          16 :     CheckPointGuts(lastCheckPoint.redo, flags);
    9188             : 
    9189             :     /*
    9190             :      * Remember the prior checkpoint's redo ptr for
    9191             :      * UpdateCheckPointDistanceEstimate()
    9192             :      */
    9193          16 :     PriorRedoPtr = ControlFile->checkPointCopy.redo;
    9194             : 
    9195             :     /*
    9196             :      * Update pg_control, using current time.  Check that it still shows
    9197             :      * DB_IN_ARCHIVE_RECOVERY state and an older checkpoint, else do nothing;
    9198             :      * this is a quick hack to make sure nothing really bad happens if somehow
    9199             :      * we get here after the end-of-recovery checkpoint.
    9200             :      */
    9201          16 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    9202          32 :     if (ControlFile->state == DB_IN_ARCHIVE_RECOVERY &&
    9203          16 :         ControlFile->checkPointCopy.redo < lastCheckPoint.redo)
    9204             :     {
    9205          16 :         ControlFile->checkPoint = lastCheckPointRecPtr;
    9206          16 :         ControlFile->checkPointCopy = lastCheckPoint;
    9207          16 :         ControlFile->time = (pg_time_t) time(NULL);
    9208             : 
    9209             :         /*
    9210             :          * Ensure minRecoveryPoint is past the checkpoint record.  Normally,
    9211             :          * this will have happened already while writing out dirty buffers,
    9212             :          * but not necessarily - e.g. because no buffers were dirtied.  We do
    9213             :          * this because a non-exclusive base backup uses minRecoveryPoint to
    9214             :          * determine which WAL files must be included in the backup, and the
    9215             :          * file (or files) containing the checkpoint record must be included,
    9216             :          * at a minimum. Note that for an ordinary restart of recovery there's
    9217             :          * no value in having the minimum recovery point any earlier than this
    9218             :          * anyway, because redo will begin just after the checkpoint record.
    9219             :          */
    9220          16 :         if (ControlFile->minRecoveryPoint < lastCheckPointEndPtr)
    9221             :         {
    9222           2 :             ControlFile->minRecoveryPoint = lastCheckPointEndPtr;
    9223           2 :             ControlFile->minRecoveryPointTLI = lastCheckPoint.ThisTimeLineID;
    9224             : 
    9225             :             /* update local copy */
    9226           2 :             minRecoveryPoint = ControlFile->minRecoveryPoint;
    9227           2 :             minRecoveryPointTLI = ControlFile->minRecoveryPointTLI;
    9228             :         }
    9229          16 :         if (flags & CHECKPOINT_IS_SHUTDOWN)
    9230           6 :             ControlFile->state = DB_SHUTDOWNED_IN_RECOVERY;
    9231          16 :         UpdateControlFile();
    9232             :     }
    9233          16 :     LWLockRelease(ControlFileLock);
    9234             : 
    9235             :     /*
    9236             :      * Update the average distance between checkpoints/restartpoints if the
    9237             :      * prior checkpoint exists.
    9238             :      */
    9239          16 :     if (PriorRedoPtr != InvalidXLogRecPtr)
    9240          16 :         UpdateCheckPointDistanceEstimate(RedoRecPtr - PriorRedoPtr);
    9241             : 
    9242             :     /*
    9243             :      * Delete old log files, those no longer needed for last restartpoint to
    9244             :      * prevent the disk holding the xlog from growing full.
    9245             :      */
    9246          16 :     XLByteToSeg(RedoRecPtr, _logSegNo, wal_segment_size);
    9247             : 
    9248             :     /*
    9249             :      * Retreat _logSegNo using the current end of xlog replayed or received,
    9250             :      * whichever is later.
    9251             :      */
    9252          16 :     receivePtr = GetWalRcvWriteRecPtr(NULL, NULL);
    9253          16 :     replayPtr = GetXLogReplayRecPtr(&replayTLI);
    9254          16 :     endptr = (receivePtr < replayPtr) ? replayPtr : receivePtr;
    9255          16 :     KeepLogSeg(endptr, &_logSegNo);
    9256          16 :     _logSegNo--;
    9257             : 
    9258             :     /*
    9259             :      * Try to recycle segments on a useful timeline. If we've been promoted
    9260             :      * since the beginning of this restartpoint, use the new timeline chosen
    9261             :      * at end of recovery (RecoveryInProgress() sets ThisTimeLineID in that
    9262             :      * case). If we're still in recovery, use the timeline we're currently
    9263             :      * replaying.
    9264             :      *
    9265             :      * There is no guarantee that the WAL segments will be useful on the
    9266             :      * current timeline; if recovery proceeds to a new timeline right after
    9267             :      * this, the pre-allocated WAL segments on this timeline will not be used,
    9268             :      * and will go wasted until recycled on the next restartpoint. We'll live
    9269             :      * with that.
    9270             :      */
    9271          16 :     if (RecoveryInProgress())
    9272          16 :         ThisTimeLineID = replayTLI;
    9273             : 
    9274          16 :     RemoveOldXlogFiles(_logSegNo, RedoRecPtr, endptr);
    9275             : 
    9276             :     /*
    9277             :      * Make more log segments if needed.  (Do this after recycling old log
    9278             :      * segments, since that may supply some of the needed files.)
    9279             :      */
    9280          16 :     PreallocXlogFiles(endptr);
    9281             : 
    9282             :     /*
    9283             :      * ThisTimeLineID is normally not set when we're still in recovery.
    9284             :      * However, recycling/preallocating segments above needed ThisTimeLineID
    9285             :      * to determine which timeline to install the segments on. Reset it now,
    9286             :      * to restore the normal state of affairs for debugging purposes.
    9287             :      */
    9288          16 :     if (RecoveryInProgress())
    9289          16 :         ThisTimeLineID = 0;
    9290             : 
    9291             :     /*
    9292             :      * Truncate pg_subtrans if possible.  We can throw away all data before
    9293             :      * the oldest XMIN of any running transaction.  No future transaction will
    9294             :      * attempt to reference any pg_subtrans entry older than that (see Asserts
    9295             :      * in subtrans.c).  When hot standby is disabled, though, we mustn't do
    9296             :      * this because StartupSUBTRANS hasn't been called yet.
    9297             :      */
    9298          16 :     if (EnableHotStandby)
    9299          16 :         TruncateSUBTRANS(GetOldestXmin(NULL, PROCARRAY_FLAGS_DEFAULT));
    9300             : 
    9301             :     /* Real work is done, but log and update before releasing lock. */
    9302          16 :     LogCheckpointEnd(true);
    9303             : 
    9304          16 :     xtime = GetLatestXTime();
    9305          16 :     ereport((log_checkpoints ? LOG : DEBUG2),
    9306             :             (errmsg("recovery restart point at %X/%X",
    9307             :                     (uint32) (lastCheckPoint.redo >> 32), (uint32) lastCheckPoint.redo),
    9308             :              xtime ? errdetail("Last completed transaction was at log time %s.",
    9309             :                                timestamptz_to_str(xtime)) : 0));
    9310             : 
    9311          16 :     LWLockRelease(CheckpointLock);
    9312             : 
    9313             :     /*
    9314             :      * Finally, execute archive_cleanup_command, if any.
    9315             :      */
    9316          16 :     if (archiveCleanupCommand && strcmp(archiveCleanupCommand, "") != 0)
    9317           0 :         ExecuteRecoveryCommand(archiveCleanupCommand,
    9318             :                                "archive_cleanup_command",
    9319             :                                false);
    9320             : 
    9321          16 :     return true;
    9322             : }
    9323             : 
    9324             : /*
    9325             :  * Retreat *logSegNo to the last segment that we need to retain because of
    9326             :  * either wal_keep_segments or replication slots.
    9327             :  *
    9328             :  * This is calculated by subtracting wal_keep_segments from the given xlog
    9329             :  * location, recptr and by making sure that that result is below the
    9330             :  * requirement of replication slots.
    9331             :  */
    9332             : static void
    9333        2832 : KeepLogSeg(XLogRecPtr recptr, XLogSegNo *logSegNo)
    9334             : {
    9335             :     XLogSegNo   segno;
    9336             :     XLogRecPtr  keep;
    9337             : 
    9338        2832 :     XLByteToSeg(recptr, segno, wal_segment_size);
    9339        2832 :     keep = XLogGetReplicationSlotMinimumLSN();
    9340             : 
    9341             :     /* compute limit for wal_keep_segments first */
    9342        2832 :     if (wal_keep_segments > 0)
    9343             :     {
    9344             :         /* avoid underflow, don't go below 1 */
    9345          74 :         if (segno <= wal_keep_segments)
    9346          74 :             segno = 1;
    9347             :         else
    9348           0 :             segno = segno - wal_keep_segments;
    9349             :     }
    9350             : 
    9351             :     /* then check whether slots limit removal further */
    9352        2832 :     if (max_replication_slots > 0 && keep != InvalidXLogRecPtr)
    9353             :     {
    9354             :         XLogSegNo   slotSegNo;
    9355             : 
    9356          52 :         XLByteToSeg(keep, slotSegNo, wal_segment_size);
    9357             : 
    9358          52 :         if (slotSegNo <= 0)
    9359           0 :             segno = 1;
    9360          52 :         else if (slotSegNo < segno)
    9361          16 :             segno = slotSegNo;
    9362             :     }
    9363             : 
    9364             :     /* don't delete WAL segments newer than the calculated segment */
    9365        2832 :     if (segno < *logSegNo)
    9366          88 :         *logSegNo = segno;
    9367        2832 : }
    9368             : 
    9369             : /*
    9370             :  * Write a NEXTOID log record
    9371             :  */
    9372             : void
    9373        1042 : XLogPutNextOid(Oid nextOid)
    9374             : {
    9375        1042 :     XLogBeginInsert();
    9376        1042 :     XLogRegisterData((char *) (&nextOid), sizeof(Oid));
    9377        1042 :     (void) XLogInsert(RM_XLOG_ID, XLOG_NEXTOID);
    9378             : 
    9379             :     /*
    9380             :      * We need not flush the NEXTOID record immediately, because any of the
    9381             :      * just-allocated OIDs could only reach disk as part of a tuple insert or
    9382             :      * update that would have its own XLOG record that must follow the NEXTOID
    9383             :      * record.  Therefore, the standard buffer LSN interlock applied to those
    9384             :      * records will ensure no such OID reaches disk before the NEXTOID record
    9385             :      * does.
    9386             :      *
    9387             :      * Note, however, that the above statement only covers state "within" the
    9388             :      * database.  When we use a generated OID as a file or directory name, we
    9389             :      * are in a sense violating the basic WAL rule, because that filesystem
    9390             :      * change may reach disk before the NEXTOID WAL record does.  The impact
    9391             :      * of this is that if a database crash occurs immediately afterward, we
    9392             :      * might after restart re-generate the same OID and find that it conflicts
    9393             :      * with the leftover file or directory.  But since for safety's sake we
    9394             :      * always loop until finding a nonconflicting filename, this poses no real
    9395             :      * problem in practice. See pgsql-hackers discussion 27-Sep-2006.
    9396             :      */
    9397        1042 : }
    9398             : 
    9399             : /*
    9400             :  * Write an XLOG SWITCH record.
    9401             :  *
    9402             :  * Here we just blindly issue an XLogInsert request for the record.
    9403             :  * All the magic happens inside XLogInsert.
    9404             :  *
    9405             :  * The return value is either the end+1 address of the switch record,
    9406             :  * or the end+1 address of the prior segment if we did not need to
    9407             :  * write a switch record because we are already at segment start.
    9408             :  */
    9409             : XLogRecPtr
    9410         192 : RequestXLogSwitch(bool mark_unimportant)
    9411             : {
    9412             :     XLogRecPtr  RecPtr;
    9413             : 
    9414             :     /* XLOG SWITCH has no data */
    9415         192 :     XLogBeginInsert();
    9416             : 
    9417         192 :     if (mark_unimportant)
    9418           0 :         XLogSetRecordFlags(XLOG_MARK_UNIMPORTANT);
    9419         192 :     RecPtr = XLogInsert(RM_XLOG_ID, XLOG_SWITCH);
    9420             : 
    9421         192 :     return RecPtr;
    9422             : }
    9423             : 
    9424             : /*
    9425             :  * Write a RESTORE POINT record
    9426             :  */
    9427             : XLogRecPtr
    9428           2 : XLogRestorePoint(const char *rpName)
    9429             : {
    9430             :     XLogRecPtr  RecPtr;
    9431             :     xl_restore_point xlrec;
    9432             : 
    9433           2 :     xlrec.rp_time = GetCurrentTimestamp();
    9434           2 :     strlcpy(xlrec.rp_name, rpName, MAXFNAMELEN);
    9435             : 
    9436           2 :     XLogBeginInsert();
    9437           2 :     XLogRegisterData((char *) &xlrec, sizeof(xl_restore_point));
    9438             : 
    9439           2 :     RecPtr = XLogInsert(RM_XLOG_ID, XLOG_RESTORE_POINT);
    9440             : 
    9441           2 :     ereport(LOG,
    9442             :             (errmsg("restore point \"%s\" created at %X/%X",
    9443             :                     rpName, (uint32) (RecPtr >> 32), (uint32) RecPtr)));
    9444             : 
    9445           2 :     return RecPtr;
    9446             : }
    9447             : 
    9448             : /*
    9449             :  * Check if any of the GUC parameters that are critical for hot standby
    9450             :  * have changed, and update the value in pg_control file if necessary.
    9451             :  */
    9452             : static void
    9453        1170 : XLogReportParameters(void)
    9454             : {
    9455        2208 :     if (wal_level != ControlFile->wal_level ||
    9456        2024 :         wal_log_hints != ControlFile->wal_log_hints ||
    9457        1970 :         MaxConnections != ControlFile->MaxConnections ||
    9458        1968 :         max_worker_processes != ControlFile->max_worker_processes ||
    9459        1968 :         max_wal_senders != ControlFile->max_wal_senders ||
    9460        1842 :         max_prepared_xacts != ControlFile->max_prepared_xacts ||
    9461        1716 :         max_locks_per_xact != ControlFile->max_locks_per_xact ||
    9462         858 :         track_commit_timestamp != ControlFile->track_commit_timestamp)
    9463             :     {
    9464             :         /*
    9465             :          * The change in number of backend slots doesn't need to be WAL-logged
    9466             :          * if archiving is not enabled, as you can't start archive recovery
    9467             :          * with wal_level=minimal anyway. We don't really care about the
    9468             :          * values in pg_control either if wal_level=minimal, but seems better
    9469             :          * to keep them up-to-date to avoid confusion.
    9470             :          */
    9471         324 :         if (wal_level != ControlFile->wal_level || XLogIsNeeded())
    9472             :         {
    9473             :             xl_parameter_change xlrec;
    9474             :             XLogRecPtr  recptr;
    9475             : 
    9476         324 :             xlrec.MaxConnections = MaxConnections;
    9477         324 :             xlrec.max_worker_processes = max_worker_processes;
    9478         324 :             xlrec.max_wal_senders = max_wal_senders;
    9479         324 :             xlrec.max_prepared_xacts = max_prepared_xacts;
    9480         324 :             xlrec.max_locks_per_xact = max_locks_per_xact;
    9481         324 :             xlrec.wal_level = wal_level;
    9482         324 :             xlrec.wal_log_hints = wal_log_hints;
    9483         324 :             xlrec.track_commit_timestamp = track_commit_timestamp;
    9484             : 
    9485         324 :             XLogBeginInsert();
    9486         324 :             XLogRegisterData((char *) &xlrec, sizeof(xlrec));
    9487             : 
    9488         324 :             recptr = XLogInsert(RM_XLOG_ID, XLOG_PARAMETER_CHANGE);
    9489         324 :             XLogFlush(recptr);
    9490             :         }
    9491             : 
    9492         324 :         ControlFile->MaxConnections = MaxConnections;
    9493         324 :         ControlFile->max_worker_processes = max_worker_processes;
    9494         324 :         ControlFile->max_wal_senders = max_wal_senders;
    9495         324 :         ControlFile->max_prepared_xacts = max_prepared_xacts;
    9496         324 :         ControlFile->max_locks_per_xact = max_locks_per_xact;
    9497         324 :         ControlFile->wal_level = wal_level;
    9498         324 :         ControlFile->wal_log_hints = wal_log_hints;
    9499         324 :         ControlFile->track_commit_timestamp = track_commit_timestamp;
    9500         324 :         UpdateControlFile();
    9501             :     }
    9502        1170 : }
    9503             : 
    9504             : /*
    9505             :  * Update full_page_writes in shared memory, and write an
    9506             :  * XLOG_FPW_CHANGE record if necessary.
    9507             :  *
    9508             :  * Note: this function assumes there is no other process running
    9509             :  * concurrently that could update it.
    9510             :  */
    9511             : void
    9512        1548 : UpdateFullPageWrites(void)
    9513             : {
    9514        1548 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    9515             :     bool        recoveryInProgress;
    9516             : 
    9517             :     /*
    9518             :      * Do nothing if full_page_writes has not been changed.
    9519             :      *
    9520             :      * It's safe to check the shared full_page_writes without the lock,
    9521             :      * because we assume that there is no concurrently running process which
    9522             :      * can update it.
    9523             :      */
    9524        1548 :     if (fullPageWrites == Insert->fullPageWrites)
    9525        1504 :         return;
    9526             : 
    9527             :     /*
    9528             :      * Perform this outside critical section so that the WAL insert
    9529             :      * initialization done by RecoveryInProgress() doesn't trigger an
    9530             :      * assertion failure.
    9531             :      */
    9532          44 :     recoveryInProgress = RecoveryInProgress();
    9533             : 
    9534          44 :     START_CRIT_SECTION();
    9535             : 
    9536             :     /*
    9537             :      * It's always safe to take full page images, even when not strictly
    9538             :      * required, but not the other round. So if we're setting full_page_writes
    9539             :      * to true, first set it true and then write the WAL record. If we're
    9540             :      * setting it to false, first write the WAL record and then set the global
    9541             :      * flag.
    9542             :      */
    9543          44 :     if (fullPageWrites)
    9544             :     {
    9545          42 :         WALInsertLockAcquireExclusive();
    9546          42 :         Insert->fullPageWrites = true;
    9547          42 :         WALInsertLockRelease();
    9548             :     }
    9549             : 
    9550             :     /*
    9551             :      * Write an XLOG_FPW_CHANGE record. This allows us to keep track of
    9552             :      * full_page_writes during archive recovery, if required.
    9553             :      */
    9554          44 :     if (XLogStandbyInfoActive() && !recoveryInProgress)
    9555             :     {
    9556           0 :         XLogBeginInsert();
    9557           0 :         XLogRegisterData((char *) (&fullPageWrites), sizeof(bool));
    9558             : 
    9559           0 :         XLogInsert(RM_XLOG_ID, XLOG_FPW_CHANGE);
    9560             :     }
    9561             : 
    9562          44 :     if (!fullPageWrites)
    9563             :     {
    9564           2 :         WALInsertLockAcquireExclusive();
    9565           2 :         Insert->fullPageWrites = false;
    9566           2 :         WALInsertLockRelease();
    9567             :     }
    9568          44 :     END_CRIT_SECTION();
    9569             : }
    9570             : 
    9571             : /*
    9572             :  * Check that it's OK to switch to new timeline during recovery.
    9573             :  *
    9574             :  * 'lsn' is the address of the shutdown checkpoint record we're about to
    9575             :  * replay. (Currently, timeline can only change at a shutdown checkpoint).
    9576             :  */
    9577             : static void
    9578          10 : checkTimeLineSwitch(XLogRecPtr lsn, TimeLineID newTLI, TimeLineID prevTLI)
    9579             : {
    9580             :     /* Check that the record agrees on what the current (old) timeline is */
    9581          10 :     if (prevTLI != ThisTimeLineID)
    9582           0 :         ereport(PANIC,
    9583             :                 (errmsg("unexpected previous timeline ID %u (current timeline ID %u) in checkpoint record",
    9584             :                         prevTLI, ThisTimeLineID)));
    9585             : 
    9586             :     /*
    9587             :      * The new timeline better be in the list of timelines we expect to see,
    9588             :      * according to the timeline history. It should also not decrease.
    9589             :      */
    9590          10 :     if (newTLI < ThisTimeLineID || !tliInHistory(newTLI, expectedTLEs))
    9591           0 :         ereport(PANIC,
    9592             :                 (errmsg("unexpected timeline ID %u (after %u) in checkpoint record",
    9593             :                         newTLI, ThisTimeLineID)));
    9594             : 
    9595             :     /*
    9596             :      * If we have not yet reached min recovery point, and we're about to
    9597             :      * switch to a timeline greater than the timeline of the min recovery
    9598             :      * point: trouble. After switching to the new timeline, we could not
    9599             :      * possibly visit the min recovery point on the correct timeline anymore.
    9600             :      * This can happen if there is a newer timeline in the archive that
    9601             :      * branched before the timeline the min recovery point is on, and you
    9602             :      * attempt to do PITR to the new timeline.
    9603             :      */
    9604          18 :     if (!XLogRecPtrIsInvalid(minRecoveryPoint) &&
    9605           8 :         lsn < minRecoveryPoint &&
    9606           0 :         newTLI > minRecoveryPointTLI)
    9607           0 :         ereport(PANIC,
    9608             :                 (errmsg("unexpected timeline ID %u in checkpoint record, before reaching minimum recovery point %X/%X on timeline %u",
    9609             :                         newTLI,
    9610             :                         (uint32) (minRecoveryPoint >> 32),
    9611             :                         (uint32) minRecoveryPoint,
    9612             :                         minRecoveryPointTLI)));
    9613             : 
    9614             :     /* Looks good */
    9615          10 : }
    9616             : 
    9617             : /*
    9618             :  * XLOG resource manager's routines
    9619             :  *
    9620             :  * Definitions of info values are in include/catalog/pg_control.h, though
    9621             :  * not all record types are related to control file updates.
    9622             :  */
    9623             : void
    9624        1602 : xlog_redo(XLogReaderState *record)
    9625             : {
    9626        1602 :     uint8       info = XLogRecGetInfo(record) & ~XLR_INFO_MASK;
    9627        1602 :     XLogRecPtr  lsn = record->EndRecPtr;
    9628             : 
    9629             :     /* in XLOG rmgr, backup blocks are only used by XLOG_FPI records */
    9630             :     Assert(info == XLOG_FPI || info == XLOG_FPI_FOR_HINT ||
    9631             :            !XLogRecHasAnyBlockRefs(record));
    9632             : 
    9633        1602 :     if (info == XLOG_NEXTOID)
    9634             :     {
    9635             :         Oid         nextOid;
    9636             : 
    9637             :         /*
    9638             :          * We used to try to take the maximum of ShmemVariableCache->nextOid
    9639             :          * and the recorded nextOid, but that fails if the OID counter wraps
    9640             :          * around.  Since no OID allocation should be happening during replay
    9641             :          * anyway, better to just believe the record exactly.  We still take
    9642             :          * OidGenLock while setting the variable, just in case.
    9643             :          */
    9644          42 :         memcpy(&nextOid, XLogRecGetData(record), sizeof(Oid));
    9645          42 :         LWLockAcquire(OidGenLock, LW_EXCLUSIVE);
    9646          42 :         ShmemVariableCache->nextOid = nextOid;
    9647          42 :         ShmemVariableCache->oidCount = 0;
    9648          42 :         LWLockRelease(OidGenLock);
    9649             :     }
    9650        1560 :     else if (info == XLOG_CHECKPOINT_SHUTDOWN)
    9651             :     {
    9652             :         CheckPoint  checkPoint;
    9653             : 
    9654          34 :         memcpy(&checkPoint, XLogRecGetData(record), sizeof(CheckPoint));
    9655             :         /* In a SHUTDOWN checkpoint, believe the counters exactly */
    9656          34 :         LWLockAcquire(XidGenLock, LW_EXCLUSIVE);
    9657          34 :         ShmemVariableCache->nextFullXid = checkPoint.nextFullXid;
    9658          34 :         LWLockRelease(XidGenLock);
    9659          34 :         LWLockAcquire(OidGenLock, LW_EXCLUSIVE);
    9660          34 :         ShmemVariableCache->nextOid = checkPoint.nextOid;
    9661          34 :         ShmemVariableCache->oidCount = 0;
    9662          34 :         LWLockRelease(OidGenLock);
    9663          34 :         MultiXactSetNextMXact(checkPoint.nextMulti,
    9664             :                               checkPoint.nextMultiOffset);
    9665             : 
    9666          34 :         MultiXactAdvanceOldest(checkPoint.oldestMulti,
    9667             :                                checkPoint.oldestMultiDB);
    9668             : 
    9669             :         /*
    9670             :          * No need to set oldestClogXid here as well; it'll be set when we
    9671             :          * redo an xl_clog_truncate if it changed since initialization.
    9672             :          */
    9673          34 :         SetTransactionIdLimit(checkPoint.oldestXid, checkPoint.oldestXidDB);
    9674             : 
    9675             :         /*
    9676             :          * If we see a shutdown checkpoint while waiting for an end-of-backup
    9677             :          * record, the backup was canceled and the end-of-backup record will
    9678             :          * never arrive.
    9679             :          */
    9680          68 :         if (ArchiveRecoveryRequested &&
    9681          34 :             !XLogRecPtrIsInvalid(ControlFile->backupStartPoint) &&
    9682           0 :             XLogRecPtrIsInvalid(ControlFile->backupEndPoint))
    9683           0 :             ereport(PANIC,
    9684             :                     (errmsg("online backup was canceled, recovery cannot continue")));
    9685             : 
    9686             :         /*
    9687             :          * If we see a shutdown checkpoint, we know that nothing was running
    9688             :          * on the master at this point. So fake-up an empty running-xacts
    9689             :          * record and use that here and now. Recover additional standby state
    9690             :          * for prepared transactions.
    9691             :          */
    9692          34 :         if (standbyState >= STANDBY_INITIALIZED)
    9693             :         {
    9694             :             TransactionId *xids;
    9695             :             int         nxids;
    9696             :             TransactionId oldestActiveXID;
    9697             :             TransactionId latestCompletedXid;
    9698             :             RunningTransactionsData running;
    9699             : 
    9700          34 :             oldestActiveXID = PrescanPreparedTransactions(&xids, &nxids);
    9701             : 
    9702             :             /*
    9703             :              * Construct a RunningTransactions snapshot representing a shut
    9704             :              * down server, with only prepared transactions still alive. We're
    9705             :              * never overflowed at this point because all subxids are listed
    9706             :              * with their parent prepared transactions.
    9707             :              */
    9708          34 :             running.xcnt = nxids;
    9709          34 :             running.subxcnt = 0;
    9710          34 :             running.subxid_overflow = false;
    9711          34 :             running.nextXid = XidFromFullTransactionId(checkPoint.nextFullXid);
    9712          34 :             running.oldestRunningXid = oldestActiveXID;
    9713          34 :             latestCompletedXid = XidFromFullTransactionId(checkPoint.nextFullXid);
    9714          34 :             TransactionIdRetreat(latestCompletedXid);
    9715             :             Assert(TransactionIdIsNormal(latestCompletedXid));
    9716          34 :             running.latestCompletedXid = latestCompletedXid;
    9717          34 :             running.xids = xids;
    9718             : 
    9719          34 :             ProcArrayApplyRecoveryInfo(&running);
    9720             : 
    9721          34 :             StandbyRecoverPreparedTransactions();
    9722             :         }
    9723             : 
    9724             :         /* ControlFile->checkPointCopy always tracks the latest ckpt XID */
    9725          34 :         ControlFile->checkPointCopy.nextFullXid = checkPoint.nextFullXid;
    9726             : 
    9727             :         /* Update shared-memory copy of checkpoint XID/epoch */
    9728          34 :         SpinLockAcquire(&XLogCtl->info_lck);
    9729          34 :         XLogCtl->ckptFullXid = checkPoint.nextFullXid;
    9730          34 :         SpinLockRelease(&XLogCtl->info_lck);
    9731             : 
    9732             :         /*
    9733             :          * We should've already switched to the new TLI before replaying this
    9734             :          * record.
    9735             :          */
    9736          34 :         if (checkPoint.ThisTimeLineID != ThisTimeLineID)
    9737           0 :             ereport(PANIC,
    9738             :                     (errmsg("unexpected timeline ID %u (should be %u) in checkpoint record",
    9739             :                             checkPoint.ThisTimeLineID, ThisTimeLineID)));
    9740             : 
    9741          34 :         RecoveryRestartPoint(&checkPoint);
    9742             :     }
    9743        1526 :     else if (info == XLOG_CHECKPOINT_ONLINE)
    9744             :     {
    9745             :         CheckPoint  checkPoint;
    9746             : 
    9747         128 :         memcpy(&checkPoint, XLogRecGetData(record), sizeof(CheckPoint));
    9748             :         /* In an ONLINE checkpoint, treat the XID counter as a minimum */
    9749         128 :         LWLockAcquire(XidGenLock, LW_EXCLUSIVE);
    9750         128 :         if (FullTransactionIdPrecedes(ShmemVariableCache->nextFullXid,
    9751             :                                       checkPoint.nextFullXid))
    9752           0 :             ShmemVariableCache->nextFullXid = checkPoint.nextFullXid;
    9753         128 :         LWLockRelease(XidGenLock);
    9754             : 
    9755             :         /*
    9756             :          * We ignore the nextOid counter in an ONLINE checkpoint, preferring
    9757             :          * to track OID assignment through XLOG_NEXTOID records.  The nextOid
    9758             :          * counter is from the start of the checkpoint and might well be stale
    9759             :          * compared to later XLOG_NEXTOID records.  We could try to take the
    9760             :          * maximum of the nextOid counter and our latest value, but since
    9761             :          * there's no particular guarantee about the speed with which the OID
    9762             :          * counter wraps around, that's a risky thing to do.  In any case,
    9763             :          * users of the nextOid counter are required to avoid assignment of
    9764             :          * duplicates, so that a somewhat out-of-date value should be safe.
    9765             :          */
    9766             : 
    9767             :         /* Handle multixact */
    9768         128 :         MultiXactAdvanceNextMXact(checkPoint.nextMulti,
    9769             :                                   checkPoint.nextMultiOffset);
    9770             : 
    9771             :         /*
    9772             :          * NB: This may perform multixact truncation when replaying WAL
    9773             :          * generated by an older primary.
    9774             :          */
    9775         128 :         MultiXactAdvanceOldest(checkPoint.oldestMulti,
    9776             :                                checkPoint.oldestMultiDB);
    9777         128 :         if (TransactionIdPrecedes(ShmemVariableCache->oldestXid,
    9778             :                                   checkPoint.oldestXid))
    9779           0 :             SetTransactionIdLimit(checkPoint.oldestXid,
    9780             :                                   checkPoint.oldestXidDB);
    9781             :         /* ControlFile->checkPointCopy always tracks the latest ckpt XID */
    9782         128 :         ControlFile->checkPointCopy.nextFullXid = checkPoint.nextFullXid;
    9783             : 
    9784             :         /* Update shared-memory copy of checkpoint XID/epoch */
    9785         128 :         SpinLockAcquire(&XLogCtl->info_lck);
    9786         128 :         XLogCtl->ckptFullXid = checkPoint.nextFullXid;
    9787         128 :         SpinLockRelease(&XLogCtl->info_lck);
    9788             : 
    9789             :         /* TLI should not change in an on-line checkpoint */
    9790         128 :         if (checkPoint.ThisTimeLineID != ThisTimeLineID)
    9791           0 :             ereport(PANIC,
    9792             :                     (errmsg("unexpected timeline ID %u (should be %u) in checkpoint record",
    9793             :                             checkPoint.ThisTimeLineID, ThisTimeLineID)));
    9794             : 
    9795         128 :         RecoveryRestartPoint(&checkPoint);
    9796             :     }
    9797        1398 :     else if (info == XLOG_END_OF_RECOVERY)
    9798             :     {
    9799             :         xl_end_of_recovery xlrec;
    9800             : 
    9801          10 :         memcpy(&xlrec, XLogRecGetData(record), sizeof(xl_end_of_recovery));
    9802             : 
    9803             :         /*
    9804             :          * For Hot Standby, we could treat this like a Shutdown Checkpoint,
    9805             :          * but this case is rarer and harder to test, so the benefit doesn't
    9806             :          * outweigh the potential extra cost of maintenance.
    9807             :          */
    9808             : 
    9809             :         /*
    9810             :          * We should've already switched to the new TLI before replaying this
    9811             :          * record.
    9812             :          */
    9813          10 :         if (xlrec.ThisTimeLineID != ThisTimeLineID)
    9814           0 :             ereport(PANIC,
    9815             :                     (errmsg("unexpected timeline ID %u (should be %u) in checkpoint record",
    9816             :                             xlrec.ThisTimeLineID, ThisTimeLineID)));
    9817             :     }
    9818        1388 :     else if (info == XLOG_NOOP)
    9819             :     {
    9820             :         /* nothing to do here */
    9821             :     }
    9822        1388 :     else if (info == XLOG_SWITCH)
    9823             :     {
    9824             :         /* nothing to do here */
    9825             :     }
    9826        1322 :     else if (info == XLOG_RESTORE_POINT)
    9827             :     {
    9828             :         /* nothing to do here */
    9829             :     }
    9830        1322 :     else if (info == XLOG_FPI || info == XLOG_FPI_FOR_HINT)
    9831             :     {
    9832             :         /*
    9833             :          * Full-page image (FPI) records contain nothing else but a backup
    9834             :          * block (or multiple backup blocks). Every block reference must
    9835             :          * include a full-page image - otherwise there would be no point in
    9836             :          * this record.
    9837             :          *
    9838             :          * No recovery conflicts are generated by these generic records - if a
    9839             :          * resource manager needs to generate conflicts, it has to define a
    9840             :          * separate WAL record type and redo routine.
    9841             :          *
    9842             :          * XLOG_FPI_FOR_HINT records are generated when a page needs to be
    9843             :          * WAL- logged because of a hint bit update. They are only generated
    9844             :          * when checksums are enabled. There is no difference in handling
    9845             :          * XLOG_FPI and XLOG_FPI_FOR_HINT records, they use a different info
    9846             :          * code just to distinguish them for statistics purposes.
    9847             :          */
    9848        2492 :         for (uint8 block_id = 0; block_id <= record->max_block_id; block_id++)
    9849             :         {
    9850             :             Buffer      buffer;
    9851             : 
    9852        1246 :             if (XLogReadBufferForRedo(record, block_id, &buffer) != BLK_RESTORED)
    9853           0 :                 elog(ERROR, "unexpected XLogReadBufferForRedo result when restoring backup block");
    9854        1246 :             UnlockReleaseBuffer(buffer);
    9855             :         }
    9856             :     }
    9857          76 :     else if (info == XLOG_BACKUP_END)
    9858             :     {
    9859             :         XLogRecPtr  startpoint;
    9860             : 
    9861          62 :         memcpy(&startpoint, XLogRecGetData(record), sizeof(startpoint));
    9862             : 
    9863          62 :         if (ControlFile->backupStartPoint == startpoint)
    9864             :         {
    9865             :             /*
    9866             :              * We have reached the end of base backup, the point where
    9867             :              * pg_stop_backup() was done. The data on disk is now consistent.
    9868             :              * Reset backupStartPoint, and update minRecoveryPoint to make
    9869             :              * sure we don't allow starting up at an earlier point even if
    9870             :              * recovery is stopped and restarted soon after this.
    9871             :              */
    9872          54 :             elog(DEBUG1, "end of backup reached");
    9873             : 
    9874          54 :             LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    9875             : 
    9876          54 :             if (ControlFile->minRecoveryPoint < lsn)
    9877             :             {
    9878          52 :                 ControlFile->minRecoveryPoint = lsn;
    9879          52 :                 ControlFile->minRecoveryPointTLI = ThisTimeLineID;
    9880             :             }
    9881          54 :             ControlFile->backupStartPoint = InvalidXLogRecPtr;
    9882          54 :             ControlFile->backupEndRequired = false;
    9883          54 :             UpdateControlFile();
    9884             : 
    9885          54 :             LWLockRelease(ControlFileLock);
    9886             :         }
    9887             :     }
    9888          14 :     else if (info == XLOG_PARAMETER_CHANGE)
    9889             :     {
    9890             :         xl_parameter_change xlrec;
    9891             : 
    9892             :         /* Update our copy of the parameters in pg_control */
    9893          14 :         memcpy(&xlrec, XLogRecGetData(record), sizeof(xl_parameter_change));
    9894             : 
    9895          14 :         LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    9896          14 :         ControlFile->MaxConnections = xlrec.MaxConnections;
    9897          14 :         ControlFile->max_worker_processes = xlrec.max_worker_processes;
    9898          14 :         ControlFile->max_wal_senders = xlrec.max_wal_senders;
    9899          14 :         ControlFile->max_prepared_xacts = xlrec.max_prepared_xacts;
    9900          14 :         ControlFile->max_locks_per_xact = xlrec.max_locks_per_xact;
    9901          14 :         ControlFile->wal_level = xlrec.wal_level;
    9902          14 :         ControlFile->wal_log_hints = xlrec.wal_log_hints;
    9903             : 
    9904             :         /*
    9905             :          * Update minRecoveryPoint to ensure that if recovery is aborted, we
    9906             :          * recover back up to this point before allowing hot standby again.
    9907             :          * This is important if the max_* settings are decreased, to ensure
    9908             :          * you don't run queries against the WAL preceding the change. The
    9909             :          * local copies cannot be updated as long as crash recovery is
    9910             :          * happening and we expect all the WAL to be replayed.
    9911             :          */
    9912          14 :         if (InArchiveRecovery)
    9913             :         {
    9914           4 :             minRecoveryPoint = ControlFile->minRecoveryPoint;
    9915           4 :             minRecoveryPointTLI = ControlFile->minRecoveryPointTLI;
    9916             :         }
    9917          14 :         if (minRecoveryPoint != InvalidXLogRecPtr && minRecoveryPoint < lsn)
    9918             :         {
    9919           4 :             ControlFile->minRecoveryPoint = lsn;
    9920           4 :             ControlFile->minRecoveryPointTLI = ThisTimeLineID;
    9921             :         }
    9922             : 
    9923          14 :         CommitTsParameterChange(xlrec.track_commit_timestamp,
    9924          14 :                                 ControlFile->track_commit_timestamp);
    9925          14 :         ControlFile->track_commit_timestamp = xlrec.track_commit_timestamp;
    9926             : 
    9927          14 :         UpdateControlFile();
    9928          14 :         LWLockRelease(ControlFileLock);
    9929             : 
    9930             :         /* Check to see if any parameter change gives a problem on recovery */
    9931          14 :         CheckRequiredParameterValues();
    9932             :     }
    9933           0 :     else if (info == XLOG_FPW_CHANGE)
    9934             :     {
    9935             :         bool        fpw;
    9936             : 
    9937           0 :         memcpy(&fpw, XLogRecGetData(record), sizeof(bool));
    9938             : 
    9939             :         /*
    9940             :          * Update the LSN of the last replayed XLOG_FPW_CHANGE record so that
    9941             :          * do_pg_start_backup() and do_pg_stop_backup() can check whether
    9942             :          * full_page_writes has been disabled during online backup.
    9943             :          */
    9944           0 :         if (!fpw)
    9945             :         {
    9946           0 :             SpinLockAcquire(&XLogCtl->info_lck);
    9947           0 :             if (XLogCtl->lastFpwDisableRecPtr < ReadRecPtr)
    9948           0 :                 XLogCtl->lastFpwDisableRecPtr = ReadRecPtr;
    9949           0 :             SpinLockRelease(&XLogCtl->info_lck);
    9950             :         }
    9951             : 
    9952             :         /* Keep track of full_page_writes */
    9953           0 :         lastFullPageWrites = fpw;
    9954             :     }
    9955        1602 : }
    9956             : 
    9957             : #ifdef WAL_DEBUG
    9958             : 
    9959             : static void
    9960             : xlog_outrec(StringInfo buf, XLogReaderState *record)
    9961             : {
    9962             :     int         block_id;
    9963             : 
    9964             :     appendStringInfo(buf, "prev %X/%X; xid %u",
    9965             :                      (uint32) (XLogRecGetPrev(record) >> 32),
    9966             :                      (uint32) XLogRecGetPrev(record),
    9967             :                      XLogRecGetXid(record));
    9968             : 
    9969             :     appendStringInfo(buf, "; len %u",
    9970             :                      XLogRecGetDataLen(record));
    9971             : 
    9972             :     /* decode block references */
    9973             :     for (block_id = 0; block_id <= record->max_block_id; block_id++)
    9974             :     {
    9975             :         RelFileNode rnode;
    9976             :         ForkNumber  forknum;
    9977             :         BlockNumber blk;
    9978             : 
    9979             :         if (!XLogRecHasBlockRef(record, block_id))
    9980             :             continue;
    9981             : 
    9982             :         XLogRecGetBlockTag(record, block_id, &rnode, &forknum, &blk);
    9983             :         if (forknum != MAIN_FORKNUM)
    9984             :             appendStringInfo(buf, "; blkref #%u: rel %u/%u/%u, fork %u, blk %u",
    9985             :                              block_id,
    9986             :                              rnode.spcNode, rnode.dbNode, rnode.relNode,
    9987             :                              forknum,
    9988             :                              blk);
    9989             :         else
    9990             :             appendStringInfo(buf, "; blkref #%u: rel %u/%u/%u, blk %u",
    9991             :                              block_id,
    9992             :                              rnode.spcNode, rnode.dbNode, rnode.relNode,
    9993             :                              blk);
    9994             :         if (XLogRecHasBlockImage(record, block_id))
    9995             :             appendStringInfoString(buf, " FPW");
    9996             :     }
    9997             : }
    9998             : #endif                          /* WAL_DEBUG */
    9999             : 
   10000             : /*
   10001             :  * Returns a string describing an XLogRecord, consisting of its identity
   10002             :  * optionally followed by a colon, a space, and a further description.
   10003             :  */
   10004             : static void
   10005           6 : xlog_outdesc(StringInfo buf, XLogReaderState *record)
   10006             : {
   10007           6 :     RmgrId      rmid = XLogRecGetRmid(record);
   10008           6 :     uint8       info = XLogRecGetInfo(record);
   10009             :     const char *id;
   10010             : 
   10011           6 :     appendStringInfoString(buf, RmgrTable[rmid].rm_name);
   10012           6 :     appendStringInfoChar(buf, '/');
   10013             : 
   10014           6 :     id = RmgrTable[rmid].rm_identify(info);
   10015           6 :     if (id == NULL)
   10016           0 :         appendStringInfo(buf, "UNKNOWN (%X): ", info & ~XLR_INFO_MASK);
   10017             :     else
   10018           6 :         appendStringInfo(buf, "%s: ", id);
   10019             : 
   10020           6 :     RmgrTable[rmid].rm_desc(buf, record);
   10021           6 : }
   10022             : 
   10023             : 
   10024             : /*
   10025             :  * Return the (possible) sync flag used for opening a file, depending on the
   10026             :  * value of the GUC wal_sync_method.
   10027             :  */
   10028             : static int
   10029        8416 : get_sync_bit(int method)
   10030             : {
   10031        8416 :     int         o_direct_flag = 0;
   10032             : 
   10033             :     /* If fsync is disabled, never open in sync mode */
   10034        8416 :     if (!enableFsync)
   10035        8384 :         return 0;
   10036             : 
   10037             :     /*
   10038             :      * Optimize writes by bypassing kernel cache with O_DIRECT when using
   10039             :      * O_SYNC/O_FSYNC and O_DSYNC.  But only if archiving and streaming are
   10040             :      * disabled, otherwise the archive command or walsender process will read
   10041             :      * the WAL soon after writing it, which is guaranteed to cause a physical
   10042             :      * read if we bypassed the kernel cache. We also skip the
   10043             :      * posix_fadvise(POSIX_FADV_DONTNEED) call in XLogFileClose() for the same
   10044             :      * reason.
   10045             :      *
   10046             :      * Never use O_DIRECT in walreceiver process for similar reasons; the WAL
   10047             :      * written by walreceiver is normally read by the startup process soon
   10048             :      * after its written. Also, walreceiver performs unaligned writes, which
   10049             :      * don't work with O_DIRECT, so it is required for correctness too.
   10050             :      */
   10051          32 :     if (!XLogIsNeeded() && !AmWalReceiverProcess())
   10052           0 :         o_direct_flag = PG_O_DIRECT;
   10053             : 
   10054          32 :     switch (method)
   10055             :     {
   10056             :             /*
   10057             :              * enum values for all sync options are defined even if they are
   10058             :              * not supported on the current platform.  But if not, they are
   10059             :              * not included in the enum option array, and therefore will never
   10060             :              * be seen here.
   10061             :              */
   10062             :         case SYNC_METHOD_FSYNC:
   10063             :         case SYNC_METHOD_FSYNC_WRITETHROUGH:
   10064             :         case SYNC_METHOD_FDATASYNC:
   10065          32 :             return 0;
   10066             : #ifdef OPEN_SYNC_FLAG
   10067             :         case SYNC_METHOD_OPEN:
   10068           0 :             return OPEN_SYNC_FLAG | o_direct_flag;
   10069             : #endif
   10070             : #ifdef OPEN_DATASYNC_FLAG
   10071             :         case SYNC_METHOD_OPEN_DSYNC:
   10072           0 :             return OPEN_DATASYNC_FLAG | o_direct_flag;
   10073             : #endif
   10074             :         default:
   10075             :             /* can't happen (unless we are out of sync with option array) */
   10076           0 :             elog(ERROR, "unrecognized wal_sync_method: %d", method);
   10077             :             return 0;           /* silence warning */
   10078             :     }
   10079             : }
   10080             : 
   10081             : /*
   10082             :  * GUC support
   10083             :  */
   10084             : void
   10085        1898 : assign_xlog_sync_method(int new_sync_method, void *extra)
   10086             : {
   10087        1898 :     if (sync_method != new_sync_method)
   10088             :     {
   10089             :         /*
   10090             :          * To ensure that no blocks escape unsynced, force an fsync on the
   10091             :          * currently open log segment (if any).  Also, if the open flag is
   10092             :          * changing, close the log file so it will be reopened (with new flag
   10093             :          * bit) at next use.
   10094             :          */
   10095           0 :         if (openLogFile >= 0)
   10096             :         {
   10097           0 :             pgstat_report_wait_start(WAIT_EVENT_WAL_SYNC_METHOD_ASSIGN);
   10098           0 :             if (pg_fsync(openLogFile) != 0)
   10099           0 :                 ereport(PANIC,
   10100             :                         (errcode_for_file_access(),
   10101             :                          errmsg("could not fsync file \"%s\": %m",
   10102             :                                 XLogFileNameP(ThisTimeLineID, openLogSegNo))));
   10103           0 :             pgstat_report_wait_end();
   10104           0 :             if (get_sync_bit(sync_method) != get_sync_bit(new_sync_method))
   10105           0 :                 XLogFileClose();
   10106             :         }
   10107             :     }
   10108        1898 : }
   10109             : 
   10110             : 
   10111             : /*
   10112             :  * Issue appropriate kind of fsync (if any) for an XLOG output file.
   10113             :  *
   10114             :  * 'fd' is a file descriptor for the XLOG file to be fsync'd.
   10115             :  * 'segno' is for error reporting purposes.
   10116             :  */
   10117             : void
   10118      242628 : issue_xlog_fsync(int fd, XLogSegNo segno)
   10119             : {
   10120      242628 :     pgstat_report_wait_start(WAIT_EVENT_WAL_SYNC);
   10121      242628 :     switch (sync_method)
   10122             :     {
   10123             :         case SYNC_METHOD_FSYNC:
   10124           0 :             if (pg_fsync_no_writethrough(fd) != 0)
   10125           0 :                 ereport(PANIC,
   10126             :                         (errcode_for_file_access(),
   10127             :                          errmsg("could not fsync file \"%s\": %m",
   10128             :                                 XLogFileNameP(ThisTimeLineID, segno))));
   10129           0 :             break;
   10130             : #ifdef HAVE_FSYNC_WRITETHROUGH
   10131             :         case SYNC_METHOD_FSYNC_WRITETHROUGH:
   10132             :             if (pg_fsync_writethrough(fd) != 0)
   10133             :                 ereport(PANIC,
   10134             :                         (errcode_for_file_access(),
   10135             :                          errmsg("could not fsync write-through file \"%s\": %m",
   10136             :                                 XLogFileNameP(ThisTimeLineID, segno))));
   10137             :             break;
   10138             : #endif
   10139             : #ifdef HAVE_FDATASYNC
   10140             :         case SYNC_METHOD_FDATASYNC:
   10141      242628 :             if (pg_fdatasync(fd) != 0)
   10142           0 :                 ereport(PANIC,
   10143             :                         (errcode_for_file_access(),
   10144             :                          errmsg("could not fdatasync file \"%s\": %m",
   10145             :                                 XLogFileNameP(ThisTimeLineID, segno))));
   10146      242628 :             break;
   10147             : #endif
   10148             :         case SYNC_METHOD_OPEN:
   10149             :         case SYNC_METHOD_OPEN_DSYNC:
   10150             :             /* write synced it already */
   10151           0 :             break;
   10152             :         default:
   10153           0 :             elog(PANIC, "unrecognized wal_sync_method: %d", sync_method);
   10154             :             break;
   10155             :     }
   10156      242628 :     pgstat_report_wait_end();
   10157      242628 : }
   10158             : 
   10159             : /*
   10160             :  * Return the filename of given log segment, as a palloc'd string.
   10161             :  */
   10162             : char *
   10163           0 : XLogFileNameP(TimeLineID tli, XLogSegNo segno)
   10164             : {
   10165           0 :     char       *result = palloc(MAXFNAMELEN);
   10166             : 
   10167           0 :     XLogFileName(result, tli, segno, wal_segment_size);
   10168           0 :     return result;
   10169             : }
   10170             : 
   10171             : /*
   10172             :  * do_pg_start_backup
   10173             :  *
   10174             :  * Utility function called at the start of an online backup. It creates the
   10175             :  * necessary starting checkpoint and constructs the backup label file.
   10176             :  *
   10177             :  * There are two kind of backups: exclusive and non-exclusive. An exclusive
   10178             :  * backup is started with pg_start_backup(), and there can be only one active
   10179             :  * at a time. The backup and tablespace map files of an exclusive backup are
   10180             :  * written to $PGDATA/backup_label and $PGDATA/tablespace_map, and they are
   10181             :  * removed by pg_stop_backup().
   10182             :  *
   10183             :  * A non-exclusive backup is used for the streaming base backups (see
   10184             :  * src/backend/replication/basebackup.c). The difference to exclusive backups
   10185             :  * is that the backup label and tablespace map files are not written to disk.
   10186             :  * Instead, their would-be contents are returned in *labelfile and *tblspcmapfile,
   10187             :  * and the caller is responsible for including them in the backup archive as
   10188             :  * 'backup_label' and 'tablespace_map'. There can be many non-exclusive backups
   10189             :  * active at the same time, and they don't conflict with an exclusive backup
   10190             :  * either.
   10191             :  *
   10192             :  * tblspcmapfile is required mainly for tar format in windows as native windows
   10193             :  * utilities are not able to create symlinks while extracting files from tar.
   10194             :  * However for consistency, the same is used for all platforms.
   10195             :  *
   10196             :  * needtblspcmapfile is true for the cases (exclusive backup and for
   10197             :  * non-exclusive backup only when tar format is used for taking backup)
   10198             :  * when backup needs to generate tablespace_map file, it is used to
   10199             :  * embed escape character before newline character in tablespace path.
   10200             :  *
   10201             :  * Returns the minimum WAL location that must be present to restore from this
   10202             :  * backup, and the corresponding timeline ID in *starttli_p.
   10203             :  *
   10204             :  * Every successfully started non-exclusive backup must be stopped by calling
   10205             :  * do_pg_stop_backup() or do_pg_abort_backup().
   10206             :  *
   10207             :  * It is the responsibility of the caller of this function to verify the
   10208             :  * permissions of the calling user!
   10209             :  */
   10210             : XLogRecPtr
   10211         100 : do_pg_start_backup(const char *backupidstr, bool fast, TimeLineID *starttli_p,
   10212             :                    StringInfo labelfile, List **tablespaces,
   10213             :                    StringInfo tblspcmapfile, bool infotbssize,
   10214             :                    bool needtblspcmapfile)
   10215             : {
   10216         100 :     bool        exclusive = (labelfile == NULL);
   10217         100 :     bool        backup_started_in_recovery = false;
   10218             :     XLogRecPtr  checkpointloc;
   10219             :     XLogRecPtr  startpoint;
   10220             :     TimeLineID  starttli;
   10221             :     pg_time_t   stamp_time;
   10222             :     char        strfbuf[128];
   10223             :     char        xlogfilename[MAXFNAMELEN];
   10224             :     XLogSegNo   _logSegNo;
   10225             :     struct stat stat_buf;
   10226             :     FILE       *fp;
   10227             : 
   10228         100 :     backup_started_in_recovery = RecoveryInProgress();
   10229             : 
   10230             :     /*
   10231             :      * Currently only non-exclusive backup can be taken during recovery.
   10232             :      */
   10233         100 :     if (backup_started_in_recovery && exclusive)
   10234           0 :         ereport(ERROR,
   10235             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
   10236             :                  errmsg("recovery is in progress"),
   10237             :                  errhint("WAL control functions cannot be executed during recovery.")));
   10238             : 
   10239             :     /*
   10240             :      * During recovery, we don't need to check WAL level. Because, if WAL
   10241             :      * level is not sufficient, it's impossible to get here during recovery.
   10242             :      */
   10243         100 :     if (!backup_started_in_recovery && !XLogIsNeeded())
   10244           0 :         ereport(ERROR,
   10245             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
   10246             :                  errmsg("WAL level not sufficient for making an online backup"),
   10247             :                  errhint("wal_level must be set to \"replica\" or \"logical\" at server start.")));
   10248             : 
   10249         100 :     if (strlen(backupidstr) > MAXPGPATH)
   10250           0 :         ereport(ERROR,
   10251             :                 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
   10252             :                  errmsg("backup label too long (max %d bytes)",
   10253             :                         MAXPGPATH)));
   10254             : 
   10255             :     /*
   10256             :      * Mark backup active in shared memory.  We must do full-page WAL writes
   10257             :      * during an on-line backup even if not doing so at other times, because
   10258             :      * it's quite possible for the backup dump to obtain a "torn" (partially
   10259             :      * written) copy of a database page if it reads the page concurrently with
   10260             :      * our write to the same page.  This can be fixed as long as the first
   10261             :      * write to the page in the WAL sequence is a full-page write. Hence, we
   10262             :      * turn on forcePageWrites and then force a CHECKPOINT, to ensure there
   10263             :      * are no dirty pages in shared memory that might get dumped while the
   10264             :      * backup is in progress without having a corresponding WAL record.  (Once
   10265             :      * the backup is complete, we need not force full-page writes anymore,
   10266             :      * since we expect that any pages not modified during the backup interval
   10267             :      * must have been correctly captured by the backup.)
   10268             :      *
   10269             :      * Note that forcePageWrites has no effect during an online backup from
   10270             :      * the standby.
   10271             :      *
   10272             :      * We must hold all the insertion locks to change the value of
   10273             :      * forcePageWrites, to ensure adequate interlocking against
   10274             :      * XLogInsertRecord().
   10275             :      */
   10276         100 :     WALInsertLockAcquireExclusive();
   10277         100 :     if (exclusive)
   10278             :     {
   10279             :         /*
   10280             :          * At first, mark that we're now starting an exclusive backup, to
   10281             :          * ensure that there are no other sessions currently running
   10282             :          * pg_start_backup() or pg_stop_backup().
   10283             :          */
   10284           2 :         if (XLogCtl->Insert.exclusiveBackupState != EXCLUSIVE_BACKUP_NONE)
   10285             :         {
   10286           0 :             WALInsertLockRelease();
   10287           0 :             ereport(ERROR,
   10288             :                     (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
   10289             :                      errmsg("a backup is already in progress"),
   10290             :                      errhint("Run pg_stop_backup() and try again.")));
   10291             :         }
   10292           2 :         XLogCtl->Insert.exclusiveBackupState = EXCLUSIVE_BACKUP_STARTING;
   10293             :     }
   10294             :     else
   10295          98 :         XLogCtl->Insert.nonExclusiveBackups++;
   10296         100 :     XLogCtl->Insert.forcePageWrites = true;
   10297         100 :     WALInsertLockRelease();
   10298             : 
   10299             :     /* Ensure we release forcePageWrites if fail below */
   10300         100 :     PG_ENSURE_ERROR_CLEANUP(pg_start_backup_callback, (Datum) BoolGetDatum(exclusive));
   10301             :     {
   10302         100 :         bool        gotUniqueStartpoint = false;
   10303             :         DIR        *tblspcdir;
   10304             :         struct dirent *de;
   10305             :         tablespaceinfo *ti;
   10306             :         int         datadirpathlen;
   10307             : 
   10308             :         /*
   10309             :          * Force an XLOG file switch before the checkpoint, to ensure that the
   10310             :          * WAL segment the checkpoint is written to doesn't contain pages with
   10311             :          * old timeline IDs.  That would otherwise happen if you called
   10312             :          * pg_start_backup() right after restoring from a PITR archive: the
   10313             :          * first WAL segment containing the startup checkpoint has pages in
   10314             :          * the beginning with the old timeline ID.  That can cause trouble at
   10315             :          * recovery: we won't have a history file covering the old timeline if
   10316             :          * pg_wal directory was not included in the base backup and the WAL
   10317             :          * archive was cleared too before starting the backup.
   10318             :          *
   10319             :          * This also ensures that we have emitted a WAL page header that has
   10320             :          * XLP_BKP_REMOVABLE off before we emit the checkpoint record.
   10321             :          * Therefore, if a WAL archiver (such as pglesslog) is trying to
   10322             :          * compress out removable backup blocks, it won't remove any that
   10323             :          * occur after this point.
   10324             :          *
   10325             :          * During recovery, we skip forcing XLOG file switch, which means that
   10326             :          * the backup taken during recovery is not available for the special
   10327             :          * recovery case described above.
   10328             :          */
   10329         100 :         if (!backup_started_in_recovery)
   10330          96 :             RequestXLogSwitch(false);
   10331             : 
   10332             :         do
   10333             :         {
   10334             :             bool        checkpointfpw;
   10335             : 
   10336             :             /*
   10337             :              * Force a CHECKPOINT.  Aside from being necessary to prevent torn
   10338             :              * page problems, this guarantees that two successive backup runs
   10339             :              * will have different checkpoint positions and hence different
   10340             :              * history file names, even if nothing happened in between.
   10341             :              *
   10342             :              * During recovery, establish a restartpoint if possible. We use
   10343             :              * the last restartpoint as the backup starting checkpoint. This
   10344             :              * means that two successive backup runs can have same checkpoint
   10345             :              * positions.
   10346             :              *
   10347             :              * Since the fact that we are executing do_pg_start_backup()
   10348             :              * during recovery means that checkpointer is running, we can use
   10349             :              * RequestCheckpoint() to establish a restartpoint.
   10350             :              *
   10351             :              * We use CHECKPOINT_IMMEDIATE only if requested by user (via
   10352             :              * passing fast = true).  Otherwise this can take awhile.
   10353             :              */
   10354         100 :             RequestCheckpoint(CHECKPOINT_FORCE | CHECKPOINT_WAIT |
   10355             :                               (fast ? CHECKPOINT_IMMEDIATE : 0));
   10356             : 
   10357             :             /*
   10358             :              * Now we need to fetch the checkpoint record location, and also
   10359             :              * its REDO pointer.  The oldest point in WAL that would be needed
   10360             :              * to restore starting from the checkpoint is precisely the REDO
   10361             :              * pointer.
   10362             :              */
   10363         100 :             LWLockAcquire(ControlFileLock, LW_SHARED);
   10364         100 :             checkpointloc = ControlFile->checkPoint;
   10365         100 :             startpoint = ControlFile->checkPointCopy.redo;
   10366         100 :             starttli = ControlFile->checkPointCopy.ThisTimeLineID;
   10367         100 :             checkpointfpw = ControlFile->checkPointCopy.fullPageWrites;
   10368         100 :             LWLockRelease(ControlFileLock);
   10369             : 
   10370         100 :             if (backup_started_in_recovery)
   10371             :             {
   10372             :                 XLogRecPtr  recptr;
   10373             : 
   10374             :                 /*
   10375             :                  * Check to see if all WAL replayed during online backup
   10376             :                  * (i.e., since last restartpoint used as backup starting
   10377             :                  * checkpoint) contain full-page writes.
   10378             :                  */
   10379           4 :                 SpinLockAcquire(&XLogCtl->info_lck);
   10380           4 :                 recptr = XLogCtl->lastFpwDisableRecPtr;
   10381           4 :                 SpinLockRelease(&XLogCtl->info_lck);
   10382             : 
   10383           4 :                 if (!checkpointfpw || startpoint <= recptr)
   10384           0 :                     ereport(ERROR,
   10385             :                             (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
   10386             :                              errmsg("WAL generated with full_page_writes=off was replayed "
   10387             :                                     "since last restartpoint"),
   10388             :                              errhint("This means that the backup being taken on the standby "
   10389             :                                      "is corrupt and should not be used. "
   10390             :                                      "Enable full_page_writes and run CHECKPOINT on the master, "
   10391             :                                      "and then try an online backup again.")));
   10392             : 
   10393             :                 /*
   10394             :                  * During recovery, since we don't use the end-of-backup WAL
   10395             :                  * record and don't write the backup history file, the
   10396             :                  * starting WAL location doesn't need to be unique. This means
   10397             :                  * that two base backups started at the same time might use
   10398             :                  * the same checkpoint as starting locations.
   10399             :                  */
   10400           4 :                 gotUniqueStartpoint = true;
   10401             :             }
   10402             : 
   10403             :             /*
   10404             :              * If two base backups are started at the same time (in WAL sender
   10405             :              * processes), we need to make sure that they use different
   10406             :              * checkpoints as starting locations, because we use the starting
   10407             :              * WAL location as a unique identifier for the base backup in the
   10408             :              * end-of-backup WAL record and when we write the backup history
   10409             :              * file. Perhaps it would be better generate a separate unique ID
   10410             :              * for each backup instead of forcing another checkpoint, but
   10411             :              * taking a checkpoint right after another is not that expensive
   10412             :              * either because only few buffers have been dirtied yet.
   10413             :              */
   10414         100 :             WALInsertLockAcquireExclusive();
   10415         100 :             if (XLogCtl->Insert.lastBackupStart < startpoint)
   10416             :             {
   10417         100 :                 XLogCtl->Insert.lastBackupStart = startpoint;
   10418         100 :                 gotUniqueStartpoint = true;
   10419             :             }
   10420         100 :             WALInsertLockRelease();
   10421         100 :         } while (!gotUniqueStartpoint);
   10422             : 
   10423         100 :         XLByteToSeg(startpoint, _logSegNo, wal_segment_size);
   10424         100 :         XLogFileName(xlogfilename, starttli, _logSegNo, wal_segment_size);
   10425             : 
   10426             :         /*
   10427             :          * Construct tablespace_map file
   10428             :          */
   10429         100 :         if (exclusive)
   10430           2 :             tblspcmapfile = makeStringInfo();
   10431             : 
   10432         100 :         datadirpathlen = strlen(DataDir);
   10433             : 
   10434             :         /* Collect information about all tablespaces */
   10435         100 :         tblspcdir = AllocateDir("pg_tblspc");
   10436         410 :         while ((de = ReadDir(tblspcdir, "pg_tblspc")) != NULL)
   10437             :         {
   10438             :             char        fullpath[MAXPGPATH + 10];
   10439             :             char        linkpath[MAXPGPATH];
   10440         210 :             char       *relpath = NULL;
   10441             :             int         rllen;
   10442             :             StringInfoData buflinkpath;
   10443         210 :             char       *s = linkpath;
   10444             : 
   10445             :             /* Skip special stuff */
   10446         210 :             if (strcmp(de->d_name, ".") == 0 || strcmp(de->d_name, "..") == 0)
   10447         400 :                 continue;
   10448             : 
   10449          10 :             snprintf(fullpath, sizeof(fullpath), "pg_tblspc/%s", de->d_name);
   10450             : 
   10451             : #if defined(HAVE_READLINK) || defined(WIN32)
   10452          10 :             rllen = readlink(fullpath, linkpath, sizeof(linkpath));
   10453          10 :             if (rllen < 0)
   10454             :             {
   10455           0 :                 ereport(WARNING,
   10456             :                         (errmsg("could not read symbolic link \"%s\": %m",
   10457             :                                 fullpath)));
   10458           0 :                 continue;
   10459             :             }
   10460          10 :             else if (rllen >= sizeof(linkpath))
   10461             :             {
   10462           0 :                 ereport(WARNING,
   10463             :                         (errmsg("symbolic link \"%s\" target is too long",
   10464             :                                 fullpath)));
   10465           0 :                 continue;
   10466             :             }
   10467          10 :             linkpath[rllen] = '\0';
   10468             : 
   10469             :             /*
   10470             :              * Add the escape character '\\' before newline in a string to
   10471             :              * ensure that we can distinguish between the newline in the
   10472             :              * tablespace path and end of line while reading tablespace_map
   10473             :              * file during archive recovery.
   10474             :              */
   10475          10 :             initStringInfo(&buflinkpath);
   10476             : 
   10477         644 :             while (*s)
   10478             :             {
   10479         624 :                 if ((*s == '\n' || *s == '\r') && needtblspcmapfile)
   10480           0 :                     appendStringInfoChar(&buflinkpath, '\\');
   10481         624 :                 appendStringInfoChar(&buflinkpath, *s++);
   10482             :             }
   10483             : 
   10484             :             /*
   10485             :              * Relpath holds the relative path of the tablespace directory
   10486             :              * when it's located within PGDATA, or NULL if it's located
   10487             :              * elsewhere.
   10488             :              */
   10489          12 :             if (rllen > datadirpathlen &&
   10490           2 :                 strncmp(linkpath, DataDir, datadirpathlen) == 0 &&
   10491           0 :                 IS_DIR_SEP(linkpath[datadirpathlen]))
   10492           0 :                 relpath = linkpath + datadirpathlen + 1;
   10493             : 
   10494          10 :             ti = palloc(sizeof(tablespaceinfo));
   10495          10 :             ti->oid = pstrdup(de->d_name);
   10496          10 :             ti->path = pstrdup(buflinkpath.data);
   10497          10 :             ti->rpath = relpath ? pstrdup(relpath) : NULL;
   10498          10 :             ti->size = infotbssize ? sendTablespace(fullpath, true) : -1;
   10499             : 
   10500          10 :             if (tablespaces)
   10501          10 :                 *tablespaces = lappend(*tablespaces, ti);
   10502             : 
   10503          10 :             appendStringInfo(tblspcmapfile, "%s %s\n", ti->oid, ti->path);
   10504             : 
   10505          10 :             pfree(buflinkpath.data);
   10506             : #else
   10507             : 
   10508             :             /*
   10509             :              * If the platform does not have symbolic links, it should not be
   10510             :              * possible to have tablespaces - clearly somebody else created
   10511             :              * them. Warn about it and ignore.
   10512             :              */
   10513             :             ereport(WARNING,
   10514             :                     (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
   10515             :                      errmsg("tablespaces are not supported on this platform")));
   10516             : #endif
   10517             :         }
   10518         100 :         FreeDir(tblspcdir);
   10519             : 
   10520             :         /*
   10521             :          * Construct backup label file
   10522             :          */
   10523         100 :         if (exclusive)
   10524           2 :             labelfile = makeStringInfo();
   10525             : 
   10526             :         /* Use the log timezone here, not the session timezone */
   10527         100 :         stamp_time = (pg_time_t) time(NULL);
   10528         100 :         pg_strftime(strfbuf, sizeof(strfbuf),
   10529             :                     "%Y-%m-%d %H:%M:%S %Z",
   10530         100 :                     pg_localtime(&stamp_time, log_timezone));
   10531         200 :         appendStringInfo(labelfile, "START WAL LOCATION: %X/%X (file %s)\n",
   10532         100 :                          (uint32) (startpoint >> 32), (uint32) startpoint, xlogfilename);
   10533         200 :         appendStringInfo(labelfile, "CHECKPOINT LOCATION: %X/%X\n",
   10534         100 :                          (uint32) (checkpointloc >> 32), (uint32) checkpointloc);
   10535         100 :         appendStringInfo(labelfile, "BACKUP METHOD: %s\n",
   10536             :                          exclusive ? "pg_start_backup" : "streamed");
   10537         100 :         appendStringInfo(labelfile, "BACKUP FROM: %s\n",
   10538             :                          backup_started_in_recovery ? "standby" : "master");
   10539         100 :         appendStringInfo(labelfile, "START TIME: %s\n", strfbuf);
   10540         100 :         appendStringInfo(labelfile, "LABEL: %s\n", backupidstr);
   10541         100 :         appendStringInfo(labelfile, "START TIMELINE: %u\n", starttli);
   10542             : 
   10543             :         /*
   10544             :          * Okay, write the file, or return its contents to caller.
   10545             :          */
   10546         100 :         if (exclusive)
   10547             :         {
   10548             :             /*
   10549             :              * Check for existing backup label --- implies a backup is already
   10550             :              * running.  (XXX given that we checked exclusiveBackupState
   10551             :              * above, maybe it would be OK to just unlink any such label
   10552             :              * file?)
   10553             :              */
   10554           2 :             if (stat(BACKUP_LABEL_FILE, &stat_buf) != 0)
   10555             :             {
   10556           2 :                 if (errno != ENOENT)
   10557           0 :                     ereport(ERROR,
   10558             :                             (errcode_for_file_access(),
   10559             :                              errmsg("could not stat file \"%s\": %m",
   10560             :                                     BACKUP_LABEL_FILE)));
   10561             :             }
   10562             :             else
   10563           0 :                 ereport(ERROR,
   10564             :                         (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
   10565             :                          errmsg("a backup is already in progress"),
   10566             :                          errhint("If you're sure there is no backup in progress, remove file \"%s\" and try again.",
   10567             :                                  BACKUP_LABEL_FILE)));
   10568             : 
   10569           2 :             fp = AllocateFile(BACKUP_LABEL_FILE, "w");
   10570             : 
   10571           2 :             if (!fp)
   10572           0 :                 ereport(ERROR,
   10573             :                         (errcode_for_file_access(),
   10574             :                          errmsg("could not create file \"%s\": %m",
   10575             :                                 BACKUP_LABEL_FILE)));
   10576           4 :             if (fwrite(labelfile->data, labelfile->len, 1, fp) != 1 ||
   10577           4 :                 fflush(fp) != 0 ||
   10578           4 :                 pg_fsync(fileno(fp)) != 0 ||
   10579           4 :                 ferror(fp) ||
   10580           2 :                 FreeFile(fp))
   10581           0 :                 ereport(ERROR,
   10582             :                         (errcode_for_file_access(),
   10583             :                          errmsg("could not write file \"%s\": %m",
   10584             :                                 BACKUP_LABEL_FILE)));
   10585             :             /* Allocated locally for exclusive backups, so free separately */
   10586           2 :             pfree(labelfile->data);
   10587           2 :             pfree(labelfile);
   10588             : 
   10589             :             /* Write backup tablespace_map file. */
   10590           2 :             if (tblspcmapfile->len > 0)
   10591             :             {
   10592           0 :                 if (stat(TABLESPACE_MAP, &stat_buf) != 0)
   10593             :                 {
   10594           0 :                     if (errno != ENOENT)
   10595           0 :                         ereport(ERROR,
   10596             :                                 (errcode_for_file_access(),
   10597             :                                  errmsg("could not stat file \"%s\": %m",
   10598             :                                         TABLESPACE_MAP)));
   10599             :                 }
   10600             :                 else
   10601           0 :                     ereport(ERROR,
   10602             :                             (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
   10603             :                              errmsg("a backup is already in progress"),
   10604             :                              errhint("If you're sure there is no backup in progress, remove file \"%s\" and try again.",
   10605             :                                      TABLESPACE_MAP)));
   10606             : 
   10607           0 :                 fp = AllocateFile(TABLESPACE_MAP, "w");
   10608             : 
   10609           0 :                 if (!fp)
   10610           0 :                     ereport(ERROR,
   10611             :                             (errcode_for_file_access(),
   10612             :                              errmsg("could not create file \"%s\": %m",
   10613             :                                     TABLESPACE_MAP)));
   10614           0 :                 if (fwrite(tblspcmapfile->data, tblspcmapfile->len, 1, fp) != 1 ||
   10615           0 :                     fflush(fp) != 0 ||
   10616           0 :                     pg_fsync(fileno(fp)) != 0 ||
   10617           0 :                     ferror(fp) ||
   10618           0 :                     FreeFile(fp))
   10619           0 :                     ereport(ERROR,
   10620             :                             (errcode_for_file_access(),
   10621             :                              errmsg("could not write file \"%s\": %m",
   10622             :                                     TABLESPACE_MAP)));
   10623             :             }
   10624             : 
   10625             :             /* Allocated locally for exclusive backups, so free separately */
   10626           2 :             pfree(tblspcmapfile->data);
   10627           2 :             pfree(tblspcmapfile);
   10628             :         }
   10629             :     }
   10630         100 :     PG_END_ENSURE_ERROR_CLEANUP(pg_start_backup_callback, (Datum) BoolGetDatum(exclusive));
   10631             : 
   10632             :     /*
   10633             :      * Mark that start phase has correctly finished for an exclusive backup.
   10634             :      * Session-level locks are updated as well to reflect that state.
   10635             :      *
   10636             :      * Note that CHECK_FOR_INTERRUPTS() must not occur while updating backup
   10637             :      * counters and session-level lock. Otherwise they can be updated
   10638             :      * inconsistently, and which might cause do_pg_abort_backup() to fail.
   10639             :      */
   10640         100 :     if (exclusive)
   10641             :     {
   10642           2 :         WALInsertLockAcquireExclusive();
   10643           2 :         XLogCtl->Insert.exclusiveBackupState = EXCLUSIVE_BACKUP_IN_PROGRESS;
   10644             : 
   10645             :         /* Set session-level lock */
   10646           2 :         sessionBackupState = SESSION_BACKUP_EXCLUSIVE;
   10647           2 :         WALInsertLockRelease();
   10648             :     }
   10649             :     else
   10650          98 :         sessionBackupState = SESSION_BACKUP_NON_EXCLUSIVE;
   10651             : 
   10652             :     /*
   10653             :      * We're done.  As a convenience, return the starting WAL location.
   10654             :      */
   10655         100 :     if (starttli_p)
   10656          98 :         *starttli_p = starttli;
   10657         100 :     return startpoint;
   10658             : }
   10659             : 
   10660             : /* Error cleanup callback for pg_start_backup */
   10661             : static void
   10662           0 : pg_start_backup_callback(int code, Datum arg)
   10663             : {
   10664           0 :     bool        exclusive = DatumGetBool(arg);
   10665             : 
   10666             :     /* Update backup counters and forcePageWrites on failure */
   10667           0 :     WALInsertLockAcquireExclusive();
   10668           0 :     if (exclusive)
   10669             :     {
   10670             :         Assert(XLogCtl->Insert.exclusiveBackupState == EXCLUSIVE_BACKUP_STARTING);
   10671           0 :         XLogCtl->Insert.exclusiveBackupState = EXCLUSIVE_BACKUP_NONE;
   10672             :     }
   10673             :     else
   10674             :     {
   10675             :         Assert(XLogCtl->Insert.nonExclusiveBackups > 0);
   10676           0 :         XLogCtl->Insert.nonExclusiveBackups--;
   10677             :     }
   10678             : 
   10679           0 :     if (XLogCtl->Insert.exclusiveBackupState == EXCLUSIVE_BACKUP_NONE &&
   10680           0 :         XLogCtl->Insert.nonExclusiveBackups == 0)
   10681             :     {
   10682           0 :         XLogCtl->Insert.forcePageWrites = false;