LCOV - code coverage report
Current view: top level - src/backend/access/transam - xlog.c (source / functions) Hit Total Coverage
Test: PostgreSQL 18devel Lines: 2168 2457 88.2 %
Date: 2024-12-12 19:15:15 Functions: 118 121 97.5 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /*-------------------------------------------------------------------------
       2             :  *
       3             :  * xlog.c
       4             :  *      PostgreSQL write-ahead log manager
       5             :  *
       6             :  * The Write-Ahead Log (WAL) functionality is split into several source
       7             :  * files, in addition to this one:
       8             :  *
       9             :  * xloginsert.c - Functions for constructing WAL records
      10             :  * xlogrecovery.c - WAL recovery and standby code
      11             :  * xlogreader.c - Facility for reading WAL files and parsing WAL records
      12             :  * xlogutils.c - Helper functions for WAL redo routines
      13             :  *
      14             :  * This file contains functions for coordinating database startup and
      15             :  * checkpointing, and managing the write-ahead log buffers when the
      16             :  * system is running.
      17             :  *
      18             :  * StartupXLOG() is the main entry point of the startup process.  It
      19             :  * coordinates database startup, performing WAL recovery, and the
      20             :  * transition from WAL recovery into normal operations.
      21             :  *
      22             :  * XLogInsertRecord() inserts a WAL record into the WAL buffers.  Most
      23             :  * callers should not call this directly, but use the functions in
      24             :  * xloginsert.c to construct the WAL record.  XLogFlush() can be used
      25             :  * to force the WAL to disk.
      26             :  *
      27             :  * In addition to those, there are many other functions for interrogating
      28             :  * the current system state, and for starting/stopping backups.
      29             :  *
      30             :  *
      31             :  * Portions Copyright (c) 1996-2024, PostgreSQL Global Development Group
      32             :  * Portions Copyright (c) 1994, Regents of the University of California
      33             :  *
      34             :  * src/backend/access/transam/xlog.c
      35             :  *
      36             :  *-------------------------------------------------------------------------
      37             :  */
      38             : 
      39             : #include "postgres.h"
      40             : 
      41             : #include <ctype.h>
      42             : #include <math.h>
      43             : #include <time.h>
      44             : #include <fcntl.h>
      45             : #include <sys/stat.h>
      46             : #include <sys/time.h>
      47             : #include <unistd.h>
      48             : 
      49             : #include "access/clog.h"
      50             : #include "access/commit_ts.h"
      51             : #include "access/heaptoast.h"
      52             : #include "access/multixact.h"
      53             : #include "access/rewriteheap.h"
      54             : #include "access/subtrans.h"
      55             : #include "access/timeline.h"
      56             : #include "access/transam.h"
      57             : #include "access/twophase.h"
      58             : #include "access/xact.h"
      59             : #include "access/xlog_internal.h"
      60             : #include "access/xlogarchive.h"
      61             : #include "access/xloginsert.h"
      62             : #include "access/xlogreader.h"
      63             : #include "access/xlogrecovery.h"
      64             : #include "access/xlogutils.h"
      65             : #include "backup/basebackup.h"
      66             : #include "catalog/catversion.h"
      67             : #include "catalog/pg_control.h"
      68             : #include "catalog/pg_database.h"
      69             : #include "common/controldata_utils.h"
      70             : #include "common/file_utils.h"
      71             : #include "executor/instrument.h"
      72             : #include "miscadmin.h"
      73             : #include "pg_trace.h"
      74             : #include "pgstat.h"
      75             : #include "port/atomics.h"
      76             : #include "postmaster/bgwriter.h"
      77             : #include "postmaster/startup.h"
      78             : #include "postmaster/walsummarizer.h"
      79             : #include "postmaster/walwriter.h"
      80             : #include "replication/origin.h"
      81             : #include "replication/slot.h"
      82             : #include "replication/snapbuild.h"
      83             : #include "replication/walreceiver.h"
      84             : #include "replication/walsender.h"
      85             : #include "storage/bufmgr.h"
      86             : #include "storage/fd.h"
      87             : #include "storage/ipc.h"
      88             : #include "storage/large_object.h"
      89             : #include "storage/latch.h"
      90             : #include "storage/predicate.h"
      91             : #include "storage/proc.h"
      92             : #include "storage/procarray.h"
      93             : #include "storage/reinit.h"
      94             : #include "storage/spin.h"
      95             : #include "storage/sync.h"
      96             : #include "utils/guc_hooks.h"
      97             : #include "utils/guc_tables.h"
      98             : #include "utils/injection_point.h"
      99             : #include "utils/ps_status.h"
     100             : #include "utils/relmapper.h"
     101             : #include "utils/snapmgr.h"
     102             : #include "utils/timeout.h"
     103             : #include "utils/timestamp.h"
     104             : #include "utils/varlena.h"
     105             : 
     106             : #ifdef WAL_DEBUG
     107             : #include "utils/memutils.h"
     108             : #endif
     109             : 
     110             : /* timeline ID to be used when bootstrapping */
     111             : #define BootstrapTimeLineID     1
     112             : 
     113             : /* User-settable parameters */
     114             : int         max_wal_size_mb = 1024; /* 1 GB */
     115             : int         min_wal_size_mb = 80;   /* 80 MB */
     116             : int         wal_keep_size_mb = 0;
     117             : int         XLOGbuffers = -1;
     118             : int         XLogArchiveTimeout = 0;
     119             : int         XLogArchiveMode = ARCHIVE_MODE_OFF;
     120             : char       *XLogArchiveCommand = NULL;
     121             : bool        EnableHotStandby = false;
     122             : bool        fullPageWrites = true;
     123             : bool        wal_log_hints = false;
     124             : int         wal_compression = WAL_COMPRESSION_NONE;
     125             : char       *wal_consistency_checking_string = NULL;
     126             : bool       *wal_consistency_checking = NULL;
     127             : bool        wal_init_zero = true;
     128             : bool        wal_recycle = true;
     129             : bool        log_checkpoints = true;
     130             : int         wal_sync_method = DEFAULT_WAL_SYNC_METHOD;
     131             : int         wal_level = WAL_LEVEL_REPLICA;
     132             : int         CommitDelay = 0;    /* precommit delay in microseconds */
     133             : int         CommitSiblings = 5; /* # concurrent xacts needed to sleep */
     134             : int         wal_retrieve_retry_interval = 5000;
     135             : int         max_slot_wal_keep_size_mb = -1;
     136             : int         wal_decode_buffer_size = 512 * 1024;
     137             : bool        track_wal_io_timing = false;
     138             : 
     139             : #ifdef WAL_DEBUG
     140             : bool        XLOG_DEBUG = false;
     141             : #endif
     142             : 
     143             : int         wal_segment_size = DEFAULT_XLOG_SEG_SIZE;
     144             : 
     145             : /*
     146             :  * Number of WAL insertion locks to use. A higher value allows more insertions
     147             :  * to happen concurrently, but adds some CPU overhead to flushing the WAL,
     148             :  * which needs to iterate all the locks.
     149             :  */
     150             : #define NUM_XLOGINSERT_LOCKS  8
     151             : 
     152             : /*
     153             :  * Max distance from last checkpoint, before triggering a new xlog-based
     154             :  * checkpoint.
     155             :  */
     156             : int         CheckPointSegments;
     157             : 
     158             : /* Estimated distance between checkpoints, in bytes */
     159             : static double CheckPointDistanceEstimate = 0;
     160             : static double PrevCheckPointDistance = 0;
     161             : 
     162             : /*
     163             :  * Track whether there were any deferred checks for custom resource managers
     164             :  * specified in wal_consistency_checking.
     165             :  */
     166             : static bool check_wal_consistency_checking_deferred = false;
     167             : 
     168             : /*
     169             :  * GUC support
     170             :  */
     171             : const struct config_enum_entry wal_sync_method_options[] = {
     172             :     {"fsync", WAL_SYNC_METHOD_FSYNC, false},
     173             : #ifdef HAVE_FSYNC_WRITETHROUGH
     174             :     {"fsync_writethrough", WAL_SYNC_METHOD_FSYNC_WRITETHROUGH, false},
     175             : #endif
     176             :     {"fdatasync", WAL_SYNC_METHOD_FDATASYNC, false},
     177             : #ifdef O_SYNC
     178             :     {"open_sync", WAL_SYNC_METHOD_OPEN, false},
     179             : #endif
     180             : #ifdef O_DSYNC
     181             :     {"open_datasync", WAL_SYNC_METHOD_OPEN_DSYNC, false},
     182             : #endif
     183             :     {NULL, 0, false}
     184             : };
     185             : 
     186             : 
     187             : /*
     188             :  * Although only "on", "off", and "always" are documented,
     189             :  * we accept all the likely variants of "on" and "off".
     190             :  */
     191             : const struct config_enum_entry archive_mode_options[] = {
     192             :     {"always", ARCHIVE_MODE_ALWAYS, false},
     193             :     {"on", ARCHIVE_MODE_ON, false},
     194             :     {"off", ARCHIVE_MODE_OFF, false},
     195             :     {"true", ARCHIVE_MODE_ON, true},
     196             :     {"false", ARCHIVE_MODE_OFF, true},
     197             :     {"yes", ARCHIVE_MODE_ON, true},
     198             :     {"no", ARCHIVE_MODE_OFF, true},
     199             :     {"1", ARCHIVE_MODE_ON, true},
     200             :     {"0", ARCHIVE_MODE_OFF, true},
     201             :     {NULL, 0, false}
     202             : };
     203             : 
     204             : /*
     205             :  * Statistics for current checkpoint are collected in this global struct.
     206             :  * Because only the checkpointer or a stand-alone backend can perform
     207             :  * checkpoints, this will be unused in normal backends.
     208             :  */
     209             : CheckpointStatsData CheckpointStats;
     210             : 
     211             : /*
     212             :  * During recovery, lastFullPageWrites keeps track of full_page_writes that
     213             :  * the replayed WAL records indicate. It's initialized with full_page_writes
     214             :  * that the recovery starting checkpoint record indicates, and then updated
     215             :  * each time XLOG_FPW_CHANGE record is replayed.
     216             :  */
     217             : static bool lastFullPageWrites;
     218             : 
     219             : /*
     220             :  * Local copy of the state tracked by SharedRecoveryState in shared memory,
     221             :  * It is false if SharedRecoveryState is RECOVERY_STATE_DONE.  True actually
     222             :  * means "not known, need to check the shared state".
     223             :  */
     224             : static bool LocalRecoveryInProgress = true;
     225             : 
     226             : /*
     227             :  * Local state for XLogInsertAllowed():
     228             :  *      1: unconditionally allowed to insert XLOG
     229             :  *      0: unconditionally not allowed to insert XLOG
     230             :  *      -1: must check RecoveryInProgress(); disallow until it is false
     231             :  * Most processes start with -1 and transition to 1 after seeing that recovery
     232             :  * is not in progress.  But we can also force the value for special cases.
     233             :  * The coding in XLogInsertAllowed() depends on the first two of these states
     234             :  * being numerically the same as bool true and false.
     235             :  */
     236             : static int  LocalXLogInsertAllowed = -1;
     237             : 
     238             : /*
     239             :  * ProcLastRecPtr points to the start of the last XLOG record inserted by the
     240             :  * current backend.  It is updated for all inserts.  XactLastRecEnd points to
     241             :  * end+1 of the last record, and is reset when we end a top-level transaction,
     242             :  * or start a new one; so it can be used to tell if the current transaction has
     243             :  * created any XLOG records.
     244             :  *
     245             :  * While in parallel mode, this may not be fully up to date.  When committing,
     246             :  * a transaction can assume this covers all xlog records written either by the
     247             :  * user backend or by any parallel worker which was present at any point during
     248             :  * the transaction.  But when aborting, or when still in parallel mode, other
     249             :  * parallel backends may have written WAL records at later LSNs than the value
     250             :  * stored here.  The parallel leader advances its own copy, when necessary,
     251             :  * in WaitForParallelWorkersToFinish.
     252             :  */
     253             : XLogRecPtr  ProcLastRecPtr = InvalidXLogRecPtr;
     254             : XLogRecPtr  XactLastRecEnd = InvalidXLogRecPtr;
     255             : XLogRecPtr  XactLastCommitEnd = InvalidXLogRecPtr;
     256             : 
     257             : /*
     258             :  * RedoRecPtr is this backend's local copy of the REDO record pointer
     259             :  * (which is almost but not quite the same as a pointer to the most recent
     260             :  * CHECKPOINT record).  We update this from the shared-memory copy,
     261             :  * XLogCtl->Insert.RedoRecPtr, whenever we can safely do so (ie, when we
     262             :  * hold an insertion lock).  See XLogInsertRecord for details.  We are also
     263             :  * allowed to update from XLogCtl->RedoRecPtr if we hold the info_lck;
     264             :  * see GetRedoRecPtr.
     265             :  *
     266             :  * NB: Code that uses this variable must be prepared not only for the
     267             :  * possibility that it may be arbitrarily out of date, but also for the
     268             :  * possibility that it might be set to InvalidXLogRecPtr. We used to
     269             :  * initialize it as a side effect of the first call to RecoveryInProgress(),
     270             :  * which meant that most code that might use it could assume that it had a
     271             :  * real if perhaps stale value. That's no longer the case.
     272             :  */
     273             : static XLogRecPtr RedoRecPtr;
     274             : 
     275             : /*
     276             :  * doPageWrites is this backend's local copy of (fullPageWrites ||
     277             :  * runningBackups > 0).  It is used together with RedoRecPtr to decide whether
     278             :  * a full-page image of a page need to be taken.
     279             :  *
     280             :  * NB: Initially this is false, and there's no guarantee that it will be
     281             :  * initialized to any other value before it is first used. Any code that
     282             :  * makes use of it must recheck the value after obtaining a WALInsertLock,
     283             :  * and respond appropriately if it turns out that the previous value wasn't
     284             :  * accurate.
     285             :  */
     286             : static bool doPageWrites;
     287             : 
     288             : /*----------
     289             :  * Shared-memory data structures for XLOG control
     290             :  *
     291             :  * LogwrtRqst indicates a byte position that we need to write and/or fsync
     292             :  * the log up to (all records before that point must be written or fsynced).
     293             :  * The positions already written/fsynced are maintained in logWriteResult
     294             :  * and logFlushResult using atomic access.
     295             :  * In addition to the shared variable, each backend has a private copy of
     296             :  * both in LogwrtResult, which is updated when convenient.
     297             :  *
     298             :  * The request bookkeeping is simpler: there is a shared XLogCtl->LogwrtRqst
     299             :  * (protected by info_lck), but we don't need to cache any copies of it.
     300             :  *
     301             :  * info_lck is only held long enough to read/update the protected variables,
     302             :  * so it's a plain spinlock.  The other locks are held longer (potentially
     303             :  * over I/O operations), so we use LWLocks for them.  These locks are:
     304             :  *
     305             :  * WALBufMappingLock: must be held to replace a page in the WAL buffer cache.
     306             :  * It is only held while initializing and changing the mapping.  If the
     307             :  * contents of the buffer being replaced haven't been written yet, the mapping
     308             :  * lock is released while the write is done, and reacquired afterwards.
     309             :  *
     310             :  * WALWriteLock: must be held to write WAL buffers to disk (XLogWrite or
     311             :  * XLogFlush).
     312             :  *
     313             :  * ControlFileLock: must be held to read/update control file or create
     314             :  * new log file.
     315             :  *
     316             :  *----------
     317             :  */
     318             : 
     319             : typedef struct XLogwrtRqst
     320             : {
     321             :     XLogRecPtr  Write;          /* last byte + 1 to write out */
     322             :     XLogRecPtr  Flush;          /* last byte + 1 to flush */
     323             : } XLogwrtRqst;
     324             : 
     325             : typedef struct XLogwrtResult
     326             : {
     327             :     XLogRecPtr  Write;          /* last byte + 1 written out */
     328             :     XLogRecPtr  Flush;          /* last byte + 1 flushed */
     329             : } XLogwrtResult;
     330             : 
     331             : /*
     332             :  * Inserting to WAL is protected by a small fixed number of WAL insertion
     333             :  * locks. To insert to the WAL, you must hold one of the locks - it doesn't
     334             :  * matter which one. To lock out other concurrent insertions, you must hold
     335             :  * of them. Each WAL insertion lock consists of a lightweight lock, plus an
     336             :  * indicator of how far the insertion has progressed (insertingAt).
     337             :  *
     338             :  * The insertingAt values are read when a process wants to flush WAL from
     339             :  * the in-memory buffers to disk, to check that all the insertions to the
     340             :  * region the process is about to write out have finished. You could simply
     341             :  * wait for all currently in-progress insertions to finish, but the
     342             :  * insertingAt indicator allows you to ignore insertions to later in the WAL,
     343             :  * so that you only wait for the insertions that are modifying the buffers
     344             :  * you're about to write out.
     345             :  *
     346             :  * This isn't just an optimization. If all the WAL buffers are dirty, an
     347             :  * inserter that's holding a WAL insert lock might need to evict an old WAL
     348             :  * buffer, which requires flushing the WAL. If it's possible for an inserter
     349             :  * to block on another inserter unnecessarily, deadlock can arise when two
     350             :  * inserters holding a WAL insert lock wait for each other to finish their
     351             :  * insertion.
     352             :  *
     353             :  * Small WAL records that don't cross a page boundary never update the value,
     354             :  * the WAL record is just copied to the page and the lock is released. But
     355             :  * to avoid the deadlock-scenario explained above, the indicator is always
     356             :  * updated before sleeping while holding an insertion lock.
     357             :  *
     358             :  * lastImportantAt contains the LSN of the last important WAL record inserted
     359             :  * using a given lock. This value is used to detect if there has been
     360             :  * important WAL activity since the last time some action, like a checkpoint,
     361             :  * was performed - allowing to not repeat the action if not. The LSN is
     362             :  * updated for all insertions, unless the XLOG_MARK_UNIMPORTANT flag was
     363             :  * set. lastImportantAt is never cleared, only overwritten by the LSN of newer
     364             :  * records.  Tracking the WAL activity directly in WALInsertLock has the
     365             :  * advantage of not needing any additional locks to update the value.
     366             :  */
     367             : typedef struct
     368             : {
     369             :     LWLock      lock;
     370             :     pg_atomic_uint64 insertingAt;
     371             :     XLogRecPtr  lastImportantAt;
     372             : } WALInsertLock;
     373             : 
     374             : /*
     375             :  * All the WAL insertion locks are allocated as an array in shared memory. We
     376             :  * force the array stride to be a power of 2, which saves a few cycles in
     377             :  * indexing, but more importantly also ensures that individual slots don't
     378             :  * cross cache line boundaries. (Of course, we have to also ensure that the
     379             :  * array start address is suitably aligned.)
     380             :  */
     381             : typedef union WALInsertLockPadded
     382             : {
     383             :     WALInsertLock l;
     384             :     char        pad[PG_CACHE_LINE_SIZE];
     385             : } WALInsertLockPadded;
     386             : 
     387             : /*
     388             :  * Session status of running backup, used for sanity checks in SQL-callable
     389             :  * functions to start and stop backups.
     390             :  */
     391             : static SessionBackupState sessionBackupState = SESSION_BACKUP_NONE;
     392             : 
     393             : /*
     394             :  * Shared state data for WAL insertion.
     395             :  */
     396             : typedef struct XLogCtlInsert
     397             : {
     398             :     slock_t     insertpos_lck;  /* protects CurrBytePos and PrevBytePos */
     399             : 
     400             :     /*
     401             :      * CurrBytePos is the end of reserved WAL. The next record will be
     402             :      * inserted at that position. PrevBytePos is the start position of the
     403             :      * previously inserted (or rather, reserved) record - it is copied to the
     404             :      * prev-link of the next record. These are stored as "usable byte
     405             :      * positions" rather than XLogRecPtrs (see XLogBytePosToRecPtr()).
     406             :      */
     407             :     uint64      CurrBytePos;
     408             :     uint64      PrevBytePos;
     409             : 
     410             :     /*
     411             :      * Make sure the above heavily-contended spinlock and byte positions are
     412             :      * on their own cache line. In particular, the RedoRecPtr and full page
     413             :      * write variables below should be on a different cache line. They are
     414             :      * read on every WAL insertion, but updated rarely, and we don't want
     415             :      * those reads to steal the cache line containing Curr/PrevBytePos.
     416             :      */
     417             :     char        pad[PG_CACHE_LINE_SIZE];
     418             : 
     419             :     /*
     420             :      * fullPageWrites is the authoritative value used by all backends to
     421             :      * determine whether to write full-page image to WAL. This shared value,
     422             :      * instead of the process-local fullPageWrites, is required because, when
     423             :      * full_page_writes is changed by SIGHUP, we must WAL-log it before it
     424             :      * actually affects WAL-logging by backends.  Checkpointer sets at startup
     425             :      * or after SIGHUP.
     426             :      *
     427             :      * To read these fields, you must hold an insertion lock. To modify them,
     428             :      * you must hold ALL the locks.
     429             :      */
     430             :     XLogRecPtr  RedoRecPtr;     /* current redo point for insertions */
     431             :     bool        fullPageWrites;
     432             : 
     433             :     /*
     434             :      * runningBackups is a counter indicating the number of backups currently
     435             :      * in progress. lastBackupStart is the latest checkpoint redo location
     436             :      * used as a starting point for an online backup.
     437             :      */
     438             :     int         runningBackups;
     439             :     XLogRecPtr  lastBackupStart;
     440             : 
     441             :     /*
     442             :      * WAL insertion locks.
     443             :      */
     444             :     WALInsertLockPadded *WALInsertLocks;
     445             : } XLogCtlInsert;
     446             : 
     447             : /*
     448             :  * Total shared-memory state for XLOG.
     449             :  */
     450             : typedef struct XLogCtlData
     451             : {
     452             :     XLogCtlInsert Insert;
     453             : 
     454             :     /* Protected by info_lck: */
     455             :     XLogwrtRqst LogwrtRqst;
     456             :     XLogRecPtr  RedoRecPtr;     /* a recent copy of Insert->RedoRecPtr */
     457             :     FullTransactionId ckptFullXid;  /* nextXid of latest checkpoint */
     458             :     XLogRecPtr  asyncXactLSN;   /* LSN of newest async commit/abort */
     459             :     XLogRecPtr  replicationSlotMinLSN;  /* oldest LSN needed by any slot */
     460             : 
     461             :     XLogSegNo   lastRemovedSegNo;   /* latest removed/recycled XLOG segment */
     462             : 
     463             :     /* Fake LSN counter, for unlogged relations. */
     464             :     pg_atomic_uint64 unloggedLSN;
     465             : 
     466             :     /* Time and LSN of last xlog segment switch. Protected by WALWriteLock. */
     467             :     pg_time_t   lastSegSwitchTime;
     468             :     XLogRecPtr  lastSegSwitchLSN;
     469             : 
     470             :     /* These are accessed using atomics -- info_lck not needed */
     471             :     pg_atomic_uint64 logInsertResult;   /* last byte + 1 inserted to buffers */
     472             :     pg_atomic_uint64 logWriteResult;    /* last byte + 1 written out */
     473             :     pg_atomic_uint64 logFlushResult;    /* last byte + 1 flushed */
     474             : 
     475             :     /*
     476             :      * Latest initialized page in the cache (last byte position + 1).
     477             :      *
     478             :      * To change the identity of a buffer (and InitializedUpTo), you need to
     479             :      * hold WALBufMappingLock.  To change the identity of a buffer that's
     480             :      * still dirty, the old page needs to be written out first, and for that
     481             :      * you need WALWriteLock, and you need to ensure that there are no
     482             :      * in-progress insertions to the page by calling
     483             :      * WaitXLogInsertionsToFinish().
     484             :      */
     485             :     XLogRecPtr  InitializedUpTo;
     486             : 
     487             :     /*
     488             :      * These values do not change after startup, although the pointed-to pages
     489             :      * and xlblocks values certainly do.  xlblocks values are protected by
     490             :      * WALBufMappingLock.
     491             :      */
     492             :     char       *pages;          /* buffers for unwritten XLOG pages */
     493             :     pg_atomic_uint64 *xlblocks; /* 1st byte ptr-s + XLOG_BLCKSZ */
     494             :     int         XLogCacheBlck;  /* highest allocated xlog buffer index */
     495             : 
     496             :     /*
     497             :      * InsertTimeLineID is the timeline into which new WAL is being inserted
     498             :      * and flushed. It is zero during recovery, and does not change once set.
     499             :      *
     500             :      * If we create a new timeline when the system was started up,
     501             :      * PrevTimeLineID is the old timeline's ID that we forked off from.
     502             :      * Otherwise it's equal to InsertTimeLineID.
     503             :      *
     504             :      * We set these fields while holding info_lck. Most that reads these
     505             :      * values knows that recovery is no longer in progress and so can safely
     506             :      * read the value without a lock, but code that could be run either during
     507             :      * or after recovery can take info_lck while reading these values.
     508             :      */
     509             :     TimeLineID  InsertTimeLineID;
     510             :     TimeLineID  PrevTimeLineID;
     511             : 
     512             :     /*
     513             :      * SharedRecoveryState indicates if we're still in crash or archive
     514             :      * recovery.  Protected by info_lck.
     515             :      */
     516             :     RecoveryState SharedRecoveryState;
     517             : 
     518             :     /*
     519             :      * InstallXLogFileSegmentActive indicates whether the checkpointer should
     520             :      * arrange for future segments by recycling and/or PreallocXlogFiles().
     521             :      * Protected by ControlFileLock.  Only the startup process changes it.  If
     522             :      * true, anyone can use InstallXLogFileSegment().  If false, the startup
     523             :      * process owns the exclusive right to install segments, by reading from
     524             :      * the archive and possibly replacing existing files.
     525             :      */
     526             :     bool        InstallXLogFileSegmentActive;
     527             : 
     528             :     /*
     529             :      * WalWriterSleeping indicates whether the WAL writer is currently in
     530             :      * low-power mode (and hence should be nudged if an async commit occurs).
     531             :      * Protected by info_lck.
     532             :      */
     533             :     bool        WalWriterSleeping;
     534             : 
     535             :     /*
     536             :      * During recovery, we keep a copy of the latest checkpoint record here.
     537             :      * lastCheckPointRecPtr points to start of checkpoint record and
     538             :      * lastCheckPointEndPtr points to end+1 of checkpoint record.  Used by the
     539             :      * checkpointer when it wants to create a restartpoint.
     540             :      *
     541             :      * Protected by info_lck.
     542             :      */
     543             :     XLogRecPtr  lastCheckPointRecPtr;
     544             :     XLogRecPtr  lastCheckPointEndPtr;
     545             :     CheckPoint  lastCheckPoint;
     546             : 
     547             :     /*
     548             :      * lastFpwDisableRecPtr points to the start of the last replayed
     549             :      * XLOG_FPW_CHANGE record that instructs full_page_writes is disabled.
     550             :      */
     551             :     XLogRecPtr  lastFpwDisableRecPtr;
     552             : 
     553             :     slock_t     info_lck;       /* locks shared variables shown above */
     554             : } XLogCtlData;
     555             : 
     556             : /*
     557             :  * Classification of XLogRecordInsert operations.
     558             :  */
     559             : typedef enum
     560             : {
     561             :     WALINSERT_NORMAL,
     562             :     WALINSERT_SPECIAL_SWITCH,
     563             :     WALINSERT_SPECIAL_CHECKPOINT
     564             : } WalInsertClass;
     565             : 
     566             : static XLogCtlData *XLogCtl = NULL;
     567             : 
     568             : /* a private copy of XLogCtl->Insert.WALInsertLocks, for convenience */
     569             : static WALInsertLockPadded *WALInsertLocks = NULL;
     570             : 
     571             : /*
     572             :  * We maintain an image of pg_control in shared memory.
     573             :  */
     574             : static ControlFileData *ControlFile = NULL;
     575             : 
     576             : /*
     577             :  * Calculate the amount of space left on the page after 'endptr'. Beware
     578             :  * multiple evaluation!
     579             :  */
     580             : #define INSERT_FREESPACE(endptr)    \
     581             :     (((endptr) % XLOG_BLCKSZ == 0) ? 0 : (XLOG_BLCKSZ - (endptr) % XLOG_BLCKSZ))
     582             : 
     583             : /* Macro to advance to next buffer index. */
     584             : #define NextBufIdx(idx)     \
     585             :         (((idx) == XLogCtl->XLogCacheBlck) ? 0 : ((idx) + 1))
     586             : 
     587             : /*
     588             :  * XLogRecPtrToBufIdx returns the index of the WAL buffer that holds, or
     589             :  * would hold if it was in cache, the page containing 'recptr'.
     590             :  */
     591             : #define XLogRecPtrToBufIdx(recptr)  \
     592             :     (((recptr) / XLOG_BLCKSZ) % (XLogCtl->XLogCacheBlck + 1))
     593             : 
     594             : /*
     595             :  * These are the number of bytes in a WAL page usable for WAL data.
     596             :  */
     597             : #define UsableBytesInPage (XLOG_BLCKSZ - SizeOfXLogShortPHD)
     598             : 
     599             : /*
     600             :  * Convert values of GUCs measured in megabytes to equiv. segment count.
     601             :  * Rounds down.
     602             :  */
     603             : #define ConvertToXSegs(x, segsize)  XLogMBVarToSegs((x), (segsize))
     604             : 
     605             : /* The number of bytes in a WAL segment usable for WAL data. */
     606             : static int  UsableBytesInSegment;
     607             : 
     608             : /*
     609             :  * Private, possibly out-of-date copy of shared LogwrtResult.
     610             :  * See discussion above.
     611             :  */
     612             : static XLogwrtResult LogwrtResult = {0, 0};
     613             : 
     614             : /*
     615             :  * Update local copy of shared XLogCtl->log{Write,Flush}Result
     616             :  *
     617             :  * It's critical that Flush always trails Write, so the order of the reads is
     618             :  * important, as is the barrier.  See also XLogWrite.
     619             :  */
     620             : #define RefreshXLogWriteResult(_target) \
     621             :     do { \
     622             :         _target.Flush = pg_atomic_read_u64(&XLogCtl->logFlushResult); \
     623             :         pg_read_barrier(); \
     624             :         _target.Write = pg_atomic_read_u64(&XLogCtl->logWriteResult); \
     625             :     } while (0)
     626             : 
     627             : /*
     628             :  * openLogFile is -1 or a kernel FD for an open log file segment.
     629             :  * openLogSegNo identifies the segment, and openLogTLI the corresponding TLI.
     630             :  * These variables are only used to write the XLOG, and so will normally refer
     631             :  * to the active segment.
     632             :  *
     633             :  * Note: call Reserve/ReleaseExternalFD to track consumption of this FD.
     634             :  */
     635             : static int  openLogFile = -1;
     636             : static XLogSegNo openLogSegNo = 0;
     637             : static TimeLineID openLogTLI = 0;
     638             : 
     639             : /*
     640             :  * Local copies of equivalent fields in the control file.  When running
     641             :  * crash recovery, LocalMinRecoveryPoint is set to InvalidXLogRecPtr as we
     642             :  * expect to replay all the WAL available, and updateMinRecoveryPoint is
     643             :  * switched to false to prevent any updates while replaying records.
     644             :  * Those values are kept consistent as long as crash recovery runs.
     645             :  */
     646             : static XLogRecPtr LocalMinRecoveryPoint;
     647             : static TimeLineID LocalMinRecoveryPointTLI;
     648             : static bool updateMinRecoveryPoint = true;
     649             : 
     650             : /* For WALInsertLockAcquire/Release functions */
     651             : static int  MyLockNo = 0;
     652             : static bool holdingAllLocks = false;
     653             : 
     654             : #ifdef WAL_DEBUG
     655             : static MemoryContext walDebugCxt = NULL;
     656             : #endif
     657             : 
     658             : static void CleanupAfterArchiveRecovery(TimeLineID EndOfLogTLI,
     659             :                                         XLogRecPtr EndOfLog,
     660             :                                         TimeLineID newTLI);
     661             : static void CheckRequiredParameterValues(void);
     662             : static void XLogReportParameters(void);
     663             : static int  LocalSetXLogInsertAllowed(void);
     664             : static void CreateEndOfRecoveryRecord(void);
     665             : static XLogRecPtr CreateOverwriteContrecordRecord(XLogRecPtr aborted_lsn,
     666             :                                                   XLogRecPtr pagePtr,
     667             :                                                   TimeLineID newTLI);
     668             : static void CheckPointGuts(XLogRecPtr checkPointRedo, int flags);
     669             : static void KeepLogSeg(XLogRecPtr recptr, XLogSegNo *logSegNo);
     670             : static XLogRecPtr XLogGetReplicationSlotMinimumLSN(void);
     671             : 
     672             : static void AdvanceXLInsertBuffer(XLogRecPtr upto, TimeLineID tli,
     673             :                                   bool opportunistic);
     674             : static void XLogWrite(XLogwrtRqst WriteRqst, TimeLineID tli, bool flexible);
     675             : static bool InstallXLogFileSegment(XLogSegNo *segno, char *tmppath,
     676             :                                    bool find_free, XLogSegNo max_segno,
     677             :                                    TimeLineID tli);
     678             : static void XLogFileClose(void);
     679             : static void PreallocXlogFiles(XLogRecPtr endptr, TimeLineID tli);
     680             : static void RemoveTempXlogFiles(void);
     681             : static void RemoveOldXlogFiles(XLogSegNo segno, XLogRecPtr lastredoptr,
     682             :                                XLogRecPtr endptr, TimeLineID insertTLI);
     683             : static void RemoveXlogFile(const struct dirent *segment_de,
     684             :                            XLogSegNo recycleSegNo, XLogSegNo *endlogSegNo,
     685             :                            TimeLineID insertTLI);
     686             : static void UpdateLastRemovedPtr(char *filename);
     687             : static void ValidateXLOGDirectoryStructure(void);
     688             : static void CleanupBackupHistory(void);
     689             : static void UpdateMinRecoveryPoint(XLogRecPtr lsn, bool force);
     690             : static bool PerformRecoveryXLogAction(void);
     691             : static void InitControlFile(uint64 sysidentifier, uint32 data_checksum_version);
     692             : static void WriteControlFile(void);
     693             : static void ReadControlFile(void);
     694             : static void UpdateControlFile(void);
     695             : static char *str_time(pg_time_t tnow);
     696             : 
     697             : static int  get_sync_bit(int method);
     698             : 
     699             : static void CopyXLogRecordToWAL(int write_len, bool isLogSwitch,
     700             :                                 XLogRecData *rdata,
     701             :                                 XLogRecPtr StartPos, XLogRecPtr EndPos,
     702             :                                 TimeLineID tli);
     703             : static void ReserveXLogInsertLocation(int size, XLogRecPtr *StartPos,
     704             :                                       XLogRecPtr *EndPos, XLogRecPtr *PrevPtr);
     705             : static bool ReserveXLogSwitch(XLogRecPtr *StartPos, XLogRecPtr *EndPos,
     706             :                               XLogRecPtr *PrevPtr);
     707             : static XLogRecPtr WaitXLogInsertionsToFinish(XLogRecPtr upto);
     708             : static char *GetXLogBuffer(XLogRecPtr ptr, TimeLineID tli);
     709             : static XLogRecPtr XLogBytePosToRecPtr(uint64 bytepos);
     710             : static XLogRecPtr XLogBytePosToEndRecPtr(uint64 bytepos);
     711             : static uint64 XLogRecPtrToBytePos(XLogRecPtr ptr);
     712             : 
     713             : static void WALInsertLockAcquire(void);
     714             : static void WALInsertLockAcquireExclusive(void);
     715             : static void WALInsertLockRelease(void);
     716             : static void WALInsertLockUpdateInsertingAt(XLogRecPtr insertingAt);
     717             : 
     718             : /*
     719             :  * Insert an XLOG record represented by an already-constructed chain of data
     720             :  * chunks.  This is a low-level routine; to construct the WAL record header
     721             :  * and data, use the higher-level routines in xloginsert.c.
     722             :  *
     723             :  * If 'fpw_lsn' is valid, it is the oldest LSN among the pages that this
     724             :  * WAL record applies to, that were not included in the record as full page
     725             :  * images.  If fpw_lsn <= RedoRecPtr, the function does not perform the
     726             :  * insertion and returns InvalidXLogRecPtr.  The caller can then recalculate
     727             :  * which pages need a full-page image, and retry.  If fpw_lsn is invalid, the
     728             :  * record is always inserted.
     729             :  *
     730             :  * 'flags' gives more in-depth control on the record being inserted. See
     731             :  * XLogSetRecordFlags() for details.
     732             :  *
     733             :  * 'topxid_included' tells whether the top-transaction id is logged along with
     734             :  * current subtransaction. See XLogRecordAssemble().
     735             :  *
     736             :  * The first XLogRecData in the chain must be for the record header, and its
     737             :  * data must be MAXALIGNed.  XLogInsertRecord fills in the xl_prev and
     738             :  * xl_crc fields in the header, the rest of the header must already be filled
     739             :  * by the caller.
     740             :  *
     741             :  * Returns XLOG pointer to end of record (beginning of next record).
     742             :  * This can be used as LSN for data pages affected by the logged action.
     743             :  * (LSN is the XLOG point up to which the XLOG must be flushed to disk
     744             :  * before the data page can be written out.  This implements the basic
     745             :  * WAL rule "write the log before the data".)
     746             :  */
     747             : XLogRecPtr
     748    27699216 : XLogInsertRecord(XLogRecData *rdata,
     749             :                  XLogRecPtr fpw_lsn,
     750             :                  uint8 flags,
     751             :                  int num_fpi,
     752             :                  bool topxid_included)
     753             : {
     754    27699216 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
     755             :     pg_crc32c   rdata_crc;
     756             :     bool        inserted;
     757    27699216 :     XLogRecord *rechdr = (XLogRecord *) rdata->data;
     758    27699216 :     uint8       info = rechdr->xl_info & ~XLR_INFO_MASK;
     759    27699216 :     WalInsertClass class = WALINSERT_NORMAL;
     760             :     XLogRecPtr  StartPos;
     761             :     XLogRecPtr  EndPos;
     762    27699216 :     bool        prevDoPageWrites = doPageWrites;
     763             :     TimeLineID  insertTLI;
     764             : 
     765             :     /* Does this record type require special handling? */
     766    27699216 :     if (unlikely(rechdr->xl_rmid == RM_XLOG_ID))
     767             :     {
     768      400384 :         if (info == XLOG_SWITCH)
     769         736 :             class = WALINSERT_SPECIAL_SWITCH;
     770      399648 :         else if (info == XLOG_CHECKPOINT_REDO)
     771        1056 :             class = WALINSERT_SPECIAL_CHECKPOINT;
     772             :     }
     773             : 
     774             :     /* we assume that all of the record header is in the first chunk */
     775             :     Assert(rdata->len >= SizeOfXLogRecord);
     776             : 
     777             :     /* cross-check on whether we should be here or not */
     778    27699216 :     if (!XLogInsertAllowed())
     779           0 :         elog(ERROR, "cannot make new WAL entries during recovery");
     780             : 
     781             :     /*
     782             :      * Given that we're not in recovery, InsertTimeLineID is set and can't
     783             :      * change, so we can read it without a lock.
     784             :      */
     785    27699216 :     insertTLI = XLogCtl->InsertTimeLineID;
     786             : 
     787             :     /*----------
     788             :      *
     789             :      * We have now done all the preparatory work we can without holding a
     790             :      * lock or modifying shared state. From here on, inserting the new WAL
     791             :      * record to the shared WAL buffer cache is a two-step process:
     792             :      *
     793             :      * 1. Reserve the right amount of space from the WAL. The current head of
     794             :      *    reserved space is kept in Insert->CurrBytePos, and is protected by
     795             :      *    insertpos_lck.
     796             :      *
     797             :      * 2. Copy the record to the reserved WAL space. This involves finding the
     798             :      *    correct WAL buffer containing the reserved space, and copying the
     799             :      *    record in place. This can be done concurrently in multiple processes.
     800             :      *
     801             :      * To keep track of which insertions are still in-progress, each concurrent
     802             :      * inserter acquires an insertion lock. In addition to just indicating that
     803             :      * an insertion is in progress, the lock tells others how far the inserter
     804             :      * has progressed. There is a small fixed number of insertion locks,
     805             :      * determined by NUM_XLOGINSERT_LOCKS. When an inserter crosses a page
     806             :      * boundary, it updates the value stored in the lock to the how far it has
     807             :      * inserted, to allow the previous buffer to be flushed.
     808             :      *
     809             :      * Holding onto an insertion lock also protects RedoRecPtr and
     810             :      * fullPageWrites from changing until the insertion is finished.
     811             :      *
     812             :      * Step 2 can usually be done completely in parallel. If the required WAL
     813             :      * page is not initialized yet, you have to grab WALBufMappingLock to
     814             :      * initialize it, but the WAL writer tries to do that ahead of insertions
     815             :      * to avoid that from happening in the critical path.
     816             :      *
     817             :      *----------
     818             :      */
     819    27699216 :     START_CRIT_SECTION();
     820             : 
     821    27699216 :     if (likely(class == WALINSERT_NORMAL))
     822             :     {
     823    27697424 :         WALInsertLockAcquire();
     824             : 
     825             :         /*
     826             :          * Check to see if my copy of RedoRecPtr is out of date. If so, may
     827             :          * have to go back and have the caller recompute everything. This can
     828             :          * only happen just after a checkpoint, so it's better to be slow in
     829             :          * this case and fast otherwise.
     830             :          *
     831             :          * Also check to see if fullPageWrites was just turned on or there's a
     832             :          * running backup (which forces full-page writes); if we weren't
     833             :          * already doing full-page writes then go back and recompute.
     834             :          *
     835             :          * If we aren't doing full-page writes then RedoRecPtr doesn't
     836             :          * actually affect the contents of the XLOG record, so we'll update
     837             :          * our local copy but not force a recomputation.  (If doPageWrites was
     838             :          * just turned off, we could recompute the record without full pages,
     839             :          * but we choose not to bother.)
     840             :          */
     841    27697424 :         if (RedoRecPtr != Insert->RedoRecPtr)
     842             :         {
     843             :             Assert(RedoRecPtr < Insert->RedoRecPtr);
     844       12272 :             RedoRecPtr = Insert->RedoRecPtr;
     845             :         }
     846    27697424 :         doPageWrites = (Insert->fullPageWrites || Insert->runningBackups > 0);
     847             : 
     848    27697424 :         if (doPageWrites &&
     849    27289762 :             (!prevDoPageWrites ||
     850    25065278 :              (fpw_lsn != InvalidXLogRecPtr && fpw_lsn <= RedoRecPtr)))
     851             :         {
     852             :             /*
     853             :              * Oops, some buffer now needs to be backed up that the caller
     854             :              * didn't back up.  Start over.
     855             :              */
     856       13710 :             WALInsertLockRelease();
     857       13710 :             END_CRIT_SECTION();
     858       13710 :             return InvalidXLogRecPtr;
     859             :         }
     860             : 
     861             :         /*
     862             :          * Reserve space for the record in the WAL. This also sets the xl_prev
     863             :          * pointer.
     864             :          */
     865    27683714 :         ReserveXLogInsertLocation(rechdr->xl_tot_len, &StartPos, &EndPos,
     866             :                                   &rechdr->xl_prev);
     867             : 
     868             :         /* Normal records are always inserted. */
     869    27683714 :         inserted = true;
     870             :     }
     871        1792 :     else if (class == WALINSERT_SPECIAL_SWITCH)
     872             :     {
     873             :         /*
     874             :          * In order to insert an XLOG_SWITCH record, we need to hold all of
     875             :          * the WAL insertion locks, not just one, so that no one else can
     876             :          * begin inserting a record until we've figured out how much space
     877             :          * remains in the current WAL segment and claimed all of it.
     878             :          *
     879             :          * Nonetheless, this case is simpler than the normal cases handled
     880             :          * below, which must check for changes in doPageWrites and RedoRecPtr.
     881             :          * Those checks are only needed for records that can contain buffer
     882             :          * references, and an XLOG_SWITCH record never does.
     883             :          */
     884             :         Assert(fpw_lsn == InvalidXLogRecPtr);
     885         736 :         WALInsertLockAcquireExclusive();
     886         736 :         inserted = ReserveXLogSwitch(&StartPos, &EndPos, &rechdr->xl_prev);
     887             :     }
     888             :     else
     889             :     {
     890             :         Assert(class == WALINSERT_SPECIAL_CHECKPOINT);
     891             : 
     892             :         /*
     893             :          * We need to update both the local and shared copies of RedoRecPtr,
     894             :          * which means that we need to hold all the WAL insertion locks.
     895             :          * However, there can't be any buffer references, so as above, we need
     896             :          * not check RedoRecPtr before inserting the record; we just need to
     897             :          * update it afterwards.
     898             :          */
     899             :         Assert(fpw_lsn == InvalidXLogRecPtr);
     900        1056 :         WALInsertLockAcquireExclusive();
     901        1056 :         ReserveXLogInsertLocation(rechdr->xl_tot_len, &StartPos, &EndPos,
     902             :                                   &rechdr->xl_prev);
     903        1056 :         RedoRecPtr = Insert->RedoRecPtr = StartPos;
     904        1056 :         inserted = true;
     905             :     }
     906             : 
     907    27685506 :     if (inserted)
     908             :     {
     909             :         /*
     910             :          * Now that xl_prev has been filled in, calculate CRC of the record
     911             :          * header.
     912             :          */
     913    27685392 :         rdata_crc = rechdr->xl_crc;
     914    27685392 :         COMP_CRC32C(rdata_crc, rechdr, offsetof(XLogRecord, xl_crc));
     915    27685392 :         FIN_CRC32C(rdata_crc);
     916    27685392 :         rechdr->xl_crc = rdata_crc;
     917             : 
     918             :         /*
     919             :          * All the record data, including the header, is now ready to be
     920             :          * inserted. Copy the record in the space reserved.
     921             :          */
     922    27685392 :         CopyXLogRecordToWAL(rechdr->xl_tot_len,
     923             :                             class == WALINSERT_SPECIAL_SWITCH, rdata,
     924             :                             StartPos, EndPos, insertTLI);
     925             : 
     926             :         /*
     927             :          * Unless record is flagged as not important, update LSN of last
     928             :          * important record in the current slot. When holding all locks, just
     929             :          * update the first one.
     930             :          */
     931    27685392 :         if ((flags & XLOG_MARK_UNIMPORTANT) == 0)
     932             :         {
     933    27517178 :             int         lockno = holdingAllLocks ? 0 : MyLockNo;
     934             : 
     935    27517178 :             WALInsertLocks[lockno].l.lastImportantAt = StartPos;
     936             :         }
     937             :     }
     938             :     else
     939             :     {
     940             :         /*
     941             :          * This was an xlog-switch record, but the current insert location was
     942             :          * already exactly at the beginning of a segment, so there was no need
     943             :          * to do anything.
     944             :          */
     945             :     }
     946             : 
     947             :     /*
     948             :      * Done! Let others know that we're finished.
     949             :      */
     950    27685506 :     WALInsertLockRelease();
     951             : 
     952    27685506 :     END_CRIT_SECTION();
     953             : 
     954    27685506 :     MarkCurrentTransactionIdLoggedIfAny();
     955             : 
     956             :     /*
     957             :      * Mark top transaction id is logged (if needed) so that we should not try
     958             :      * to log it again with the next WAL record in the current subtransaction.
     959             :      */
     960    27685506 :     if (topxid_included)
     961         438 :         MarkSubxactTopXidLogged();
     962             : 
     963             :     /*
     964             :      * Update shared LogwrtRqst.Write, if we crossed page boundary.
     965             :      */
     966    27685506 :     if (StartPos / XLOG_BLCKSZ != EndPos / XLOG_BLCKSZ)
     967             :     {
     968     3158366 :         SpinLockAcquire(&XLogCtl->info_lck);
     969             :         /* advance global request to include new block(s) */
     970     3158366 :         if (XLogCtl->LogwrtRqst.Write < EndPos)
     971     3011004 :             XLogCtl->LogwrtRqst.Write = EndPos;
     972     3158366 :         SpinLockRelease(&XLogCtl->info_lck);
     973     3158366 :         RefreshXLogWriteResult(LogwrtResult);
     974             :     }
     975             : 
     976             :     /*
     977             :      * If this was an XLOG_SWITCH record, flush the record and the empty
     978             :      * padding space that fills the rest of the segment, and perform
     979             :      * end-of-segment actions (eg, notifying archiver).
     980             :      */
     981    27685506 :     if (class == WALINSERT_SPECIAL_SWITCH)
     982             :     {
     983             :         TRACE_POSTGRESQL_WAL_SWITCH();
     984         736 :         XLogFlush(EndPos);
     985             : 
     986             :         /*
     987             :          * Even though we reserved the rest of the segment for us, which is
     988             :          * reflected in EndPos, we return a pointer to just the end of the
     989             :          * xlog-switch record.
     990             :          */
     991         736 :         if (inserted)
     992             :         {
     993         622 :             EndPos = StartPos + SizeOfXLogRecord;
     994         622 :             if (StartPos / XLOG_BLCKSZ != EndPos / XLOG_BLCKSZ)
     995             :             {
     996           4 :                 uint64      offset = XLogSegmentOffset(EndPos, wal_segment_size);
     997             : 
     998           4 :                 if (offset == EndPos % XLOG_BLCKSZ)
     999           0 :                     EndPos += SizeOfXLogLongPHD;
    1000             :                 else
    1001           4 :                     EndPos += SizeOfXLogShortPHD;
    1002             :             }
    1003             :         }
    1004             :     }
    1005             : 
    1006             : #ifdef WAL_DEBUG
    1007             :     if (XLOG_DEBUG)
    1008             :     {
    1009             :         static XLogReaderState *debug_reader = NULL;
    1010             :         XLogRecord *record;
    1011             :         DecodedXLogRecord *decoded;
    1012             :         StringInfoData buf;
    1013             :         StringInfoData recordBuf;
    1014             :         char       *errormsg = NULL;
    1015             :         MemoryContext oldCxt;
    1016             : 
    1017             :         oldCxt = MemoryContextSwitchTo(walDebugCxt);
    1018             : 
    1019             :         initStringInfo(&buf);
    1020             :         appendStringInfo(&buf, "INSERT @ %X/%X: ", LSN_FORMAT_ARGS(EndPos));
    1021             : 
    1022             :         /*
    1023             :          * We have to piece together the WAL record data from the XLogRecData
    1024             :          * entries, so that we can pass it to the rm_desc function as one
    1025             :          * contiguous chunk.
    1026             :          */
    1027             :         initStringInfo(&recordBuf);
    1028             :         for (; rdata != NULL; rdata = rdata->next)
    1029             :             appendBinaryStringInfo(&recordBuf, rdata->data, rdata->len);
    1030             : 
    1031             :         /* We also need temporary space to decode the record. */
    1032             :         record = (XLogRecord *) recordBuf.data;
    1033             :         decoded = (DecodedXLogRecord *)
    1034             :             palloc(DecodeXLogRecordRequiredSpace(record->xl_tot_len));
    1035             : 
    1036             :         if (!debug_reader)
    1037             :             debug_reader = XLogReaderAllocate(wal_segment_size, NULL,
    1038             :                                               XL_ROUTINE(.page_read = NULL,
    1039             :                                                          .segment_open = NULL,
    1040             :                                                          .segment_close = NULL),
    1041             :                                               NULL);
    1042             :         if (!debug_reader)
    1043             :         {
    1044             :             appendStringInfoString(&buf, "error decoding record: out of memory while allocating a WAL reading processor");
    1045             :         }
    1046             :         else if (!DecodeXLogRecord(debug_reader,
    1047             :                                    decoded,
    1048             :                                    record,
    1049             :                                    EndPos,
    1050             :                                    &errormsg))
    1051             :         {
    1052             :             appendStringInfo(&buf, "error decoding record: %s",
    1053             :                              errormsg ? errormsg : "no error message");
    1054             :         }
    1055             :         else
    1056             :         {
    1057             :             appendStringInfoString(&buf, " - ");
    1058             : 
    1059             :             debug_reader->record = decoded;
    1060             :             xlog_outdesc(&buf, debug_reader);
    1061             :             debug_reader->record = NULL;
    1062             :         }
    1063             :         elog(LOG, "%s", buf.data);
    1064             : 
    1065             :         pfree(decoded);
    1066             :         pfree(buf.data);
    1067             :         pfree(recordBuf.data);
    1068             :         MemoryContextSwitchTo(oldCxt);
    1069             :     }
    1070             : #endif
    1071             : 
    1072             :     /*
    1073             :      * Update our global variables
    1074             :      */
    1075    27685506 :     ProcLastRecPtr = StartPos;
    1076    27685506 :     XactLastRecEnd = EndPos;
    1077             : 
    1078             :     /* Report WAL traffic to the instrumentation. */
    1079    27685506 :     if (inserted)
    1080             :     {
    1081    27685392 :         pgWalUsage.wal_bytes += rechdr->xl_tot_len;
    1082    27685392 :         pgWalUsage.wal_records++;
    1083    27685392 :         pgWalUsage.wal_fpi += num_fpi;
    1084             :     }
    1085             : 
    1086    27685506 :     return EndPos;
    1087             : }
    1088             : 
    1089             : /*
    1090             :  * Reserves the right amount of space for a record of given size from the WAL.
    1091             :  * *StartPos is set to the beginning of the reserved section, *EndPos to
    1092             :  * its end+1. *PrevPtr is set to the beginning of the previous record; it is
    1093             :  * used to set the xl_prev of this record.
    1094             :  *
    1095             :  * This is the performance critical part of XLogInsert that must be serialized
    1096             :  * across backends. The rest can happen mostly in parallel. Try to keep this
    1097             :  * section as short as possible, insertpos_lck can be heavily contended on a
    1098             :  * busy system.
    1099             :  *
    1100             :  * NB: The space calculation here must match the code in CopyXLogRecordToWAL,
    1101             :  * where we actually copy the record to the reserved space.
    1102             :  *
    1103             :  * NB: Testing shows that XLogInsertRecord runs faster if this code is inlined;
    1104             :  * however, because there are two call sites, the compiler is reluctant to
    1105             :  * inline. We use pg_attribute_always_inline here to try to convince it.
    1106             :  */
    1107             : static pg_attribute_always_inline void
    1108    27684770 : ReserveXLogInsertLocation(int size, XLogRecPtr *StartPos, XLogRecPtr *EndPos,
    1109             :                           XLogRecPtr *PrevPtr)
    1110             : {
    1111    27684770 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    1112             :     uint64      startbytepos;
    1113             :     uint64      endbytepos;
    1114             :     uint64      prevbytepos;
    1115             : 
    1116    27684770 :     size = MAXALIGN(size);
    1117             : 
    1118             :     /* All (non xlog-switch) records should contain data. */
    1119             :     Assert(size > SizeOfXLogRecord);
    1120             : 
    1121             :     /*
    1122             :      * The duration the spinlock needs to be held is minimized by minimizing
    1123             :      * the calculations that have to be done while holding the lock. The
    1124             :      * current tip of reserved WAL is kept in CurrBytePos, as a byte position
    1125             :      * that only counts "usable" bytes in WAL, that is, it excludes all WAL
    1126             :      * page headers. The mapping between "usable" byte positions and physical
    1127             :      * positions (XLogRecPtrs) can be done outside the locked region, and
    1128             :      * because the usable byte position doesn't include any headers, reserving
    1129             :      * X bytes from WAL is almost as simple as "CurrBytePos += X".
    1130             :      */
    1131    27684770 :     SpinLockAcquire(&Insert->insertpos_lck);
    1132             : 
    1133    27684770 :     startbytepos = Insert->CurrBytePos;
    1134    27684770 :     endbytepos = startbytepos + size;
    1135    27684770 :     prevbytepos = Insert->PrevBytePos;
    1136    27684770 :     Insert->CurrBytePos = endbytepos;
    1137    27684770 :     Insert->PrevBytePos = startbytepos;
    1138             : 
    1139    27684770 :     SpinLockRelease(&Insert->insertpos_lck);
    1140             : 
    1141    27684770 :     *StartPos = XLogBytePosToRecPtr(startbytepos);
    1142    27684770 :     *EndPos = XLogBytePosToEndRecPtr(endbytepos);
    1143    27684770 :     *PrevPtr = XLogBytePosToRecPtr(prevbytepos);
    1144             : 
    1145             :     /*
    1146             :      * Check that the conversions between "usable byte positions" and
    1147             :      * XLogRecPtrs work consistently in both directions.
    1148             :      */
    1149             :     Assert(XLogRecPtrToBytePos(*StartPos) == startbytepos);
    1150             :     Assert(XLogRecPtrToBytePos(*EndPos) == endbytepos);
    1151             :     Assert(XLogRecPtrToBytePos(*PrevPtr) == prevbytepos);
    1152    27684770 : }
    1153             : 
    1154             : /*
    1155             :  * Like ReserveXLogInsertLocation(), but for an xlog-switch record.
    1156             :  *
    1157             :  * A log-switch record is handled slightly differently. The rest of the
    1158             :  * segment will be reserved for this insertion, as indicated by the returned
    1159             :  * *EndPos value. However, if we are already at the beginning of the current
    1160             :  * segment, *StartPos and *EndPos are set to the current location without
    1161             :  * reserving any space, and the function returns false.
    1162             : */
    1163             : static bool
    1164         736 : ReserveXLogSwitch(XLogRecPtr *StartPos, XLogRecPtr *EndPos, XLogRecPtr *PrevPtr)
    1165             : {
    1166         736 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    1167             :     uint64      startbytepos;
    1168             :     uint64      endbytepos;
    1169             :     uint64      prevbytepos;
    1170         736 :     uint32      size = MAXALIGN(SizeOfXLogRecord);
    1171             :     XLogRecPtr  ptr;
    1172             :     uint32      segleft;
    1173             : 
    1174             :     /*
    1175             :      * These calculations are a bit heavy-weight to be done while holding a
    1176             :      * spinlock, but since we're holding all the WAL insertion locks, there
    1177             :      * are no other inserters competing for it. GetXLogInsertRecPtr() does
    1178             :      * compete for it, but that's not called very frequently.
    1179             :      */
    1180         736 :     SpinLockAcquire(&Insert->insertpos_lck);
    1181             : 
    1182         736 :     startbytepos = Insert->CurrBytePos;
    1183             : 
    1184         736 :     ptr = XLogBytePosToEndRecPtr(startbytepos);
    1185         736 :     if (XLogSegmentOffset(ptr, wal_segment_size) == 0)
    1186             :     {
    1187         114 :         SpinLockRelease(&Insert->insertpos_lck);
    1188         114 :         *EndPos = *StartPos = ptr;
    1189         114 :         return false;
    1190             :     }
    1191             : 
    1192         622 :     endbytepos = startbytepos + size;
    1193         622 :     prevbytepos = Insert->PrevBytePos;
    1194             : 
    1195         622 :     *StartPos = XLogBytePosToRecPtr(startbytepos);
    1196         622 :     *EndPos = XLogBytePosToEndRecPtr(endbytepos);
    1197             : 
    1198         622 :     segleft = wal_segment_size - XLogSegmentOffset(*EndPos, wal_segment_size);
    1199         622 :     if (segleft != wal_segment_size)
    1200             :     {
    1201             :         /* consume the rest of the segment */
    1202         622 :         *EndPos += segleft;
    1203         622 :         endbytepos = XLogRecPtrToBytePos(*EndPos);
    1204             :     }
    1205         622 :     Insert->CurrBytePos = endbytepos;
    1206         622 :     Insert->PrevBytePos = startbytepos;
    1207             : 
    1208         622 :     SpinLockRelease(&Insert->insertpos_lck);
    1209             : 
    1210         622 :     *PrevPtr = XLogBytePosToRecPtr(prevbytepos);
    1211             : 
    1212             :     Assert(XLogSegmentOffset(*EndPos, wal_segment_size) == 0);
    1213             :     Assert(XLogRecPtrToBytePos(*EndPos) == endbytepos);
    1214             :     Assert(XLogRecPtrToBytePos(*StartPos) == startbytepos);
    1215             :     Assert(XLogRecPtrToBytePos(*PrevPtr) == prevbytepos);
    1216             : 
    1217         622 :     return true;
    1218             : }
    1219             : 
    1220             : /*
    1221             :  * Subroutine of XLogInsertRecord.  Copies a WAL record to an already-reserved
    1222             :  * area in the WAL.
    1223             :  */
    1224             : static void
    1225    27685392 : CopyXLogRecordToWAL(int write_len, bool isLogSwitch, XLogRecData *rdata,
    1226             :                     XLogRecPtr StartPos, XLogRecPtr EndPos, TimeLineID tli)
    1227             : {
    1228             :     char       *currpos;
    1229             :     int         freespace;
    1230             :     int         written;
    1231             :     XLogRecPtr  CurrPos;
    1232             :     XLogPageHeader pagehdr;
    1233             : 
    1234             :     /*
    1235             :      * Get a pointer to the right place in the right WAL buffer to start
    1236             :      * inserting to.
    1237             :      */
    1238    27685392 :     CurrPos = StartPos;
    1239    27685392 :     currpos = GetXLogBuffer(CurrPos, tli);
    1240    27685392 :     freespace = INSERT_FREESPACE(CurrPos);
    1241             : 
    1242             :     /*
    1243             :      * there should be enough space for at least the first field (xl_tot_len)
    1244             :      * on this page.
    1245             :      */
    1246             :     Assert(freespace >= sizeof(uint32));
    1247             : 
    1248             :     /* Copy record data */
    1249    27685392 :     written = 0;
    1250   130752096 :     while (rdata != NULL)
    1251             :     {
    1252   103066704 :         const char *rdata_data = rdata->data;
    1253   103066704 :         int         rdata_len = rdata->len;
    1254             : 
    1255   106416900 :         while (rdata_len > freespace)
    1256             :         {
    1257             :             /*
    1258             :              * Write what fits on this page, and continue on the next page.
    1259             :              */
    1260             :             Assert(CurrPos % XLOG_BLCKSZ >= SizeOfXLogShortPHD || freespace == 0);
    1261     3350196 :             memcpy(currpos, rdata_data, freespace);
    1262     3350196 :             rdata_data += freespace;
    1263     3350196 :             rdata_len -= freespace;
    1264     3350196 :             written += freespace;
    1265     3350196 :             CurrPos += freespace;
    1266             : 
    1267             :             /*
    1268             :              * Get pointer to beginning of next page, and set the xlp_rem_len
    1269             :              * in the page header. Set XLP_FIRST_IS_CONTRECORD.
    1270             :              *
    1271             :              * It's safe to set the contrecord flag and xlp_rem_len without a
    1272             :              * lock on the page. All the other flags were already set when the
    1273             :              * page was initialized, in AdvanceXLInsertBuffer, and we're the
    1274             :              * only backend that needs to set the contrecord flag.
    1275             :              */
    1276     3350196 :             currpos = GetXLogBuffer(CurrPos, tli);
    1277     3350196 :             pagehdr = (XLogPageHeader) currpos;
    1278     3350196 :             pagehdr->xlp_rem_len = write_len - written;
    1279     3350196 :             pagehdr->xlp_info |= XLP_FIRST_IS_CONTRECORD;
    1280             : 
    1281             :             /* skip over the page header */
    1282     3350196 :             if (XLogSegmentOffset(CurrPos, wal_segment_size) == 0)
    1283             :             {
    1284        2234 :                 CurrPos += SizeOfXLogLongPHD;
    1285        2234 :                 currpos += SizeOfXLogLongPHD;
    1286             :             }
    1287             :             else
    1288             :             {
    1289     3347962 :                 CurrPos += SizeOfXLogShortPHD;
    1290     3347962 :                 currpos += SizeOfXLogShortPHD;
    1291             :             }
    1292     3350196 :             freespace = INSERT_FREESPACE(CurrPos);
    1293             :         }
    1294             : 
    1295             :         Assert(CurrPos % XLOG_BLCKSZ >= SizeOfXLogShortPHD || rdata_len == 0);
    1296   103066704 :         memcpy(currpos, rdata_data, rdata_len);
    1297   103066704 :         currpos += rdata_len;
    1298   103066704 :         CurrPos += rdata_len;
    1299   103066704 :         freespace -= rdata_len;
    1300   103066704 :         written += rdata_len;
    1301             : 
    1302   103066704 :         rdata = rdata->next;
    1303             :     }
    1304             :     Assert(written == write_len);
    1305             : 
    1306             :     /*
    1307             :      * If this was an xlog-switch, it's not enough to write the switch record,
    1308             :      * we also have to consume all the remaining space in the WAL segment.  We
    1309             :      * have already reserved that space, but we need to actually fill it.
    1310             :      */
    1311    27685392 :     if (isLogSwitch && XLogSegmentOffset(CurrPos, wal_segment_size) != 0)
    1312             :     {
    1313             :         /* An xlog-switch record doesn't contain any data besides the header */
    1314             :         Assert(write_len == SizeOfXLogRecord);
    1315             : 
    1316             :         /* Assert that we did reserve the right amount of space */
    1317             :         Assert(XLogSegmentOffset(EndPos, wal_segment_size) == 0);
    1318             : 
    1319             :         /* Use up all the remaining space on the current page */
    1320         622 :         CurrPos += freespace;
    1321             : 
    1322             :         /*
    1323             :          * Cause all remaining pages in the segment to be flushed, leaving the
    1324             :          * XLog position where it should be, at the start of the next segment.
    1325             :          * We do this one page at a time, to make sure we don't deadlock
    1326             :          * against ourselves if wal_buffers < wal_segment_size.
    1327             :          */
    1328      952576 :         while (CurrPos < EndPos)
    1329             :         {
    1330             :             /*
    1331             :              * The minimal action to flush the page would be to call
    1332             :              * WALInsertLockUpdateInsertingAt(CurrPos) followed by
    1333             :              * AdvanceXLInsertBuffer(...).  The page would be left initialized
    1334             :              * mostly to zeros, except for the page header (always the short
    1335             :              * variant, as this is never a segment's first page).
    1336             :              *
    1337             :              * The large vistas of zeros are good for compressibility, but the
    1338             :              * headers interrupting them every XLOG_BLCKSZ (with values that
    1339             :              * differ from page to page) are not.  The effect varies with
    1340             :              * compression tool, but bzip2 for instance compresses about an
    1341             :              * order of magnitude worse if those headers are left in place.
    1342             :              *
    1343             :              * Rather than complicating AdvanceXLInsertBuffer itself (which is
    1344             :              * called in heavily-loaded circumstances as well as this lightly-
    1345             :              * loaded one) with variant behavior, we just use GetXLogBuffer
    1346             :              * (which itself calls the two methods we need) to get the pointer
    1347             :              * and zero most of the page.  Then we just zero the page header.
    1348             :              */
    1349      951954 :             currpos = GetXLogBuffer(CurrPos, tli);
    1350     3807816 :             MemSet(currpos, 0, SizeOfXLogShortPHD);
    1351             : 
    1352      951954 :             CurrPos += XLOG_BLCKSZ;
    1353             :         }
    1354             :     }
    1355             :     else
    1356             :     {
    1357             :         /* Align the end position, so that the next record starts aligned */
    1358    27684770 :         CurrPos = MAXALIGN64(CurrPos);
    1359             :     }
    1360             : 
    1361    27685392 :     if (CurrPos != EndPos)
    1362           0 :         ereport(PANIC,
    1363             :                 errcode(ERRCODE_DATA_CORRUPTED),
    1364             :                 errmsg_internal("space reserved for WAL record does not match what was written"));
    1365    27685392 : }
    1366             : 
    1367             : /*
    1368             :  * Acquire a WAL insertion lock, for inserting to WAL.
    1369             :  */
    1370             : static void
    1371    27697446 : WALInsertLockAcquire(void)
    1372             : {
    1373             :     bool        immed;
    1374             : 
    1375             :     /*
    1376             :      * It doesn't matter which of the WAL insertion locks we acquire, so try
    1377             :      * the one we used last time.  If the system isn't particularly busy, it's
    1378             :      * a good bet that it's still available, and it's good to have some
    1379             :      * affinity to a particular lock so that you don't unnecessarily bounce
    1380             :      * cache lines between processes when there's no contention.
    1381             :      *
    1382             :      * If this is the first time through in this backend, pick a lock
    1383             :      * (semi-)randomly.  This allows the locks to be used evenly if you have a
    1384             :      * lot of very short connections.
    1385             :      */
    1386             :     static int  lockToTry = -1;
    1387             : 
    1388    27697446 :     if (lockToTry == -1)
    1389       14050 :         lockToTry = MyProcNumber % NUM_XLOGINSERT_LOCKS;
    1390    27697446 :     MyLockNo = lockToTry;
    1391             : 
    1392             :     /*
    1393             :      * The insertingAt value is initially set to 0, as we don't know our
    1394             :      * insert location yet.
    1395             :      */
    1396    27697446 :     immed = LWLockAcquire(&WALInsertLocks[MyLockNo].l.lock, LW_EXCLUSIVE);
    1397    27697446 :     if (!immed)
    1398             :     {
    1399             :         /*
    1400             :          * If we couldn't get the lock immediately, try another lock next
    1401             :          * time.  On a system with more insertion locks than concurrent
    1402             :          * inserters, this causes all the inserters to eventually migrate to a
    1403             :          * lock that no-one else is using.  On a system with more inserters
    1404             :          * than locks, it still helps to distribute the inserters evenly
    1405             :          * across the locks.
    1406             :          */
    1407       77176 :         lockToTry = (lockToTry + 1) % NUM_XLOGINSERT_LOCKS;
    1408             :     }
    1409    27697446 : }
    1410             : 
    1411             : /*
    1412             :  * Acquire all WAL insertion locks, to prevent other backends from inserting
    1413             :  * to WAL.
    1414             :  */
    1415             : static void
    1416        6172 : WALInsertLockAcquireExclusive(void)
    1417             : {
    1418             :     int         i;
    1419             : 
    1420             :     /*
    1421             :      * When holding all the locks, all but the last lock's insertingAt
    1422             :      * indicator is set to 0xFFFFFFFFFFFFFFFF, which is higher than any real
    1423             :      * XLogRecPtr value, to make sure that no-one blocks waiting on those.
    1424             :      */
    1425       49376 :     for (i = 0; i < NUM_XLOGINSERT_LOCKS - 1; i++)
    1426             :     {
    1427       43204 :         LWLockAcquire(&WALInsertLocks[i].l.lock, LW_EXCLUSIVE);
    1428       43204 :         LWLockUpdateVar(&WALInsertLocks[i].l.lock,
    1429       43204 :                         &WALInsertLocks[i].l.insertingAt,
    1430             :                         PG_UINT64_MAX);
    1431             :     }
    1432             :     /* Variable value reset to 0 at release */
    1433        6172 :     LWLockAcquire(&WALInsertLocks[i].l.lock, LW_EXCLUSIVE);
    1434             : 
    1435        6172 :     holdingAllLocks = true;
    1436        6172 : }
    1437             : 
    1438             : /*
    1439             :  * Release our insertion lock (or locks, if we're holding them all).
    1440             :  *
    1441             :  * NB: Reset all variables to 0, so they cause LWLockWaitForVar to block the
    1442             :  * next time the lock is acquired.
    1443             :  */
    1444             : static void
    1445    27703618 : WALInsertLockRelease(void)
    1446             : {
    1447    27703618 :     if (holdingAllLocks)
    1448             :     {
    1449             :         int         i;
    1450             : 
    1451       55548 :         for (i = 0; i < NUM_XLOGINSERT_LOCKS; i++)
    1452       49376 :             LWLockReleaseClearVar(&WALInsertLocks[i].l.lock,
    1453       49376 :                                   &WALInsertLocks[i].l.insertingAt,
    1454             :                                   0);
    1455             : 
    1456        6172 :         holdingAllLocks = false;
    1457             :     }
    1458             :     else
    1459             :     {
    1460    27697446 :         LWLockReleaseClearVar(&WALInsertLocks[MyLockNo].l.lock,
    1461    27697446 :                               &WALInsertLocks[MyLockNo].l.insertingAt,
    1462             :                               0);
    1463             :     }
    1464    27703618 : }
    1465             : 
    1466             : /*
    1467             :  * Update our insertingAt value, to let others know that we've finished
    1468             :  * inserting up to that point.
    1469             :  */
    1470             : static void
    1471     4793618 : WALInsertLockUpdateInsertingAt(XLogRecPtr insertingAt)
    1472             : {
    1473     4793618 :     if (holdingAllLocks)
    1474             :     {
    1475             :         /*
    1476             :          * We use the last lock to mark our actual position, see comments in
    1477             :          * WALInsertLockAcquireExclusive.
    1478             :          */
    1479      947598 :         LWLockUpdateVar(&WALInsertLocks[NUM_XLOGINSERT_LOCKS - 1].l.lock,
    1480      947598 :                         &WALInsertLocks[NUM_XLOGINSERT_LOCKS - 1].l.insertingAt,
    1481             :                         insertingAt);
    1482             :     }
    1483             :     else
    1484     3846020 :         LWLockUpdateVar(&WALInsertLocks[MyLockNo].l.lock,
    1485     3846020 :                         &WALInsertLocks[MyLockNo].l.insertingAt,
    1486             :                         insertingAt);
    1487     4793618 : }
    1488             : 
    1489             : /*
    1490             :  * Wait for any WAL insertions < upto to finish.
    1491             :  *
    1492             :  * Returns the location of the oldest insertion that is still in-progress.
    1493             :  * Any WAL prior to that point has been fully copied into WAL buffers, and
    1494             :  * can be flushed out to disk. Because this waits for any insertions older
    1495             :  * than 'upto' to finish, the return value is always >= 'upto'.
    1496             :  *
    1497             :  * Note: When you are about to write out WAL, you must call this function
    1498             :  * *before* acquiring WALWriteLock, to avoid deadlocks. This function might
    1499             :  * need to wait for an insertion to finish (or at least advance to next
    1500             :  * uninitialized page), and the inserter might need to evict an old WAL buffer
    1501             :  * to make room for a new one, which in turn requires WALWriteLock.
    1502             :  */
    1503             : static XLogRecPtr
    1504     4397024 : WaitXLogInsertionsToFinish(XLogRecPtr upto)
    1505             : {
    1506             :     uint64      bytepos;
    1507             :     XLogRecPtr  inserted;
    1508             :     XLogRecPtr  reservedUpto;
    1509             :     XLogRecPtr  finishedUpto;
    1510     4397024 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    1511             :     int         i;
    1512             : 
    1513     4397024 :     if (MyProc == NULL)
    1514           0 :         elog(PANIC, "cannot wait without a PGPROC structure");
    1515             : 
    1516             :     /*
    1517             :      * Check if there's any work to do.  Use a barrier to ensure we get the
    1518             :      * freshest value.
    1519             :      */
    1520     4397024 :     inserted = pg_atomic_read_membarrier_u64(&XLogCtl->logInsertResult);
    1521     4397024 :     if (upto <= inserted)
    1522     3651554 :         return inserted;
    1523             : 
    1524             :     /* Read the current insert position */
    1525      745470 :     SpinLockAcquire(&Insert->insertpos_lck);
    1526      745470 :     bytepos = Insert->CurrBytePos;
    1527      745470 :     SpinLockRelease(&Insert->insertpos_lck);
    1528      745470 :     reservedUpto = XLogBytePosToEndRecPtr(bytepos);
    1529             : 
    1530             :     /*
    1531             :      * No-one should request to flush a piece of WAL that hasn't even been
    1532             :      * reserved yet. However, it can happen if there is a block with a bogus
    1533             :      * LSN on disk, for example. XLogFlush checks for that situation and
    1534             :      * complains, but only after the flush. Here we just assume that to mean
    1535             :      * that all WAL that has been reserved needs to be finished. In this
    1536             :      * corner-case, the return value can be smaller than 'upto' argument.
    1537             :      */
    1538      745470 :     if (upto > reservedUpto)
    1539             :     {
    1540           0 :         ereport(LOG,
    1541             :                 (errmsg("request to flush past end of generated WAL; request %X/%X, current position %X/%X",
    1542             :                         LSN_FORMAT_ARGS(upto), LSN_FORMAT_ARGS(reservedUpto))));
    1543           0 :         upto = reservedUpto;
    1544             :     }
    1545             : 
    1546             :     /*
    1547             :      * Loop through all the locks, sleeping on any in-progress insert older
    1548             :      * than 'upto'.
    1549             :      *
    1550             :      * finishedUpto is our return value, indicating the point upto which all
    1551             :      * the WAL insertions have been finished. Initialize it to the head of
    1552             :      * reserved WAL, and as we iterate through the insertion locks, back it
    1553             :      * out for any insertion that's still in progress.
    1554             :      */
    1555      745470 :     finishedUpto = reservedUpto;
    1556     6709230 :     for (i = 0; i < NUM_XLOGINSERT_LOCKS; i++)
    1557             :     {
    1558     5963760 :         XLogRecPtr  insertingat = InvalidXLogRecPtr;
    1559             : 
    1560             :         do
    1561             :         {
    1562             :             /*
    1563             :              * See if this insertion is in progress.  LWLockWaitForVar will
    1564             :              * wait for the lock to be released, or for the 'value' to be set
    1565             :              * by a LWLockUpdateVar call.  When a lock is initially acquired,
    1566             :              * its value is 0 (InvalidXLogRecPtr), which means that we don't
    1567             :              * know where it's inserting yet.  We will have to wait for it. If
    1568             :              * it's a small insertion, the record will most likely fit on the
    1569             :              * same page and the inserter will release the lock without ever
    1570             :              * calling LWLockUpdateVar.  But if it has to sleep, it will
    1571             :              * advertise the insertion point with LWLockUpdateVar before
    1572             :              * sleeping.
    1573             :              *
    1574             :              * In this loop we are only waiting for insertions that started
    1575             :              * before WaitXLogInsertionsToFinish was called.  The lack of
    1576             :              * memory barriers in the loop means that we might see locks as
    1577             :              * "unused" that have since become used.  This is fine because
    1578             :              * they only can be used for later insertions that we would not
    1579             :              * want to wait on anyway.  Not taking a lock to acquire the
    1580             :              * current insertingAt value means that we might see older
    1581             :              * insertingAt values.  This is also fine, because if we read a
    1582             :              * value too old, we will add ourselves to the wait queue, which
    1583             :              * contains atomic operations.
    1584             :              */
    1585     6028180 :             if (LWLockWaitForVar(&WALInsertLocks[i].l.lock,
    1586     6028180 :                                  &WALInsertLocks[i].l.insertingAt,
    1587             :                                  insertingat, &insertingat))
    1588             :             {
    1589             :                 /* the lock was free, so no insertion in progress */
    1590     4475130 :                 insertingat = InvalidXLogRecPtr;
    1591     4475130 :                 break;
    1592             :             }
    1593             : 
    1594             :             /*
    1595             :              * This insertion is still in progress. Have to wait, unless the
    1596             :              * inserter has proceeded past 'upto'.
    1597             :              */
    1598     1553050 :         } while (insertingat < upto);
    1599             : 
    1600     5963760 :         if (insertingat != InvalidXLogRecPtr && insertingat < finishedUpto)
    1601      609998 :             finishedUpto = insertingat;
    1602             :     }
    1603             : 
    1604             :     /*
    1605             :      * Advance the limit we know to have been inserted and return the freshest
    1606             :      * value we know of, which might be beyond what we requested if somebody
    1607             :      * is concurrently doing this with an 'upto' pointer ahead of us.
    1608             :      */
    1609      745470 :     finishedUpto = pg_atomic_monotonic_advance_u64(&XLogCtl->logInsertResult,
    1610             :                                                    finishedUpto);
    1611             : 
    1612      745470 :     return finishedUpto;
    1613             : }
    1614             : 
    1615             : /*
    1616             :  * Get a pointer to the right location in the WAL buffer containing the
    1617             :  * given XLogRecPtr.
    1618             :  *
    1619             :  * If the page is not initialized yet, it is initialized. That might require
    1620             :  * evicting an old dirty buffer from the buffer cache, which means I/O.
    1621             :  *
    1622             :  * The caller must ensure that the page containing the requested location
    1623             :  * isn't evicted yet, and won't be evicted. The way to ensure that is to
    1624             :  * hold onto a WAL insertion lock with the insertingAt position set to
    1625             :  * something <= ptr. GetXLogBuffer() will update insertingAt if it needs
    1626             :  * to evict an old page from the buffer. (This means that once you call
    1627             :  * GetXLogBuffer() with a given 'ptr', you must not access anything before
    1628             :  * that point anymore, and must not call GetXLogBuffer() with an older 'ptr'
    1629             :  * later, because older buffers might be recycled already)
    1630             :  */
    1631             : static char *
    1632    31987564 : GetXLogBuffer(XLogRecPtr ptr, TimeLineID tli)
    1633             : {
    1634             :     int         idx;
    1635             :     XLogRecPtr  endptr;
    1636             :     static uint64 cachedPage = 0;
    1637             :     static char *cachedPos = NULL;
    1638             :     XLogRecPtr  expectedEndPtr;
    1639             : 
    1640             :     /*
    1641             :      * Fast path for the common case that we need to access again the same
    1642             :      * page as last time.
    1643             :      */
    1644    31987564 :     if (ptr / XLOG_BLCKSZ == cachedPage)
    1645             :     {
    1646             :         Assert(((XLogPageHeader) cachedPos)->xlp_magic == XLOG_PAGE_MAGIC);
    1647             :         Assert(((XLogPageHeader) cachedPos)->xlp_pageaddr == ptr - (ptr % XLOG_BLCKSZ));
    1648    26243522 :         return cachedPos + ptr % XLOG_BLCKSZ;
    1649             :     }
    1650             : 
    1651             :     /*
    1652             :      * The XLog buffer cache is organized so that a page is always loaded to a
    1653             :      * particular buffer.  That way we can easily calculate the buffer a given
    1654             :      * page must be loaded into, from the XLogRecPtr alone.
    1655             :      */
    1656     5744042 :     idx = XLogRecPtrToBufIdx(ptr);
    1657             : 
    1658             :     /*
    1659             :      * See what page is loaded in the buffer at the moment. It could be the
    1660             :      * page we're looking for, or something older. It can't be anything newer
    1661             :      * - that would imply the page we're looking for has already been written
    1662             :      * out to disk and evicted, and the caller is responsible for making sure
    1663             :      * that doesn't happen.
    1664             :      *
    1665             :      * We don't hold a lock while we read the value. If someone is just about
    1666             :      * to initialize or has just initialized the page, it's possible that we
    1667             :      * get InvalidXLogRecPtr. That's ok, we'll grab the mapping lock (in
    1668             :      * AdvanceXLInsertBuffer) and retry if we see anything other than the page
    1669             :      * we're looking for.
    1670             :      */
    1671     5744042 :     expectedEndPtr = ptr;
    1672     5744042 :     expectedEndPtr += XLOG_BLCKSZ - ptr % XLOG_BLCKSZ;
    1673             : 
    1674     5744042 :     endptr = pg_atomic_read_u64(&XLogCtl->xlblocks[idx]);
    1675     5744042 :     if (expectedEndPtr != endptr)
    1676             :     {
    1677             :         XLogRecPtr  initializedUpto;
    1678             : 
    1679             :         /*
    1680             :          * Before calling AdvanceXLInsertBuffer(), which can block, let others
    1681             :          * know how far we're finished with inserting the record.
    1682             :          *
    1683             :          * NB: If 'ptr' points to just after the page header, advertise a
    1684             :          * position at the beginning of the page rather than 'ptr' itself. If
    1685             :          * there are no other insertions running, someone might try to flush
    1686             :          * up to our advertised location. If we advertised a position after
    1687             :          * the page header, someone might try to flush the page header, even
    1688             :          * though page might actually not be initialized yet. As the first
    1689             :          * inserter on the page, we are effectively responsible for making
    1690             :          * sure that it's initialized, before we let insertingAt to move past
    1691             :          * the page header.
    1692             :          */
    1693     4793618 :         if (ptr % XLOG_BLCKSZ == SizeOfXLogShortPHD &&
    1694       11844 :             XLogSegmentOffset(ptr, wal_segment_size) > XLOG_BLCKSZ)
    1695       11844 :             initializedUpto = ptr - SizeOfXLogShortPHD;
    1696     4781774 :         else if (ptr % XLOG_BLCKSZ == SizeOfXLogLongPHD &&
    1697        1680 :                  XLogSegmentOffset(ptr, wal_segment_size) < XLOG_BLCKSZ)
    1698         398 :             initializedUpto = ptr - SizeOfXLogLongPHD;
    1699             :         else
    1700     4781376 :             initializedUpto = ptr;
    1701             : 
    1702     4793618 :         WALInsertLockUpdateInsertingAt(initializedUpto);
    1703             : 
    1704     4793618 :         AdvanceXLInsertBuffer(ptr, tli, false);
    1705     4793618 :         endptr = pg_atomic_read_u64(&XLogCtl->xlblocks[idx]);
    1706             : 
    1707     4793618 :         if (expectedEndPtr != endptr)
    1708           0 :             elog(PANIC, "could not find WAL buffer for %X/%X",
    1709             :                  LSN_FORMAT_ARGS(ptr));
    1710             :     }
    1711             :     else
    1712             :     {
    1713             :         /*
    1714             :          * Make sure the initialization of the page is visible to us, and
    1715             :          * won't arrive later to overwrite the WAL data we write on the page.
    1716             :          */
    1717      950424 :         pg_memory_barrier();
    1718             :     }
    1719             : 
    1720             :     /*
    1721             :      * Found the buffer holding this page. Return a pointer to the right
    1722             :      * offset within the page.
    1723             :      */
    1724     5744042 :     cachedPage = ptr / XLOG_BLCKSZ;
    1725     5744042 :     cachedPos = XLogCtl->pages + idx * (Size) XLOG_BLCKSZ;
    1726             : 
    1727             :     Assert(((XLogPageHeader) cachedPos)->xlp_magic == XLOG_PAGE_MAGIC);
    1728             :     Assert(((XLogPageHeader) cachedPos)->xlp_pageaddr == ptr - (ptr % XLOG_BLCKSZ));
    1729             : 
    1730     5744042 :     return cachedPos + ptr % XLOG_BLCKSZ;
    1731             : }
    1732             : 
    1733             : /*
    1734             :  * Read WAL data directly from WAL buffers, if available. Returns the number
    1735             :  * of bytes read successfully.
    1736             :  *
    1737             :  * Fewer than 'count' bytes may be read if some of the requested WAL data has
    1738             :  * already been evicted.
    1739             :  *
    1740             :  * No locks are taken.
    1741             :  *
    1742             :  * Caller should ensure that it reads no further than LogwrtResult.Write
    1743             :  * (which should have been updated by the caller when determining how far to
    1744             :  * read). The 'tli' argument is only used as a convenient safety check so that
    1745             :  * callers do not read from WAL buffers on a historical timeline.
    1746             :  */
    1747             : Size
    1748      185052 : WALReadFromBuffers(char *dstbuf, XLogRecPtr startptr, Size count,
    1749             :                    TimeLineID tli)
    1750             : {
    1751      185052 :     char       *pdst = dstbuf;
    1752      185052 :     XLogRecPtr  recptr = startptr;
    1753             :     XLogRecPtr  inserted;
    1754      185052 :     Size        nbytes = count;
    1755             : 
    1756      185052 :     if (RecoveryInProgress() || tli != GetWALInsertionTimeLine())
    1757        1824 :         return 0;
    1758             : 
    1759             :     Assert(!XLogRecPtrIsInvalid(startptr));
    1760             : 
    1761             :     /*
    1762             :      * Caller should ensure that the requested data has been inserted into WAL
    1763             :      * buffers before we try to read it.
    1764             :      */
    1765      183228 :     inserted = pg_atomic_read_u64(&XLogCtl->logInsertResult);
    1766      183228 :     if (startptr + count > inserted)
    1767           0 :         ereport(ERROR,
    1768             :                 errmsg("cannot read past end of generated WAL: requested %X/%X, current position %X/%X",
    1769             :                        LSN_FORMAT_ARGS(startptr + count),
    1770             :                        LSN_FORMAT_ARGS(inserted)));
    1771             : 
    1772             :     /*
    1773             :      * Loop through the buffers without a lock. For each buffer, atomically
    1774             :      * read and verify the end pointer, then copy the data out, and finally
    1775             :      * re-read and re-verify the end pointer.
    1776             :      *
    1777             :      * Once a page is evicted, it never returns to the WAL buffers, so if the
    1778             :      * end pointer matches the expected end pointer before and after we copy
    1779             :      * the data, then the right page must have been present during the data
    1780             :      * copy. Read barriers are necessary to ensure that the data copy actually
    1781             :      * happens between the two verification steps.
    1782             :      *
    1783             :      * If either verification fails, we simply terminate the loop and return
    1784             :      * with the data that had been already copied out successfully.
    1785             :      */
    1786      197074 :     while (nbytes > 0)
    1787             :     {
    1788      193158 :         uint32      offset = recptr % XLOG_BLCKSZ;
    1789      193158 :         int         idx = XLogRecPtrToBufIdx(recptr);
    1790             :         XLogRecPtr  expectedEndPtr;
    1791             :         XLogRecPtr  endptr;
    1792             :         const char *page;
    1793             :         const char *psrc;
    1794             :         Size        npagebytes;
    1795             : 
    1796             :         /*
    1797             :          * Calculate the end pointer we expect in the xlblocks array if the
    1798             :          * correct page is present.
    1799             :          */
    1800      193158 :         expectedEndPtr = recptr + (XLOG_BLCKSZ - offset);
    1801             : 
    1802             :         /*
    1803             :          * First verification step: check that the correct page is present in
    1804             :          * the WAL buffers.
    1805             :          */
    1806      193158 :         endptr = pg_atomic_read_u64(&XLogCtl->xlblocks[idx]);
    1807      193158 :         if (expectedEndPtr != endptr)
    1808      179308 :             break;
    1809             : 
    1810             :         /*
    1811             :          * The correct page is present (or was at the time the endptr was
    1812             :          * read; must re-verify later). Calculate pointer to source data and
    1813             :          * determine how much data to read from this page.
    1814             :          */
    1815       13850 :         page = XLogCtl->pages + idx * (Size) XLOG_BLCKSZ;
    1816       13850 :         psrc = page + offset;
    1817       13850 :         npagebytes = Min(nbytes, XLOG_BLCKSZ - offset);
    1818             : 
    1819             :         /*
    1820             :          * Ensure that the data copy and the first verification step are not
    1821             :          * reordered.
    1822             :          */
    1823       13850 :         pg_read_barrier();
    1824             : 
    1825             :         /* data copy */
    1826       13850 :         memcpy(pdst, psrc, npagebytes);
    1827             : 
    1828             :         /*
    1829             :          * Ensure that the data copy and the second verification step are not
    1830             :          * reordered.
    1831             :          */
    1832       13850 :         pg_read_barrier();
    1833             : 
    1834             :         /*
    1835             :          * Second verification step: check that the page we read from wasn't
    1836             :          * evicted while we were copying the data.
    1837             :          */
    1838       13850 :         endptr = pg_atomic_read_u64(&XLogCtl->xlblocks[idx]);
    1839       13850 :         if (expectedEndPtr != endptr)
    1840           4 :             break;
    1841             : 
    1842       13846 :         pdst += npagebytes;
    1843       13846 :         recptr += npagebytes;
    1844       13846 :         nbytes -= npagebytes;
    1845             :     }
    1846             : 
    1847             :     Assert(pdst - dstbuf <= count);
    1848             : 
    1849      183228 :     return pdst - dstbuf;
    1850             : }
    1851             : 
    1852             : /*
    1853             :  * Converts a "usable byte position" to XLogRecPtr. A usable byte position
    1854             :  * is the position starting from the beginning of WAL, excluding all WAL
    1855             :  * page headers.
    1856             :  */
    1857             : static XLogRecPtr
    1858    55375776 : XLogBytePosToRecPtr(uint64 bytepos)
    1859             : {
    1860             :     uint64      fullsegs;
    1861             :     uint64      fullpages;
    1862             :     uint64      bytesleft;
    1863             :     uint32      seg_offset;
    1864             :     XLogRecPtr  result;
    1865             : 
    1866    55375776 :     fullsegs = bytepos / UsableBytesInSegment;
    1867    55375776 :     bytesleft = bytepos % UsableBytesInSegment;
    1868             : 
    1869    55375776 :     if (bytesleft < XLOG_BLCKSZ - SizeOfXLogLongPHD)
    1870             :     {
    1871             :         /* fits on first page of segment */
    1872       90326 :         seg_offset = bytesleft + SizeOfXLogLongPHD;
    1873             :     }
    1874             :     else
    1875             :     {
    1876             :         /* account for the first page on segment with long header */
    1877    55285450 :         seg_offset = XLOG_BLCKSZ;
    1878    55285450 :         bytesleft -= XLOG_BLCKSZ - SizeOfXLogLongPHD;
    1879             : 
    1880    55285450 :         fullpages = bytesleft / UsableBytesInPage;
    1881    55285450 :         bytesleft = bytesleft % UsableBytesInPage;
    1882             : 
    1883    55285450 :         seg_offset += fullpages * XLOG_BLCKSZ + bytesleft + SizeOfXLogShortPHD;
    1884             :     }
    1885             : 
    1886    55375776 :     XLogSegNoOffsetToRecPtr(fullsegs, seg_offset, wal_segment_size, result);
    1887             : 
    1888    55375776 :     return result;
    1889             : }
    1890             : 
    1891             : /*
    1892             :  * Like XLogBytePosToRecPtr, but if the position is at a page boundary,
    1893             :  * returns a pointer to the beginning of the page (ie. before page header),
    1894             :  * not to where the first xlog record on that page would go to. This is used
    1895             :  * when converting a pointer to the end of a record.
    1896             :  */
    1897             : static XLogRecPtr
    1898    28431598 : XLogBytePosToEndRecPtr(uint64 bytepos)
    1899             : {
    1900             :     uint64      fullsegs;
    1901             :     uint64      fullpages;
    1902             :     uint64      bytesleft;
    1903             :     uint32      seg_offset;
    1904             :     XLogRecPtr  result;
    1905             : 
    1906    28431598 :     fullsegs = bytepos / UsableBytesInSegment;
    1907    28431598 :     bytesleft = bytepos % UsableBytesInSegment;
    1908             : 
    1909    28431598 :     if (bytesleft < XLOG_BLCKSZ - SizeOfXLogLongPHD)
    1910             :     {
    1911             :         /* fits on first page of segment */
    1912      140668 :         if (bytesleft == 0)
    1913       94392 :             seg_offset = 0;
    1914             :         else
    1915       46276 :             seg_offset = bytesleft + SizeOfXLogLongPHD;
    1916             :     }
    1917             :     else
    1918             :     {
    1919             :         /* account for the first page on segment with long header */
    1920    28290930 :         seg_offset = XLOG_BLCKSZ;
    1921    28290930 :         bytesleft -= XLOG_BLCKSZ - SizeOfXLogLongPHD;
    1922             : 
    1923    28290930 :         fullpages = bytesleft / UsableBytesInPage;
    1924    28290930 :         bytesleft = bytesleft % UsableBytesInPage;
    1925             : 
    1926    28290930 :         if (bytesleft == 0)
    1927       27508 :             seg_offset += fullpages * XLOG_BLCKSZ + bytesleft;
    1928             :         else
    1929    28263422 :             seg_offset += fullpages * XLOG_BLCKSZ + bytesleft + SizeOfXLogShortPHD;
    1930             :     }
    1931             : 
    1932    28431598 :     XLogSegNoOffsetToRecPtr(fullsegs, seg_offset, wal_segment_size, result);
    1933             : 
    1934    28431598 :     return result;
    1935             : }
    1936             : 
    1937             : /*
    1938             :  * Convert an XLogRecPtr to a "usable byte position".
    1939             :  */
    1940             : static uint64
    1941        3690 : XLogRecPtrToBytePos(XLogRecPtr ptr)
    1942             : {
    1943             :     uint64      fullsegs;
    1944             :     uint32      fullpages;
    1945             :     uint32      offset;
    1946             :     uint64      result;
    1947             : 
    1948        3690 :     XLByteToSeg(ptr, fullsegs, wal_segment_size);
    1949             : 
    1950        3690 :     fullpages = (XLogSegmentOffset(ptr, wal_segment_size)) / XLOG_BLCKSZ;
    1951        3690 :     offset = ptr % XLOG_BLCKSZ;
    1952             : 
    1953        3690 :     if (fullpages == 0)
    1954             :     {
    1955        1060 :         result = fullsegs * UsableBytesInSegment;
    1956        1060 :         if (offset > 0)
    1957             :         {
    1958             :             Assert(offset >= SizeOfXLogLongPHD);
    1959         404 :             result += offset - SizeOfXLogLongPHD;
    1960             :         }
    1961             :     }
    1962             :     else
    1963             :     {
    1964        2630 :         result = fullsegs * UsableBytesInSegment +
    1965        2630 :             (XLOG_BLCKSZ - SizeOfXLogLongPHD) + /* account for first page */
    1966        2630 :             (fullpages - 1) * UsableBytesInPage;    /* full pages */
    1967        2630 :         if (offset > 0)
    1968             :         {
    1969             :             Assert(offset >= SizeOfXLogShortPHD);
    1970        2608 :             result += offset - SizeOfXLogShortPHD;
    1971             :         }
    1972             :     }
    1973             : 
    1974        3690 :     return result;
    1975             : }
    1976             : 
    1977             : /*
    1978             :  * Initialize XLOG buffers, writing out old buffers if they still contain
    1979             :  * unwritten data, upto the page containing 'upto'. Or if 'opportunistic' is
    1980             :  * true, initialize as many pages as we can without having to write out
    1981             :  * unwritten data. Any new pages are initialized to zeros, with pages headers
    1982             :  * initialized properly.
    1983             :  */
    1984             : static void
    1985     4800562 : AdvanceXLInsertBuffer(XLogRecPtr upto, TimeLineID tli, bool opportunistic)
    1986             : {
    1987     4800562 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    1988             :     int         nextidx;
    1989             :     XLogRecPtr  OldPageRqstPtr;
    1990             :     XLogwrtRqst WriteRqst;
    1991     4800562 :     XLogRecPtr  NewPageEndPtr = InvalidXLogRecPtr;
    1992             :     XLogRecPtr  NewPageBeginPtr;
    1993             :     XLogPageHeader NewPage;
    1994     4800562 :     int         npages pg_attribute_unused() = 0;
    1995             : 
    1996     4800562 :     LWLockAcquire(WALBufMappingLock, LW_EXCLUSIVE);
    1997             : 
    1998             :     /*
    1999             :      * Now that we have the lock, check if someone initialized the page
    2000             :      * already.
    2001             :      */
    2002    13345090 :     while (upto >= XLogCtl->InitializedUpTo || opportunistic)
    2003             :     {
    2004     8551472 :         nextidx = XLogRecPtrToBufIdx(XLogCtl->InitializedUpTo);
    2005             : 
    2006             :         /*
    2007             :          * Get ending-offset of the buffer page we need to replace (this may
    2008             :          * be zero if the buffer hasn't been used yet).  Fall through if it's
    2009             :          * already written out.
    2010             :          */
    2011     8551472 :         OldPageRqstPtr = pg_atomic_read_u64(&XLogCtl->xlblocks[nextidx]);
    2012     8551472 :         if (LogwrtResult.Write < OldPageRqstPtr)
    2013             :         {
    2014             :             /*
    2015             :              * Nope, got work to do. If we just want to pre-initialize as much
    2016             :              * as we can without flushing, give up now.
    2017             :              */
    2018     4326768 :             if (opportunistic)
    2019        6944 :                 break;
    2020             : 
    2021             :             /* Advance shared memory write request position */
    2022     4319824 :             SpinLockAcquire(&XLogCtl->info_lck);
    2023     4319824 :             if (XLogCtl->LogwrtRqst.Write < OldPageRqstPtr)
    2024      899330 :                 XLogCtl->LogwrtRqst.Write = OldPageRqstPtr;
    2025     4319824 :             SpinLockRelease(&XLogCtl->info_lck);
    2026             : 
    2027             :             /*
    2028             :              * Acquire an up-to-date LogwrtResult value and see if we still
    2029             :              * need to write it or if someone else already did.
    2030             :              */
    2031     4319824 :             RefreshXLogWriteResult(LogwrtResult);
    2032     4319824 :             if (LogwrtResult.Write < OldPageRqstPtr)
    2033             :             {
    2034             :                 /*
    2035             :                  * Must acquire write lock. Release WALBufMappingLock first,
    2036             :                  * to make sure that all insertions that we need to wait for
    2037             :                  * can finish (up to this same position). Otherwise we risk
    2038             :                  * deadlock.
    2039             :                  */
    2040     4144126 :                 LWLockRelease(WALBufMappingLock);
    2041             : 
    2042     4144126 :                 WaitXLogInsertionsToFinish(OldPageRqstPtr);
    2043             : 
    2044     4144126 :                 LWLockAcquire(WALWriteLock, LW_EXCLUSIVE);
    2045             : 
    2046     4144126 :                 RefreshXLogWriteResult(LogwrtResult);
    2047     4144126 :                 if (LogwrtResult.Write >= OldPageRqstPtr)
    2048             :                 {
    2049             :                     /* OK, someone wrote it already */
    2050      664218 :                     LWLockRelease(WALWriteLock);
    2051             :                 }
    2052             :                 else
    2053             :                 {
    2054             :                     /* Have to write it ourselves */
    2055             :                     TRACE_POSTGRESQL_WAL_BUFFER_WRITE_DIRTY_START();
    2056     3479908 :                     WriteRqst.Write = OldPageRqstPtr;
    2057     3479908 :                     WriteRqst.Flush = 0;
    2058     3479908 :                     XLogWrite(WriteRqst, tli, false);
    2059     3479908 :                     LWLockRelease(WALWriteLock);
    2060     3479908 :                     PendingWalStats.wal_buffers_full++;
    2061             :                     TRACE_POSTGRESQL_WAL_BUFFER_WRITE_DIRTY_DONE();
    2062             :                 }
    2063             :                 /* Re-acquire WALBufMappingLock and retry */
    2064     4144126 :                 LWLockAcquire(WALBufMappingLock, LW_EXCLUSIVE);
    2065     4144126 :                 continue;
    2066             :             }
    2067             :         }
    2068             : 
    2069             :         /*
    2070             :          * Now the next buffer slot is free and we can set it up to be the
    2071             :          * next output page.
    2072             :          */
    2073     4400402 :         NewPageBeginPtr = XLogCtl->InitializedUpTo;
    2074     4400402 :         NewPageEndPtr = NewPageBeginPtr + XLOG_BLCKSZ;
    2075             : 
    2076             :         Assert(XLogRecPtrToBufIdx(NewPageBeginPtr) == nextidx);
    2077             : 
    2078     4400402 :         NewPage = (XLogPageHeader) (XLogCtl->pages + nextidx * (Size) XLOG_BLCKSZ);
    2079             : 
    2080             :         /*
    2081             :          * Mark the xlblock with InvalidXLogRecPtr and issue a write barrier
    2082             :          * before initializing. Otherwise, the old page may be partially
    2083             :          * zeroed but look valid.
    2084             :          */
    2085     4400402 :         pg_atomic_write_u64(&XLogCtl->xlblocks[nextidx], InvalidXLogRecPtr);
    2086     4400402 :         pg_write_barrier();
    2087             : 
    2088             :         /*
    2089             :          * Be sure to re-zero the buffer so that bytes beyond what we've
    2090             :          * written will look like zeroes and not valid XLOG records...
    2091             :          */
    2092     4400402 :         MemSet((char *) NewPage, 0, XLOG_BLCKSZ);
    2093             : 
    2094             :         /*
    2095             :          * Fill the new page's header
    2096             :          */
    2097     4400402 :         NewPage->xlp_magic = XLOG_PAGE_MAGIC;
    2098             : 
    2099             :         /* NewPage->xlp_info = 0; */ /* done by memset */
    2100     4400402 :         NewPage->xlp_tli = tli;
    2101     4400402 :         NewPage->xlp_pageaddr = NewPageBeginPtr;
    2102             : 
    2103             :         /* NewPage->xlp_rem_len = 0; */  /* done by memset */
    2104             : 
    2105             :         /*
    2106             :          * If online backup is not in progress, mark the header to indicate
    2107             :          * that WAL records beginning in this page have removable backup
    2108             :          * blocks.  This allows the WAL archiver to know whether it is safe to
    2109             :          * compress archived WAL data by transforming full-block records into
    2110             :          * the non-full-block format.  It is sufficient to record this at the
    2111             :          * page level because we force a page switch (in fact a segment
    2112             :          * switch) when starting a backup, so the flag will be off before any
    2113             :          * records can be written during the backup.  At the end of a backup,
    2114             :          * the last page will be marked as all unsafe when perhaps only part
    2115             :          * is unsafe, but at worst the archiver would miss the opportunity to
    2116             :          * compress a few records.
    2117             :          */
    2118     4400402 :         if (Insert->runningBackups == 0)
    2119     4147138 :             NewPage->xlp_info |= XLP_BKP_REMOVABLE;
    2120             : 
    2121             :         /*
    2122             :          * If first page of an XLOG segment file, make it a long header.
    2123             :          */
    2124     4400402 :         if ((XLogSegmentOffset(NewPage->xlp_pageaddr, wal_segment_size)) == 0)
    2125             :         {
    2126        2646 :             XLogLongPageHeader NewLongPage = (XLogLongPageHeader) NewPage;
    2127             : 
    2128        2646 :             NewLongPage->xlp_sysid = ControlFile->system_identifier;
    2129        2646 :             NewLongPage->xlp_seg_size = wal_segment_size;
    2130        2646 :             NewLongPage->xlp_xlog_blcksz = XLOG_BLCKSZ;
    2131        2646 :             NewPage->xlp_info |= XLP_LONG_HEADER;
    2132             :         }
    2133             : 
    2134             :         /*
    2135             :          * Make sure the initialization of the page becomes visible to others
    2136             :          * before the xlblocks update. GetXLogBuffer() reads xlblocks without
    2137             :          * holding a lock.
    2138             :          */
    2139     4400402 :         pg_write_barrier();
    2140             : 
    2141     4400402 :         pg_atomic_write_u64(&XLogCtl->xlblocks[nextidx], NewPageEndPtr);
    2142     4400402 :         XLogCtl->InitializedUpTo = NewPageEndPtr;
    2143             : 
    2144     4400402 :         npages++;
    2145             :     }
    2146     4800562 :     LWLockRelease(WALBufMappingLock);
    2147             : 
    2148             : #ifdef WAL_DEBUG
    2149             :     if (XLOG_DEBUG && npages > 0)
    2150             :     {
    2151             :         elog(DEBUG1, "initialized %d pages, up to %X/%X",
    2152             :              npages, LSN_FORMAT_ARGS(NewPageEndPtr));
    2153             :     }
    2154             : #endif
    2155     4800562 : }
    2156             : 
    2157             : /*
    2158             :  * Calculate CheckPointSegments based on max_wal_size_mb and
    2159             :  * checkpoint_completion_target.
    2160             :  */
    2161             : static void
    2162       13678 : CalculateCheckpointSegments(void)
    2163             : {
    2164             :     double      target;
    2165             : 
    2166             :     /*-------
    2167             :      * Calculate the distance at which to trigger a checkpoint, to avoid
    2168             :      * exceeding max_wal_size_mb. This is based on two assumptions:
    2169             :      *
    2170             :      * a) we keep WAL for only one checkpoint cycle (prior to PG11 we kept
    2171             :      *    WAL for two checkpoint cycles to allow us to recover from the
    2172             :      *    secondary checkpoint if the first checkpoint failed, though we
    2173             :      *    only did this on the primary anyway, not on standby. Keeping just
    2174             :      *    one checkpoint simplifies processing and reduces disk space in
    2175             :      *    many smaller databases.)
    2176             :      * b) during checkpoint, we consume checkpoint_completion_target *
    2177             :      *    number of segments consumed between checkpoints.
    2178             :      *-------
    2179             :      */
    2180       13678 :     target = (double) ConvertToXSegs(max_wal_size_mb, wal_segment_size) /
    2181       13678 :         (1.0 + CheckPointCompletionTarget);
    2182             : 
    2183             :     /* round down */
    2184       13678 :     CheckPointSegments = (int) target;
    2185             : 
    2186       13678 :     if (CheckPointSegments < 1)
    2187          18 :         CheckPointSegments = 1;
    2188       13678 : }
    2189             : 
    2190             : void
    2191        9962 : assign_max_wal_size(int newval, void *extra)
    2192             : {
    2193        9962 :     max_wal_size_mb = newval;
    2194        9962 :     CalculateCheckpointSegments();
    2195        9962 : }
    2196             : 
    2197             : void
    2198        1972 : assign_checkpoint_completion_target(double newval, void *extra)
    2199             : {
    2200        1972 :     CheckPointCompletionTarget = newval;
    2201        1972 :     CalculateCheckpointSegments();
    2202        1972 : }
    2203             : 
    2204             : bool
    2205        3808 : check_wal_segment_size(int *newval, void **extra, GucSource source)
    2206             : {
    2207        3808 :     if (!IsValidWalSegSize(*newval))
    2208             :     {
    2209           0 :         GUC_check_errdetail("The WAL segment size must be a power of two between 1 MB and 1 GB.");
    2210           0 :         return false;
    2211             :     }
    2212             : 
    2213        3808 :     return true;
    2214             : }
    2215             : 
    2216             : /*
    2217             :  * GUC check_hook for max_slot_wal_keep_size
    2218             :  *
    2219             :  * We don't allow the value of max_slot_wal_keep_size other than -1 during the
    2220             :  * binary upgrade. See start_postmaster() in pg_upgrade for more details.
    2221             :  */
    2222             : bool
    2223        2180 : check_max_slot_wal_keep_size(int *newval, void **extra, GucSource source)
    2224             : {
    2225        2180 :     if (IsBinaryUpgrade && *newval != -1)
    2226             :     {
    2227           0 :         GUC_check_errdetail("\"%s\" must be set to -1 during binary upgrade mode.",
    2228             :                             "max_slot_wal_keep_size");
    2229           0 :         return false;
    2230             :     }
    2231             : 
    2232        2180 :     return true;
    2233             : }
    2234             : 
    2235             : /*
    2236             :  * At a checkpoint, how many WAL segments to recycle as preallocated future
    2237             :  * XLOG segments? Returns the highest segment that should be preallocated.
    2238             :  */
    2239             : static XLogSegNo
    2240        2468 : XLOGfileslop(XLogRecPtr lastredoptr)
    2241             : {
    2242             :     XLogSegNo   minSegNo;
    2243             :     XLogSegNo   maxSegNo;
    2244             :     double      distance;
    2245             :     XLogSegNo   recycleSegNo;
    2246             : 
    2247             :     /*
    2248             :      * Calculate the segment numbers that min_wal_size_mb and max_wal_size_mb
    2249             :      * correspond to. Always recycle enough segments to meet the minimum, and
    2250             :      * remove enough segments to stay below the maximum.
    2251             :      */
    2252        2468 :     minSegNo = lastredoptr / wal_segment_size +
    2253        2468 :         ConvertToXSegs(min_wal_size_mb, wal_segment_size) - 1;
    2254        2468 :     maxSegNo = lastredoptr / wal_segment_size +
    2255        2468 :         ConvertToXSegs(max_wal_size_mb, wal_segment_size) - 1;
    2256             : 
    2257             :     /*
    2258             :      * Between those limits, recycle enough segments to get us through to the
    2259             :      * estimated end of next checkpoint.
    2260             :      *
    2261             :      * To estimate where the next checkpoint will finish, assume that the
    2262             :      * system runs steadily consuming CheckPointDistanceEstimate bytes between
    2263             :      * every checkpoint.
    2264             :      */
    2265        2468 :     distance = (1.0 + CheckPointCompletionTarget) * CheckPointDistanceEstimate;
    2266             :     /* add 10% for good measure. */
    2267        2468 :     distance *= 1.10;
    2268             : 
    2269        2468 :     recycleSegNo = (XLogSegNo) ceil(((double) lastredoptr + distance) /
    2270             :                                     wal_segment_size);
    2271             : 
    2272        2468 :     if (recycleSegNo < minSegNo)
    2273        1532 :         recycleSegNo = minSegNo;
    2274        2468 :     if (recycleSegNo > maxSegNo)
    2275         730 :         recycleSegNo = maxSegNo;
    2276             : 
    2277        2468 :     return recycleSegNo;
    2278             : }
    2279             : 
    2280             : /*
    2281             :  * Check whether we've consumed enough xlog space that a checkpoint is needed.
    2282             :  *
    2283             :  * new_segno indicates a log file that has just been filled up (or read
    2284             :  * during recovery). We measure the distance from RedoRecPtr to new_segno
    2285             :  * and see if that exceeds CheckPointSegments.
    2286             :  *
    2287             :  * Note: it is caller's responsibility that RedoRecPtr is up-to-date.
    2288             :  */
    2289             : bool
    2290        7870 : XLogCheckpointNeeded(XLogSegNo new_segno)
    2291             : {
    2292             :     XLogSegNo   old_segno;
    2293             : 
    2294        7870 :     XLByteToSeg(RedoRecPtr, old_segno, wal_segment_size);
    2295             : 
    2296        7870 :     if (new_segno >= old_segno + (uint64) (CheckPointSegments - 1))
    2297        5232 :         return true;
    2298        2638 :     return false;
    2299             : }
    2300             : 
    2301             : /*
    2302             :  * Write and/or fsync the log at least as far as WriteRqst indicates.
    2303             :  *
    2304             :  * If flexible == true, we don't have to write as far as WriteRqst, but
    2305             :  * may stop at any convenient boundary (such as a cache or logfile boundary).
    2306             :  * This option allows us to avoid uselessly issuing multiple writes when a
    2307             :  * single one would do.
    2308             :  *
    2309             :  * Must be called with WALWriteLock held. WaitXLogInsertionsToFinish(WriteRqst)
    2310             :  * must be called before grabbing the lock, to make sure the data is ready to
    2311             :  * write.
    2312             :  */
    2313             : static void
    2314     3720022 : XLogWrite(XLogwrtRqst WriteRqst, TimeLineID tli, bool flexible)
    2315             : {
    2316             :     bool        ispartialpage;
    2317             :     bool        last_iteration;
    2318             :     bool        finishing_seg;
    2319             :     int         curridx;
    2320             :     int         npages;
    2321             :     int         startidx;
    2322             :     uint32      startoffset;
    2323             : 
    2324             :     /* We should always be inside a critical section here */
    2325             :     Assert(CritSectionCount > 0);
    2326             : 
    2327             :     /*
    2328             :      * Update local LogwrtResult (caller probably did this already, but...)
    2329             :      */
    2330     3720022 :     RefreshXLogWriteResult(LogwrtResult);
    2331             : 
    2332             :     /*
    2333             :      * Since successive pages in the xlog cache are consecutively allocated,
    2334             :      * we can usually gather multiple pages together and issue just one
    2335             :      * write() call.  npages is the number of pages we have determined can be
    2336             :      * written together; startidx is the cache block index of the first one,
    2337             :      * and startoffset is the file offset at which it should go. The latter
    2338             :      * two variables are only valid when npages > 0, but we must initialize
    2339             :      * all of them to keep the compiler quiet.
    2340             :      */
    2341     3720022 :     npages = 0;
    2342     3720022 :     startidx = 0;
    2343     3720022 :     startoffset = 0;
    2344             : 
    2345             :     /*
    2346             :      * Within the loop, curridx is the cache block index of the page to
    2347             :      * consider writing.  Begin at the buffer containing the next unwritten
    2348             :      * page, or last partially written page.
    2349             :      */
    2350     3720022 :     curridx = XLogRecPtrToBufIdx(LogwrtResult.Write);
    2351             : 
    2352     8027428 :     while (LogwrtResult.Write < WriteRqst.Write)
    2353             :     {
    2354             :         /*
    2355             :          * Make sure we're not ahead of the insert process.  This could happen
    2356             :          * if we're passed a bogus WriteRqst.Write that is past the end of the
    2357             :          * last page that's been initialized by AdvanceXLInsertBuffer.
    2358             :          */
    2359     4541756 :         XLogRecPtr  EndPtr = pg_atomic_read_u64(&XLogCtl->xlblocks[curridx]);
    2360             : 
    2361     4541756 :         if (LogwrtResult.Write >= EndPtr)
    2362           0 :             elog(PANIC, "xlog write request %X/%X is past end of log %X/%X",
    2363             :                  LSN_FORMAT_ARGS(LogwrtResult.Write),
    2364             :                  LSN_FORMAT_ARGS(EndPtr));
    2365             : 
    2366             :         /* Advance LogwrtResult.Write to end of current buffer page */
    2367     4541756 :         LogwrtResult.Write = EndPtr;
    2368     4541756 :         ispartialpage = WriteRqst.Write < LogwrtResult.Write;
    2369             : 
    2370     4541756 :         if (!XLByteInPrevSeg(LogwrtResult.Write, openLogSegNo,
    2371             :                              wal_segment_size))
    2372             :         {
    2373             :             /*
    2374             :              * Switch to new logfile segment.  We cannot have any pending
    2375             :              * pages here (since we dump what we have at segment end).
    2376             :              */
    2377             :             Assert(npages == 0);
    2378       22062 :             if (openLogFile >= 0)
    2379        9062 :                 XLogFileClose();
    2380       22062 :             XLByteToPrevSeg(LogwrtResult.Write, openLogSegNo,
    2381             :                             wal_segment_size);
    2382       22062 :             openLogTLI = tli;
    2383             : 
    2384             :             /* create/use new log file */
    2385       22062 :             openLogFile = XLogFileInit(openLogSegNo, tli);
    2386       22062 :             ReserveExternalFD();
    2387             :         }
    2388             : 
    2389             :         /* Make sure we have the current logfile open */
    2390     4541756 :         if (openLogFile < 0)
    2391             :         {
    2392           0 :             XLByteToPrevSeg(LogwrtResult.Write, openLogSegNo,
    2393             :                             wal_segment_size);
    2394           0 :             openLogTLI = tli;
    2395           0 :             openLogFile = XLogFileOpen(openLogSegNo, tli);
    2396           0 :             ReserveExternalFD();
    2397             :         }
    2398             : 
    2399             :         /* Add current page to the set of pending pages-to-dump */
    2400     4541756 :         if (npages == 0)
    2401             :         {
    2402             :             /* first of group */
    2403     3749354 :             startidx = curridx;
    2404     3749354 :             startoffset = XLogSegmentOffset(LogwrtResult.Write - XLOG_BLCKSZ,
    2405             :                                             wal_segment_size);
    2406             :         }
    2407     4541756 :         npages++;
    2408             : 
    2409             :         /*
    2410             :          * Dump the set if this will be the last loop iteration, or if we are
    2411             :          * at the last page of the cache area (since the next page won't be
    2412             :          * contiguous in memory), or if we are at the end of the logfile
    2413             :          * segment.
    2414             :          */
    2415     4541756 :         last_iteration = WriteRqst.Write <= LogwrtResult.Write;
    2416             : 
    2417     8854978 :         finishing_seg = !ispartialpage &&
    2418     4313222 :             (startoffset + npages * XLOG_BLCKSZ) >= wal_segment_size;
    2419             : 
    2420     4541756 :         if (last_iteration ||
    2421      822742 :             curridx == XLogCtl->XLogCacheBlck ||
    2422             :             finishing_seg)
    2423             :         {
    2424             :             char       *from;
    2425             :             Size        nbytes;
    2426             :             Size        nleft;
    2427             :             ssize_t     written;
    2428             :             instr_time  start;
    2429             : 
    2430             :             /* OK to write the page(s) */
    2431     3749354 :             from = XLogCtl->pages + startidx * (Size) XLOG_BLCKSZ;
    2432     3749354 :             nbytes = npages * (Size) XLOG_BLCKSZ;
    2433     3749354 :             nleft = nbytes;
    2434             :             do
    2435             :             {
    2436     3749354 :                 errno = 0;
    2437             : 
    2438             :                 /* Measure I/O timing to write WAL data */
    2439     3749354 :                 if (track_wal_io_timing)
    2440           0 :                     INSTR_TIME_SET_CURRENT(start);
    2441             :                 else
    2442     3749354 :                     INSTR_TIME_SET_ZERO(start);
    2443             : 
    2444     3749354 :                 pgstat_report_wait_start(WAIT_EVENT_WAL_WRITE);
    2445     3749354 :                 written = pg_pwrite(openLogFile, from, nleft, startoffset);
    2446     3749354 :                 pgstat_report_wait_end();
    2447             : 
    2448             :                 /*
    2449             :                  * Increment the I/O timing and the number of times WAL data
    2450             :                  * were written out to disk.
    2451             :                  */
    2452     3749354 :                 if (track_wal_io_timing)
    2453             :                 {
    2454             :                     instr_time  end;
    2455             : 
    2456           0 :                     INSTR_TIME_SET_CURRENT(end);
    2457           0 :                     INSTR_TIME_ACCUM_DIFF(PendingWalStats.wal_write_time, end, start);
    2458             :                 }
    2459             : 
    2460     3749354 :                 PendingWalStats.wal_write++;
    2461             : 
    2462     3749354 :                 if (written <= 0)
    2463             :                 {
    2464             :                     char        xlogfname[MAXFNAMELEN];
    2465             :                     int         save_errno;
    2466             : 
    2467           0 :                     if (errno == EINTR)
    2468           0 :                         continue;
    2469             : 
    2470           0 :                     save_errno = errno;
    2471           0 :                     XLogFileName(xlogfname, tli, openLogSegNo,
    2472             :                                  wal_segment_size);
    2473           0 :                     errno = save_errno;
    2474           0 :                     ereport(PANIC,
    2475             :                             (errcode_for_file_access(),
    2476             :                              errmsg("could not write to log file \"%s\" at offset %u, length %zu: %m",
    2477             :                                     xlogfname, startoffset, nleft)));
    2478             :                 }
    2479     3749354 :                 nleft -= written;
    2480     3749354 :                 from += written;
    2481     3749354 :                 startoffset += written;
    2482     3749354 :             } while (nleft > 0);
    2483             : 
    2484     3749354 :             npages = 0;
    2485             : 
    2486             :             /*
    2487             :              * If we just wrote the whole last page of a logfile segment,
    2488             :              * fsync the segment immediately.  This avoids having to go back
    2489             :              * and re-open prior segments when an fsync request comes along
    2490             :              * later. Doing it here ensures that one and only one backend will
    2491             :              * perform this fsync.
    2492             :              *
    2493             :              * This is also the right place to notify the Archiver that the
    2494             :              * segment is ready to copy to archival storage, and to update the
    2495             :              * timer for archive_timeout, and to signal for a checkpoint if
    2496             :              * too many logfile segments have been used since the last
    2497             :              * checkpoint.
    2498             :              */
    2499     3749354 :             if (finishing_seg)
    2500             :             {
    2501        2872 :                 issue_xlog_fsync(openLogFile, openLogSegNo, tli);
    2502             : 
    2503             :                 /* signal that we need to wakeup walsenders later */
    2504        2872 :                 WalSndWakeupRequest();
    2505             : 
    2506        2872 :                 LogwrtResult.Flush = LogwrtResult.Write;    /* end of page */
    2507             : 
    2508        2872 :                 if (XLogArchivingActive())
    2509         156 :                     XLogArchiveNotifySeg(openLogSegNo, tli);
    2510             : 
    2511        2872 :                 XLogCtl->lastSegSwitchTime = (pg_time_t) time(NULL);
    2512        2872 :                 XLogCtl->lastSegSwitchLSN = LogwrtResult.Flush;
    2513             : 
    2514             :                 /*
    2515             :                  * Request a checkpoint if we've consumed too much xlog since
    2516             :                  * the last one.  For speed, we first check using the local
    2517             :                  * copy of RedoRecPtr, which might be out of date; if it looks
    2518             :                  * like a checkpoint is needed, forcibly update RedoRecPtr and
    2519             :                  * recheck.
    2520             :                  */
    2521        2872 :                 if (IsUnderPostmaster && XLogCheckpointNeeded(openLogSegNo))
    2522             :                 {
    2523         466 :                     (void) GetRedoRecPtr();
    2524         466 :                     if (XLogCheckpointNeeded(openLogSegNo))
    2525         390 :                         RequestCheckpoint(CHECKPOINT_CAUSE_XLOG);
    2526             :                 }
    2527             :             }
    2528             :         }
    2529             : 
    2530     4541756 :         if (ispartialpage)
    2531             :         {
    2532             :             /* Only asked to write a partial page */
    2533      228534 :             LogwrtResult.Write = WriteRqst.Write;
    2534      228534 :             break;
    2535             :         }
    2536     4313222 :         curridx = NextBufIdx(curridx);
    2537             : 
    2538             :         /* If flexible, break out of loop as soon as we wrote something */
    2539     4313222 :         if (flexible && npages == 0)
    2540        5816 :             break;
    2541             :     }
    2542             : 
    2543             :     Assert(npages == 0);
    2544             : 
    2545             :     /*
    2546             :      * If asked to flush, do so
    2547             :      */
    2548     3720022 :     if (LogwrtResult.Flush < WriteRqst.Flush &&
    2549      239450 :         LogwrtResult.Flush < LogwrtResult.Write)
    2550             :     {
    2551             :         /*
    2552             :          * Could get here without iterating above loop, in which case we might
    2553             :          * have no open file or the wrong one.  However, we do not need to
    2554             :          * fsync more than one file.
    2555             :          */
    2556      239352 :         if (wal_sync_method != WAL_SYNC_METHOD_OPEN &&
    2557      239352 :             wal_sync_method != WAL_SYNC_METHOD_OPEN_DSYNC)
    2558             :         {
    2559      239352 :             if (openLogFile >= 0 &&
    2560      239332 :                 !XLByteInPrevSeg(LogwrtResult.Write, openLogSegNo,
    2561             :                                  wal_segment_size))
    2562          42 :                 XLogFileClose();
    2563      239352 :             if (openLogFile < 0)
    2564             :             {
    2565          62 :                 XLByteToPrevSeg(LogwrtResult.Write, openLogSegNo,
    2566             :                                 wal_segment_size);
    2567          62 :                 openLogTLI = tli;
    2568          62 :                 openLogFile = XLogFileOpen(openLogSegNo, tli);
    2569          62 :                 ReserveExternalFD();
    2570             :             }
    2571             : 
    2572      239352 :             issue_xlog_fsync(openLogFile, openLogSegNo, tli);
    2573             :         }
    2574             : 
    2575             :         /* signal that we need to wakeup walsenders later */
    2576      239352 :         WalSndWakeupRequest();
    2577             : 
    2578      239352 :         LogwrtResult.Flush = LogwrtResult.Write;
    2579             :     }
    2580             : 
    2581             :     /*
    2582             :      * Update shared-memory status
    2583             :      *
    2584             :      * We make sure that the shared 'request' values do not fall behind the
    2585             :      * 'result' values.  This is not absolutely essential, but it saves some
    2586             :      * code in a couple of places.
    2587             :      */
    2588     3720022 :     SpinLockAcquire(&XLogCtl->info_lck);
    2589     3720022 :     if (XLogCtl->LogwrtRqst.Write < LogwrtResult.Write)
    2590      212368 :         XLogCtl->LogwrtRqst.Write = LogwrtResult.Write;
    2591     3720022 :     if (XLogCtl->LogwrtRqst.Flush < LogwrtResult.Flush)
    2592      241508 :         XLogCtl->LogwrtRqst.Flush = LogwrtResult.Flush;
    2593     3720022 :     SpinLockRelease(&XLogCtl->info_lck);
    2594             : 
    2595             :     /*
    2596             :      * We write Write first, bar, then Flush.  When reading, the opposite must
    2597             :      * be done (with a matching barrier in between), so that we always see a
    2598             :      * Flush value that trails behind the Write value seen.
    2599             :      */
    2600     3720022 :     pg_atomic_write_u64(&XLogCtl->logWriteResult, LogwrtResult.Write);
    2601     3720022 :     pg_write_barrier();
    2602     3720022 :     pg_atomic_write_u64(&XLogCtl->logFlushResult, LogwrtResult.Flush);
    2603             : 
    2604             : #ifdef USE_ASSERT_CHECKING
    2605             :     {
    2606             :         XLogRecPtr  Flush;
    2607             :         XLogRecPtr  Write;
    2608             :         XLogRecPtr  Insert;
    2609             : 
    2610             :         Flush = pg_atomic_read_u64(&XLogCtl->logFlushResult);
    2611             :         pg_read_barrier();
    2612             :         Write = pg_atomic_read_u64(&XLogCtl->logWriteResult);
    2613             :         pg_read_barrier();
    2614             :         Insert = pg_atomic_read_u64(&XLogCtl->logInsertResult);
    2615             : 
    2616             :         /* WAL written to disk is always ahead of WAL flushed */
    2617             :         Assert(Write >= Flush);
    2618             : 
    2619             :         /* WAL inserted to buffers is always ahead of WAL written */
    2620             :         Assert(Insert >= Write);
    2621             :     }
    2622             : #endif
    2623     3720022 : }
    2624             : 
    2625             : /*
    2626             :  * Record the LSN for an asynchronous transaction commit/abort
    2627             :  * and nudge the WALWriter if there is work for it to do.
    2628             :  * (This should not be called for synchronous commits.)
    2629             :  */
    2630             : void
    2631       83322 : XLogSetAsyncXactLSN(XLogRecPtr asyncXactLSN)
    2632             : {
    2633       83322 :     XLogRecPtr  WriteRqstPtr = asyncXactLSN;
    2634             :     bool        sleeping;
    2635       83322 :     bool        wakeup = false;
    2636             :     XLogRecPtr  prevAsyncXactLSN;
    2637             : 
    2638       83322 :     SpinLockAcquire(&XLogCtl->info_lck);
    2639       83322 :     sleeping = XLogCtl->WalWriterSleeping;
    2640       83322 :     prevAsyncXactLSN = XLogCtl->asyncXactLSN;
    2641       83322 :     if (XLogCtl->asyncXactLSN < asyncXactLSN)
    2642       82550 :         XLogCtl->asyncXactLSN = asyncXactLSN;
    2643       83322 :     SpinLockRelease(&XLogCtl->info_lck);
    2644             : 
    2645             :     /*
    2646             :      * If somebody else already called this function with a more aggressive
    2647             :      * LSN, they will have done what we needed (and perhaps more).
    2648             :      */
    2649       83322 :     if (asyncXactLSN <= prevAsyncXactLSN)
    2650         772 :         return;
    2651             : 
    2652             :     /*
    2653             :      * If the WALWriter is sleeping, kick it to make it come out of low-power
    2654             :      * mode, so that this async commit will reach disk within the expected
    2655             :      * amount of time.  Otherwise, determine whether it has enough WAL
    2656             :      * available to flush, the same way that XLogBackgroundFlush() does.
    2657             :      */
    2658       82550 :     if (sleeping)
    2659          22 :         wakeup = true;
    2660             :     else
    2661             :     {
    2662             :         int         flushblocks;
    2663             : 
    2664       82528 :         RefreshXLogWriteResult(LogwrtResult);
    2665             : 
    2666       82528 :         flushblocks =
    2667       82528 :             WriteRqstPtr / XLOG_BLCKSZ - LogwrtResult.Flush / XLOG_BLCKSZ;
    2668             : 
    2669       82528 :         if (WalWriterFlushAfter == 0 || flushblocks >= WalWriterFlushAfter)
    2670        6774 :             wakeup = true;
    2671             :     }
    2672             : 
    2673       82550 :     if (wakeup)
    2674             :     {
    2675        6796 :         volatile PROC_HDR *procglobal = ProcGlobal;
    2676        6796 :         ProcNumber  walwriterProc = procglobal->walwriterProc;
    2677             : 
    2678        6796 :         if (walwriterProc != INVALID_PROC_NUMBER)
    2679         386 :             SetLatch(&GetPGProcByNumber(walwriterProc)->procLatch);
    2680             :     }
    2681             : }
    2682             : 
    2683             : /*
    2684             :  * Record the LSN up to which we can remove WAL because it's not required by
    2685             :  * any replication slot.
    2686             :  */
    2687             : void
    2688       17024 : XLogSetReplicationSlotMinimumLSN(XLogRecPtr lsn)
    2689             : {
    2690       17024 :     SpinLockAcquire(&XLogCtl->info_lck);
    2691       17024 :     XLogCtl->replicationSlotMinLSN = lsn;
    2692       17024 :     SpinLockRelease(&XLogCtl->info_lck);
    2693       17024 : }
    2694             : 
    2695             : 
    2696             : /*
    2697             :  * Return the oldest LSN we must retain to satisfy the needs of some
    2698             :  * replication slot.
    2699             :  */
    2700             : static XLogRecPtr
    2701        3298 : XLogGetReplicationSlotMinimumLSN(void)
    2702             : {
    2703             :     XLogRecPtr  retval;
    2704             : 
    2705        3298 :     SpinLockAcquire(&XLogCtl->info_lck);
    2706        3298 :     retval = XLogCtl->replicationSlotMinLSN;
    2707        3298 :     SpinLockRelease(&XLogCtl->info_lck);
    2708             : 
    2709        3298 :     return retval;
    2710             : }
    2711             : 
    2712             : /*
    2713             :  * Advance minRecoveryPoint in control file.
    2714             :  *
    2715             :  * If we crash during recovery, we must reach this point again before the
    2716             :  * database is consistent.
    2717             :  *
    2718             :  * If 'force' is true, 'lsn' argument is ignored. Otherwise, minRecoveryPoint
    2719             :  * is only updated if it's not already greater than or equal to 'lsn'.
    2720             :  */
    2721             : static void
    2722      182636 : UpdateMinRecoveryPoint(XLogRecPtr lsn, bool force)
    2723             : {
    2724             :     /* Quick check using our local copy of the variable */
    2725      182636 :     if (!updateMinRecoveryPoint || (!force && lsn <= LocalMinRecoveryPoint))
    2726      171262 :         return;
    2727             : 
    2728             :     /*
    2729             :      * An invalid minRecoveryPoint means that we need to recover all the WAL,
    2730             :      * i.e., we're doing crash recovery.  We never modify the control file's
    2731             :      * value in that case, so we can short-circuit future checks here too. The
    2732             :      * local values of minRecoveryPoint and minRecoveryPointTLI should not be
    2733             :      * updated until crash recovery finishes.  We only do this for the startup
    2734             :      * process as it should not update its own reference of minRecoveryPoint
    2735             :      * until it has finished crash recovery to make sure that all WAL
    2736             :      * available is replayed in this case.  This also saves from extra locks
    2737             :      * taken on the control file from the startup process.
    2738             :      */
    2739       11374 :     if (XLogRecPtrIsInvalid(LocalMinRecoveryPoint) && InRecovery)
    2740             :     {
    2741          62 :         updateMinRecoveryPoint = false;
    2742          62 :         return;
    2743             :     }
    2744             : 
    2745       11312 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    2746             : 
    2747             :     /* update local copy */
    2748       11312 :     LocalMinRecoveryPoint = ControlFile->minRecoveryPoint;
    2749       11312 :     LocalMinRecoveryPointTLI = ControlFile->minRecoveryPointTLI;
    2750             : 
    2751       11312 :     if (XLogRecPtrIsInvalid(LocalMinRecoveryPoint))
    2752           4 :         updateMinRecoveryPoint = false;
    2753       11308 :     else if (force || LocalMinRecoveryPoint < lsn)
    2754             :     {
    2755             :         XLogRecPtr  newMinRecoveryPoint;
    2756             :         TimeLineID  newMinRecoveryPointTLI;
    2757             : 
    2758             :         /*
    2759             :          * To avoid having to update the control file too often, we update it
    2760             :          * all the way to the last record being replayed, even though 'lsn'
    2761             :          * would suffice for correctness.  This also allows the 'force' case
    2762             :          * to not need a valid 'lsn' value.
    2763             :          *
    2764             :          * Another important reason for doing it this way is that the passed
    2765             :          * 'lsn' value could be bogus, i.e., past the end of available WAL, if
    2766             :          * the caller got it from a corrupted heap page.  Accepting such a
    2767             :          * value as the min recovery point would prevent us from coming up at
    2768             :          * all.  Instead, we just log a warning and continue with recovery.
    2769             :          * (See also the comments about corrupt LSNs in XLogFlush.)
    2770             :          */
    2771        9302 :         newMinRecoveryPoint = GetCurrentReplayRecPtr(&newMinRecoveryPointTLI);
    2772        9302 :         if (!force && newMinRecoveryPoint < lsn)
    2773           0 :             elog(WARNING,
    2774             :                  "xlog min recovery request %X/%X is past current point %X/%X",
    2775             :                  LSN_FORMAT_ARGS(lsn), LSN_FORMAT_ARGS(newMinRecoveryPoint));
    2776             : 
    2777             :         /* update control file */
    2778        9302 :         if (ControlFile->minRecoveryPoint < newMinRecoveryPoint)
    2779             :         {
    2780        9250 :             ControlFile->minRecoveryPoint = newMinRecoveryPoint;
    2781        9250 :             ControlFile->minRecoveryPointTLI = newMinRecoveryPointTLI;
    2782        9250 :             UpdateControlFile();
    2783        9250 :             LocalMinRecoveryPoint = newMinRecoveryPoint;
    2784        9250 :             LocalMinRecoveryPointTLI = newMinRecoveryPointTLI;
    2785             : 
    2786        9250 :             ereport(DEBUG2,
    2787             :                     (errmsg_internal("updated min recovery point to %X/%X on timeline %u",
    2788             :                                      LSN_FORMAT_ARGS(newMinRecoveryPoint),
    2789             :                                      newMinRecoveryPointTLI)));
    2790             :         }
    2791             :     }
    2792       11312 :     LWLockRelease(ControlFileLock);
    2793             : }
    2794             : 
    2795             : /*
    2796             :  * Ensure that all XLOG data through the given position is flushed to disk.
    2797             :  *
    2798             :  * NOTE: this differs from XLogWrite mainly in that the WALWriteLock is not
    2799             :  * already held, and we try to avoid acquiring it if possible.
    2800             :  */
    2801             : void
    2802     1185964 : XLogFlush(XLogRecPtr record)
    2803             : {
    2804             :     XLogRecPtr  WriteRqstPtr;
    2805             :     XLogwrtRqst WriteRqst;
    2806     1185964 :     TimeLineID  insertTLI = XLogCtl->InsertTimeLineID;
    2807             : 
    2808             :     /*
    2809             :      * During REDO, we are reading not writing WAL.  Therefore, instead of
    2810             :      * trying to flush the WAL, we should update minRecoveryPoint instead. We
    2811             :      * test XLogInsertAllowed(), not InRecovery, because we need checkpointer
    2812             :      * to act this way too, and because when it tries to write the
    2813             :      * end-of-recovery checkpoint, it should indeed flush.
    2814             :      */
    2815     1185964 :     if (!XLogInsertAllowed())
    2816             :     {
    2817      182384 :         UpdateMinRecoveryPoint(record, false);
    2818      933100 :         return;
    2819             :     }
    2820             : 
    2821             :     /* Quick exit if already known flushed */
    2822     1003580 :     if (record <= LogwrtResult.Flush)
    2823      750716 :         return;
    2824             : 
    2825             : #ifdef WAL_DEBUG
    2826             :     if (XLOG_DEBUG)
    2827             :         elog(LOG, "xlog flush request %X/%X; write %X/%X; flush %X/%X",
    2828             :              LSN_FORMAT_ARGS(record),
    2829             :              LSN_FORMAT_ARGS(LogwrtResult.Write),
    2830             :              LSN_FORMAT_ARGS(LogwrtResult.Flush));
    2831             : #endif
    2832             : 
    2833      252864 :     START_CRIT_SECTION();
    2834             : 
    2835             :     /*
    2836             :      * Since fsync is usually a horribly expensive operation, we try to
    2837             :      * piggyback as much data as we can on each fsync: if we see any more data
    2838             :      * entered into the xlog buffer, we'll write and fsync that too, so that
    2839             :      * the final value of LogwrtResult.Flush is as large as possible. This
    2840             :      * gives us some chance of avoiding another fsync immediately after.
    2841             :      */
    2842             : 
    2843             :     /* initialize to given target; may increase below */
    2844      252864 :     WriteRqstPtr = record;
    2845             : 
    2846             :     /*
    2847             :      * Now wait until we get the write lock, or someone else does the flush
    2848             :      * for us.
    2849             :      */
    2850             :     for (;;)
    2851       10994 :     {
    2852             :         XLogRecPtr  insertpos;
    2853             : 
    2854             :         /* done already? */
    2855      263858 :         RefreshXLogWriteResult(LogwrtResult);
    2856      263858 :         if (record <= LogwrtResult.Flush)
    2857       17904 :             break;
    2858             : 
    2859             :         /*
    2860             :          * Before actually performing the write, wait for all in-flight
    2861             :          * insertions to the pages we're about to write to finish.
    2862             :          */
    2863      245954 :         SpinLockAcquire(&XLogCtl->info_lck);
    2864      245954 :         if (WriteRqstPtr < XLogCtl->LogwrtRqst.Write)
    2865       14962 :             WriteRqstPtr = XLogCtl->LogwrtRqst.Write;
    2866      245954 :         SpinLockRelease(&XLogCtl->info_lck);
    2867      245954 :         insertpos = WaitXLogInsertionsToFinish(WriteRqstPtr);
    2868             : 
    2869             :         /*
    2870             :          * Try to get the write lock. If we can't get it immediately, wait
    2871             :          * until it's released, and recheck if we still need to do the flush
    2872             :          * or if the backend that held the lock did it for us already. This
    2873             :          * helps to maintain a good rate of group committing when the system
    2874             :          * is bottlenecked by the speed of fsyncing.
    2875             :          */
    2876      245954 :         if (!LWLockAcquireOrWait(WALWriteLock, LW_EXCLUSIVE))
    2877             :         {
    2878             :             /*
    2879             :              * The lock is now free, but we didn't acquire it yet. Before we
    2880             :              * do, loop back to check if someone else flushed the record for
    2881             :              * us already.
    2882             :              */
    2883       10994 :             continue;
    2884             :         }
    2885             : 
    2886             :         /* Got the lock; recheck whether request is satisfied */
    2887      234960 :         RefreshXLogWriteResult(LogwrtResult);
    2888      234960 :         if (record <= LogwrtResult.Flush)
    2889             :         {
    2890        1570 :             LWLockRelease(WALWriteLock);
    2891        1570 :             break;
    2892             :         }
    2893             : 
    2894             :         /*
    2895             :          * Sleep before flush! By adding a delay here, we may give further
    2896             :          * backends the opportunity to join the backlog of group commit
    2897             :          * followers; this can significantly improve transaction throughput,
    2898             :          * at the risk of increasing transaction latency.
    2899             :          *
    2900             :          * We do not sleep if enableFsync is not turned on, nor if there are
    2901             :          * fewer than CommitSiblings other backends with active transactions.
    2902             :          */
    2903      233390 :         if (CommitDelay > 0 && enableFsync &&
    2904           0 :             MinimumActiveBackends(CommitSiblings))
    2905             :         {
    2906           0 :             pg_usleep(CommitDelay);
    2907             : 
    2908             :             /*
    2909             :              * Re-check how far we can now flush the WAL. It's generally not
    2910             :              * safe to call WaitXLogInsertionsToFinish while holding
    2911             :              * WALWriteLock, because an in-progress insertion might need to
    2912             :              * also grab WALWriteLock to make progress. But we know that all
    2913             :              * the insertions up to insertpos have already finished, because
    2914             :              * that's what the earlier WaitXLogInsertionsToFinish() returned.
    2915             :              * We're only calling it again to allow insertpos to be moved
    2916             :              * further forward, not to actually wait for anyone.
    2917             :              */
    2918           0 :             insertpos = WaitXLogInsertionsToFinish(insertpos);
    2919             :         }
    2920             : 
    2921             :         /* try to write/flush later additions to XLOG as well */
    2922      233390 :         WriteRqst.Write = insertpos;
    2923      233390 :         WriteRqst.Flush = insertpos;
    2924             : 
    2925      233390 :         XLogWrite(WriteRqst, insertTLI, false);
    2926             : 
    2927      233390 :         LWLockRelease(WALWriteLock);
    2928             :         /* done */
    2929      233390 :         break;
    2930             :     }
    2931             : 
    2932      252864 :     END_CRIT_SECTION();
    2933             : 
    2934             :     /* wake up walsenders now that we've released heavily contended locks */
    2935      252864 :     WalSndWakeupProcessRequests(true, !RecoveryInProgress());
    2936             : 
    2937             :     /*
    2938             :      * If we still haven't flushed to the request point then we have a
    2939             :      * problem; most likely, the requested flush point is past end of XLOG.
    2940             :      * This has been seen to occur when a disk page has a corrupted LSN.
    2941             :      *
    2942             :      * Formerly we treated this as a PANIC condition, but that hurts the
    2943             :      * system's robustness rather than helping it: we do not want to take down
    2944             :      * the whole system due to corruption on one data page.  In particular, if
    2945             :      * the bad page is encountered again during recovery then we would be
    2946             :      * unable to restart the database at all!  (This scenario actually
    2947             :      * happened in the field several times with 7.1 releases.)  As of 8.4, bad
    2948             :      * LSNs encountered during recovery are UpdateMinRecoveryPoint's problem;
    2949             :      * the only time we can reach here during recovery is while flushing the
    2950             :      * end-of-recovery checkpoint record, and we don't expect that to have a
    2951             :      * bad LSN.
    2952             :      *
    2953             :      * Note that for calls from xact.c, the ERROR will be promoted to PANIC
    2954             :      * since xact.c calls this routine inside a critical section.  However,
    2955             :      * calls from bufmgr.c are not within critical sections and so we will not
    2956             :      * force a restart for a bad LSN on a data page.
    2957             :      */
    2958      252864 :     if (LogwrtResult.Flush < record)
    2959           0 :         elog(ERROR,
    2960             :              "xlog flush request %X/%X is not satisfied --- flushed only to %X/%X",
    2961             :              LSN_FORMAT_ARGS(record),
    2962             :              LSN_FORMAT_ARGS(LogwrtResult.Flush));
    2963             : }
    2964             : 
    2965             : /*
    2966             :  * Write & flush xlog, but without specifying exactly where to.
    2967             :  *
    2968             :  * We normally write only completed blocks; but if there is nothing to do on
    2969             :  * that basis, we check for unwritten async commits in the current incomplete
    2970             :  * block, and write through the latest one of those.  Thus, if async commits
    2971             :  * are not being used, we will write complete blocks only.
    2972             :  *
    2973             :  * If, based on the above, there's anything to write we do so immediately. But
    2974             :  * to avoid calling fsync, fdatasync et. al. at a rate that'd impact
    2975             :  * concurrent IO, we only flush WAL every wal_writer_delay ms, or if there's
    2976             :  * more than wal_writer_flush_after unflushed blocks.
    2977             :  *
    2978             :  * We can guarantee that async commits reach disk after at most three
    2979             :  * wal_writer_delay cycles. (When flushing complete blocks, we allow XLogWrite
    2980             :  * to write "flexibly", meaning it can stop at the end of the buffer ring;
    2981             :  * this makes a difference only with very high load or long wal_writer_delay,
    2982             :  * but imposes one extra cycle for the worst case for async commits.)
    2983             :  *
    2984             :  * This routine is invoked periodically by the background walwriter process.
    2985             :  *
    2986             :  * Returns true if there was any work to do, even if we skipped flushing due
    2987             :  * to wal_writer_delay/wal_writer_flush_after.
    2988             :  */
    2989             : bool
    2990       38730 : XLogBackgroundFlush(void)
    2991             : {
    2992             :     XLogwrtRqst WriteRqst;
    2993       38730 :     bool        flexible = true;
    2994             :     static TimestampTz lastflush;
    2995             :     TimestampTz now;
    2996             :     int         flushblocks;
    2997             :     TimeLineID  insertTLI;
    2998             : 
    2999             :     /* XLOG doesn't need flushing during recovery */
    3000       38730 :     if (RecoveryInProgress())
    3001          16 :         return false;
    3002             : 
    3003             :     /*
    3004             :      * Since we're not in recovery, InsertTimeLineID is set and can't change,
    3005             :      * so we can read it without a lock.
    3006             :      */
    3007       38714 :     insertTLI = XLogCtl->InsertTimeLineID;
    3008             : 
    3009             :     /* read updated LogwrtRqst */
    3010       38714 :     SpinLockAcquire(&XLogCtl->info_lck);
    3011       38714 :     WriteRqst = XLogCtl->LogwrtRqst;
    3012       38714 :     SpinLockRelease(&XLogCtl->info_lck);
    3013             : 
    3014             :     /* back off to last completed page boundary */
    3015       38714 :     WriteRqst.Write -= WriteRqst.Write % XLOG_BLCKSZ;
    3016             : 
    3017             :     /* if we have already flushed that far, consider async commit records */
    3018       38714 :     RefreshXLogWriteResult(LogwrtResult);
    3019       38714 :     if (WriteRqst.Write <= LogwrtResult.Flush)
    3020             :     {
    3021       32644 :         SpinLockAcquire(&XLogCtl->info_lck);
    3022       32644 :         WriteRqst.Write = XLogCtl->asyncXactLSN;
    3023       32644 :         SpinLockRelease(&XLogCtl->info_lck);
    3024       32644 :         flexible = false;       /* ensure it all gets written */
    3025             :     }
    3026             : 
    3027             :     /*
    3028             :      * If already known flushed, we're done. Just need to check if we are
    3029             :      * holding an open file handle to a logfile that's no longer in use,
    3030             :      * preventing the file from being deleted.
    3031             :      */
    3032       38714 :     if (WriteRqst.Write <= LogwrtResult.Flush)
    3033             :     {
    3034       31770 :         if (openLogFile >= 0)
    3035             :         {
    3036        6532 :             if (!XLByteInPrevSeg(LogwrtResult.Write, openLogSegNo,
    3037             :                                  wal_segment_size))
    3038             :             {
    3039         244 :                 XLogFileClose();
    3040             :             }
    3041             :         }
    3042       31770 :         return false;
    3043             :     }
    3044             : 
    3045             :     /*
    3046             :      * Determine how far to flush WAL, based on the wal_writer_delay and
    3047             :      * wal_writer_flush_after GUCs.
    3048             :      *
    3049             :      * Note that XLogSetAsyncXactLSN() performs similar calculation based on
    3050             :      * wal_writer_flush_after, to decide when to wake us up.  Make sure the
    3051             :      * logic is the same in both places if you change this.
    3052             :      */
    3053        6944 :     now = GetCurrentTimestamp();
    3054        6944 :     flushblocks =
    3055        6944 :         WriteRqst.Write / XLOG_BLCKSZ - LogwrtResult.Flush / XLOG_BLCKSZ;
    3056             : 
    3057        6944 :     if (WalWriterFlushAfter == 0 || lastflush == 0)
    3058             :     {
    3059             :         /* first call, or block based limits disabled */
    3060         368 :         WriteRqst.Flush = WriteRqst.Write;
    3061         368 :         lastflush = now;
    3062             :     }
    3063        6576 :     else if (TimestampDifferenceExceeds(lastflush, now, WalWriterDelay))
    3064             :     {
    3065             :         /*
    3066             :          * Flush the writes at least every WalWriterDelay ms. This is
    3067             :          * important to bound the amount of time it takes for an asynchronous
    3068             :          * commit to hit disk.
    3069             :          */
    3070        6248 :         WriteRqst.Flush = WriteRqst.Write;
    3071        6248 :         lastflush = now;
    3072             :     }
    3073         328 :     else if (flushblocks >= WalWriterFlushAfter)
    3074             :     {
    3075             :         /* exceeded wal_writer_flush_after blocks, flush */
    3076         306 :         WriteRqst.Flush = WriteRqst.Write;
    3077         306 :         lastflush = now;
    3078             :     }
    3079             :     else
    3080             :     {
    3081             :         /* no flushing, this time round */
    3082          22 :         WriteRqst.Flush = 0;
    3083             :     }
    3084             : 
    3085             : #ifdef WAL_DEBUG
    3086             :     if (XLOG_DEBUG)
    3087             :         elog(LOG, "xlog bg flush request write %X/%X; flush: %X/%X, current is write %X/%X; flush %X/%X",
    3088             :              LSN_FORMAT_ARGS(WriteRqst.Write),
    3089             :              LSN_FORMAT_ARGS(WriteRqst.Flush),
    3090             :              LSN_FORMAT_ARGS(LogwrtResult.Write),
    3091             :              LSN_FORMAT_ARGS(LogwrtResult.Flush));
    3092             : #endif
    3093             : 
    3094        6944 :     START_CRIT_SECTION();
    3095             : 
    3096             :     /* now wait for any in-progress insertions to finish and get write lock */
    3097        6944 :     WaitXLogInsertionsToFinish(WriteRqst.Write);
    3098        6944 :     LWLockAcquire(WALWriteLock, LW_EXCLUSIVE);
    3099        6944 :     RefreshXLogWriteResult(LogwrtResult);
    3100        6944 :     if (WriteRqst.Write > LogwrtResult.Write ||
    3101         272 :         WriteRqst.Flush > LogwrtResult.Flush)
    3102             :     {
    3103        6724 :         XLogWrite(WriteRqst, insertTLI, flexible);
    3104             :     }
    3105        6944 :     LWLockRelease(WALWriteLock);
    3106             : 
    3107        6944 :     END_CRIT_SECTION();
    3108             : 
    3109             :     /* wake up walsenders now that we've released heavily contended locks */
    3110        6944 :     WalSndWakeupProcessRequests(true, !RecoveryInProgress());
    3111             : 
    3112             :     /*
    3113             :      * Great, done. To take some work off the critical path, try to initialize
    3114             :      * as many of the no-longer-needed WAL buffers for future use as we can.
    3115             :      */
    3116        6944 :     AdvanceXLInsertBuffer(InvalidXLogRecPtr, insertTLI, true);
    3117             : 
    3118             :     /*
    3119             :      * If we determined that we need to write data, but somebody else
    3120             :      * wrote/flushed already, it should be considered as being active, to
    3121             :      * avoid hibernating too early.
    3122             :      */
    3123        6944 :     return true;
    3124             : }
    3125             : 
    3126             : /*
    3127             :  * Test whether XLOG data has been flushed up to (at least) the given position.
    3128             :  *
    3129             :  * Returns true if a flush is still needed.  (It may be that someone else
    3130             :  * is already in process of flushing that far, however.)
    3131             :  */
    3132             : bool
    3133    17076810 : XLogNeedsFlush(XLogRecPtr record)
    3134             : {
    3135             :     /*
    3136             :      * During recovery, we don't flush WAL but update minRecoveryPoint
    3137             :      * instead. So "needs flush" is taken to mean whether minRecoveryPoint
    3138             :      * would need to be updated.
    3139             :      */
    3140    17076810 :     if (RecoveryInProgress())
    3141             :     {
    3142             :         /*
    3143             :          * An invalid minRecoveryPoint means that we need to recover all the
    3144             :          * WAL, i.e., we're doing crash recovery.  We never modify the control
    3145             :          * file's value in that case, so we can short-circuit future checks
    3146             :          * here too.  This triggers a quick exit path for the startup process,
    3147             :          * which cannot update its local copy of minRecoveryPoint as long as
    3148             :          * it has not replayed all WAL available when doing crash recovery.
    3149             :          */
    3150     1638464 :         if (XLogRecPtrIsInvalid(LocalMinRecoveryPoint) && InRecovery)
    3151           0 :             updateMinRecoveryPoint = false;
    3152             : 
    3153             :         /* Quick exit if already known to be updated or cannot be updated */
    3154     1638464 :         if (record <= LocalMinRecoveryPoint || !updateMinRecoveryPoint)
    3155     1615738 :             return false;
    3156             : 
    3157             :         /*
    3158             :          * Update local copy of minRecoveryPoint. But if the lock is busy,
    3159             :          * just return a conservative guess.
    3160             :          */
    3161       22726 :         if (!LWLockConditionalAcquire(ControlFileLock, LW_SHARED))
    3162           0 :             return true;
    3163       22726 :         LocalMinRecoveryPoint = ControlFile->minRecoveryPoint;
    3164       22726 :         LocalMinRecoveryPointTLI = ControlFile->minRecoveryPointTLI;
    3165       22726 :         LWLockRelease(ControlFileLock);
    3166             : 
    3167             :         /*
    3168             :          * Check minRecoveryPoint for any other process than the startup
    3169             :          * process doing crash recovery, which should not update the control
    3170             :          * file value if crash recovery is still running.
    3171             :          */
    3172       22726 :         if (XLogRecPtrIsInvalid(LocalMinRecoveryPoint))
    3173           0 :             updateMinRecoveryPoint = false;
    3174             : 
    3175             :         /* check again */
    3176       22726 :         if (record <= LocalMinRecoveryPoint || !updateMinRecoveryPoint)
    3177         152 :             return false;
    3178             :         else
    3179       22574 :             return true;
    3180             :     }
    3181             : 
    3182             :     /* Quick exit if already known flushed */
    3183    15438346 :     if (record <= LogwrtResult.Flush)
    3184    15002192 :         return false;
    3185             : 
    3186             :     /* read LogwrtResult and update local state */
    3187      436154 :     RefreshXLogWriteResult(LogwrtResult);
    3188             : 
    3189             :     /* check again */
    3190      436154 :     if (record <= LogwrtResult.Flush)
    3191        4104 :         return false;
    3192             : 
    3193      432050 :     return true;
    3194             : }
    3195             : 
    3196             : /*
    3197             :  * Try to make a given XLOG file segment exist.
    3198             :  *
    3199             :  * logsegno: identify segment.
    3200             :  *
    3201             :  * *added: on return, true if this call raised the number of extant segments.
    3202             :  *
    3203             :  * path: on return, this char[MAXPGPATH] has the path to the logsegno file.
    3204             :  *
    3205             :  * Returns -1 or FD of opened file.  A -1 here is not an error; a caller
    3206             :  * wanting an open segment should attempt to open "path", which usually will
    3207             :  * succeed.  (This is weird, but it's efficient for the callers.)
    3208             :  */
    3209             : static int
    3210       24260 : XLogFileInitInternal(XLogSegNo logsegno, TimeLineID logtli,
    3211             :                      bool *added, char *path)
    3212             : {
    3213             :     char        tmppath[MAXPGPATH];
    3214             :     XLogSegNo   installed_segno;
    3215             :     XLogSegNo   max_segno;
    3216             :     int         fd;
    3217             :     int         save_errno;
    3218       24260 :     int         open_flags = O_RDWR | O_CREAT | O_EXCL | PG_BINARY;
    3219             : 
    3220             :     Assert(logtli != 0);
    3221             : 
    3222       24260 :     XLogFilePath(path, logtli, logsegno, wal_segment_size);
    3223             : 
    3224             :     /*
    3225             :      * Try to use existent file (checkpoint maker may have created it already)
    3226             :      */
    3227       24260 :     *added = false;
    3228       24260 :     fd = BasicOpenFile(path, O_RDWR | PG_BINARY | O_CLOEXEC |
    3229       24260 :                        get_sync_bit(wal_sync_method));
    3230       24260 :     if (fd < 0)
    3231             :     {
    3232        2570 :         if (errno != ENOENT)
    3233           0 :             ereport(ERROR,
    3234             :                     (errcode_for_file_access(),
    3235             :                      errmsg("could not open file \"%s\": %m", path)));
    3236             :     }
    3237             :     else
    3238       21690 :         return fd;
    3239             : 
    3240             :     /*
    3241             :      * Initialize an empty (all zeroes) segment.  NOTE: it is possible that
    3242             :      * another process is doing the same thing.  If so, we will end up
    3243             :      * pre-creating an extra log segment.  That seems OK, and better than
    3244             :      * holding the lock throughout this lengthy process.
    3245             :      */
    3246        2570 :     elog(DEBUG2, "creating and filling new WAL file");
    3247             : 
    3248        2570 :     snprintf(tmppath, MAXPGPATH, XLOGDIR "/xlogtemp.%d", (int) getpid());
    3249             : 
    3250        2570 :     unlink(tmppath);
    3251             : 
    3252        2570 :     if (io_direct_flags & IO_DIRECT_WAL_INIT)
    3253           0 :         open_flags |= PG_O_DIRECT;
    3254             : 
    3255             :     /* do not use get_sync_bit() here --- want to fsync only at end of fill */
    3256        2570 :     fd = BasicOpenFile(tmppath, open_flags);
    3257        2570 :     if (fd < 0)
    3258           0 :         ereport(ERROR,
    3259             :                 (errcode_for_file_access(),
    3260             :                  errmsg("could not create file \"%s\": %m", tmppath)));
    3261             : 
    3262        2570 :     pgstat_report_wait_start(WAIT_EVENT_WAL_INIT_WRITE);
    3263        2570 :     save_errno = 0;
    3264        2570 :     if (wal_init_zero)
    3265             :     {
    3266             :         ssize_t     rc;
    3267             : 
    3268             :         /*
    3269             :          * Zero-fill the file.  With this setting, we do this the hard way to
    3270             :          * ensure that all the file space has really been allocated.  On
    3271             :          * platforms that allow "holes" in files, just seeking to the end
    3272             :          * doesn't allocate intermediate space.  This way, we know that we
    3273             :          * have all the space and (after the fsync below) that all the
    3274             :          * indirect blocks are down on disk.  Therefore, fdatasync(2) or
    3275             :          * O_DSYNC will be sufficient to sync future writes to the log file.
    3276             :          */
    3277        2570 :         rc = pg_pwrite_zeros(fd, wal_segment_size, 0);
    3278             : 
    3279        2570 :         if (rc < 0)
    3280           0 :             save_errno = errno;
    3281             :     }
    3282             :     else
    3283             :     {
    3284             :         /*
    3285             :          * Otherwise, seeking to the end and writing a solitary byte is
    3286             :          * enough.
    3287             :          */
    3288           0 :         errno = 0;
    3289           0 :         if (pg_pwrite(fd, "\0", 1, wal_segment_size - 1) != 1)
    3290             :         {
    3291             :             /* if write didn't set errno, assume no disk space */
    3292           0 :             save_errno = errno ? errno : ENOSPC;
    3293             :         }
    3294             :     }
    3295        2570 :     pgstat_report_wait_end();
    3296             : 
    3297        2570 :     if (save_errno)
    3298             :     {
    3299             :         /*
    3300             :          * If we fail to make the file, delete it to release disk space
    3301             :          */
    3302           0 :         unlink(tmppath);
    3303             : 
    3304           0 :         close(fd);
    3305             : 
    3306           0 :         errno = save_errno;
    3307             : 
    3308           0 :         ereport(ERROR,
    3309             :                 (errcode_for_file_access(),
    3310             :                  errmsg("could not write to file \"%s\": %m", tmppath)));
    3311             :     }
    3312             : 
    3313        2570 :     pgstat_report_wait_start(WAIT_EVENT_WAL_INIT_SYNC);
    3314        2570 :     if (pg_fsync(fd) != 0)
    3315             :     {
    3316           0 :         save_errno = errno;
    3317           0 :         close(fd);
    3318           0 :         errno = save_errno;
    3319           0 :         ereport(ERROR,
    3320             :                 (errcode_for_file_access(),
    3321             :                  errmsg("could not fsync file \"%s\": %m", tmppath)));
    3322             :     }
    3323        2570 :     pgstat_report_wait_end();
    3324             : 
    3325        2570 :     if (close(fd) != 0)
    3326           0 :         ereport(ERROR,
    3327             :                 (errcode_for_file_access(),
    3328             :                  errmsg("could not close file \"%s\": %m", tmppath)));
    3329             : 
    3330             :     /*
    3331             :      * Now move the segment into place with its final name.  Cope with
    3332             :      * possibility that someone else has created the file while we were
    3333             :      * filling ours: if so, use ours to pre-create a future log segment.
    3334             :      */
    3335        2570 :     installed_segno = logsegno;
    3336             : 
    3337             :     /*
    3338             :      * XXX: What should we use as max_segno? We used to use XLOGfileslop when
    3339             :      * that was a constant, but that was always a bit dubious: normally, at a
    3340             :      * checkpoint, XLOGfileslop was the offset from the checkpoint record, but
    3341             :      * here, it was the offset from the insert location. We can't do the
    3342             :      * normal XLOGfileslop calculation here because we don't have access to
    3343             :      * the prior checkpoint's redo location. So somewhat arbitrarily, just use
    3344             :      * CheckPointSegments.
    3345             :      */
    3346        2570 :     max_segno = logsegno + CheckPointSegments;
    3347        2570 :     if (InstallXLogFileSegment(&installed_segno, tmppath, true, max_segno,
    3348             :                                logtli))
    3349             :     {
    3350        2568 :         *added = true;
    3351        2568 :         elog(DEBUG2, "done creating and filling new WAL file");
    3352             :     }
    3353             :     else
    3354             :     {
    3355             :         /*
    3356             :          * No need for any more future segments, or InstallXLogFileSegment()
    3357             :          * failed to rename the file into place. If the rename failed, a
    3358             :          * caller opening the file may fail.
    3359             :          */
    3360           2 :         unlink(tmppath);
    3361           2 :         elog(DEBUG2, "abandoned new WAL file");
    3362             :     }
    3363             : 
    3364        2570 :     return -1;
    3365             : }
    3366             : 
    3367             : /*
    3368             :  * Create a new XLOG file segment, or open a pre-existing one.
    3369             :  *
    3370             :  * logsegno: identify segment to be created/opened.
    3371             :  *
    3372             :  * Returns FD of opened file.
    3373             :  *
    3374             :  * Note: errors here are ERROR not PANIC because we might or might not be
    3375             :  * inside a critical section (eg, during checkpoint there is no reason to
    3376             :  * take down the system on failure).  They will promote to PANIC if we are
    3377             :  * in a critical section.
    3378             :  */
    3379             : int
    3380       23764 : XLogFileInit(XLogSegNo logsegno, TimeLineID logtli)
    3381             : {
    3382             :     bool        ignore_added;
    3383             :     char        path[MAXPGPATH];
    3384             :     int         fd;
    3385             : 
    3386             :     Assert(logtli != 0);
    3387             : 
    3388       23764 :     fd = XLogFileInitInternal(logsegno, logtli, &ignore_added, path);
    3389       23764 :     if (fd >= 0)
    3390       21494 :         return fd;
    3391             : 
    3392             :     /* Now open original target segment (might not be file I just made) */
    3393        2270 :     fd = BasicOpenFile(path, O_RDWR | PG_BINARY | O_CLOEXEC |
    3394        2270 :                        get_sync_bit(wal_sync_method));
    3395        2270 :     if (fd < 0)
    3396           0 :         ereport(ERROR,
    3397             :                 (errcode_for_file_access(),
    3398             :                  errmsg("could not open file \"%s\": %m", path)));
    3399        2270 :     return fd;
    3400             : }
    3401             : 
    3402             : /*
    3403             :  * Create a new XLOG file segment by copying a pre-existing one.
    3404             :  *
    3405             :  * destsegno: identify segment to be created.
    3406             :  *
    3407             :  * srcTLI, srcsegno: identify segment to be copied (could be from
    3408             :  *      a different timeline)
    3409             :  *
    3410             :  * upto: how much of the source file to copy (the rest is filled with
    3411             :  *      zeros)
    3412             :  *
    3413             :  * Currently this is only used during recovery, and so there are no locking
    3414             :  * considerations.  But we should be just as tense as XLogFileInit to avoid
    3415             :  * emplacing a bogus file.
    3416             :  */
    3417             : static void
    3418          78 : XLogFileCopy(TimeLineID destTLI, XLogSegNo destsegno,
    3419             :              TimeLineID srcTLI, XLogSegNo srcsegno,
    3420             :              int upto)
    3421             : {
    3422             :     char        path[MAXPGPATH];
    3423             :     char        tmppath[MAXPGPATH];
    3424             :     PGAlignedXLogBlock buffer;
    3425             :     int         srcfd;
    3426             :     int         fd;
    3427             :     int         nbytes;
    3428             : 
    3429             :     /*
    3430             :      * Open the source file
    3431             :      */
    3432          78 :     XLogFilePath(path, srcTLI, srcsegno, wal_segment_size);
    3433          78 :     srcfd = OpenTransientFile(path, O_RDONLY | PG_BINARY);
    3434          78 :     if (srcfd < 0)
    3435           0 :         ereport(ERROR,
    3436             :                 (errcode_for_file_access(),
    3437             :                  errmsg("could not open file \"%s\": %m", path)));
    3438             : 
    3439             :     /*
    3440             :      * Copy into a temp file name.
    3441             :      */
    3442          78 :     snprintf(tmppath, MAXPGPATH, XLOGDIR "/xlogtemp.%d", (int) getpid());
    3443             : 
    3444          78 :     unlink(tmppath);
    3445             : 
    3446             :     /* do not use get_sync_bit() here --- want to fsync only at end of fill */
    3447          78 :     fd = OpenTransientFile(tmppath, O_RDWR | O_CREAT | O_EXCL | PG_BINARY);
    3448          78 :     if (fd < 0)
    3449           0 :         ereport(ERROR,
    3450             :                 (errcode_for_file_access(),
    3451             :                  errmsg("could not create file \"%s\": %m", tmppath)));
    3452             : 
    3453             :     /*
    3454             :      * Do the data copying.
    3455             :      */
    3456      159822 :     for (nbytes = 0; nbytes < wal_segment_size; nbytes += sizeof(buffer))
    3457             :     {
    3458             :         int         nread;
    3459             : 
    3460      159744 :         nread = upto - nbytes;
    3461             : 
    3462             :         /*
    3463             :          * The part that is not read from the source file is filled with
    3464             :          * zeros.
    3465             :          */
    3466      159744 :         if (nread < sizeof(buffer))
    3467          78 :             memset(buffer.data, 0, sizeof(buffer));
    3468             : 
    3469      159744 :         if (nread > 0)
    3470             :         {
    3471             :             int         r;
    3472             : 
    3473        5376 :             if (nread > sizeof(buffer))
    3474        5298 :                 nread = sizeof(buffer);
    3475        5376 :             pgstat_report_wait_start(WAIT_EVENT_WAL_COPY_READ);
    3476        5376 :             r = read(srcfd, buffer.data, nread);
    3477        5376 :             if (r != nread)
    3478             :             {
    3479           0 :                 if (r < 0)
    3480           0 :                     ereport(ERROR,
    3481             :                             (errcode_for_file_access(),
    3482             :                              errmsg("could not read file \"%s\": %m",
    3483             :                                     path)));
    3484             :                 else
    3485           0 :                     ereport(ERROR,
    3486             :                             (errcode(ERRCODE_DATA_CORRUPTED),
    3487             :                              errmsg("could not read file \"%s\": read %d of %zu",
    3488             :                                     path, r, (Size) nread)));
    3489             :             }
    3490        5376 :             pgstat_report_wait_end();
    3491             :         }
    3492      159744 :         errno = 0;
    3493      159744 :         pgstat_report_wait_start(WAIT_EVENT_WAL_COPY_WRITE);
    3494      159744 :         if ((int) write(fd, buffer.data, sizeof(buffer)) != (int) sizeof(buffer))
    3495             :         {
    3496           0 :             int         save_errno = errno;
    3497             : 
    3498             :             /*
    3499             :              * If we fail to make the file, delete it to release disk space
    3500             :              */
    3501           0 :             unlink(tmppath);
    3502             :             /* if write didn't set errno, assume problem is no disk space */
    3503           0 :             errno = save_errno ? save_errno : ENOSPC;
    3504             : 
    3505           0 :             ereport(ERROR,
    3506             :                     (errcode_for_file_access(),
    3507             :                      errmsg("could not write to file \"%s\": %m", tmppath)));
    3508             :         }
    3509      159744 :         pgstat_report_wait_end();
    3510             :     }
    3511             : 
    3512          78 :     pgstat_report_wait_start(WAIT_EVENT_WAL_COPY_SYNC);
    3513          78 :     if (pg_fsync(fd) != 0)
    3514           0 :         ereport(data_sync_elevel(ERROR),
    3515             :                 (errcode_for_file_access(),
    3516             :                  errmsg("could not fsync file \"%s\": %m", tmppath)));
    3517          78 :     pgstat_report_wait_end();
    3518             : 
    3519          78 :     if (CloseTransientFile(fd) != 0)
    3520           0 :         ereport(ERROR,
    3521             :                 (errcode_for_file_access(),
    3522             :                  errmsg("could not close file \"%s\": %m", tmppath)));
    3523             : 
    3524          78 :     if (CloseTransientFile(srcfd) != 0)
    3525           0 :         ereport(ERROR,
    3526             :                 (errcode_for_file_access(),
    3527             :                  errmsg("could not close file \"%s\": %m", path)));
    3528             : 
    3529             :     /*
    3530             :      * Now move the segment into place with its final name.
    3531             :      */
    3532          78 :     if (!InstallXLogFileSegment(&destsegno, tmppath, false, 0, destTLI))
    3533           0 :         elog(ERROR, "InstallXLogFileSegment should not have failed");
    3534          78 : }
    3535             : 
    3536             : /*
    3537             :  * Install a new XLOG segment file as a current or future log segment.
    3538             :  *
    3539             :  * This is used both to install a newly-created segment (which has a temp
    3540             :  * filename while it's being created) and to recycle an old segment.
    3541             :  *
    3542             :  * *segno: identify segment to install as (or first possible target).
    3543             :  * When find_free is true, this is modified on return to indicate the
    3544             :  * actual installation location or last segment searched.
    3545             :  *
    3546             :  * tmppath: initial name of file to install.  It will be renamed into place.
    3547             :  *
    3548             :  * find_free: if true, install the new segment at the first empty segno
    3549             :  * number at or after the passed numbers.  If false, install the new segment
    3550             :  * exactly where specified, deleting any existing segment file there.
    3551             :  *
    3552             :  * max_segno: maximum segment number to install the new file as.  Fail if no
    3553             :  * free slot is found between *segno and max_segno. (Ignored when find_free
    3554             :  * is false.)
    3555             :  *
    3556             :  * tli: The timeline on which the new segment should be installed.
    3557             :  *
    3558             :  * Returns true if the file was installed successfully.  false indicates that
    3559             :  * max_segno limit was exceeded, the startup process has disabled this
    3560             :  * function for now, or an error occurred while renaming the file into place.
    3561             :  */
    3562             : static bool
    3563        4694 : InstallXLogFileSegment(XLogSegNo *segno, char *tmppath,
    3564             :                        bool find_free, XLogSegNo max_segno, TimeLineID tli)
    3565             : {
    3566             :     char        path[MAXPGPATH];
    3567             :     struct stat stat_buf;
    3568             : 
    3569             :     Assert(tli != 0);
    3570             : 
    3571        4694 :     XLogFilePath(path, tli, *segno, wal_segment_size);
    3572             : 
    3573        4694 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    3574        4694 :     if (!XLogCtl->InstallXLogFileSegmentActive)
    3575             :     {
    3576           0 :         LWLockRelease(ControlFileLock);
    3577           0 :         return false;
    3578             :     }
    3579             : 
    3580        4694 :     if (!find_free)
    3581             :     {
    3582             :         /* Force installation: get rid of any pre-existing segment file */
    3583          78 :         durable_unlink(path, DEBUG1);
    3584             :     }
    3585             :     else
    3586             :     {
    3587             :         /* Find a free slot to put it in */
    3588        6596 :         while (stat(path, &stat_buf) == 0)
    3589             :         {
    3590        2002 :             if ((*segno) >= max_segno)
    3591             :             {
    3592             :                 /* Failed to find a free slot within specified range */
    3593          22 :                 LWLockRelease(ControlFileLock);
    3594          22 :                 return false;
    3595             :             }
    3596        1980 :             (*segno)++;
    3597        1980 :             XLogFilePath(path, tli, *segno, wal_segment_size);
    3598             :         }
    3599             :     }
    3600             : 
    3601             :     Assert(access(path, F_OK) != 0 && errno == ENOENT);
    3602        4672 :     if (durable_rename(tmppath, path, LOG) != 0)
    3603             :     {
    3604           0 :         LWLockRelease(ControlFileLock);
    3605             :         /* durable_rename already emitted log message */
    3606           0 :         return false;
    3607             :     }
    3608             : 
    3609        4672 :     LWLockRelease(ControlFileLock);
    3610             : 
    3611        4672 :     return true;
    3612             : }
    3613             : 
    3614             : /*
    3615             :  * Open a pre-existing logfile segment for writing.
    3616             :  */
    3617             : int
    3618          62 : XLogFileOpen(XLogSegNo segno, TimeLineID tli)
    3619             : {
    3620             :     char        path[MAXPGPATH];
    3621             :     int         fd;
    3622             : 
    3623          62 :     XLogFilePath(path, tli, segno, wal_segment_size);
    3624             : 
    3625          62 :     fd = BasicOpenFile(path, O_RDWR | PG_BINARY | O_CLOEXEC |
    3626          62 :                        get_sync_bit(wal_sync_method));
    3627          62 :     if (fd < 0)
    3628           0 :         ereport(PANIC,
    3629             :                 (errcode_for_file_access(),
    3630             :                  errmsg("could not open file \"%s\": %m", path)));
    3631             : 
    3632          62 :     return fd;
    3633             : }
    3634             : 
    3635             : /*
    3636             :  * Close the current logfile segment for writing.
    3637             :  */
    3638             : static void
    3639        9348 : XLogFileClose(void)
    3640             : {
    3641             :     Assert(openLogFile >= 0);
    3642             : 
    3643             :     /*
    3644             :      * WAL segment files will not be re-read in normal operation, so we advise
    3645             :      * the OS to release any cached pages.  But do not do so if WAL archiving
    3646             :      * or streaming is active, because archiver and walsender process could
    3647             :      * use the cache to read the WAL segment.
    3648             :      */
    3649             : #if defined(USE_POSIX_FADVISE) && defined(POSIX_FADV_DONTNEED)
    3650        9348 :     if (!XLogIsNeeded() && (io_direct_flags & IO_DIRECT_WAL) == 0)
    3651        2284 :         (void) posix_fadvise(openLogFile, 0, 0, POSIX_FADV_DONTNEED);
    3652             : #endif
    3653             : 
    3654        9348 :     if (close(openLogFile) != 0)
    3655             :     {
    3656             :         char        xlogfname[MAXFNAMELEN];
    3657           0 :         int         save_errno = errno;
    3658             : 
    3659           0 :         XLogFileName(xlogfname, openLogTLI, openLogSegNo, wal_segment_size);
    3660           0 :         errno = save_errno;
    3661           0 :         ereport(PANIC,
    3662             :                 (errcode_for_file_access(),
    3663             :                  errmsg("could not close file \"%s\": %m", xlogfname)));
    3664             :     }
    3665             : 
    3666        9348 :     openLogFile = -1;
    3667        9348 :     ReleaseExternalFD();
    3668        9348 : }
    3669             : 
    3670             : /*
    3671             :  * Preallocate log files beyond the specified log endpoint.
    3672             :  *
    3673             :  * XXX this is currently extremely conservative, since it forces only one
    3674             :  * future log segment to exist, and even that only if we are 75% done with
    3675             :  * the current one.  This is only appropriate for very low-WAL-volume systems.
    3676             :  * High-volume systems will be OK once they've built up a sufficient set of
    3677             :  * recycled log segments, but the startup transient is likely to include
    3678             :  * a lot of segment creations by foreground processes, which is not so good.
    3679             :  *
    3680             :  * XLogFileInitInternal() can ereport(ERROR).  All known causes indicate big
    3681             :  * trouble; for example, a full filesystem is one cause.  The checkpoint WAL
    3682             :  * and/or ControlFile updates already completed.  If a RequestCheckpoint()
    3683             :  * initiated the present checkpoint and an ERROR ends this function, the
    3684             :  * command that called RequestCheckpoint() fails.  That's not ideal, but it's
    3685             :  * not worth contorting more functions to use caller-specified elevel values.
    3686             :  * (With or without RequestCheckpoint(), an ERROR forestalls some inessential
    3687             :  * reporting and resource reclamation.)
    3688             :  */
    3689             : static void
    3690        2956 : PreallocXlogFiles(XLogRecPtr endptr, TimeLineID tli)
    3691             : {
    3692             :     XLogSegNo   _logSegNo;
    3693             :     int         lf;
    3694             :     bool        added;
    3695             :     char        path[MAXPGPATH];
    3696             :     uint64      offset;
    3697             : 
    3698        2956 :     if (!XLogCtl->InstallXLogFileSegmentActive)
    3699           6 :         return;                 /* unlocked check says no */
    3700             : 
    3701        2950 :     XLByteToPrevSeg(endptr, _logSegNo, wal_segment_size);
    3702        2950 :     offset = XLogSegmentOffset(endptr - 1, wal_segment_size);
    3703        2950 :     if (offset >= (uint32) (0.75 * wal_segment_size))
    3704             :     {
    3705         496 :         _logSegNo++;
    3706         496 :         lf = XLogFileInitInternal(_logSegNo, tli, &added, path);
    3707         496 :         if (lf >= 0)
    3708         196 :             close(lf);
    3709         496 :         if (added)
    3710         298 :             CheckpointStats.ckpt_segs_added++;
    3711             :     }
    3712             : }
    3713             : 
    3714             : /*
    3715             :  * Throws an error if the given log segment has already been removed or
    3716             :  * recycled. The caller should only pass a segment that it knows to have
    3717             :  * existed while the server has been running, as this function always
    3718             :  * succeeds if no WAL segments have been removed since startup.
    3719             :  * 'tli' is only used in the error message.
    3720             :  *
    3721             :  * Note: this function guarantees to keep errno unchanged on return.
    3722             :  * This supports callers that use this to possibly deliver a better
    3723             :  * error message about a missing file, while still being able to throw
    3724             :  * a normal file-access error afterwards, if this does return.
    3725             :  */
    3726             : void
    3727      242054 : CheckXLogRemoved(XLogSegNo segno, TimeLineID tli)
    3728             : {
    3729      242054 :     int         save_errno = errno;
    3730             :     XLogSegNo   lastRemovedSegNo;
    3731             : 
    3732      242054 :     SpinLockAcquire(&XLogCtl->info_lck);
    3733      242054 :     lastRemovedSegNo = XLogCtl->lastRemovedSegNo;
    3734      242054 :     SpinLockRelease(&XLogCtl->info_lck);
    3735             : 
    3736      242054 :     if (segno <= lastRemovedSegNo)
    3737             :     {
    3738             :         char        filename[MAXFNAMELEN];
    3739             : 
    3740           0 :         XLogFileName(filename, tli, segno, wal_segment_size);
    3741           0 :         errno = save_errno;
    3742           0 :         ereport(ERROR,
    3743             :                 (errcode_for_file_access(),
    3744             :                  errmsg("requested WAL segment %s has already been removed",
    3745             :                         filename)));
    3746             :     }
    3747      242054 :     errno = save_errno;
    3748      242054 : }
    3749             : 
    3750             : /*
    3751             :  * Return the last WAL segment removed, or 0 if no segment has been removed
    3752             :  * since startup.
    3753             :  *
    3754             :  * NB: the result can be out of date arbitrarily fast, the caller has to deal
    3755             :  * with that.
    3756             :  */
    3757             : XLogSegNo
    3758        1958 : XLogGetLastRemovedSegno(void)
    3759             : {
    3760             :     XLogSegNo   lastRemovedSegNo;
    3761             : 
    3762        1958 :     SpinLockAcquire(&XLogCtl->info_lck);
    3763        1958 :     lastRemovedSegNo = XLogCtl->lastRemovedSegNo;
    3764        1958 :     SpinLockRelease(&XLogCtl->info_lck);
    3765             : 
    3766        1958 :     return lastRemovedSegNo;
    3767             : }
    3768             : 
    3769             : /*
    3770             :  * Return the oldest WAL segment on the given TLI that still exists in
    3771             :  * XLOGDIR, or 0 if none.
    3772             :  */
    3773             : XLogSegNo
    3774          10 : XLogGetOldestSegno(TimeLineID tli)
    3775             : {
    3776             :     DIR        *xldir;
    3777             :     struct dirent *xlde;
    3778          10 :     XLogSegNo   oldest_segno = 0;
    3779             : 
    3780          10 :     xldir = AllocateDir(XLOGDIR);
    3781          66 :     while ((xlde = ReadDir(xldir, XLOGDIR)) != NULL)
    3782             :     {
    3783             :         TimeLineID  file_tli;
    3784             :         XLogSegNo   file_segno;
    3785             : 
    3786             :         /* Ignore files that are not XLOG segments. */
    3787          56 :         if (!IsXLogFileName(xlde->d_name))
    3788          40 :             continue;
    3789             : 
    3790             :         /* Parse filename to get TLI and segno. */
    3791          16 :         XLogFromFileName(xlde->d_name, &file_tli, &file_segno,
    3792             :                          wal_segment_size);
    3793             : 
    3794             :         /* Ignore anything that's not from the TLI of interest. */
    3795          16 :         if (tli != file_tli)
    3796           0 :             continue;
    3797             : 
    3798             :         /* If it's the oldest so far, update oldest_segno. */
    3799          16 :         if (oldest_segno == 0 || file_segno < oldest_segno)
    3800          14 :             oldest_segno = file_segno;
    3801             :     }
    3802             : 
    3803          10 :     FreeDir(xldir);
    3804          10 :     return oldest_segno;
    3805             : }
    3806             : 
    3807             : /*
    3808             :  * Update the last removed segno pointer in shared memory, to reflect that the
    3809             :  * given XLOG file has been removed.
    3810             :  */
    3811             : static void
    3812        3788 : UpdateLastRemovedPtr(char *filename)
    3813             : {
    3814             :     uint32      tli;
    3815             :     XLogSegNo   segno;
    3816             : 
    3817        3788 :     XLogFromFileName(filename, &tli, &segno, wal_segment_size);
    3818             : 
    3819        3788 :     SpinLockAcquire(&XLogCtl->info_lck);
    3820        3788 :     if (segno > XLogCtl->lastRemovedSegNo)
    3821        1666 :         XLogCtl->lastRemovedSegNo = segno;
    3822        3788 :     SpinLockRelease(&XLogCtl->info_lck);
    3823        3788 : }
    3824             : 
    3825             : /*
    3826             :  * Remove all temporary log files in pg_wal
    3827             :  *
    3828             :  * This is called at the beginning of recovery after a previous crash,
    3829             :  * at a point where no other processes write fresh WAL data.
    3830             :  */
    3831             : static void
    3832         340 : RemoveTempXlogFiles(void)
    3833             : {
    3834             :     DIR        *xldir;
    3835             :     struct dirent *xlde;
    3836             : 
    3837         340 :     elog(DEBUG2, "removing all temporary WAL segments");
    3838             : 
    3839         340 :     xldir = AllocateDir(XLOGDIR);
    3840        2202 :     while ((xlde = ReadDir(xldir, XLOGDIR)) != NULL)
    3841             :     {
    3842             :         char        path[MAXPGPATH];
    3843             : 
    3844        1862 :         if (strncmp(xlde->d_name, "xlogtemp.", 9) != 0)
    3845        1862 :             continue;
    3846             : 
    3847           0 :         snprintf(path, MAXPGPATH, XLOGDIR "/%s", xlde->d_name);
    3848           0 :         unlink(path);
    3849           0 :         elog(DEBUG2, "removed temporary WAL segment \"%s\"", path);
    3850             :     }
    3851         340 :     FreeDir(xldir);
    3852         340 : }
    3853             : 
    3854             : /*
    3855             :  * Recycle or remove all log files older or equal to passed segno.
    3856             :  *
    3857             :  * endptr is current (or recent) end of xlog, and lastredoptr is the
    3858             :  * redo pointer of the last checkpoint. These are used to determine
    3859             :  * whether we want to recycle rather than delete no-longer-wanted log files.
    3860             :  *
    3861             :  * insertTLI is the current timeline for XLOG insertion. Any recycled
    3862             :  * segments should be reused for this timeline.
    3863             :  */
    3864             : static void
    3865        2468 : RemoveOldXlogFiles(XLogSegNo segno, XLogRecPtr lastredoptr, XLogRecPtr endptr,
    3866             :                    TimeLineID insertTLI)
    3867             : {
    3868             :     DIR        *xldir;
    3869             :     struct dirent *xlde;
    3870             :     char        lastoff[MAXFNAMELEN];
    3871             :     XLogSegNo   endlogSegNo;
    3872             :     XLogSegNo   recycleSegNo;
    3873             : 
    3874             :     /* Initialize info about where to try to recycle to */
    3875        2468 :     XLByteToSeg(endptr, endlogSegNo, wal_segment_size);
    3876        2468 :     recycleSegNo = XLOGfileslop(lastredoptr);
    3877             : 
    3878             :     /*
    3879             :      * Construct a filename of the last segment to be kept. The timeline ID
    3880             :      * doesn't matter, we ignore that in the comparison. (During recovery,
    3881             :      * InsertTimeLineID isn't set, so we can't use that.)
    3882             :      */
    3883        2468 :     XLogFileName(lastoff, 0, segno, wal_segment_size);
    3884             : 
    3885        2468 :     elog(DEBUG2, "attempting to remove WAL segments older than log file %s",
    3886             :          lastoff);
    3887             : 
    3888        2468 :     xldir = AllocateDir(XLOGDIR);
    3889             : 
    3890       43226 :     while ((xlde = ReadDir(xldir, XLOGDIR)) != NULL)
    3891             :     {
    3892             :         /* Ignore files that are not XLOG segments */
    3893       40758 :         if (!IsXLogFileName(xlde->d_name) &&
    3894       10312 :             !IsPartialXLogFileName(xlde->d_name))
    3895       10308 :             continue;
    3896             : 
    3897             :         /*
    3898             :          * We ignore the timeline part of the XLOG segment identifiers in
    3899             :          * deciding whether a segment is still needed.  This ensures that we
    3900             :          * won't prematurely remove a segment from a parent timeline. We could
    3901             :          * probably be a little more proactive about removing segments of
    3902             :          * non-parent timelines, but that would be a whole lot more
    3903             :          * complicated.
    3904             :          *
    3905             :          * We use the alphanumeric sorting property of the filenames to decide
    3906             :          * which ones are earlier than the lastoff segment.
    3907             :          */
    3908       30450 :         if (strcmp(xlde->d_name + 8, lastoff + 8) <= 0)
    3909             :         {
    3910        3806 :             if (XLogArchiveCheckDone(xlde->d_name))
    3911             :             {
    3912             :                 /* Update the last removed location in shared memory first */
    3913        3788 :                 UpdateLastRemovedPtr(xlde->d_name);
    3914             : 
    3915        3788 :                 RemoveXlogFile(xlde, recycleSegNo, &endlogSegNo, insertTLI);
    3916             :             }
    3917             :         }
    3918             :     }
    3919             : 
    3920        2468 :     FreeDir(xldir);
    3921        2468 : }
    3922             : 
    3923             : /*
    3924             :  * Recycle or remove WAL files that are not part of the given timeline's
    3925             :  * history.
    3926             :  *
    3927             :  * This is called during recovery, whenever we switch to follow a new
    3928             :  * timeline, and at the end of recovery when we create a new timeline. We
    3929             :  * wouldn't otherwise care about extra WAL files lying in pg_wal, but they
    3930             :  * might be leftover pre-allocated or recycled WAL segments on the old timeline
    3931             :  * that we haven't used yet, and contain garbage. If we just leave them in
    3932             :  * pg_wal, they will eventually be archived, and we can't let that happen.
    3933             :  * Files that belong to our timeline history are valid, because we have
    3934             :  * successfully replayed them, but from others we can't be sure.
    3935             :  *
    3936             :  * 'switchpoint' is the current point in WAL where we switch to new timeline,
    3937             :  * and 'newTLI' is the new timeline we switch to.
    3938             :  */
    3939             : void
    3940         118 : RemoveNonParentXlogFiles(XLogRecPtr switchpoint, TimeLineID newTLI)
    3941             : {
    3942             :     DIR        *xldir;
    3943             :     struct dirent *xlde;
    3944             :     char        switchseg[MAXFNAMELEN];
    3945             :     XLogSegNo   endLogSegNo;
    3946             :     XLogSegNo   switchLogSegNo;
    3947             :     XLogSegNo   recycleSegNo;
    3948             : 
    3949             :     /*
    3950             :      * Initialize info about where to begin the work.  This will recycle,
    3951             :      * somewhat arbitrarily, 10 future segments.
    3952             :      */
    3953         118 :     XLByteToPrevSeg(switchpoint, switchLogSegNo, wal_segment_size);
    3954         118 :     XLByteToSeg(switchpoint, endLogSegNo, wal_segment_size);
    3955         118 :     recycleSegNo = endLogSegNo + 10;
    3956             : 
    3957             :     /*
    3958             :      * Construct a filename of the last segment to be kept.
    3959             :      */
    3960         118 :     XLogFileName(switchseg, newTLI, switchLogSegNo, wal_segment_size);
    3961             : 
    3962         118 :     elog(DEBUG2, "attempting to remove WAL segments newer than log file %s",
    3963             :          switchseg);
    3964             : 
    3965         118 :     xldir = AllocateDir(XLOGDIR);
    3966             : 
    3967        1126 :     while ((xlde = ReadDir(xldir, XLOGDIR)) != NULL)
    3968             :     {
    3969             :         /* Ignore files that are not XLOG segments */
    3970        1008 :         if (!IsXLogFileName(xlde->d_name))
    3971         626 :             continue;
    3972             : 
    3973             :         /*
    3974             :          * Remove files that are on a timeline older than the new one we're
    3975             :          * switching to, but with a segment number >= the first segment on the
    3976             :          * new timeline.
    3977             :          */
    3978         382 :         if (strncmp(xlde->d_name, switchseg, 8) < 0 &&
    3979         248 :             strcmp(xlde->d_name + 8, switchseg + 8) > 0)
    3980             :         {
    3981             :             /*
    3982             :              * If the file has already been marked as .ready, however, don't
    3983             :              * remove it yet. It should be OK to remove it - files that are
    3984             :              * not part of our timeline history are not required for recovery
    3985             :              * - but seems safer to let them be archived and removed later.
    3986             :              */
    3987          32 :             if (!XLogArchiveIsReady(xlde->d_name))
    3988          32 :                 RemoveXlogFile(xlde, recycleSegNo, &endLogSegNo, newTLI);
    3989             :         }
    3990             :     }
    3991             : 
    3992         118 :     FreeDir(xldir);
    3993         118 : }
    3994             : 
    3995             : /*
    3996             :  * Recycle or remove a log file that's no longer needed.
    3997             :  *
    3998             :  * segment_de is the dirent structure of the segment to recycle or remove.
    3999             :  * recycleSegNo is the segment number to recycle up to.  endlogSegNo is
    4000             :  * the segment number of the current (or recent) end of WAL.
    4001             :  *
    4002             :  * endlogSegNo gets incremented if the segment is recycled so as it is not
    4003             :  * checked again with future callers of this function.
    4004             :  *
    4005             :  * insertTLI is the current timeline for XLOG insertion. Any recycled segments
    4006             :  * should be used for this timeline.
    4007             :  */
    4008             : static void
    4009        3820 : RemoveXlogFile(const struct dirent *segment_de,
    4010             :                XLogSegNo recycleSegNo, XLogSegNo *endlogSegNo,
    4011             :                TimeLineID insertTLI)
    4012             : {
    4013             :     char        path[MAXPGPATH];
    4014             : #ifdef WIN32
    4015             :     char        newpath[MAXPGPATH];
    4016             : #endif
    4017        3820 :     const char *segname = segment_de->d_name;
    4018             : 
    4019        3820 :     snprintf(path, MAXPGPATH, XLOGDIR "/%s", segname);
    4020             : 
    4021             :     /*
    4022             :      * Before deleting the file, see if it can be recycled as a future log
    4023             :      * segment. Only recycle normal files, because we don't want to recycle
    4024             :      * symbolic links pointing to a separate archive directory.
    4025             :      */
    4026        3820 :     if (wal_recycle &&
    4027        3820 :         *endlogSegNo <= recycleSegNo &&
    4028        4096 :         XLogCtl->InstallXLogFileSegmentActive && /* callee rechecks this */
    4029        4092 :         get_dirent_type(path, segment_de, false, DEBUG2) == PGFILETYPE_REG &&
    4030        2046 :         InstallXLogFileSegment(endlogSegNo, path,
    4031             :                                true, recycleSegNo, insertTLI))
    4032             :     {
    4033        2026 :         ereport(DEBUG2,
    4034             :                 (errmsg_internal("recycled write-ahead log file \"%s\"",
    4035             :                                  segname)));
    4036        2026 :         CheckpointStats.ckpt_segs_recycled++;
    4037             :         /* Needn't recheck that slot on future iterations */
    4038        2026 :         (*endlogSegNo)++;
    4039             :     }
    4040             :     else
    4041             :     {
    4042             :         /* No need for any more future segments, or recycling failed ... */
    4043             :         int         rc;
    4044             : 
    4045        1794 :         ereport(DEBUG2,
    4046             :                 (errmsg_internal("removing write-ahead log file \"%s\"",
    4047             :                                  segname)));
    4048             : 
    4049             : #ifdef WIN32
    4050             : 
    4051             :         /*
    4052             :          * On Windows, if another process (e.g another backend) holds the file
    4053             :          * open in FILE_SHARE_DELETE mode, unlink will succeed, but the file
    4054             :          * will still show up in directory listing until the last handle is
    4055             :          * closed. To avoid confusing the lingering deleted file for a live
    4056             :          * WAL file that needs to be archived, rename it before deleting it.
    4057             :          *
    4058             :          * If another process holds the file open without FILE_SHARE_DELETE
    4059             :          * flag, rename will fail. We'll try again at the next checkpoint.
    4060             :          */
    4061             :         snprintf(newpath, MAXPGPATH, "%s.deleted", path);
    4062             :         if (rename(path, newpath) != 0)
    4063             :         {
    4064             :             ereport(LOG,
    4065             :                     (errcode_for_file_access(),
    4066             :                      errmsg("could not rename file \"%s\": %m",
    4067             :                             path)));
    4068             :             return;
    4069             :         }
    4070             :         rc = durable_unlink(newpath, LOG);
    4071             : #else
    4072        1794 :         rc = durable_unlink(path, LOG);
    4073             : #endif
    4074        1794 :         if (rc != 0)
    4075             :         {
    4076             :             /* Message already logged by durable_unlink() */
    4077           0 :             return;
    4078             :         }
    4079        1794 :         CheckpointStats.ckpt_segs_removed++;
    4080             :     }
    4081             : 
    4082        3820 :     XLogArchiveCleanup(segname);
    4083             : }
    4084             : 
    4085             : /*
    4086             :  * Verify whether pg_wal, pg_wal/archive_status, and pg_wal/summaries exist.
    4087             :  * If the latter do not exist, recreate them.
    4088             :  *
    4089             :  * It is not the goal of this function to verify the contents of these
    4090             :  * directories, but to help in cases where someone has performed a cluster
    4091             :  * copy for PITR purposes but omitted pg_wal from the copy.
    4092             :  *
    4093             :  * We could also recreate pg_wal if it doesn't exist, but a deliberate
    4094             :  * policy decision was made not to.  It is fairly common for pg_wal to be
    4095             :  * a symlink, and if that was the DBA's intent then automatically making a
    4096             :  * plain directory would result in degraded performance with no notice.
    4097             :  */
    4098             : static void
    4099        1640 : ValidateXLOGDirectoryStructure(void)
    4100             : {
    4101             :     char        path[MAXPGPATH];
    4102             :     struct stat stat_buf;
    4103             : 
    4104             :     /* Check for pg_wal; if it doesn't exist, error out */
    4105        1640 :     if (stat(XLOGDIR, &stat_buf) != 0 ||
    4106        1640 :         !S_ISDIR(stat_buf.st_mode))
    4107           0 :         ereport(FATAL,
    4108             :                 (errcode_for_file_access(),
    4109             :                  errmsg("required WAL directory \"%s\" does not exist",
    4110             :                         XLOGDIR)));
    4111             : 
    4112             :     /* Check for archive_status */
    4113        1640 :     snprintf(path, MAXPGPATH, XLOGDIR "/archive_status");
    4114        1640 :     if (stat(path, &stat_buf) == 0)
    4115             :     {
    4116             :         /* Check for weird cases where it exists but isn't a directory */
    4117        1638 :         if (!S_ISDIR(stat_buf.st_mode))
    4118           0 :             ereport(FATAL,
    4119             :                     (errcode_for_file_access(),
    4120             :                      errmsg("required WAL directory \"%s\" does not exist",
    4121             :                             path)));
    4122             :     }
    4123             :     else
    4124             :     {
    4125           2 :         ereport(LOG,
    4126             :                 (errmsg("creating missing WAL directory \"%s\"", path)));
    4127           2 :         if (MakePGDirectory(path) < 0)
    4128           0 :             ereport(FATAL,
    4129             :                     (errcode_for_file_access(),
    4130             :                      errmsg("could not create missing directory \"%s\": %m",
    4131             :                             path)));
    4132             :     }
    4133             : 
    4134             :     /* Check for summaries */
    4135        1640 :     snprintf(path, MAXPGPATH, XLOGDIR "/summaries");
    4136        1640 :     if (stat(path, &stat_buf) == 0)
    4137             :     {
    4138             :         /* Check for weird cases where it exists but isn't a directory */
    4139        1638 :         if (!S_ISDIR(stat_buf.st_mode))
    4140           0 :             ereport(FATAL,
    4141             :                     (errmsg("required WAL directory \"%s\" does not exist",
    4142             :                             path)));
    4143             :     }
    4144             :     else
    4145             :     {
    4146           2 :         ereport(LOG,
    4147             :                 (errmsg("creating missing WAL directory \"%s\"", path)));
    4148           2 :         if (MakePGDirectory(path) < 0)
    4149           0 :             ereport(FATAL,
    4150             :                     (errmsg("could not create missing directory \"%s\": %m",
    4151             :                             path)));
    4152             :     }
    4153        1640 : }
    4154             : 
    4155             : /*
    4156             :  * Remove previous backup history files.  This also retries creation of
    4157             :  * .ready files for any backup history files for which XLogArchiveNotify
    4158             :  * failed earlier.
    4159             :  */
    4160             : static void
    4161         288 : CleanupBackupHistory(void)
    4162             : {
    4163             :     DIR        *xldir;
    4164             :     struct dirent *xlde;
    4165             :     char        path[MAXPGPATH + sizeof(XLOGDIR)];
    4166             : 
    4167         288 :     xldir = AllocateDir(XLOGDIR);
    4168             : 
    4169        2602 :     while ((xlde = ReadDir(xldir, XLOGDIR)) != NULL)
    4170             :     {
    4171        2314 :         if (IsBackupHistoryFileName(xlde->d_name))
    4172             :         {
    4173         304 :             if (XLogArchiveCheckDone(xlde->d_name))
    4174             :             {
    4175         244 :                 elog(DEBUG2, "removing WAL backup history file \"%s\"",
    4176             :                      xlde->d_name);
    4177         244 :                 snprintf(path, sizeof(path), XLOGDIR "/%s", xlde->d_name);
    4178         244 :                 unlink(path);
    4179         244 :                 XLogArchiveCleanup(xlde->d_name);
    4180             :             }
    4181             :         }
    4182             :     }
    4183             : 
    4184         288 :     FreeDir(xldir);
    4185         288 : }
    4186             : 
    4187             : /*
    4188             :  * I/O routines for pg_control
    4189             :  *
    4190             :  * *ControlFile is a buffer in shared memory that holds an image of the
    4191             :  * contents of pg_control.  WriteControlFile() initializes pg_control
    4192             :  * given a preloaded buffer, ReadControlFile() loads the buffer from
    4193             :  * the pg_control file (during postmaster or standalone-backend startup),
    4194             :  * and UpdateControlFile() rewrites pg_control after we modify xlog state.
    4195             :  * InitControlFile() fills the buffer with initial values.
    4196             :  *
    4197             :  * For simplicity, WriteControlFile() initializes the fields of pg_control
    4198             :  * that are related to checking backend/database compatibility, and
    4199             :  * ReadControlFile() verifies they are correct.  We could split out the
    4200             :  * I/O and compatibility-check functions, but there seems no need currently.
    4201             :  */
    4202             : 
    4203             : static void
    4204          90 : InitControlFile(uint64 sysidentifier, uint32 data_checksum_version)
    4205             : {
    4206             :     char        mock_auth_nonce[MOCK_AUTH_NONCE_LEN];
    4207             : 
    4208             :     /*
    4209             :      * Generate a random nonce. This is used for authentication requests that
    4210             :      * will fail because the user does not exist. The nonce is used to create
    4211             :      * a genuine-looking password challenge for the non-existent user, in lieu
    4212             :      * of an actual stored password.
    4213             :      */
    4214          90 :     if (!pg_strong_random(mock_auth_nonce, MOCK_AUTH_NONCE_LEN))
    4215           0 :         ereport(PANIC,
    4216             :                 (errcode(ERRCODE_INTERNAL_ERROR),
    4217             :                  errmsg("could not generate secret authorization token")));
    4218             : 
    4219          90 :     memset(ControlFile, 0, sizeof(ControlFileData));
    4220             :     /* Initialize pg_control status fields */
    4221          90 :     ControlFile->system_identifier = sysidentifier;
    4222          90 :     memcpy(ControlFile->mock_authentication_nonce, mock_auth_nonce, MOCK_AUTH_NONCE_LEN);
    4223          90 :     ControlFile->state = DB_SHUTDOWNED;
    4224          90 :     ControlFile->unloggedLSN = FirstNormalUnloggedLSN;
    4225             : 
    4226             :     /* Set important parameter values for use when replaying WAL */
    4227          90 :     ControlFile->MaxConnections = MaxConnections;
    4228          90 :     ControlFile->max_worker_processes = max_worker_processes;
    4229          90 :     ControlFile->max_wal_senders = max_wal_senders;
    4230          90 :     ControlFile->max_prepared_xacts = max_prepared_xacts;
    4231          90 :     ControlFile->max_locks_per_xact = max_locks_per_xact;
    4232          90 :     ControlFile->wal_level = wal_level;
    4233          90 :     ControlFile->wal_log_hints = wal_log_hints;
    4234          90 :     ControlFile->track_commit_timestamp = track_commit_timestamp;
    4235          90 :     ControlFile->data_checksum_version = data_checksum_version;
    4236          90 : }
    4237             : 
    4238             : static void
    4239          90 : WriteControlFile(void)
    4240             : {
    4241             :     int         fd;
    4242             :     char        buffer[PG_CONTROL_FILE_SIZE];   /* need not be aligned */
    4243             : 
    4244             :     /*
    4245             :      * Initialize version and compatibility-check fields
    4246             :      */
    4247          90 :     ControlFile->pg_control_version = PG_CONTROL_VERSION;
    4248          90 :     ControlFile->catalog_version_no = CATALOG_VERSION_NO;
    4249             : 
    4250          90 :     ControlFile->maxAlign = MAXIMUM_ALIGNOF;
    4251          90 :     ControlFile->floatFormat = FLOATFORMAT_VALUE;
    4252             : 
    4253          90 :     ControlFile->blcksz = BLCKSZ;
    4254          90 :     ControlFile->relseg_size = RELSEG_SIZE;
    4255          90 :     ControlFile->xlog_blcksz = XLOG_BLCKSZ;
    4256          90 :     ControlFile->xlog_seg_size = wal_segment_size;
    4257             : 
    4258          90 :     ControlFile->nameDataLen = NAMEDATALEN;
    4259          90 :     ControlFile->indexMaxKeys = INDEX_MAX_KEYS;
    4260             : 
    4261          90 :     ControlFile->toast_max_chunk_size = TOAST_MAX_CHUNK_SIZE;
    4262          90 :     ControlFile->loblksize = LOBLKSIZE;
    4263             : 
    4264          90 :     ControlFile->float8ByVal = FLOAT8PASSBYVAL;
    4265             : 
    4266             :     /* Contents are protected with a CRC */
    4267          90 :     INIT_CRC32C(ControlFile->crc);
    4268          90 :     COMP_CRC32C(ControlFile->crc,
    4269             :                 (char *) ControlFile,
    4270             :                 offsetof(ControlFileData, crc));
    4271          90 :     FIN_CRC32C(ControlFile->crc);
    4272             : 
    4273             :     /*
    4274             :      * We write out PG_CONTROL_FILE_SIZE bytes into pg_control, zero-padding
    4275             :      * the excess over sizeof(ControlFileData).  This reduces the odds of
    4276             :      * premature-EOF errors when reading pg_control.  We'll still fail when we
    4277             :      * check the contents of the file, but hopefully with a more specific
    4278             :      * error than "couldn't read pg_control".
    4279             :      */
    4280          90 :     memset(buffer, 0, PG_CONTROL_FILE_SIZE);
    4281          90 :     memcpy(buffer, ControlFile, sizeof(ControlFileData));
    4282             : 
    4283          90 :     fd = BasicOpenFile(XLOG_CONTROL_FILE,
    4284             :                        O_RDWR | O_CREAT | O_EXCL | PG_BINARY);
    4285          90 :     if (fd < 0)
    4286           0 :         ereport(PANIC,
    4287             :                 (errcode_for_file_access(),
    4288             :                  errmsg("could not create file \"%s\": %m",
    4289             :                         XLOG_CONTROL_FILE)));
    4290             : 
    4291          90 :     errno = 0;
    4292          90 :     pgstat_report_wait_start(WAIT_EVENT_CONTROL_FILE_WRITE);
    4293          90 :     if (write(fd, buffer, PG_CONTROL_FILE_SIZE) != PG_CONTROL_FILE_SIZE)
    4294             :     {
    4295             :         /* if write didn't set errno, assume problem is no disk space */
    4296           0 :         if (errno == 0)
    4297           0 :             errno = ENOSPC;
    4298           0 :         ereport(PANIC,
    4299             :                 (errcode_for_file_access(),
    4300             :                  errmsg("could not write to file \"%s\": %m",
    4301             :                         XLOG_CONTROL_FILE)));
    4302             :     }
    4303          90 :     pgstat_report_wait_end();
    4304             : 
    4305          90 :     pgstat_report_wait_start(WAIT_EVENT_CONTROL_FILE_SYNC);
    4306          90 :     if (pg_fsync(fd) != 0)
    4307           0 :         ereport(PANIC,
    4308             :                 (errcode_for_file_access(),
    4309             :                  errmsg("could not fsync file \"%s\": %m",
    4310             :                         XLOG_CONTROL_FILE)));
    4311          90 :     pgstat_report_wait_end();
    4312             : 
    4313          90 :     if (close(fd) != 0)
    4314           0 :         ereport(PANIC,
    4315             :                 (errcode_for_file_access(),
    4316             :                  errmsg("could not close file \"%s\": %m",
    4317             :                         XLOG_CONTROL_FILE)));
    4318          90 : }
    4319             : 
    4320             : static void
    4321        1744 : ReadControlFile(void)
    4322             : {
    4323             :     pg_crc32c   crc;
    4324             :     int         fd;
    4325             :     char        wal_segsz_str[20];
    4326             :     int         r;
    4327             : 
    4328             :     /*
    4329             :      * Read data...
    4330             :      */
    4331        1744 :     fd = BasicOpenFile(XLOG_CONTROL_FILE,
    4332             :                        O_RDWR | PG_BINARY);
    4333        1744 :     if (fd < 0)
    4334           0 :         ereport(PANIC,
    4335             :                 (errcode_for_file_access(),
    4336             :                  errmsg("could not open file \"%s\": %m",
    4337             :                         XLOG_CONTROL_FILE)));
    4338             : 
    4339        1744 :     pgstat_report_wait_start(WAIT_EVENT_CONTROL_FILE_READ);
    4340        1744 :     r = read(fd, ControlFile, sizeof(ControlFileData));
    4341        1744 :     if (r != sizeof(ControlFileData))
    4342             :     {
    4343           0 :         if (r < 0)
    4344           0 :             ereport(PANIC,
    4345             :                     (errcode_for_file_access(),
    4346             :                      errmsg("could not read file \"%s\": %m",
    4347             :                             XLOG_CONTROL_FILE)));
    4348             :         else
    4349           0 :             ereport(PANIC,
    4350             :                     (errcode(ERRCODE_DATA_CORRUPTED),
    4351             :                      errmsg("could not read file \"%s\": read %d of %zu",
    4352             :                             XLOG_CONTROL_FILE, r, sizeof(ControlFileData))));
    4353             :     }
    4354        1744 :     pgstat_report_wait_end();
    4355             : 
    4356        1744 :     close(fd);
    4357             : 
    4358             :     /*
    4359             :      * Check for expected pg_control format version.  If this is wrong, the
    4360             :      * CRC check will likely fail because we'll be checking the wrong number
    4361             :      * of bytes.  Complaining about wrong version will probably be more
    4362             :      * enlightening than complaining about wrong CRC.
    4363             :      */
    4364             : 
    4365        1744 :     if (ControlFile->pg_control_version != PG_CONTROL_VERSION && ControlFile->pg_control_version % 65536 == 0 && ControlFile->pg_control_version / 65536 != 0)
    4366           0 :         ereport(FATAL,
    4367             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4368             :                  errmsg("database files are incompatible with server"),
    4369             :                  errdetail("The database cluster was initialized with PG_CONTROL_VERSION %d (0x%08x),"
    4370             :                            " but the server was compiled with PG_CONTROL_VERSION %d (0x%08x).",
    4371             :                            ControlFile->pg_control_version, ControlFile->pg_control_version,
    4372             :                            PG_CONTROL_VERSION, PG_CONTROL_VERSION),
    4373             :                  errhint("This could be a problem of mismatched byte ordering.  It looks like you need to initdb.")));
    4374             : 
    4375        1744 :     if (ControlFile->pg_control_version != PG_CONTROL_VERSION)
    4376           0 :         ereport(FATAL,
    4377             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4378             :                  errmsg("database files are incompatible with server"),
    4379             :                  errdetail("The database cluster was initialized with PG_CONTROL_VERSION %d,"
    4380             :                            " but the server was compiled with PG_CONTROL_VERSION %d.",
    4381             :                            ControlFile->pg_control_version, PG_CONTROL_VERSION),
    4382             :                  errhint("It looks like you need to initdb.")));
    4383             : 
    4384             :     /* Now check the CRC. */
    4385        1744 :     INIT_CRC32C(crc);
    4386        1744 :     COMP_CRC32C(crc,
    4387             :                 (char *) ControlFile,
    4388             :                 offsetof(ControlFileData, crc));
    4389        1744 :     FIN_CRC32C(crc);
    4390             : 
    4391        1744 :     if (!EQ_CRC32C(crc, ControlFile->crc))
    4392           0 :         ereport(FATAL,
    4393             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4394             :                  errmsg("incorrect checksum in control file")));
    4395             : 
    4396             :     /*
    4397             :      * Do compatibility checking immediately.  If the database isn't
    4398             :      * compatible with the backend executable, we want to abort before we can
    4399             :      * possibly do any damage.
    4400             :      */
    4401        1744 :     if (ControlFile->catalog_version_no != CATALOG_VERSION_NO)
    4402           0 :         ereport(FATAL,
    4403             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4404             :                  errmsg("database files are incompatible with server"),
    4405             :         /* translator: %s is a variable name and %d is its value */
    4406             :                  errdetail("The database cluster was initialized with %s %d,"
    4407             :                            " but the server was compiled with %s %d.",
    4408             :                            "CATALOG_VERSION_NO", ControlFile->catalog_version_no,
    4409             :                            "CATALOG_VERSION_NO", CATALOG_VERSION_NO),
    4410             :                  errhint("It looks like you need to initdb.")));
    4411        1744 :     if (ControlFile->maxAlign != MAXIMUM_ALIGNOF)
    4412           0 :         ereport(FATAL,
    4413             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4414             :                  errmsg("database files are incompatible with server"),
    4415             :         /* translator: %s is a variable name and %d is its value */
    4416             :                  errdetail("The database cluster was initialized with %s %d,"
    4417             :                            " but the server was compiled with %s %d.",
    4418             :                            "MAXALIGN", ControlFile->maxAlign,
    4419             :                            "MAXALIGN", MAXIMUM_ALIGNOF),
    4420             :                  errhint("It looks like you need to initdb.")));
    4421        1744 :     if (ControlFile->floatFormat != FLOATFORMAT_VALUE)
    4422           0 :         ereport(FATAL,
    4423             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4424             :                  errmsg("database files are incompatible with server"),
    4425             :                  errdetail("The database cluster appears to use a different floating-point number format than the server executable."),
    4426             :                  errhint("It looks like you need to initdb.")));
    4427        1744 :     if (ControlFile->blcksz != BLCKSZ)
    4428           0 :         ereport(FATAL,
    4429             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4430             :                  errmsg("database files are incompatible with server"),
    4431             :         /* translator: %s is a variable name and %d is its value */
    4432             :                  errdetail("The database cluster was initialized with %s %d,"
    4433             :                            " but the server was compiled with %s %d.",
    4434             :                            "BLCKSZ", ControlFile->blcksz,
    4435             :                            "BLCKSZ", BLCKSZ),
    4436             :                  errhint("It looks like you need to recompile or initdb.")));
    4437        1744 :     if (ControlFile->relseg_size != RELSEG_SIZE)
    4438           0 :         ereport(FATAL,
    4439             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4440             :                  errmsg("database files are incompatible with server"),
    4441             :         /* translator: %s is a variable name and %d is its value */
    4442             :                  errdetail("The database cluster was initialized with %s %d,"
    4443             :                            " but the server was compiled with %s %d.",
    4444             :                            "RELSEG_SIZE", ControlFile->relseg_size,
    4445             :                            "RELSEG_SIZE", RELSEG_SIZE),
    4446             :                  errhint("It looks like you need to recompile or initdb.")));
    4447        1744 :     if (ControlFile->xlog_blcksz != XLOG_BLCKSZ)
    4448           0 :         ereport(FATAL,
    4449             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4450             :                  errmsg("database files are incompatible with server"),
    4451             :         /* translator: %s is a variable name and %d is its value */
    4452             :                  errdetail("The database cluster was initialized with %s %d,"
    4453             :                            " but the server was compiled with %s %d.",
    4454             :                            "XLOG_BLCKSZ", ControlFile->xlog_blcksz,
    4455             :                            "XLOG_BLCKSZ", XLOG_BLCKSZ),
    4456             :                  errhint("It looks like you need to recompile or initdb.")));
    4457        1744 :     if (ControlFile->nameDataLen != NAMEDATALEN)
    4458           0 :         ereport(FATAL,
    4459             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4460             :                  errmsg("database files are incompatible with server"),
    4461             :         /* translator: %s is a variable name and %d is its value */
    4462             :                  errdetail("The database cluster was initialized with %s %d,"
    4463             :                            " but the server was compiled with %s %d.",
    4464             :                            "NAMEDATALEN", ControlFile->nameDataLen,
    4465             :                            "NAMEDATALEN", NAMEDATALEN),
    4466             :                  errhint("It looks like you need to recompile or initdb.")));
    4467        1744 :     if (ControlFile->indexMaxKeys != INDEX_MAX_KEYS)
    4468           0 :         ereport(FATAL,
    4469             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4470             :                  errmsg("database files are incompatible with server"),
    4471             :         /* translator: %s is a variable name and %d is its value */
    4472             :                  errdetail("The database cluster was initialized with %s %d,"
    4473             :                            " but the server was compiled with %s %d.",
    4474             :                            "INDEX_MAX_KEYS", ControlFile->indexMaxKeys,
    4475             :                            "INDEX_MAX_KEYS", INDEX_MAX_KEYS),
    4476             :                  errhint("It looks like you need to recompile or initdb.")));
    4477        1744 :     if (ControlFile->toast_max_chunk_size != TOAST_MAX_CHUNK_SIZE)
    4478           0 :         ereport(FATAL,
    4479             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4480             :                  errmsg("database files are incompatible with server"),
    4481             :         /* translator: %s is a variable name and %d is its value */
    4482             :                  errdetail("The database cluster was initialized with %s %d,"
    4483             :                            " but the server was compiled with %s %d.",
    4484             :                            "TOAST_MAX_CHUNK_SIZE", ControlFile->toast_max_chunk_size,
    4485             :                            "TOAST_MAX_CHUNK_SIZE", (int) TOAST_MAX_CHUNK_SIZE),
    4486             :                  errhint("It looks like you need to recompile or initdb.")));
    4487        1744 :     if (ControlFile->loblksize != LOBLKSIZE)
    4488           0 :         ereport(FATAL,
    4489             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4490             :                  errmsg("database files are incompatible with server"),
    4491             :         /* translator: %s is a variable name and %d is its value */
    4492             :                  errdetail("The database cluster was initialized with %s %d,"
    4493             :                            " but the server was compiled with %s %d.",
    4494             :                            "LOBLKSIZE", ControlFile->loblksize,
    4495             :                            "LOBLKSIZE", (int) LOBLKSIZE),
    4496             :                  errhint("It looks like you need to recompile or initdb.")));
    4497             : 
    4498             : #ifdef USE_FLOAT8_BYVAL
    4499        1744 :     if (ControlFile->float8ByVal != true)
    4500           0 :         ereport(FATAL,
    4501             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4502             :                  errmsg("database files are incompatible with server"),
    4503             :                  errdetail("The database cluster was initialized without USE_FLOAT8_BYVAL"
    4504             :                            " but the server was compiled with USE_FLOAT8_BYVAL."),
    4505             :                  errhint("It looks like you need to recompile or initdb.")));
    4506             : #else
    4507             :     if (ControlFile->float8ByVal != false)
    4508             :         ereport(FATAL,
    4509             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4510             :                  errmsg("database files are incompatible with server"),
    4511             :                  errdetail("The database cluster was initialized with USE_FLOAT8_BYVAL"
    4512             :                            " but the server was compiled without USE_FLOAT8_BYVAL."),
    4513             :                  errhint("It looks like you need to recompile or initdb.")));
    4514             : #endif
    4515             : 
    4516        1744 :     wal_segment_size = ControlFile->xlog_seg_size;
    4517             : 
    4518        1744 :     if (!IsValidWalSegSize(wal_segment_size))
    4519           0 :         ereport(ERROR, (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    4520             :                         errmsg_plural("invalid WAL segment size in control file (%d byte)",
    4521             :                                       "invalid WAL segment size in control file (%d bytes)",
    4522             :                                       wal_segment_size,
    4523             :                                       wal_segment_size),
    4524             :                         errdetail("The WAL segment size must be a power of two between 1 MB and 1 GB.")));
    4525             : 
    4526        1744 :     snprintf(wal_segsz_str, sizeof(wal_segsz_str), "%d", wal_segment_size);
    4527        1744 :     SetConfigOption("wal_segment_size", wal_segsz_str, PGC_INTERNAL,
    4528             :                     PGC_S_DYNAMIC_DEFAULT);
    4529             : 
    4530             :     /* check and update variables dependent on wal_segment_size */
    4531        1744 :     if (ConvertToXSegs(min_wal_size_mb, wal_segment_size) < 2)
    4532           0 :         ereport(ERROR, (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    4533             :         /* translator: both %s are GUC names */
    4534             :                         errmsg("\"%s\" must be at least twice \"%s\"",
    4535             :                                "min_wal_size", "wal_segment_size")));
    4536             : 
    4537        1744 :     if (ConvertToXSegs(max_wal_size_mb, wal_segment_size) < 2)
    4538           0 :         ereport(ERROR, (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    4539             :         /* translator: both %s are GUC names */
    4540             :                         errmsg("\"%s\" must be at least twice \"%s\"",
    4541             :                                "max_wal_size", "wal_segment_size")));
    4542             : 
    4543        1744 :     UsableBytesInSegment =
    4544        1744 :         (wal_segment_size / XLOG_BLCKSZ * UsableBytesInPage) -
    4545             :         (SizeOfXLogLongPHD - SizeOfXLogShortPHD);
    4546             : 
    4547        1744 :     CalculateCheckpointSegments();
    4548             : 
    4549             :     /* Make the initdb settings visible as GUC variables, too */
    4550        1744 :     SetConfigOption("data_checksums", DataChecksumsEnabled() ? "yes" : "no",
    4551             :                     PGC_INTERNAL, PGC_S_DYNAMIC_DEFAULT);
    4552        1744 : }
    4553             : 
    4554             : /*
    4555             :  * Utility wrapper to update the control file.  Note that the control
    4556             :  * file gets flushed.
    4557             :  */
    4558             : static void
    4559       15824 : UpdateControlFile(void)
    4560             : {
    4561       15824 :     update_controlfile(DataDir, ControlFile, true);
    4562       15824 : }
    4563             : 
    4564             : /*
    4565             :  * Returns the unique system identifier from control file.
    4566             :  */
    4567             : uint64
    4568        2620 : GetSystemIdentifier(void)
    4569             : {
    4570             :     Assert(ControlFile != NULL);
    4571        2620 :     return ControlFile->system_identifier;
    4572             : }
    4573             : 
    4574             : /*
    4575             :  * Returns the random nonce from control file.
    4576             :  */
    4577             : char *
    4578           2 : GetMockAuthenticationNonce(void)
    4579             : {
    4580             :     Assert(ControlFile != NULL);
    4581           2 :     return ControlFile->mock_authentication_nonce;
    4582             : }
    4583             : 
    4584             : /*
    4585             :  * Are checksums enabled for data pages?
    4586             :  */
    4587             : bool
    4588    21622724 : DataChecksumsEnabled(void)
    4589             : {
    4590             :     Assert(ControlFile != NULL);
    4591    21622724 :     return (ControlFile->data_checksum_version > 0);
    4592             : }
    4593             : 
    4594             : /*
    4595             :  * Returns a fake LSN for unlogged relations.
    4596             :  *
    4597             :  * Each call generates an LSN that is greater than any previous value
    4598             :  * returned. The current counter value is saved and restored across clean
    4599             :  * shutdowns, but like unlogged relations, does not survive a crash. This can
    4600             :  * be used in lieu of real LSN values returned by XLogInsert, if you need an
    4601             :  * LSN-like increasing sequence of numbers without writing any WAL.
    4602             :  */
    4603             : XLogRecPtr
    4604          66 : GetFakeLSNForUnloggedRel(void)
    4605             : {
    4606          66 :     return pg_atomic_fetch_add_u64(&XLogCtl->unloggedLSN, 1);
    4607             : }
    4608             : 
    4609             : /*
    4610             :  * Auto-tune the number of XLOG buffers.
    4611             :  *
    4612             :  * The preferred setting for wal_buffers is about 3% of shared_buffers, with
    4613             :  * a maximum of one XLOG segment (there is little reason to think that more
    4614             :  * is helpful, at least so long as we force an fsync when switching log files)
    4615             :  * and a minimum of 8 blocks (which was the default value prior to PostgreSQL
    4616             :  * 9.1, when auto-tuning was added).
    4617             :  *
    4618             :  * This should not be called until NBuffers has received its final value.
    4619             :  */
    4620             : static int
    4621        1904 : XLOGChooseNumBuffers(void)
    4622             : {
    4623             :     int         xbuffers;
    4624             : 
    4625        1904 :     xbuffers = NBuffers / 32;
    4626        1904 :     if (xbuffers > (wal_segment_size / XLOG_BLCKSZ))
    4627          42 :         xbuffers = (wal_segment_size / XLOG_BLCKSZ);
    4628        1904 :     if (xbuffers < 8)
    4629         748 :         xbuffers = 8;
    4630        1904 :     return xbuffers;
    4631             : }
    4632             : 
    4633             : /*
    4634             :  * GUC check_hook for wal_buffers
    4635             :  */
    4636             : bool
    4637        3876 : check_wal_buffers(int *newval, void **extra, GucSource source)
    4638             : {
    4639             :     /*
    4640             :      * -1 indicates a request for auto-tune.
    4641             :      */
    4642        3876 :     if (*newval == -1)
    4643             :     {
    4644             :         /*
    4645             :          * If we haven't yet changed the boot_val default of -1, just let it
    4646             :          * be.  We'll fix it when XLOGShmemSize is called.
    4647             :          */
    4648        1972 :         if (XLOGbuffers == -1)
    4649        1972 :             return true;
    4650             : 
    4651             :         /* Otherwise, substitute the auto-tune value */
    4652           0 :         *newval = XLOGChooseNumBuffers();
    4653             :     }
    4654             : 
    4655             :     /*
    4656             :      * We clamp manually-set values to at least 4 blocks.  Prior to PostgreSQL
    4657             :      * 9.1, a minimum of 4 was enforced by guc.c, but since that is no longer
    4658             :      * the case, we just silently treat such values as a request for the
    4659             :      * minimum.  (We could throw an error instead, but that doesn't seem very
    4660             :      * helpful.)
    4661             :      */
    4662        1904 :     if (*newval < 4)
    4663           0 :         *newval = 4;
    4664             : 
    4665        1904 :     return true;
    4666             : }
    4667             : 
    4668             : /*
    4669             :  * GUC check_hook for wal_consistency_checking
    4670             :  */
    4671             : bool
    4672        3752 : check_wal_consistency_checking(char **newval, void **extra, GucSource source)
    4673             : {
    4674             :     char       *rawstring;
    4675             :     List       *elemlist;
    4676             :     ListCell   *l;
    4677             :     bool        newwalconsistency[RM_MAX_ID + 1];
    4678             : 
    4679             :     /* Initialize the array */
    4680      123816 :     MemSet(newwalconsistency, 0, (RM_MAX_ID + 1) * sizeof(bool));
    4681             : 
    4682             :     /* Need a modifiable copy of string */
    4683        3752 :     rawstring = pstrdup(*newval);
    4684             : 
    4685             :     /* Parse string into list of identifiers */
    4686        3752 :     if (!SplitIdentifierString(rawstring, ',', &elemlist))
    4687             :     {
    4688             :         /* syntax error in list */
    4689           0 :         GUC_check_errdetail("List syntax is invalid.");
    4690           0 :         pfree(rawstring);
    4691           0 :         list_free(elemlist);
    4692           0 :         return false;
    4693             :     }
    4694             : 
    4695        4648 :     foreach(l, elemlist)
    4696             :     {
    4697         896 :         char       *tok = (char *) lfirst(l);
    4698             :         int         rmid;
    4699             : 
    4700             :         /* Check for 'all'. */
    4701         896 :         if (pg_strcasecmp(tok, "all") == 0)
    4702             :         {
    4703      229244 :             for (rmid = 0; rmid <= RM_MAX_ID; rmid++)
    4704      228352 :                 if (RmgrIdExists(rmid) && GetRmgr(rmid).rm_mask != NULL)
    4705        8920 :                     newwalconsistency[rmid] = true;
    4706             :         }
    4707             :         else
    4708             :         {
    4709             :             /* Check if the token matches any known resource manager. */
    4710           4 :             bool        found = false;
    4711             : 
    4712          72 :             for (rmid = 0; rmid <= RM_MAX_ID; rmid++)
    4713             :             {
    4714         108 :                 if (RmgrIdExists(rmid) && GetRmgr(rmid).rm_mask != NULL &&
    4715          36 :                     pg_strcasecmp(tok, GetRmgr(rmid).rm_name) == 0)
    4716             :                 {
    4717           4 :                     newwalconsistency[rmid] = true;
    4718           4 :                     found = true;
    4719           4 :                     break;
    4720             :                 }
    4721             :             }
    4722           4 :             if (!found)
    4723             :             {
    4724             :                 /*
    4725             :                  * During startup, it might be a not-yet-loaded custom
    4726             :                  * resource manager.  Defer checking until
    4727             :                  * InitializeWalConsistencyChecking().
    4728             :                  */
    4729           0 :                 if (!process_shared_preload_libraries_done)
    4730             :                 {
    4731           0 :                     check_wal_consistency_checking_deferred = true;
    4732             :                 }
    4733             :                 else
    4734             :                 {
    4735           0 :                     GUC_check_errdetail("Unrecognized key word: \"%s\".", tok);
    4736           0 :                     pfree(rawstring);
    4737           0 :                     list_free(elemlist);
    4738           0 :                     return false;
    4739             :                 }
    4740             :             }
    4741             :         }
    4742             :     }
    4743             : 
    4744        3752 :     pfree(rawstring);
    4745        3752 :     list_free(elemlist);
    4746             : 
    4747             :     /* assign new value */
    4748        3752 :     *extra = guc_malloc(ERROR, (RM_MAX_ID + 1) * sizeof(bool));
    4749        3752 :     memcpy(*extra, newwalconsistency, (RM_MAX_ID + 1) * sizeof(bool));
    4750        3752 :     return true;
    4751             : }
    4752             : 
    4753             : /*
    4754             :  * GUC assign_hook for wal_consistency_checking
    4755             :  */
    4756             : void
    4757        3750 : assign_wal_consistency_checking(const char *newval, void *extra)
    4758             : {
    4759             :     /*
    4760             :      * If some checks were deferred, it's possible that the checks will fail
    4761             :      * later during InitializeWalConsistencyChecking(). But in that case, the
    4762             :      * postmaster will exit anyway, so it's safe to proceed with the
    4763             :      * assignment.
    4764             :      *
    4765             :      * Any built-in resource managers specified are assigned immediately,
    4766             :      * which affects WAL created before shared_preload_libraries are
    4767             :      * processed. Any custom resource managers specified won't be assigned
    4768             :      * until after shared_preload_libraries are processed, but that's OK
    4769             :      * because WAL for a custom resource manager can't be written before the
    4770             :      * module is loaded anyway.
    4771             :      */
    4772        3750 :     wal_consistency_checking = extra;
    4773        3750 : }
    4774             : 
    4775             : /*
    4776             :  * InitializeWalConsistencyChecking: run after loading custom resource managers
    4777             :  *
    4778             :  * If any unknown resource managers were specified in the
    4779             :  * wal_consistency_checking GUC, processing was deferred.  Now that
    4780             :  * shared_preload_libraries have been loaded, process wal_consistency_checking
    4781             :  * again.
    4782             :  */
    4783             : void
    4784        1634 : InitializeWalConsistencyChecking(void)
    4785             : {
    4786             :     Assert(process_shared_preload_libraries_done);
    4787             : 
    4788        1634 :     if (check_wal_consistency_checking_deferred)
    4789             :     {
    4790             :         struct config_generic *guc;
    4791             : 
    4792           0 :         guc = find_option("wal_consistency_checking", false, false, ERROR);
    4793             : 
    4794           0 :         check_wal_consistency_checking_deferred = false;
    4795             : 
    4796           0 :         set_config_option_ext("wal_consistency_checking",
    4797             :                               wal_consistency_checking_string,
    4798             :                               guc->scontext, guc->source, guc->srole,
    4799             :                               GUC_ACTION_SET, true, ERROR, false);
    4800             : 
    4801             :         /* checking should not be deferred again */
    4802             :         Assert(!check_wal_consistency_checking_deferred);
    4803             :     }
    4804        1634 : }
    4805             : 
    4806             : /*
    4807             :  * GUC show_hook for archive_command
    4808             :  */
    4809             : const char *
    4810        3404 : show_archive_command(void)
    4811             : {
    4812        3404 :     if (XLogArchivingActive())
    4813           0 :         return XLogArchiveCommand;
    4814             :     else
    4815        3404 :         return "(disabled)";
    4816             : }
    4817             : 
    4818             : /*
    4819             :  * GUC show_hook for in_hot_standby
    4820             :  */
    4821             : const char *
    4822       26866 : show_in_hot_standby(void)
    4823             : {
    4824             :     /*
    4825             :      * We display the actual state based on shared memory, so that this GUC
    4826             :      * reports up-to-date state if examined intra-query.  The underlying
    4827             :      * variable (in_hot_standby_guc) changes only when we transmit a new value
    4828             :      * to the client.
    4829             :      */
    4830       26866 :     return RecoveryInProgress() ? "on" : "off";
    4831             : }
    4832             : 
    4833             : /*
    4834             :  * Read the control file, set respective GUCs.
    4835             :  *
    4836             :  * This is to be called during startup, including a crash recovery cycle,
    4837             :  * unless in bootstrap mode, where no control file yet exists.  As there's no
    4838             :  * usable shared memory yet (its sizing can depend on the contents of the
    4839             :  * control file!), first store the contents in local memory. XLOGShmemInit()
    4840             :  * will then copy it to shared memory later.
    4841             :  *
    4842             :  * reset just controls whether previous contents are to be expected (in the
    4843             :  * reset case, there's a dangling pointer into old shared memory), or not.
    4844             :  */
    4845             : void
    4846        1654 : LocalProcessControlFile(bool reset)
    4847             : {
    4848             :     Assert(reset || ControlFile == NULL);
    4849        1654 :     ControlFile = palloc(sizeof(ControlFileData));
    4850        1654 :     ReadControlFile();
    4851        1654 : }
    4852             : 
    4853             : /*
    4854             :  * Get the wal_level from the control file. For a standby, this value should be
    4855             :  * considered as its active wal_level, because it may be different from what
    4856             :  * was originally configured on standby.
    4857             :  */
    4858             : WalLevel
    4859         132 : GetActiveWalLevelOnStandby(void)
    4860             : {
    4861         132 :     return ControlFile->wal_level;
    4862             : }
    4863             : 
    4864             : /*
    4865             :  * Initialization of shared memory for XLOG
    4866             :  */
    4867             : Size
    4868        5454 : XLOGShmemSize(void)
    4869             : {
    4870             :     Size        size;
    4871             : 
    4872             :     /*
    4873             :      * If the value of wal_buffers is -1, use the preferred auto-tune value.
    4874             :      * This isn't an amazingly clean place to do this, but we must wait till
    4875             :      * NBuffers has received its final value, and must do it before using the
    4876             :      * value of XLOGbuffers to do anything important.
    4877             :      *
    4878             :      * We prefer to report this value's source as PGC_S_DYNAMIC_DEFAULT.
    4879             :      * However, if the DBA explicitly set wal_buffers = -1 in the config file,
    4880             :      * then PGC_S_DYNAMIC_DEFAULT will fail to override that and we must force
    4881             :      * the matter with PGC_S_OVERRIDE.
    4882             :      */
    4883        5454 :     if (XLOGbuffers == -1)
    4884             :     {
    4885             :         char        buf[32];
    4886             : 
    4887        1904 :         snprintf(buf, sizeof(buf), "%d", XLOGChooseNumBuffers());
    4888        1904 :         SetConfigOption("wal_buffers", buf, PGC_POSTMASTER,
    4889             :                         PGC_S_DYNAMIC_DEFAULT);
    4890        1904 :         if (XLOGbuffers == -1)  /* failed to apply it? */
    4891           0 :             SetConfigOption("wal_buffers", buf, PGC_POSTMASTER,
    4892             :                             PGC_S_OVERRIDE);
    4893             :     }
    4894             :     Assert(XLOGbuffers > 0);
    4895             : 
    4896             :     /* XLogCtl */
    4897        5454 :     size = sizeof(XLogCtlData);
    4898             : 
    4899             :     /* WAL insertion locks, plus alignment */
    4900        5454 :     size = add_size(size, mul_size(sizeof(WALInsertLockPadded), NUM_XLOGINSERT_LOCKS + 1));
    4901             :     /* xlblocks array */
    4902        5454 :     size = add_size(size, mul_size(sizeof(pg_atomic_uint64), XLOGbuffers));
    4903             :     /* extra alignment padding for XLOG I/O buffers */
    4904        5454 :     size = add_size(size, Max(XLOG_BLCKSZ, PG_IO_ALIGN_SIZE));
    4905             :     /* and the buffers themselves */
    4906        5454 :     size = add_size(size, mul_size(XLOG_BLCKSZ, XLOGbuffers));
    4907             : 
    4908             :     /*
    4909             :      * Note: we don't count ControlFileData, it comes out of the "slop factor"
    4910             :      * added by CreateSharedMemoryAndSemaphores.  This lets us use this
    4911             :      * routine again below to compute the actual allocation size.
    4912             :      */
    4913             : 
    4914        5454 :     return size;
    4915             : }
    4916             : 
    4917             : void
    4918        1908 : XLOGShmemInit(void)
    4919             : {
    4920             :     bool        foundCFile,
    4921             :                 foundXLog;
    4922             :     char       *allocptr;
    4923             :     int         i;
    4924             :     ControlFileData *localControlFile;
    4925             : 
    4926             : #ifdef WAL_DEBUG
    4927             : 
    4928             :     /*
    4929             :      * Create a memory context for WAL debugging that's exempt from the normal
    4930             :      * "no pallocs in critical section" rule. Yes, that can lead to a PANIC if
    4931             :      * an allocation fails, but wal_debug is not for production use anyway.
    4932             :      */
    4933             :     if (walDebugCxt == NULL)
    4934             :     {
    4935             :         walDebugCxt = AllocSetContextCreate(TopMemoryContext,
    4936             :                                             "WAL Debug",
    4937             :                                             ALLOCSET_DEFAULT_SIZES);
    4938             :         MemoryContextAllowInCriticalSection(walDebugCxt, true);
    4939             :     }
    4940             : #endif
    4941             : 
    4942             : 
    4943        1908 :     XLogCtl = (XLogCtlData *)
    4944        1908 :         ShmemInitStruct("XLOG Ctl", XLOGShmemSize(), &foundXLog);
    4945             : 
    4946        1908 :     localControlFile = ControlFile;
    4947        1908 :     ControlFile = (ControlFileData *)
    4948        1908 :         ShmemInitStruct("Control File", sizeof(ControlFileData), &foundCFile);
    4949             : 
    4950        1908 :     if (foundCFile || foundXLog)
    4951             :     {
    4952             :         /* both should be present or neither */
    4953             :         Assert(foundCFile && foundXLog);
    4954             : 
    4955             :         /* Initialize local copy of WALInsertLocks */
    4956           0 :         WALInsertLocks = XLogCtl->Insert.WALInsertLocks;
    4957             : 
    4958           0 :         if (localControlFile)
    4959           0 :             pfree(localControlFile);
    4960           0 :         return;
    4961             :     }
    4962        1908 :     memset(XLogCtl, 0, sizeof(XLogCtlData));
    4963             : 
    4964             :     /*
    4965             :      * Already have read control file locally, unless in bootstrap mode. Move
    4966             :      * contents into shared memory.
    4967             :      */
    4968        1908 :     if (localControlFile)
    4969             :     {
    4970        1638 :         memcpy(ControlFile, localControlFile, sizeof(ControlFileData));
    4971        1638 :         pfree(localControlFile);
    4972             :     }
    4973             : 
    4974             :     /*
    4975             :      * Since XLogCtlData contains XLogRecPtr fields, its sizeof should be a
    4976             :      * multiple of the alignment for same, so no extra alignment padding is
    4977             :      * needed here.
    4978             :      */
    4979        1908 :     allocptr = ((char *) XLogCtl) + sizeof(XLogCtlData);
    4980        1908 :     XLogCtl->xlblocks = (pg_atomic_uint64 *) allocptr;
    4981        1908 :     allocptr += sizeof(pg_atomic_uint64) * XLOGbuffers;
    4982             : 
    4983      539370 :     for (i = 0; i < XLOGbuffers; i++)
    4984             :     {
    4985      537462 :         pg_atomic_init_u64(&XLogCtl->xlblocks[i], InvalidXLogRecPtr);
    4986             :     }
    4987             : 
    4988             :     /* WAL insertion locks. Ensure they're aligned to the full padded size */
    4989        1908 :     allocptr += sizeof(WALInsertLockPadded) -
    4990        1908 :         ((uintptr_t) allocptr) % sizeof(WALInsertLockPadded);
    4991        1908 :     WALInsertLocks = XLogCtl->Insert.WALInsertLocks =
    4992             :         (WALInsertLockPadded *) allocptr;
    4993        1908 :     allocptr += sizeof(WALInsertLockPadded) * NUM_XLOGINSERT_LOCKS;
    4994             : 
    4995       17172 :     for (i = 0; i < NUM_XLOGINSERT_LOCKS; i++)
    4996             :     {
    4997       15264 :         LWLockInitialize(&WALInsertLocks[i].l.lock, LWTRANCHE_WAL_INSERT);
    4998       15264 :         pg_atomic_init_u64(&WALInsertLocks[i].l.insertingAt, InvalidXLogRecPtr);
    4999       15264 :         WALInsertLocks[i].l.lastImportantAt = InvalidXLogRecPtr;
    5000             :     }
    5001             : 
    5002             :     /*
    5003             :      * Align the start of the page buffers to a full xlog block size boundary.
    5004             :      * This simplifies some calculations in XLOG insertion. It is also
    5005             :      * required for O_DIRECT.
    5006             :      */
    5007        1908 :     allocptr = (char *) TYPEALIGN(XLOG_BLCKSZ, allocptr);
    5008        1908 :     XLogCtl->pages = allocptr;
    5009        1908 :     memset(XLogCtl->pages, 0, (Size) XLOG_BLCKSZ * XLOGbuffers);
    5010             : 
    5011             :     /*
    5012             :      * Do basic initialization of XLogCtl shared data. (StartupXLOG will fill
    5013             :      * in additional info.)
    5014             :      */
    5015        1908 :     XLogCtl->XLogCacheBlck = XLOGbuffers - 1;
    5016        1908 :     XLogCtl->SharedRecoveryState = RECOVERY_STATE_CRASH;
    5017        1908 :     XLogCtl->InstallXLogFileSegmentActive = false;
    5018        1908 :     XLogCtl->WalWriterSleeping = false;
    5019             : 
    5020        1908 :     SpinLockInit(&XLogCtl->Insert.insertpos_lck);
    5021        1908 :     SpinLockInit(&XLogCtl->info_lck);
    5022        1908 :     pg_atomic_init_u64(&XLogCtl->logInsertResult, InvalidXLogRecPtr);
    5023        1908 :     pg_atomic_init_u64(&XLogCtl->logWriteResult, InvalidXLogRecPtr);
    5024        1908 :     pg_atomic_init_u64(&XLogCtl->logFlushResult, InvalidXLogRecPtr);
    5025        1908 :     pg_atomic_init_u64(&XLogCtl->unloggedLSN, InvalidXLogRecPtr);
    5026             : }
    5027             : 
    5028             : /*
    5029             :  * This func must be called ONCE on system install.  It creates pg_control
    5030             :  * and the initial XLOG segment.
    5031             :  */
    5032             : void
    5033          90 : BootStrapXLOG(uint32 data_checksum_version)
    5034             : {
    5035             :     CheckPoint  checkPoint;
    5036             :     char       *buffer;
    5037             :     XLogPageHeader page;
    5038             :     XLogLongPageHeader longpage;
    5039             :     XLogRecord *record;
    5040             :     char       *recptr;
    5041             :     uint64      sysidentifier;
    5042             :     struct timeval tv;
    5043             :     pg_crc32c   crc;
    5044             : 
    5045             :     /* allow ordinary WAL segment creation, like StartupXLOG() would */
    5046          90 :     SetInstallXLogFileSegmentActive();
    5047             : 
    5048             :     /*
    5049             :      * Select a hopefully-unique system identifier code for this installation.
    5050             :      * We use the result of gettimeofday(), including the fractional seconds
    5051             :      * field, as being about as unique as we can easily get.  (Think not to
    5052             :      * use random(), since it hasn't been seeded and there's no portable way
    5053             :      * to seed it other than the system clock value...)  The upper half of the
    5054             :      * uint64 value is just the tv_sec part, while the lower half contains the
    5055             :      * tv_usec part (which must fit in 20 bits), plus 12 bits from our current
    5056             :      * PID for a little extra uniqueness.  A person knowing this encoding can
    5057             :      * determine the initialization time of the installation, which could
    5058             :      * perhaps be useful sometimes.
    5059             :      */
    5060          90 :     gettimeofday(&tv, NULL);
    5061          90 :     sysidentifier = ((uint64) tv.tv_sec) << 32;
    5062          90 :     sysidentifier |= ((uint64) tv.tv_usec) << 12;
    5063          90 :     sysidentifier |= getpid() & 0xFFF;
    5064             : 
    5065             :     /* page buffer must be aligned suitably for O_DIRECT */
    5066          90 :     buffer = (char *) palloc(XLOG_BLCKSZ + XLOG_BLCKSZ);
    5067          90 :     page = (XLogPageHeader) TYPEALIGN(XLOG_BLCKSZ, buffer);
    5068          90 :     memset(page, 0, XLOG_BLCKSZ);
    5069             : 
    5070             :     /*
    5071             :      * Set up information for the initial checkpoint record
    5072             :      *
    5073             :      * The initial checkpoint record is written to the beginning of the WAL
    5074             :      * segment with logid=0 logseg=1. The very first WAL segment, 0/0, is not
    5075             :      * used, so that we can use 0/0 to mean "before any valid WAL segment".
    5076             :      */
    5077          90 :     checkPoint.redo = wal_segment_size + SizeOfXLogLongPHD;
    5078          90 :     checkPoint.ThisTimeLineID = BootstrapTimeLineID;
    5079          90 :     checkPoint.PrevTimeLineID = BootstrapTimeLineID;
    5080          90 :     checkPoint.fullPageWrites = fullPageWrites;
    5081          90 :     checkPoint.wal_level = wal_level;
    5082             :     checkPoint.nextXid =
    5083          90 :         FullTransactionIdFromEpochAndXid(0, FirstNormalTransactionId);
    5084          90 :     checkPoint.nextOid = FirstGenbkiObjectId;
    5085          90 :     checkPoint.nextMulti = FirstMultiXactId;
    5086          90 :     checkPoint.nextMultiOffset = 0;
    5087          90 :     checkPoint.oldestXid = FirstNormalTransactionId;
    5088          90 :     checkPoint.oldestXidDB = Template1DbOid;
    5089          90 :     checkPoint.oldestMulti = FirstMultiXactId;
    5090          90 :     checkPoint.oldestMultiDB = Template1DbOid;
    5091          90 :     checkPoint.oldestCommitTsXid = InvalidTransactionId;
    5092          90 :     checkPoint.newestCommitTsXid = InvalidTransactionId;
    5093          90 :     checkPoint.time = (pg_time_t) time(NULL);
    5094          90 :     checkPoint.oldestActiveXid = InvalidTransactionId;
    5095             : 
    5096          90 :     TransamVariables->nextXid = checkPoint.nextXid;
    5097          90 :     TransamVariables->nextOid = checkPoint.nextOid;
    5098          90 :     TransamVariables->oidCount = 0;
    5099          90 :     MultiXactSetNextMXact(checkPoint.nextMulti, checkPoint.nextMultiOffset);
    5100          90 :     AdvanceOldestClogXid(checkPoint.oldestXid);
    5101          90 :     SetTransactionIdLimit(checkPoint.oldestXid, checkPoint.oldestXidDB);
    5102          90 :     SetMultiXactIdLimit(checkPoint.oldestMulti, checkPoint.oldestMultiDB, true);
    5103          90 :     SetCommitTsLimit(InvalidTransactionId, InvalidTransactionId);
    5104             : 
    5105             :     /* Set up the XLOG page header */
    5106          90 :     page->xlp_magic = XLOG_PAGE_MAGIC;
    5107          90 :     page->xlp_info = XLP_LONG_HEADER;
    5108          90 :     page->xlp_tli = BootstrapTimeLineID;
    5109          90 :     page->xlp_pageaddr = wal_segment_size;
    5110          90 :     longpage = (XLogLongPageHeader) page;
    5111          90 :     longpage->xlp_sysid = sysidentifier;
    5112          90 :     longpage->xlp_seg_size = wal_segment_size;
    5113          90 :     longpage->xlp_xlog_blcksz = XLOG_BLCKSZ;
    5114             : 
    5115             :     /* Insert the initial checkpoint record */
    5116          90 :     recptr = ((char *) page + SizeOfXLogLongPHD);
    5117          90 :     record = (XLogRecord *) recptr;
    5118          90 :     record->xl_prev = 0;
    5119          90 :     record->xl_xid = InvalidTransactionId;
    5120          90 :     record->xl_tot_len = SizeOfXLogRecord + SizeOfXLogRecordDataHeaderShort + sizeof(checkPoint);
    5121          90 :     record->xl_info = XLOG_CHECKPOINT_SHUTDOWN;
    5122          90 :     record->xl_rmid = RM_XLOG_ID;
    5123          90 :     recptr += SizeOfXLogRecord;
    5124             :     /* fill the XLogRecordDataHeaderShort struct */
    5125          90 :     *(recptr++) = (char) XLR_BLOCK_ID_DATA_SHORT;
    5126          90 :     *(recptr++) = sizeof(checkPoint);
    5127          90 :     memcpy(recptr, &checkPoint, sizeof(checkPoint));
    5128          90 :     recptr += sizeof(checkPoint);
    5129             :     Assert(recptr - (char *) record == record->xl_tot_len);
    5130             : 
    5131          90 :     INIT_CRC32C(crc);
    5132          90 :     COMP_CRC32C(crc, ((char *) record) + SizeOfXLogRecord, record->xl_tot_len - SizeOfXLogRecord);
    5133          90 :     COMP_CRC32C(crc, (char *) record, offsetof(XLogRecord, xl_crc));
    5134          90 :     FIN_CRC32C(crc);
    5135          90 :     record->xl_crc = crc;
    5136             : 
    5137             :     /* Create first XLOG segment file */
    5138          90 :     openLogTLI = BootstrapTimeLineID;
    5139          90 :     openLogFile = XLogFileInit(1, BootstrapTimeLineID);
    5140             : 
    5141             :     /*
    5142             :      * We needn't bother with Reserve/ReleaseExternalFD here, since we'll
    5143             :      * close the file again in a moment.
    5144             :      */
    5145             : 
    5146             :     /* Write the first page with the initial record */
    5147          90 :     errno = 0;
    5148          90 :     pgstat_report_wait_start(WAIT_EVENT_WAL_BOOTSTRAP_WRITE);
    5149          90 :     if (write(openLogFile, page, XLOG_BLCKSZ) != XLOG_BLCKSZ)
    5150             :     {
    5151             :         /* if write didn't set errno, assume problem is no disk space */
    5152           0 :         if (errno == 0)
    5153           0 :             errno = ENOSPC;
    5154           0 :         ereport(PANIC,
    5155             :                 (errcode_for_file_access(),
    5156             :                  errmsg("could not write bootstrap write-ahead log file: %m")));
    5157             :     }
    5158          90 :     pgstat_report_wait_end();
    5159             : 
    5160          90 :     pgstat_report_wait_start(WAIT_EVENT_WAL_BOOTSTRAP_SYNC);
    5161          90 :     if (pg_fsync(openLogFile) != 0)
    5162           0 :         ereport(PANIC,
    5163             :                 (errcode_for_file_access(),
    5164             :                  errmsg("could not fsync bootstrap write-ahead log file: %m")));
    5165          90 :     pgstat_report_wait_end();
    5166             : 
    5167          90 :     if (close(openLogFile) != 0)
    5168           0 :         ereport(PANIC,
    5169             :                 (errcode_for_file_access(),
    5170             :                  errmsg("could not close bootstrap write-ahead log file: %m")));
    5171             : 
    5172          90 :     openLogFile = -1;
    5173             : 
    5174             :     /* Now create pg_control */
    5175          90 :     InitControlFile(sysidentifier, data_checksum_version);
    5176          90 :     ControlFile->time = checkPoint.time;
    5177          90 :     ControlFile->checkPoint = checkPoint.redo;
    5178          90 :     ControlFile->checkPointCopy = checkPoint;
    5179             : 
    5180             :     /* some additional ControlFile fields are set in WriteControlFile() */
    5181          90 :     WriteControlFile();
    5182             : 
    5183             :     /* Bootstrap the commit log, too */
    5184          90 :     BootStrapCLOG();
    5185          90 :     BootStrapCommitTs();
    5186          90 :     BootStrapSUBTRANS();
    5187          90 :     BootStrapMultiXact();
    5188             : 
    5189          90 :     pfree(buffer);
    5190             : 
    5191             :     /*
    5192             :      * Force control file to be read - in contrast to normal processing we'd
    5193             :      * otherwise never run the checks and GUC related initializations therein.
    5194             :      */
    5195          90 :     ReadControlFile();
    5196          90 : }
    5197             : 
    5198             : static char *
    5199        1460 : str_time(pg_time_t tnow)
    5200             : {
    5201        1460 :     char       *buf = palloc(128);
    5202             : 
    5203        1460 :     pg_strftime(buf, 128,
    5204             :                 "%Y-%m-%d %H:%M:%S %Z",
    5205        1460 :                 pg_localtime(&tnow, log_timezone));
    5206             : 
    5207        1460 :     return buf;
    5208             : }
    5209             : 
    5210             : /*
    5211             :  * Initialize the first WAL segment on new timeline.
    5212             :  */
    5213             : static void
    5214          96 : XLogInitNewTimeline(TimeLineID endTLI, XLogRecPtr endOfLog, TimeLineID newTLI)
    5215             : {
    5216             :     char        xlogfname[MAXFNAMELEN];
    5217             :     XLogSegNo   endLogSegNo;
    5218             :     XLogSegNo   startLogSegNo;
    5219             : 
    5220             :     /* we always switch to a new timeline after archive recovery */
    5221             :     Assert(endTLI != newTLI);
    5222             : 
    5223             :     /*
    5224             :      * Update min recovery point one last time.
    5225             :      */
    5226          96 :     UpdateMinRecoveryPoint(InvalidXLogRecPtr, true);
    5227             : 
    5228             :     /*
    5229             :      * Calculate the last segment on the old timeline, and the first segment
    5230             :      * on the new timeline. If the switch happens in the middle of a segment,
    5231             :      * they are the same, but if the switch happens exactly at a segment
    5232             :      * boundary, startLogSegNo will be endLogSegNo + 1.
    5233             :      */
    5234          96 :     XLByteToPrevSeg(endOfLog, endLogSegNo, wal_segment_size);
    5235          96 :     XLByteToSeg(endOfLog, startLogSegNo, wal_segment_size);
    5236             : 
    5237             :     /*
    5238             :      * Initialize the starting WAL segment for the new timeline. If the switch
    5239             :      * happens in the middle of a segment, copy data from the last WAL segment
    5240             :      * of the old timeline up to the switch point, to the starting WAL segment
    5241             :      * on the new timeline.
    5242             :      */
    5243          96 :     if (endLogSegNo == startLogSegNo)
    5244             :     {
    5245             :         /*
    5246             :          * Make a copy of the file on the new timeline.
    5247             :          *
    5248             :          * Writing WAL isn't allowed yet, so there are no locking
    5249             :          * considerations. But we should be just as tense as XLogFileInit to
    5250             :          * avoid emplacing a bogus file.
    5251             :          */
    5252          78 :         XLogFileCopy(newTLI, endLogSegNo, endTLI, endLogSegNo,
    5253          78 :                      XLogSegmentOffset(endOfLog, wal_segment_size));
    5254             :     }
    5255             :     else
    5256             :     {
    5257             :         /*
    5258             :          * The switch happened at a segment boundary, so just create the next
    5259             :          * segment on the new timeline.
    5260             :          */
    5261             :         int         fd;
    5262             : 
    5263          18 :         fd = XLogFileInit(startLogSegNo, newTLI);
    5264             : 
    5265          18 :         if (close(fd) != 0)
    5266             :         {
    5267           0 :             int         save_errno = errno;
    5268             : 
    5269           0 :             XLogFileName(xlogfname, newTLI, startLogSegNo, wal_segment_size);
    5270           0 :             errno = save_errno;
    5271           0 :             ereport(ERROR,
    5272             :                     (errcode_for_file_access(),
    5273             :                      errmsg("could not close file \"%s\": %m", xlogfname)));
    5274             :         }
    5275             :     }
    5276             : 
    5277             :     /*
    5278             :      * Let's just make real sure there are not .ready or .done flags posted
    5279             :      * for the new segment.
    5280             :      */
    5281          96 :     XLogFileName(xlogfname, newTLI, startLogSegNo, wal_segment_size);
    5282          96 :     XLogArchiveCleanup(xlogfname);
    5283          96 : }
    5284             : 
    5285             : /*
    5286             :  * Perform cleanup actions at the conclusion of archive recovery.
    5287             :  */
    5288             : static void
    5289          96 : CleanupAfterArchiveRecovery(TimeLineID EndOfLogTLI, XLogRecPtr EndOfLog,
    5290             :                             TimeLineID newTLI)
    5291             : {
    5292             :     /*
    5293             :      * Execute the recovery_end_command, if any.
    5294             :      */
    5295          96 :     if (recoveryEndCommand && strcmp(recoveryEndCommand, "") != 0)
    5296           4 :         ExecuteRecoveryCommand(recoveryEndCommand,
    5297             :                                "recovery_end_command",
    5298             :                                true,
    5299             :                                WAIT_EVENT_RECOVERY_END_COMMAND);
    5300             : 
    5301             :     /*
    5302             :      * We switched to a new timeline. Clean up segments on the old timeline.
    5303             :      *
    5304             :      * If there are any higher-numbered segments on the old timeline, remove
    5305             :      * them. They might contain valid WAL, but they might also be
    5306             :      * pre-allocated files containing garbage. In any case, they are not part
    5307             :      * of the new timeline's history so we don't need them.
    5308             :      */
    5309          96 :     RemoveNonParentXlogFiles(EndOfLog, newTLI);
    5310             : 
    5311             :     /*
    5312             :      * If the switch happened in the middle of a segment, what to do with the
    5313             :      * last, partial segment on the old timeline? If we don't archive it, and
    5314             :      * the server that created the WAL never archives it either (e.g. because
    5315             :      * it was hit by a meteor), it will never make it to the archive. That's
    5316             :      * OK from our point of view, because the new segment that we created with
    5317             :      * the new TLI contains all the WAL from the old timeline up to the switch
    5318             :      * point. But if you later try to do PITR to the "missing" WAL on the old
    5319             :      * timeline, recovery won't find it in the archive. It's physically
    5320             :      * present in the new file with new TLI, but recovery won't look there
    5321             :      * when it's recovering to the older timeline. On the other hand, if we
    5322             :      * archive the partial segment, and the original server on that timeline
    5323             :      * is still running and archives the completed version of the same segment
    5324             :      * later, it will fail. (We used to do that in 9.4 and below, and it
    5325             :      * caused such problems).
    5326             :      *
    5327             :      * As a compromise, we rename the last segment with the .partial suffix,
    5328             :      * and archive it. Archive recovery will never try to read .partial
    5329             :      * segments, so they will normally go unused. But in the odd PITR case,
    5330             :      * the administrator can copy them manually to the pg_wal directory
    5331             :      * (removing the suffix). They can be useful in debugging, too.
    5332             :      *
    5333             :      * If a .done or .ready file already exists for the old timeline, however,
    5334             :      * we had already determined that the segment is complete, so we can let
    5335             :      * it be archived normally. (In particular, if it was restored from the
    5336             :      * archive to begin with, it's expected to have a .done file).
    5337             :      */
    5338          96 :     if (XLogSegmentOffset(EndOfLog, wal_segment_size) != 0 &&
    5339             :         XLogArchivingActive())
    5340             :     {
    5341             :         char        origfname[MAXFNAMELEN];
    5342             :         XLogSegNo   endLogSegNo;
    5343             : 
    5344          16 :         XLByteToPrevSeg(EndOfLog, endLogSegNo, wal_segment_size);
    5345          16 :         XLogFileName(origfname, EndOfLogTLI, endLogSegNo, wal_segment_size);
    5346             : 
    5347          16 :         if (!XLogArchiveIsReadyOrDone(origfname))
    5348             :         {
    5349             :             char        origpath[MAXPGPATH];
    5350             :             char        partialfname[MAXFNAMELEN];
    5351             :             char        partialpath[MAXPGPATH];
    5352             : 
    5353             :             /*
    5354             :              * If we're summarizing WAL, we can't rename the partial file
    5355             :              * until the summarizer finishes with it, else it will fail.
    5356             :              */
    5357          10 :             if (summarize_wal)
    5358           2 :                 WaitForWalSummarization(EndOfLog);
    5359             : 
    5360          10 :             XLogFilePath(origpath, EndOfLogTLI, endLogSegNo, wal_segment_size);
    5361          10 :             snprintf(partialfname, MAXFNAMELEN, "%s.partial", origfname);
    5362          10 :             snprintf(partialpath, MAXPGPATH, "%s.partial", origpath);
    5363             : 
    5364             :             /*
    5365             :              * Make sure there's no .done or .ready file for the .partial
    5366             :              * file.
    5367             :              */
    5368          10 :             XLogArchiveCleanup(partialfname);
    5369             : 
    5370          10 :             durable_rename(origpath, partialpath, ERROR);
    5371          10 :             XLogArchiveNotify(partialfname);
    5372             :         }
    5373             :     }
    5374          96 : }
    5375             : 
    5376             : /*
    5377             :  * Check to see if required parameters are set high enough on this server
    5378             :  * for various aspects of recovery operation.
    5379             :  *
    5380             :  * Note that all the parameters which this function tests need to be
    5381             :  * listed in Administrator's Overview section in high-availability.sgml.
    5382             :  * If you change them, don't forget to update the list.
    5383             :  */
    5384             : static void
    5385         470 : CheckRequiredParameterValues(void)
    5386             : {
    5387             :     /*
    5388             :      * For archive recovery, the WAL must be generated with at least 'replica'
    5389             :      * wal_level.
    5390             :      */
    5391         470 :     if (ArchiveRecoveryRequested && ControlFile->wal_level == WAL_LEVEL_MINIMAL)
    5392             :     {
    5393           4 :         ereport(FATAL,
    5394             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    5395             :                  errmsg("WAL was generated with \"wal_level=minimal\", cannot continue recovering"),
    5396             :                  errdetail("This happens if you temporarily set \"wal_level=minimal\" on the server."),
    5397             :                  errhint("Use a backup taken after setting \"wal_level\" to higher than \"minimal\".")));
    5398             :     }
    5399             : 
    5400             :     /*
    5401             :      * For Hot Standby, the WAL must be generated with 'replica' mode, and we
    5402             :      * must have at least as many backend slots as the primary.
    5403             :      */
    5404         466 :     if (ArchiveRecoveryRequested && EnableHotStandby)
    5405             :     {
    5406             :         /* We ignore autovacuum_max_workers when we make this test. */
    5407         228 :         RecoveryRequiresIntParameter("max_connections",
    5408             :                                      MaxConnections,
    5409         228 :                                      ControlFile->MaxConnections);
    5410         228 :         RecoveryRequiresIntParameter("max_worker_processes",
    5411             :                                      max_worker_processes,
    5412         228 :                                      ControlFile->max_worker_processes);
    5413         228 :         RecoveryRequiresIntParameter("max_wal_senders",
    5414             :                                      max_wal_senders,
    5415         228 :                                      ControlFile->max_wal_senders);
    5416         228 :         RecoveryRequiresIntParameter("max_prepared_transactions",
    5417             :                                      max_prepared_xacts,
    5418         228 :                                      ControlFile->max_prepared_xacts);
    5419         228 :         RecoveryRequiresIntParameter("max_locks_per_transaction",
    5420             :                                      max_locks_per_xact,
    5421         228 :                                      ControlFile->max_locks_per_xact);
    5422             :     }
    5423         466 : }
    5424             : 
    5425             : /*
    5426             :  * This must be called ONCE during postmaster or standalone-backend startup
    5427             :  */
    5428             : void
    5429        1640 : StartupXLOG(void)
    5430             : {
    5431             :     XLogCtlInsert *Insert;
    5432             :     CheckPoint  checkPoint;
    5433             :     bool        wasShutdown;
    5434             :     bool        didCrash;
    5435             :     bool        haveTblspcMap;
    5436             :     bool        haveBackupLabel;
    5437             :     XLogRecPtr  EndOfLog;
    5438             :     TimeLineID  EndOfLogTLI;
    5439             :     TimeLineID  newTLI;
    5440             :     bool        performedWalRecovery;
    5441             :     EndOfWalRecoveryInfo *endOfRecoveryInfo;
    5442             :     XLogRecPtr  abortedRecPtr;
    5443             :     XLogRecPtr  missingContrecPtr;
    5444             :     TransactionId oldestActiveXID;
    5445        1640 :     bool        promoted = false;
    5446             : 
    5447             :     /*
    5448             :      * We should have an aux process resource owner to use, and we should not
    5449             :      * be in a transaction that's installed some other resowner.
    5450             :      */
    5451             :     Assert(AuxProcessResourceOwner != NULL);
    5452             :     Assert(CurrentResourceOwner == NULL ||
    5453             :            CurrentResourceOwner == AuxProcessResourceOwner);
    5454        1640 :     CurrentResourceOwner = AuxProcessResourceOwner;
    5455             : 
    5456             :     /*
    5457             :      * Check that contents look valid.
    5458             :      */
    5459        1640 :     if (!XRecOffIsValid(ControlFile->checkPoint))
    5460           0 :         ereport(FATAL,
    5461             :                 (errcode(ERRCODE_DATA_CORRUPTED),
    5462             :                  errmsg("control file contains invalid checkpoint location")));
    5463             : 
    5464        1640 :     switch (ControlFile->state)
    5465             :     {
    5466        1244 :         case DB_SHUTDOWNED:
    5467             : 
    5468             :             /*
    5469             :              * This is the expected case, so don't be chatty in standalone
    5470             :              * mode
    5471             :              */
    5472        1244 :             ereport(IsPostmasterEnvironment ? LOG : NOTICE,
    5473             :                     (errmsg("database system was shut down at %s",
    5474             :                             str_time(ControlFile->time))));
    5475        1244 :             break;
    5476             : 
    5477          56 :         case DB_SHUTDOWNED_IN_RECOVERY:
    5478          56 :             ereport(LOG,
    5479             :                     (errmsg("database system was shut down in recovery at %s",
    5480             :                             str_time(ControlFile->time))));
    5481          56 :             break;
    5482             : 
    5483           0 :         case DB_SHUTDOWNING:
    5484           0 :             ereport(LOG,
    5485             :                     (errmsg("database system shutdown was interrupted; last known up at %s",
    5486             :                             str_time(ControlFile->time))));
    5487           0 :             break;
    5488             : 
    5489           0 :         case DB_IN_CRASH_RECOVERY:
    5490           0 :             ereport(LOG,
    5491             :                     (errmsg("database system was interrupted while in recovery at %s",
    5492             :                             str_time(ControlFile->time)),
    5493             :                      errhint("This probably means that some data is corrupted and"
    5494             :                              " you will have to use the last backup for recovery.")));
    5495           0 :             break;
    5496             : 
    5497          12 :         case DB_IN_ARCHIVE_RECOVERY:
    5498          12 :             ereport(LOG,
    5499             :                     (errmsg("database system was interrupted while in recovery at log time %s",
    5500             :                             str_time(ControlFile->checkPointCopy.time)),
    5501             :                      errhint("If this has occurred more than once some data might be corrupted"
    5502             :                              " and you might need to choose an earlier recovery target.")));
    5503          12 :             break;
    5504             : 
    5505         328 :         case DB_IN_PRODUCTION:
    5506         328 :             ereport(LOG,
    5507             :                     (errmsg("database system was interrupted; last known up at %s",
    5508             :                             str_time(ControlFile->time))));
    5509         328 :             break;
    5510             : 
    5511           0 :         default:
    5512           0 :             ereport(FATAL,
    5513             :                     (errcode(ERRCODE_DATA_CORRUPTED),
    5514             :                      errmsg("control file contains invalid database cluster state")));
    5515             :     }
    5516             : 
    5517             :     /* This is just to allow attaching to startup process with a debugger */
    5518             : #ifdef XLOG_REPLAY_DELAY
    5519             :     if (ControlFile->state != DB_SHUTDOWNED)
    5520             :         pg_usleep(60000000L);
    5521             : #endif
    5522             : 
    5523             :     /*
    5524             :      * Verify that pg_wal, pg_wal/archive_status, and pg_wal/summaries exist.
    5525             :      * In cases where someone has performed a copy for PITR, these directories
    5526             :      * may have been excluded and need to be re-created.
    5527             :      */
    5528        1640 :     ValidateXLOGDirectoryStructure();
    5529             : 
    5530             :     /* Set up timeout handler needed to report startup progress. */
    5531        1640 :     if (!IsBootstrapProcessingMode())
    5532        1550 :         RegisterTimeout(STARTUP_PROGRESS_TIMEOUT,
    5533             :                         startup_progress_timeout_handler);
    5534             : 
    5535             :     /*----------
    5536             :      * If we previously crashed, perform a couple of actions:
    5537             :      *
    5538             :      * - The pg_wal directory may still include some temporary WAL segments
    5539             :      *   used when creating a new segment, so perform some clean up to not
    5540             :      *   bloat this path.  This is done first as there is no point to sync
    5541             :      *   this temporary data.
    5542             :      *
    5543             :      * - There might be data which we had written, intending to fsync it, but
    5544             :      *   which we had not actually fsync'd yet.  Therefore, a power failure in
    5545             :      *   the near future might cause earlier unflushed writes to be lost, even
    5546             :      *   though more recent data written to disk from here on would be
    5547             :      *   persisted.  To avoid that, fsync the entire data directory.
    5548             :      */
    5549        1640 :     if (ControlFile->state != DB_SHUTDOWNED &&
    5550         396 :         ControlFile->state != DB_SHUTDOWNED_IN_RECOVERY)
    5551             :     {
    5552         340 :         RemoveTempXlogFiles();
    5553         340 :         SyncDataDirectory();
    5554         340 :         didCrash = true;
    5555             :     }
    5556             :     else
    5557        1300 :         didCrash = false;
    5558             : 
    5559             :     /*
    5560             :      * Prepare for WAL recovery if needed.
    5561             :      *
    5562             :      * InitWalRecovery analyzes the control file and the backup label file, if
    5563             :      * any.  It updates the in-memory ControlFile buffer according to the
    5564             :      * starting checkpoint, and sets InRecovery and ArchiveRecoveryRequested.
    5565             :      * It also applies the tablespace map file, if any.
    5566             :      */
    5567        1640 :     InitWalRecovery(ControlFile, &wasShutdown,
    5568             :                     &haveBackupLabel, &haveTblspcMap);
    5569        1640 :     checkPoint = ControlFile->checkPointCopy;
    5570             : 
    5571             :     /* initialize shared memory variables from the checkpoint record */
    5572        1640 :     TransamVariables->nextXid = checkPoint.nextXid;
    5573        1640 :     TransamVariables->nextOid = checkPoint.nextOid;
    5574        1640 :     TransamVariables->oidCount = 0;
    5575        1640 :     MultiXactSetNextMXact(checkPoint.nextMulti, checkPoint.nextMultiOffset);
    5576        1640 :     AdvanceOldestClogXid(checkPoint.oldestXid);
    5577        1640 :     SetTransactionIdLimit(checkPoint.oldestXid, checkPoint.oldestXidDB);
    5578        1640 :     SetMultiXactIdLimit(checkPoint.oldestMulti, checkPoint.oldestMultiDB, true);
    5579        1640 :     SetCommitTsLimit(checkPoint.oldestCommitTsXid,
    5580             :                      checkPoint.newestCommitTsXid);
    5581        1640 :     XLogCtl->ckptFullXid = checkPoint.nextXid;
    5582             : 
    5583             :     /*
    5584             :      * Clear out any old relcache cache files.  This is *necessary* if we do
    5585             :      * any WAL replay, since that would probably result in the cache files
    5586             :      * being out of sync with database reality.  In theory we could leave them
    5587             :      * in place if the database had been cleanly shut down, but it seems
    5588             :      * safest to just remove them always and let them be rebuilt during the
    5589             :      * first backend startup.  These files needs to be removed from all
    5590             :      * directories including pg_tblspc, however the symlinks are created only
    5591             :      * after reading tablespace_map file in case of archive recovery from
    5592             :      * backup, so needs to clear old relcache files here after creating
    5593             :      * symlinks.
    5594             :      */
    5595        1640 :     RelationCacheInitFileRemove();
    5596             : 
    5597             :     /*
    5598             :      * Initialize replication slots, before there's a chance to remove
    5599             :      * required resources.
    5600             :      */
    5601        1640 :     StartupReplicationSlots();
    5602             : 
    5603             :     /*
    5604             :      * Startup logical state, needs to be setup now so we have proper data
    5605             :      * during crash recovery.
    5606             :      */
    5607        1640 :     StartupReorderBuffer();
    5608             : 
    5609             :     /*
    5610             :      * Startup CLOG. This must be done after TransamVariables->nextXid has
    5611             :      * been initialized and before we accept connections or begin WAL replay.
    5612             :      */
    5613        1640 :     StartupCLOG();
    5614             : 
    5615             :     /*
    5616             :      * Startup MultiXact. We need to do this early to be able to replay
    5617             :      * truncations.
    5618             :      */
    5619        1640 :     StartupMultiXact();
    5620             : 
    5621             :     /*
    5622             :      * Ditto for commit timestamps.  Activate the facility if the setting is
    5623             :      * enabled in the control file, as there should be no tracking of commit
    5624             :      * timestamps done when the setting was disabled.  This facility can be
    5625             :      * started or stopped when replaying a XLOG_PARAMETER_CHANGE record.
    5626             :      */
    5627        1640 :     if (ControlFile->track_commit_timestamp)
    5628          20 :         StartupCommitTs();
    5629             : 
    5630             :     /*
    5631             :      * Recover knowledge about replay progress of known replication partners.
    5632             :      */
    5633        1640 :     StartupReplicationOrigin();
    5634             : 
    5635             :     /*
    5636             :      * Initialize unlogged LSN. On a clean shutdown, it's restored from the
    5637             :      * control file. On recovery, all unlogged relations are blown away, so
    5638             :      * the unlogged LSN counter can be reset too.
    5639             :      */
    5640        1640 :     if (ControlFile->state == DB_SHUTDOWNED)
    5641        1230 :         pg_atomic_write_membarrier_u64(&XLogCtl->unloggedLSN,
    5642        1230 :                                        ControlFile->unloggedLSN);
    5643             :     else
    5644         410 :         pg_atomic_write_membarrier_u64(&XLogCtl->unloggedLSN,
    5645             :                                        FirstNormalUnloggedLSN);
    5646             : 
    5647             :     /*
    5648             :      * Copy any missing timeline history files between 'now' and the recovery
    5649             :      * target timeline from archive to pg_wal. While we don't need those files
    5650             :      * ourselves - the history file of the recovery target timeline covers all
    5651             :      * the previous timelines in the history too - a cascading standby server
    5652             :      * might be interested in them. Or, if you archive the WAL from this
    5653             :      * server to a different archive than the primary, it'd be good for all
    5654             :      * the history files to get archived there after failover, so that you can
    5655             :      * use one of the old timelines as a PITR target. Timeline history files
    5656             :      * are small, so it's better to copy them unnecessarily than not copy them
    5657             :      * and regret later.
    5658             :      */
    5659        1640 :     restoreTimeLineHistoryFiles(checkPoint.ThisTimeLineID, recoveryTargetTLI);
    5660             : 
    5661             :     /*
    5662             :      * Before running in recovery, scan pg_twophase and fill in its status to
    5663             :      * be able to work on entries generated by redo.  Doing a scan before
    5664             :      * taking any recovery action has the merit to discard any 2PC files that
    5665             :      * are newer than the first record to replay, saving from any conflicts at
    5666             :      * replay.  This avoids as well any subsequent scans when doing recovery
    5667             :      * of the on-disk two-phase data.
    5668             :      */
    5669        1640 :     restoreTwoPhaseData();
    5670             : 
    5671             :     /*
    5672             :      * When starting with crash recovery, reset pgstat data - it might not be
    5673             :      * valid. Otherwise restore pgstat data. It's safe to do this here,
    5674             :      * because postmaster will not yet have started any other processes.
    5675             :      *
    5676             :      * NB: Restoring replication slot stats relies on slot state to have
    5677             :      * already been restored from disk.
    5678             :      *
    5679             :      * TODO: With a bit of extra work we could just start with a pgstat file
    5680             :      * associated with the checkpoint redo location we're starting from.
    5681             :      */
    5682        1640 :     if (didCrash)
    5683         340 :         pgstat_discard_stats();
    5684             :     else
    5685        1300 :         pgstat_restore_stats(checkPoint.redo);
    5686             : 
    5687        1640 :     lastFullPageWrites = checkPoint.fullPageWrites;
    5688             : 
    5689        1640 :     RedoRecPtr = XLogCtl->RedoRecPtr = XLogCtl->Insert.RedoRecPtr = checkPoint.redo;
    5690        1640 :     doPageWrites = lastFullPageWrites;
    5691             : 
    5692             :     /* REDO */
    5693        1640 :     if (InRecovery)
    5694             :     {
    5695             :         /* Initialize state for RecoveryInProgress() */
    5696         410 :         SpinLockAcquire(&XLogCtl->info_lck);
    5697         410 :         if (InArchiveRecovery)
    5698         210 :             XLogCtl->SharedRecoveryState = RECOVERY_STATE_ARCHIVE;
    5699             :         else
    5700         200 :             XLogCtl->SharedRecoveryState = RECOVERY_STATE_CRASH;
    5701         410 :         SpinLockRelease(&XLogCtl->info_lck);
    5702             : 
    5703             :         /*
    5704             :          * Update pg_control to show that we are recovering and to show the
    5705             :          * selected checkpoint as the place we are starting from. We also mark
    5706             :          * pg_control with any minimum recovery stop point obtained from a
    5707             :          * backup history file.
    5708             :          *
    5709             :          * No need to hold ControlFileLock yet, we aren't up far enough.
    5710             :          */
    5711         410 :         UpdateControlFile();
    5712             : 
    5713             :         /*
    5714             :          * If there was a backup label file, it's done its job and the info
    5715             :          * has now been propagated into pg_control.  We must get rid of the
    5716             :          * label file so that if we crash during recovery, we'll pick up at
    5717             :          * the latest recovery restartpoint instead of going all the way back
    5718             :          * to the backup start point.  It seems prudent though to just rename
    5719             :          * the file out of the way rather than delete it completely.
    5720             :          */
    5721         410 :         if (haveBackupLabel)
    5722             :         {
    5723         136 :             unlink(BACKUP_LABEL_OLD);
    5724         136 :             durable_rename(BACKUP_LABEL_FILE, BACKUP_LABEL_OLD, FATAL);
    5725             :         }
    5726             : 
    5727             :         /*
    5728             :          * If there was a tablespace_map file, it's done its job and the
    5729             :          * symlinks have been created.  We must get rid of the map file so
    5730             :          * that if we crash during recovery, we don't create symlinks again.
    5731             :          * It seems prudent though to just rename the file out of the way
    5732             :          * rather than delete it completely.
    5733             :          */
    5734         410 :         if (haveTblspcMap)
    5735             :         {
    5736           4 :             unlink(TABLESPACE_MAP_OLD);
    5737           4 :             durable_rename(TABLESPACE_MAP, TABLESPACE_MAP_OLD, FATAL);
    5738             :         }
    5739             : 
    5740             :         /*
    5741             :          * Initialize our local copy of minRecoveryPoint.  When doing crash
    5742             :          * recovery we want to replay up to the end of WAL.  Particularly, in
    5743             :          * the case of a promoted standby minRecoveryPoint value in the
    5744             :          * control file is only updated after the first checkpoint.  However,
    5745             :          * if the instance crashes before the first post-recovery checkpoint
    5746             :          * is completed then recovery will use a stale location causing the
    5747             :          * startup process to think that there are still invalid page
    5748             :          * references when checking for data consistency.
    5749             :          */
    5750         410 :         if (InArchiveRecovery)
    5751             :         {
    5752         210 :             LocalMinRecoveryPoint = ControlFile->minRecoveryPoint;
    5753         210 :             LocalMinRecoveryPointTLI = ControlFile->minRecoveryPointTLI;
    5754             :         }
    5755             :         else
    5756             :         {
    5757         200 :             LocalMinRecoveryPoint = InvalidXLogRecPtr;
    5758         200 :             LocalMinRecoveryPointTLI = 0;
    5759             :         }
    5760             : 
    5761             :         /* Check that the GUCs used to generate the WAL allow recovery */
    5762         410 :         CheckRequiredParameterValues();
    5763             : 
    5764             :         /*
    5765             :          * We're in recovery, so unlogged relations may be trashed and must be
    5766             :          * reset.  This should be done BEFORE allowing Hot Standby
    5767             :          * connections, so that read-only backends don't try to read whatever
    5768             :          * garbage is left over from before.
    5769             :          */
    5770         410 :         ResetUnloggedRelations(UNLOGGED_RELATION_CLEANUP);
    5771             : 
    5772             :         /*
    5773             :          * Likewise, delete any saved transaction snapshot files that got left
    5774             :          * behind by crashed backends.
    5775             :          */
    5776         410 :         DeleteAllExportedSnapshotFiles();
    5777             : 
    5778             :         /*
    5779             :          * Initialize for Hot Standby, if enabled. We won't let backends in
    5780             :          * yet, not until we've reached the min recovery point specified in
    5781             :          * control file and we've established a recovery snapshot from a
    5782             :          * running-xacts WAL record.
    5783             :          */
    5784         410 :         if (ArchiveRecoveryRequested && EnableHotStandby)
    5785             :         {
    5786             :             TransactionId *xids;
    5787             :             int         nxids;
    5788             : 
    5789         198 :             ereport(DEBUG1,
    5790             :                     (errmsg_internal("initializing for hot standby")));
    5791             : 
    5792         198 :             InitRecoveryTransactionEnvironment();
    5793             : 
    5794         198 :             if (wasShutdown)
    5795          48 :                 oldestActiveXID = PrescanPreparedTransactions(&xids, &nxids);
    5796             :             else
    5797         150 :                 oldestActiveXID = checkPoint.oldestActiveXid;
    5798             :             Assert(TransactionIdIsValid(oldestActiveXID));
    5799             : 
    5800             :             /* Tell procarray about the range of xids it has to deal with */
    5801         198 :             ProcArrayInitRecovery(XidFromFullTransactionId(TransamVariables->nextXid));
    5802             : 
    5803             :             /*
    5804             :              * Startup subtrans only.  CLOG, MultiXact and commit timestamp
    5805             :              * have already been started up and other SLRUs are not maintained
    5806             :              * during recovery and need not be started yet.
    5807             :              */
    5808         198 :             StartupSUBTRANS(oldestActiveXID);
    5809             : 
    5810             :             /*
    5811             :              * If we're beginning at a shutdown checkpoint, we know that
    5812             :              * nothing was running on the primary at this point. So fake-up an
    5813             :              * empty running-xacts record and use that here and now. Recover
    5814             :              * additional standby state for prepared transactions.
    5815             :              */
    5816         198 :             if (wasShutdown)
    5817             :             {
    5818             :                 RunningTransactionsData running;
    5819             :                 TransactionId latestCompletedXid;
    5820             : 
    5821             :                 /* Update pg_subtrans entries for any prepared transactions */
    5822          48 :                 StandbyRecoverPreparedTransactions();
    5823             : 
    5824             :                 /*
    5825             :                  * Construct a RunningTransactions snapshot representing a
    5826             :                  * shut down server, with only prepared transactions still
    5827             :                  * alive. We're never overflowed at this point because all
    5828             :                  * subxids are listed with their parent prepared transactions.
    5829             :                  */
    5830          48 :                 running.xcnt = nxids;
    5831          48 :                 running.subxcnt = 0;
    5832          48 :                 running.subxid_status = SUBXIDS_IN_SUBTRANS;
    5833          48 :                 running.nextXid = XidFromFullTransactionId(checkPoint.nextXid);
    5834          48 :                 running.oldestRunningXid = oldestActiveXID;
    5835          48 :                 latestCompletedXid = XidFromFullTransactionId(checkPoint.nextXid);
    5836          48 :                 TransactionIdRetreat(latestCompletedXid);
    5837             :                 Assert(TransactionIdIsNormal(latestCompletedXid));
    5838          48 :                 running.latestCompletedXid = latestCompletedXid;
    5839          48 :                 running.xids = xids;
    5840             : 
    5841          48 :                 ProcArrayApplyRecoveryInfo(&running);
    5842             :             }
    5843             :         }
    5844             : 
    5845             :         /*
    5846             :          * We're all set for replaying the WAL now. Do it.
    5847             :          */
    5848         410 :         PerformWalRecovery();
    5849         304 :         performedWalRecovery = true;
    5850             :     }
    5851             :     else
    5852        1230 :         performedWalRecovery = false;
    5853             : 
    5854             :     /*
    5855             :      * Finish WAL recovery.
    5856             :      */
    5857        1534 :     endOfRecoveryInfo = FinishWalRecovery();
    5858        1534 :     EndOfLog = endOfRecoveryInfo->endOfLog;
    5859        1534 :     EndOfLogTLI = endOfRecoveryInfo->endOfLogTLI;
    5860        1534 :     abortedRecPtr = endOfRecoveryInfo->abortedRecPtr;
    5861        1534 :     missingContrecPtr = endOfRecoveryInfo->missingContrecPtr;
    5862             : 
    5863             :     /*
    5864             :      * Reset ps status display, so as no information related to recovery shows
    5865             :      * up.
    5866             :      */
    5867        1534 :     set_ps_display("");
    5868             : 
    5869             :     /*
    5870             :      * When recovering from a backup (we are in recovery, and archive recovery
    5871             :      * was requested), complain if we did not roll forward far enough to reach
    5872             :      * the point where the database is consistent.  For regular online
    5873             :      * backup-from-primary, that means reaching the end-of-backup WAL record
    5874             :      * (at which point we reset backupStartPoint to be Invalid), for
    5875             :      * backup-from-replica (which can't inject records into the WAL stream),
    5876             :      * that point is when we reach the minRecoveryPoint in pg_control (which
    5877             :      * we purposefully copy last when backing up from a replica).  For
    5878             :      * pg_rewind (which creates a backup_label with a method of "pg_rewind")
    5879             :      * or snapshot-style backups (which don't), backupEndRequired will be set
    5880             :      * to false.
    5881             :      *
    5882             :      * Note: it is indeed okay to look at the local variable
    5883             :      * LocalMinRecoveryPoint here, even though ControlFile->minRecoveryPoint
    5884             :      * might be further ahead --- ControlFile->minRecoveryPoint cannot have
    5885             :      * been advanced beyond the WAL we processed.
    5886             :      */
    5887        1534 :     if (InRecovery &&
    5888         304 :         (EndOfLog < LocalMinRecoveryPoint ||
    5889         304 :          !XLogRecPtrIsInvalid(ControlFile->backupStartPoint)))
    5890             :     {
    5891             :         /*
    5892             :          * Ran off end of WAL before reaching end-of-backup WAL record, or
    5893             :          * minRecoveryPoint. That's a bad sign, indicating that you tried to
    5894             :          * recover from an online backup but never called pg_backup_stop(), or
    5895             :          * you didn't archive all the WAL needed.
    5896             :          */
    5897           0 :         if (ArchiveRecoveryRequested || ControlFile->backupEndRequired)
    5898             :         {
    5899           0 :             if (!XLogRecPtrIsInvalid(ControlFile->backupStartPoint) || ControlFile->backupEndRequired)
    5900           0 :                 ereport(FATAL,
    5901             :                         (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    5902             :                          errmsg("WAL ends before end of online backup"),
    5903             :                          errhint("All WAL generated while online backup was taken must be available at recovery.")));
    5904             :             else
    5905           0 :                 ereport(FATAL,
    5906             :                         (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    5907             :                          errmsg("WAL ends before consistent recovery point")));
    5908             :         }
    5909             :     }
    5910             : 
    5911             :     /*
    5912             :      * Reset unlogged relations to the contents of their INIT fork. This is
    5913             :      * done AFTER recovery is complete so as to include any unlogged relations
    5914             :      * created during recovery, but BEFORE recovery is marked as having
    5915             :      * completed successfully. Otherwise we'd not retry if any of the post
    5916             :      * end-of-recovery steps fail.
    5917             :      */
    5918        1534 :     if (InRecovery)
    5919         304 :         ResetUnloggedRelations(UNLOGGED_RELATION_INIT);
    5920             : 
    5921             :     /*
    5922             :      * Pre-scan prepared transactions to find out the range of XIDs present.
    5923             :      * This information is not quite needed yet, but it is positioned here so
    5924             :      * as potential problems are detected before any on-disk change is done.
    5925             :      */
    5926        1534 :     oldestActiveXID = PrescanPreparedTransactions(NULL, NULL);
    5927             : 
    5928             :     /*
    5929             :      * Allow ordinary WAL segment creation before possibly switching to a new
    5930             :      * timeline, which creates a new segment, and after the last ReadRecord().
    5931             :      */
    5932        1534 :     SetInstallXLogFileSegmentActive();
    5933             : 
    5934             :     /*
    5935             :      * Consider whether we need to assign a new timeline ID.
    5936             :      *
    5937             :      * If we did archive recovery, we always assign a new ID.  This handles a
    5938             :      * couple of issues.  If we stopped short of the end of WAL during
    5939             :      * recovery, then we are clearly generating a new timeline and must assign
    5940             :      * it a unique new ID.  Even if we ran to the end, modifying the current
    5941             :      * last segment is problematic because it may result in trying to
    5942             :      * overwrite an already-archived copy of that segment, and we encourage
    5943             :      * DBAs to make their archive_commands reject that.  We can dodge the
    5944             :      * problem by making the new active segment have a new timeline ID.
    5945             :      *
    5946             :      * In a normal crash recovery, we can just extend the timeline we were in.
    5947             :      */
    5948        1534 :     newTLI = endOfRecoveryInfo->lastRecTLI;
    5949        1534 :     if (ArchiveRecoveryRequested)
    5950             :     {
    5951          96 :         newTLI = findNewestTimeLine(recoveryTargetTLI) + 1;
    5952          96 :         ereport(LOG,
    5953             :                 (errmsg("selected new timeline ID: %u", newTLI)));
    5954             : 
    5955             :         /*
    5956             :          * Make a writable copy of the last WAL segment.  (Note that we also
    5957             :          * have a copy of the last block of the old WAL in
    5958             :          * endOfRecovery->lastPage; we will use that below.)
    5959             :          */
    5960          96 :         XLogInitNewTimeline(EndOfLogTLI, EndOfLog, newTLI);
    5961             : 
    5962             :         /*
    5963             :          * Remove the signal files out of the way, so that we don't
    5964             :          * accidentally re-enter archive recovery mode in a subsequent crash.
    5965             :          */
    5966          96 :         if (endOfRecoveryInfo->standby_signal_file_found)
    5967          90 :             durable_unlink(STANDBY_SIGNAL_FILE, FATAL);
    5968             : 
    5969          96 :         if (endOfRecoveryInfo->recovery_signal_file_found)
    5970           6 :             durable_unlink(RECOVERY_SIGNAL_FILE, FATAL);
    5971             : 
    5972             :         /*
    5973             :          * Write the timeline history file, and have it archived. After this
    5974             :          * point (or rather, as soon as the file is archived), the timeline
    5975             :          * will appear as "taken" in the WAL archive and to any standby
    5976             :          * servers.  If we crash before actually switching to the new
    5977             :          * timeline, standby servers will nevertheless think that we switched
    5978             :          * to the new timeline, and will try to connect to the new timeline.
    5979             :          * To minimize the window for that, try to do as little as possible
    5980             :          * between here and writing the end-of-recovery record.
    5981             :          */
    5982          96 :         writeTimeLineHistory(newTLI, recoveryTargetTLI,
    5983             :                              EndOfLog, endOfRecoveryInfo->recoveryStopReason);
    5984             : 
    5985          96 :         ereport(LOG,
    5986             :                 (errmsg("archive recovery complete")));
    5987             :     }
    5988             : 
    5989             :     /* Save the selected TimeLineID in shared memory, too */
    5990        1534 :     SpinLockAcquire(&XLogCtl->info_lck);
    5991        1534 :     XLogCtl->InsertTimeLineID = newTLI;
    5992        1534 :     XLogCtl->PrevTimeLineID = endOfRecoveryInfo->lastRecTLI;
    5993        1534 :     SpinLockRelease(&XLogCtl->info_lck);
    5994             : 
    5995             :     /*
    5996             :      * Actually, if WAL ended in an incomplete record, skip the parts that
    5997             :      * made it through and start writing after the portion that persisted.
    5998             :      * (It's critical to first write an OVERWRITE_CONTRECORD message, which
    5999             :      * we'll do as soon as we're open for writing new WAL.)
    6000             :      */
    6001        1534 :     if (!XLogRecPtrIsInvalid(missingContrecPtr))
    6002             :     {
    6003             :         /*
    6004             :          * We should only have a missingContrecPtr if we're not switching to a
    6005             :          * new timeline. When a timeline switch occurs, WAL is copied from the
    6006             :          * old timeline to the new only up to the end of the last complete
    6007             :          * record, so there can't be an incomplete WAL record that we need to
    6008             :          * disregard.
    6009             :          */
    6010             :         Assert(newTLI == endOfRecoveryInfo->lastRecTLI);
    6011             :         Assert(!XLogRecPtrIsInvalid(abortedRecPtr));
    6012          22 :         EndOfLog = missingContrecPtr;
    6013             :     }
    6014             : 
    6015             :     /*
    6016             :      * Prepare to write WAL starting at EndOfLog location, and init xlog
    6017             :      * buffer cache using the block containing the last record from the
    6018             :      * previous incarnation.
    6019             :      */
    6020        1534 :     Insert = &XLogCtl->Insert;
    6021        1534 :     Insert->PrevBytePos = XLogRecPtrToBytePos(endOfRecoveryInfo->lastRec);
    6022        1534 :     Insert->CurrBytePos = XLogRecPtrToBytePos(EndOfLog);
    6023             : 
    6024             :     /*
    6025             :      * Tricky point here: lastPage contains the *last* block that the LastRec
    6026             :      * record spans, not the one it starts in.  The last block is indeed the
    6027             :      * one we want to use.
    6028             :      */
    6029        1534 :     if (EndOfLog % XLOG_BLCKSZ != 0)
    6030             :     {
    6031             :         char       *page;
    6032             :         int         len;
    6033             :         int         firstIdx;
    6034             : 
    6035        1478 :         firstIdx = XLogRecPtrToBufIdx(EndOfLog);
    6036        1478 :         len = EndOfLog - endOfRecoveryInfo->lastPageBeginPtr;
    6037             :         Assert(len < XLOG_BLCKSZ);
    6038             : 
    6039             :         /* Copy the valid part of the last block, and zero the rest */
    6040        1478 :         page = &XLogCtl->pages[firstIdx * XLOG_BLCKSZ];
    6041        1478 :         memcpy(page, endOfRecoveryInfo->lastPage, len);
    6042        1478 :         memset(page + len, 0, XLOG_BLCKSZ - len);
    6043             : 
    6044        1478 :         pg_atomic_write_u64(&XLogCtl->xlblocks[firstIdx], endOfRecoveryInfo->lastPageBeginPtr + XLOG_BLCKSZ);
    6045        1478 :         XLogCtl->InitializedUpTo = endOfRecoveryInfo->lastPageBeginPtr + XLOG_BLCKSZ;
    6046             :     }
    6047             :     else
    6048             :     {
    6049             :         /*
    6050             :          * There is no partial block to copy. Just set InitializedUpTo, and
    6051             :          * let the first attempt to insert a log record to initialize the next
    6052             :          * buffer.
    6053             :          */
    6054          56 :         XLogCtl->InitializedUpTo = EndOfLog;
    6055             :     }
    6056             : 
    6057             :     /*
    6058             :      * Update local and shared status.  This is OK to do without any locks
    6059             :      * because no other process can be reading or writing WAL yet.
    6060             :      */
    6061        1534 :     LogwrtResult.Write = LogwrtResult.Flush = EndOfLog;
    6062        1534 :     pg_atomic_write_u64(&XLogCtl->logInsertResult, EndOfLog);
    6063        1534 :     pg_atomic_write_u64(&XLogCtl->logWriteResult, EndOfLog);
    6064        1534 :     pg_atomic_write_u64(&XLogCtl->logFlushResult, EndOfLog);
    6065        1534 :     XLogCtl->LogwrtRqst.Write = EndOfLog;
    6066        1534 :     XLogCtl->LogwrtRqst.Flush = EndOfLog;
    6067             : 
    6068             :     /*
    6069             :      * Preallocate additional log files, if wanted.
    6070             :      */
    6071        1534 :     PreallocXlogFiles(EndOfLog, newTLI);
    6072             : 
    6073             :     /*
    6074             :      * Okay, we're officially UP.
    6075             :      */
    6076        1534 :     InRecovery = false;
    6077             : 
    6078             :     /* start the archive_timeout timer and LSN running */
    6079        1534 :     XLogCtl->lastSegSwitchTime = (pg_time_t) time(NULL);
    6080        1534 :     XLogCtl->lastSegSwitchLSN = EndOfLog;
    6081             : 
    6082             :     /* also initialize latestCompletedXid, to nextXid - 1 */
    6083        1534 :     LWLockAcquire(ProcArrayLock, LW_EXCLUSIVE);
    6084        1534 :     TransamVariables->latestCompletedXid = TransamVariables->nextXid;
    6085        1534 :     FullTransactionIdRetreat(&TransamVariables->latestCompletedXid);
    6086        1534 :     LWLockRelease(ProcArrayLock);
    6087             : 
    6088             :     /*
    6089             :      * Start up subtrans, if not already done for hot standby.  (commit
    6090             :      * timestamps are started below, if necessary.)
    6091             :      */
    6092        1534 :     if (standbyState == STANDBY_DISABLED)
    6093        1438 :         StartupSUBTRANS(oldestActiveXID);
    6094             : 
    6095             :     /*
    6096             :      * Perform end of recovery actions for any SLRUs that need it.
    6097             :      */
    6098        1534 :     TrimCLOG();
    6099        1534 :     TrimMultiXact();
    6100             : 
    6101             :     /*
    6102             :      * Reload shared-memory state for prepared transactions.  This needs to
    6103             :      * happen before renaming the last partial segment of the old timeline as
    6104             :      * it may be possible that we have to recovery some transactions from it.
    6105             :      */
    6106        1534 :     RecoverPreparedTransactions();
    6107             : 
    6108             :     /* Shut down xlogreader */
    6109        1534 :     ShutdownWalRecovery();
    6110             : 
    6111             :     /* Enable WAL writes for this backend only. */
    6112        1534 :     LocalSetXLogInsertAllowed();
    6113             : 
    6114             :     /* If necessary, write overwrite-contrecord before doing anything else */
    6115        1534 :     if (!XLogRecPtrIsInvalid(abortedRecPtr))
    6116             :     {
    6117             :         Assert(!XLogRecPtrIsInvalid(missingContrecPtr));
    6118          22 :         CreateOverwriteContrecordRecord(abortedRecPtr, missingContrecPtr, newTLI);
    6119             :     }
    6120             : 
    6121             :     /*
    6122             :      * Update full_page_writes in shared memory and write an XLOG_FPW_CHANGE
    6123             :      * record before resource manager writes cleanup WAL records or checkpoint
    6124             :      * record is written.
    6125             :      */
    6126        1534 :     Insert->fullPageWrites = lastFullPageWrites;
    6127        1534 :     UpdateFullPageWrites();
    6128             : 
    6129             :     /*
    6130             :      * Emit checkpoint or end-of-recovery record in XLOG, if required.
    6131             :      */
    6132        1534 :     if (performedWalRecovery)
    6133         304 :         promoted = PerformRecoveryXLogAction();
    6134             : 
    6135             :     /*
    6136             :      * If any of the critical GUCs have changed, log them before we allow
    6137             :      * backends to write WAL.
    6138             :      */
    6139        1534 :     XLogReportParameters();
    6140             : 
    6141             :     /* If this is archive recovery, perform post-recovery cleanup actions. */
    6142        1534 :     if (ArchiveRecoveryRequested)
    6143          96 :         CleanupAfterArchiveRecovery(EndOfLogTLI, EndOfLog, newTLI);
    6144             : 
    6145             :     /*
    6146             :      * Local WAL inserts enabled, so it's time to finish initialization of
    6147             :      * commit timestamp.
    6148             :      */
    6149        1534 :     CompleteCommitTsInitialization();
    6150             : 
    6151             :     /*
    6152             :      * All done with end-of-recovery actions.
    6153             :      *
    6154             :      * Now allow backends to write WAL and update the control file status in
    6155             :      * consequence.  SharedRecoveryState, that controls if backends can write
    6156             :      * WAL, is updated while holding ControlFileLock to prevent other backends
    6157             :      * to look at an inconsistent state of the control file in shared memory.
    6158             :      * There is still a small window during which backends can write WAL and
    6159             :      * the control file is still referring to a system not in DB_IN_PRODUCTION
    6160             :      * state while looking at the on-disk control file.
    6161             :      *
    6162             :      * Also, we use info_lck to update SharedRecoveryState to ensure that
    6163             :      * there are no race conditions concerning visibility of other recent
    6164             :      * updates to shared memory.
    6165             :      */
    6166        1534 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    6167        1534 :     ControlFile->state = DB_IN_PRODUCTION;
    6168             : 
    6169        1534 :     SpinLockAcquire(&XLogCtl->info_lck);
    6170        1534 :     XLogCtl->SharedRecoveryState = RECOVERY_STATE_DONE;
    6171        1534 :     SpinLockRelease(&XLogCtl->info_lck);
    6172             : 
    6173        1534 :     UpdateControlFile();
    6174        1534 :     LWLockRelease(ControlFileLock);
    6175             : 
    6176             :     /*
    6177             :      * Shutdown the recovery environment.  This must occur after
    6178             :      * RecoverPreparedTransactions() (see notes in lock_twophase_recover())
    6179             :      * and after switching SharedRecoveryState to RECOVERY_STATE_DONE so as
    6180             :      * any session building a snapshot will not rely on KnownAssignedXids as
    6181             :      * RecoveryInProgress() would return false at this stage.  This is
    6182             :      * particularly critical for prepared 2PC transactions, that would still
    6183             :      * need to be included in snapshots once recovery has ended.
    6184             :      */
    6185        1534 :     if (standbyState != STANDBY_DISABLED)
    6186          96 :         ShutdownRecoveryTransactionEnvironment();
    6187             : 
    6188             :     /*
    6189             :      * If there were cascading standby servers connected to us, nudge any wal
    6190             :      * sender processes to notice that we've been promoted.
    6191             :      */
    6192        1534 :     WalSndWakeup(true, true);
    6193             : 
    6194             :     /*
    6195             :      * If this was a promotion, request an (online) checkpoint now. This isn't
    6196             :      * required for consistency, but the last restartpoint might be far back,
    6197             :      * and in case of a crash, recovering from it might take a longer than is
    6198             :      * appropriate now that we're not in standby mode anymore.
    6199             :      */
    6200        1534 :     if (promoted)
    6201          82 :         RequestCheckpoint(CHECKPOINT_FORCE);
    6202        1534 : }
    6203             : 
    6204             : /*
    6205             :  * Callback from PerformWalRecovery(), called when we switch from crash
    6206             :  * recovery to archive recovery mode.  Updates the control file accordingly.
    6207             :  */
    6208             : void
    6209           4 : SwitchIntoArchiveRecovery(XLogRecPtr EndRecPtr, TimeLineID replayTLI)
    6210             : {
    6211             :     /* initialize minRecoveryPoint to this record */
    6212           4 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    6213           4 :     ControlFile->state = DB_IN_ARCHIVE_RECOVERY;
    6214           4 :     if (ControlFile->minRecoveryPoint < EndRecPtr)
    6215             :     {
    6216           4 :         ControlFile->minRecoveryPoint = EndRecPtr;
    6217           4 :         ControlFile->minRecoveryPointTLI = replayTLI;
    6218             :     }
    6219             :     /* update local copy */
    6220           4 :     LocalMinRecoveryPoint = ControlFile->minRecoveryPoint;
    6221           4 :     LocalMinRecoveryPointTLI = ControlFile->minRecoveryPointTLI;
    6222             : 
    6223             :     /*
    6224             :      * The startup process can update its local copy of minRecoveryPoint from
    6225             :      * this point.
    6226             :      */
    6227           4 :     updateMinRecoveryPoint = true;
    6228             : 
    6229           4 :     UpdateControlFile();
    6230             : 
    6231             :     /*
    6232             :      * We update SharedRecoveryState while holding the lock on ControlFileLock
    6233             :      * so both states are consistent in shared memory.
    6234             :      */
    6235           4 :     SpinLockAcquire(&XLogCtl->info_lck);
    6236           4 :     XLogCtl->SharedRecoveryState = RECOVERY_STATE_ARCHIVE;
    6237           4 :     SpinLockRelease(&XLogCtl->info_lck);
    6238             : 
    6239           4 :     LWLockRelease(ControlFileLock);
    6240           4 : }
    6241             : 
    6242             : /*
    6243             :  * Callback from PerformWalRecovery(), called when we reach the end of backup.
    6244             :  * Updates the control file accordingly.
    6245             :  */
    6246             : void
    6247         136 : ReachedEndOfBackup(XLogRecPtr EndRecPtr, TimeLineID tli)
    6248             : {
    6249             :     /*
    6250             :      * We have reached the end of base backup, as indicated by pg_control. The
    6251             :      * data on disk is now consistent (unless minRecoveryPoint is further
    6252             :      * ahead, which can happen if we crashed during previous recovery).  Reset
    6253             :      * backupStartPoint and backupEndPoint, and update minRecoveryPoint to
    6254             :      * make sure we don't allow starting up at an earlier point even if
    6255             :      * recovery is stopped and restarted soon after this.
    6256             :      */
    6257         136 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    6258             : 
    6259         136 :     if (ControlFile->minRecoveryPoint < EndRecPtr)
    6260             :     {
    6261         128 :         ControlFile->minRecoveryPoint = EndRecPtr;
    6262         128 :         ControlFile->minRecoveryPointTLI = tli;
    6263             :     }
    6264             : 
    6265         136 :     ControlFile->backupStartPoint = InvalidXLogRecPtr;
    6266         136 :     ControlFile->backupEndPoint = InvalidXLogRecPtr;
    6267         136 :     ControlFile->backupEndRequired = false;
    6268         136 :     UpdateControlFile();
    6269             : 
    6270         136 :     LWLockRelease(ControlFileLock);
    6271         136 : }
    6272             : 
    6273             : /*
    6274             :  * Perform whatever XLOG actions are necessary at end of REDO.
    6275             :  *
    6276             :  * The goal here is to make sure that we'll be able to recover properly if
    6277             :  * we crash again. If we choose to write a checkpoint, we'll write a shutdown
    6278             :  * checkpoint rather than an on-line one. This is not particularly critical,
    6279             :  * but since we may be assigning a new TLI, using a shutdown checkpoint allows
    6280             :  * us to have the rule that TLI only changes in shutdown checkpoints, which
    6281             :  * allows some extra error checking in xlog_redo.
    6282             :  */
    6283             : static bool
    6284         304 : PerformRecoveryXLogAction(void)
    6285             : {
    6286         304 :     bool        promoted = false;
    6287             : 
    6288             :     /*
    6289             :      * Perform a checkpoint to update all our recovery activity to disk.
    6290             :      *
    6291             :      * Note that we write a shutdown checkpoint rather than an on-line one.
    6292             :      * This is not particularly critical, but since we may be assigning a new
    6293             :      * TLI, using a shutdown checkpoint allows us to have the rule that TLI
    6294             :      * only changes in shutdown checkpoints, which allows some extra error
    6295             :      * checking in xlog_redo.
    6296             :      *
    6297             :      * In promotion, only create a lightweight end-of-recovery record instead
    6298             :      * of a full checkpoint. A checkpoint is requested later, after we're
    6299             :      * fully out of recovery mode and already accepting queries.
    6300             :      */
    6301         400 :     if (ArchiveRecoveryRequested && IsUnderPostmaster &&
    6302          96 :         PromoteIsTriggered())
    6303             :     {
    6304          82 :         promoted = true;
    6305             : 
    6306             :         /*
    6307             :          * Insert a special WAL record to mark the end of recovery, since we
    6308             :          * aren't doing a checkpoint. That means that the checkpointer process
    6309             :          * may likely be in the middle of a time-smoothed restartpoint and
    6310             :          * could continue to be for minutes after this.  That sounds strange,
    6311             :          * but the effect is roughly the same and it would be stranger to try
    6312             :          * to come out of the restartpoint and then checkpoint. We request a
    6313             :          * checkpoint later anyway, just for safety.
    6314             :          */
    6315          82 :         CreateEndOfRecoveryRecord();
    6316             :     }
    6317             :     else
    6318             :     {
    6319         222 :         RequestCheckpoint(CHECKPOINT_END_OF_RECOVERY |
    6320             :                           CHECKPOINT_IMMEDIATE |
    6321             :                           CHECKPOINT_WAIT);
    6322             :     }
    6323             : 
    6324         304 :     return promoted;
    6325             : }
    6326             : 
    6327             : /*
    6328             :  * Is the system still in recovery?
    6329             :  *
    6330             :  * Unlike testing InRecovery, this works in any process that's connected to
    6331             :  * shared memory.
    6332             :  */
    6333             : bool
    6334   163777884 : RecoveryInProgress(void)
    6335             : {
    6336             :     /*
    6337             :      * We check shared state each time only until we leave recovery mode. We
    6338             :      * can't re-enter recovery, so there's no need to keep checking after the
    6339             :      * shared variable has once been seen false.
    6340             :      */
    6341   163777884 :     if (!LocalRecoveryInProgress)
    6342   158697854 :         return false;
    6343             :     else
    6344             :     {
    6345             :         /*
    6346             :          * use volatile pointer to make sure we make a fresh read of the
    6347             :          * shared variable.
    6348             :          */
    6349     5080030 :         volatile XLogCtlData *xlogctl = XLogCtl;
    6350             : 
    6351     5080030 :         LocalRecoveryInProgress = (xlogctl->SharedRecoveryState != RECOVERY_STATE_DONE);
    6352             : 
    6353             :         /*
    6354             :          * Note: We don't need a memory barrier when we're still in recovery.
    6355             :          * We might exit recovery immediately after return, so the caller
    6356             :          * can't rely on 'true' meaning that we're still in recovery anyway.
    6357             :          */
    6358             : 
    6359     5080030 :         return LocalRecoveryInProgress;
    6360             :     }
    6361             : }
    6362             : 
    6363             : /*
    6364             :  * Returns current recovery state from shared memory.
    6365             :  *
    6366             :  * This returned state is kept consistent with the contents of the control
    6367             :  * file.  See details about the possible values of RecoveryState in xlog.h.
    6368             :  */
    6369             : RecoveryState
    6370         114 : GetRecoveryState(void)
    6371             : {
    6372             :     RecoveryState retval;
    6373             : 
    6374         114 :     SpinLockAcquire(&XLogCtl->info_lck);
    6375         114 :     retval = XLogCtl->SharedRecoveryState;
    6376         114 :     SpinLockRelease(&XLogCtl->info_lck);
    6377             : 
    6378         114 :     return retval;
    6379             : }
    6380             : 
    6381             : /*
    6382             :  * Is this process allowed to insert new WAL records?
    6383             :  *
    6384             :  * Ordinarily this is essentially equivalent to !RecoveryInProgress().
    6385             :  * But we also have provisions for forcing the result "true" or "false"
    6386             :  * within specific processes regardless of the global state.
    6387             :  */
    6388             : bool
    6389    57688486 : XLogInsertAllowed(void)
    6390             : {
    6391             :     /*
    6392             :      * If value is "unconditionally true" or "unconditionally false", just
    6393             :      * return it.  This provides the normal fast path once recovery is known
    6394             :      * done.
    6395             :      */
    6396    57688486 :     if (LocalXLogInsertAllowed >= 0)
    6397    57491406 :         return (bool) LocalXLogInsertAllowed;
    6398             : 
    6399             :     /*
    6400             :      * Else, must check to see if we're still in recovery.
    6401             :      */
    6402      197080 :     if (RecoveryInProgress())
    6403      182384 :         return false;
    6404             : 
    6405             :     /*
    6406             :      * On exit from recovery, reset to "unconditionally true", since there is
    6407             :      * no need to keep checking.
    6408             :      */
    6409       14696 :     LocalXLogInsertAllowed = 1;
    6410       14696 :     return true;
    6411             : }
    6412             : 
    6413             : /*
    6414             :  * Make XLogInsertAllowed() return true in the current process only.
    6415             :  *
    6416             :  * Note: it is allowed to switch LocalXLogInsertAllowed back to -1 later,
    6417             :  * and even call LocalSetXLogInsertAllowed() again after that.
    6418             :  *
    6419             :  * Returns the previous value of LocalXLogInsertAllowed.
    6420             :  */
    6421             : static int
    6422        1592 : LocalSetXLogInsertAllowed(void)
    6423             : {
    6424        1592 :     int         oldXLogAllowed = LocalXLogInsertAllowed;
    6425             : 
    6426        1592 :     LocalXLogInsertAllowed = 1;
    6427             : 
    6428        1592 :     return oldXLogAllowed;
    6429             : }
    6430             : 
    6431             : /*
    6432             :  * Return the current Redo pointer from shared memory.
    6433             :  *
    6434             :  * As a side-effect, the local RedoRecPtr copy is updated.
    6435             :  */
    6436             : XLogRecPtr
    6437      567830 : GetRedoRecPtr(void)
    6438             : {
    6439             :     XLogRecPtr  ptr;
    6440             : 
    6441             :     /*
    6442             :      * The possibly not up-to-date copy in XlogCtl is enough. Even if we
    6443             :      * grabbed a WAL insertion lock to read the authoritative value in
    6444             :      * Insert->RedoRecPtr, someone might update it just after we've released
    6445             :      * the lock.
    6446             :      */
    6447      567830 :     SpinLockAcquire(&XLogCtl->info_lck);
    6448      567830 :     ptr = XLogCtl->RedoRecPtr;
    6449      567830 :     SpinLockRelease(&XLogCtl->info_lck);
    6450             : 
    6451      567830 :     if (RedoRecPtr < ptr)
    6452        2552 :         RedoRecPtr = ptr;
    6453             : 
    6454      567830 :     return RedoRecPtr;
    6455             : }
    6456             : 
    6457             : /*
    6458             :  * Return information needed to decide whether a modified block needs a
    6459             :  * full-page image to be included in the WAL record.
    6460             :  *
    6461             :  * The returned values are cached copies from backend-private memory, and
    6462             :  * possibly out-of-date or, indeed, uninitialized, in which case they will
    6463             :  * be InvalidXLogRecPtr and false, respectively.  XLogInsertRecord will
    6464             :  * re-check them against up-to-date values, while holding the WAL insert lock.
    6465             :  */
    6466             : void
    6467    27965538 : GetFullPageWriteInfo(XLogRecPtr *RedoRecPtr_p, bool *doPageWrites_p)
    6468             : {
    6469    27965538 :     *RedoRecPtr_p = RedoRecPtr;
    6470    27965538 :     *doPageWrites_p = doPageWrites;
    6471    27965538 : }
    6472             : 
    6473             : /*
    6474             :  * GetInsertRecPtr -- Returns the current insert position.
    6475             :  *
    6476             :  * NOTE: The value *actually* returned is the position of the last full
    6477             :  * xlog page. It lags behind the real insert position by at most 1 page.
    6478             :  * For that, we don't need to scan through WAL insertion locks, and an
    6479             :  * approximation is enough for the current usage of this function.
    6480             :  */
    6481             : XLogRecPtr
    6482       11426 : GetInsertRecPtr(void)
    6483             : {
    6484             :     XLogRecPtr  recptr;
    6485             : 
    6486       11426 :     SpinLockAcquire(&XLogCtl->info_lck);
    6487       11426 :     recptr = XLogCtl->LogwrtRqst.Write;
    6488       11426 :     SpinLockRelease(&XLogCtl->info_lck);
    6489             : 
    6490       11426 :     return recptr;
    6491             : }
    6492             : 
    6493             : /*
    6494             :  * GetFlushRecPtr -- Returns the current flush position, ie, the last WAL
    6495             :  * position known to be fsync'd to disk. This should only be used on a
    6496             :  * system that is known not to be in recovery.
    6497             :  */
    6498             : XLogRecPtr
    6499      381118 : GetFlushRecPtr(TimeLineID *insertTLI)
    6500             : {
    6501             :     Assert(XLogCtl->SharedRecoveryState == RECOVERY_STATE_DONE);
    6502             : 
    6503      381118 :     RefreshXLogWriteResult(LogwrtResult);
    6504             : 
    6505             :     /*
    6506             :      * If we're writing and flushing WAL, the time line can't be changing, so
    6507             :      * no lock is required.
    6508             :      */
    6509      381118 :     if (insertTLI)
    6510       49114 :         *insertTLI = XLogCtl->InsertTimeLineID;
    6511             : 
    6512      381118 :     return LogwrtResult.Flush;
    6513             : }
    6514             : 
    6515             : /*
    6516             :  * GetWALInsertionTimeLine -- Returns the current timeline of a system that
    6517             :  * is not in recovery.
    6518             :  */
    6519             : TimeLineID
    6520      227074 : GetWALInsertionTimeLine(void)
    6521             : {
    6522             :     Assert(XLogCtl->SharedRecoveryState == RECOVERY_STATE_DONE);
    6523             : 
    6524             :     /* Since the value can't be changing, no lock is required. */
    6525      227074 :     return XLogCtl->InsertTimeLineID;
    6526             : }
    6527             : 
    6528             : /*
    6529             :  * GetWALInsertionTimeLineIfSet -- If the system is not in recovery, returns
    6530             :  * the WAL insertion timeline; else, returns 0. Wherever possible, use
    6531             :  * GetWALInsertionTimeLine() instead, since it's cheaper. Note that this
    6532             :  * function decides recovery has ended as soon as the insert TLI is set, which
    6533             :  * happens before we set XLogCtl->SharedRecoveryState to RECOVERY_STATE_DONE.
    6534             :  */
    6535             : TimeLineID
    6536           0 : GetWALInsertionTimeLineIfSet(void)
    6537             : {
    6538             :     TimeLineID  insertTLI;
    6539             : 
    6540           0 :     SpinLockAcquire(&XLogCtl->info_lck);
    6541           0 :     insertTLI = XLogCtl->InsertTimeLineID;
    6542           0 :     SpinLockRelease(&XLogCtl->info_lck);
    6543             : 
    6544           0 :     return insertTLI;
    6545             : }
    6546             : 
    6547             : /*
    6548             :  * GetLastImportantRecPtr -- Returns the LSN of the last important record
    6549             :  * inserted. All records not explicitly marked as unimportant are considered
    6550             :  * important.
    6551             :  *
    6552             :  * The LSN is determined by computing the maximum of
    6553             :  * WALInsertLocks[i].lastImportantAt.
    6554             :  */
    6555             : XLogRecPtr
    6556        2156 : GetLastImportantRecPtr(void)
    6557             : {
    6558        2156 :     XLogRecPtr  res = InvalidXLogRecPtr;
    6559             :     int         i;
    6560             : 
    6561       19404 :     for (i = 0; i < NUM_XLOGINSERT_LOCKS; i++)
    6562             :     {
    6563             :         XLogRecPtr  last_important;
    6564             : 
    6565             :         /*
    6566             :          * Need to take a lock to prevent torn reads of the LSN, which are
    6567             :          * possible on some of the supported platforms. WAL insert locks only
    6568             :          * support exclusive mode, so we have to use that.
    6569             :          */
    6570       17248 :         LWLockAcquire(&WALInsertLocks[i].l.lock, LW_EXCLUSIVE);
    6571       17248 :         last_important = WALInsertLocks[i].l.lastImportantAt;
    6572       17248 :         LWLockRelease(&WALInsertLocks[i].l.lock);
    6573             : 
    6574       17248 :         if (res < last_important)
    6575        3916 :             res = last_important;
    6576             :     }
    6577             : 
    6578        2156 :     return res;
    6579             : }
    6580             : 
    6581             : /*
    6582             :  * Get the time and LSN of the last xlog segment switch
    6583             :  */
    6584             : pg_time_t
    6585           0 : GetLastSegSwitchData(XLogRecPtr *lastSwitchLSN)
    6586             : {
    6587             :     pg_time_t   result;
    6588             : 
    6589             :     /* Need WALWriteLock, but shared lock is sufficient */
    6590           0 :     LWLockAcquire(WALWriteLock, LW_SHARED);
    6591           0 :     result = XLogCtl->lastSegSwitchTime;
    6592           0 :     *lastSwitchLSN = XLogCtl->lastSegSwitchLSN;
    6593           0 :     LWLockRelease(WALWriteLock);
    6594             : 
    6595           0 :     return result;
    6596             : }
    6597             : 
    6598             : /*
    6599             :  * This must be called ONCE during postmaster or standalone-backend shutdown
    6600             :  */
    6601             : void
    6602        1088 : ShutdownXLOG(int code, Datum arg)
    6603             : {
    6604             :     /*
    6605             :      * We should have an aux process resource owner to use, and we should not
    6606             :      * be in a transaction that's installed some other resowner.
    6607             :      */
    6608             :     Assert(AuxProcessResourceOwner != NULL);
    6609             :     Assert(CurrentResourceOwner == NULL ||
    6610             :            CurrentResourceOwner == AuxProcessResourceOwner);
    6611        1088 :     CurrentResourceOwner = AuxProcessResourceOwner;
    6612             : 
    6613             :     /* Don't be chatty in standalone mode */
    6614        1088 :     ereport(IsPostmasterEnvironment ? LOG : NOTICE,
    6615             :             (errmsg("shutting down")));
    6616             : 
    6617             :     /*
    6618             :      * Signal walsenders to move to stopping state.
    6619             :      */
    6620        1088 :     WalSndInitStopping();
    6621             : 
    6622             :     /*
    6623             :      * Wait for WAL senders to be in stopping state.  This prevents commands
    6624             :      * from writing new WAL.
    6625             :      */
    6626        1088 :     WalSndWaitStopping();
    6627             : 
    6628        1088 :     if (RecoveryInProgress())
    6629         100 :         CreateRestartPoint(CHECKPOINT_IS_SHUTDOWN | CHECKPOINT_IMMEDIATE);
    6630             :     else
    6631             :     {
    6632             :         /*
    6633             :          * If archiving is enabled, rotate the last XLOG file so that all the
    6634             :          * remaining records are archived (postmaster wakes up the archiver
    6635             :          * process one more time at the end of shutdown). The checkpoint
    6636             :          * record will go to the next XLOG file and won't be archived (yet).
    6637             :          */
    6638         988 :         if (XLogArchivingActive())
    6639          26 :             RequestXLogSwitch(false);
    6640             : 
    6641         988 :         CreateCheckPoint(CHECKPOINT_IS_SHUTDOWN | CHECKPOINT_IMMEDIATE);
    6642             :     }
    6643        1088 : }
    6644             : 
    6645             : /*
    6646             :  * Log start of a checkpoint.
    6647             :  */
    6648             : static void
    6649        1944 : LogCheckpointStart(int flags, bool restartpoint)
    6650             : {
    6651        1944 :     if (restartpoint)
    6652         366 :         ereport(LOG,
    6653             :         /* translator: the placeholders show checkpoint options */
    6654             :                 (errmsg("restartpoint starting:%s%s%s%s%s%s%s%s",
    6655             :                         (flags & CHECKPOINT_IS_SHUTDOWN) ? " shutdown" : "",
    6656             :                         (flags & CHECKPOINT_END_OF_RECOVERY) ? " end-of-recovery" : "",
    6657             :                         (flags & CHECKPOINT_IMMEDIATE) ? " immediate" : "",
    6658             :                         (flags & CHECKPOINT_FORCE) ? " force" : "",
    6659             :                         (flags & CHECKPOINT_WAIT) ? " wait" : "",
    6660             :                         (flags & CHECKPOINT_CAUSE_XLOG) ? " wal" : "",
    6661             :                         (flags & CHECKPOINT_CAUSE_TIME) ? " time" : "",
    6662             :                         (flags & CHECKPOINT_FLUSH_ALL) ? " flush-all" : "")));
    6663             :     else
    6664        1578 :         ereport(LOG,
    6665             :         /* translator: the placeholders show checkpoint options */
    6666             :                 (errmsg("checkpoint starting:%s%s%s%s%s%s%s%s",
    6667             :                         (flags & CHECKPOINT_IS_SHUTDOWN) ? " shutdown" : "",
    6668             :                         (flags & CHECKPOINT_END_OF_RECOVERY) ? " end-of-recovery" : "",
    6669             :                         (flags & CHECKPOINT_IMMEDIATE) ? " immediate" : "",
    6670             :                         (flags & CHECKPOINT_FORCE) ? " force" : "",
    6671             :                         (flags & CHECKPOINT_WAIT) ? " wait" : "",
    6672             :                         (flags & CHECKPOINT_CAUSE_XLOG) ? " wal" : "",
    6673             :                         (flags & CHECKPOINT_CAUSE_TIME) ? " time" : "",
    6674             :                         (flags & CHECKPOINT_FLUSH_ALL) ? " flush-all" : "")));
    6675        1944 : }
    6676             : 
    6677             : /*
    6678             :  * Log end of a checkpoint.
    6679             :  */
    6680             : static void
    6681        2468 : LogCheckpointEnd(bool restartpoint)
    6682             : {
    6683             :     long        write_msecs,
    6684             :                 sync_msecs,
    6685             :                 total_msecs,
    6686             :                 longest_msecs,
    6687             :                 average_msecs;
    6688             :     uint64      average_sync_time;
    6689             : 
    6690        2468 :     CheckpointStats.ckpt_end_t = GetCurrentTimestamp();
    6691             : 
    6692        2468 :     write_msecs = TimestampDifferenceMilliseconds(CheckpointStats.ckpt_write_t,
    6693             :                                                   CheckpointStats.ckpt_sync_t);
    6694             : 
    6695        2468 :     sync_msecs = TimestampDifferenceMilliseconds(CheckpointStats.ckpt_sync_t,
    6696             :                                                  CheckpointStats.ckpt_sync_end_t);
    6697             : 
    6698             :     /* Accumulate checkpoint timing summary data, in milliseconds. */
    6699        2468 :     PendingCheckpointerStats.write_time += write_msecs;
    6700        2468 :     PendingCheckpointerStats.sync_time += sync_msecs;
    6701             : 
    6702             :     /*
    6703             :      * All of the published timing statistics are accounted for.  Only
    6704             :      * continue if a log message is to be written.
    6705             :      */
    6706        2468 :     if (!log_checkpoints)
    6707         524 :         return;
    6708             : 
    6709        1944 :     total_msecs = TimestampDifferenceMilliseconds(CheckpointStats.ckpt_start_t,
    6710             :                                                   CheckpointStats.ckpt_end_t);
    6711             : 
    6712             :     /*
    6713             :      * Timing values returned from CheckpointStats are in microseconds.
    6714             :      * Convert to milliseconds for consistent printing.
    6715             :      */
    6716        1944 :     longest_msecs = (long) ((CheckpointStats.ckpt_longest_sync + 999) / 1000);
    6717             : 
    6718        1944 :     average_sync_time = 0;
    6719        1944 :     if (CheckpointStats.ckpt_sync_rels > 0)
    6720           0 :         average_sync_time = CheckpointStats.ckpt_agg_sync_time /
    6721           0 :             CheckpointStats.ckpt_sync_rels;
    6722        1944 :     average_msecs = (long) ((average_sync_time + 999) / 1000);
    6723             : 
    6724             :     /*
    6725             :      * ControlFileLock is not required to see ControlFile->checkPoint and
    6726             :      * ->checkPointCopy here as we are the only updator of those variables at
    6727             :      * this moment.
    6728             :      */
    6729        1944 :     if (restartpoint)
    6730         366 :         ereport(LOG,
    6731             :                 (errmsg("restartpoint complete: wrote %d buffers (%.1f%%), "
    6732             :                         "wrote %d SLRU buffers; %d WAL file(s) added, "
    6733             :                         "%d removed, %d recycled; write=%ld.%03d s, "
    6734             :                         "sync=%ld.%03d s, total=%ld.%03d s; sync files=%d, "
    6735             :                         "longest=%ld.%03d s, average=%ld.%03d s; distance=%d kB, "
    6736             :                         "estimate=%d kB; lsn=%X/%X, redo lsn=%X/%X",
    6737             :                         CheckpointStats.ckpt_bufs_written,
    6738             :                         (double) CheckpointStats.ckpt_bufs_written * 100 / NBuffers,
    6739             :                         CheckpointStats.ckpt_slru_written,
    6740             :                         CheckpointStats.ckpt_segs_added,
    6741             :                         CheckpointStats.ckpt_segs_removed,
    6742             :                         CheckpointStats.ckpt_segs_recycled,
    6743             :                         write_msecs / 1000, (int) (write_msecs % 1000),
    6744             :                         sync_msecs / 1000, (int) (sync_msecs % 1000),
    6745             :                         total_msecs / 1000, (int) (total_msecs % 1000),
    6746             :                         CheckpointStats.ckpt_sync_rels,
    6747             :                         longest_msecs / 1000, (int) (longest_msecs % 1000),
    6748             :                         average_msecs / 1000, (int) (average_msecs % 1000),
    6749             :                         (int) (PrevCheckPointDistance / 1024.0),
    6750             :                         (int) (CheckPointDistanceEstimate / 1024.0),
    6751             :                         LSN_FORMAT_ARGS(ControlFile->checkPoint),
    6752             :                         LSN_FORMAT_ARGS(ControlFile->checkPointCopy.redo))));
    6753             :     else
    6754        1578 :         ereport(LOG,
    6755             :                 (errmsg("checkpoint complete: wrote %d buffers (%.1f%%), "
    6756             :                         "wrote %d SLRU buffers; %d WAL file(s) added, "
    6757             :                         "%d removed, %d recycled; write=%ld.%03d s, "
    6758             :                         "sync=%ld.%03d s, total=%ld.%03d s; sync files=%d, "
    6759             :                         "longest=%ld.%03d s, average=%ld.%03d s; distance=%d kB, "
    6760             :                         "estimate=%d kB; lsn=%X/%X, redo lsn=%X/%X",
    6761             :                         CheckpointStats.ckpt_bufs_written,
    6762             :                         (double) CheckpointStats.ckpt_bufs_written * 100 / NBuffers,
    6763             :                         CheckpointStats.ckpt_slru_written,
    6764             :                         CheckpointStats.ckpt_segs_added,
    6765             :                         CheckpointStats.ckpt_segs_removed,
    6766             :                         CheckpointStats.ckpt_segs_recycled,
    6767             :                         write_msecs / 1000, (int) (write_msecs % 1000),
    6768             :                         sync_msecs / 1000, (int) (sync_msecs % 1000),
    6769             :                         total_msecs / 1000, (int) (total_msecs % 1000),
    6770             :                         CheckpointStats.ckpt_sync_rels,
    6771             :                         longest_msecs / 1000, (int) (longest_msecs % 1000),
    6772             :                         average_msecs / 1000, (int) (average_msecs % 1000),
    6773             :                         (int) (PrevCheckPointDistance / 1024.0),
    6774             :                         (int) (CheckPointDistanceEstimate / 1024.0),
    6775             :                         LSN_FORMAT_ARGS(ControlFile->checkPoint),
    6776             :                         LSN_FORMAT_ARGS(ControlFile->checkPointCopy.redo))));
    6777             : }
    6778             : 
    6779             : /*
    6780             :  * Update the estimate of distance between checkpoints.
    6781             :  *
    6782             :  * The estimate is used to calculate the number of WAL segments to keep
    6783             :  * preallocated, see XLOGfileslop().
    6784             :  */
    6785             : static void
    6786        2468 : UpdateCheckPointDistanceEstimate(uint64 nbytes)
    6787             : {
    6788             :     /*
    6789             :      * To estimate the number of segments consumed between checkpoints, keep a
    6790             :      * moving average of the amount of WAL generated in previous checkpoint
    6791             :      * cycles. However, if the load is bursty, with quiet periods and busy
    6792             :      * periods, we want to cater for the peak load. So instead of a plain
    6793             :      * moving average, let the average decline slowly if the previous cycle
    6794             :      * used less WAL than estimated, but bump it up immediately if it used
    6795             :      * more.
    6796             :      *
    6797             :      * When checkpoints are triggered by max_wal_size, this should converge to
    6798             :      * CheckpointSegments * wal_segment_size,
    6799             :      *
    6800             :      * Note: This doesn't pay any attention to what caused the checkpoint.
    6801             :      * Checkpoints triggered manually with CHECKPOINT command, or by e.g.
    6802             :      * starting a base backup, are counted the same as those created
    6803             :      * automatically. The slow-decline will largely mask them out, if they are
    6804             :      * not frequent. If they are frequent, it seems reasonable to count them
    6805             :      * in as any others; if you issue a manual checkpoint every 5 minutes and
    6806             :      * never let a timed checkpoint happen, it makes sense to base the
    6807             :      * preallocation on that 5 minute interval rather than whatever
    6808             :      * checkpoint_timeout is set to.
    6809             :      */
    6810        2468 :     PrevCheckPointDistance = nbytes;
    6811        2468 :     if (CheckPointDistanceEstimate < nbytes)
    6812        1250 :         CheckPointDistanceEstimate = nbytes;
    6813             :     else
    6814        1218 :         CheckPointDistanceEstimate =
    6815        1218 :             (0.90 * CheckPointDistanceEstimate + 0.10 * (double) nbytes);
    6816        2468 : }
    6817             : 
    6818             : /*
    6819             :  * Update the ps display for a process running a checkpoint.  Note that
    6820             :  * this routine should not do any allocations so as it can be called
    6821             :  * from a critical section.
    6822             :  */
    6823             : static void
    6824        4936 : update_checkpoint_display(int flags, bool restartpoint, bool reset)
    6825             : {
    6826             :     /*
    6827             :      * The status is reported only for end-of-recovery and shutdown
    6828             :      * checkpoints or shutdown restartpoints.  Updating the ps display is
    6829             :      * useful in those situations as it may not be possible to rely on
    6830             :      * pg_stat_activity to see the status of the checkpointer or the startup
    6831             :      * process.
    6832             :      */
    6833        4936 :     if ((flags & (CHECKPOINT_END_OF_RECOVERY | CHECKPOINT_IS_SHUTDOWN)) == 0)
    6834        2764 :         return;
    6835             : 
    6836        2172 :     if (reset)
    6837        1086 :         set_ps_display("");
    6838             :     else
    6839             :     {
    6840             :         char        activitymsg[128];
    6841             : 
    6842        3258 :         snprintf(activitymsg, sizeof(activitymsg), "performing %s%s%s",
    6843        1086 :                  (flags & CHECKPOINT_END_OF_RECOVERY) ? "end-of-recovery " : "",
    6844        1086 :                  (flags & CHECKPOINT_IS_SHUTDOWN) ? "shutdown " : "",
    6845             :                  restartpoint ? "restartpoint" : "checkpoint");
    6846        1086 :         set_ps_display(activitymsg);
    6847             :     }
    6848             : }
    6849             : 
    6850             : 
    6851             : /*
    6852             :  * Perform a checkpoint --- either during shutdown, or on-the-fly
    6853             :  *
    6854             :  * flags is a bitwise OR of the following:
    6855             :  *  CHECKPOINT_IS_SHUTDOWN: checkpoint is for database shutdown.
    6856             :  *  CHECKPOINT_END_OF_RECOVERY: checkpoint is for end of WAL recovery.
    6857             :  *  CHECKPOINT_IMMEDIATE: finish the checkpoint ASAP,
    6858             :  *      ignoring checkpoint_completion_target parameter.
    6859             :  *  CHECKPOINT_FORCE: force a checkpoint even if no XLOG activity has occurred
    6860             :  *      since the last one (implied by CHECKPOINT_IS_SHUTDOWN or
    6861             :  *      CHECKPOINT_END_OF_RECOVERY).
    6862             :  *  CHECKPOINT_FLUSH_ALL: also flush buffers of unlogged tables.
    6863             :  *
    6864             :  * Note: flags contains other bits, of interest here only for logging purposes.
    6865             :  * In particular note that this routine is synchronous and does not pay
    6866             :  * attention to CHECKPOINT_WAIT.
    6867             :  *
    6868             :  * If !shutdown then we are writing an online checkpoint. An XLOG_CHECKPOINT_REDO
    6869             :  * record is inserted into WAL at the logical location of the checkpoint, before
    6870             :  * flushing anything to disk, and when the checkpoint is eventually completed,
    6871             :  * and it is from this point that WAL replay will begin in the case of a recovery
    6872             :  * from this checkpoint. Once everything is written to disk, an
    6873             :  * XLOG_CHECKPOINT_ONLINE record is written to complete the checkpoint, and
    6874             :  * points back to the earlier XLOG_CHECKPOINT_REDO record. This mechanism allows
    6875             :  * other write-ahead log records to be written while the checkpoint is in
    6876             :  * progress, but we must be very careful about order of operations. This function
    6877             :  * may take many minutes to execute on a busy system.
    6878             :  *
    6879             :  * On the other hand, when shutdown is true, concurrent insertion into the
    6880             :  * write-ahead log is impossible, so there is no need for two separate records.
    6881             :  * In this case, we only insert an XLOG_CHECKPOINT_SHUTDOWN record, and it's
    6882             :  * both the record marking the completion of the checkpoint and the location
    6883             :  * from which WAL replay would begin if needed.
    6884             :  *
    6885             :  * Returns true if a new checkpoint was performed, or false if it was skipped
    6886             :  * because the system was idle.
    6887             :  */
    6888             : bool
    6889        2102 : CreateCheckPoint(int flags)
    6890             : {
    6891             :     bool        shutdown;
    6892             :     CheckPoint  checkPoint;
    6893             :     XLogRecPtr  recptr;
    6894             :     XLogSegNo   _logSegNo;
    6895        2102 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    6896             :     uint32      freespace;
    6897             :     XLogRecPtr  PriorRedoPtr;
    6898             :     XLogRecPtr  last_important_lsn;
    6899             :     VirtualTransactionId *vxids;
    6900             :     int         nvxids;
    6901        2102 :     int         oldXLogAllowed = 0;
    6902             : 
    6903             :     /*
    6904             :      * An end-of-recovery checkpoint is really a shutdown checkpoint, just
    6905             :      * issued at a different time.
    6906             :      */
    6907        2102 :     if (flags & (CHECKPOINT_IS_SHUTDOWN | CHECKPOINT_END_OF_RECOVERY))
    6908        1046 :         shutdown = true;
    6909             :     else
    6910        1056 :         shutdown = false;
    6911             : 
    6912             :     /* sanity check */
    6913        2102 :     if (RecoveryInProgress() && (flags & CHECKPOINT_END_OF_RECOVERY) == 0)
    6914           0 :         elog(ERROR, "can't create a checkpoint during recovery");
    6915             : 
    6916             :     /*
    6917             :      * Prepare to accumulate statistics.
    6918             :      *
    6919             :      * Note: because it is possible for log_checkpoints to change while a
    6920             :      * checkpoint proceeds, we always accumulate stats, even if
    6921             :      * log_checkpoints is currently off.
    6922             :      */
    6923       23122 :     MemSet(&CheckpointStats, 0, sizeof(CheckpointStats));
    6924        2102 :     CheckpointStats.ckpt_start_t = GetCurrentTimestamp();
    6925             : 
    6926             :     /*
    6927             :      * Let smgr prepare for checkpoint; this has to happen outside the
    6928             :      * critical section and before we determine the REDO pointer.  Note that
    6929             :      * smgr must not do anything that'd have to be undone if we decide no
    6930             :      * checkpoint is needed.
    6931             :      */
    6932        2102 :     SyncPreCheckpoint();
    6933             : 
    6934             :     /*
    6935             :      * Use a critical section to force system panic if we have trouble.
    6936             :      */
    6937        2102 :     START_CRIT_SECTION();
    6938             : 
    6939        2102 :     if (shutdown)
    6940             :     {
    6941        1046 :         LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    6942        1046 :         ControlFile->state = DB_SHUTDOWNING;
    6943        1046 :         UpdateControlFile();
    6944        1046 :         LWLockRelease(ControlFileLock);
    6945             :     }
    6946             : 
    6947             :     /* Begin filling in the checkpoint WAL record */
    6948       25224 :     MemSet(&checkPoint, 0, sizeof(checkPoint));
    6949        2102 :     checkPoint.time = (pg_time_t) time(NULL);
    6950             : 
    6951             :     /*
    6952             :      * For Hot Standby, derive the oldestActiveXid before we fix the redo
    6953             :      * pointer. This allows us to begin accumulating changes to assemble our
    6954             :      * starting snapshot of locks and transactions.
    6955             :      */
    6956        2102 :     if (!shutdown && XLogStandbyInfoActive())
    6957         994 :         checkPoint.oldestActiveXid = GetOldestActiveTransactionId();
    6958             :     else
    6959        1108 :         checkPoint.oldestActiveXid = InvalidTransactionId;
    6960             : 
    6961             :     /*
    6962             :      * Get location of last important record before acquiring insert locks (as
    6963             :      * GetLastImportantRecPtr() also locks WAL locks).
    6964             :      */
    6965        2102 :     last_important_lsn = GetLastImportantRecPtr();
    6966             : 
    6967             :     /*
    6968             :      * If this isn't a shutdown or forced checkpoint, and if there has been no
    6969             :      * WAL activity requiring a checkpoint, skip it.  The idea here is to
    6970             :      * avoid inserting duplicate checkpoints when the system is idle.
    6971             :      */
    6972        2102 :     if ((flags & (CHECKPOINT_IS_SHUTDOWN | CHECKPOINT_END_OF_RECOVERY |
    6973             :                   CHECKPOINT_FORCE)) == 0)
    6974             :     {
    6975         354 :         if (last_important_lsn == ControlFile->checkPoint)
    6976             :         {
    6977           0 :             END_CRIT_SECTION();
    6978           0 :             ereport(DEBUG1,
    6979             :                     (errmsg_internal("checkpoint skipped because system is idle")));
    6980           0 :             return false;
    6981             :         }
    6982             :     }
    6983             : 
    6984             :     /*
    6985             :      * An end-of-recovery checkpoint is created before anyone is allowed to
    6986             :      * write WAL. To allow us to write the checkpoint record, temporarily
    6987             :      * enable XLogInsertAllowed.
    6988             :      */
    6989        2102 :     if (flags & CHECKPOINT_END_OF_RECOVERY)
    6990          58 :         oldXLogAllowed = LocalSetXLogInsertAllowed();
    6991             : 
    6992        2102 :     checkPoint.ThisTimeLineID = XLogCtl->InsertTimeLineID;
    6993        2102 :     if (flags & CHECKPOINT_END_OF_RECOVERY)
    6994          58 :         checkPoint.PrevTimeLineID = XLogCtl->PrevTimeLineID;
    6995             :     else
    6996        2044 :         checkPoint.PrevTimeLineID = checkPoint.ThisTimeLineID;
    6997             : 
    6998             :     /*
    6999             :      * We must block concurrent insertions while examining insert state.
    7000             :      */
    7001        2102 :     WALInsertLockAcquireExclusive();
    7002             : 
    7003        2102 :     checkPoint.fullPageWrites = Insert->fullPageWrites;
    7004        2102 :     checkPoint.wal_level = wal_level;
    7005             : 
    7006        2102 :     if (shutdown)
    7007             :     {
    7008        1046 :         XLogRecPtr  curInsert = XLogBytePosToRecPtr(Insert->CurrBytePos);
    7009             : 
    7010             :         /*
    7011             :          * Compute new REDO record ptr = location of next XLOG record.
    7012             :          *
    7013             :          * Since this is a shutdown checkpoint, there can't be any concurrent
    7014             :          * WAL insertion.
    7015             :          */
    7016        1046 :         freespace = INSERT_FREESPACE(curInsert);
    7017        1046 :         if (freespace == 0)
    7018             :         {
    7019           0 :             if (XLogSegmentOffset(curInsert, wal_segment_size) == 0)
    7020           0 :                 curInsert += SizeOfXLogLongPHD;
    7021             :             else
    7022           0 :                 curInsert += SizeOfXLogShortPHD;
    7023             :         }
    7024        1046 :         checkPoint.redo = curInsert;
    7025             : 
    7026             :         /*
    7027             :          * Here we update the shared RedoRecPtr for future XLogInsert calls;
    7028             :          * this must be done while holding all the insertion locks.
    7029             :          *
    7030             :          * Note: if we fail to complete the checkpoint, RedoRecPtr will be
    7031             :          * left pointing past where it really needs to point.  This is okay;
    7032             :          * the only consequence is that XLogInsert might back up whole buffers
    7033             :          * that it didn't really need to.  We can't postpone advancing
    7034             :          * RedoRecPtr because XLogInserts that happen while we are dumping
    7035             :          * buffers must assume that their buffer changes are not included in
    7036             :          * the checkpoint.
    7037             :          */
    7038        1046 :         RedoRecPtr = XLogCtl->Insert.RedoRecPtr = checkPoint.redo;
    7039             :     }
    7040             : 
    7041             :     /*
    7042             :      * Now we can release the WAL insertion locks, allowing other xacts to
    7043             :      * proceed while we are flushing disk buffers.
    7044             :      */
    7045        2102 :     WALInsertLockRelease();
    7046             : 
    7047             :     /*
    7048             :      * If this is an online checkpoint, we have not yet determined the redo
    7049             :      * point. We do so now by inserting the special XLOG_CHECKPOINT_REDO
    7050             :      * record; the LSN at which it starts becomes the new redo pointer. We
    7051             :      * don't do this for a shutdown checkpoint, because in that case no WAL
    7052             :      * can be written between the redo point and the insertion of the
    7053             :      * checkpoint record itself, so the checkpoint record itself serves to
    7054             :      * mark the redo point.
    7055             :      */
    7056        2102 :     if (!shutdown)
    7057             :     {
    7058             :         /* Include WAL level in record for WAL summarizer's benefit. */
    7059        1056 :         XLogBeginInsert();
    7060        1056 :         XLogRegisterData((char *) &wal_level, sizeof(wal_level));
    7061        1056 :         (void) XLogInsert(RM_XLOG_ID, XLOG_CHECKPOINT_REDO);
    7062             : 
    7063             :         /*
    7064             :          * XLogInsertRecord will have updated XLogCtl->Insert.RedoRecPtr in
    7065             :          * shared memory and RedoRecPtr in backend-local memory, but we need
    7066             :          * to copy that into the record that will be inserted when the
    7067             :          * checkpoint is complete.
    7068             :          */
    7069        1056 :         checkPoint.redo = RedoRecPtr;
    7070             :     }
    7071             : 
    7072             :     /* Update the info_lck-protected copy of RedoRecPtr as well */
    7073        2102 :     SpinLockAcquire(&XLogCtl->info_lck);
    7074        2102 :     XLogCtl->RedoRecPtr = checkPoint.redo;
    7075        2102 :     SpinLockRelease(&XLogCtl->info_lck);
    7076             : 
    7077             :     /*
    7078             :      * If enabled, log checkpoint start.  We postpone this until now so as not
    7079             :      * to log anything if we decided to skip the checkpoint.
    7080             :      */
    7081        2102 :     if (log_checkpoints)
    7082        1578 :         LogCheckpointStart(flags, false);
    7083             : 
    7084             :     /* Update the process title */
    7085        2102 :     update_checkpoint_display(flags, false, false);
    7086             : 
    7087             :     TRACE_POSTGRESQL_CHECKPOINT_START(flags);
    7088             : 
    7089             :     /*
    7090             :      * Get the other info we need for the checkpoint record.
    7091             :      *
    7092             :      * We don't need to save oldestClogXid in the checkpoint, it only matters
    7093             :      * for the short period in which clog is being truncated, and if we crash
    7094             :      * during that we'll redo the clog truncation and fix up oldestClogXid
    7095             :      * there.
    7096             :      */
    7097        2102 :     LWLockAcquire(XidGenLock, LW_SHARED);
    7098        2102 :     checkPoint.nextXid = TransamVariables->nextXid;
    7099        2102 :     checkPoint.oldestXid = TransamVariables->oldestXid;
    7100        2102 :     checkPoint.oldestXidDB = TransamVariables->oldestXidDB;
    7101        2102 :     LWLockRelease(XidGenLock);
    7102             : 
    7103        2102 :     LWLockAcquire(CommitTsLock, LW_SHARED);
    7104        2102 :     checkPoint.oldestCommitTsXid = TransamVariables->oldestCommitTsXid;
    7105        2102 :     checkPoint.newestCommitTsXid = TransamVariables->newestCommitTsXid;
    7106        2102 :     LWLockRelease(CommitTsLock);
    7107             : 
    7108        2102 :     LWLockAcquire(OidGenLock, LW_SHARED);
    7109        2102 :     checkPoint.nextOid = TransamVariables->nextOid;
    7110        2102 :     if (!shutdown)
    7111        1056 :         checkPoint.nextOid += TransamVariables->oidCount;
    7112        2102 :     LWLockRelease(OidGenLock);
    7113             : 
    7114        2102 :     MultiXactGetCheckptMulti(shutdown,
    7115             :                              &checkPoint.nextMulti,
    7116             :                              &checkPoint.nextMultiOffset,
    7117             :                              &checkPoint.oldestMulti,
    7118             :                              &checkPoint.oldestMultiDB);
    7119             : 
    7120             :     /*
    7121             :      * Having constructed the checkpoint record, ensure all shmem disk buffers
    7122             :      * and commit-log buffers are flushed to disk.
    7123             :      *
    7124             :      * This I/O could fail for various reasons.  If so, we will fail to
    7125             :      * complete the checkpoint, but there is no reason to force a system
    7126             :      * panic. Accordingly, exit critical section while doing it.
    7127             :      */
    7128        2102 :     END_CRIT_SECTION();
    7129             : 
    7130             :     /*
    7131             :      * In some cases there are groups of actions that must all occur on one
    7132             :      * side or the other of a checkpoint record. Before flushing the
    7133             :      * checkpoint record we must explicitly wait for any backend currently
    7134             :      * performing those groups of actions.
    7135             :      *
    7136             :      * One example is end of transaction, so we must wait for any transactions
    7137             :      * that are currently in commit critical sections.  If an xact inserted
    7138             :      * its commit record into XLOG just before the REDO point, then a crash
    7139             :      * restart from the REDO point would not replay that record, which means
    7140             :      * that our flushing had better include the xact's update of pg_xact.  So
    7141             :      * we wait till he's out of his commit critical section before proceeding.
    7142             :      * See notes in RecordTransactionCommit().
    7143             :      *
    7144             :      * Because we've already released the insertion locks, this test is a bit
    7145             :      * fuzzy: it is possible that we will wait for xacts we didn't really need
    7146             :      * to wait for.  But the delay should be short and it seems better to make
    7147             :      * checkpoint take a bit longer than to hold off insertions longer than
    7148             :      * necessary. (In fact, the whole reason we have this issue is that xact.c
    7149             :      * does commit record XLOG insertion and clog update as two separate steps
    7150             :      * protected by different locks, but again that seems best on grounds of
    7151             :      * minimizing lock contention.)
    7152             :      *
    7153             :      * A transaction that has not yet set delayChkptFlags when we look cannot
    7154             :      * be at risk, since it has not inserted its commit record yet; and one
    7155             :      * that's already cleared it is not at risk either, since it's done fixing
    7156             :      * clog and we will correctly flush the update below.  So we cannot miss
    7157             :      * any xacts we need to wait for.
    7158             :      */
    7159        2102 :     vxids = GetVirtualXIDsDelayingChkpt(&nvxids, DELAY_CHKPT_START);
    7160        2102 :     if (nvxids > 0)
    7161             :     {
    7162             :         do
    7163             :         {
    7164             :             /*
    7165             :              * Keep absorbing fsync requests while we wait. There could even
    7166             :              * be a deadlock if we don't, if the process that prevents the
    7167             :              * checkpoint is trying to add a request to the queue.
    7168             :              */
    7169          58 :             AbsorbSyncRequests();
    7170             : 
    7171          58 :             pgstat_report_wait_start(WAIT_EVENT_CHECKPOINT_DELAY_START);
    7172          58 :             pg_usleep(10000L);  /* wait for 10 msec */
    7173          58 :             pgstat_report_wait_end();
    7174          58 :         } while (HaveVirtualXIDsDelayingChkpt(vxids, nvxids,
    7175          58 :                                               DELAY_CHKPT_START));
    7176             :     }
    7177        2102 :     pfree(vxids);
    7178             : 
    7179        2102 :     CheckPointGuts(checkPoint.redo, flags);
    7180             : 
    7181        2102 :     vxids = GetVirtualXIDsDelayingChkpt(&nvxids, DELAY_CHKPT_COMPLETE);
    7182        2102 :     if (nvxids > 0)
    7183             :     {
    7184             :         do
    7185             :         {
    7186           0 :             AbsorbSyncRequests();
    7187             : 
    7188           0 :             pgstat_report_wait_start(WAIT_EVENT_CHECKPOINT_DELAY_COMPLETE);
    7189           0 :             pg_usleep(10000L);  /* wait for 10 msec */
    7190           0 :             pgstat_report_wait_end();
    7191           0 :         } while (HaveVirtualXIDsDelayingChkpt(vxids, nvxids,
    7192           0 :                                               DELAY_CHKPT_COMPLETE));
    7193             :     }
    7194        2102 :     pfree(vxids);
    7195             : 
    7196             :     /*
    7197             :      * Take a snapshot of running transactions and write this to WAL. This
    7198             :      * allows us to reconstruct the state of running transactions during
    7199             :      * archive recovery, if required. Skip, if this info disabled.
    7200             :      *
    7201             :      * If we are shutting down, or Startup process is completing crash
    7202             :      * recovery we don't need to write running xact data.
    7203             :      */
    7204        2102 :     if (!shutdown && XLogStandbyInfoActive())
    7205         994 :         LogStandbySnapshot();
    7206             : 
    7207        2102 :     START_CRIT_SECTION();
    7208             : 
    7209             :     /*
    7210             :      * Now insert the checkpoint record into XLOG.
    7211             :      */
    7212        2102 :     XLogBeginInsert();
    7213        2102 :     XLogRegisterData((char *) (&checkPoint), sizeof(checkPoint));
    7214        2102 :     recptr = XLogInsert(RM_XLOG_ID,
    7215             :                         shutdown ? XLOG_CHECKPOINT_SHUTDOWN :
    7216             :                         XLOG_CHECKPOINT_ONLINE);
    7217             : 
    7218        2102 :     XLogFlush(recptr);
    7219             : 
    7220             :     /*
    7221             :      * We mustn't write any new WAL after a shutdown checkpoint, or it will be
    7222             :      * overwritten at next startup.  No-one should even try, this just allows
    7223             :      * sanity-checking.  In the case of an end-of-recovery checkpoint, we want
    7224             :      * to just temporarily disable writing until the system has exited
    7225             :      * recovery.
    7226             :      */
    7227        2102 :     if (shutdown)
    7228             :     {
    7229        1046 :         if (flags & CHECKPOINT_END_OF_RECOVERY)
    7230          58 :             LocalXLogInsertAllowed = oldXLogAllowed;
    7231             :         else
    7232         988 :             LocalXLogInsertAllowed = 0; /* never again write WAL */
    7233             :     }
    7234             : 
    7235             :     /*
    7236             :      * We now have ProcLastRecPtr = start of actual checkpoint record, recptr
    7237             :      * = end of actual checkpoint record.
    7238             :      */
    7239        2102 :     if (shutdown && checkPoint.redo != ProcLastRecPtr)
    7240           0 :         ereport(PANIC,
    7241             :                 (errmsg("concurrent write-ahead log activity while database system is shutting down")));
    7242             : 
    7243             :     /*
    7244             :      * Remember the prior checkpoint's redo ptr for
    7245             :      * UpdateCheckPointDistanceEstimate()
    7246             :      */
    7247        2102 :     PriorRedoPtr = ControlFile->checkPointCopy.redo;
    7248             : 
    7249             :     /*
    7250             :      * Update the control file.
    7251             :      */
    7252        2102 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    7253        2102 :     if (shutdown)
    7254        1046 :         ControlFile->state = DB_SHUTDOWNED;
    7255        2102 :     ControlFile->checkPoint = ProcLastRecPtr;
    7256        2102 :     ControlFile->checkPointCopy = checkPoint;
    7257             :     /* crash recovery should always recover to the end of WAL */
    7258        2102 :     ControlFile->minRecoveryPoint = InvalidXLogRecPtr;
    7259        2102 :     ControlFile->minRecoveryPointTLI = 0;
    7260             : 
    7261             :     /*
    7262             :      * Persist unloggedLSN value. It's reset on crash recovery, so this goes
    7263             :      * unused on non-shutdown checkpoints, but seems useful to store it always
    7264             :      * for debugging purposes.
    7265             :      */
    7266        2102 :     ControlFile->unloggedLSN = pg_atomic_read_membarrier_u64(&XLogCtl->unloggedLSN);
    7267             : 
    7268        2102 :     UpdateControlFile();
    7269        2102 :     LWLockRelease(ControlFileLock);
    7270             : 
    7271             :     /* Update shared-memory copy of checkpoint XID/epoch */
    7272        2102 :     SpinLockAcquire(&XLogCtl->info_lck);
    7273        2102 :     XLogCtl->ckptFullXid = checkPoint.nextXid;
    7274        2102 :     SpinLockRelease(&XLogCtl->info_lck);
    7275             : 
    7276             :     /*
    7277             :      * We are now done with critical updates; no need for system panic if we
    7278             :      * have trouble while fooling with old log segments.
    7279             :      */
    7280        2102 :     END_CRIT_SECTION();
    7281             : 
    7282             :     /*
    7283             :      * WAL summaries end when the next XLOG_CHECKPOINT_REDO or
    7284             :      * XLOG_CHECKPOINT_SHUTDOWN record is reached. This is the first point
    7285             :      * where (a) we're not inside of a critical section and (b) we can be
    7286             :      * certain that the relevant record has been flushed to disk, which must
    7287             :      * happen before it can be summarized.
    7288             :      *
    7289             :      * If this is a shutdown checkpoint, then this happens reasonably
    7290             :      * promptly: we've only just inserted and flushed the
    7291             :      * XLOG_CHECKPOINT_SHUTDOWN record. If this is not a shutdown checkpoint,
    7292             :      * then this might not be very prompt at all: the XLOG_CHECKPOINT_REDO
    7293             :      * record was written before we began flushing data to disk, and that
    7294             :      * could be many minutes ago at this point. However, we don't XLogFlush()
    7295             :      * after inserting that record, so we're not guaranteed that it's on disk
    7296             :      * until after the above call that flushes the XLOG_CHECKPOINT_ONLINE
    7297             :      * record.
    7298             :      */
    7299        2102 :     WakeupWalSummarizer();
    7300             : 
    7301             :     /*
    7302             :      * Let smgr do post-checkpoint cleanup (eg, deleting old files).
    7303             :      */
    7304        2102 :     SyncPostCheckpoint();
    7305             : 
    7306             :     /*
    7307             :      * Update the average distance between checkpoints if the prior checkpoint
    7308             :      * exists.
    7309             :      */
    7310        2102 :     if (PriorRedoPtr != InvalidXLogRecPtr)
    7311        2102 :         UpdateCheckPointDistanceEstimate(RedoRecPtr - PriorRedoPtr);
    7312             : 
    7313             :     /*
    7314             :      * Delete old log files, those no longer needed for last checkpoint to
    7315             :      * prevent the disk holding the xlog from growing full.
    7316             :      */
    7317        2102 :     XLByteToSeg(RedoRecPtr, _logSegNo, wal_segment_size);
    7318        2102 :     KeepLogSeg(recptr, &_logSegNo);
    7319        2102 :     if (InvalidateObsoleteReplicationSlots(RS_INVAL_WAL_REMOVED,
    7320             :                                            _logSegNo, InvalidOid,
    7321             :                                            InvalidTransactionId))
    7322             :     {
    7323             :         /*
    7324             :          * Some slots have been invalidated; recalculate the old-segment
    7325             :          * horizon, starting again from RedoRecPtr.
    7326             :          */
    7327           6 :         XLByteToSeg(RedoRecPtr, _logSegNo, wal_segment_size);
    7328           6 :         KeepLogSeg(recptr, &_logSegNo);
    7329             :     }
    7330        2102 :     _logSegNo--;
    7331        2102 :     RemoveOldXlogFiles(_logSegNo, RedoRecPtr, recptr,
    7332             :                        checkPoint.ThisTimeLineID);
    7333             : 
    7334             :     /*
    7335             :      * Make more log segments if needed.  (Do this after recycling old log
    7336             :      * segments, since that may supply some of the needed files.)
    7337             :      */
    7338        2102 :     if (!shutdown)
    7339        1056 :         PreallocXlogFiles(recptr, checkPoint.ThisTimeLineID);
    7340             : 
    7341             :     /*
    7342             :      * Truncate pg_subtrans if possible.  We can throw away all data before
    7343             :      * the oldest XMIN of any running transaction.  No future transaction will
    7344             :      * attempt to reference any pg_subtrans entry older than that (see Asserts
    7345             :      * in subtrans.c).  During recovery, though, we mustn't do this because
    7346             :      * StartupSUBTRANS hasn't been called yet.
    7347             :      */
    7348        2102 :     if (!RecoveryInProgress())
    7349        2044 :         TruncateSUBTRANS(GetOldestTransactionIdConsideredRunning());
    7350             : 
    7351             :     /* Real work is done; log and update stats. */
    7352        2102 :     LogCheckpointEnd(false);
    7353             : 
    7354             :     /* Reset the process title */
    7355        2102 :     update_checkpoint_display(flags, false, true);
    7356             : 
    7357             :     TRACE_POSTGRESQL_CHECKPOINT_DONE(CheckpointStats.ckpt_bufs_written,
    7358             :                                      NBuffers,
    7359             :                                      CheckpointStats.ckpt_segs_added,
    7360             :                                      CheckpointStats.ckpt_segs_removed,
    7361             :                                      CheckpointStats.ckpt_segs_recycled);
    7362             : 
    7363        2102 :     return true;
    7364             : }
    7365             : 
    7366             : /*
    7367             :  * Mark the end of recovery in WAL though without running a full checkpoint.
    7368             :  * We can expect that a restartpoint is likely to be in progress as we
    7369             :  * do this, though we are unwilling to wait for it to complete.
    7370             :  *
    7371             :  * CreateRestartPoint() allows for the case where recovery may end before
    7372             :  * the restartpoint completes so there is no concern of concurrent behaviour.
    7373             :  */
    7374             : static void
    7375          82 : CreateEndOfRecoveryRecord(void)
    7376             : {
    7377             :     xl_end_of_recovery xlrec;
    7378             :     XLogRecPtr  recptr;
    7379             : 
    7380             :     /* sanity check */
    7381          82 :     if (!RecoveryInProgress())
    7382           0 :         elog(ERROR, "can only be used to end recovery");
    7383             : 
    7384          82 :     xlrec.end_time = GetCurrentTimestamp();
    7385          82 :     xlrec.wal_level = wal_level;
    7386             : 
    7387          82 :     WALInsertLockAcquireExclusive();
    7388          82 :     xlrec.ThisTimeLineID = XLogCtl->InsertTimeLineID;
    7389          82 :     xlrec.PrevTimeLineID = XLogCtl->PrevTimeLineID;
    7390          82 :     WALInsertLockRelease();
    7391             : 
    7392          82 :     START_CRIT_SECTION();
    7393             : 
    7394          82 :     XLogBeginInsert();
    7395          82 :     XLogRegisterData((char *) &xlrec, sizeof(xl_end_of_recovery));
    7396          82 :     recptr = XLogInsert(RM_XLOG_ID, XLOG_END_OF_RECOVERY);
    7397             : 
    7398          82 :     XLogFlush(recptr);
    7399             : 
    7400             :     /*
    7401             :      * Update the control file so that crash recovery can follow the timeline
    7402             :      * changes to this point.
    7403             :      */
    7404          82 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    7405          82 :     ControlFile->minRecoveryPoint = recptr;
    7406          82 :     ControlFile->minRecoveryPointTLI = xlrec.ThisTimeLineID;
    7407          82 :     UpdateControlFile();
    7408          82 :     LWLockRelease(ControlFileLock);
    7409             : 
    7410          82 :     END_CRIT_SECTION();
    7411          82 : }
    7412             : 
    7413             : /*
    7414             :  * Write an OVERWRITE_CONTRECORD message.
    7415             :  *
    7416             :  * When on WAL replay we expect a continuation record at the start of a page
    7417             :  * that is not there, recovery ends and WAL writing resumes at that point.
    7418             :  * But it's wrong to resume writing new WAL back at the start of the record
    7419             :  * that was broken, because downstream consumers of that WAL (physical
    7420             :  * replicas) are not prepared to "rewind".  So the first action after
    7421             :  * finishing replay of all valid WAL must be to write a record of this type
    7422             :  * at the point where the contrecord was missing; to support xlogreader
    7423             :  * detecting the special case, XLP_FIRST_IS_OVERWRITE_CONTRECORD is also added
    7424             :  * to the page header where the record occurs.  xlogreader has an ad-hoc
    7425             :  * mechanism to report metadata about the broken record, which is what we
    7426             :  * use here.
    7427             :  *
    7428             :  * At replay time, XLP_FIRST_IS_OVERWRITE_CONTRECORD instructs xlogreader to
    7429             :  * skip the record it was reading, and pass back the LSN of the skipped
    7430             :  * record, so that its caller can verify (on "replay" of that record) that the
    7431             :  * XLOG_OVERWRITE_CONTRECORD matches what was effectively overwritten.
    7432             :  *
    7433             :  * 'aborted_lsn' is the beginning position of the record that was incomplete.
    7434             :  * It is included in the WAL record.  'pagePtr' and 'newTLI' point to the
    7435             :  * beginning of the XLOG page where the record is to be inserted.  They must
    7436             :  * match the current WAL insert position, they're passed here just so that we
    7437             :  * can verify that.
    7438             :  */
    7439             : static XLogRecPtr
    7440          22 : CreateOverwriteContrecordRecord(XLogRecPtr aborted_lsn, XLogRecPtr pagePtr,
    7441             :                                 TimeLineID newTLI)
    7442             : {
    7443             :     xl_overwrite_contrecord xlrec;
    7444             :     XLogRecPtr  recptr;
    7445             :     XLogPageHeader pagehdr;
    7446             :     XLogRecPtr  startPos;
    7447             : 
    7448             :     /* sanity checks */
    7449          22 :     if (!RecoveryInProgress())
    7450           0 :         elog(ERROR, "can only be used at end of recovery");
    7451          22 :     if (pagePtr % XLOG_BLCKSZ != 0)
    7452           0 :         elog(ERROR, "invalid position for missing continuation record %X/%X",
    7453             :              LSN_FORMAT_ARGS(pagePtr));
    7454             : 
    7455             :     /* The current WAL insert position should be right after the page header */
    7456          22 :     startPos = pagePtr;
    7457          22 :     if (XLogSegmentOffset(startPos, wal_segment_size) == 0)
    7458           2 :         startPos += SizeOfXLogLongPHD;
    7459             :     else
    7460          20 :         startPos += SizeOfXLogShortPHD;
    7461          22 :     recptr = GetXLogInsertRecPtr();
    7462          22 :     if (recptr != startPos)
    7463           0 :         elog(ERROR, "invalid WAL insert position %X/%X for OVERWRITE_CONTRECORD",
    7464             :              LSN_FORMAT_ARGS(recptr));
    7465             : 
    7466          22 :     START_CRIT_SECTION();
    7467             : 
    7468             :     /*
    7469             :      * Initialize the XLOG page header (by GetXLogBuffer), and set the
    7470             :      * XLP_FIRST_IS_OVERWRITE_CONTRECORD flag.
    7471             :      *
    7472             :      * No other backend is allowed to write WAL yet, so acquiring the WAL
    7473             :      * insertion lock is just pro forma.
    7474             :      */
    7475          22 :     WALInsertLockAcquire();
    7476          22 :     pagehdr = (XLogPageHeader) GetXLogBuffer(pagePtr, newTLI);
    7477          22 :     pagehdr->xlp_info |= XLP_FIRST_IS_OVERWRITE_CONTRECORD;
    7478          22 :     WALInsertLockRelease();
    7479             : 
    7480             :     /*
    7481             :      * Insert the XLOG_OVERWRITE_CONTRECORD record as the first record on the
    7482             :      * page.  We know it becomes the first record, because no other backend is
    7483             :      * allowed to write WAL yet.
    7484             :      */
    7485          22 :     XLogBeginInsert();
    7486          22 :     xlrec.overwritten_lsn = aborted_lsn;
    7487          22 :     xlrec.overwrite_time = GetCurrentTimestamp();
    7488          22 :     XLogRegisterData((char *) &xlrec, sizeof(xl_overwrite_contrecord));
    7489          22 :     recptr = XLogInsert(RM_XLOG_ID, XLOG_OVERWRITE_CONTRECORD);
    7490             : 
    7491             :     /* check that the record was inserted to the right place */
    7492          22 :     if (ProcLastRecPtr != startPos)
    7493           0 :         elog(ERROR, "OVERWRITE_CONTRECORD was inserted to unexpected position %X/%X",
    7494             :              LSN_FORMAT_ARGS(ProcLastRecPtr));
    7495             : 
    7496          22 :     XLogFlush(recptr);
    7497             : 
    7498          22 :     END_CRIT_SECTION();
    7499             : 
    7500          22 :     return recptr;
    7501             : }
    7502             : 
    7503             : /*
    7504             :  * Flush all data in shared memory to disk, and fsync
    7505             :  *
    7506             :  * This is the common code shared between regular checkpoints and
    7507             :  * recovery restartpoints.
    7508             :  */
    7509             : static void
    7510        2468 : CheckPointGuts(XLogRecPtr checkPointRedo, int flags)
    7511             : {
    7512        2468 :     CheckPointRelationMap();
    7513        2468 :     CheckPointReplicationSlots(flags & CHECKPOINT_IS_SHUTDOWN);
    7514        2468 :     CheckPointSnapBuild();
    7515        2468 :     CheckPointLogicalRewriteHeap();
    7516        2468 :     CheckPointReplicationOrigin();
    7517             : 
    7518             :     /* Write out all dirty data in SLRUs and the main buffer pool */
    7519             :     TRACE_POSTGRESQL_BUFFER_CHECKPOINT_START(flags);
    7520        2468 :     CheckpointStats.ckpt_write_t = GetCurrentTimestamp();
    7521        2468 :     CheckPointCLOG();
    7522        2468 :     CheckPointCommitTs();
    7523        2468 :     CheckPointSUBTRANS();
    7524        2468 :     CheckPointMultiXact();
    7525        2468 :     CheckPointPredicate();
    7526        2468 :     CheckPointBuffers(flags);
    7527             : 
    7528             :     /* Perform all queued up fsyncs */
    7529             :     TRACE_POSTGRESQL_BUFFER_CHECKPOINT_SYNC_START();
    7530        2468 :     CheckpointStats.ckpt_sync_t = GetCurrentTimestamp();
    7531        2468 :     ProcessSyncRequests();
    7532        2468 :     CheckpointStats.ckpt_sync_end_t = GetCurrentTimestamp();
    7533             :     TRACE_POSTGRESQL_BUFFER_CHECKPOINT_DONE();
    7534             : 
    7535             :     /* We deliberately delay 2PC checkpointing as long as possible */
    7536        2468 :     CheckPointTwoPhase(checkPointRedo);
    7537        2468 : }
    7538             : 
    7539             : /*
    7540             :  * Save a checkpoint for recovery restart if appropriate
    7541             :  *
    7542             :  * This function is called each time a checkpoint record is read from XLOG.
    7543             :  * It must determine whether the checkpoint represents a safe restartpoint or
    7544             :  * not.  If so, the checkpoint record is stashed in shared memory so that
    7545             :  * CreateRestartPoint can consult it.  (Note that the latter function is
    7546             :  * executed by the checkpointer, while this one will be executed by the
    7547             :  * startup process.)
    7548             :  */
    7549             : static void
    7550         744 : RecoveryRestartPoint(const CheckPoint *checkPoint, XLogReaderState *record)
    7551             : {
    7552             :     /*
    7553             :      * Also refrain from creating a restartpoint if we have seen any
    7554             :      * references to non-existent pages. Restarting recovery from the
    7555             :      * restartpoint would not see the references, so we would lose the
    7556             :      * cross-check that the pages belonged to a relation that was dropped
    7557             :      * later.
    7558             :      */
    7559         744 :     if (XLogHaveInvalidPages())
    7560             :     {
    7561           0 :         elog(DEBUG2,
    7562             :              "could not record restart point at %X/%X because there "
    7563             :              "are unresolved references to invalid pages",
    7564             :              LSN_FORMAT_ARGS(checkPoint->redo));
    7565           0 :         return;
    7566             :     }
    7567             : 
    7568             :     /*
    7569             :      * Copy the checkpoint record to shared memory, so that checkpointer can
    7570             :      * work out the next time it wants to perform a restartpoint.
    7571             :      */
    7572         744 :     SpinLockAcquire(&XLogCtl->info_lck);
    7573         744 :     XLogCtl->lastCheckPointRecPtr = record->ReadRecPtr;
    7574         744 :     XLogCtl->lastCheckPointEndPtr = record->EndRecPtr;
    7575         744 :     XLogCtl->lastCheckPoint = *checkPoint;
    7576         744 :     SpinLockRelease(&XLogCtl->info_lck);
    7577             : }
    7578             : 
    7579             : /*
    7580             :  * Establish a restartpoint if possible.
    7581             :  *
    7582             :  * This is similar to CreateCheckPoint, but is used during WAL recovery
    7583             :  * to establish a point from which recovery can roll forward without
    7584             :  * replaying the entire recovery log.
    7585             :  *
    7586             :  * Returns true if a new restartpoint was established. We can only establish
    7587             :  * a restartpoint if we have replayed a safe checkpoint record since last
    7588             :  * restartpoint.
    7589             :  */
    7590             : bool
    7591         522 : CreateRestartPoint(int flags)
    7592             : {
    7593             :     XLogRecPtr  lastCheckPointRecPtr;
    7594             :     XLogRecPtr  lastCheckPointEndPtr;
    7595             :     CheckPoint  lastCheckPoint;
    7596             :     XLogRecPtr  PriorRedoPtr;
    7597             :     XLogRecPtr  receivePtr;
    7598             :     XLogRecPtr  replayPtr;
    7599             :     TimeLineID  replayTLI;
    7600             :     XLogRecPtr  endptr;
    7601             :     XLogSegNo   _logSegNo;
    7602             :     TimestampTz xtime;
    7603             : 
    7604             :     /* Concurrent checkpoint/restartpoint cannot happen */
    7605             :     Assert(!IsUnderPostmaster || MyBackendType == B_CHECKPOINTER);
    7606             : 
    7607             :     /* Get a local copy of the last safe checkpoint record. */
    7608         522 :     SpinLockAcquire(&XLogCtl->info_lck);
    7609         522 :     lastCheckPointRecPtr = XLogCtl->lastCheckPointRecPtr;
    7610         522 :     lastCheckPointEndPtr = XLogCtl->lastCheckPointEndPtr;
    7611         522 :     lastCheckPoint = XLogCtl->lastCheckPoint;
    7612         522 :     SpinLockRelease(&XLogCtl->info_lck);
    7613             : 
    7614             :     /*
    7615             :      * Check that we're still in recovery mode. It's ok if we exit recovery
    7616             :      * mode after this check, the restart point is valid anyway.
    7617             :      */
    7618         522 :     if (!RecoveryInProgress())
    7619             :     {
    7620           0 :         ereport(DEBUG2,
    7621             :                 (errmsg_internal("skipping restartpoint, recovery has already ended")));
    7622           0 :         return false;
    7623             :     }
    7624             : 
    7625             :     /*
    7626             :      * If the last checkpoint record we've replayed is already our last
    7627             :      * restartpoint, we can't perform a new restart point. We still update
    7628             :      * minRecoveryPoint in that case, so that if this is a shutdown restart
    7629             :      * point, we won't start up earlier than before. That's not strictly
    7630             :      * necessary, but when hot standby is enabled, it would be rather weird if
    7631             :      * the database opened up for read-only connections at a point-in-time
    7632             :      * before the last shutdown. Such time travel is still possible in case of
    7633             :      * immediate shutdown, though.
    7634             :      *
    7635             :      * We don't explicitly advance minRecoveryPoint when we do create a
    7636             :      * restartpoint. It's assumed that flushing the buffers will do that as a
    7637             :      * side-effect.
    7638             :      */
    7639         522 :     if (XLogRecPtrIsInvalid(lastCheckPointRecPtr) ||
    7640         506 :         lastCheckPoint.redo <= ControlFile->checkPointCopy.redo)
    7641             :     {
    7642         156 :         ereport(DEBUG2,
    7643             :                 (errmsg_internal("skipping restartpoint, already performed at %X/%X",
    7644             :                                  LSN_FORMAT_ARGS(lastCheckPoint.redo))));
    7645             : 
    7646         156 :         UpdateMinRecoveryPoint(InvalidXLogRecPtr, true);
    7647         156 :         if (flags & CHECKPOINT_IS_SHUTDOWN)
    7648             :         {
    7649          60 :             LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    7650          60 :             ControlFile->state = DB_SHUTDOWNED_IN_RECOVERY;
    7651          60 :             UpdateControlFile();
    7652          60 :             LWLockRelease(ControlFileLock);
    7653             :         }
    7654         156 :         return false;
    7655             :     }
    7656             : 
    7657             :     /*
    7658             :      * Update the shared RedoRecPtr so that the startup process can calculate
    7659             :      * the number of segments replayed since last restartpoint, and request a
    7660             :      * restartpoint if it exceeds CheckPointSegments.
    7661             :      *
    7662             :      * Like in CreateCheckPoint(), hold off insertions to update it, although
    7663             :      * during recovery this is just pro forma, because no WAL insertions are
    7664             :      * happening.
    7665             :      */
    7666         366 :     WALInsertLockAcquireExclusive();
    7667         366 :     RedoRecPtr = XLogCtl->Insert.RedoRecPtr = lastCheckPoint.redo;
    7668         366 :     WALInsertLockRelease();
    7669             : 
    7670             :     /* Also update the info_lck-protected copy */
    7671         366 :     SpinLockAcquire(&XLogCtl->info_lck);
    7672         366 :     XLogCtl->RedoRecPtr = lastCheckPoint.redo;
    7673         366 :     SpinLockRelease(&XLogCtl->info_lck);
    7674             : 
    7675             :     /*
    7676             :      * Prepare to accumulate statistics.
    7677             :      *
    7678             :      * Note: because it is possible for log_checkpoints to change while a
    7679             :      * checkpoint proceeds, we always accumulate stats, even if
    7680             :      * log_checkpoints is currently off.
    7681             :      */
    7682        4026 :     MemSet(&CheckpointStats, 0, sizeof(CheckpointStats));
    7683         366 :     CheckpointStats.ckpt_start_t = GetCurrentTimestamp();
    7684             : 
    7685         366 :     if (log_checkpoints)
    7686         366 :         LogCheckpointStart(flags, true);
    7687             : 
    7688             :     /* Update the process title */
    7689         366 :     update_checkpoint_display(flags, true, false);
    7690             : 
    7691         366 :     CheckPointGuts(lastCheckPoint.redo, flags);
    7692             : 
    7693             :     /*
    7694             :      * This location needs to be after CheckPointGuts() to ensure that some
    7695             :      * work has already happened during this checkpoint.
    7696             :      */
    7697         366 :     INJECTION_POINT("create-restart-point");
    7698             : 
    7699             :     /*
    7700             :      * Remember the prior checkpoint's redo ptr for
    7701             :      * UpdateCheckPointDistanceEstimate()
    7702             :      */
    7703         366 :     PriorRedoPtr = ControlFile->checkPointCopy.redo;
    7704             : 
    7705             :     /*
    7706             :      * Update pg_control, using current time.  Check that it still shows an
    7707             :      * older checkpoint, else do nothing; this is a quick hack to make sure
    7708             :      * nothing really bad happens if somehow we get here after the
    7709             :      * end-of-recovery checkpoint.
    7710             :      */
    7711         366 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    7712         366 :     if (ControlFile->checkPointCopy.redo < lastCheckPoint.redo)
    7713             :     {
    7714             :         /*
    7715             :          * Update the checkpoint information.  We do this even if the cluster
    7716             :          * does not show DB_IN_ARCHIVE_RECOVERY to match with the set of WAL
    7717             :          * segments recycled below.
    7718             :          */
    7719         366 :         ControlFile->checkPoint = lastCheckPointRecPtr;
    7720         366 :         ControlFile->checkPointCopy = lastCheckPoint;
    7721             : 
    7722             :         /*
    7723             :          * Ensure minRecoveryPoint is past the checkpoint record and update it
    7724             :          * if the control file still shows DB_IN_ARCHIVE_RECOVERY.  Normally,
    7725             :          * this will have happened already while writing out dirty buffers,
    7726             :          * but not necessarily - e.g. because no buffers were dirtied.  We do
    7727             :          * this because a backup performed in recovery uses minRecoveryPoint
    7728             :          * to determine which WAL files must be included in the backup, and
    7729             :          * the file (or files) containing the checkpoint record must be
    7730             :          * included, at a minimum.  Note that for an ordinary restart of
    7731             :          * recovery there's no value in having the minimum recovery point any
    7732             :          * earlier than this anyway, because redo will begin just after the
    7733             :          * checkpoint record.
    7734             :          */
    7735         366 :         if (ControlFile->state == DB_IN_ARCHIVE_RECOVERY)
    7736             :         {
    7737         366 :             if (ControlFile->minRecoveryPoint < lastCheckPointEndPtr)
    7738             :             {
    7739          38 :                 ControlFile->minRecoveryPoint = lastCheckPointEndPtr;
    7740          38 :                 ControlFile->minRecoveryPointTLI = lastCheckPoint.ThisTimeLineID;
    7741             : 
    7742             :                 /* update local copy */
    7743          38 :                 LocalMinRecoveryPoint = ControlFile->minRecoveryPoint;
    7744          38 :                 LocalMinRecoveryPointTLI = ControlFile->minRecoveryPointTLI;
    7745             :             }
    7746         366 :             if (flags & CHECKPOINT_IS_SHUTDOWN)
    7747          40 :                 ControlFile->state = DB_SHUTDOWNED_IN_RECOVERY;
    7748             :         }
    7749         366 :         UpdateControlFile();
    7750             :     }
    7751         366 :     LWLockRelease(ControlFileLock);
    7752             : 
    7753             :     /*
    7754             :      * Update the average distance between checkpoints/restartpoints if the
    7755             :      * prior checkpoint exists.
    7756             :      */
    7757         366 :     if (PriorRedoPtr != InvalidXLogRecPtr)
    7758         366 :         UpdateCheckPointDistanceEstimate(RedoRecPtr - PriorRedoPtr);
    7759             : 
    7760             :     /*
    7761             :      * Delete old log files, those no longer needed for last restartpoint to
    7762             :      * prevent the disk holding the xlog from growing full.
    7763             :      */
    7764         366 :     XLByteToSeg(RedoRecPtr, _logSegNo, wal_segment_size);
    7765             : 
    7766             :     /*
    7767             :      * Retreat _logSegNo using the current end of xlog replayed or received,
    7768             :      * whichever is later.
    7769             :      */
    7770         366 :     receivePtr = GetWalRcvFlushRecPtr(NULL, NULL);
    7771         366 :     replayPtr = GetXLogReplayRecPtr(&replayTLI);
    7772         366 :     endptr = (receivePtr < replayPtr) ? replayPtr : receivePtr;
    7773         366 :     KeepLogSeg(endptr, &_logSegNo);
    7774         366 :     if (InvalidateObsoleteReplicationSlots(RS_INVAL_WAL_REMOVED,
    7775             :                                            _logSegNo, InvalidOid,
    7776             :                                            InvalidTransactionId))
    7777             :     {
    7778             :         /*
    7779             :          * Some slots have been invalidated; recalculate the old-segment
    7780             :          * horizon, starting again from RedoRecPtr.
    7781             :          */
    7782           2 :         XLByteToSeg(RedoRecPtr, _logSegNo, wal_segment_size);
    7783           2 :         KeepLogSeg(endptr, &_logSegNo);
    7784             :     }
    7785         366 :     _logSegNo--;
    7786             : 
    7787             :     /*
    7788             :      * Try to recycle segments on a useful timeline. If we've been promoted
    7789             :      * since the beginning of this restartpoint, use the new timeline chosen
    7790             :      * at end of recovery.  If we're still in recovery, use the timeline we're
    7791             :      * currently replaying.
    7792             :      *
    7793             :      * There is no guarantee that the WAL segments will be useful on the
    7794             :      * current timeline; if recovery proceeds to a new timeline right after
    7795             :      * this, the pre-allocated WAL segments on this timeline will not be used,
    7796             :      * and will go wasted until recycled on the next restartpoint. We'll live
    7797             :      * with that.
    7798             :      */
    7799         366 :     if (!RecoveryInProgress())
    7800           0 :         replayTLI = XLogCtl->InsertTimeLineID;
    7801             : 
    7802         366 :     RemoveOldXlogFiles(_logSegNo, RedoRecPtr, endptr, replayTLI);
    7803             : 
    7804             :     /*
    7805             :      * Make more log segments if needed.  (Do this after recycling old log
    7806             :      * segments, since that may supply some of the needed files.)
    7807             :      */
    7808         366 :     PreallocXlogFiles(endptr, replayTLI);
    7809             : 
    7810             :     /*
    7811             :      * Truncate pg_subtrans if possible.  We can throw away all data before
    7812             :      * the oldest XMIN of any running transaction.  No future transaction will
    7813             :      * attempt to reference any pg_subtrans entry older than that (see Asserts
    7814             :      * in subtrans.c).  When hot standby is disabled, though, we mustn't do
    7815             :      * this because StartupSUBTRANS hasn't been called yet.
    7816             :      */
    7817         366 :     if (EnableHotStandby)
    7818         366 :         TruncateSUBTRANS(GetOldestTransactionIdConsideredRunning());
    7819             : 
    7820             :     /* Real work is done; log and update stats. */
    7821         366 :     LogCheckpointEnd(true);
    7822             : 
    7823             :     /* Reset the process title */
    7824         366 :     update_checkpoint_display(flags, true, true);
    7825             : 
    7826         366 :     xtime = GetLatestXTime();
    7827         366 :     ereport((log_checkpoints ? LOG : DEBUG2),
    7828             :             (errmsg("recovery restart point at %X/%X",
    7829             :                     LSN_FORMAT_ARGS(lastCheckPoint.redo)),
    7830             :              xtime ? errdetail("Last completed transaction was at log time %s.",
    7831             :                                timestamptz_to_str(xtime)) : 0));
    7832             : 
    7833             :     /*
    7834             :      * Finally, execute archive_cleanup_command, if any.
    7835             :      */
    7836         366 :     if (archiveCleanupCommand && strcmp(archiveCleanupCommand, "") != 0)
    7837           0 :         ExecuteRecoveryCommand(archiveCleanupCommand,
    7838             :                                "archive_cleanup_command",
    7839             :                                false,
    7840             :                                WAIT_EVENT_ARCHIVE_CLEANUP_COMMAND);
    7841             : 
    7842         366 :     return true;
    7843             : }
    7844             : 
    7845             : /*
    7846             :  * Report availability of WAL for the given target LSN
    7847             :  *      (typically a slot's restart_lsn)
    7848             :  *
    7849             :  * Returns one of the following enum values:
    7850             :  *
    7851             :  * * WALAVAIL_RESERVED means targetLSN is available and it is in the range of
    7852             :  *   max_wal_size.
    7853             :  *
    7854             :  * * WALAVAIL_EXTENDED means it is still available by preserving extra
    7855             :  *   segments beyond max_wal_size. If max_slot_wal_keep_size is smaller
    7856             :  *   than max_wal_size, this state is not returned.
    7857             :  *
    7858             :  * * WALAVAIL_UNRESERVED means it is being lost and the next checkpoint will
    7859             :  *   remove reserved segments. The walsender using this slot may return to the
    7860             :  *   above.
    7861             :  *
    7862             :  * * WALAVAIL_REMOVED means it has been removed. A replication stream on
    7863             :  *   a slot with this LSN cannot continue.  (Any associated walsender
    7864             :  *   processes should have been terminated already.)
    7865             :  *
    7866             :  * * WALAVAIL_INVALID_LSN means the slot hasn't been set to reserve WAL.
    7867             :  */
    7868             : WALAvailability
    7869         850 : GetWALAvailability(XLogRecPtr targetLSN)
    7870             : {
    7871             :     XLogRecPtr  currpos;        /* current write LSN */
    7872             :     XLogSegNo   currSeg;        /* segid of currpos */
    7873             :     XLogSegNo   targetSeg;      /* segid of targetLSN */
    7874             :     XLogSegNo   oldestSeg;      /* actual oldest segid */
    7875             :     XLogSegNo   oldestSegMaxWalSize;    /* oldest segid kept by max_wal_size */
    7876             :     XLogSegNo   oldestSlotSeg;  /* oldest segid kept by slot */
    7877             :     uint64      keepSegs;
    7878             : 
    7879             :     /*
    7880             :      * slot does not reserve WAL. Either deactivated, or has never been active
    7881             :      */
    7882         850 :     if (XLogRecPtrIsInvalid(targetLSN))
    7883          28 :         return WALAVAIL_INVALID_LSN;
    7884             : 
    7885             :     /*
    7886             :      * Calculate the oldest segment currently reserved by all slots,
    7887             :      * considering wal_keep_size and max_slot_wal_keep_size.  Initialize
    7888             :      * oldestSlotSeg to the current segment.
    7889             :      */
    7890         822 :     currpos = GetXLogWriteRecPtr();
    7891         822 :     XLByteToSeg(currpos, oldestSlotSeg, wal_segment_size);
    7892         822 :     KeepLogSeg(currpos, &oldestSlotSeg);
    7893             : 
    7894             :     /*
    7895             :      * Find the oldest extant segment file. We get 1 until checkpoint removes
    7896             :      * the first WAL segment file since startup, which causes the status being
    7897             :      * wrong under certain abnormal conditions but that doesn't actually harm.
    7898             :      */
    7899         822 :     oldestSeg = XLogGetLastRemovedSegno() + 1;
    7900             : 
    7901             :     /* calculate oldest segment by max_wal_size */
    7902         822 :     XLByteToSeg(currpos, currSeg, wal_segment_size);
    7903         822 :     keepSegs = ConvertToXSegs(max_wal_size_mb, wal_segment_size) + 1;
    7904             : 
    7905         822 :     if (currSeg > keepSegs)
    7906          16 :         oldestSegMaxWalSize = currSeg - keepSegs;
    7907             :     else
    7908         806 :         oldestSegMaxWalSize = 1;
    7909             : 
    7910             :     /* the segment we care about */
    7911         822 :     XLByteToSeg(targetLSN, targetSeg, wal_segment_size);
    7912             : 
    7913             :     /*
    7914             :      * No point in returning reserved or extended status values if the
    7915             :      * targetSeg is known to be lost.
    7916             :      */
    7917         822 :     if (targetSeg >= oldestSlotSeg)
    7918             :     {
    7919             :         /* show "reserved" when targetSeg is within max_wal_size */
    7920         820 :         if (targetSeg >= oldestSegMaxWalSize)
    7921         816 :             return WALAVAIL_RESERVED;
    7922             : 
    7923             :         /* being retained by slots exceeding max_wal_size */
    7924           4 :         return WALAVAIL_EXTENDED;
    7925             :     }
    7926             : 
    7927             :     /* WAL segments are no longer retained but haven't been removed yet */
    7928           2 :     if (targetSeg >= oldestSeg)
    7929           2 :         return WALAVAIL_UNRESERVED;
    7930             : 
    7931             :     /* Definitely lost */
    7932           0 :     return WALAVAIL_REMOVED;
    7933             : }
    7934             : 
    7935             : 
    7936             : /*
    7937             :  * Retreat *logSegNo to the last segment that we need to retain because of
    7938             :  * either wal_keep_size or replication slots.
    7939             :  *
    7940             :  * This is calculated by subtracting wal_keep_size from the given xlog
    7941             :  * location, recptr and by making sure that that result is below the
    7942             :  * requirement of replication slots.  For the latter criterion we do consider
    7943             :  * the effects of max_slot_wal_keep_size: reserve at most that much space back
    7944             :  * from recptr.
    7945             :  *
    7946             :  * Note about replication slots: if this function calculates a value
    7947             :  * that's further ahead than what slots need reserved, then affected
    7948             :  * slots need to be invalidated and this function invoked again.
    7949             :  * XXX it might be a good idea to rewrite this function so that
    7950             :  * invalidation is optionally done here, instead.
    7951             :  */
    7952             : static void
    7953        3298 : KeepLogSeg(XLogRecPtr recptr, XLogSegNo *logSegNo)
    7954             : {
    7955             :     XLogSegNo   currSegNo;
    7956             :     XLogSegNo   segno;
    7957             :     XLogRecPtr  keep;
    7958             : 
    7959        3298 :     XLByteToSeg(recptr, currSegNo, wal_segment_size);
    7960        3298 :     segno = currSegNo;
    7961             : 
    7962             :     /*
    7963             :      * Calculate how many segments are kept by slots first, adjusting for
    7964             :      * max_slot_wal_keep_size.
    7965             :      */
    7966        3298 :     keep = XLogGetReplicationSlotMinimumLSN();
    7967        3298 :     if (keep != InvalidXLogRecPtr && keep < recptr)
    7968             :     {
    7969        1044 :         XLByteToSeg(keep, segno, wal_segment_size);
    7970             : 
    7971             :         /* Cap by max_slot_wal_keep_size ... */
    7972        1044 :         if (max_slot_wal_keep_size_mb >= 0)
    7973             :         {
    7974             :             uint64      slot_keep_segs;
    7975             : 
    7976          38 :             slot_keep_segs =
    7977          38 :                 ConvertToXSegs(max_slot_wal_keep_size_mb, wal_segment_size);
    7978             : 
    7979          38 :             if (currSegNo - segno > slot_keep_segs)
    7980          10 :                 segno = currSegNo - slot_keep_segs;
    7981             :         }
    7982             :     }
    7983             : 
    7984             :     /*
    7985             :      * If WAL summarization is in use, don't remove WAL that has yet to be
    7986             :      * summarized.
    7987             :      */
    7988        3298 :     keep = GetOldestUnsummarizedLSN(NULL, NULL);
    7989        3298 :     if (keep != InvalidXLogRecPtr)
    7990             :     {
    7991             :         XLogSegNo   unsummarized_segno;
    7992             : 
    7993           4 :         XLByteToSeg(keep, unsummarized_segno, wal_segment_size);
    7994           4 :         if (unsummarized_segno < segno)
    7995           4 :             segno = unsummarized_segno;
    7996             :     }
    7997             : 
    7998             :     /* but, keep at least wal_keep_size if that's set */
    7999        3298 :     if (wal_keep_size_mb > 0)
    8000             :     {
    8001             :         uint64      keep_segs;
    8002             : 
    8003         138 :         keep_segs = ConvertToXSegs(wal_keep_size_mb, wal_segment_size);
    8004         138 :         if (currSegNo - segno < keep_segs)
    8005             :         {
    8006             :             /* avoid underflow, don't go below 1 */
    8007         138 :             if (currSegNo <= keep_segs)
    8008         130 :                 segno = 1;
    8009             :             else
    8010           8 :                 segno = currSegNo - keep_segs;
    8011             :         }
    8012             :     }
    8013             : 
    8014             :     /* don't delete WAL segments newer than the calculated segment */
    8015        3298 :     if (segno < *logSegNo)
    8016         606 :         *logSegNo = segno;
    8017        3298 : }
    8018             : 
    8019             : /*
    8020             :  * Write a NEXTOID log record
    8021             :  */
    8022             : void
    8023        1074 : XLogPutNextOid(Oid nextOid)
    8024             : {
    8025        1074 :     XLogBeginInsert();
    8026        1074 :     XLogRegisterData((char *) (&nextOid), sizeof(Oid));
    8027        1074 :     (void) XLogInsert(RM_XLOG_ID, XLOG_NEXTOID);
    8028             : 
    8029             :     /*
    8030             :      * We need not flush the NEXTOID record immediately, because any of the
    8031             :      * just-allocated OIDs could only reach disk as part of a tuple insert or
    8032             :      * update that would have its own XLOG record that must follow the NEXTOID
    8033             :      * record.  Therefore, the standard buffer LSN interlock applied to those
    8034             :      * records will ensure no such OID reaches disk before the NEXTOID record
    8035             :      * does.
    8036             :      *
    8037             :      * Note, however, that the above statement only covers state "within" the
    8038             :      * database.  When we use a generated OID as a file or directory name, we
    8039             :      * are in a sense violating the basic WAL rule, because that filesystem
    8040             :      * change may reach disk before the NEXTOID WAL record does.  The impact
    8041             :      * of this is that if a database crash occurs immediately afterward, we
    8042             :      * might after restart re-generate the same OID and find that it conflicts
    8043             :      * with the leftover file or directory.  But since for safety's sake we
    8044             :      * always loop until finding a nonconflicting filename, this poses no real
    8045             :      * problem in practice. See pgsql-hackers discussion 27-Sep-2006.
    8046             :      */
    8047        1074 : }
    8048             : 
    8049             : /*
    8050             :  * Write an XLOG SWITCH record.
    8051             :  *
    8052             :  * Here we just blindly issue an XLogInsert request for the record.
    8053             :  * All the magic happens inside XLogInsert.
    8054             :  *
    8055             :  * The return value is either the end+1 address of the switch record,
    8056             :  * or the end+1 address of the prior segment if we did not need to
    8057             :  * write a switch record because we are already at segment start.
    8058             :  */
    8059             : XLogRecPtr
    8060         736 : RequestXLogSwitch(bool mark_unimportant)
    8061             : {
    8062             :     XLogRecPtr  RecPtr;
    8063             : 
    8064             :     /* XLOG SWITCH has no data */
    8065         736 :     XLogBeginInsert();
    8066             : 
    8067         736 :     if (mark_unimportant)
    8068           0 :         XLogSetRecordFlags(XLOG_MARK_UNIMPORTANT);
    8069         736 :     RecPtr = XLogInsert(RM_XLOG_ID, XLOG_SWITCH);
    8070             : 
    8071         736 :     return RecPtr;
    8072             : }
    8073             : 
    8074             : /*
    8075             :  * Write a RESTORE POINT record
    8076             :  */
    8077             : XLogRecPtr
    8078           6 : XLogRestorePoint(const char *rpName)
    8079             : {
    8080             :     XLogRecPtr  RecPtr;
    8081             :     xl_restore_point xlrec;
    8082             : 
    8083           6 :     xlrec.rp_time = GetCurrentTimestamp();
    8084           6 :     strlcpy(xlrec.rp_name, rpName, MAXFNAMELEN);
    8085             : 
    8086           6 :     XLogBeginInsert();
    8087           6 :     XLogRegisterData((char *) &xlrec, sizeof(xl_restore_point));
    8088             : 
    8089           6 :     RecPtr = XLogInsert(RM_XLOG_ID, XLOG_RESTORE_POINT);
    8090             : 
    8091           6 :     ereport(LOG,
    8092             :             (errmsg("restore point \"%s\" created at %X/%X",
    8093             :                     rpName, LSN_FORMAT_ARGS(RecPtr))));
    8094             : 
    8095           6 :     return RecPtr;
    8096             : }
    8097             : 
    8098             : /*
    8099             :  * Check if any of the GUC parameters that are critical for hot standby
    8100             :  * have changed, and update the value in pg_control file if necessary.
    8101             :  */
    8102             : static void
    8103        1534 : XLogReportParameters(void)
    8104             : {
    8105        1534 :     if (wal_level != ControlFile->wal_level ||
    8106        1132 :         wal_log_hints != ControlFile->wal_log_hints ||
    8107         978 :         MaxConnections != ControlFile->MaxConnections ||
    8108         976 :         max_worker_processes != ControlFile->max_worker_processes ||
    8109         974 :         max_wal_senders != ControlFile->max_wal_senders ||
    8110         952 :         max_prepared_xacts != ControlFile->max_prepared_xacts ||
    8111         780 :         max_locks_per_xact != ControlFile->max_locks_per_xact ||
    8112         780 :         track_commit_timestamp != ControlFile->track_commit_timestamp)
    8113             :     {
    8114             :         /*
    8115             :          * The change in number of backend slots doesn't need to be WAL-logged
    8116             :          * if archiving is not enabled, as you can't start archive recovery
    8117             :          * with wal_level=minimal anyway. We don't really care about the
    8118             :          * values in pg_control either if wal_level=minimal, but seems better
    8119             :          * to keep them up-to-date to avoid confusion.
    8120             :          */
    8121         774 :         if (wal_level != ControlFile->wal_level || XLogIsNeeded())
    8122             :         {
    8123             :             xl_parameter_change xlrec;
    8124             :             XLogRecPtr  recptr;
    8125             : 
    8126         752 :             xlrec.MaxConnections = MaxConnections;
    8127         752 :             xlrec.max_worker_processes = max_worker_processes;
    8128         752 :             xlrec.max_wal_senders = max_wal_senders;
    8129         752 :             xlrec.max_prepared_xacts = max_prepared_xacts;
    8130         752 :             xlrec.max_locks_per_xact = max_locks_per_xact;
    8131         752 :             xlrec.wal_level = wal_level;
    8132         752 :             xlrec.wal_log_hints = wal_log_hints;
    8133         752 :             xlrec.track_commit_timestamp = track_commit_timestamp;
    8134             : 
    8135         752 :             XLogBeginInsert();
    8136         752 :             XLogRegisterData((char *) &xlrec, sizeof(xlrec));
    8137             : 
    8138         752 :             recptr = XLogInsert(RM_XLOG_ID, XLOG_PARAMETER_CHANGE);
    8139         752 :             XLogFlush(recptr);
    8140             :         }
    8141             : 
    8142         774 :         LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    8143             : 
    8144         774 :         ControlFile->MaxConnections = MaxConnections;
    8145         774 :         ControlFile->max_worker_processes = max_worker_processes;
    8146         774 :         ControlFile->max_wal_senders = max_wal_senders;
    8147         774 :         ControlFile->max_prepared_xacts = max_prepared_xacts;
    8148         774 :         ControlFile->max_locks_per_xact = max_locks_per_xact;
    8149         774 :         ControlFile->wal_level = wal_level;
    8150         774 :         ControlFile->wal_log_hints = wal_log_hints;
    8151         774 :         ControlFile->track_commit_timestamp = track_commit_timestamp;
    8152         774 :         UpdateControlFile();
    8153             : 
    8154         774 :         LWLockRelease(ControlFileLock);
    8155             :     }
    8156        1534 : }
    8157             : 
    8158             : /*
    8159             :  * Update full_page_writes in shared memory, and write an
    8160             :  * XLOG_FPW_CHANGE record if necessary.
    8161             :  *
    8162             :  * Note: this function assumes there is no other process running
    8163             :  * concurrently that could update it.
    8164             :  */
    8165             : void
    8166        2532 : UpdateFullPageWrites(void)
    8167             : {
    8168        2532 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    8169             :     bool        recoveryInProgress;
    8170             : 
    8171             :     /*
    8172             :      * Do nothing if full_page_writes has not been changed.
    8173             :      *
    8174             :      * It's safe to check the shared full_page_writes without the lock,
    8175             :      * because we assume that there is no concurrently running process which
    8176             :      * can update it.
    8177             :      */
    8178        2532 :     if (fullPageWrites == Insert->fullPageWrites)
    8179        1656 :         return;
    8180             : 
    8181             :     /*
    8182             :      * Perform this outside critical section so that the WAL insert
    8183             :      * initialization done by RecoveryInProgress() doesn't trigger an
    8184             :      * assertion failure.
    8185             :      */
    8186         876 :     recoveryInProgress = RecoveryInProgress();
    8187             : 
    8188         876 :     START_CRIT_SECTION();
    8189             : 
    8190             :     /*
    8191             :      * It's always safe to take full page images, even when not strictly
    8192             :      * required, but not the other round. So if we're setting full_page_writes
    8193             :      * to true, first set it true and then write the WAL record. If we're
    8194             :      * setting it to false, first write the WAL record and then set the global
    8195             :      * flag.
    8196             :      */
    8197         876 :     if (fullPageWrites)
    8198             :     {
    8199         868 :         WALInsertLockAcquireExclusive();
    8200         868 :         Insert->fullPageWrites = true;
    8201         868 :         WALInsertLockRelease();
    8202             :     }
    8203             : 
    8204             :     /*
    8205             :      * Write an XLOG_FPW_CHANGE record. This allows us to keep track of
    8206             :      * full_page_writes during archive recovery, if required.
    8207             :      */
    8208         876 :     if (XLogStandbyInfoActive() && !recoveryInProgress)
    8209             :     {
    8210           0 :         XLogBeginInsert();
    8211           0 :         XLogRegisterData((char *) (&fullPageWrites), sizeof(bool));
    8212             : 
    8213           0 :         XLogInsert(RM_XLOG_ID, XLOG_FPW_CHANGE);
    8214             :     }
    8215             : 
    8216         876 :     if (!fullPageWrites)
    8217             :     {
    8218           8 :         WALInsertLockAcquireExclusive();
    8219           8 :         Insert->fullPageWrites = false;
    8220           8 :         WALInsertLockRelease();
    8221             :     }
    8222         876 :     END_CRIT_SECTION();
    8223             : }
    8224             : 
    8225             : /*
    8226             :  * XLOG resource manager's routines
    8227             :  *
    8228             :  * Definitions of info values are in include/catalog/pg_control.h, though
    8229             :  * not all record types are related to control file updates.
    8230             :  *
    8231             :  * NOTE: Some XLOG record types that are directly related to WAL recovery
    8232             :  * are handled in xlogrecovery_redo().
    8233             :  */
    8234             : void
    8235       79122 : xlog_redo(XLogReaderState *record)
    8236             : {
    8237       79122 :     uint8       info = XLogRecGetInfo(record) & ~XLR_INFO_MASK;
    8238       79122 :     XLogRecPtr  lsn = record->EndRecPtr;
    8239             : 
    8240             :     /*
    8241             :      * In XLOG rmgr, backup blocks are only used by XLOG_FPI and
    8242             :      * XLOG_FPI_FOR_HINT records.
    8243             :      */
    8244             :     Assert(info == XLOG_FPI || info == XLOG_FPI_FOR_HINT ||
    8245             :            !XLogRecHasAnyBlockRefs(record));
    8246             : 
    8247       79122 :     if (info == XLOG_NEXTOID)
    8248             :     {
    8249             :         Oid         nextOid;
    8250             : 
    8251             :         /*
    8252             :          * We used to try to take the maximum of TransamVariables->nextOid and
    8253             :          * the recorded nextOid, but that fails if the OID counter wraps
    8254             :          * around.  Since no OID allocation should be happening during replay
    8255             :          * anyway, better to just believe the record exactly.  We still take
    8256             :          * OidGenLock while setting the variable, just in case.
    8257             :          */
    8258         178 :         memcpy(&nextOid, XLogRecGetData(record), sizeof(Oid));
    8259         178 :         LWLockAcquire(OidGenLock, LW_EXCLUSIVE);
    8260         178 :         TransamVariables->nextOid = nextOid;
    8261         178 :         TransamVariables->oidCount = 0;
    8262         178 :         LWLockRelease(OidGenLock);
    8263             :     }
    8264       78944 :     else if (info == XLOG_CHECKPOINT_SHUTDOWN)
    8265             :     {
    8266             :         CheckPoint  checkPoint;
    8267             :         TimeLineID  replayTLI;
    8268             : 
    8269          68 :         memcpy(&checkPoint, XLogRecGetData(record), sizeof(CheckPoint));
    8270             :         /* In a SHUTDOWN checkpoint, believe the counters exactly */
    8271          68 :         LWLockAcquire(XidGenLock, LW_EXCLUSIVE);
    8272          68 :         TransamVariables->nextXid = checkPoint.nextXid;
    8273          68 :         LWLockRelease(XidGenLock);
    8274          68 :         LWLockAcquire(OidGenLock, LW_EXCLUSIVE);
    8275          68 :         TransamVariables->nextOid = checkPoint.nextOid;
    8276          68 :         TransamVariables->oidCount = 0;
    8277          68 :         LWLockRelease(OidGenLock);
    8278          68 :         MultiXactSetNextMXact(checkPoint.nextMulti,
    8279             :                               checkPoint.nextMultiOffset);
    8280             : 
    8281          68 :         MultiXactAdvanceOldest(checkPoint.oldestMulti,
    8282             :                                checkPoint.oldestMultiDB);
    8283             : 
    8284             :         /*
    8285             :          * No need to set oldestClogXid here as well; it'll be set when we
    8286             :          * redo an xl_clog_truncate if it changed since initialization.
    8287             :          */
    8288          68 :         SetTransactionIdLimit(checkPoint.oldestXid, checkPoint.oldestXidDB);
    8289             : 
    8290             :         /*
    8291             :          * If we see a shutdown checkpoint while waiting for an end-of-backup
    8292             :          * record, the backup was canceled and the end-of-backup record will
    8293             :          * never arrive.
    8294             :          */
    8295          68 :         if (ArchiveRecoveryRequested &&
    8296          66 :             !XLogRecPtrIsInvalid(ControlFile->backupStartPoint) &&
    8297           0 :             XLogRecPtrIsInvalid(ControlFile->backupEndPoint))
    8298           0 :             ereport(PANIC,
    8299             :                     (errmsg("online backup was canceled, recovery cannot continue")));
    8300             : 
    8301             :         /*
    8302             :          * If we see a shutdown checkpoint, we know that nothing was running
    8303             :          * on the primary at this point. So fake-up an empty running-xacts
    8304             :          * record and use that here and now. Recover additional standby state
    8305             :          * for prepared transactions.
    8306             :          */
    8307          68 :         if (standbyState >= STANDBY_INITIALIZED)
    8308             :         {
    8309             :             TransactionId *xids;
    8310             :             int         nxids;
    8311             :             TransactionId oldestActiveXID;
    8312             :             TransactionId latestCompletedXid;
    8313             :             RunningTransactionsData running;
    8314             : 
    8315          62 :             oldestActiveXID = PrescanPreparedTransactions(&xids, &nxids);
    8316             : 
    8317             :             /* Update pg_subtrans entries for any prepared transactions */
    8318          62 :             StandbyRecoverPreparedTransactions();
    8319             : 
    8320             :             /*
    8321             :              * Construct a RunningTransactions snapshot representing a shut
    8322             :              * down server, with only prepared transactions still alive. We're
    8323             :              * never overflowed at this point because all subxids are listed
    8324             :              * with their parent prepared transactions.
    8325             :              */
    8326          62 :             running.xcnt = nxids;
    8327          62 :             running.subxcnt = 0;
    8328          62 :             running.subxid_status = SUBXIDS_IN_SUBTRANS;
    8329          62 :             running.nextXid = XidFromFullTransactionId(checkPoint.nextXid);
    8330          62 :             running.oldestRunningXid = oldestActiveXID;
    8331          62 :             latestCompletedXid = XidFromFullTransactionId(checkPoint.nextXid);
    8332          62 :             TransactionIdRetreat(latestCompletedXid);
    8333             :             Assert(TransactionIdIsNormal(latestCompletedXid));
    8334          62 :             running.latestCompletedXid = latestCompletedXid;
    8335          62 :             running.xids = xids;
    8336             : 
    8337          62 :             ProcArrayApplyRecoveryInfo(&running);
    8338             :         }
    8339             : 
    8340             :         /* ControlFile->checkPointCopy always tracks the latest ckpt XID */
    8341          68 :         LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    8342          68 :         ControlFile->checkPointCopy.nextXid = checkPoint.nextXid;
    8343          68 :         LWLockRelease(ControlFileLock);
    8344             : 
    8345             :         /* Update shared-memory copy of checkpoint XID/epoch */
    8346          68 :         SpinLockAcquire(&XLogCtl->info_lck);
    8347          68 :         XLogCtl->ckptFullXid = checkPoint.nextXid;
    8348          68 :         SpinLockRelease(&XLogCtl->info_lck);
    8349             : 
    8350             :         /*
    8351             :          * We should've already switched to the new TLI before replaying this
    8352             :          * record.
    8353             :          */
    8354          68 :         (void) GetCurrentReplayRecPtr(&replayTLI);
    8355          68 :         if (checkPoint.ThisTimeLineID != replayTLI)
    8356           0 :             ereport(PANIC,
    8357             :                     (errmsg("unexpected timeline ID %u (should be %u) in shutdown checkpoint record",
    8358             :                             checkPoint.ThisTimeLineID, replayTLI)));
    8359             : 
    8360          68 :         RecoveryRestartPoint(&checkPoint, record);
    8361             :     }
    8362       78876 :     else if (info == XLOG_CHECKPOINT_ONLINE)
    8363             :     {
    8364             :         CheckPoint  checkPoint;
    8365             :         TimeLineID  replayTLI;
    8366             : 
    8367         676 :         memcpy(&checkPoint, XLogRecGetData(record), sizeof(CheckPoint));
    8368             :         /* In an ONLINE checkpoint, treat the XID counter as a minimum */
    8369         676 :         LWLockAcquire(XidGenLock, LW_EXCLUSIVE);
    8370         676 :         if (FullTransactionIdPrecedes(TransamVariables->nextXid,
    8371             :                                       checkPoint.nextXid))
    8372           0 :             TransamVariables->nextXid = checkPoint.nextXid;
    8373         676 :         LWLockRelease(XidGenLock);
    8374             : 
    8375             :         /*
    8376             :          * We ignore the nextOid counter in an ONLINE checkpoint, preferring
    8377             :          * to track OID assignment through XLOG_NEXTOID records.  The nextOid
    8378             :          * counter is from the start of the checkpoint and might well be stale
    8379             :          * compared to later XLOG_NEXTOID records.  We could try to take the
    8380             :          * maximum of the nextOid counter and our latest value, but since
    8381             :          * there's no particular guarantee about the speed with which the OID
    8382             :          * counter wraps around, that's a risky thing to do.  In any case,
    8383             :          * users of the nextOid counter are required to avoid assignment of
    8384             :          * duplicates, so that a somewhat out-of-date value should be safe.
    8385             :          */
    8386             : 
    8387             :         /* Handle multixact */
    8388         676 :         MultiXactAdvanceNextMXact(checkPoint.nextMulti,
    8389             :                                   checkPoint.nextMultiOffset);
    8390             : 
    8391             :         /*
    8392             :          * NB: This may perform multixact truncation when replaying WAL
    8393             :          * generated by an older primary.
    8394             :          */
    8395         676 :         MultiXactAdvanceOldest(checkPoint.oldestMulti,
    8396             :                                checkPoint.oldestMultiDB);
    8397         676 :         if (TransactionIdPrecedes(TransamVariables->oldestXid,
    8398             :                                   checkPoint.oldestXid))
    8399           0 :             SetTransactionIdLimit(checkPoint.oldestXid,
    8400             :                                   checkPoint.oldestXidDB);
    8401             :         /* ControlFile->checkPointCopy always tracks the latest ckpt XID */
    8402         676 :         LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    8403         676 :         ControlFile->checkPointCopy.nextXid = checkPoint.nextXid;
    8404         676 :         LWLockRelease(ControlFileLock);
    8405             : 
    8406             :         /* Update shared-memory copy of checkpoint XID/epoch */
    8407         676 :         SpinLockAcquire(&XLogCtl->info_lck);
    8408         676 :         XLogCtl->ckptFullXid = checkPoint.nextXid;
    8409         676 :         SpinLockRelease(&XLogCtl->info_lck);
    8410             : 
    8411             :         /* TLI should not change in an on-line checkpoint */
    8412         676 :         (void) GetCurrentReplayRecPtr(&replayTLI);
    8413         676 :         if (checkPoint.ThisTimeLineID != replayTLI)
    8414           0 :             ereport(PANIC,
    8415             :                     (errmsg("unexpected timeline ID %u (should be %u) in online checkpoint record",
    8416             :                             checkPoint.ThisTimeLineID, replayTLI)));
    8417             : 
    8418         676 :         RecoveryRestartPoint(&checkPoint, record);
    8419             :     }
    8420       78200 :     else if (info == XLOG_OVERWRITE_CONTRECORD)
    8421             :     {
    8422             :         /* nothing to do here, handled in xlogrecovery_redo() */
    8423             :     }
    8424       78198 :     else if (info == XLOG_END_OF_RECOVERY)
    8425             :     {
    8426             :         xl_end_of_recovery xlrec;
    8427             :         TimeLineID  replayTLI;
    8428             : 
    8429          20 :         memcpy(&xlrec, XLogRecGetData(record), sizeof(xl_end_of_recovery));
    8430             : 
    8431             :         /*
    8432             :          * For Hot Standby, we could treat this like a Shutdown Checkpoint,
    8433             :          * but this case is rarer and harder to test, so the benefit doesn't
    8434             :          * outweigh the potential extra cost of maintenance.
    8435             :          */
    8436             : 
    8437             :         /*
    8438             :          * We should've already switched to the new TLI before replaying this
    8439             :          * record.
    8440             :          */
    8441          20 :         (void) GetCurrentReplayRecPtr(&replayTLI);
    8442          20 :         if (xlrec.ThisTimeLineID != replayTLI)
    8443           0 :             ereport(PANIC,
    8444             :                     (errmsg("unexpected timeline ID %u (should be %u) in end-of-recovery record",
    8445             :                             xlrec.ThisTimeLineID, replayTLI)));
    8446             :     }
    8447       78178 :     else if (info == XLOG_NOOP)
    8448             :     {
    8449             :         /* nothing to do here */
    8450             :     }
    8451       78178 :     else if (info == XLOG_SWITCH)
    8452             :     {
    8453             :         /* nothing to do here */
    8454             :     }
    8455       77942 :     else if (info == XLOG_RESTORE_POINT)
    8456             :     {
    8457             :         /* nothing to do here, handled in xlogrecovery.c */
    8458             :     }
    8459       77932 :     else if (info == XLOG_FPI || info == XLOG_FPI_FOR_HINT)
    8460             :     {
    8461             :         /*
    8462             :          * XLOG_FPI records contain nothing else but one or more block
    8463             :          * references. Every block reference must include a full-page image
    8464             :          * even if full_page_writes was disabled when the record was generated
    8465             :          * - otherwise there would be no point in this record.
    8466             :          *
    8467             :          * XLOG_FPI_FOR_HINT records are generated when a page needs to be
    8468             :          * WAL-logged because of a hint bit update. They are only generated
    8469             :          * when checksums and/or wal_log_hints are enabled. They may include
    8470             :          * no full-page images if full_page_writes was disabled when they were
    8471             :          * generated. In this case there is nothing to do here.
    8472             :          *
    8473             :          * No recovery conflicts are generated by these generic records - if a
    8474             :          * resource manager needs to generate conflicts, it has to define a
    8475             :          * separate WAL record type and redo routine.
    8476             :          */
    8477      163636 :         for (uint8 block_id = 0; block_id <= XLogRecMaxBlockId(record); block_id++)
    8478             :         {
    8479             :             Buffer      buffer;
    8480             : 
    8481       86604 :             if (!XLogRecHasBlockImage(record, block_id))
    8482             :             {
    8483         134 :                 if (info == XLOG_FPI)
    8484           0 :                     elog(ERROR, "XLOG_FPI record did not contain a full-page image");
    8485         134 :                 continue;
    8486             :             }
    8487             : 
    8488       86470 :             if (XLogReadBufferForRedo(record, block_id, &buffer) != BLK_RESTORED)
    8489           0 :                 elog(ERROR, "unexpected XLogReadBufferForRedo result when restoring backup block");
    8490       86470 :             UnlockReleaseBuffer(buffer);
    8491             :         }
    8492             :     }
    8493         900 :     else if (info == XLOG_BACKUP_END)
    8494             :     {
    8495             :         /* nothing to do here, handled in xlogrecovery_redo() */
    8496             :     }
    8497         738 :     else if (info == XLOG_PARAMETER_CHANGE)
    8498             :     {
    8499             :         xl_parameter_change xlrec;
    8500             : 
    8501             :         /* Update our copy of the parameters in pg_control */
    8502          60 :         memcpy(&xlrec, XLogRecGetData(record), sizeof(xl_parameter_change));
    8503             : 
    8504             :         /*
    8505             :          * Invalidate logical slots if we are in hot standby and the primary
    8506             :          * does not have a WAL level sufficient for logical decoding. No need
    8507             :          * to search for potentially conflicting logically slots if standby is
    8508             :          * running with wal_level lower than logical, because in that case, we
    8509             :          * would have either disallowed creation of logical slots or
    8510             :          * invalidated existing ones.
    8511             :          */
    8512          60 :         if (InRecovery && InHotStandby &&
    8513          30 :             xlrec.wal_level < WAL_LEVEL_LOGICAL &&
    8514          12 :             wal_level >= WAL_LEVEL_LOGICAL)
    8515           8 :             InvalidateObsoleteReplicationSlots(RS_INVAL_WAL_LEVEL,
    8516             :                                                0, InvalidOid,
    8517             :                                                InvalidTransactionId);
    8518             : 
    8519          60 :         LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    8520          60 :         ControlFile->MaxConnections = xlrec.MaxConnections;
    8521          60 :         ControlFile->max_worker_processes = xlrec.max_worker_processes;
    8522          60 :         ControlFile->max_wal_senders = xlrec.max_wal_senders;
    8523          60 :         ControlFile->max_prepared_xacts = xlrec.max_prepared_xacts;
    8524          60 :         ControlFile->max_locks_per_xact = xlrec.max_locks_per_xact;
    8525          60 :         ControlFile->wal_level = xlrec.wal_level;
    8526          60 :         ControlFile->wal_log_hints = xlrec.wal_log_hints;
    8527             : 
    8528             :         /*
    8529             :          * Update minRecoveryPoint to ensure that if recovery is aborted, we
    8530             :          * recover back up to this point before allowing hot standby again.
    8531             :          * This is important if the max_* settings are decreased, to ensure
    8532             :          * you don't run queries against the WAL preceding the change. The
    8533             :          * local copies cannot be updated as long as crash recovery is
    8534             :          * happening and we expect all the WAL to be replayed.
    8535             :          */
    8536          60 :         if (InArchiveRecovery)
    8537             :         {
    8538          32 :             LocalMinRecoveryPoint = ControlFile->minRecoveryPoint;
    8539          32 :             LocalMinRecoveryPointTLI = ControlFile->minRecoveryPointTLI;
    8540             :         }
    8541          60 :         if (LocalMinRecoveryPoint != InvalidXLogRecPtr && LocalMinRecoveryPoint < lsn)
    8542             :         {
    8543             :             TimeLineID  replayTLI;
    8544             : 
    8545          14 :             (void) GetCurrentReplayRecPtr(&replayTLI);
    8546          14 :             ControlFile->minRecoveryPoint = lsn;
    8547          14 :             ControlFile->minRecoveryPointTLI = replayTLI;
    8548             :         }
    8549             : 
    8550          60 :         CommitTsParameterChange(xlrec.track_commit_timestamp,
    8551          60 :                                 ControlFile->track_commit_timestamp);
    8552          60 :         ControlFile->track_commit_timestamp = xlrec.track_commit_timestamp;
    8553             : 
    8554          60 :         UpdateControlFile();
    8555          60 :         LWLockRelease(ControlFileLock);
    8556             : 
    8557             :         /* Check to see if any parameter change gives a problem on recovery */
    8558          60 :         CheckRequiredParameterValues();
    8559             :     }
    8560         678 :     else if (info == XLOG_FPW_CHANGE)
    8561             :     {
    8562             :         bool        fpw;
    8563             : 
    8564           0 :         memcpy(&fpw, XLogRecGetData(record), sizeof(bool));
    8565             : 
    8566             :         /*
    8567             :          * Update the LSN of the last replayed XLOG_FPW_CHANGE record so that
    8568             :          * do_pg_backup_start() and do_pg_backup_stop() can check whether
    8569             :          * full_page_writes has been disabled during online backup.
    8570             :          */
    8571           0 :         if (!fpw)
    8572             :         {
    8573           0 :             SpinLockAcquire(&XLogCtl->info_lck);
    8574           0 :             if (XLogCtl->lastFpwDisableRecPtr < record->ReadRecPtr)
    8575           0 :                 XLogCtl->lastFpwDisableRecPtr = record->ReadRecPtr;
    8576           0 :             SpinLockRelease(&XLogCtl->info_lck);
    8577             :         }
    8578             : 
    8579             :         /* Keep track of full_page_writes */
    8580           0 :         lastFullPageWrites = fpw;
    8581             :     }
    8582             :     else if (info == XLOG_CHECKPOINT_REDO)
    8583             :     {
    8584             :         /* nothing to do here, just for informational purposes */
    8585             :     }
    8586       79118 : }
    8587             : 
    8588             : /*
    8589             :  * Return the extra open flags used for opening a file, depending on the
    8590             :  * value of the GUCs wal_sync_method, fsync and debug_io_direct.
    8591             :  */
    8592             : static int
    8593       26592 : get_sync_bit(int method)
    8594             : {
    8595       26592 :     int         o_direct_flag = 0;
    8596             : 
    8597             :     /*
    8598             :      * Use O_DIRECT if requested, except in walreceiver process.  The WAL
    8599             :      * written by walreceiver is normally read by the startup process soon
    8600             :      * after it's written.  Also, walreceiver performs unaligned writes, which
    8601             :      * don't work with O_DIRECT, so it is required for correctness too.
    8602             :      */
    8603       26592 :     if ((io_direct_flags & IO_DIRECT_WAL) && !AmWalReceiverProcess())
    8604          16 :         o_direct_flag = PG_O_DIRECT;
    8605             : 
    8606             :     /* If fsync is disabled, never open in sync mode */
    8607       26592 :     if (!enableFsync)
    8608       26592 :         return o_direct_flag;
    8609             : 
    8610           0 :     switch (method)
    8611             :     {
    8612             :             /*
    8613             :              * enum values for all sync options are defined even if they are
    8614             :              * not supported on the current platform.  But if not, they are
    8615             :              * not included in the enum option array, and therefore will never
    8616             :              * be seen here.
    8617             :              */
    8618           0 :         case WAL_SYNC_METHOD_FSYNC:
    8619             :         case WAL_SYNC_METHOD_FSYNC_WRITETHROUGH:
    8620             :         case WAL_SYNC_METHOD_FDATASYNC:
    8621           0 :             return o_direct_flag;
    8622             : #ifdef O_SYNC
    8623           0 :         case WAL_SYNC_METHOD_OPEN:
    8624           0 :             return O_SYNC | o_direct_flag;
    8625             : #endif
    8626             : #ifdef O_DSYNC
    8627           0 :         case WAL_SYNC_METHOD_OPEN_DSYNC:
    8628           0 :             return O_DSYNC | o_direct_flag;
    8629             : #endif
    8630           0 :         default:
    8631             :             /* can't happen (unless we are out of sync with option array) */
    8632           0 :             elog(ERROR, "unrecognized \"wal_sync_method\": %d", method);
    8633             :             return 0;           /* silence warning */
    8634             :     }
    8635             : }
    8636             : 
    8637             : /*
    8638             :  * GUC support
    8639             :  */
    8640             : void
    8641        1972 : assign_wal_sync_method(int new_wal_sync_method, void *extra)
    8642             : {
    8643        1972 :     if (wal_sync_method != new_wal_sync_method)
    8644             :     {
    8645             :         /*
    8646             :          * To ensure that no blocks escape unsynced, force an fsync on the
    8647             :          * currently open log segment (if any).  Also, if the open flag is
    8648             :          * changing, close the log file so it will be reopened (with new flag
    8649             :          * bit) at next use.
    8650             :          */
    8651           0 :         if (openLogFile >= 0)
    8652             :         {
    8653           0 :             pgstat_report_wait_start(WAIT_EVENT_WAL_SYNC_METHOD_ASSIGN);
    8654           0 :             if (pg_fsync(openLogFile) != 0)
    8655             :             {
    8656             :                 char        xlogfname[MAXFNAMELEN];
    8657             :                 int         save_errno;
    8658             : 
    8659           0 :                 save_errno = errno;
    8660           0 :                 XLogFileName(xlogfname, openLogTLI, openLogSegNo,
    8661             :                              wal_segment_size);
    8662           0 :                 errno = save_errno;
    8663           0 :                 ereport(PANIC,
    8664             :                         (errcode_for_file_access(),
    8665             :                          errmsg("could not fsync file \"%s\": %m", xlogfname)));
    8666             :             }
    8667             : 
    8668           0 :             pgstat_report_wait_end();
    8669           0 :             if (get_sync_bit(wal_sync_method) != get_sync_bit(new_wal_sync_method))
    8670           0 :                 XLogFileClose();
    8671             :         }
    8672             :     }
    8673        1972 : }
    8674             : 
    8675             : 
    8676             : /*
    8677             :  * Issue appropriate kind of fsync (if any) for an XLOG output file.
    8678             :  *
    8679             :  * 'fd' is a file descriptor for the XLOG file to be fsync'd.
    8680             :  * 'segno' is for error reporting purposes.
    8681             :  */
    8682             : void
    8683      257070 : issue_xlog_fsync(int fd, XLogSegNo segno, TimeLineID tli)
    8684             : {
    8685      257070 :     char       *msg = NULL;
    8686             :     instr_time  start;
    8687             : 
    8688             :     Assert(tli != 0);
    8689             : 
    8690             :     /*
    8691             :      * Quick exit if fsync is disabled or write() has already synced the WAL
    8692             :      * file.
    8693             :      */
    8694      257070 :     if (!enableFsync ||
    8695           0 :         wal_sync_method == WAL_SYNC_METHOD_OPEN ||
    8696           0 :         wal_sync_method == WAL_SYNC_METHOD_OPEN_DSYNC)
    8697      257070 :         return;
    8698             : 
    8699             :     /* Measure I/O timing to sync the WAL file */
    8700           0 :     if (track_wal_io_timing)
    8701           0 :         INSTR_TIME_SET_CURRENT(start);
    8702             :     else
    8703           0 :         INSTR_TIME_SET_ZERO(start);
    8704             : 
    8705           0 :     pgstat_report_wait_start(WAIT_EVENT_WAL_SYNC);
    8706           0 :     switch (wal_sync_method)
    8707             :     {
    8708           0 :         case WAL_SYNC_METHOD_FSYNC:
    8709           0 :             if (pg_fsync_no_writethrough(fd) != 0)
    8710           0 :                 msg = _("could not fsync file \"%s\": %m");
    8711           0 :             break;
    8712             : #ifdef HAVE_FSYNC_WRITETHROUGH
    8713             :         case WAL_SYNC_METHOD_FSYNC_WRITETHROUGH:
    8714             :             if (pg_fsync_writethrough(fd) != 0)
    8715             :                 msg = _("could not fsync write-through file \"%s\": %m");
    8716             :             break;
    8717             : #endif
    8718           0 :         case WAL_SYNC_METHOD_FDATASYNC:
    8719           0 :             if (pg_fdatasync(fd) != 0)
    8720           0 :                 msg = _("could not fdatasync file \"%s\": %m");
    8721           0 :             break;
    8722           0 :         case WAL_SYNC_METHOD_OPEN:
    8723             :         case WAL_SYNC_METHOD_OPEN_DSYNC:
    8724             :             /* not reachable */
    8725             :             Assert(false);
    8726           0 :             break;
    8727           0 :         default:
    8728           0 :             ereport(PANIC,
    8729             :                     errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    8730             :                     errmsg_internal("unrecognized \"wal_sync_method\": %d", wal_sync_method));
    8731             :             break;
    8732             :     }
    8733             : 
    8734             :     /* PANIC if failed to fsync */
    8735           0 :     if (msg)
    8736             :     {
    8737             :         char        xlogfname[MAXFNAMELEN];
    8738           0 :         int         save_errno = errno;
    8739             : 
    8740           0 :         XLogFileName(xlogfname, tli, segno, wal_segment_size);
    8741           0 :         errno = save_errno;
    8742           0 :         ereport(PANIC,
    8743             :                 (errcode_for_file_access(),
    8744             :                  errmsg(msg, xlogfname)));
    8745             :     }
    8746             : 
    8747           0 :     pgstat_report_wait_end();
    8748             : 
    8749             :     /*
    8750             :      * Increment the I/O timing and the number of times WAL files were synced.
    8751             :      */
    8752           0 :     if (track_wal_io_timing)
    8753             :     {
    8754             :         instr_time  end;
    8755             : 
    8756           0 :         INSTR_TIME_SET_CURRENT(end);
    8757           0 :         INSTR_TIME_ACCUM_DIFF(PendingWalStats.wal_sync_time, end, start);
    8758             :     }
    8759             : 
    8760           0 :     PendingWalStats.wal_sync++;
    8761             : }
    8762             : 
    8763             : /*
    8764             :  * do_pg_backup_start is the workhorse of the user-visible pg_backup_start()
    8765             :  * function. It creates the necessary starting checkpoint and constructs the
    8766             :  * backup state and tablespace map.
    8767             :  *
    8768             :  * Input parameters are "state" (the backup state), "fast" (if true, we do
    8769             :  * the checkpoint in immediate mode to make it faster), and "tablespaces"
    8770             :  * (if non-NULL, indicates a list of tablespaceinfo structs describing the
    8771             :  * cluster's tablespaces.).
    8772             :  *
    8773             :  * The tablespace map contents are appended to passed-in parameter
    8774             :  * tablespace_map and the caller is responsible for including it in the backup
    8775             :  * archive as 'tablespace_map'. The tablespace_map file is required mainly for
    8776             :  * tar format in windows as native windows utilities are not able to create
    8777             :  * symlinks while extracting files from tar. However for consistency and
    8778             :  * platform-independence, we do it the same way everywhere.
    8779             :  *
    8780             :  * It fills in "state" with the information required for the backup, such
    8781             :  * as the minimum WAL location that must be present to restore from this
    8782             :  * backup (starttli) and the corresponding timeline ID (starttli).
    8783             :  *
    8784             :  * Every successfully started backup must be stopped by calling
    8785             :  * do_pg_backup_stop() or do_pg_abort_backup(). There can be many
    8786             :  * backups active at the same time.
    8787             :  *
    8788             :  * It is the responsibility of the caller of this function to verify the
    8789             :  * permissions of the calling user!
    8790             :  */
    8791             : void
    8792         320 : do_pg_backup_start(const char *backupidstr, bool fast, List **tablespaces,
    8793             :                    BackupState *state, StringInfo tblspcmapfile)
    8794             : {
    8795             :     bool        backup_started_in_recovery;
    8796             : 
    8797             :     Assert(state != NULL);
    8798         320 :     backup_started_in_recovery = RecoveryInProgress();
    8799             : 
    8800             :     /*
    8801             :      * During recovery, we don't need to check WAL level. Because, if WAL
    8802             :      * level is not sufficient, it's impossible to get here during recovery.
    8803             :      */
    8804         320 :     if (!backup_started_in_recovery && !XLogIsNeeded())
    8805           0 :         ereport(ERROR,
    8806             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    8807             :                  errmsg("WAL level not sufficient for making an online backup"),
    8808             :                  errhint("\"wal_level\" must be set to \"replica\" or \"logical\" at server start.")));
    8809             : 
    8810         320 :     if (strlen(backupidstr) > MAXPGPATH)
    8811           2 :         ereport(ERROR,
    8812             :                 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    8813             :                  errmsg("backup label too long (max %d bytes)",
    8814             :                         MAXPGPATH)));
    8815             : 
    8816         318 :     strlcpy(state->name, backupidstr, sizeof(state->name));
    8817             : 
    8818             :     /*
    8819             :      * Mark backup active in shared memory.  We must do full-page WAL writes
    8820             :      * during an on-line backup even if not doing so at other times, because
    8821             :      * it's quite possible for the backup dump to obtain a "torn" (partially
    8822             :      * written) copy of a database page if it reads the page concurrently with
    8823             :      * our write to the same page.  This can be fixed as long as the first
    8824             :      * write to the page in the WAL sequence is a full-page write. Hence, we
    8825             :      * increment runningBackups then force a CHECKPOINT, to ensure there are
    8826             :      * no dirty pages in shared memory that might get dumped while the backup
    8827             :      * is in progress without having a corresponding WAL record.  (Once the
    8828             :      * backup is complete, we need not force full-page writes anymore, since
    8829             :      * we expect that any pages not modified during the backup interval must
    8830             :      * have been correctly captured by the backup.)
    8831             :      *
    8832             :      * Note that forcing full-page writes has no effect during an online
    8833             :      * backup from the standby.
    8834             :      *
    8835             :      * We must hold all the insertion locks to change the value of
    8836             :      * runningBackups, to ensure adequate interlocking against
    8837             :      * XLogInsertRecord().
    8838             :      */
    8839         318 :     WALInsertLockAcquireExclusive();
    8840         318 :     XLogCtl->Insert.runningBackups++;
    8841         318 :     WALInsertLockRelease();
    8842             : 
    8843             :     /*
    8844             :      * Ensure we decrement runningBackups if we fail below. NB -- for this to
    8845             :      * work correctly, it is critical that sessionBackupState is only updated
    8846             :      * after this block is over.
    8847             :      */
    8848         318 :     PG_ENSURE_ERROR_CLEANUP(do_pg_abort_backup, DatumGetBool(true));
    8849             :     {
    8850         318 :         bool        gotUniqueStartpoint = false;
    8851             :         DIR        *tblspcdir;
    8852             :         struct dirent *de;
    8853             :         tablespaceinfo *ti;
    8854             :         int         datadirpathlen;
    8855             : 
    8856             :         /*
    8857             :          * Force an XLOG file switch before the checkpoint, to ensure that the
    8858             :          * WAL segment the checkpoint is written to doesn't contain pages with
    8859             :          * old timeline IDs.  That would otherwise happen if you called
    8860             :          * pg_backup_start() right after restoring from a PITR archive: the
    8861             :          * first WAL segment containing the startup checkpoint has pages in
    8862             :          * the beginning with the old timeline ID.  That can cause trouble at
    8863             :          * recovery: we won't have a history file covering the old timeline if
    8864             :          * pg_wal directory was not included in the base backup and the WAL
    8865             :          * archive was cleared too before starting the backup.
    8866             :          *
    8867             :          * This also ensures that we have emitted a WAL page header that has
    8868             :          * XLP_BKP_REMOVABLE off before we emit the checkpoint record.
    8869             :          * Therefore, if a WAL archiver (such as pglesslog) is trying to
    8870             :          * compress out removable backup blocks, it won't remove any that
    8871             :          * occur after this point.
    8872             :          *
    8873             :          * During recovery, we skip forcing XLOG file switch, which means that
    8874             :          * the backup taken during recovery is not available for the special
    8875             :          * recovery case described above.
    8876             :          */
    8877         318 :         if (!backup_started_in_recovery)
    8878         304 :             RequestXLogSwitch(false);
    8879             : 
    8880             :         do
    8881             :         {
    8882             :             bool        checkpointfpw;
    8883             : 
    8884             :             /*
    8885             :              * Force a CHECKPOINT.  Aside from being necessary to prevent torn
    8886             :              * page problems, this guarantees that two successive backup runs
    8887             :              * will have different checkpoint positions and hence different
    8888             :              * history file names, even if nothing happened in between.
    8889             :              *
    8890             :              * During recovery, establish a restartpoint if possible. We use
    8891             :              * the last restartpoint as the backup starting checkpoint. This
    8892             :              * means that two successive backup runs can have same checkpoint
    8893             :              * positions.
    8894             :              *
    8895             :              * Since the fact that we are executing do_pg_backup_start()
    8896             :              * during recovery means that checkpointer is running, we can use
    8897             :              * RequestCheckpoint() to establish a restartpoint.
    8898             :              *
    8899             :              * We use CHECKPOINT_IMMEDIATE only if requested by user (via
    8900             :              * passing fast = true).  Otherwise this can take awhile.
    8901             :              */
    8902         318 :             RequestCheckpoint(CHECKPOINT_FORCE | CHECKPOINT_WAIT |
    8903             :                               (fast ? CHECKPOINT_IMMEDIATE : 0));
    8904             : 
    8905             :             /*
    8906             :              * Now we need to fetch the checkpoint record location, and also
    8907             :              * its REDO pointer.  The oldest point in WAL that would be needed
    8908             :              * to restore starting from the checkpoint is precisely the REDO
    8909             :              * pointer.
    8910             :              */
    8911         318 :             LWLockAcquire(ControlFileLock, LW_SHARED);
    8912         318 :             state->checkpointloc = ControlFile->checkPoint;
    8913         318 :             state->startpoint = ControlFile->checkPointCopy.redo;
    8914         318 :             state->starttli = ControlFile->checkPointCopy.ThisTimeLineID;
    8915         318 :             checkpointfpw = ControlFile->checkPointCopy.fullPageWrites;
    8916         318 :             LWLockRelease(ControlFileLock);
    8917             : 
    8918         318 :             if (backup_started_in_recovery)
    8919             :             {
    8920             :                 XLogRecPtr  recptr;
    8921             : 
    8922             :                 /*
    8923             :                  * Check to see if all WAL replayed during online backup
    8924             :                  * (i.e., since last restartpoint used as backup starting
    8925             :                  * checkpoint) contain full-page writes.
    8926             :                  */
    8927          14 :                 SpinLockAcquire(&XLogCtl->info_lck);
    8928          14 :                 recptr = XLogCtl->lastFpwDisableRecPtr;
    8929          14 :                 SpinLockRelease(&XLogCtl->info_lck);
    8930             : 
    8931          14 :                 if (!checkpointfpw || state->startpoint <= recptr)
    8932           0 :                     ereport(ERROR,
    8933             :                             (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    8934             :                              errmsg("WAL generated with \"full_page_writes=off\" was replayed "
    8935             :                                     "since last restartpoint"),
    8936             :                              errhint("This means that the backup being taken on the standby "
    8937             :                                      "is corrupt and should not be used. "
    8938             :                                      "Enable \"full_page_writes\" and run CHECKPOINT on the primary, "
    8939             :                                      "and then try an online backup again.")));
    8940             : 
    8941             :                 /*
    8942             :                  * During recovery, since we don't use the end-of-backup WAL
    8943             :                  * record and don't write the backup history file, the
    8944             :                  * starting WAL location doesn't need to be unique. This means
    8945             :                  * that two base backups started at the same time might use
    8946             :                  * the same checkpoint as starting locations.
    8947             :                  */
    8948          14 :                 gotUniqueStartpoint = true;
    8949             :             }
    8950             : 
    8951             :             /*
    8952             :              * If two base backups are started at the same time (in WAL sender
    8953             :              * processes), we need to make sure that they use different
    8954             :              * checkpoints as starting locations, because we use the starting
    8955             :              * WAL location as a unique identifier for the base backup in the
    8956             :              * end-of-backup WAL record and when we write the backup history
    8957             :              * file. Perhaps it would be better generate a separate unique ID
    8958             :              * for each backup instead of forcing another checkpoint, but
    8959             :              * taking a checkpoint right after another is not that expensive
    8960             :              * either because only few buffers have been dirtied yet.
    8961             :              */
    8962         318 :             WALInsertLockAcquireExclusive();
    8963         318 :             if (XLogCtl->Insert.lastBackupStart < state->startpoint)
    8964             :             {
    8965         318 :                 XLogCtl->Insert.lastBackupStart = state->startpoint;
    8966         318 :                 gotUniqueStartpoint = true;
    8967             :             }
    8968         318 :             WALInsertLockRelease();
    8969         318 :         } while (!gotUniqueStartpoint);
    8970             : 
    8971             :         /*
    8972             :          * Construct tablespace_map file.
    8973             :          */
    8974         318 :         datadirpathlen = strlen(DataDir);
    8975             : 
    8976             :         /* Collect information about all tablespaces */
    8977         318 :         tblspcdir = AllocateDir(PG_TBLSPC_DIR);
    8978        1026 :         while ((de = ReadDir(tblspcdir, PG_TBLSPC_DIR)) != NULL)
    8979             :         {
    8980             :             char        fullpath[MAXPGPATH + sizeof(PG_TBLSPC_DIR)];
    8981             :             char        linkpath[MAXPGPATH];
    8982         708 :             char       *relpath = NULL;
    8983             :             char       *s;
    8984             :             PGFileType  de_type;
    8985             :             char       *badp;
    8986             :             Oid         tsoid;
    8987             : 
    8988             :             /*
    8989             :              * Try to parse the directory name as an unsigned integer.
    8990             :              *
    8991             :              * Tablespace directories should be positive integers that can be
    8992             :              * represented in 32 bits, with no leading zeroes or trailing
    8993             :              * garbage. If we come across a name that doesn't meet those
    8994             :              * criteria, skip it.
    8995             :              */
    8996         708 :             if (de->d_name[0] < '1' || de->d_name[1] > '9')
    8997