LCOV - code coverage report
Current view: top level - src/backend/access/transam - xlog.c (source / functions) Hit Total Coverage
Test: PostgreSQL 18devel Lines: 2171 2457 88.4 %
Date: 2025-04-01 14:15:22 Functions: 119 122 97.5 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /*-------------------------------------------------------------------------
       2             :  *
       3             :  * xlog.c
       4             :  *      PostgreSQL write-ahead log manager
       5             :  *
       6             :  * The Write-Ahead Log (WAL) functionality is split into several source
       7             :  * files, in addition to this one:
       8             :  *
       9             :  * xloginsert.c - Functions for constructing WAL records
      10             :  * xlogrecovery.c - WAL recovery and standby code
      11             :  * xlogreader.c - Facility for reading WAL files and parsing WAL records
      12             :  * xlogutils.c - Helper functions for WAL redo routines
      13             :  *
      14             :  * This file contains functions for coordinating database startup and
      15             :  * checkpointing, and managing the write-ahead log buffers when the
      16             :  * system is running.
      17             :  *
      18             :  * StartupXLOG() is the main entry point of the startup process.  It
      19             :  * coordinates database startup, performing WAL recovery, and the
      20             :  * transition from WAL recovery into normal operations.
      21             :  *
      22             :  * XLogInsertRecord() inserts a WAL record into the WAL buffers.  Most
      23             :  * callers should not call this directly, but use the functions in
      24             :  * xloginsert.c to construct the WAL record.  XLogFlush() can be used
      25             :  * to force the WAL to disk.
      26             :  *
      27             :  * In addition to those, there are many other functions for interrogating
      28             :  * the current system state, and for starting/stopping backups.
      29             :  *
      30             :  *
      31             :  * Portions Copyright (c) 1996-2025, PostgreSQL Global Development Group
      32             :  * Portions Copyright (c) 1994, Regents of the University of California
      33             :  *
      34             :  * src/backend/access/transam/xlog.c
      35             :  *
      36             :  *-------------------------------------------------------------------------
      37             :  */
      38             : 
      39             : #include "postgres.h"
      40             : 
      41             : #include <ctype.h>
      42             : #include <math.h>
      43             : #include <time.h>
      44             : #include <fcntl.h>
      45             : #include <sys/stat.h>
      46             : #include <sys/time.h>
      47             : #include <unistd.h>
      48             : 
      49             : #include "access/clog.h"
      50             : #include "access/commit_ts.h"
      51             : #include "access/heaptoast.h"
      52             : #include "access/multixact.h"
      53             : #include "access/rewriteheap.h"
      54             : #include "access/subtrans.h"
      55             : #include "access/timeline.h"
      56             : #include "access/transam.h"
      57             : #include "access/twophase.h"
      58             : #include "access/xact.h"
      59             : #include "access/xlog_internal.h"
      60             : #include "access/xlogarchive.h"
      61             : #include "access/xloginsert.h"
      62             : #include "access/xlogreader.h"
      63             : #include "access/xlogrecovery.h"
      64             : #include "access/xlogutils.h"
      65             : #include "backup/basebackup.h"
      66             : #include "catalog/catversion.h"
      67             : #include "catalog/pg_control.h"
      68             : #include "catalog/pg_database.h"
      69             : #include "common/controldata_utils.h"
      70             : #include "common/file_utils.h"
      71             : #include "executor/instrument.h"
      72             : #include "miscadmin.h"
      73             : #include "pg_trace.h"
      74             : #include "pgstat.h"
      75             : #include "port/atomics.h"
      76             : #include "postmaster/bgwriter.h"
      77             : #include "postmaster/startup.h"
      78             : #include "postmaster/walsummarizer.h"
      79             : #include "postmaster/walwriter.h"
      80             : #include "replication/origin.h"
      81             : #include "replication/slot.h"
      82             : #include "replication/snapbuild.h"
      83             : #include "replication/walreceiver.h"
      84             : #include "replication/walsender.h"
      85             : #include "storage/bufmgr.h"
      86             : #include "storage/fd.h"
      87             : #include "storage/ipc.h"
      88             : #include "storage/large_object.h"
      89             : #include "storage/latch.h"
      90             : #include "storage/predicate.h"
      91             : #include "storage/proc.h"
      92             : #include "storage/procarray.h"
      93             : #include "storage/reinit.h"
      94             : #include "storage/spin.h"
      95             : #include "storage/sync.h"
      96             : #include "utils/guc_hooks.h"
      97             : #include "utils/guc_tables.h"
      98             : #include "utils/injection_point.h"
      99             : #include "utils/ps_status.h"
     100             : #include "utils/relmapper.h"
     101             : #include "utils/snapmgr.h"
     102             : #include "utils/timeout.h"
     103             : #include "utils/timestamp.h"
     104             : #include "utils/varlena.h"
     105             : 
     106             : #ifdef WAL_DEBUG
     107             : #include "utils/memutils.h"
     108             : #endif
     109             : 
     110             : /* timeline ID to be used when bootstrapping */
     111             : #define BootstrapTimeLineID     1
     112             : 
     113             : /* User-settable parameters */
     114             : int         max_wal_size_mb = 1024; /* 1 GB */
     115             : int         min_wal_size_mb = 80;   /* 80 MB */
     116             : int         wal_keep_size_mb = 0;
     117             : int         XLOGbuffers = -1;
     118             : int         XLogArchiveTimeout = 0;
     119             : int         XLogArchiveMode = ARCHIVE_MODE_OFF;
     120             : char       *XLogArchiveCommand = NULL;
     121             : bool        EnableHotStandby = false;
     122             : bool        fullPageWrites = true;
     123             : bool        wal_log_hints = false;
     124             : int         wal_compression = WAL_COMPRESSION_NONE;
     125             : char       *wal_consistency_checking_string = NULL;
     126             : bool       *wal_consistency_checking = NULL;
     127             : bool        wal_init_zero = true;
     128             : bool        wal_recycle = true;
     129             : bool        log_checkpoints = true;
     130             : int         wal_sync_method = DEFAULT_WAL_SYNC_METHOD;
     131             : int         wal_level = WAL_LEVEL_REPLICA;
     132             : int         CommitDelay = 0;    /* precommit delay in microseconds */
     133             : int         CommitSiblings = 5; /* # concurrent xacts needed to sleep */
     134             : int         wal_retrieve_retry_interval = 5000;
     135             : int         max_slot_wal_keep_size_mb = -1;
     136             : int         wal_decode_buffer_size = 512 * 1024;
     137             : bool        track_wal_io_timing = false;
     138             : 
     139             : #ifdef WAL_DEBUG
     140             : bool        XLOG_DEBUG = false;
     141             : #endif
     142             : 
     143             : int         wal_segment_size = DEFAULT_XLOG_SEG_SIZE;
     144             : 
     145             : /*
     146             :  * Number of WAL insertion locks to use. A higher value allows more insertions
     147             :  * to happen concurrently, but adds some CPU overhead to flushing the WAL,
     148             :  * which needs to iterate all the locks.
     149             :  */
     150             : #define NUM_XLOGINSERT_LOCKS  8
     151             : 
     152             : /*
     153             :  * Max distance from last checkpoint, before triggering a new xlog-based
     154             :  * checkpoint.
     155             :  */
     156             : int         CheckPointSegments;
     157             : 
     158             : /* Estimated distance between checkpoints, in bytes */
     159             : static double CheckPointDistanceEstimate = 0;
     160             : static double PrevCheckPointDistance = 0;
     161             : 
     162             : /*
     163             :  * Track whether there were any deferred checks for custom resource managers
     164             :  * specified in wal_consistency_checking.
     165             :  */
     166             : static bool check_wal_consistency_checking_deferred = false;
     167             : 
     168             : /*
     169             :  * GUC support
     170             :  */
     171             : const struct config_enum_entry wal_sync_method_options[] = {
     172             :     {"fsync", WAL_SYNC_METHOD_FSYNC, false},
     173             : #ifdef HAVE_FSYNC_WRITETHROUGH
     174             :     {"fsync_writethrough", WAL_SYNC_METHOD_FSYNC_WRITETHROUGH, false},
     175             : #endif
     176             :     {"fdatasync", WAL_SYNC_METHOD_FDATASYNC, false},
     177             : #ifdef O_SYNC
     178             :     {"open_sync", WAL_SYNC_METHOD_OPEN, false},
     179             : #endif
     180             : #ifdef O_DSYNC
     181             :     {"open_datasync", WAL_SYNC_METHOD_OPEN_DSYNC, false},
     182             : #endif
     183             :     {NULL, 0, false}
     184             : };
     185             : 
     186             : 
     187             : /*
     188             :  * Although only "on", "off", and "always" are documented,
     189             :  * we accept all the likely variants of "on" and "off".
     190             :  */
     191             : const struct config_enum_entry archive_mode_options[] = {
     192             :     {"always", ARCHIVE_MODE_ALWAYS, false},
     193             :     {"on", ARCHIVE_MODE_ON, false},
     194             :     {"off", ARCHIVE_MODE_OFF, false},
     195             :     {"true", ARCHIVE_MODE_ON, true},
     196             :     {"false", ARCHIVE_MODE_OFF, true},
     197             :     {"yes", ARCHIVE_MODE_ON, true},
     198             :     {"no", ARCHIVE_MODE_OFF, true},
     199             :     {"1", ARCHIVE_MODE_ON, true},
     200             :     {"0", ARCHIVE_MODE_OFF, true},
     201             :     {NULL, 0, false}
     202             : };
     203             : 
     204             : /*
     205             :  * Statistics for current checkpoint are collected in this global struct.
     206             :  * Because only the checkpointer or a stand-alone backend can perform
     207             :  * checkpoints, this will be unused in normal backends.
     208             :  */
     209             : CheckpointStatsData CheckpointStats;
     210             : 
     211             : /*
     212             :  * During recovery, lastFullPageWrites keeps track of full_page_writes that
     213             :  * the replayed WAL records indicate. It's initialized with full_page_writes
     214             :  * that the recovery starting checkpoint record indicates, and then updated
     215             :  * each time XLOG_FPW_CHANGE record is replayed.
     216             :  */
     217             : static bool lastFullPageWrites;
     218             : 
     219             : /*
     220             :  * Local copy of the state tracked by SharedRecoveryState in shared memory,
     221             :  * It is false if SharedRecoveryState is RECOVERY_STATE_DONE.  True actually
     222             :  * means "not known, need to check the shared state".
     223             :  */
     224             : static bool LocalRecoveryInProgress = true;
     225             : 
     226             : /*
     227             :  * Local state for XLogInsertAllowed():
     228             :  *      1: unconditionally allowed to insert XLOG
     229             :  *      0: unconditionally not allowed to insert XLOG
     230             :  *      -1: must check RecoveryInProgress(); disallow until it is false
     231             :  * Most processes start with -1 and transition to 1 after seeing that recovery
     232             :  * is not in progress.  But we can also force the value for special cases.
     233             :  * The coding in XLogInsertAllowed() depends on the first two of these states
     234             :  * being numerically the same as bool true and false.
     235             :  */
     236             : static int  LocalXLogInsertAllowed = -1;
     237             : 
     238             : /*
     239             :  * ProcLastRecPtr points to the start of the last XLOG record inserted by the
     240             :  * current backend.  It is updated for all inserts.  XactLastRecEnd points to
     241             :  * end+1 of the last record, and is reset when we end a top-level transaction,
     242             :  * or start a new one; so it can be used to tell if the current transaction has
     243             :  * created any XLOG records.
     244             :  *
     245             :  * While in parallel mode, this may not be fully up to date.  When committing,
     246             :  * a transaction can assume this covers all xlog records written either by the
     247             :  * user backend or by any parallel worker which was present at any point during
     248             :  * the transaction.  But when aborting, or when still in parallel mode, other
     249             :  * parallel backends may have written WAL records at later LSNs than the value
     250             :  * stored here.  The parallel leader advances its own copy, when necessary,
     251             :  * in WaitForParallelWorkersToFinish.
     252             :  */
     253             : XLogRecPtr  ProcLastRecPtr = InvalidXLogRecPtr;
     254             : XLogRecPtr  XactLastRecEnd = InvalidXLogRecPtr;
     255             : XLogRecPtr  XactLastCommitEnd = InvalidXLogRecPtr;
     256             : 
     257             : /*
     258             :  * RedoRecPtr is this backend's local copy of the REDO record pointer
     259             :  * (which is almost but not quite the same as a pointer to the most recent
     260             :  * CHECKPOINT record).  We update this from the shared-memory copy,
     261             :  * XLogCtl->Insert.RedoRecPtr, whenever we can safely do so (ie, when we
     262             :  * hold an insertion lock).  See XLogInsertRecord for details.  We are also
     263             :  * allowed to update from XLogCtl->RedoRecPtr if we hold the info_lck;
     264             :  * see GetRedoRecPtr.
     265             :  *
     266             :  * NB: Code that uses this variable must be prepared not only for the
     267             :  * possibility that it may be arbitrarily out of date, but also for the
     268             :  * possibility that it might be set to InvalidXLogRecPtr. We used to
     269             :  * initialize it as a side effect of the first call to RecoveryInProgress(),
     270             :  * which meant that most code that might use it could assume that it had a
     271             :  * real if perhaps stale value. That's no longer the case.
     272             :  */
     273             : static XLogRecPtr RedoRecPtr;
     274             : 
     275             : /*
     276             :  * doPageWrites is this backend's local copy of (fullPageWrites ||
     277             :  * runningBackups > 0).  It is used together with RedoRecPtr to decide whether
     278             :  * a full-page image of a page need to be taken.
     279             :  *
     280             :  * NB: Initially this is false, and there's no guarantee that it will be
     281             :  * initialized to any other value before it is first used. Any code that
     282             :  * makes use of it must recheck the value after obtaining a WALInsertLock,
     283             :  * and respond appropriately if it turns out that the previous value wasn't
     284             :  * accurate.
     285             :  */
     286             : static bool doPageWrites;
     287             : 
     288             : /*----------
     289             :  * Shared-memory data structures for XLOG control
     290             :  *
     291             :  * LogwrtRqst indicates a byte position that we need to write and/or fsync
     292             :  * the log up to (all records before that point must be written or fsynced).
     293             :  * The positions already written/fsynced are maintained in logWriteResult
     294             :  * and logFlushResult using atomic access.
     295             :  * In addition to the shared variable, each backend has a private copy of
     296             :  * both in LogwrtResult, which is updated when convenient.
     297             :  *
     298             :  * The request bookkeeping is simpler: there is a shared XLogCtl->LogwrtRqst
     299             :  * (protected by info_lck), but we don't need to cache any copies of it.
     300             :  *
     301             :  * info_lck is only held long enough to read/update the protected variables,
     302             :  * so it's a plain spinlock.  The other locks are held longer (potentially
     303             :  * over I/O operations), so we use LWLocks for them.  These locks are:
     304             :  *
     305             :  * WALBufMappingLock: must be held to replace a page in the WAL buffer cache.
     306             :  * It is only held while initializing and changing the mapping.  If the
     307             :  * contents of the buffer being replaced haven't been written yet, the mapping
     308             :  * lock is released while the write is done, and reacquired afterwards.
     309             :  *
     310             :  * WALWriteLock: must be held to write WAL buffers to disk (XLogWrite or
     311             :  * XLogFlush).
     312             :  *
     313             :  * ControlFileLock: must be held to read/update control file or create
     314             :  * new log file.
     315             :  *
     316             :  *----------
     317             :  */
     318             : 
     319             : typedef struct XLogwrtRqst
     320             : {
     321             :     XLogRecPtr  Write;          /* last byte + 1 to write out */
     322             :     XLogRecPtr  Flush;          /* last byte + 1 to flush */
     323             : } XLogwrtRqst;
     324             : 
     325             : typedef struct XLogwrtResult
     326             : {
     327             :     XLogRecPtr  Write;          /* last byte + 1 written out */
     328             :     XLogRecPtr  Flush;          /* last byte + 1 flushed */
     329             : } XLogwrtResult;
     330             : 
     331             : /*
     332             :  * Inserting to WAL is protected by a small fixed number of WAL insertion
     333             :  * locks. To insert to the WAL, you must hold one of the locks - it doesn't
     334             :  * matter which one. To lock out other concurrent insertions, you must hold
     335             :  * of them. Each WAL insertion lock consists of a lightweight lock, plus an
     336             :  * indicator of how far the insertion has progressed (insertingAt).
     337             :  *
     338             :  * The insertingAt values are read when a process wants to flush WAL from
     339             :  * the in-memory buffers to disk, to check that all the insertions to the
     340             :  * region the process is about to write out have finished. You could simply
     341             :  * wait for all currently in-progress insertions to finish, but the
     342             :  * insertingAt indicator allows you to ignore insertions to later in the WAL,
     343             :  * so that you only wait for the insertions that are modifying the buffers
     344             :  * you're about to write out.
     345             :  *
     346             :  * This isn't just an optimization. If all the WAL buffers are dirty, an
     347             :  * inserter that's holding a WAL insert lock might need to evict an old WAL
     348             :  * buffer, which requires flushing the WAL. If it's possible for an inserter
     349             :  * to block on another inserter unnecessarily, deadlock can arise when two
     350             :  * inserters holding a WAL insert lock wait for each other to finish their
     351             :  * insertion.
     352             :  *
     353             :  * Small WAL records that don't cross a page boundary never update the value,
     354             :  * the WAL record is just copied to the page and the lock is released. But
     355             :  * to avoid the deadlock-scenario explained above, the indicator is always
     356             :  * updated before sleeping while holding an insertion lock.
     357             :  *
     358             :  * lastImportantAt contains the LSN of the last important WAL record inserted
     359             :  * using a given lock. This value is used to detect if there has been
     360             :  * important WAL activity since the last time some action, like a checkpoint,
     361             :  * was performed - allowing to not repeat the action if not. The LSN is
     362             :  * updated for all insertions, unless the XLOG_MARK_UNIMPORTANT flag was
     363             :  * set. lastImportantAt is never cleared, only overwritten by the LSN of newer
     364             :  * records.  Tracking the WAL activity directly in WALInsertLock has the
     365             :  * advantage of not needing any additional locks to update the value.
     366             :  */
     367             : typedef struct
     368             : {
     369             :     LWLock      lock;
     370             :     pg_atomic_uint64 insertingAt;
     371             :     XLogRecPtr  lastImportantAt;
     372             : } WALInsertLock;
     373             : 
     374             : /*
     375             :  * All the WAL insertion locks are allocated as an array in shared memory. We
     376             :  * force the array stride to be a power of 2, which saves a few cycles in
     377             :  * indexing, but more importantly also ensures that individual slots don't
     378             :  * cross cache line boundaries. (Of course, we have to also ensure that the
     379             :  * array start address is suitably aligned.)
     380             :  */
     381             : typedef union WALInsertLockPadded
     382             : {
     383             :     WALInsertLock l;
     384             :     char        pad[PG_CACHE_LINE_SIZE];
     385             : } WALInsertLockPadded;
     386             : 
     387             : /*
     388             :  * Session status of running backup, used for sanity checks in SQL-callable
     389             :  * functions to start and stop backups.
     390             :  */
     391             : static SessionBackupState sessionBackupState = SESSION_BACKUP_NONE;
     392             : 
     393             : /*
     394             :  * Shared state data for WAL insertion.
     395             :  */
     396             : typedef struct XLogCtlInsert
     397             : {
     398             :     slock_t     insertpos_lck;  /* protects CurrBytePos and PrevBytePos */
     399             : 
     400             :     /*
     401             :      * CurrBytePos is the end of reserved WAL. The next record will be
     402             :      * inserted at that position. PrevBytePos is the start position of the
     403             :      * previously inserted (or rather, reserved) record - it is copied to the
     404             :      * prev-link of the next record. These are stored as "usable byte
     405             :      * positions" rather than XLogRecPtrs (see XLogBytePosToRecPtr()).
     406             :      */
     407             :     uint64      CurrBytePos;
     408             :     uint64      PrevBytePos;
     409             : 
     410             :     /*
     411             :      * Make sure the above heavily-contended spinlock and byte positions are
     412             :      * on their own cache line. In particular, the RedoRecPtr and full page
     413             :      * write variables below should be on a different cache line. They are
     414             :      * read on every WAL insertion, but updated rarely, and we don't want
     415             :      * those reads to steal the cache line containing Curr/PrevBytePos.
     416             :      */
     417             :     char        pad[PG_CACHE_LINE_SIZE];
     418             : 
     419             :     /*
     420             :      * fullPageWrites is the authoritative value used by all backends to
     421             :      * determine whether to write full-page image to WAL. This shared value,
     422             :      * instead of the process-local fullPageWrites, is required because, when
     423             :      * full_page_writes is changed by SIGHUP, we must WAL-log it before it
     424             :      * actually affects WAL-logging by backends.  Checkpointer sets at startup
     425             :      * or after SIGHUP.
     426             :      *
     427             :      * To read these fields, you must hold an insertion lock. To modify them,
     428             :      * you must hold ALL the locks.
     429             :      */
     430             :     XLogRecPtr  RedoRecPtr;     /* current redo point for insertions */
     431             :     bool        fullPageWrites;
     432             : 
     433             :     /*
     434             :      * runningBackups is a counter indicating the number of backups currently
     435             :      * in progress. lastBackupStart is the latest checkpoint redo location
     436             :      * used as a starting point for an online backup.
     437             :      */
     438             :     int         runningBackups;
     439             :     XLogRecPtr  lastBackupStart;
     440             : 
     441             :     /*
     442             :      * WAL insertion locks.
     443             :      */
     444             :     WALInsertLockPadded *WALInsertLocks;
     445             : } XLogCtlInsert;
     446             : 
     447             : /*
     448             :  * Total shared-memory state for XLOG.
     449             :  */
     450             : typedef struct XLogCtlData
     451             : {
     452             :     XLogCtlInsert Insert;
     453             : 
     454             :     /* Protected by info_lck: */
     455             :     XLogwrtRqst LogwrtRqst;
     456             :     XLogRecPtr  RedoRecPtr;     /* a recent copy of Insert->RedoRecPtr */
     457             :     FullTransactionId ckptFullXid;  /* nextXid of latest checkpoint */
     458             :     XLogRecPtr  asyncXactLSN;   /* LSN of newest async commit/abort */
     459             :     XLogRecPtr  replicationSlotMinLSN;  /* oldest LSN needed by any slot */
     460             : 
     461             :     XLogSegNo   lastRemovedSegNo;   /* latest removed/recycled XLOG segment */
     462             : 
     463             :     /* Fake LSN counter, for unlogged relations. */
     464             :     pg_atomic_uint64 unloggedLSN;
     465             : 
     466             :     /* Time and LSN of last xlog segment switch. Protected by WALWriteLock. */
     467             :     pg_time_t   lastSegSwitchTime;
     468             :     XLogRecPtr  lastSegSwitchLSN;
     469             : 
     470             :     /* These are accessed using atomics -- info_lck not needed */
     471             :     pg_atomic_uint64 logInsertResult;   /* last byte + 1 inserted to buffers */
     472             :     pg_atomic_uint64 logWriteResult;    /* last byte + 1 written out */
     473             :     pg_atomic_uint64 logFlushResult;    /* last byte + 1 flushed */
     474             : 
     475             :     /*
     476             :      * Latest initialized page in the cache (last byte position + 1).
     477             :      *
     478             :      * To change the identity of a buffer (and InitializedUpTo), you need to
     479             :      * hold WALBufMappingLock.  To change the identity of a buffer that's
     480             :      * still dirty, the old page needs to be written out first, and for that
     481             :      * you need WALWriteLock, and you need to ensure that there are no
     482             :      * in-progress insertions to the page by calling
     483             :      * WaitXLogInsertionsToFinish().
     484             :      */
     485             :     XLogRecPtr  InitializedUpTo;
     486             : 
     487             :     /*
     488             :      * These values do not change after startup, although the pointed-to pages
     489             :      * and xlblocks values certainly do.  xlblocks values are protected by
     490             :      * WALBufMappingLock.
     491             :      */
     492             :     char       *pages;          /* buffers for unwritten XLOG pages */
     493             :     pg_atomic_uint64 *xlblocks; /* 1st byte ptr-s + XLOG_BLCKSZ */
     494             :     int         XLogCacheBlck;  /* highest allocated xlog buffer index */
     495             : 
     496             :     /*
     497             :      * InsertTimeLineID is the timeline into which new WAL is being inserted
     498             :      * and flushed. It is zero during recovery, and does not change once set.
     499             :      *
     500             :      * If we create a new timeline when the system was started up,
     501             :      * PrevTimeLineID is the old timeline's ID that we forked off from.
     502             :      * Otherwise it's equal to InsertTimeLineID.
     503             :      *
     504             :      * We set these fields while holding info_lck. Most that reads these
     505             :      * values knows that recovery is no longer in progress and so can safely
     506             :      * read the value without a lock, but code that could be run either during
     507             :      * or after recovery can take info_lck while reading these values.
     508             :      */
     509             :     TimeLineID  InsertTimeLineID;
     510             :     TimeLineID  PrevTimeLineID;
     511             : 
     512             :     /*
     513             :      * SharedRecoveryState indicates if we're still in crash or archive
     514             :      * recovery.  Protected by info_lck.
     515             :      */
     516             :     RecoveryState SharedRecoveryState;
     517             : 
     518             :     /*
     519             :      * InstallXLogFileSegmentActive indicates whether the checkpointer should
     520             :      * arrange for future segments by recycling and/or PreallocXlogFiles().
     521             :      * Protected by ControlFileLock.  Only the startup process changes it.  If
     522             :      * true, anyone can use InstallXLogFileSegment().  If false, the startup
     523             :      * process owns the exclusive right to install segments, by reading from
     524             :      * the archive and possibly replacing existing files.
     525             :      */
     526             :     bool        InstallXLogFileSegmentActive;
     527             : 
     528             :     /*
     529             :      * WalWriterSleeping indicates whether the WAL writer is currently in
     530             :      * low-power mode (and hence should be nudged if an async commit occurs).
     531             :      * Protected by info_lck.
     532             :      */
     533             :     bool        WalWriterSleeping;
     534             : 
     535             :     /*
     536             :      * During recovery, we keep a copy of the latest checkpoint record here.
     537             :      * lastCheckPointRecPtr points to start of checkpoint record and
     538             :      * lastCheckPointEndPtr points to end+1 of checkpoint record.  Used by the
     539             :      * checkpointer when it wants to create a restartpoint.
     540             :      *
     541             :      * Protected by info_lck.
     542             :      */
     543             :     XLogRecPtr  lastCheckPointRecPtr;
     544             :     XLogRecPtr  lastCheckPointEndPtr;
     545             :     CheckPoint  lastCheckPoint;
     546             : 
     547             :     /*
     548             :      * lastFpwDisableRecPtr points to the start of the last replayed
     549             :      * XLOG_FPW_CHANGE record that instructs full_page_writes is disabled.
     550             :      */
     551             :     XLogRecPtr  lastFpwDisableRecPtr;
     552             : 
     553             :     slock_t     info_lck;       /* locks shared variables shown above */
     554             : } XLogCtlData;
     555             : 
     556             : /*
     557             :  * Classification of XLogInsertRecord operations.
     558             :  */
     559             : typedef enum
     560             : {
     561             :     WALINSERT_NORMAL,
     562             :     WALINSERT_SPECIAL_SWITCH,
     563             :     WALINSERT_SPECIAL_CHECKPOINT
     564             : } WalInsertClass;
     565             : 
     566             : static XLogCtlData *XLogCtl = NULL;
     567             : 
     568             : /* a private copy of XLogCtl->Insert.WALInsertLocks, for convenience */
     569             : static WALInsertLockPadded *WALInsertLocks = NULL;
     570             : 
     571             : /*
     572             :  * We maintain an image of pg_control in shared memory.
     573             :  */
     574             : static ControlFileData *ControlFile = NULL;
     575             : 
     576             : /*
     577             :  * Calculate the amount of space left on the page after 'endptr'. Beware
     578             :  * multiple evaluation!
     579             :  */
     580             : #define INSERT_FREESPACE(endptr)    \
     581             :     (((endptr) % XLOG_BLCKSZ == 0) ? 0 : (XLOG_BLCKSZ - (endptr) % XLOG_BLCKSZ))
     582             : 
     583             : /* Macro to advance to next buffer index. */
     584             : #define NextBufIdx(idx)     \
     585             :         (((idx) == XLogCtl->XLogCacheBlck) ? 0 : ((idx) + 1))
     586             : 
     587             : /*
     588             :  * XLogRecPtrToBufIdx returns the index of the WAL buffer that holds, or
     589             :  * would hold if it was in cache, the page containing 'recptr'.
     590             :  */
     591             : #define XLogRecPtrToBufIdx(recptr)  \
     592             :     (((recptr) / XLOG_BLCKSZ) % (XLogCtl->XLogCacheBlck + 1))
     593             : 
     594             : /*
     595             :  * These are the number of bytes in a WAL page usable for WAL data.
     596             :  */
     597             : #define UsableBytesInPage (XLOG_BLCKSZ - SizeOfXLogShortPHD)
     598             : 
     599             : /*
     600             :  * Convert values of GUCs measured in megabytes to equiv. segment count.
     601             :  * Rounds down.
     602             :  */
     603             : #define ConvertToXSegs(x, segsize)  XLogMBVarToSegs((x), (segsize))
     604             : 
     605             : /* The number of bytes in a WAL segment usable for WAL data. */
     606             : static int  UsableBytesInSegment;
     607             : 
     608             : /*
     609             :  * Private, possibly out-of-date copy of shared LogwrtResult.
     610             :  * See discussion above.
     611             :  */
     612             : static XLogwrtResult LogwrtResult = {0, 0};
     613             : 
     614             : /*
     615             :  * Update local copy of shared XLogCtl->log{Write,Flush}Result
     616             :  *
     617             :  * It's critical that Flush always trails Write, so the order of the reads is
     618             :  * important, as is the barrier.  See also XLogWrite.
     619             :  */
     620             : #define RefreshXLogWriteResult(_target) \
     621             :     do { \
     622             :         _target.Flush = pg_atomic_read_u64(&XLogCtl->logFlushResult); \
     623             :         pg_read_barrier(); \
     624             :         _target.Write = pg_atomic_read_u64(&XLogCtl->logWriteResult); \
     625             :     } while (0)
     626             : 
     627             : /*
     628             :  * openLogFile is -1 or a kernel FD for an open log file segment.
     629             :  * openLogSegNo identifies the segment, and openLogTLI the corresponding TLI.
     630             :  * These variables are only used to write the XLOG, and so will normally refer
     631             :  * to the active segment.
     632             :  *
     633             :  * Note: call Reserve/ReleaseExternalFD to track consumption of this FD.
     634             :  */
     635             : static int  openLogFile = -1;
     636             : static XLogSegNo openLogSegNo = 0;
     637             : static TimeLineID openLogTLI = 0;
     638             : 
     639             : /*
     640             :  * Local copies of equivalent fields in the control file.  When running
     641             :  * crash recovery, LocalMinRecoveryPoint is set to InvalidXLogRecPtr as we
     642             :  * expect to replay all the WAL available, and updateMinRecoveryPoint is
     643             :  * switched to false to prevent any updates while replaying records.
     644             :  * Those values are kept consistent as long as crash recovery runs.
     645             :  */
     646             : static XLogRecPtr LocalMinRecoveryPoint;
     647             : static TimeLineID LocalMinRecoveryPointTLI;
     648             : static bool updateMinRecoveryPoint = true;
     649             : 
     650             : /* For WALInsertLockAcquire/Release functions */
     651             : static int  MyLockNo = 0;
     652             : static bool holdingAllLocks = false;
     653             : 
     654             : #ifdef WAL_DEBUG
     655             : static MemoryContext walDebugCxt = NULL;
     656             : #endif
     657             : 
     658             : static void CleanupAfterArchiveRecovery(TimeLineID EndOfLogTLI,
     659             :                                         XLogRecPtr EndOfLog,
     660             :                                         TimeLineID newTLI);
     661             : static void CheckRequiredParameterValues(void);
     662             : static void XLogReportParameters(void);
     663             : static int  LocalSetXLogInsertAllowed(void);
     664             : static void CreateEndOfRecoveryRecord(void);
     665             : static XLogRecPtr CreateOverwriteContrecordRecord(XLogRecPtr aborted_lsn,
     666             :                                                   XLogRecPtr pagePtr,
     667             :                                                   TimeLineID newTLI);
     668             : static void CheckPointGuts(XLogRecPtr checkPointRedo, int flags);
     669             : static void KeepLogSeg(XLogRecPtr recptr, XLogSegNo *logSegNo);
     670             : static XLogRecPtr XLogGetReplicationSlotMinimumLSN(void);
     671             : 
     672             : static void AdvanceXLInsertBuffer(XLogRecPtr upto, TimeLineID tli,
     673             :                                   bool opportunistic);
     674             : static void XLogWrite(XLogwrtRqst WriteRqst, TimeLineID tli, bool flexible);
     675             : static bool InstallXLogFileSegment(XLogSegNo *segno, char *tmppath,
     676             :                                    bool find_free, XLogSegNo max_segno,
     677             :                                    TimeLineID tli);
     678             : static void XLogFileClose(void);
     679             : static void PreallocXlogFiles(XLogRecPtr endptr, TimeLineID tli);
     680             : static void RemoveTempXlogFiles(void);
     681             : static void RemoveOldXlogFiles(XLogSegNo segno, XLogRecPtr lastredoptr,
     682             :                                XLogRecPtr endptr, TimeLineID insertTLI);
     683             : static void RemoveXlogFile(const struct dirent *segment_de,
     684             :                            XLogSegNo recycleSegNo, XLogSegNo *endlogSegNo,
     685             :                            TimeLineID insertTLI);
     686             : static void UpdateLastRemovedPtr(char *filename);
     687             : static void ValidateXLOGDirectoryStructure(void);
     688             : static void CleanupBackupHistory(void);
     689             : static void UpdateMinRecoveryPoint(XLogRecPtr lsn, bool force);
     690             : static bool PerformRecoveryXLogAction(void);
     691             : static void InitControlFile(uint64 sysidentifier, uint32 data_checksum_version);
     692             : static void WriteControlFile(void);
     693             : static void ReadControlFile(void);
     694             : static void UpdateControlFile(void);
     695             : static char *str_time(pg_time_t tnow);
     696             : 
     697             : static int  get_sync_bit(int method);
     698             : 
     699             : static void CopyXLogRecordToWAL(int write_len, bool isLogSwitch,
     700             :                                 XLogRecData *rdata,
     701             :                                 XLogRecPtr StartPos, XLogRecPtr EndPos,
     702             :                                 TimeLineID tli);
     703             : static void ReserveXLogInsertLocation(int size, XLogRecPtr *StartPos,
     704             :                                       XLogRecPtr *EndPos, XLogRecPtr *PrevPtr);
     705             : static bool ReserveXLogSwitch(XLogRecPtr *StartPos, XLogRecPtr *EndPos,
     706             :                               XLogRecPtr *PrevPtr);
     707             : static XLogRecPtr WaitXLogInsertionsToFinish(XLogRecPtr upto);
     708             : static char *GetXLogBuffer(XLogRecPtr ptr, TimeLineID tli);
     709             : static XLogRecPtr XLogBytePosToRecPtr(uint64 bytepos);
     710             : static XLogRecPtr XLogBytePosToEndRecPtr(uint64 bytepos);
     711             : static uint64 XLogRecPtrToBytePos(XLogRecPtr ptr);
     712             : 
     713             : static void WALInsertLockAcquire(void);
     714             : static void WALInsertLockAcquireExclusive(void);
     715             : static void WALInsertLockRelease(void);
     716             : static void WALInsertLockUpdateInsertingAt(XLogRecPtr insertingAt);
     717             : 
     718             : /*
     719             :  * Insert an XLOG record represented by an already-constructed chain of data
     720             :  * chunks.  This is a low-level routine; to construct the WAL record header
     721             :  * and data, use the higher-level routines in xloginsert.c.
     722             :  *
     723             :  * If 'fpw_lsn' is valid, it is the oldest LSN among the pages that this
     724             :  * WAL record applies to, that were not included in the record as full page
     725             :  * images.  If fpw_lsn <= RedoRecPtr, the function does not perform the
     726             :  * insertion and returns InvalidXLogRecPtr.  The caller can then recalculate
     727             :  * which pages need a full-page image, and retry.  If fpw_lsn is invalid, the
     728             :  * record is always inserted.
     729             :  *
     730             :  * 'flags' gives more in-depth control on the record being inserted. See
     731             :  * XLogSetRecordFlags() for details.
     732             :  *
     733             :  * 'topxid_included' tells whether the top-transaction id is logged along with
     734             :  * current subtransaction. See XLogRecordAssemble().
     735             :  *
     736             :  * The first XLogRecData in the chain must be for the record header, and its
     737             :  * data must be MAXALIGNed.  XLogInsertRecord fills in the xl_prev and
     738             :  * xl_crc fields in the header, the rest of the header must already be filled
     739             :  * by the caller.
     740             :  *
     741             :  * Returns XLOG pointer to end of record (beginning of next record).
     742             :  * This can be used as LSN for data pages affected by the logged action.
     743             :  * (LSN is the XLOG point up to which the XLOG must be flushed to disk
     744             :  * before the data page can be written out.  This implements the basic
     745             :  * WAL rule "write the log before the data".)
     746             :  */
     747             : XLogRecPtr
     748    28420966 : XLogInsertRecord(XLogRecData *rdata,
     749             :                  XLogRecPtr fpw_lsn,
     750             :                  uint8 flags,
     751             :                  int num_fpi,
     752             :                  bool topxid_included)
     753             : {
     754    28420966 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
     755             :     pg_crc32c   rdata_crc;
     756             :     bool        inserted;
     757    28420966 :     XLogRecord *rechdr = (XLogRecord *) rdata->data;
     758    28420966 :     uint8       info = rechdr->xl_info & ~XLR_INFO_MASK;
     759    28420966 :     WalInsertClass class = WALINSERT_NORMAL;
     760             :     XLogRecPtr  StartPos;
     761             :     XLogRecPtr  EndPos;
     762    28420966 :     bool        prevDoPageWrites = doPageWrites;
     763             :     TimeLineID  insertTLI;
     764             : 
     765             :     /* Does this record type require special handling? */
     766    28420966 :     if (unlikely(rechdr->xl_rmid == RM_XLOG_ID))
     767             :     {
     768      414396 :         if (info == XLOG_SWITCH)
     769         750 :             class = WALINSERT_SPECIAL_SWITCH;
     770      413646 :         else if (info == XLOG_CHECKPOINT_REDO)
     771        1100 :             class = WALINSERT_SPECIAL_CHECKPOINT;
     772             :     }
     773             : 
     774             :     /* we assume that all of the record header is in the first chunk */
     775             :     Assert(rdata->len >= SizeOfXLogRecord);
     776             : 
     777             :     /* cross-check on whether we should be here or not */
     778    28420966 :     if (!XLogInsertAllowed())
     779           0 :         elog(ERROR, "cannot make new WAL entries during recovery");
     780             : 
     781             :     /*
     782             :      * Given that we're not in recovery, InsertTimeLineID is set and can't
     783             :      * change, so we can read it without a lock.
     784             :      */
     785    28420966 :     insertTLI = XLogCtl->InsertTimeLineID;
     786             : 
     787             :     /*----------
     788             :      *
     789             :      * We have now done all the preparatory work we can without holding a
     790             :      * lock or modifying shared state. From here on, inserting the new WAL
     791             :      * record to the shared WAL buffer cache is a two-step process:
     792             :      *
     793             :      * 1. Reserve the right amount of space from the WAL. The current head of
     794             :      *    reserved space is kept in Insert->CurrBytePos, and is protected by
     795             :      *    insertpos_lck.
     796             :      *
     797             :      * 2. Copy the record to the reserved WAL space. This involves finding the
     798             :      *    correct WAL buffer containing the reserved space, and copying the
     799             :      *    record in place. This can be done concurrently in multiple processes.
     800             :      *
     801             :      * To keep track of which insertions are still in-progress, each concurrent
     802             :      * inserter acquires an insertion lock. In addition to just indicating that
     803             :      * an insertion is in progress, the lock tells others how far the inserter
     804             :      * has progressed. There is a small fixed number of insertion locks,
     805             :      * determined by NUM_XLOGINSERT_LOCKS. When an inserter crosses a page
     806             :      * boundary, it updates the value stored in the lock to the how far it has
     807             :      * inserted, to allow the previous buffer to be flushed.
     808             :      *
     809             :      * Holding onto an insertion lock also protects RedoRecPtr and
     810             :      * fullPageWrites from changing until the insertion is finished.
     811             :      *
     812             :      * Step 2 can usually be done completely in parallel. If the required WAL
     813             :      * page is not initialized yet, you have to grab WALBufMappingLock to
     814             :      * initialize it, but the WAL writer tries to do that ahead of insertions
     815             :      * to avoid that from happening in the critical path.
     816             :      *
     817             :      *----------
     818             :      */
     819    28420966 :     START_CRIT_SECTION();
     820             : 
     821    28420966 :     if (likely(class == WALINSERT_NORMAL))
     822             :     {
     823    28419116 :         WALInsertLockAcquire();
     824             : 
     825             :         /*
     826             :          * Check to see if my copy of RedoRecPtr is out of date. If so, may
     827             :          * have to go back and have the caller recompute everything. This can
     828             :          * only happen just after a checkpoint, so it's better to be slow in
     829             :          * this case and fast otherwise.
     830             :          *
     831             :          * Also check to see if fullPageWrites was just turned on or there's a
     832             :          * running backup (which forces full-page writes); if we weren't
     833             :          * already doing full-page writes then go back and recompute.
     834             :          *
     835             :          * If we aren't doing full-page writes then RedoRecPtr doesn't
     836             :          * actually affect the contents of the XLOG record, so we'll update
     837             :          * our local copy but not force a recomputation.  (If doPageWrites was
     838             :          * just turned off, we could recompute the record without full pages,
     839             :          * but we choose not to bother.)
     840             :          */
     841    28419116 :         if (RedoRecPtr != Insert->RedoRecPtr)
     842             :         {
     843             :             Assert(RedoRecPtr < Insert->RedoRecPtr);
     844       13114 :             RedoRecPtr = Insert->RedoRecPtr;
     845             :         }
     846    28419116 :         doPageWrites = (Insert->fullPageWrites || Insert->runningBackups > 0);
     847             : 
     848    28419116 :         if (doPageWrites &&
     849    27943068 :             (!prevDoPageWrites ||
     850    25661778 :              (fpw_lsn != InvalidXLogRecPtr && fpw_lsn <= RedoRecPtr)))
     851             :         {
     852             :             /*
     853             :              * Oops, some buffer now needs to be backed up that the caller
     854             :              * didn't back up.  Start over.
     855             :              */
     856       14480 :             WALInsertLockRelease();
     857       14480 :             END_CRIT_SECTION();
     858       14480 :             return InvalidXLogRecPtr;
     859             :         }
     860             : 
     861             :         /*
     862             :          * Reserve space for the record in the WAL. This also sets the xl_prev
     863             :          * pointer.
     864             :          */
     865    28404636 :         ReserveXLogInsertLocation(rechdr->xl_tot_len, &StartPos, &EndPos,
     866             :                                   &rechdr->xl_prev);
     867             : 
     868             :         /* Normal records are always inserted. */
     869    28404636 :         inserted = true;
     870             :     }
     871        1850 :     else if (class == WALINSERT_SPECIAL_SWITCH)
     872             :     {
     873             :         /*
     874             :          * In order to insert an XLOG_SWITCH record, we need to hold all of
     875             :          * the WAL insertion locks, not just one, so that no one else can
     876             :          * begin inserting a record until we've figured out how much space
     877             :          * remains in the current WAL segment and claimed all of it.
     878             :          *
     879             :          * Nonetheless, this case is simpler than the normal cases handled
     880             :          * below, which must check for changes in doPageWrites and RedoRecPtr.
     881             :          * Those checks are only needed for records that can contain buffer
     882             :          * references, and an XLOG_SWITCH record never does.
     883             :          */
     884             :         Assert(fpw_lsn == InvalidXLogRecPtr);
     885         750 :         WALInsertLockAcquireExclusive();
     886         750 :         inserted = ReserveXLogSwitch(&StartPos, &EndPos, &rechdr->xl_prev);
     887             :     }
     888             :     else
     889             :     {
     890             :         Assert(class == WALINSERT_SPECIAL_CHECKPOINT);
     891             : 
     892             :         /*
     893             :          * We need to update both the local and shared copies of RedoRecPtr,
     894             :          * which means that we need to hold all the WAL insertion locks.
     895             :          * However, there can't be any buffer references, so as above, we need
     896             :          * not check RedoRecPtr before inserting the record; we just need to
     897             :          * update it afterwards.
     898             :          */
     899             :         Assert(fpw_lsn == InvalidXLogRecPtr);
     900        1100 :         WALInsertLockAcquireExclusive();
     901        1100 :         ReserveXLogInsertLocation(rechdr->xl_tot_len, &StartPos, &EndPos,
     902             :                                   &rechdr->xl_prev);
     903        1100 :         RedoRecPtr = Insert->RedoRecPtr = StartPos;
     904        1100 :         inserted = true;
     905             :     }
     906             : 
     907    28406486 :     if (inserted)
     908             :     {
     909             :         /*
     910             :          * Now that xl_prev has been filled in, calculate CRC of the record
     911             :          * header.
     912             :          */
     913    28406370 :         rdata_crc = rechdr->xl_crc;
     914    28406370 :         COMP_CRC32C(rdata_crc, rechdr, offsetof(XLogRecord, xl_crc));
     915    28406370 :         FIN_CRC32C(rdata_crc);
     916    28406370 :         rechdr->xl_crc = rdata_crc;
     917             : 
     918             :         /*
     919             :          * All the record data, including the header, is now ready to be
     920             :          * inserted. Copy the record in the space reserved.
     921             :          */
     922    28406370 :         CopyXLogRecordToWAL(rechdr->xl_tot_len,
     923             :                             class == WALINSERT_SPECIAL_SWITCH, rdata,
     924             :                             StartPos, EndPos, insertTLI);
     925             : 
     926             :         /*
     927             :          * Unless record is flagged as not important, update LSN of last
     928             :          * important record in the current slot. When holding all locks, just
     929             :          * update the first one.
     930             :          */
     931    28406370 :         if ((flags & XLOG_MARK_UNIMPORTANT) == 0)
     932             :         {
     933    28232568 :             int         lockno = holdingAllLocks ? 0 : MyLockNo;
     934             : 
     935    28232568 :             WALInsertLocks[lockno].l.lastImportantAt = StartPos;
     936             :         }
     937             :     }
     938             :     else
     939             :     {
     940             :         /*
     941             :          * This was an xlog-switch record, but the current insert location was
     942             :          * already exactly at the beginning of a segment, so there was no need
     943             :          * to do anything.
     944             :          */
     945             :     }
     946             : 
     947             :     /*
     948             :      * Done! Let others know that we're finished.
     949             :      */
     950    28406486 :     WALInsertLockRelease();
     951             : 
     952    28406486 :     END_CRIT_SECTION();
     953             : 
     954    28406486 :     MarkCurrentTransactionIdLoggedIfAny();
     955             : 
     956             :     /*
     957             :      * Mark top transaction id is logged (if needed) so that we should not try
     958             :      * to log it again with the next WAL record in the current subtransaction.
     959             :      */
     960    28406486 :     if (topxid_included)
     961         438 :         MarkSubxactTopXidLogged();
     962             : 
     963             :     /*
     964             :      * Update shared LogwrtRqst.Write, if we crossed page boundary.
     965             :      */
     966    28406486 :     if (StartPos / XLOG_BLCKSZ != EndPos / XLOG_BLCKSZ)
     967             :     {
     968     3249980 :         SpinLockAcquire(&XLogCtl->info_lck);
     969             :         /* advance global request to include new block(s) */
     970     3249980 :         if (XLogCtl->LogwrtRqst.Write < EndPos)
     971     3092830 :             XLogCtl->LogwrtRqst.Write = EndPos;
     972     3249980 :         SpinLockRelease(&XLogCtl->info_lck);
     973     3249980 :         RefreshXLogWriteResult(LogwrtResult);
     974             :     }
     975             : 
     976             :     /*
     977             :      * If this was an XLOG_SWITCH record, flush the record and the empty
     978             :      * padding space that fills the rest of the segment, and perform
     979             :      * end-of-segment actions (eg, notifying archiver).
     980             :      */
     981    28406486 :     if (class == WALINSERT_SPECIAL_SWITCH)
     982             :     {
     983             :         TRACE_POSTGRESQL_WAL_SWITCH();
     984         750 :         XLogFlush(EndPos);
     985             : 
     986             :         /*
     987             :          * Even though we reserved the rest of the segment for us, which is
     988             :          * reflected in EndPos, we return a pointer to just the end of the
     989             :          * xlog-switch record.
     990             :          */
     991         750 :         if (inserted)
     992             :         {
     993         634 :             EndPos = StartPos + SizeOfXLogRecord;
     994         634 :             if (StartPos / XLOG_BLCKSZ != EndPos / XLOG_BLCKSZ)
     995             :             {
     996           0 :                 uint64      offset = XLogSegmentOffset(EndPos, wal_segment_size);
     997             : 
     998           0 :                 if (offset == EndPos % XLOG_BLCKSZ)
     999           0 :                     EndPos += SizeOfXLogLongPHD;
    1000             :                 else
    1001           0 :                     EndPos += SizeOfXLogShortPHD;
    1002             :             }
    1003             :         }
    1004             :     }
    1005             : 
    1006             : #ifdef WAL_DEBUG
    1007             :     if (XLOG_DEBUG)
    1008             :     {
    1009             :         static XLogReaderState *debug_reader = NULL;
    1010             :         XLogRecord *record;
    1011             :         DecodedXLogRecord *decoded;
    1012             :         StringInfoData buf;
    1013             :         StringInfoData recordBuf;
    1014             :         char       *errormsg = NULL;
    1015             :         MemoryContext oldCxt;
    1016             : 
    1017             :         oldCxt = MemoryContextSwitchTo(walDebugCxt);
    1018             : 
    1019             :         initStringInfo(&buf);
    1020             :         appendStringInfo(&buf, "INSERT @ %X/%X: ", LSN_FORMAT_ARGS(EndPos));
    1021             : 
    1022             :         /*
    1023             :          * We have to piece together the WAL record data from the XLogRecData
    1024             :          * entries, so that we can pass it to the rm_desc function as one
    1025             :          * contiguous chunk.
    1026             :          */
    1027             :         initStringInfo(&recordBuf);
    1028             :         for (; rdata != NULL; rdata = rdata->next)
    1029             :             appendBinaryStringInfo(&recordBuf, rdata->data, rdata->len);
    1030             : 
    1031             :         /* We also need temporary space to decode the record. */
    1032             :         record = (XLogRecord *) recordBuf.data;
    1033             :         decoded = (DecodedXLogRecord *)
    1034             :             palloc(DecodeXLogRecordRequiredSpace(record->xl_tot_len));
    1035             : 
    1036             :         if (!debug_reader)
    1037             :             debug_reader = XLogReaderAllocate(wal_segment_size, NULL,
    1038             :                                               XL_ROUTINE(.page_read = NULL,
    1039             :                                                          .segment_open = NULL,
    1040             :                                                          .segment_close = NULL),
    1041             :                                               NULL);
    1042             :         if (!debug_reader)
    1043             :         {
    1044             :             appendStringInfoString(&buf, "error decoding record: out of memory while allocating a WAL reading processor");
    1045             :         }
    1046             :         else if (!DecodeXLogRecord(debug_reader,
    1047             :                                    decoded,
    1048             :                                    record,
    1049             :                                    EndPos,
    1050             :                                    &errormsg))
    1051             :         {
    1052             :             appendStringInfo(&buf, "error decoding record: %s",
    1053             :                              errormsg ? errormsg : "no error message");
    1054             :         }
    1055             :         else
    1056             :         {
    1057             :             appendStringInfoString(&buf, " - ");
    1058             : 
    1059             :             debug_reader->record = decoded;
    1060             :             xlog_outdesc(&buf, debug_reader);
    1061             :             debug_reader->record = NULL;
    1062             :         }
    1063             :         elog(LOG, "%s", buf.data);
    1064             : 
    1065             :         pfree(decoded);
    1066             :         pfree(buf.data);
    1067             :         pfree(recordBuf.data);
    1068             :         MemoryContextSwitchTo(oldCxt);
    1069             :     }
    1070             : #endif
    1071             : 
    1072             :     /*
    1073             :      * Update our global variables
    1074             :      */
    1075    28406486 :     ProcLastRecPtr = StartPos;
    1076    28406486 :     XactLastRecEnd = EndPos;
    1077             : 
    1078             :     /* Report WAL traffic to the instrumentation. */
    1079    28406486 :     if (inserted)
    1080             :     {
    1081    28406370 :         pgWalUsage.wal_bytes += rechdr->xl_tot_len;
    1082    28406370 :         pgWalUsage.wal_records++;
    1083    28406370 :         pgWalUsage.wal_fpi += num_fpi;
    1084             :     }
    1085             : 
    1086    28406486 :     return EndPos;
    1087             : }
    1088             : 
    1089             : /*
    1090             :  * Reserves the right amount of space for a record of given size from the WAL.
    1091             :  * *StartPos is set to the beginning of the reserved section, *EndPos to
    1092             :  * its end+1. *PrevPtr is set to the beginning of the previous record; it is
    1093             :  * used to set the xl_prev of this record.
    1094             :  *
    1095             :  * This is the performance critical part of XLogInsert that must be serialized
    1096             :  * across backends. The rest can happen mostly in parallel. Try to keep this
    1097             :  * section as short as possible, insertpos_lck can be heavily contended on a
    1098             :  * busy system.
    1099             :  *
    1100             :  * NB: The space calculation here must match the code in CopyXLogRecordToWAL,
    1101             :  * where we actually copy the record to the reserved space.
    1102             :  *
    1103             :  * NB: Testing shows that XLogInsertRecord runs faster if this code is inlined;
    1104             :  * however, because there are two call sites, the compiler is reluctant to
    1105             :  * inline. We use pg_attribute_always_inline here to try to convince it.
    1106             :  */
    1107             : static pg_attribute_always_inline void
    1108    28405736 : ReserveXLogInsertLocation(int size, XLogRecPtr *StartPos, XLogRecPtr *EndPos,
    1109             :                           XLogRecPtr *PrevPtr)
    1110             : {
    1111    28405736 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    1112             :     uint64      startbytepos;
    1113             :     uint64      endbytepos;
    1114             :     uint64      prevbytepos;
    1115             : 
    1116    28405736 :     size = MAXALIGN(size);
    1117             : 
    1118             :     /* All (non xlog-switch) records should contain data. */
    1119             :     Assert(size > SizeOfXLogRecord);
    1120             : 
    1121             :     /*
    1122             :      * The duration the spinlock needs to be held is minimized by minimizing
    1123             :      * the calculations that have to be done while holding the lock. The
    1124             :      * current tip of reserved WAL is kept in CurrBytePos, as a byte position
    1125             :      * that only counts "usable" bytes in WAL, that is, it excludes all WAL
    1126             :      * page headers. The mapping between "usable" byte positions and physical
    1127             :      * positions (XLogRecPtrs) can be done outside the locked region, and
    1128             :      * because the usable byte position doesn't include any headers, reserving
    1129             :      * X bytes from WAL is almost as simple as "CurrBytePos += X".
    1130             :      */
    1131    28405736 :     SpinLockAcquire(&Insert->insertpos_lck);
    1132             : 
    1133    28405736 :     startbytepos = Insert->CurrBytePos;
    1134    28405736 :     endbytepos = startbytepos + size;
    1135    28405736 :     prevbytepos = Insert->PrevBytePos;
    1136    28405736 :     Insert->CurrBytePos = endbytepos;
    1137    28405736 :     Insert->PrevBytePos = startbytepos;
    1138             : 
    1139    28405736 :     SpinLockRelease(&Insert->insertpos_lck);
    1140             : 
    1141    28405736 :     *StartPos = XLogBytePosToRecPtr(startbytepos);
    1142    28405736 :     *EndPos = XLogBytePosToEndRecPtr(endbytepos);
    1143    28405736 :     *PrevPtr = XLogBytePosToRecPtr(prevbytepos);
    1144             : 
    1145             :     /*
    1146             :      * Check that the conversions between "usable byte positions" and
    1147             :      * XLogRecPtrs work consistently in both directions.
    1148             :      */
    1149             :     Assert(XLogRecPtrToBytePos(*StartPos) == startbytepos);
    1150             :     Assert(XLogRecPtrToBytePos(*EndPos) == endbytepos);
    1151             :     Assert(XLogRecPtrToBytePos(*PrevPtr) == prevbytepos);
    1152    28405736 : }
    1153             : 
    1154             : /*
    1155             :  * Like ReserveXLogInsertLocation(), but for an xlog-switch record.
    1156             :  *
    1157             :  * A log-switch record is handled slightly differently. The rest of the
    1158             :  * segment will be reserved for this insertion, as indicated by the returned
    1159             :  * *EndPos value. However, if we are already at the beginning of the current
    1160             :  * segment, *StartPos and *EndPos are set to the current location without
    1161             :  * reserving any space, and the function returns false.
    1162             : */
    1163             : static bool
    1164         750 : ReserveXLogSwitch(XLogRecPtr *StartPos, XLogRecPtr *EndPos, XLogRecPtr *PrevPtr)
    1165             : {
    1166         750 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    1167             :     uint64      startbytepos;
    1168             :     uint64      endbytepos;
    1169             :     uint64      prevbytepos;
    1170         750 :     uint32      size = MAXALIGN(SizeOfXLogRecord);
    1171             :     XLogRecPtr  ptr;
    1172             :     uint32      segleft;
    1173             : 
    1174             :     /*
    1175             :      * These calculations are a bit heavy-weight to be done while holding a
    1176             :      * spinlock, but since we're holding all the WAL insertion locks, there
    1177             :      * are no other inserters competing for it. GetXLogInsertRecPtr() does
    1178             :      * compete for it, but that's not called very frequently.
    1179             :      */
    1180         750 :     SpinLockAcquire(&Insert->insertpos_lck);
    1181             : 
    1182         750 :     startbytepos = Insert->CurrBytePos;
    1183             : 
    1184         750 :     ptr = XLogBytePosToEndRecPtr(startbytepos);
    1185         750 :     if (XLogSegmentOffset(ptr, wal_segment_size) == 0)
    1186             :     {
    1187         116 :         SpinLockRelease(&Insert->insertpos_lck);
    1188         116 :         *EndPos = *StartPos = ptr;
    1189         116 :         return false;
    1190             :     }
    1191             : 
    1192         634 :     endbytepos = startbytepos + size;
    1193         634 :     prevbytepos = Insert->PrevBytePos;
    1194             : 
    1195         634 :     *StartPos = XLogBytePosToRecPtr(startbytepos);
    1196         634 :     *EndPos = XLogBytePosToEndRecPtr(endbytepos);
    1197             : 
    1198         634 :     segleft = wal_segment_size - XLogSegmentOffset(*EndPos, wal_segment_size);
    1199         634 :     if (segleft != wal_segment_size)
    1200             :     {
    1201             :         /* consume the rest of the segment */
    1202         634 :         *EndPos += segleft;
    1203         634 :         endbytepos = XLogRecPtrToBytePos(*EndPos);
    1204             :     }
    1205         634 :     Insert->CurrBytePos = endbytepos;
    1206         634 :     Insert->PrevBytePos = startbytepos;
    1207             : 
    1208         634 :     SpinLockRelease(&Insert->insertpos_lck);
    1209             : 
    1210         634 :     *PrevPtr = XLogBytePosToRecPtr(prevbytepos);
    1211             : 
    1212             :     Assert(XLogSegmentOffset(*EndPos, wal_segment_size) == 0);
    1213             :     Assert(XLogRecPtrToBytePos(*EndPos) == endbytepos);
    1214             :     Assert(XLogRecPtrToBytePos(*StartPos) == startbytepos);
    1215             :     Assert(XLogRecPtrToBytePos(*PrevPtr) == prevbytepos);
    1216             : 
    1217         634 :     return true;
    1218             : }
    1219             : 
    1220             : /*
    1221             :  * Subroutine of XLogInsertRecord.  Copies a WAL record to an already-reserved
    1222             :  * area in the WAL.
    1223             :  */
    1224             : static void
    1225    28406370 : CopyXLogRecordToWAL(int write_len, bool isLogSwitch, XLogRecData *rdata,
    1226             :                     XLogRecPtr StartPos, XLogRecPtr EndPos, TimeLineID tli)
    1227             : {
    1228             :     char       *currpos;
    1229             :     int         freespace;
    1230             :     int         written;
    1231             :     XLogRecPtr  CurrPos;
    1232             :     XLogPageHeader pagehdr;
    1233             : 
    1234             :     /*
    1235             :      * Get a pointer to the right place in the right WAL buffer to start
    1236             :      * inserting to.
    1237             :      */
    1238    28406370 :     CurrPos = StartPos;
    1239    28406370 :     currpos = GetXLogBuffer(CurrPos, tli);
    1240    28406370 :     freespace = INSERT_FREESPACE(CurrPos);
    1241             : 
    1242             :     /*
    1243             :      * there should be enough space for at least the first field (xl_tot_len)
    1244             :      * on this page.
    1245             :      */
    1246             :     Assert(freespace >= sizeof(uint32));
    1247             : 
    1248             :     /* Copy record data */
    1249    28406370 :     written = 0;
    1250   134274386 :     while (rdata != NULL)
    1251             :     {
    1252   105868016 :         const char *rdata_data = rdata->data;
    1253   105868016 :         int         rdata_len = rdata->len;
    1254             : 
    1255   109332484 :         while (rdata_len > freespace)
    1256             :         {
    1257             :             /*
    1258             :              * Write what fits on this page, and continue on the next page.
    1259             :              */
    1260             :             Assert(CurrPos % XLOG_BLCKSZ >= SizeOfXLogShortPHD || freespace == 0);
    1261     3464468 :             memcpy(currpos, rdata_data, freespace);
    1262     3464468 :             rdata_data += freespace;
    1263     3464468 :             rdata_len -= freespace;
    1264     3464468 :             written += freespace;
    1265     3464468 :             CurrPos += freespace;
    1266             : 
    1267             :             /*
    1268             :              * Get pointer to beginning of next page, and set the xlp_rem_len
    1269             :              * in the page header. Set XLP_FIRST_IS_CONTRECORD.
    1270             :              *
    1271             :              * It's safe to set the contrecord flag and xlp_rem_len without a
    1272             :              * lock on the page. All the other flags were already set when the
    1273             :              * page was initialized, in AdvanceXLInsertBuffer, and we're the
    1274             :              * only backend that needs to set the contrecord flag.
    1275             :              */
    1276     3464468 :             currpos = GetXLogBuffer(CurrPos, tli);
    1277     3464468 :             pagehdr = (XLogPageHeader) currpos;
    1278     3464468 :             pagehdr->xlp_rem_len = write_len - written;
    1279     3464468 :             pagehdr->xlp_info |= XLP_FIRST_IS_CONTRECORD;
    1280             : 
    1281             :             /* skip over the page header */
    1282     3464468 :             if (XLogSegmentOffset(CurrPos, wal_segment_size) == 0)
    1283             :             {
    1284        2298 :                 CurrPos += SizeOfXLogLongPHD;
    1285        2298 :                 currpos += SizeOfXLogLongPHD;
    1286             :             }
    1287             :             else
    1288             :             {
    1289     3462170 :                 CurrPos += SizeOfXLogShortPHD;
    1290     3462170 :                 currpos += SizeOfXLogShortPHD;
    1291             :             }
    1292     3464468 :             freespace = INSERT_FREESPACE(CurrPos);
    1293             :         }
    1294             : 
    1295             :         Assert(CurrPos % XLOG_BLCKSZ >= SizeOfXLogShortPHD || rdata_len == 0);
    1296   105868016 :         memcpy(currpos, rdata_data, rdata_len);
    1297   105868016 :         currpos += rdata_len;
    1298   105868016 :         CurrPos += rdata_len;
    1299   105868016 :         freespace -= rdata_len;
    1300   105868016 :         written += rdata_len;
    1301             : 
    1302   105868016 :         rdata = rdata->next;
    1303             :     }
    1304             :     Assert(written == write_len);
    1305             : 
    1306             :     /*
    1307             :      * If this was an xlog-switch, it's not enough to write the switch record,
    1308             :      * we also have to consume all the remaining space in the WAL segment.  We
    1309             :      * have already reserved that space, but we need to actually fill it.
    1310             :      */
    1311    28406370 :     if (isLogSwitch && XLogSegmentOffset(CurrPos, wal_segment_size) != 0)
    1312             :     {
    1313             :         /* An xlog-switch record doesn't contain any data besides the header */
    1314             :         Assert(write_len == SizeOfXLogRecord);
    1315             : 
    1316             :         /* Assert that we did reserve the right amount of space */
    1317             :         Assert(XLogSegmentOffset(EndPos, wal_segment_size) == 0);
    1318             : 
    1319             :         /* Use up all the remaining space on the current page */
    1320         634 :         CurrPos += freespace;
    1321             : 
    1322             :         /*
    1323             :          * Cause all remaining pages in the segment to be flushed, leaving the
    1324             :          * XLog position where it should be, at the start of the next segment.
    1325             :          * We do this one page at a time, to make sure we don't deadlock
    1326             :          * against ourselves if wal_buffers < wal_segment_size.
    1327             :          */
    1328      971058 :         while (CurrPos < EndPos)
    1329             :         {
    1330             :             /*
    1331             :              * The minimal action to flush the page would be to call
    1332             :              * WALInsertLockUpdateInsertingAt(CurrPos) followed by
    1333             :              * AdvanceXLInsertBuffer(...).  The page would be left initialized
    1334             :              * mostly to zeros, except for the page header (always the short
    1335             :              * variant, as this is never a segment's first page).
    1336             :              *
    1337             :              * The large vistas of zeros are good for compressibility, but the
    1338             :              * headers interrupting them every XLOG_BLCKSZ (with values that
    1339             :              * differ from page to page) are not.  The effect varies with
    1340             :              * compression tool, but bzip2 for instance compresses about an
    1341             :              * order of magnitude worse if those headers are left in place.
    1342             :              *
    1343             :              * Rather than complicating AdvanceXLInsertBuffer itself (which is
    1344             :              * called in heavily-loaded circumstances as well as this lightly-
    1345             :              * loaded one) with variant behavior, we just use GetXLogBuffer
    1346             :              * (which itself calls the two methods we need) to get the pointer
    1347             :              * and zero most of the page.  Then we just zero the page header.
    1348             :              */
    1349      970424 :             currpos = GetXLogBuffer(CurrPos, tli);
    1350     3881696 :             MemSet(currpos, 0, SizeOfXLogShortPHD);
    1351             : 
    1352      970424 :             CurrPos += XLOG_BLCKSZ;
    1353             :         }
    1354             :     }
    1355             :     else
    1356             :     {
    1357             :         /* Align the end position, so that the next record starts aligned */
    1358    28405736 :         CurrPos = MAXALIGN64(CurrPos);
    1359             :     }
    1360             : 
    1361    28406370 :     if (CurrPos != EndPos)
    1362           0 :         ereport(PANIC,
    1363             :                 errcode(ERRCODE_DATA_CORRUPTED),
    1364             :                 errmsg_internal("space reserved for WAL record does not match what was written"));
    1365    28406370 : }
    1366             : 
    1367             : /*
    1368             :  * Acquire a WAL insertion lock, for inserting to WAL.
    1369             :  */
    1370             : static void
    1371    28419138 : WALInsertLockAcquire(void)
    1372             : {
    1373             :     bool        immed;
    1374             : 
    1375             :     /*
    1376             :      * It doesn't matter which of the WAL insertion locks we acquire, so try
    1377             :      * the one we used last time.  If the system isn't particularly busy, it's
    1378             :      * a good bet that it's still available, and it's good to have some
    1379             :      * affinity to a particular lock so that you don't unnecessarily bounce
    1380             :      * cache lines between processes when there's no contention.
    1381             :      *
    1382             :      * If this is the first time through in this backend, pick a lock
    1383             :      * (semi-)randomly.  This allows the locks to be used evenly if you have a
    1384             :      * lot of very short connections.
    1385             :      */
    1386             :     static int  lockToTry = -1;
    1387             : 
    1388    28419138 :     if (lockToTry == -1)
    1389       15112 :         lockToTry = MyProcNumber % NUM_XLOGINSERT_LOCKS;
    1390    28419138 :     MyLockNo = lockToTry;
    1391             : 
    1392             :     /*
    1393             :      * The insertingAt value is initially set to 0, as we don't know our
    1394             :      * insert location yet.
    1395             :      */
    1396    28419138 :     immed = LWLockAcquire(&WALInsertLocks[MyLockNo].l.lock, LW_EXCLUSIVE);
    1397    28419138 :     if (!immed)
    1398             :     {
    1399             :         /*
    1400             :          * If we couldn't get the lock immediately, try another lock next
    1401             :          * time.  On a system with more insertion locks than concurrent
    1402             :          * inserters, this causes all the inserters to eventually migrate to a
    1403             :          * lock that no-one else is using.  On a system with more inserters
    1404             :          * than locks, it still helps to distribute the inserters evenly
    1405             :          * across the locks.
    1406             :          */
    1407       55068 :         lockToTry = (lockToTry + 1) % NUM_XLOGINSERT_LOCKS;
    1408             :     }
    1409    28419138 : }
    1410             : 
    1411             : /*
    1412             :  * Acquire all WAL insertion locks, to prevent other backends from inserting
    1413             :  * to WAL.
    1414             :  */
    1415             : static void
    1416        6462 : WALInsertLockAcquireExclusive(void)
    1417             : {
    1418             :     int         i;
    1419             : 
    1420             :     /*
    1421             :      * When holding all the locks, all but the last lock's insertingAt
    1422             :      * indicator is set to 0xFFFFFFFFFFFFFFFF, which is higher than any real
    1423             :      * XLogRecPtr value, to make sure that no-one blocks waiting on those.
    1424             :      */
    1425       51696 :     for (i = 0; i < NUM_XLOGINSERT_LOCKS - 1; i++)
    1426             :     {
    1427       45234 :         LWLockAcquire(&WALInsertLocks[i].l.lock, LW_EXCLUSIVE);
    1428       45234 :         LWLockUpdateVar(&WALInsertLocks[i].l.lock,
    1429       45234 :                         &WALInsertLocks[i].l.insertingAt,
    1430             :                         PG_UINT64_MAX);
    1431             :     }
    1432             :     /* Variable value reset to 0 at release */
    1433        6462 :     LWLockAcquire(&WALInsertLocks[i].l.lock, LW_EXCLUSIVE);
    1434             : 
    1435        6462 :     holdingAllLocks = true;
    1436        6462 : }
    1437             : 
    1438             : /*
    1439             :  * Release our insertion lock (or locks, if we're holding them all).
    1440             :  *
    1441             :  * NB: Reset all variables to 0, so they cause LWLockWaitForVar to block the
    1442             :  * next time the lock is acquired.
    1443             :  */
    1444             : static void
    1445    28425600 : WALInsertLockRelease(void)
    1446             : {
    1447    28425600 :     if (holdingAllLocks)
    1448             :     {
    1449             :         int         i;
    1450             : 
    1451       58158 :         for (i = 0; i < NUM_XLOGINSERT_LOCKS; i++)
    1452       51696 :             LWLockReleaseClearVar(&WALInsertLocks[i].l.lock,
    1453       51696 :                                   &WALInsertLocks[i].l.insertingAt,
    1454             :                                   0);
    1455             : 
    1456        6462 :         holdingAllLocks = false;
    1457             :     }
    1458             :     else
    1459             :     {
    1460    28419138 :         LWLockReleaseClearVar(&WALInsertLocks[MyLockNo].l.lock,
    1461    28419138 :                               &WALInsertLocks[MyLockNo].l.insertingAt,
    1462             :                               0);
    1463             :     }
    1464    28425600 : }
    1465             : 
    1466             : /*
    1467             :  * Update our insertingAt value, to let others know that we've finished
    1468             :  * inserting up to that point.
    1469             :  */
    1470             : static void
    1471     4858652 : WALInsertLockUpdateInsertingAt(XLogRecPtr insertingAt)
    1472             : {
    1473     4858652 :     if (holdingAllLocks)
    1474             :     {
    1475             :         /*
    1476             :          * We use the last lock to mark our actual position, see comments in
    1477             :          * WALInsertLockAcquireExclusive.
    1478             :          */
    1479      967098 :         LWLockUpdateVar(&WALInsertLocks[NUM_XLOGINSERT_LOCKS - 1].l.lock,
    1480      967098 :                         &WALInsertLocks[NUM_XLOGINSERT_LOCKS - 1].l.insertingAt,
    1481             :                         insertingAt);
    1482             :     }
    1483             :     else
    1484     3891554 :         LWLockUpdateVar(&WALInsertLocks[MyLockNo].l.lock,
    1485     3891554 :                         &WALInsertLocks[MyLockNo].l.insertingAt,
    1486             :                         insertingAt);
    1487     4858652 : }
    1488             : 
    1489             : /*
    1490             :  * Wait for any WAL insertions < upto to finish.
    1491             :  *
    1492             :  * Returns the location of the oldest insertion that is still in-progress.
    1493             :  * Any WAL prior to that point has been fully copied into WAL buffers, and
    1494             :  * can be flushed out to disk. Because this waits for any insertions older
    1495             :  * than 'upto' to finish, the return value is always >= 'upto'.
    1496             :  *
    1497             :  * Note: When you are about to write out WAL, you must call this function
    1498             :  * *before* acquiring WALWriteLock, to avoid deadlocks. This function might
    1499             :  * need to wait for an insertion to finish (or at least advance to next
    1500             :  * uninitialized page), and the inserter might need to evict an old WAL buffer
    1501             :  * to make room for a new one, which in turn requires WALWriteLock.
    1502             :  */
    1503             : static XLogRecPtr
    1504     4478002 : WaitXLogInsertionsToFinish(XLogRecPtr upto)
    1505             : {
    1506             :     uint64      bytepos;
    1507             :     XLogRecPtr  inserted;
    1508             :     XLogRecPtr  reservedUpto;
    1509             :     XLogRecPtr  finishedUpto;
    1510     4478002 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    1511             :     int         i;
    1512             : 
    1513     4478002 :     if (MyProc == NULL)
    1514           0 :         elog(PANIC, "cannot wait without a PGPROC structure");
    1515             : 
    1516             :     /*
    1517             :      * Check if there's any work to do.  Use a barrier to ensure we get the
    1518             :      * freshest value.
    1519             :      */
    1520     4478002 :     inserted = pg_atomic_read_membarrier_u64(&XLogCtl->logInsertResult);
    1521     4478002 :     if (upto <= inserted)
    1522     3692670 :         return inserted;
    1523             : 
    1524             :     /* Read the current insert position */
    1525      785332 :     SpinLockAcquire(&Insert->insertpos_lck);
    1526      785332 :     bytepos = Insert->CurrBytePos;
    1527      785332 :     SpinLockRelease(&Insert->insertpos_lck);
    1528      785332 :     reservedUpto = XLogBytePosToEndRecPtr(bytepos);
    1529             : 
    1530             :     /*
    1531             :      * No-one should request to flush a piece of WAL that hasn't even been
    1532             :      * reserved yet. However, it can happen if there is a block with a bogus
    1533             :      * LSN on disk, for example. XLogFlush checks for that situation and
    1534             :      * complains, but only after the flush. Here we just assume that to mean
    1535             :      * that all WAL that has been reserved needs to be finished. In this
    1536             :      * corner-case, the return value can be smaller than 'upto' argument.
    1537             :      */
    1538      785332 :     if (upto > reservedUpto)
    1539             :     {
    1540           0 :         ereport(LOG,
    1541             :                 (errmsg("request to flush past end of generated WAL; request %X/%X, current position %X/%X",
    1542             :                         LSN_FORMAT_ARGS(upto), LSN_FORMAT_ARGS(reservedUpto))));
    1543           0 :         upto = reservedUpto;
    1544             :     }
    1545             : 
    1546             :     /*
    1547             :      * Loop through all the locks, sleeping on any in-progress insert older
    1548             :      * than 'upto'.
    1549             :      *
    1550             :      * finishedUpto is our return value, indicating the point upto which all
    1551             :      * the WAL insertions have been finished. Initialize it to the head of
    1552             :      * reserved WAL, and as we iterate through the insertion locks, back it
    1553             :      * out for any insertion that's still in progress.
    1554             :      */
    1555      785332 :     finishedUpto = reservedUpto;
    1556     7067988 :     for (i = 0; i < NUM_XLOGINSERT_LOCKS; i++)
    1557             :     {
    1558     6282656 :         XLogRecPtr  insertingat = InvalidXLogRecPtr;
    1559             : 
    1560             :         do
    1561             :         {
    1562             :             /*
    1563             :              * See if this insertion is in progress.  LWLockWaitForVar will
    1564             :              * wait for the lock to be released, or for the 'value' to be set
    1565             :              * by a LWLockUpdateVar call.  When a lock is initially acquired,
    1566             :              * its value is 0 (InvalidXLogRecPtr), which means that we don't
    1567             :              * know where it's inserting yet.  We will have to wait for it. If
    1568             :              * it's a small insertion, the record will most likely fit on the
    1569             :              * same page and the inserter will release the lock without ever
    1570             :              * calling LWLockUpdateVar.  But if it has to sleep, it will
    1571             :              * advertise the insertion point with LWLockUpdateVar before
    1572             :              * sleeping.
    1573             :              *
    1574             :              * In this loop we are only waiting for insertions that started
    1575             :              * before WaitXLogInsertionsToFinish was called.  The lack of
    1576             :              * memory barriers in the loop means that we might see locks as
    1577             :              * "unused" that have since become used.  This is fine because
    1578             :              * they only can be used for later insertions that we would not
    1579             :              * want to wait on anyway.  Not taking a lock to acquire the
    1580             :              * current insertingAt value means that we might see older
    1581             :              * insertingAt values.  This is also fine, because if we read a
    1582             :              * value too old, we will add ourselves to the wait queue, which
    1583             :              * contains atomic operations.
    1584             :              */
    1585     6373334 :             if (LWLockWaitForVar(&WALInsertLocks[i].l.lock,
    1586     6373334 :                                  &WALInsertLocks[i].l.insertingAt,
    1587             :                                  insertingat, &insertingat))
    1588             :             {
    1589             :                 /* the lock was free, so no insertion in progress */
    1590     4667578 :                 insertingat = InvalidXLogRecPtr;
    1591     4667578 :                 break;
    1592             :             }
    1593             : 
    1594             :             /*
    1595             :              * This insertion is still in progress. Have to wait, unless the
    1596             :              * inserter has proceeded past 'upto'.
    1597             :              */
    1598     1705756 :         } while (insertingat < upto);
    1599             : 
    1600     6282656 :         if (insertingat != InvalidXLogRecPtr && insertingat < finishedUpto)
    1601      659580 :             finishedUpto = insertingat;
    1602             :     }
    1603             : 
    1604             :     /*
    1605             :      * Advance the limit we know to have been inserted and return the freshest
    1606             :      * value we know of, which might be beyond what we requested if somebody
    1607             :      * is concurrently doing this with an 'upto' pointer ahead of us.
    1608             :      */
    1609      785332 :     finishedUpto = pg_atomic_monotonic_advance_u64(&XLogCtl->logInsertResult,
    1610             :                                                    finishedUpto);
    1611             : 
    1612      785332 :     return finishedUpto;
    1613             : }
    1614             : 
    1615             : /*
    1616             :  * Get a pointer to the right location in the WAL buffer containing the
    1617             :  * given XLogRecPtr.
    1618             :  *
    1619             :  * If the page is not initialized yet, it is initialized. That might require
    1620             :  * evicting an old dirty buffer from the buffer cache, which means I/O.
    1621             :  *
    1622             :  * The caller must ensure that the page containing the requested location
    1623             :  * isn't evicted yet, and won't be evicted. The way to ensure that is to
    1624             :  * hold onto a WAL insertion lock with the insertingAt position set to
    1625             :  * something <= ptr. GetXLogBuffer() will update insertingAt if it needs
    1626             :  * to evict an old page from the buffer. (This means that once you call
    1627             :  * GetXLogBuffer() with a given 'ptr', you must not access anything before
    1628             :  * that point anymore, and must not call GetXLogBuffer() with an older 'ptr'
    1629             :  * later, because older buffers might be recycled already)
    1630             :  */
    1631             : static char *
    1632    32841284 : GetXLogBuffer(XLogRecPtr ptr, TimeLineID tli)
    1633             : {
    1634             :     int         idx;
    1635             :     XLogRecPtr  endptr;
    1636             :     static uint64 cachedPage = 0;
    1637             :     static char *cachedPos = NULL;
    1638             :     XLogRecPtr  expectedEndPtr;
    1639             : 
    1640             :     /*
    1641             :      * Fast path for the common case that we need to access again the same
    1642             :      * page as last time.
    1643             :      */
    1644    32841284 :     if (ptr / XLOG_BLCKSZ == cachedPage)
    1645             :     {
    1646             :         Assert(((XLogPageHeader) cachedPos)->xlp_magic == XLOG_PAGE_MAGIC);
    1647             :         Assert(((XLogPageHeader) cachedPos)->xlp_pageaddr == ptr - (ptr % XLOG_BLCKSZ));
    1648    27015098 :         return cachedPos + ptr % XLOG_BLCKSZ;
    1649             :     }
    1650             : 
    1651             :     /*
    1652             :      * The XLog buffer cache is organized so that a page is always loaded to a
    1653             :      * particular buffer.  That way we can easily calculate the buffer a given
    1654             :      * page must be loaded into, from the XLogRecPtr alone.
    1655             :      */
    1656     5826186 :     idx = XLogRecPtrToBufIdx(ptr);
    1657             : 
    1658             :     /*
    1659             :      * See what page is loaded in the buffer at the moment. It could be the
    1660             :      * page we're looking for, or something older. It can't be anything newer
    1661             :      * - that would imply the page we're looking for has already been written
    1662             :      * out to disk and evicted, and the caller is responsible for making sure
    1663             :      * that doesn't happen.
    1664             :      *
    1665             :      * We don't hold a lock while we read the value. If someone is just about
    1666             :      * to initialize or has just initialized the page, it's possible that we
    1667             :      * get InvalidXLogRecPtr. That's ok, we'll grab the mapping lock (in
    1668             :      * AdvanceXLInsertBuffer) and retry if we see anything other than the page
    1669             :      * we're looking for.
    1670             :      */
    1671     5826186 :     expectedEndPtr = ptr;
    1672     5826186 :     expectedEndPtr += XLOG_BLCKSZ - ptr % XLOG_BLCKSZ;
    1673             : 
    1674     5826186 :     endptr = pg_atomic_read_u64(&XLogCtl->xlblocks[idx]);
    1675     5826186 :     if (expectedEndPtr != endptr)
    1676             :     {
    1677             :         XLogRecPtr  initializedUpto;
    1678             : 
    1679             :         /*
    1680             :          * Before calling AdvanceXLInsertBuffer(), which can block, let others
    1681             :          * know how far we're finished with inserting the record.
    1682             :          *
    1683             :          * NB: If 'ptr' points to just after the page header, advertise a
    1684             :          * position at the beginning of the page rather than 'ptr' itself. If
    1685             :          * there are no other insertions running, someone might try to flush
    1686             :          * up to our advertised location. If we advertised a position after
    1687             :          * the page header, someone might try to flush the page header, even
    1688             :          * though page might actually not be initialized yet. As the first
    1689             :          * inserter on the page, we are effectively responsible for making
    1690             :          * sure that it's initialized, before we let insertingAt to move past
    1691             :          * the page header.
    1692             :          */
    1693     4858652 :         if (ptr % XLOG_BLCKSZ == SizeOfXLogShortPHD &&
    1694       11330 :             XLogSegmentOffset(ptr, wal_segment_size) > XLOG_BLCKSZ)
    1695       11330 :             initializedUpto = ptr - SizeOfXLogShortPHD;
    1696     4847322 :         else if (ptr % XLOG_BLCKSZ == SizeOfXLogLongPHD &&
    1697        1810 :                  XLogSegmentOffset(ptr, wal_segment_size) < XLOG_BLCKSZ)
    1698         420 :             initializedUpto = ptr - SizeOfXLogLongPHD;
    1699             :         else
    1700     4846902 :             initializedUpto = ptr;
    1701             : 
    1702     4858652 :         WALInsertLockUpdateInsertingAt(initializedUpto);
    1703             : 
    1704     4858652 :         AdvanceXLInsertBuffer(ptr, tli, false);
    1705     4858652 :         endptr = pg_atomic_read_u64(&XLogCtl->xlblocks[idx]);
    1706             : 
    1707     4858652 :         if (expectedEndPtr != endptr)
    1708           0 :             elog(PANIC, "could not find WAL buffer for %X/%X",
    1709             :                  LSN_FORMAT_ARGS(ptr));
    1710             :     }
    1711             :     else
    1712             :     {
    1713             :         /*
    1714             :          * Make sure the initialization of the page is visible to us, and
    1715             :          * won't arrive later to overwrite the WAL data we write on the page.
    1716             :          */
    1717      967534 :         pg_memory_barrier();
    1718             :     }
    1719             : 
    1720             :     /*
    1721             :      * Found the buffer holding this page. Return a pointer to the right
    1722             :      * offset within the page.
    1723             :      */
    1724     5826186 :     cachedPage = ptr / XLOG_BLCKSZ;
    1725     5826186 :     cachedPos = XLogCtl->pages + idx * (Size) XLOG_BLCKSZ;
    1726             : 
    1727             :     Assert(((XLogPageHeader) cachedPos)->xlp_magic == XLOG_PAGE_MAGIC);
    1728             :     Assert(((XLogPageHeader) cachedPos)->xlp_pageaddr == ptr - (ptr % XLOG_BLCKSZ));
    1729             : 
    1730     5826186 :     return cachedPos + ptr % XLOG_BLCKSZ;
    1731             : }
    1732             : 
    1733             : /*
    1734             :  * Read WAL data directly from WAL buffers, if available. Returns the number
    1735             :  * of bytes read successfully.
    1736             :  *
    1737             :  * Fewer than 'count' bytes may be read if some of the requested WAL data has
    1738             :  * already been evicted.
    1739             :  *
    1740             :  * No locks are taken.
    1741             :  *
    1742             :  * Caller should ensure that it reads no further than LogwrtResult.Write
    1743             :  * (which should have been updated by the caller when determining how far to
    1744             :  * read). The 'tli' argument is only used as a convenient safety check so that
    1745             :  * callers do not read from WAL buffers on a historical timeline.
    1746             :  */
    1747             : Size
    1748      191314 : WALReadFromBuffers(char *dstbuf, XLogRecPtr startptr, Size count,
    1749             :                    TimeLineID tli)
    1750             : {
    1751      191314 :     char       *pdst = dstbuf;
    1752      191314 :     XLogRecPtr  recptr = startptr;
    1753             :     XLogRecPtr  inserted;
    1754      191314 :     Size        nbytes = count;
    1755             : 
    1756      191314 :     if (RecoveryInProgress() || tli != GetWALInsertionTimeLine())
    1757        1818 :         return 0;
    1758             : 
    1759             :     Assert(!XLogRecPtrIsInvalid(startptr));
    1760             : 
    1761             :     /*
    1762             :      * Caller should ensure that the requested data has been inserted into WAL
    1763             :      * buffers before we try to read it.
    1764             :      */
    1765      189496 :     inserted = pg_atomic_read_u64(&XLogCtl->logInsertResult);
    1766      189496 :     if (startptr + count > inserted)
    1767           0 :         ereport(ERROR,
    1768             :                 errmsg("cannot read past end of generated WAL: requested %X/%X, current position %X/%X",
    1769             :                        LSN_FORMAT_ARGS(startptr + count),
    1770             :                        LSN_FORMAT_ARGS(inserted)));
    1771             : 
    1772             :     /*
    1773             :      * Loop through the buffers without a lock. For each buffer, atomically
    1774             :      * read and verify the end pointer, then copy the data out, and finally
    1775             :      * re-read and re-verify the end pointer.
    1776             :      *
    1777             :      * Once a page is evicted, it never returns to the WAL buffers, so if the
    1778             :      * end pointer matches the expected end pointer before and after we copy
    1779             :      * the data, then the right page must have been present during the data
    1780             :      * copy. Read barriers are necessary to ensure that the data copy actually
    1781             :      * happens between the two verification steps.
    1782             :      *
    1783             :      * If either verification fails, we simply terminate the loop and return
    1784             :      * with the data that had been already copied out successfully.
    1785             :      */
    1786      207216 :     while (nbytes > 0)
    1787             :     {
    1788      202102 :         uint32      offset = recptr % XLOG_BLCKSZ;
    1789      202102 :         int         idx = XLogRecPtrToBufIdx(recptr);
    1790             :         XLogRecPtr  expectedEndPtr;
    1791             :         XLogRecPtr  endptr;
    1792             :         const char *page;
    1793             :         const char *psrc;
    1794             :         Size        npagebytes;
    1795             : 
    1796             :         /*
    1797             :          * Calculate the end pointer we expect in the xlblocks array if the
    1798             :          * correct page is present.
    1799             :          */
    1800      202102 :         expectedEndPtr = recptr + (XLOG_BLCKSZ - offset);
    1801             : 
    1802             :         /*
    1803             :          * First verification step: check that the correct page is present in
    1804             :          * the WAL buffers.
    1805             :          */
    1806      202102 :         endptr = pg_atomic_read_u64(&XLogCtl->xlblocks[idx]);
    1807      202102 :         if (expectedEndPtr != endptr)
    1808      184380 :             break;
    1809             : 
    1810             :         /*
    1811             :          * The correct page is present (or was at the time the endptr was
    1812             :          * read; must re-verify later). Calculate pointer to source data and
    1813             :          * determine how much data to read from this page.
    1814             :          */
    1815       17722 :         page = XLogCtl->pages + idx * (Size) XLOG_BLCKSZ;
    1816       17722 :         psrc = page + offset;
    1817       17722 :         npagebytes = Min(nbytes, XLOG_BLCKSZ - offset);
    1818             : 
    1819             :         /*
    1820             :          * Ensure that the data copy and the first verification step are not
    1821             :          * reordered.
    1822             :          */
    1823       17722 :         pg_read_barrier();
    1824             : 
    1825             :         /* data copy */
    1826       17722 :         memcpy(pdst, psrc, npagebytes);
    1827             : 
    1828             :         /*
    1829             :          * Ensure that the data copy and the second verification step are not
    1830             :          * reordered.
    1831             :          */
    1832       17722 :         pg_read_barrier();
    1833             : 
    1834             :         /*
    1835             :          * Second verification step: check that the page we read from wasn't
    1836             :          * evicted while we were copying the data.
    1837             :          */
    1838       17722 :         endptr = pg_atomic_read_u64(&XLogCtl->xlblocks[idx]);
    1839       17722 :         if (expectedEndPtr != endptr)
    1840           2 :             break;
    1841             : 
    1842       17720 :         pdst += npagebytes;
    1843       17720 :         recptr += npagebytes;
    1844       17720 :         nbytes -= npagebytes;
    1845             :     }
    1846             : 
    1847             :     Assert(pdst - dstbuf <= count);
    1848             : 
    1849      189496 :     return pdst - dstbuf;
    1850             : }
    1851             : 
    1852             : /*
    1853             :  * Converts a "usable byte position" to XLogRecPtr. A usable byte position
    1854             :  * is the position starting from the beginning of WAL, excluding all WAL
    1855             :  * page headers.
    1856             :  */
    1857             : static XLogRecPtr
    1858    56817856 : XLogBytePosToRecPtr(uint64 bytepos)
    1859             : {
    1860             :     uint64      fullsegs;
    1861             :     uint64      fullpages;
    1862             :     uint64      bytesleft;
    1863             :     uint32      seg_offset;
    1864             :     XLogRecPtr  result;
    1865             : 
    1866    56817856 :     fullsegs = bytepos / UsableBytesInSegment;
    1867    56817856 :     bytesleft = bytepos % UsableBytesInSegment;
    1868             : 
    1869    56817856 :     if (bytesleft < XLOG_BLCKSZ - SizeOfXLogLongPHD)
    1870             :     {
    1871             :         /* fits on first page of segment */
    1872       93612 :         seg_offset = bytesleft + SizeOfXLogLongPHD;
    1873             :     }
    1874             :     else
    1875             :     {
    1876             :         /* account for the first page on segment with long header */
    1877    56724244 :         seg_offset = XLOG_BLCKSZ;
    1878    56724244 :         bytesleft -= XLOG_BLCKSZ - SizeOfXLogLongPHD;
    1879             : 
    1880    56724244 :         fullpages = bytesleft / UsableBytesInPage;
    1881    56724244 :         bytesleft = bytesleft % UsableBytesInPage;
    1882             : 
    1883    56724244 :         seg_offset += fullpages * XLOG_BLCKSZ + bytesleft + SizeOfXLogShortPHD;
    1884             :     }
    1885             : 
    1886    56817856 :     XLogSegNoOffsetToRecPtr(fullsegs, seg_offset, wal_segment_size, result);
    1887             : 
    1888    56817856 :     return result;
    1889             : }
    1890             : 
    1891             : /*
    1892             :  * Like XLogBytePosToRecPtr, but if the position is at a page boundary,
    1893             :  * returns a pointer to the beginning of the page (ie. before page header),
    1894             :  * not to where the first xlog record on that page would go to. This is used
    1895             :  * when converting a pointer to the end of a record.
    1896             :  */
    1897             : static XLogRecPtr
    1898    29192452 : XLogBytePosToEndRecPtr(uint64 bytepos)
    1899             : {
    1900             :     uint64      fullsegs;
    1901             :     uint64      fullpages;
    1902             :     uint64      bytesleft;
    1903             :     uint32      seg_offset;
    1904             :     XLogRecPtr  result;
    1905             : 
    1906    29192452 :     fullsegs = bytepos / UsableBytesInSegment;
    1907    29192452 :     bytesleft = bytepos % UsableBytesInSegment;
    1908             : 
    1909    29192452 :     if (bytesleft < XLOG_BLCKSZ - SizeOfXLogLongPHD)
    1910             :     {
    1911             :         /* fits on first page of segment */
    1912      145254 :         if (bytesleft == 0)
    1913       97244 :             seg_offset = 0;
    1914             :         else
    1915       48010 :             seg_offset = bytesleft + SizeOfXLogLongPHD;
    1916             :     }
    1917             :     else
    1918             :     {
    1919             :         /* account for the first page on segment with long header */
    1920    29047198 :         seg_offset = XLOG_BLCKSZ;
    1921    29047198 :         bytesleft -= XLOG_BLCKSZ - SizeOfXLogLongPHD;
    1922             : 
    1923    29047198 :         fullpages = bytesleft / UsableBytesInPage;
    1924    29047198 :         bytesleft = bytesleft % UsableBytesInPage;
    1925             : 
    1926    29047198 :         if (bytesleft == 0)
    1927       28216 :             seg_offset += fullpages * XLOG_BLCKSZ + bytesleft;
    1928             :         else
    1929    29018982 :             seg_offset += fullpages * XLOG_BLCKSZ + bytesleft + SizeOfXLogShortPHD;
    1930             :     }
    1931             : 
    1932    29192452 :     XLogSegNoOffsetToRecPtr(fullsegs, seg_offset, wal_segment_size, result);
    1933             : 
    1934    29192452 :     return result;
    1935             : }
    1936             : 
    1937             : /*
    1938             :  * Convert an XLogRecPtr to a "usable byte position".
    1939             :  */
    1940             : static uint64
    1941        3930 : XLogRecPtrToBytePos(XLogRecPtr ptr)
    1942             : {
    1943             :     uint64      fullsegs;
    1944             :     uint32      fullpages;
    1945             :     uint32      offset;
    1946             :     uint64      result;
    1947             : 
    1948        3930 :     XLByteToSeg(ptr, fullsegs, wal_segment_size);
    1949             : 
    1950        3930 :     fullpages = (XLogSegmentOffset(ptr, wal_segment_size)) / XLOG_BLCKSZ;
    1951        3930 :     offset = ptr % XLOG_BLCKSZ;
    1952             : 
    1953        3930 :     if (fullpages == 0)
    1954             :     {
    1955        1140 :         result = fullsegs * UsableBytesInSegment;
    1956        1140 :         if (offset > 0)
    1957             :         {
    1958             :             Assert(offset >= SizeOfXLogLongPHD);
    1959         464 :             result += offset - SizeOfXLogLongPHD;
    1960             :         }
    1961             :     }
    1962             :     else
    1963             :     {
    1964        2790 :         result = fullsegs * UsableBytesInSegment +
    1965        2790 :             (XLOG_BLCKSZ - SizeOfXLogLongPHD) + /* account for first page */
    1966        2790 :             (fullpages - 1) * UsableBytesInPage;    /* full pages */
    1967        2790 :         if (offset > 0)
    1968             :         {
    1969             :             Assert(offset >= SizeOfXLogShortPHD);
    1970        2768 :             result += offset - SizeOfXLogShortPHD;
    1971             :         }
    1972             :     }
    1973             : 
    1974        3930 :     return result;
    1975             : }
    1976             : 
    1977             : /*
    1978             :  * Initialize XLOG buffers, writing out old buffers if they still contain
    1979             :  * unwritten data, upto the page containing 'upto'. Or if 'opportunistic' is
    1980             :  * true, initialize as many pages as we can without having to write out
    1981             :  * unwritten data. Any new pages are initialized to zeros, with pages headers
    1982             :  * initialized properly.
    1983             :  */
    1984             : static void
    1985     4866030 : AdvanceXLInsertBuffer(XLogRecPtr upto, TimeLineID tli, bool opportunistic)
    1986             : {
    1987     4866030 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    1988             :     int         nextidx;
    1989             :     XLogRecPtr  OldPageRqstPtr;
    1990             :     XLogwrtRqst WriteRqst;
    1991     4866030 :     XLogRecPtr  NewPageEndPtr = InvalidXLogRecPtr;
    1992             :     XLogRecPtr  NewPageBeginPtr;
    1993             :     XLogPageHeader NewPage;
    1994     4866030 :     int         npages pg_attribute_unused() = 0;
    1995             : 
    1996     4866030 :     LWLockAcquire(WALBufMappingLock, LW_EXCLUSIVE);
    1997             : 
    1998             :     /*
    1999             :      * Now that we have the lock, check if someone initialized the page
    2000             :      * already.
    2001             :      */
    2002    13624076 :     while (upto >= XLogCtl->InitializedUpTo || opportunistic)
    2003             :     {
    2004     8765424 :         nextidx = XLogRecPtrToBufIdx(XLogCtl->InitializedUpTo);
    2005             : 
    2006             :         /*
    2007             :          * Get ending-offset of the buffer page we need to replace (this may
    2008             :          * be zero if the buffer hasn't been used yet).  Fall through if it's
    2009             :          * already written out.
    2010             :          */
    2011     8765424 :         OldPageRqstPtr = pg_atomic_read_u64(&XLogCtl->xlblocks[nextidx]);
    2012     8765424 :         if (LogwrtResult.Write < OldPageRqstPtr)
    2013             :         {
    2014             :             /*
    2015             :              * Nope, got work to do. If we just want to pre-initialize as much
    2016             :              * as we can without flushing, give up now.
    2017             :              */
    2018     4384190 :             if (opportunistic)
    2019        7378 :                 break;
    2020             : 
    2021             :             /* Advance shared memory write request position */
    2022     4376812 :             SpinLockAcquire(&XLogCtl->info_lck);
    2023     4376812 :             if (XLogCtl->LogwrtRqst.Write < OldPageRqstPtr)
    2024      918732 :                 XLogCtl->LogwrtRqst.Write = OldPageRqstPtr;
    2025     4376812 :             SpinLockRelease(&XLogCtl->info_lck);
    2026             : 
    2027             :             /*
    2028             :              * Acquire an up-to-date LogwrtResult value and see if we still
    2029             :              * need to write it or if someone else already did.
    2030             :              */
    2031     4376812 :             RefreshXLogWriteResult(LogwrtResult);
    2032     4376812 :             if (LogwrtResult.Write < OldPageRqstPtr)
    2033             :             {
    2034             :                 /*
    2035             :                  * Must acquire write lock. Release WALBufMappingLock first,
    2036             :                  * to make sure that all insertions that we need to wait for
    2037             :                  * can finish (up to this same position). Otherwise we risk
    2038             :                  * deadlock.
    2039             :                  */
    2040     4219204 :                 LWLockRelease(WALBufMappingLock);
    2041             : 
    2042     4219204 :                 WaitXLogInsertionsToFinish(OldPageRqstPtr);
    2043             : 
    2044     4219204 :                 LWLockAcquire(WALWriteLock, LW_EXCLUSIVE);
    2045             : 
    2046     4219204 :                 RefreshXLogWriteResult(LogwrtResult);
    2047     4219204 :                 if (LogwrtResult.Write >= OldPageRqstPtr)
    2048             :                 {
    2049             :                     /* OK, someone wrote it already */
    2050      649192 :                     LWLockRelease(WALWriteLock);
    2051             :                 }
    2052             :                 else
    2053             :                 {
    2054             :                     /* Have to write it ourselves */
    2055             :                     TRACE_POSTGRESQL_WAL_BUFFER_WRITE_DIRTY_START();
    2056     3570012 :                     WriteRqst.Write = OldPageRqstPtr;
    2057     3570012 :                     WriteRqst.Flush = 0;
    2058     3570012 :                     XLogWrite(WriteRqst, tli, false);
    2059     3570012 :                     LWLockRelease(WALWriteLock);
    2060     3570012 :                     pgWalUsage.wal_buffers_full++;
    2061             :                     TRACE_POSTGRESQL_WAL_BUFFER_WRITE_DIRTY_DONE();
    2062             :                 }
    2063             :                 /* Re-acquire WALBufMappingLock and retry */
    2064     4219204 :                 LWLockAcquire(WALBufMappingLock, LW_EXCLUSIVE);
    2065     4219204 :                 continue;
    2066             :             }
    2067             :         }
    2068             : 
    2069             :         /*
    2070             :          * Now the next buffer slot is free and we can set it up to be the
    2071             :          * next output page.
    2072             :          */
    2073     4538842 :         NewPageBeginPtr = XLogCtl->InitializedUpTo;
    2074     4538842 :         NewPageEndPtr = NewPageBeginPtr + XLOG_BLCKSZ;
    2075             : 
    2076             :         Assert(XLogRecPtrToBufIdx(NewPageBeginPtr) == nextidx);
    2077             : 
    2078     4538842 :         NewPage = (XLogPageHeader) (XLogCtl->pages + nextidx * (Size) XLOG_BLCKSZ);
    2079             : 
    2080             :         /*
    2081             :          * Mark the xlblock with InvalidXLogRecPtr and issue a write barrier
    2082             :          * before initializing. Otherwise, the old page may be partially
    2083             :          * zeroed but look valid.
    2084             :          */
    2085     4538842 :         pg_atomic_write_u64(&XLogCtl->xlblocks[nextidx], InvalidXLogRecPtr);
    2086     4538842 :         pg_write_barrier();
    2087             : 
    2088             :         /*
    2089             :          * Be sure to re-zero the buffer so that bytes beyond what we've
    2090             :          * written will look like zeroes and not valid XLOG records...
    2091             :          */
    2092     4538842 :         MemSet(NewPage, 0, XLOG_BLCKSZ);
    2093             : 
    2094             :         /*
    2095             :          * Fill the new page's header
    2096             :          */
    2097     4538842 :         NewPage->xlp_magic = XLOG_PAGE_MAGIC;
    2098             : 
    2099             :         /* NewPage->xlp_info = 0; */ /* done by memset */
    2100     4538842 :         NewPage->xlp_tli = tli;
    2101     4538842 :         NewPage->xlp_pageaddr = NewPageBeginPtr;
    2102             : 
    2103             :         /* NewPage->xlp_rem_len = 0; */  /* done by memset */
    2104             : 
    2105             :         /*
    2106             :          * If online backup is not in progress, mark the header to indicate
    2107             :          * that WAL records beginning in this page have removable backup
    2108             :          * blocks.  This allows the WAL archiver to know whether it is safe to
    2109             :          * compress archived WAL data by transforming full-block records into
    2110             :          * the non-full-block format.  It is sufficient to record this at the
    2111             :          * page level because we force a page switch (in fact a segment
    2112             :          * switch) when starting a backup, so the flag will be off before any
    2113             :          * records can be written during the backup.  At the end of a backup,
    2114             :          * the last page will be marked as all unsafe when perhaps only part
    2115             :          * is unsafe, but at worst the archiver would miss the opportunity to
    2116             :          * compress a few records.
    2117             :          */
    2118     4538842 :         if (Insert->runningBackups == 0)
    2119     4285426 :             NewPage->xlp_info |= XLP_BKP_REMOVABLE;
    2120             : 
    2121             :         /*
    2122             :          * If first page of an XLOG segment file, make it a long header.
    2123             :          */
    2124     4538842 :         if ((XLogSegmentOffset(NewPage->xlp_pageaddr, wal_segment_size)) == 0)
    2125             :         {
    2126        2746 :             XLogLongPageHeader NewLongPage = (XLogLongPageHeader) NewPage;
    2127             : 
    2128        2746 :             NewLongPage->xlp_sysid = ControlFile->system_identifier;
    2129        2746 :             NewLongPage->xlp_seg_size = wal_segment_size;
    2130        2746 :             NewLongPage->xlp_xlog_blcksz = XLOG_BLCKSZ;
    2131        2746 :             NewPage->xlp_info |= XLP_LONG_HEADER;
    2132             :         }
    2133             : 
    2134             :         /*
    2135             :          * Make sure the initialization of the page becomes visible to others
    2136             :          * before the xlblocks update. GetXLogBuffer() reads xlblocks without
    2137             :          * holding a lock.
    2138             :          */
    2139     4538842 :         pg_write_barrier();
    2140             : 
    2141     4538842 :         pg_atomic_write_u64(&XLogCtl->xlblocks[nextidx], NewPageEndPtr);
    2142     4538842 :         XLogCtl->InitializedUpTo = NewPageEndPtr;
    2143             : 
    2144     4538842 :         npages++;
    2145             :     }
    2146     4866030 :     LWLockRelease(WALBufMappingLock);
    2147             : 
    2148             : #ifdef WAL_DEBUG
    2149             :     if (XLOG_DEBUG && npages > 0)
    2150             :     {
    2151             :         elog(DEBUG1, "initialized %d pages, up to %X/%X",
    2152             :              npages, LSN_FORMAT_ARGS(NewPageEndPtr));
    2153             :     }
    2154             : #endif
    2155     4866030 : }
    2156             : 
    2157             : /*
    2158             :  * Calculate CheckPointSegments based on max_wal_size_mb and
    2159             :  * checkpoint_completion_target.
    2160             :  */
    2161             : static void
    2162       14248 : CalculateCheckpointSegments(void)
    2163             : {
    2164             :     double      target;
    2165             : 
    2166             :     /*-------
    2167             :      * Calculate the distance at which to trigger a checkpoint, to avoid
    2168             :      * exceeding max_wal_size_mb. This is based on two assumptions:
    2169             :      *
    2170             :      * a) we keep WAL for only one checkpoint cycle (prior to PG11 we kept
    2171             :      *    WAL for two checkpoint cycles to allow us to recover from the
    2172             :      *    secondary checkpoint if the first checkpoint failed, though we
    2173             :      *    only did this on the primary anyway, not on standby. Keeping just
    2174             :      *    one checkpoint simplifies processing and reduces disk space in
    2175             :      *    many smaller databases.)
    2176             :      * b) during checkpoint, we consume checkpoint_completion_target *
    2177             :      *    number of segments consumed between checkpoints.
    2178             :      *-------
    2179             :      */
    2180       14248 :     target = (double) ConvertToXSegs(max_wal_size_mb, wal_segment_size) /
    2181       14248 :         (1.0 + CheckPointCompletionTarget);
    2182             : 
    2183             :     /* round down */
    2184       14248 :     CheckPointSegments = (int) target;
    2185             : 
    2186       14248 :     if (CheckPointSegments < 1)
    2187          18 :         CheckPointSegments = 1;
    2188       14248 : }
    2189             : 
    2190             : void
    2191       10282 : assign_max_wal_size(int newval, void *extra)
    2192             : {
    2193       10282 :     max_wal_size_mb = newval;
    2194       10282 :     CalculateCheckpointSegments();
    2195       10282 : }
    2196             : 
    2197             : void
    2198        2098 : assign_checkpoint_completion_target(double newval, void *extra)
    2199             : {
    2200        2098 :     CheckPointCompletionTarget = newval;
    2201        2098 :     CalculateCheckpointSegments();
    2202        2098 : }
    2203             : 
    2204             : bool
    2205        4058 : check_wal_segment_size(int *newval, void **extra, GucSource source)
    2206             : {
    2207        4058 :     if (!IsValidWalSegSize(*newval))
    2208             :     {
    2209           0 :         GUC_check_errdetail("The WAL segment size must be a power of two between 1 MB and 1 GB.");
    2210           0 :         return false;
    2211             :     }
    2212             : 
    2213        4058 :     return true;
    2214             : }
    2215             : 
    2216             : /*
    2217             :  * GUC check_hook for max_slot_wal_keep_size
    2218             :  *
    2219             :  * We don't allow the value of max_slot_wal_keep_size other than -1 during the
    2220             :  * binary upgrade. See start_postmaster() in pg_upgrade for more details.
    2221             :  */
    2222             : bool
    2223        2350 : check_max_slot_wal_keep_size(int *newval, void **extra, GucSource source)
    2224             : {
    2225        2350 :     if (IsBinaryUpgrade && *newval != -1)
    2226             :     {
    2227           0 :         GUC_check_errdetail("\"%s\" must be set to -1 during binary upgrade mode.",
    2228             :                             "max_slot_wal_keep_size");
    2229           0 :         return false;
    2230             :     }
    2231             : 
    2232        2350 :     return true;
    2233             : }
    2234             : 
    2235             : /*
    2236             :  * At a checkpoint, how many WAL segments to recycle as preallocated future
    2237             :  * XLOG segments? Returns the highest segment that should be preallocated.
    2238             :  */
    2239             : static XLogSegNo
    2240        2606 : XLOGfileslop(XLogRecPtr lastredoptr)
    2241             : {
    2242             :     XLogSegNo   minSegNo;
    2243             :     XLogSegNo   maxSegNo;
    2244             :     double      distance;
    2245             :     XLogSegNo   recycleSegNo;
    2246             : 
    2247             :     /*
    2248             :      * Calculate the segment numbers that min_wal_size_mb and max_wal_size_mb
    2249             :      * correspond to. Always recycle enough segments to meet the minimum, and
    2250             :      * remove enough segments to stay below the maximum.
    2251             :      */
    2252        2606 :     minSegNo = lastredoptr / wal_segment_size +
    2253        2606 :         ConvertToXSegs(min_wal_size_mb, wal_segment_size) - 1;
    2254        2606 :     maxSegNo = lastredoptr / wal_segment_size +
    2255        2606 :         ConvertToXSegs(max_wal_size_mb, wal_segment_size) - 1;
    2256             : 
    2257             :     /*
    2258             :      * Between those limits, recycle enough segments to get us through to the
    2259             :      * estimated end of next checkpoint.
    2260             :      *
    2261             :      * To estimate where the next checkpoint will finish, assume that the
    2262             :      * system runs steadily consuming CheckPointDistanceEstimate bytes between
    2263             :      * every checkpoint.
    2264             :      */
    2265        2606 :     distance = (1.0 + CheckPointCompletionTarget) * CheckPointDistanceEstimate;
    2266             :     /* add 10% for good measure. */
    2267        2606 :     distance *= 1.10;
    2268             : 
    2269        2606 :     recycleSegNo = (XLogSegNo) ceil(((double) lastredoptr + distance) /
    2270             :                                     wal_segment_size);
    2271             : 
    2272        2606 :     if (recycleSegNo < minSegNo)
    2273        1640 :         recycleSegNo = minSegNo;
    2274        2606 :     if (recycleSegNo > maxSegNo)
    2275         760 :         recycleSegNo = maxSegNo;
    2276             : 
    2277        2606 :     return recycleSegNo;
    2278             : }
    2279             : 
    2280             : /*
    2281             :  * Check whether we've consumed enough xlog space that a checkpoint is needed.
    2282             :  *
    2283             :  * new_segno indicates a log file that has just been filled up (or read
    2284             :  * during recovery). We measure the distance from RedoRecPtr to new_segno
    2285             :  * and see if that exceeds CheckPointSegments.
    2286             :  *
    2287             :  * Note: it is caller's responsibility that RedoRecPtr is up-to-date.
    2288             :  */
    2289             : bool
    2290        8150 : XLogCheckpointNeeded(XLogSegNo new_segno)
    2291             : {
    2292             :     XLogSegNo   old_segno;
    2293             : 
    2294        8150 :     XLByteToSeg(RedoRecPtr, old_segno, wal_segment_size);
    2295             : 
    2296        8150 :     if (new_segno >= old_segno + (uint64) (CheckPointSegments - 1))
    2297        5422 :         return true;
    2298        2728 :     return false;
    2299             : }
    2300             : 
    2301             : /*
    2302             :  * Write and/or fsync the log at least as far as WriteRqst indicates.
    2303             :  *
    2304             :  * If flexible == true, we don't have to write as far as WriteRqst, but
    2305             :  * may stop at any convenient boundary (such as a cache or logfile boundary).
    2306             :  * This option allows us to avoid uselessly issuing multiple writes when a
    2307             :  * single one would do.
    2308             :  *
    2309             :  * Must be called with WALWriteLock held. WaitXLogInsertionsToFinish(WriteRqst)
    2310             :  * must be called before grabbing the lock, to make sure the data is ready to
    2311             :  * write.
    2312             :  */
    2313             : static void
    2314     3815952 : XLogWrite(XLogwrtRqst WriteRqst, TimeLineID tli, bool flexible)
    2315             : {
    2316             :     bool        ispartialpage;
    2317             :     bool        last_iteration;
    2318             :     bool        finishing_seg;
    2319             :     int         curridx;
    2320             :     int         npages;
    2321             :     int         startidx;
    2322             :     uint32      startoffset;
    2323             : 
    2324             :     /* We should always be inside a critical section here */
    2325             :     Assert(CritSectionCount > 0);
    2326             : 
    2327             :     /*
    2328             :      * Update local LogwrtResult (caller probably did this already, but...)
    2329             :      */
    2330     3815952 :     RefreshXLogWriteResult(LogwrtResult);
    2331             : 
    2332             :     /*
    2333             :      * Since successive pages in the xlog cache are consecutively allocated,
    2334             :      * we can usually gather multiple pages together and issue just one
    2335             :      * write() call.  npages is the number of pages we have determined can be
    2336             :      * written together; startidx is the cache block index of the first one,
    2337             :      * and startoffset is the file offset at which it should go. The latter
    2338             :      * two variables are only valid when npages > 0, but we must initialize
    2339             :      * all of them to keep the compiler quiet.
    2340             :      */
    2341     3815952 :     npages = 0;
    2342     3815952 :     startidx = 0;
    2343     3815952 :     startoffset = 0;
    2344             : 
    2345             :     /*
    2346             :      * Within the loop, curridx is the cache block index of the page to
    2347             :      * consider writing.  Begin at the buffer containing the next unwritten
    2348             :      * page, or last partially written page.
    2349             :      */
    2350     3815952 :     curridx = XLogRecPtrToBufIdx(LogwrtResult.Write);
    2351             : 
    2352     8252892 :     while (LogwrtResult.Write < WriteRqst.Write)
    2353             :     {
    2354             :         /*
    2355             :          * Make sure we're not ahead of the insert process.  This could happen
    2356             :          * if we're passed a bogus WriteRqst.Write that is past the end of the
    2357             :          * last page that's been initialized by AdvanceXLInsertBuffer.
    2358             :          */
    2359     4676634 :         XLogRecPtr  EndPtr = pg_atomic_read_u64(&XLogCtl->xlblocks[curridx]);
    2360             : 
    2361     4676634 :         if (LogwrtResult.Write >= EndPtr)
    2362           0 :             elog(PANIC, "xlog write request %X/%X is past end of log %X/%X",
    2363             :                  LSN_FORMAT_ARGS(LogwrtResult.Write),
    2364             :                  LSN_FORMAT_ARGS(EndPtr));
    2365             : 
    2366             :         /* Advance LogwrtResult.Write to end of current buffer page */
    2367     4676634 :         LogwrtResult.Write = EndPtr;
    2368     4676634 :         ispartialpage = WriteRqst.Write < LogwrtResult.Write;
    2369             : 
    2370     4676634 :         if (!XLByteInPrevSeg(LogwrtResult.Write, openLogSegNo,
    2371             :                              wal_segment_size))
    2372             :         {
    2373             :             /*
    2374             :              * Switch to new logfile segment.  We cannot have any pending
    2375             :              * pages here (since we dump what we have at segment end).
    2376             :              */
    2377             :             Assert(npages == 0);
    2378       23092 :             if (openLogFile >= 0)
    2379        9434 :                 XLogFileClose();
    2380       23092 :             XLByteToPrevSeg(LogwrtResult.Write, openLogSegNo,
    2381             :                             wal_segment_size);
    2382       23092 :             openLogTLI = tli;
    2383             : 
    2384             :             /* create/use new log file */
    2385       23092 :             openLogFile = XLogFileInit(openLogSegNo, tli);
    2386       23092 :             ReserveExternalFD();
    2387             :         }
    2388             : 
    2389             :         /* Make sure we have the current logfile open */
    2390     4676634 :         if (openLogFile < 0)
    2391             :         {
    2392           0 :             XLByteToPrevSeg(LogwrtResult.Write, openLogSegNo,
    2393             :                             wal_segment_size);
    2394           0 :             openLogTLI = tli;
    2395           0 :             openLogFile = XLogFileOpen(openLogSegNo, tli);
    2396           0 :             ReserveExternalFD();
    2397             :         }
    2398             : 
    2399             :         /* Add current page to the set of pending pages-to-dump */
    2400     4676634 :         if (npages == 0)
    2401             :         {
    2402             :             /* first of group */
    2403     3845986 :             startidx = curridx;
    2404     3845986 :             startoffset = XLogSegmentOffset(LogwrtResult.Write - XLOG_BLCKSZ,
    2405             :                                             wal_segment_size);
    2406             :         }
    2407     4676634 :         npages++;
    2408             : 
    2409             :         /*
    2410             :          * Dump the set if this will be the last loop iteration, or if we are
    2411             :          * at the last page of the cache area (since the next page won't be
    2412             :          * contiguous in memory), or if we are at the end of the logfile
    2413             :          * segment.
    2414             :          */
    2415     4676634 :         last_iteration = WriteRqst.Write <= LogwrtResult.Write;
    2416             : 
    2417     9119694 :         finishing_seg = !ispartialpage &&
    2418     4443060 :             (startoffset + npages * XLOG_BLCKSZ) >= wal_segment_size;
    2419             : 
    2420     4676634 :         if (last_iteration ||
    2421      861822 :             curridx == XLogCtl->XLogCacheBlck ||
    2422             :             finishing_seg)
    2423             :         {
    2424             :             char       *from;
    2425             :             Size        nbytes;
    2426             :             Size        nleft;
    2427             :             ssize_t     written;
    2428             :             instr_time  start;
    2429             : 
    2430             :             /* OK to write the page(s) */
    2431     3845986 :             from = XLogCtl->pages + startidx * (Size) XLOG_BLCKSZ;
    2432     3845986 :             nbytes = npages * (Size) XLOG_BLCKSZ;
    2433     3845986 :             nleft = nbytes;
    2434             :             do
    2435             :             {
    2436     3845986 :                 errno = 0;
    2437             : 
    2438             :                 /*
    2439             :                  * Measure I/O timing to write WAL data, for pg_stat_io.
    2440             :                  */
    2441     3845986 :                 start = pgstat_prepare_io_time(track_wal_io_timing);
    2442             : 
    2443     3845986 :                 pgstat_report_wait_start(WAIT_EVENT_WAL_WRITE);
    2444     3845986 :                 written = pg_pwrite(openLogFile, from, nleft, startoffset);
    2445     3845986 :                 pgstat_report_wait_end();
    2446             : 
    2447     3845986 :                 pgstat_count_io_op_time(IOOBJECT_WAL, IOCONTEXT_NORMAL,
    2448             :                                         IOOP_WRITE, start, 1, written);
    2449             : 
    2450     3845986 :                 if (written <= 0)
    2451             :                 {
    2452             :                     char        xlogfname[MAXFNAMELEN];
    2453             :                     int         save_errno;
    2454             : 
    2455           0 :                     if (errno == EINTR)
    2456           0 :                         continue;
    2457             : 
    2458           0 :                     save_errno = errno;
    2459           0 :                     XLogFileName(xlogfname, tli, openLogSegNo,
    2460             :                                  wal_segment_size);
    2461           0 :                     errno = save_errno;
    2462           0 :                     ereport(PANIC,
    2463             :                             (errcode_for_file_access(),
    2464             :                              errmsg("could not write to log file \"%s\" at offset %u, length %zu: %m",
    2465             :                                     xlogfname, startoffset, nleft)));
    2466             :                 }
    2467     3845986 :                 nleft -= written;
    2468     3845986 :                 from += written;
    2469     3845986 :                 startoffset += written;
    2470     3845986 :             } while (nleft > 0);
    2471             : 
    2472     3845986 :             npages = 0;
    2473             : 
    2474             :             /*
    2475             :              * If we just wrote the whole last page of a logfile segment,
    2476             :              * fsync the segment immediately.  This avoids having to go back
    2477             :              * and re-open prior segments when an fsync request comes along
    2478             :              * later. Doing it here ensures that one and only one backend will
    2479             :              * perform this fsync.
    2480             :              *
    2481             :              * This is also the right place to notify the Archiver that the
    2482             :              * segment is ready to copy to archival storage, and to update the
    2483             :              * timer for archive_timeout, and to signal for a checkpoint if
    2484             :              * too many logfile segments have been used since the last
    2485             :              * checkpoint.
    2486             :              */
    2487     3845986 :             if (finishing_seg)
    2488             :             {
    2489        2962 :                 issue_xlog_fsync(openLogFile, openLogSegNo, tli);
    2490             : 
    2491             :                 /* signal that we need to wakeup walsenders later */
    2492        2962 :                 WalSndWakeupRequest();
    2493             : 
    2494        2962 :                 LogwrtResult.Flush = LogwrtResult.Write;    /* end of page */
    2495             : 
    2496        2962 :                 if (XLogArchivingActive())
    2497         168 :                     XLogArchiveNotifySeg(openLogSegNo, tli);
    2498             : 
    2499        2962 :                 XLogCtl->lastSegSwitchTime = (pg_time_t) time(NULL);
    2500        2962 :                 XLogCtl->lastSegSwitchLSN = LogwrtResult.Flush;
    2501             : 
    2502             :                 /*
    2503             :                  * Request a checkpoint if we've consumed too much xlog since
    2504             :                  * the last one.  For speed, we first check using the local
    2505             :                  * copy of RedoRecPtr, which might be out of date; if it looks
    2506             :                  * like a checkpoint is needed, forcibly update RedoRecPtr and
    2507             :                  * recheck.
    2508             :                  */
    2509        2962 :                 if (IsUnderPostmaster && XLogCheckpointNeeded(openLogSegNo))
    2510             :                 {
    2511         458 :                     (void) GetRedoRecPtr();
    2512         458 :                     if (XLogCheckpointNeeded(openLogSegNo))
    2513         382 :                         RequestCheckpoint(CHECKPOINT_CAUSE_XLOG);
    2514             :                 }
    2515             :             }
    2516             :         }
    2517             : 
    2518     4676634 :         if (ispartialpage)
    2519             :         {
    2520             :             /* Only asked to write a partial page */
    2521      233574 :             LogwrtResult.Write = WriteRqst.Write;
    2522      233574 :             break;
    2523             :         }
    2524     4443060 :         curridx = NextBufIdx(curridx);
    2525             : 
    2526             :         /* If flexible, break out of loop as soon as we wrote something */
    2527     4443060 :         if (flexible && npages == 0)
    2528        6120 :             break;
    2529             :     }
    2530             : 
    2531             :     Assert(npages == 0);
    2532             : 
    2533             :     /*
    2534             :      * If asked to flush, do so
    2535             :      */
    2536     3815952 :     if (LogwrtResult.Flush < WriteRqst.Flush &&
    2537      245272 :         LogwrtResult.Flush < LogwrtResult.Write)
    2538             :     {
    2539             :         /*
    2540             :          * Could get here without iterating above loop, in which case we might
    2541             :          * have no open file or the wrong one.  However, we do not need to
    2542             :          * fsync more than one file.
    2543             :          */
    2544      245176 :         if (wal_sync_method != WAL_SYNC_METHOD_OPEN &&
    2545      245176 :             wal_sync_method != WAL_SYNC_METHOD_OPEN_DSYNC)
    2546             :         {
    2547      245176 :             if (openLogFile >= 0 &&
    2548      245158 :                 !XLByteInPrevSeg(LogwrtResult.Write, openLogSegNo,
    2549             :                                  wal_segment_size))
    2550          40 :                 XLogFileClose();
    2551      245176 :             if (openLogFile < 0)
    2552             :             {
    2553          58 :                 XLByteToPrevSeg(LogwrtResult.Write, openLogSegNo,
    2554             :                                 wal_segment_size);
    2555          58 :                 openLogTLI = tli;
    2556          58 :                 openLogFile = XLogFileOpen(openLogSegNo, tli);
    2557          58 :                 ReserveExternalFD();
    2558             :             }
    2559             : 
    2560      245176 :             issue_xlog_fsync(openLogFile, openLogSegNo, tli);
    2561             :         }
    2562             : 
    2563             :         /* signal that we need to wakeup walsenders later */
    2564      245176 :         WalSndWakeupRequest();
    2565             : 
    2566      245176 :         LogwrtResult.Flush = LogwrtResult.Write;
    2567             :     }
    2568             : 
    2569             :     /*
    2570             :      * Update shared-memory status
    2571             :      *
    2572             :      * We make sure that the shared 'request' values do not fall behind the
    2573             :      * 'result' values.  This is not absolutely essential, but it saves some
    2574             :      * code in a couple of places.
    2575             :      */
    2576     3815952 :     SpinLockAcquire(&XLogCtl->info_lck);
    2577     3815952 :     if (XLogCtl->LogwrtRqst.Write < LogwrtResult.Write)
    2578      218110 :         XLogCtl->LogwrtRqst.Write = LogwrtResult.Write;
    2579     3815952 :     if (XLogCtl->LogwrtRqst.Flush < LogwrtResult.Flush)
    2580      247352 :         XLogCtl->LogwrtRqst.Flush = LogwrtResult.Flush;
    2581     3815952 :     SpinLockRelease(&XLogCtl->info_lck);
    2582             : 
    2583             :     /*
    2584             :      * We write Write first, bar, then Flush.  When reading, the opposite must
    2585             :      * be done (with a matching barrier in between), so that we always see a
    2586             :      * Flush value that trails behind the Write value seen.
    2587             :      */
    2588     3815952 :     pg_atomic_write_u64(&XLogCtl->logWriteResult, LogwrtResult.Write);
    2589     3815952 :     pg_write_barrier();
    2590     3815952 :     pg_atomic_write_u64(&XLogCtl->logFlushResult, LogwrtResult.Flush);
    2591             : 
    2592             : #ifdef USE_ASSERT_CHECKING
    2593             :     {
    2594             :         XLogRecPtr  Flush;
    2595             :         XLogRecPtr  Write;
    2596             :         XLogRecPtr  Insert;
    2597             : 
    2598             :         Flush = pg_atomic_read_u64(&XLogCtl->logFlushResult);
    2599             :         pg_read_barrier();
    2600             :         Write = pg_atomic_read_u64(&XLogCtl->logWriteResult);
    2601             :         pg_read_barrier();
    2602             :         Insert = pg_atomic_read_u64(&XLogCtl->logInsertResult);
    2603             : 
    2604             :         /* WAL written to disk is always ahead of WAL flushed */
    2605             :         Assert(Write >= Flush);
    2606             : 
    2607             :         /* WAL inserted to buffers is always ahead of WAL written */
    2608             :         Assert(Insert >= Write);
    2609             :     }
    2610             : #endif
    2611     3815952 : }
    2612             : 
    2613             : /*
    2614             :  * Record the LSN for an asynchronous transaction commit/abort
    2615             :  * and nudge the WALWriter if there is work for it to do.
    2616             :  * (This should not be called for synchronous commits.)
    2617             :  */
    2618             : void
    2619       92100 : XLogSetAsyncXactLSN(XLogRecPtr asyncXactLSN)
    2620             : {
    2621       92100 :     XLogRecPtr  WriteRqstPtr = asyncXactLSN;
    2622             :     bool        sleeping;
    2623       92100 :     bool        wakeup = false;
    2624             :     XLogRecPtr  prevAsyncXactLSN;
    2625             : 
    2626       92100 :     SpinLockAcquire(&XLogCtl->info_lck);
    2627       92100 :     sleeping = XLogCtl->WalWriterSleeping;
    2628       92100 :     prevAsyncXactLSN = XLogCtl->asyncXactLSN;
    2629       92100 :     if (XLogCtl->asyncXactLSN < asyncXactLSN)
    2630       91246 :         XLogCtl->asyncXactLSN = asyncXactLSN;
    2631       92100 :     SpinLockRelease(&XLogCtl->info_lck);
    2632             : 
    2633             :     /*
    2634             :      * If somebody else already called this function with a more aggressive
    2635             :      * LSN, they will have done what we needed (and perhaps more).
    2636             :      */
    2637       92100 :     if (asyncXactLSN <= prevAsyncXactLSN)
    2638         854 :         return;
    2639             : 
    2640             :     /*
    2641             :      * If the WALWriter is sleeping, kick it to make it come out of low-power
    2642             :      * mode, so that this async commit will reach disk within the expected
    2643             :      * amount of time.  Otherwise, determine whether it has enough WAL
    2644             :      * available to flush, the same way that XLogBackgroundFlush() does.
    2645             :      */
    2646       91246 :     if (sleeping)
    2647          34 :         wakeup = true;
    2648             :     else
    2649             :     {
    2650             :         int         flushblocks;
    2651             : 
    2652       91212 :         RefreshXLogWriteResult(LogwrtResult);
    2653             : 
    2654       91212 :         flushblocks =
    2655       91212 :             WriteRqstPtr / XLOG_BLCKSZ - LogwrtResult.Flush / XLOG_BLCKSZ;
    2656             : 
    2657       91212 :         if (WalWriterFlushAfter == 0 || flushblocks >= WalWriterFlushAfter)
    2658        6858 :             wakeup = true;
    2659             :     }
    2660             : 
    2661       91246 :     if (wakeup)
    2662             :     {
    2663        6892 :         volatile PROC_HDR *procglobal = ProcGlobal;
    2664        6892 :         ProcNumber  walwriterProc = procglobal->walwriterProc;
    2665             : 
    2666        6892 :         if (walwriterProc != INVALID_PROC_NUMBER)
    2667         432 :             SetLatch(&GetPGProcByNumber(walwriterProc)->procLatch);
    2668             :     }
    2669             : }
    2670             : 
    2671             : /*
    2672             :  * Record the LSN up to which we can remove WAL because it's not required by
    2673             :  * any replication slot.
    2674             :  */
    2675             : void
    2676       23772 : XLogSetReplicationSlotMinimumLSN(XLogRecPtr lsn)
    2677             : {
    2678       23772 :     SpinLockAcquire(&XLogCtl->info_lck);
    2679       23772 :     XLogCtl->replicationSlotMinLSN = lsn;
    2680       23772 :     SpinLockRelease(&XLogCtl->info_lck);
    2681       23772 : }
    2682             : 
    2683             : 
    2684             : /*
    2685             :  * Return the oldest LSN we must retain to satisfy the needs of some
    2686             :  * replication slot.
    2687             :  */
    2688             : static XLogRecPtr
    2689        3448 : XLogGetReplicationSlotMinimumLSN(void)
    2690             : {
    2691             :     XLogRecPtr  retval;
    2692             : 
    2693        3448 :     SpinLockAcquire(&XLogCtl->info_lck);
    2694        3448 :     retval = XLogCtl->replicationSlotMinLSN;
    2695        3448 :     SpinLockRelease(&XLogCtl->info_lck);
    2696             : 
    2697        3448 :     return retval;
    2698             : }
    2699             : 
    2700             : /*
    2701             :  * Advance minRecoveryPoint in control file.
    2702             :  *
    2703             :  * If we crash during recovery, we must reach this point again before the
    2704             :  * database is consistent.
    2705             :  *
    2706             :  * If 'force' is true, 'lsn' argument is ignored. Otherwise, minRecoveryPoint
    2707             :  * is only updated if it's not already greater than or equal to 'lsn'.
    2708             :  */
    2709             : static void
    2710      191150 : UpdateMinRecoveryPoint(XLogRecPtr lsn, bool force)
    2711             : {
    2712             :     /* Quick check using our local copy of the variable */
    2713      191150 :     if (!updateMinRecoveryPoint || (!force && lsn <= LocalMinRecoveryPoint))
    2714      179158 :         return;
    2715             : 
    2716             :     /*
    2717             :      * An invalid minRecoveryPoint means that we need to recover all the WAL,
    2718             :      * i.e., we're doing crash recovery.  We never modify the control file's
    2719             :      * value in that case, so we can short-circuit future checks here too. The
    2720             :      * local values of minRecoveryPoint and minRecoveryPointTLI should not be
    2721             :      * updated until crash recovery finishes.  We only do this for the startup
    2722             :      * process as it should not update its own reference of minRecoveryPoint
    2723             :      * until it has finished crash recovery to make sure that all WAL
    2724             :      * available is replayed in this case.  This also saves from extra locks
    2725             :      * taken on the control file from the startup process.
    2726             :      */
    2727       11992 :     if (XLogRecPtrIsInvalid(LocalMinRecoveryPoint) && InRecovery)
    2728             :     {
    2729          62 :         updateMinRecoveryPoint = false;
    2730          62 :         return;
    2731             :     }
    2732             : 
    2733       11930 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    2734             : 
    2735             :     /* update local copy */
    2736       11930 :     LocalMinRecoveryPoint = ControlFile->minRecoveryPoint;
    2737       11930 :     LocalMinRecoveryPointTLI = ControlFile->minRecoveryPointTLI;
    2738             : 
    2739       11930 :     if (XLogRecPtrIsInvalid(LocalMinRecoveryPoint))
    2740           2 :         updateMinRecoveryPoint = false;
    2741       11928 :     else if (force || LocalMinRecoveryPoint < lsn)
    2742             :     {
    2743             :         XLogRecPtr  newMinRecoveryPoint;
    2744             :         TimeLineID  newMinRecoveryPointTLI;
    2745             : 
    2746             :         /*
    2747             :          * To avoid having to update the control file too often, we update it
    2748             :          * all the way to the last record being replayed, even though 'lsn'
    2749             :          * would suffice for correctness.  This also allows the 'force' case
    2750             :          * to not need a valid 'lsn' value.
    2751             :          *
    2752             :          * Another important reason for doing it this way is that the passed
    2753             :          * 'lsn' value could be bogus, i.e., past the end of available WAL, if
    2754             :          * the caller got it from a corrupted heap page.  Accepting such a
    2755             :          * value as the min recovery point would prevent us from coming up at
    2756             :          * all.  Instead, we just log a warning and continue with recovery.
    2757             :          * (See also the comments about corrupt LSNs in XLogFlush.)
    2758             :          */
    2759        9742 :         newMinRecoveryPoint = GetCurrentReplayRecPtr(&newMinRecoveryPointTLI);
    2760        9742 :         if (!force && newMinRecoveryPoint < lsn)
    2761           0 :             elog(WARNING,
    2762             :                  "xlog min recovery request %X/%X is past current point %X/%X",
    2763             :                  LSN_FORMAT_ARGS(lsn), LSN_FORMAT_ARGS(newMinRecoveryPoint));
    2764             : 
    2765             :         /* update control file */
    2766        9742 :         if (ControlFile->minRecoveryPoint < newMinRecoveryPoint)
    2767             :         {
    2768        9682 :             ControlFile->minRecoveryPoint = newMinRecoveryPoint;
    2769        9682 :             ControlFile->minRecoveryPointTLI = newMinRecoveryPointTLI;
    2770        9682 :             UpdateControlFile();
    2771        9682 :             LocalMinRecoveryPoint = newMinRecoveryPoint;
    2772        9682 :             LocalMinRecoveryPointTLI = newMinRecoveryPointTLI;
    2773             : 
    2774        9682 :             ereport(DEBUG2,
    2775             :                     (errmsg_internal("updated min recovery point to %X/%X on timeline %u",
    2776             :                                      LSN_FORMAT_ARGS(newMinRecoveryPoint),
    2777             :                                      newMinRecoveryPointTLI)));
    2778             :         }
    2779             :     }
    2780       11930 :     LWLockRelease(ControlFileLock);
    2781             : }
    2782             : 
    2783             : /*
    2784             :  * Ensure that all XLOG data through the given position is flushed to disk.
    2785             :  *
    2786             :  * NOTE: this differs from XLogWrite mainly in that the WALWriteLock is not
    2787             :  * already held, and we try to avoid acquiring it if possible.
    2788             :  */
    2789             : void
    2790     1252846 : XLogFlush(XLogRecPtr record)
    2791             : {
    2792             :     XLogRecPtr  WriteRqstPtr;
    2793             :     XLogwrtRqst WriteRqst;
    2794     1252846 :     TimeLineID  insertTLI = XLogCtl->InsertTimeLineID;
    2795             : 
    2796             :     /*
    2797             :      * During REDO, we are reading not writing WAL.  Therefore, instead of
    2798             :      * trying to flush the WAL, we should update minRecoveryPoint instead. We
    2799             :      * test XLogInsertAllowed(), not InRecovery, because we need checkpointer
    2800             :      * to act this way too, and because when it tries to write the
    2801             :      * end-of-recovery checkpoint, it should indeed flush.
    2802             :      */
    2803     1252846 :     if (!XLogInsertAllowed())
    2804             :     {
    2805      190904 :         UpdateMinRecoveryPoint(record, false);
    2806      993000 :         return;
    2807             :     }
    2808             : 
    2809             :     /* Quick exit if already known flushed */
    2810     1061942 :     if (record <= LogwrtResult.Flush)
    2811      802096 :         return;
    2812             : 
    2813             : #ifdef WAL_DEBUG
    2814             :     if (XLOG_DEBUG)
    2815             :         elog(LOG, "xlog flush request %X/%X; write %X/%X; flush %X/%X",
    2816             :              LSN_FORMAT_ARGS(record),
    2817             :              LSN_FORMAT_ARGS(LogwrtResult.Write),
    2818             :              LSN_FORMAT_ARGS(LogwrtResult.Flush));
    2819             : #endif
    2820             : 
    2821      259846 :     START_CRIT_SECTION();
    2822             : 
    2823             :     /*
    2824             :      * Since fsync is usually a horribly expensive operation, we try to
    2825             :      * piggyback as much data as we can on each fsync: if we see any more data
    2826             :      * entered into the xlog buffer, we'll write and fsync that too, so that
    2827             :      * the final value of LogwrtResult.Flush is as large as possible. This
    2828             :      * gives us some chance of avoiding another fsync immediately after.
    2829             :      */
    2830             : 
    2831             :     /* initialize to given target; may increase below */
    2832      259846 :     WriteRqstPtr = record;
    2833             : 
    2834             :     /*
    2835             :      * Now wait until we get the write lock, or someone else does the flush
    2836             :      * for us.
    2837             :      */
    2838             :     for (;;)
    2839       10918 :     {
    2840             :         XLogRecPtr  insertpos;
    2841             : 
    2842             :         /* done already? */
    2843      270764 :         RefreshXLogWriteResult(LogwrtResult);
    2844      270764 :         if (record <= LogwrtResult.Flush)
    2845       19344 :             break;
    2846             : 
    2847             :         /*
    2848             :          * Before actually performing the write, wait for all in-flight
    2849             :          * insertions to the pages we're about to write to finish.
    2850             :          */
    2851      251420 :         SpinLockAcquire(&XLogCtl->info_lck);
    2852      251420 :         if (WriteRqstPtr < XLogCtl->LogwrtRqst.Write)
    2853       15384 :             WriteRqstPtr = XLogCtl->LogwrtRqst.Write;
    2854      251420 :         SpinLockRelease(&XLogCtl->info_lck);
    2855      251420 :         insertpos = WaitXLogInsertionsToFinish(WriteRqstPtr);
    2856             : 
    2857             :         /*
    2858             :          * Try to get the write lock. If we can't get it immediately, wait
    2859             :          * until it's released, and recheck if we still need to do the flush
    2860             :          * or if the backend that held the lock did it for us already. This
    2861             :          * helps to maintain a good rate of group committing when the system
    2862             :          * is bottlenecked by the speed of fsyncing.
    2863             :          */
    2864      251420 :         if (!LWLockAcquireOrWait(WALWriteLock, LW_EXCLUSIVE))
    2865             :         {
    2866             :             /*
    2867             :              * The lock is now free, but we didn't acquire it yet. Before we
    2868             :              * do, loop back to check if someone else flushed the record for
    2869             :              * us already.
    2870             :              */
    2871       10918 :             continue;
    2872             :         }
    2873             : 
    2874             :         /* Got the lock; recheck whether request is satisfied */
    2875      240502 :         RefreshXLogWriteResult(LogwrtResult);
    2876      240502 :         if (record <= LogwrtResult.Flush)
    2877             :         {
    2878        1720 :             LWLockRelease(WALWriteLock);
    2879        1720 :             break;
    2880             :         }
    2881             : 
    2882             :         /*
    2883             :          * Sleep before flush! By adding a delay here, we may give further
    2884             :          * backends the opportunity to join the backlog of group commit
    2885             :          * followers; this can significantly improve transaction throughput,
    2886             :          * at the risk of increasing transaction latency.
    2887             :          *
    2888             :          * We do not sleep if enableFsync is not turned on, nor if there are
    2889             :          * fewer than CommitSiblings other backends with active transactions.
    2890             :          */
    2891      238782 :         if (CommitDelay > 0 && enableFsync &&
    2892           0 :             MinimumActiveBackends(CommitSiblings))
    2893             :         {
    2894           0 :             pg_usleep(CommitDelay);
    2895             : 
    2896             :             /*
    2897             :              * Re-check how far we can now flush the WAL. It's generally not
    2898             :              * safe to call WaitXLogInsertionsToFinish while holding
    2899             :              * WALWriteLock, because an in-progress insertion might need to
    2900             :              * also grab WALWriteLock to make progress. But we know that all
    2901             :              * the insertions up to insertpos have already finished, because
    2902             :              * that's what the earlier WaitXLogInsertionsToFinish() returned.
    2903             :              * We're only calling it again to allow insertpos to be moved
    2904             :              * further forward, not to actually wait for anyone.
    2905             :              */
    2906           0 :             insertpos = WaitXLogInsertionsToFinish(insertpos);
    2907             :         }
    2908             : 
    2909             :         /* try to write/flush later additions to XLOG as well */
    2910      238782 :         WriteRqst.Write = insertpos;
    2911      238782 :         WriteRqst.Flush = insertpos;
    2912             : 
    2913      238782 :         XLogWrite(WriteRqst, insertTLI, false);
    2914             : 
    2915      238782 :         LWLockRelease(WALWriteLock);
    2916             :         /* done */
    2917      238782 :         break;
    2918             :     }
    2919             : 
    2920      259846 :     END_CRIT_SECTION();
    2921             : 
    2922             :     /* wake up walsenders now that we've released heavily contended locks */
    2923      259846 :     WalSndWakeupProcessRequests(true, !RecoveryInProgress());
    2924             : 
    2925             :     /*
    2926             :      * If we still haven't flushed to the request point then we have a
    2927             :      * problem; most likely, the requested flush point is past end of XLOG.
    2928             :      * This has been seen to occur when a disk page has a corrupted LSN.
    2929             :      *
    2930             :      * Formerly we treated this as a PANIC condition, but that hurts the
    2931             :      * system's robustness rather than helping it: we do not want to take down
    2932             :      * the whole system due to corruption on one data page.  In particular, if
    2933             :      * the bad page is encountered again during recovery then we would be
    2934             :      * unable to restart the database at all!  (This scenario actually
    2935             :      * happened in the field several times with 7.1 releases.)  As of 8.4, bad
    2936             :      * LSNs encountered during recovery are UpdateMinRecoveryPoint's problem;
    2937             :      * the only time we can reach here during recovery is while flushing the
    2938             :      * end-of-recovery checkpoint record, and we don't expect that to have a
    2939             :      * bad LSN.
    2940             :      *
    2941             :      * Note that for calls from xact.c, the ERROR will be promoted to PANIC
    2942             :      * since xact.c calls this routine inside a critical section.  However,
    2943             :      * calls from bufmgr.c are not within critical sections and so we will not
    2944             :      * force a restart for a bad LSN on a data page.
    2945             :      */
    2946      259846 :     if (LogwrtResult.Flush < record)
    2947           0 :         elog(ERROR,
    2948             :              "xlog flush request %X/%X is not satisfied --- flushed only to %X/%X",
    2949             :              LSN_FORMAT_ARGS(record),
    2950             :              LSN_FORMAT_ARGS(LogwrtResult.Flush));
    2951             : }
    2952             : 
    2953             : /*
    2954             :  * Write & flush xlog, but without specifying exactly where to.
    2955             :  *
    2956             :  * We normally write only completed blocks; but if there is nothing to do on
    2957             :  * that basis, we check for unwritten async commits in the current incomplete
    2958             :  * block, and write through the latest one of those.  Thus, if async commits
    2959             :  * are not being used, we will write complete blocks only.
    2960             :  *
    2961             :  * If, based on the above, there's anything to write we do so immediately. But
    2962             :  * to avoid calling fsync, fdatasync et. al. at a rate that'd impact
    2963             :  * concurrent IO, we only flush WAL every wal_writer_delay ms, or if there's
    2964             :  * more than wal_writer_flush_after unflushed blocks.
    2965             :  *
    2966             :  * We can guarantee that async commits reach disk after at most three
    2967             :  * wal_writer_delay cycles. (When flushing complete blocks, we allow XLogWrite
    2968             :  * to write "flexibly", meaning it can stop at the end of the buffer ring;
    2969             :  * this makes a difference only with very high load or long wal_writer_delay,
    2970             :  * but imposes one extra cycle for the worst case for async commits.)
    2971             :  *
    2972             :  * This routine is invoked periodically by the background walwriter process.
    2973             :  *
    2974             :  * Returns true if there was any work to do, even if we skipped flushing due
    2975             :  * to wal_writer_delay/wal_writer_flush_after.
    2976             :  */
    2977             : bool
    2978       21662 : XLogBackgroundFlush(void)
    2979             : {
    2980             :     XLogwrtRqst WriteRqst;
    2981       21662 :     bool        flexible = true;
    2982             :     static TimestampTz lastflush;
    2983             :     TimestampTz now;
    2984             :     int         flushblocks;
    2985             :     TimeLineID  insertTLI;
    2986             : 
    2987             :     /* XLOG doesn't need flushing during recovery */
    2988       21662 :     if (RecoveryInProgress())
    2989          16 :         return false;
    2990             : 
    2991             :     /*
    2992             :      * Since we're not in recovery, InsertTimeLineID is set and can't change,
    2993             :      * so we can read it without a lock.
    2994             :      */
    2995       21646 :     insertTLI = XLogCtl->InsertTimeLineID;
    2996             : 
    2997             :     /* read updated LogwrtRqst */
    2998       21646 :     SpinLockAcquire(&XLogCtl->info_lck);
    2999       21646 :     WriteRqst = XLogCtl->LogwrtRqst;
    3000       21646 :     SpinLockRelease(&XLogCtl->info_lck);
    3001             : 
    3002             :     /* back off to last completed page boundary */
    3003       21646 :     WriteRqst.Write -= WriteRqst.Write % XLOG_BLCKSZ;
    3004             : 
    3005             :     /* if we have already flushed that far, consider async commit records */
    3006       21646 :     RefreshXLogWriteResult(LogwrtResult);
    3007       21646 :     if (WriteRqst.Write <= LogwrtResult.Flush)
    3008             :     {
    3009       15282 :         SpinLockAcquire(&XLogCtl->info_lck);
    3010       15282 :         WriteRqst.Write = XLogCtl->asyncXactLSN;
    3011       15282 :         SpinLockRelease(&XLogCtl->info_lck);
    3012       15282 :         flexible = false;       /* ensure it all gets written */
    3013             :     }
    3014             : 
    3015             :     /*
    3016             :      * If already known flushed, we're done. Just need to check if we are
    3017             :      * holding an open file handle to a logfile that's no longer in use,
    3018             :      * preventing the file from being deleted.
    3019             :      */
    3020       21646 :     if (WriteRqst.Write <= LogwrtResult.Flush)
    3021             :     {
    3022       14268 :         if (openLogFile >= 0)
    3023             :         {
    3024        6972 :             if (!XLByteInPrevSeg(LogwrtResult.Write, openLogSegNo,
    3025             :                                  wal_segment_size))
    3026             :             {
    3027         256 :                 XLogFileClose();
    3028             :             }
    3029             :         }
    3030       14268 :         return false;
    3031             :     }
    3032             : 
    3033             :     /*
    3034             :      * Determine how far to flush WAL, based on the wal_writer_delay and
    3035             :      * wal_writer_flush_after GUCs.
    3036             :      *
    3037             :      * Note that XLogSetAsyncXactLSN() performs similar calculation based on
    3038             :      * wal_writer_flush_after, to decide when to wake us up.  Make sure the
    3039             :      * logic is the same in both places if you change this.
    3040             :      */
    3041        7378 :     now = GetCurrentTimestamp();
    3042        7378 :     flushblocks =
    3043        7378 :         WriteRqst.Write / XLOG_BLCKSZ - LogwrtResult.Flush / XLOG_BLCKSZ;
    3044             : 
    3045        7378 :     if (WalWriterFlushAfter == 0 || lastflush == 0)
    3046             :     {
    3047             :         /* first call, or block based limits disabled */
    3048         410 :         WriteRqst.Flush = WriteRqst.Write;
    3049         410 :         lastflush = now;
    3050             :     }
    3051        6968 :     else if (TimestampDifferenceExceeds(lastflush, now, WalWriterDelay))
    3052             :     {
    3053             :         /*
    3054             :          * Flush the writes at least every WalWriterDelay ms. This is
    3055             :          * important to bound the amount of time it takes for an asynchronous
    3056             :          * commit to hit disk.
    3057             :          */
    3058        6640 :         WriteRqst.Flush = WriteRqst.Write;
    3059        6640 :         lastflush = now;
    3060             :     }
    3061         328 :     else if (flushblocks >= WalWriterFlushAfter)
    3062             :     {
    3063             :         /* exceeded wal_writer_flush_after blocks, flush */
    3064         306 :         WriteRqst.Flush = WriteRqst.Write;
    3065         306 :         lastflush = now;
    3066             :     }
    3067             :     else
    3068             :     {
    3069             :         /* no flushing, this time round */
    3070          22 :         WriteRqst.Flush = 0;
    3071             :     }
    3072             : 
    3073             : #ifdef WAL_DEBUG
    3074             :     if (XLOG_DEBUG)
    3075             :         elog(LOG, "xlog bg flush request write %X/%X; flush: %X/%X, current is write %X/%X; flush %X/%X",
    3076             :              LSN_FORMAT_ARGS(WriteRqst.Write),
    3077             :              LSN_FORMAT_ARGS(WriteRqst.Flush),
    3078             :              LSN_FORMAT_ARGS(LogwrtResult.Write),
    3079             :              LSN_FORMAT_ARGS(LogwrtResult.Flush));
    3080             : #endif
    3081             : 
    3082        7378 :     START_CRIT_SECTION();
    3083             : 
    3084             :     /* now wait for any in-progress insertions to finish and get write lock */
    3085        7378 :     WaitXLogInsertionsToFinish(WriteRqst.Write);
    3086        7378 :     LWLockAcquire(WALWriteLock, LW_EXCLUSIVE);
    3087        7378 :     RefreshXLogWriteResult(LogwrtResult);
    3088        7378 :     if (WriteRqst.Write > LogwrtResult.Write ||
    3089         264 :         WriteRqst.Flush > LogwrtResult.Flush)
    3090             :     {
    3091        7158 :         XLogWrite(WriteRqst, insertTLI, flexible);
    3092             :     }
    3093        7378 :     LWLockRelease(WALWriteLock);
    3094             : 
    3095        7378 :     END_CRIT_SECTION();
    3096             : 
    3097             :     /* wake up walsenders now that we've released heavily contended locks */
    3098        7378 :     WalSndWakeupProcessRequests(true, !RecoveryInProgress());
    3099             : 
    3100             :     /*
    3101             :      * Great, done. To take some work off the critical path, try to initialize
    3102             :      * as many of the no-longer-needed WAL buffers for future use as we can.
    3103             :      */
    3104        7378 :     AdvanceXLInsertBuffer(InvalidXLogRecPtr, insertTLI, true);
    3105             : 
    3106             :     /*
    3107             :      * If we determined that we need to write data, but somebody else
    3108             :      * wrote/flushed already, it should be considered as being active, to
    3109             :      * avoid hibernating too early.
    3110             :      */
    3111        7378 :     return true;
    3112             : }
    3113             : 
    3114             : /*
    3115             :  * Test whether XLOG data has been flushed up to (at least) the given position.
    3116             :  *
    3117             :  * Returns true if a flush is still needed.  (It may be that someone else
    3118             :  * is already in process of flushing that far, however.)
    3119             :  */
    3120             : bool
    3121    17474454 : XLogNeedsFlush(XLogRecPtr record)
    3122             : {
    3123             :     /*
    3124             :      * During recovery, we don't flush WAL but update minRecoveryPoint
    3125             :      * instead. So "needs flush" is taken to mean whether minRecoveryPoint
    3126             :      * would need to be updated.
    3127             :      */
    3128    17474454 :     if (RecoveryInProgress())
    3129             :     {
    3130             :         /*
    3131             :          * An invalid minRecoveryPoint means that we need to recover all the
    3132             :          * WAL, i.e., we're doing crash recovery.  We never modify the control
    3133             :          * file's value in that case, so we can short-circuit future checks
    3134             :          * here too.  This triggers a quick exit path for the startup process,
    3135             :          * which cannot update its local copy of minRecoveryPoint as long as
    3136             :          * it has not replayed all WAL available when doing crash recovery.
    3137             :          */
    3138     1653736 :         if (XLogRecPtrIsInvalid(LocalMinRecoveryPoint) && InRecovery)
    3139           0 :             updateMinRecoveryPoint = false;
    3140             : 
    3141             :         /* Quick exit if already known to be updated or cannot be updated */
    3142     1653736 :         if (record <= LocalMinRecoveryPoint || !updateMinRecoveryPoint)
    3143     1625726 :             return false;
    3144             : 
    3145             :         /*
    3146             :          * Update local copy of minRecoveryPoint. But if the lock is busy,
    3147             :          * just return a conservative guess.
    3148             :          */
    3149       28010 :         if (!LWLockConditionalAcquire(ControlFileLock, LW_SHARED))
    3150           0 :             return true;
    3151       28010 :         LocalMinRecoveryPoint = ControlFile->minRecoveryPoint;
    3152       28010 :         LocalMinRecoveryPointTLI = ControlFile->minRecoveryPointTLI;
    3153       28010 :         LWLockRelease(ControlFileLock);
    3154             : 
    3155             :         /*
    3156             :          * Check minRecoveryPoint for any other process than the startup
    3157             :          * process doing crash recovery, which should not update the control
    3158             :          * file value if crash recovery is still running.
    3159             :          */
    3160       28010 :         if (XLogRecPtrIsInvalid(LocalMinRecoveryPoint))
    3161           0 :             updateMinRecoveryPoint = false;
    3162             : 
    3163             :         /* check again */
    3164       28010 :         if (record <= LocalMinRecoveryPoint || !updateMinRecoveryPoint)
    3165         162 :             return false;
    3166             :         else
    3167       27848 :             return true;
    3168             :     }
    3169             : 
    3170             :     /* Quick exit if already known flushed */
    3171    15820718 :     if (record <= LogwrtResult.Flush)
    3172    15315924 :         return false;
    3173             : 
    3174             :     /* read LogwrtResult and update local state */
    3175      504794 :     RefreshXLogWriteResult(LogwrtResult);
    3176             : 
    3177             :     /* check again */
    3178      504794 :     if (record <= LogwrtResult.Flush)
    3179        5066 :         return false;
    3180             : 
    3181      499728 :     return true;
    3182             : }
    3183             : 
    3184             : /*
    3185             :  * Try to make a given XLOG file segment exist.
    3186             :  *
    3187             :  * logsegno: identify segment.
    3188             :  *
    3189             :  * *added: on return, true if this call raised the number of extant segments.
    3190             :  *
    3191             :  * path: on return, this char[MAXPGPATH] has the path to the logsegno file.
    3192             :  *
    3193             :  * Returns -1 or FD of opened file.  A -1 here is not an error; a caller
    3194             :  * wanting an open segment should attempt to open "path", which usually will
    3195             :  * succeed.  (This is weird, but it's efficient for the callers.)
    3196             :  */
    3197             : static int
    3198       25330 : XLogFileInitInternal(XLogSegNo logsegno, TimeLineID logtli,
    3199             :                      bool *added, char *path)
    3200             : {
    3201             :     char        tmppath[MAXPGPATH];
    3202             :     XLogSegNo   installed_segno;
    3203             :     XLogSegNo   max_segno;
    3204             :     int         fd;
    3205             :     int         save_errno;
    3206       25330 :     int         open_flags = O_RDWR | O_CREAT | O_EXCL | PG_BINARY;
    3207             :     instr_time  io_start;
    3208             : 
    3209             :     Assert(logtli != 0);
    3210             : 
    3211       25330 :     XLogFilePath(path, logtli, logsegno, wal_segment_size);
    3212             : 
    3213             :     /*
    3214             :      * Try to use existent file (checkpoint maker may have created it already)
    3215             :      */
    3216       25330 :     *added = false;
    3217       25330 :     fd = BasicOpenFile(path, O_RDWR | PG_BINARY | O_CLOEXEC |
    3218       25330 :                        get_sync_bit(wal_sync_method));
    3219       25330 :     if (fd < 0)
    3220             :     {
    3221        2592 :         if (errno != ENOENT)
    3222           0 :             ereport(ERROR,
    3223             :                     (errcode_for_file_access(),
    3224             :                      errmsg("could not open file \"%s\": %m", path)));
    3225             :     }
    3226             :     else
    3227       22738 :         return fd;
    3228             : 
    3229             :     /*
    3230             :      * Initialize an empty (all zeroes) segment.  NOTE: it is possible that
    3231             :      * another process is doing the same thing.  If so, we will end up
    3232             :      * pre-creating an extra log segment.  That seems OK, and better than
    3233             :      * holding the lock throughout this lengthy process.
    3234             :      */
    3235        2592 :     elog(DEBUG2, "creating and filling new WAL file");
    3236             : 
    3237        2592 :     snprintf(tmppath, MAXPGPATH, XLOGDIR "/xlogtemp.%d", (int) getpid());
    3238             : 
    3239        2592 :     unlink(tmppath);
    3240             : 
    3241        2592 :     if (io_direct_flags & IO_DIRECT_WAL_INIT)
    3242           0 :         open_flags |= PG_O_DIRECT;
    3243             : 
    3244             :     /* do not use get_sync_bit() here --- want to fsync only at end of fill */
    3245        2592 :     fd = BasicOpenFile(tmppath, open_flags);
    3246        2592 :     if (fd < 0)
    3247           0 :         ereport(ERROR,
    3248             :                 (errcode_for_file_access(),
    3249             :                  errmsg("could not create file \"%s\": %m", tmppath)));
    3250             : 
    3251             :     /* Measure I/O timing when initializing segment */
    3252        2592 :     io_start = pgstat_prepare_io_time(track_wal_io_timing);
    3253             : 
    3254        2592 :     pgstat_report_wait_start(WAIT_EVENT_WAL_INIT_WRITE);
    3255        2592 :     save_errno = 0;
    3256        2592 :     if (wal_init_zero)
    3257             :     {
    3258             :         ssize_t     rc;
    3259             : 
    3260             :         /*
    3261             :          * Zero-fill the file.  With this setting, we do this the hard way to
    3262             :          * ensure that all the file space has really been allocated.  On
    3263             :          * platforms that allow "holes" in files, just seeking to the end
    3264             :          * doesn't allocate intermediate space.  This way, we know that we
    3265             :          * have all the space and (after the fsync below) that all the
    3266             :          * indirect blocks are down on disk.  Therefore, fdatasync(2) or
    3267             :          * O_DSYNC will be sufficient to sync future writes to the log file.
    3268             :          */
    3269        2592 :         rc = pg_pwrite_zeros(fd, wal_segment_size, 0);
    3270             : 
    3271        2592 :         if (rc < 0)
    3272           0 :             save_errno = errno;
    3273             :     }
    3274             :     else
    3275             :     {
    3276             :         /*
    3277             :          * Otherwise, seeking to the end and writing a solitary byte is
    3278             :          * enough.
    3279             :          */
    3280           0 :         errno = 0;
    3281           0 :         if (pg_pwrite(fd, "\0", 1, wal_segment_size - 1) != 1)
    3282             :         {
    3283             :             /* if write didn't set errno, assume no disk space */
    3284           0 :             save_errno = errno ? errno : ENOSPC;
    3285             :         }
    3286             :     }
    3287        2592 :     pgstat_report_wait_end();
    3288             : 
    3289             :     /*
    3290             :      * A full segment worth of data is written when using wal_init_zero. One
    3291             :      * byte is written when not using it.
    3292             :      */
    3293        2592 :     pgstat_count_io_op_time(IOOBJECT_WAL, IOCONTEXT_INIT, IOOP_WRITE,
    3294             :                             io_start, 1,
    3295        2592 :                             wal_init_zero ? wal_segment_size : 1);
    3296             : 
    3297        2592 :     if (save_errno)
    3298             :     {
    3299             :         /*
    3300             :          * If we fail to make the file, delete it to release disk space
    3301             :          */
    3302           0 :         unlink(tmppath);
    3303             : 
    3304           0 :         close(fd);
    3305             : 
    3306           0 :         errno = save_errno;
    3307             : 
    3308           0 :         ereport(ERROR,
    3309             :                 (errcode_for_file_access(),
    3310             :                  errmsg("could not write to file \"%s\": %m", tmppath)));
    3311             :     }
    3312             : 
    3313             :     /* Measure I/O timing when flushing segment */
    3314        2592 :     io_start = pgstat_prepare_io_time(track_wal_io_timing);
    3315             : 
    3316        2592 :     pgstat_report_wait_start(WAIT_EVENT_WAL_INIT_SYNC);
    3317        2592 :     if (pg_fsync(fd) != 0)
    3318             :     {
    3319           0 :         save_errno = errno;
    3320           0 :         close(fd);
    3321           0 :         errno = save_errno;
    3322           0 :         ereport(ERROR,
    3323             :                 (errcode_for_file_access(),
    3324             :                  errmsg("could not fsync file \"%s\": %m", tmppath)));
    3325             :     }
    3326        2592 :     pgstat_report_wait_end();
    3327             : 
    3328        2592 :     pgstat_count_io_op_time(IOOBJECT_WAL, IOCONTEXT_INIT,
    3329             :                             IOOP_FSYNC, io_start, 1, 0);
    3330             : 
    3331        2592 :     if (close(fd) != 0)
    3332           0 :         ereport(ERROR,
    3333             :                 (errcode_for_file_access(),
    3334             :                  errmsg("could not close file \"%s\": %m", tmppath)));
    3335             : 
    3336             :     /*
    3337             :      * Now move the segment into place with its final name.  Cope with
    3338             :      * possibility that someone else has created the file while we were
    3339             :      * filling ours: if so, use ours to pre-create a future log segment.
    3340             :      */
    3341        2592 :     installed_segno = logsegno;
    3342             : 
    3343             :     /*
    3344             :      * XXX: What should we use as max_segno? We used to use XLOGfileslop when
    3345             :      * that was a constant, but that was always a bit dubious: normally, at a
    3346             :      * checkpoint, XLOGfileslop was the offset from the checkpoint record, but
    3347             :      * here, it was the offset from the insert location. We can't do the
    3348             :      * normal XLOGfileslop calculation here because we don't have access to
    3349             :      * the prior checkpoint's redo location. So somewhat arbitrarily, just use
    3350             :      * CheckPointSegments.
    3351             :      */
    3352        2592 :     max_segno = logsegno + CheckPointSegments;
    3353        2592 :     if (InstallXLogFileSegment(&installed_segno, tmppath, true, max_segno,
    3354             :                                logtli))
    3355             :     {
    3356        2592 :         *added = true;
    3357        2592 :         elog(DEBUG2, "done creating and filling new WAL file");
    3358             :     }
    3359             :     else
    3360             :     {
    3361             :         /*
    3362             :          * No need for any more future segments, or InstallXLogFileSegment()
    3363             :          * failed to rename the file into place. If the rename failed, a
    3364             :          * caller opening the file may fail.
    3365             :          */
    3366           0 :         unlink(tmppath);
    3367           0 :         elog(DEBUG2, "abandoned new WAL file");
    3368             :     }
    3369             : 
    3370        2592 :     return -1;
    3371             : }
    3372             : 
    3373             : /*
    3374             :  * Create a new XLOG file segment, or open a pre-existing one.
    3375             :  *
    3376             :  * logsegno: identify segment to be created/opened.
    3377             :  *
    3378             :  * Returns FD of opened file.
    3379             :  *
    3380             :  * Note: errors here are ERROR not PANIC because we might or might not be
    3381             :  * inside a critical section (eg, during checkpoint there is no reason to
    3382             :  * take down the system on failure).  They will promote to PANIC if we are
    3383             :  * in a critical section.
    3384             :  */
    3385             : int
    3386       24834 : XLogFileInit(XLogSegNo logsegno, TimeLineID logtli)
    3387             : {
    3388             :     bool        ignore_added;
    3389             :     char        path[MAXPGPATH];
    3390             :     int         fd;
    3391             : 
    3392             :     Assert(logtli != 0);
    3393             : 
    3394       24834 :     fd = XLogFileInitInternal(logsegno, logtli, &ignore_added, path);
    3395       24834 :     if (fd >= 0)
    3396       22550 :         return fd;
    3397             : 
    3398             :     /* Now open original target segment (might not be file I just made) */
    3399        2284 :     fd = BasicOpenFile(path, O_RDWR | PG_BINARY | O_CLOEXEC |
    3400        2284 :                        get_sync_bit(wal_sync_method));
    3401        2284 :     if (fd < 0)
    3402           0 :         ereport(ERROR,
    3403             :                 (errcode_for_file_access(),
    3404             :                  errmsg("could not open file \"%s\": %m", path)));
    3405        2284 :     return fd;
    3406             : }
    3407             : 
    3408             : /*
    3409             :  * Create a new XLOG file segment by copying a pre-existing one.
    3410             :  *
    3411             :  * destsegno: identify segment to be created.
    3412             :  *
    3413             :  * srcTLI, srcsegno: identify segment to be copied (could be from
    3414             :  *      a different timeline)
    3415             :  *
    3416             :  * upto: how much of the source file to copy (the rest is filled with
    3417             :  *      zeros)
    3418             :  *
    3419             :  * Currently this is only used during recovery, and so there are no locking
    3420             :  * considerations.  But we should be just as tense as XLogFileInit to avoid
    3421             :  * emplacing a bogus file.
    3422             :  */
    3423             : static void
    3424          76 : XLogFileCopy(TimeLineID destTLI, XLogSegNo destsegno,
    3425             :              TimeLineID srcTLI, XLogSegNo srcsegno,
    3426             :              int upto)
    3427             : {
    3428             :     char        path[MAXPGPATH];
    3429             :     char        tmppath[MAXPGPATH];
    3430             :     PGAlignedXLogBlock buffer;
    3431             :     int         srcfd;
    3432             :     int         fd;
    3433             :     int         nbytes;
    3434             : 
    3435             :     /*
    3436             :      * Open the source file
    3437             :      */
    3438          76 :     XLogFilePath(path, srcTLI, srcsegno, wal_segment_size);
    3439          76 :     srcfd = OpenTransientFile(path, O_RDONLY | PG_BINARY);
    3440          76 :     if (srcfd < 0)
    3441           0 :         ereport(ERROR,
    3442             :                 (errcode_for_file_access(),
    3443             :                  errmsg("could not open file \"%s\": %m", path)));
    3444             : 
    3445             :     /*
    3446             :      * Copy into a temp file name.
    3447             :      */
    3448          76 :     snprintf(tmppath, MAXPGPATH, XLOGDIR "/xlogtemp.%d", (int) getpid());
    3449             : 
    3450          76 :     unlink(tmppath);
    3451             : 
    3452             :     /* do not use get_sync_bit() here --- want to fsync only at end of fill */
    3453          76 :     fd = OpenTransientFile(tmppath, O_RDWR | O_CREAT | O_EXCL | PG_BINARY);
    3454          76 :     if (fd < 0)
    3455           0 :         ereport(ERROR,
    3456             :                 (errcode_for_file_access(),
    3457             :                  errmsg("could not create file \"%s\": %m", tmppath)));
    3458             : 
    3459             :     /*
    3460             :      * Do the data copying.
    3461             :      */
    3462      155724 :     for (nbytes = 0; nbytes < wal_segment_size; nbytes += sizeof(buffer))
    3463             :     {
    3464             :         int         nread;
    3465             : 
    3466      155648 :         nread = upto - nbytes;
    3467             : 
    3468             :         /*
    3469             :          * The part that is not read from the source file is filled with
    3470             :          * zeros.
    3471             :          */
    3472      155648 :         if (nread < sizeof(buffer))
    3473          76 :             memset(buffer.data, 0, sizeof(buffer));
    3474             : 
    3475      155648 :         if (nread > 0)
    3476             :         {
    3477             :             int         r;
    3478             : 
    3479        5356 :             if (nread > sizeof(buffer))
    3480        5280 :                 nread = sizeof(buffer);
    3481        5356 :             pgstat_report_wait_start(WAIT_EVENT_WAL_COPY_READ);
    3482        5356 :             r = read(srcfd, buffer.data, nread);
    3483        5356 :             if (r != nread)
    3484             :             {
    3485           0 :                 if (r < 0)
    3486           0 :                     ereport(ERROR,
    3487             :                             (errcode_for_file_access(),
    3488             :                              errmsg("could not read file \"%s\": %m",
    3489             :                                     path)));
    3490             :                 else
    3491           0 :                     ereport(ERROR,
    3492             :                             (errcode(ERRCODE_DATA_CORRUPTED),
    3493             :                              errmsg("could not read file \"%s\": read %d of %zu",
    3494             :                                     path, r, (Size) nread)));
    3495             :             }
    3496        5356 :             pgstat_report_wait_end();
    3497             :         }
    3498      155648 :         errno = 0;
    3499      155648 :         pgstat_report_wait_start(WAIT_EVENT_WAL_COPY_WRITE);
    3500      155648 :         if ((int) write(fd, buffer.data, sizeof(buffer)) != (int) sizeof(buffer))
    3501             :         {
    3502           0 :             int         save_errno = errno;
    3503             : 
    3504             :             /*
    3505             :              * If we fail to make the file, delete it to release disk space
    3506             :              */
    3507           0 :             unlink(tmppath);
    3508             :             /* if write didn't set errno, assume problem is no disk space */
    3509           0 :             errno = save_errno ? save_errno : ENOSPC;
    3510             : 
    3511           0 :             ereport(ERROR,
    3512             :                     (errcode_for_file_access(),
    3513             :                      errmsg("could not write to file \"%s\": %m", tmppath)));
    3514             :         }
    3515      155648 :         pgstat_report_wait_end();
    3516             :     }
    3517             : 
    3518          76 :     pgstat_report_wait_start(WAIT_EVENT_WAL_COPY_SYNC);
    3519          76 :     if (pg_fsync(fd) != 0)
    3520           0 :         ereport(data_sync_elevel(ERROR),
    3521             :                 (errcode_for_file_access(),
    3522             :                  errmsg("could not fsync file \"%s\": %m", tmppath)));
    3523          76 :     pgstat_report_wait_end();
    3524             : 
    3525          76 :     if (CloseTransientFile(fd) != 0)
    3526           0 :         ereport(ERROR,
    3527             :                 (errcode_for_file_access(),
    3528             :                  errmsg("could not close file \"%s\": %m", tmppath)));
    3529             : 
    3530          76 :     if (CloseTransientFile(srcfd) != 0)
    3531           0 :         ereport(ERROR,
    3532             :                 (errcode_for_file_access(),
    3533             :                  errmsg("could not close file \"%s\": %m", path)));
    3534             : 
    3535             :     /*
    3536             :      * Now move the segment into place with its final name.
    3537             :      */
    3538          76 :     if (!InstallXLogFileSegment(&destsegno, tmppath, false, 0, destTLI))
    3539           0 :         elog(ERROR, "InstallXLogFileSegment should not have failed");
    3540          76 : }
    3541             : 
    3542             : /*
    3543             :  * Install a new XLOG segment file as a current or future log segment.
    3544             :  *
    3545             :  * This is used both to install a newly-created segment (which has a temp
    3546             :  * filename while it's being created) and to recycle an old segment.
    3547             :  *
    3548             :  * *segno: identify segment to install as (or first possible target).
    3549             :  * When find_free is true, this is modified on return to indicate the
    3550             :  * actual installation location or last segment searched.
    3551             :  *
    3552             :  * tmppath: initial name of file to install.  It will be renamed into place.
    3553             :  *
    3554             :  * find_free: if true, install the new segment at the first empty segno
    3555             :  * number at or after the passed numbers.  If false, install the new segment
    3556             :  * exactly where specified, deleting any existing segment file there.
    3557             :  *
    3558             :  * max_segno: maximum segment number to install the new file as.  Fail if no
    3559             :  * free slot is found between *segno and max_segno. (Ignored when find_free
    3560             :  * is false.)
    3561             :  *
    3562             :  * tli: The timeline on which the new segment should be installed.
    3563             :  *
    3564             :  * Returns true if the file was installed successfully.  false indicates that
    3565             :  * max_segno limit was exceeded, the startup process has disabled this
    3566             :  * function for now, or an error occurred while renaming the file into place.
    3567             :  */
    3568             : static bool
    3569        4852 : InstallXLogFileSegment(XLogSegNo *segno, char *tmppath,
    3570             :                        bool find_free, XLogSegNo max_segno, TimeLineID tli)
    3571             : {
    3572             :     char        path[MAXPGPATH];
    3573             :     struct stat stat_buf;
    3574             : 
    3575             :     Assert(tli != 0);
    3576             : 
    3577        4852 :     XLogFilePath(path, tli, *segno, wal_segment_size);
    3578             : 
    3579        4852 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    3580        4852 :     if (!XLogCtl->InstallXLogFileSegmentActive)
    3581             :     {
    3582           0 :         LWLockRelease(ControlFileLock);
    3583           0 :         return false;
    3584             :     }
    3585             : 
    3586        4852 :     if (!find_free)
    3587             :     {
    3588             :         /* Force installation: get rid of any pre-existing segment file */
    3589          76 :         durable_unlink(path, DEBUG1);
    3590             :     }
    3591             :     else
    3592             :     {
    3593             :         /* Find a free slot to put it in */
    3594        7092 :         while (stat(path, &stat_buf) == 0)
    3595             :         {
    3596        2370 :             if ((*segno) >= max_segno)
    3597             :             {
    3598             :                 /* Failed to find a free slot within specified range */
    3599          54 :                 LWLockRelease(ControlFileLock);
    3600          54 :                 return false;
    3601             :             }
    3602        2316 :             (*segno)++;
    3603        2316 :             XLogFilePath(path, tli, *segno, wal_segment_size);
    3604             :         }
    3605             :     }
    3606             : 
    3607             :     Assert(access(path, F_OK) != 0 && errno == ENOENT);
    3608        4798 :     if (durable_rename(tmppath, path, LOG) != 0)
    3609             :     {
    3610           0 :         LWLockRelease(ControlFileLock);
    3611             :         /* durable_rename already emitted log message */
    3612           0 :         return false;
    3613             :     }
    3614             : 
    3615        4798 :     LWLockRelease(ControlFileLock);
    3616             : 
    3617        4798 :     return true;
    3618             : }
    3619             : 
    3620             : /*
    3621             :  * Open a pre-existing logfile segment for writing.
    3622             :  */
    3623             : int
    3624          58 : XLogFileOpen(XLogSegNo segno, TimeLineID tli)
    3625             : {
    3626             :     char        path[MAXPGPATH];
    3627             :     int         fd;
    3628             : 
    3629          58 :     XLogFilePath(path, tli, segno, wal_segment_size);
    3630             : 
    3631          58 :     fd = BasicOpenFile(path, O_RDWR | PG_BINARY | O_CLOEXEC |
    3632          58 :                        get_sync_bit(wal_sync_method));
    3633          58 :     if (fd < 0)
    3634           0 :         ereport(PANIC,
    3635             :                 (errcode_for_file_access(),
    3636             :                  errmsg("could not open file \"%s\": %m", path)));
    3637             : 
    3638          58 :     return fd;
    3639             : }
    3640             : 
    3641             : /*
    3642             :  * Close the current logfile segment for writing.
    3643             :  */
    3644             : static void
    3645        9730 : XLogFileClose(void)
    3646             : {
    3647             :     Assert(openLogFile >= 0);
    3648             : 
    3649             :     /*
    3650             :      * WAL segment files will not be re-read in normal operation, so we advise
    3651             :      * the OS to release any cached pages.  But do not do so if WAL archiving
    3652             :      * or streaming is active, because archiver and walsender process could
    3653             :      * use the cache to read the WAL segment.
    3654             :      */
    3655             : #if defined(USE_POSIX_FADVISE) && defined(POSIX_FADV_DONTNEED)
    3656        9730 :     if (!XLogIsNeeded() && (io_direct_flags & IO_DIRECT_WAL) == 0)
    3657        2318 :         (void) posix_fadvise(openLogFile, 0, 0, POSIX_FADV_DONTNEED);
    3658             : #endif
    3659             : 
    3660        9730 :     if (close(openLogFile) != 0)
    3661             :     {
    3662             :         char        xlogfname[MAXFNAMELEN];
    3663           0 :         int         save_errno = errno;
    3664             : 
    3665           0 :         XLogFileName(xlogfname, openLogTLI, openLogSegNo, wal_segment_size);
    3666           0 :         errno = save_errno;
    3667           0 :         ereport(PANIC,
    3668             :                 (errcode_for_file_access(),
    3669             :                  errmsg("could not close file \"%s\": %m", xlogfname)));
    3670             :     }
    3671             : 
    3672        9730 :     openLogFile = -1;
    3673        9730 :     ReleaseExternalFD();
    3674        9730 : }
    3675             : 
    3676             : /*
    3677             :  * Preallocate log files beyond the specified log endpoint.
    3678             :  *
    3679             :  * XXX this is currently extremely conservative, since it forces only one
    3680             :  * future log segment to exist, and even that only if we are 75% done with
    3681             :  * the current one.  This is only appropriate for very low-WAL-volume systems.
    3682             :  * High-volume systems will be OK once they've built up a sufficient set of
    3683             :  * recycled log segments, but the startup transient is likely to include
    3684             :  * a lot of segment creations by foreground processes, which is not so good.
    3685             :  *
    3686             :  * XLogFileInitInternal() can ereport(ERROR).  All known causes indicate big
    3687             :  * trouble; for example, a full filesystem is one cause.  The checkpoint WAL
    3688             :  * and/or ControlFile updates already completed.  If a RequestCheckpoint()
    3689             :  * initiated the present checkpoint and an ERROR ends this function, the
    3690             :  * command that called RequestCheckpoint() fails.  That's not ideal, but it's
    3691             :  * not worth contorting more functions to use caller-specified elevel values.
    3692             :  * (With or without RequestCheckpoint(), an ERROR forestalls some inessential
    3693             :  * reporting and resource reclamation.)
    3694             :  */
    3695             : static void
    3696        3124 : PreallocXlogFiles(XLogRecPtr endptr, TimeLineID tli)
    3697             : {
    3698             :     XLogSegNo   _logSegNo;
    3699             :     int         lf;
    3700             :     bool        added;
    3701             :     char        path[MAXPGPATH];
    3702             :     uint64      offset;
    3703             : 
    3704        3124 :     if (!XLogCtl->InstallXLogFileSegmentActive)
    3705          16 :         return;                 /* unlocked check says no */
    3706             : 
    3707        3108 :     XLByteToPrevSeg(endptr, _logSegNo, wal_segment_size);
    3708        3108 :     offset = XLogSegmentOffset(endptr - 1, wal_segment_size);
    3709        3108 :     if (offset >= (uint32) (0.75 * wal_segment_size))
    3710             :     {
    3711         496 :         _logSegNo++;
    3712         496 :         lf = XLogFileInitInternal(_logSegNo, tli, &added, path);
    3713         496 :         if (lf >= 0)
    3714         188 :             close(lf);
    3715         496 :         if (added)
    3716         308 :             CheckpointStats.ckpt_segs_added++;
    3717             :     }
    3718             : }
    3719             : 
    3720             : /*
    3721             :  * Throws an error if the given log segment has already been removed or
    3722             :  * recycled. The caller should only pass a segment that it knows to have
    3723             :  * existed while the server has been running, as this function always
    3724             :  * succeeds if no WAL segments have been removed since startup.
    3725             :  * 'tli' is only used in the error message.
    3726             :  *
    3727             :  * Note: this function guarantees to keep errno unchanged on return.
    3728             :  * This supports callers that use this to possibly deliver a better
    3729             :  * error message about a missing file, while still being able to throw
    3730             :  * a normal file-access error afterwards, if this does return.
    3731             :  */
    3732             : void
    3733      229240 : CheckXLogRemoved(XLogSegNo segno, TimeLineID tli)
    3734             : {
    3735      229240 :     int         save_errno = errno;
    3736             :     XLogSegNo   lastRemovedSegNo;
    3737             : 
    3738      229240 :     SpinLockAcquire(&XLogCtl->info_lck);
    3739      229240 :     lastRemovedSegNo = XLogCtl->lastRemovedSegNo;
    3740      229240 :     SpinLockRelease(&XLogCtl->info_lck);
    3741             : 
    3742      229240 :     if (segno <= lastRemovedSegNo)
    3743             :     {
    3744             :         char        filename[MAXFNAMELEN];
    3745             : 
    3746           0 :         XLogFileName(filename, tli, segno, wal_segment_size);
    3747           0 :         errno = save_errno;
    3748           0 :         ereport(ERROR,
    3749             :                 (errcode_for_file_access(),
    3750             :                  errmsg("requested WAL segment %s has already been removed",
    3751             :                         filename)));
    3752             :     }
    3753      229240 :     errno = save_errno;
    3754      229240 : }
    3755             : 
    3756             : /*
    3757             :  * Return the last WAL segment removed, or 0 if no segment has been removed
    3758             :  * since startup.
    3759             :  *
    3760             :  * NB: the result can be out of date arbitrarily fast, the caller has to deal
    3761             :  * with that.
    3762             :  */
    3763             : XLogSegNo
    3764        2004 : XLogGetLastRemovedSegno(void)
    3765             : {
    3766             :     XLogSegNo   lastRemovedSegNo;
    3767             : 
    3768        2004 :     SpinLockAcquire(&XLogCtl->info_lck);
    3769        2004 :     lastRemovedSegNo = XLogCtl->lastRemovedSegNo;
    3770        2004 :     SpinLockRelease(&XLogCtl->info_lck);
    3771             : 
    3772        2004 :     return lastRemovedSegNo;
    3773             : }
    3774             : 
    3775             : /*
    3776             :  * Return the oldest WAL segment on the given TLI that still exists in
    3777             :  * XLOGDIR, or 0 if none.
    3778             :  */
    3779             : XLogSegNo
    3780          10 : XLogGetOldestSegno(TimeLineID tli)
    3781             : {
    3782             :     DIR        *xldir;
    3783             :     struct dirent *xlde;
    3784          10 :     XLogSegNo   oldest_segno = 0;
    3785             : 
    3786          10 :     xldir = AllocateDir(XLOGDIR);
    3787          66 :     while ((xlde = ReadDir(xldir, XLOGDIR)) != NULL)
    3788             :     {
    3789             :         TimeLineID  file_tli;
    3790             :         XLogSegNo   file_segno;
    3791             : 
    3792             :         /* Ignore files that are not XLOG segments. */
    3793          56 :         if (!IsXLogFileName(xlde->d_name))
    3794          40 :             continue;
    3795             : 
    3796             :         /* Parse filename to get TLI and segno. */
    3797          16 :         XLogFromFileName(xlde->d_name, &file_tli, &file_segno,
    3798             :                          wal_segment_size);
    3799             : 
    3800             :         /* Ignore anything that's not from the TLI of interest. */
    3801          16 :         if (tli != file_tli)
    3802           0 :             continue;
    3803             : 
    3804             :         /* If it's the oldest so far, update oldest_segno. */
    3805          16 :         if (oldest_segno == 0 || file_segno < oldest_segno)
    3806          14 :             oldest_segno = file_segno;
    3807             :     }
    3808             : 
    3809          10 :     FreeDir(xldir);
    3810          10 :     return oldest_segno;
    3811             : }
    3812             : 
    3813             : /*
    3814             :  * Update the last removed segno pointer in shared memory, to reflect that the
    3815             :  * given XLOG file has been removed.
    3816             :  */
    3817             : static void
    3818        3900 : UpdateLastRemovedPtr(char *filename)
    3819             : {
    3820             :     uint32      tli;
    3821             :     XLogSegNo   segno;
    3822             : 
    3823        3900 :     XLogFromFileName(filename, &tli, &segno, wal_segment_size);
    3824             : 
    3825        3900 :     SpinLockAcquire(&XLogCtl->info_lck);
    3826        3900 :     if (segno > XLogCtl->lastRemovedSegNo)
    3827        1730 :         XLogCtl->lastRemovedSegNo = segno;
    3828        3900 :     SpinLockRelease(&XLogCtl->info_lck);
    3829        3900 : }
    3830             : 
    3831             : /*
    3832             :  * Remove all temporary log files in pg_wal
    3833             :  *
    3834             :  * This is called at the beginning of recovery after a previous crash,
    3835             :  * at a point where no other processes write fresh WAL data.
    3836             :  */
    3837             : static void
    3838         342 : RemoveTempXlogFiles(void)
    3839             : {
    3840             :     DIR        *xldir;
    3841             :     struct dirent *xlde;
    3842             : 
    3843         342 :     elog(DEBUG2, "removing all temporary WAL segments");
    3844             : 
    3845         342 :     xldir = AllocateDir(XLOGDIR);
    3846        2208 :     while ((xlde = ReadDir(xldir, XLOGDIR)) != NULL)
    3847             :     {
    3848             :         char        path[MAXPGPATH];
    3849             : 
    3850        1866 :         if (strncmp(xlde->d_name, "xlogtemp.", 9) != 0)
    3851        1866 :             continue;
    3852             : 
    3853           0 :         snprintf(path, MAXPGPATH, XLOGDIR "/%s", xlde->d_name);
    3854           0 :         unlink(path);
    3855           0 :         elog(DEBUG2, "removed temporary WAL segment \"%s\"", path);
    3856             :     }
    3857         342 :     FreeDir(xldir);
    3858         342 : }
    3859             : 
    3860             : /*
    3861             :  * Recycle or remove all log files older or equal to passed segno.
    3862             :  *
    3863             :  * endptr is current (or recent) end of xlog, and lastredoptr is the
    3864             :  * redo pointer of the last checkpoint. These are used to determine
    3865             :  * whether we want to recycle rather than delete no-longer-wanted log files.
    3866             :  *
    3867             :  * insertTLI is the current timeline for XLOG insertion. Any recycled
    3868             :  * segments should be reused for this timeline.
    3869             :  */
    3870             : static void
    3871        2606 : RemoveOldXlogFiles(XLogSegNo segno, XLogRecPtr lastredoptr, XLogRecPtr endptr,
    3872             :                    TimeLineID insertTLI)
    3873             : {
    3874             :     DIR        *xldir;
    3875             :     struct dirent *xlde;
    3876             :     char        lastoff[MAXFNAMELEN];
    3877             :     XLogSegNo   endlogSegNo;
    3878             :     XLogSegNo   recycleSegNo;
    3879             : 
    3880             :     /* Initialize info about where to try to recycle to */
    3881        2606 :     XLByteToSeg(endptr, endlogSegNo, wal_segment_size);
    3882        2606 :     recycleSegNo = XLOGfileslop(lastredoptr);
    3883             : 
    3884             :     /*
    3885             :      * Construct a filename of the last segment to be kept. The timeline ID
    3886             :      * doesn't matter, we ignore that in the comparison. (During recovery,
    3887             :      * InsertTimeLineID isn't set, so we can't use that.)
    3888             :      */
    3889        2606 :     XLogFileName(lastoff, 0, segno, wal_segment_size);
    3890             : 
    3891        2606 :     elog(DEBUG2, "attempting to remove WAL segments older than log file %s",
    3892             :          lastoff);
    3893             : 
    3894        2606 :     xldir = AllocateDir(XLOGDIR);
    3895             : 
    3896       42868 :     while ((xlde = ReadDir(xldir, XLOGDIR)) != NULL)
    3897             :     {
    3898             :         /* Ignore files that are not XLOG segments */
    3899       40262 :         if (!IsXLogFileName(xlde->d_name) &&
    3900       10874 :             !IsPartialXLogFileName(xlde->d_name))
    3901       10870 :             continue;
    3902             : 
    3903             :         /*
    3904             :          * We ignore the timeline part of the XLOG segment identifiers in
    3905             :          * deciding whether a segment is still needed.  This ensures that we
    3906             :          * won't prematurely remove a segment from a parent timeline. We could
    3907             :          * probably be a little more proactive about removing segments of
    3908             :          * non-parent timelines, but that would be a whole lot more
    3909             :          * complicated.
    3910             :          *
    3911             :          * We use the alphanumeric sorting property of the filenames to decide
    3912             :          * which ones are earlier than the lastoff segment.
    3913             :          */
    3914       29392 :         if (strcmp(xlde->d_name + 8, lastoff + 8) <= 0)
    3915             :         {
    3916        3918 :             if (XLogArchiveCheckDone(xlde->d_name))
    3917             :             {
    3918             :                 /* Update the last removed location in shared memory first */
    3919        3900 :                 UpdateLastRemovedPtr(xlde->d_name);
    3920             : 
    3921        3900 :                 RemoveXlogFile(xlde, recycleSegNo, &endlogSegNo, insertTLI);
    3922             :             }
    3923             :         }
    3924             :     }
    3925             : 
    3926        2606 :     FreeDir(xldir);
    3927        2606 : }
    3928             : 
    3929             : /*
    3930             :  * Recycle or remove WAL files that are not part of the given timeline's
    3931             :  * history.
    3932             :  *
    3933             :  * This is called during recovery, whenever we switch to follow a new
    3934             :  * timeline, and at the end of recovery when we create a new timeline. We
    3935             :  * wouldn't otherwise care about extra WAL files lying in pg_wal, but they
    3936             :  * might be leftover pre-allocated or recycled WAL segments on the old timeline
    3937             :  * that we haven't used yet, and contain garbage. If we just leave them in
    3938             :  * pg_wal, they will eventually be archived, and we can't let that happen.
    3939             :  * Files that belong to our timeline history are valid, because we have
    3940             :  * successfully replayed them, but from others we can't be sure.
    3941             :  *
    3942             :  * 'switchpoint' is the current point in WAL where we switch to new timeline,
    3943             :  * and 'newTLI' is the new timeline we switch to.
    3944             :  */
    3945             : void
    3946         120 : RemoveNonParentXlogFiles(XLogRecPtr switchpoint, TimeLineID newTLI)
    3947             : {
    3948             :     DIR        *xldir;
    3949             :     struct dirent *xlde;
    3950             :     char        switchseg[MAXFNAMELEN];
    3951             :     XLogSegNo   endLogSegNo;
    3952             :     XLogSegNo   switchLogSegNo;
    3953             :     XLogSegNo   recycleSegNo;
    3954             : 
    3955             :     /*
    3956             :      * Initialize info about where to begin the work.  This will recycle,
    3957             :      * somewhat arbitrarily, 10 future segments.
    3958             :      */
    3959         120 :     XLByteToPrevSeg(switchpoint, switchLogSegNo, wal_segment_size);
    3960         120 :     XLByteToSeg(switchpoint, endLogSegNo, wal_segment_size);
    3961         120 :     recycleSegNo = endLogSegNo + 10;
    3962             : 
    3963             :     /*
    3964             :      * Construct a filename of the last segment to be kept.
    3965             :      */
    3966         120 :     XLogFileName(switchseg, newTLI, switchLogSegNo, wal_segment_size);
    3967             : 
    3968         120 :     elog(DEBUG2, "attempting to remove WAL segments newer than log file %s",
    3969             :          switchseg);
    3970             : 
    3971         120 :     xldir = AllocateDir(XLOGDIR);
    3972             : 
    3973        1140 :     while ((xlde = ReadDir(xldir, XLOGDIR)) != NULL)
    3974             :     {
    3975             :         /* Ignore files that are not XLOG segments */
    3976        1020 :         if (!IsXLogFileName(xlde->d_name))
    3977         636 :             continue;
    3978             : 
    3979             :         /*
    3980             :          * Remove files that are on a timeline older than the new one we're
    3981             :          * switching to, but with a segment number >= the first segment on the
    3982             :          * new timeline.
    3983             :          */
    3984         384 :         if (strncmp(xlde->d_name, switchseg, 8) < 0 &&
    3985         248 :             strcmp(xlde->d_name + 8, switchseg + 8) > 0)
    3986             :         {
    3987             :             /*
    3988             :              * If the file has already been marked as .ready, however, don't
    3989             :              * remove it yet. It should be OK to remove it - files that are
    3990             :              * not part of our timeline history are not required for recovery
    3991             :              * - but seems safer to let them be archived and removed later.
    3992             :              */
    3993          32 :             if (!XLogArchiveIsReady(xlde->d_name))
    3994          32 :                 RemoveXlogFile(xlde, recycleSegNo, &endLogSegNo, newTLI);
    3995             :         }
    3996             :     }
    3997             : 
    3998         120 :     FreeDir(xldir);
    3999         120 : }
    4000             : 
    4001             : /*
    4002             :  * Recycle or remove a log file that's no longer needed.
    4003             :  *
    4004             :  * segment_de is the dirent structure of the segment to recycle or remove.
    4005             :  * recycleSegNo is the segment number to recycle up to.  endlogSegNo is
    4006             :  * the segment number of the current (or recent) end of WAL.
    4007             :  *
    4008             :  * endlogSegNo gets incremented if the segment is recycled so as it is not
    4009             :  * checked again with future callers of this function.
    4010             :  *
    4011             :  * insertTLI is the current timeline for XLOG insertion. Any recycled segments
    4012             :  * should be used for this timeline.
    4013             :  */
    4014             : static void
    4015        3932 : RemoveXlogFile(const struct dirent *segment_de,
    4016             :                XLogSegNo recycleSegNo, XLogSegNo *endlogSegNo,
    4017             :                TimeLineID insertTLI)
    4018             : {
    4019             :     char        path[MAXPGPATH];
    4020             : #ifdef WIN32
    4021             :     char        newpath[MAXPGPATH];
    4022             : #endif
    4023        3932 :     const char *segname = segment_de->d_name;
    4024             : 
    4025        3932 :     snprintf(path, MAXPGPATH, XLOGDIR "/%s", segname);
    4026             : 
    4027             :     /*
    4028             :      * Before deleting the file, see if it can be recycled as a future log
    4029             :      * segment. Only recycle normal files, because we don't want to recycle
    4030             :      * symbolic links pointing to a separate archive directory.
    4031             :      */
    4032        3932 :     if (wal_recycle &&
    4033        3932 :         *endlogSegNo <= recycleSegNo &&
    4034        4382 :         XLogCtl->InstallXLogFileSegmentActive && /* callee rechecks this */
    4035        4368 :         get_dirent_type(path, segment_de, false, DEBUG2) == PGFILETYPE_REG &&
    4036        2184 :         InstallXLogFileSegment(endlogSegNo, path,
    4037             :                                true, recycleSegNo, insertTLI))
    4038             :     {
    4039        2130 :         ereport(DEBUG2,
    4040             :                 (errmsg_internal("recycled write-ahead log file \"%s\"",
    4041             :                                  segname)));
    4042        2130 :         CheckpointStats.ckpt_segs_recycled++;
    4043             :         /* Needn't recheck that slot on future iterations */
    4044        2130 :         (*endlogSegNo)++;
    4045             :     }
    4046             :     else
    4047             :     {
    4048             :         /* No need for any more future segments, or recycling failed ... */
    4049             :         int         rc;
    4050             : 
    4051        1802 :         ereport(DEBUG2,
    4052             :                 (errmsg_internal("removing write-ahead log file \"%s\"",
    4053             :                                  segname)));
    4054             : 
    4055             : #ifdef WIN32
    4056             : 
    4057             :         /*
    4058             :          * On Windows, if another process (e.g another backend) holds the file
    4059             :          * open in FILE_SHARE_DELETE mode, unlink will succeed, but the file
    4060             :          * will still show up in directory listing until the last handle is
    4061             :          * closed. To avoid confusing the lingering deleted file for a live
    4062             :          * WAL file that needs to be archived, rename it before deleting it.
    4063             :          *
    4064             :          * If another process holds the file open without FILE_SHARE_DELETE
    4065             :          * flag, rename will fail. We'll try again at the next checkpoint.
    4066             :          */
    4067             :         snprintf(newpath, MAXPGPATH, "%s.deleted", path);
    4068             :         if (rename(path, newpath) != 0)
    4069             :         {
    4070             :             ereport(LOG,
    4071             :                     (errcode_for_file_access(),
    4072             :                      errmsg("could not rename file \"%s\": %m",
    4073             :                             path)));
    4074             :             return;
    4075             :         }
    4076             :         rc = durable_unlink(newpath, LOG);
    4077             : #else
    4078        1802 :         rc = durable_unlink(path, LOG);
    4079             : #endif
    4080        1802 :         if (rc != 0)
    4081             :         {
    4082             :             /* Message already logged by durable_unlink() */
    4083           0 :             return;
    4084             :         }
    4085        1802 :         CheckpointStats.ckpt_segs_removed++;
    4086             :     }
    4087             : 
    4088        3932 :     XLogArchiveCleanup(segname);
    4089             : }
    4090             : 
    4091             : /*
    4092             :  * Verify whether pg_wal, pg_wal/archive_status, and pg_wal/summaries exist.
    4093             :  * If the latter do not exist, recreate them.
    4094             :  *
    4095             :  * It is not the goal of this function to verify the contents of these
    4096             :  * directories, but to help in cases where someone has performed a cluster
    4097             :  * copy for PITR purposes but omitted pg_wal from the copy.
    4098             :  *
    4099             :  * We could also recreate pg_wal if it doesn't exist, but a deliberate
    4100             :  * policy decision was made not to.  It is fairly common for pg_wal to be
    4101             :  * a symlink, and if that was the DBA's intent then automatically making a
    4102             :  * plain directory would result in degraded performance with no notice.
    4103             :  */
    4104             : static void
    4105        1762 : ValidateXLOGDirectoryStructure(void)
    4106             : {
    4107             :     char        path[MAXPGPATH];
    4108             :     struct stat stat_buf;
    4109             : 
    4110             :     /* Check for pg_wal; if it doesn't exist, error out */
    4111        1762 :     if (stat(XLOGDIR, &stat_buf) != 0 ||
    4112        1762 :         !S_ISDIR(stat_buf.st_mode))
    4113           0 :         ereport(FATAL,
    4114             :                 (errcode_for_file_access(),
    4115             :                  errmsg("required WAL directory \"%s\" does not exist",
    4116             :                         XLOGDIR)));
    4117             : 
    4118             :     /* Check for archive_status */
    4119        1762 :     snprintf(path, MAXPGPATH, XLOGDIR "/archive_status");
    4120        1762 :     if (stat(path, &stat_buf) == 0)
    4121             :     {
    4122             :         /* Check for weird cases where it exists but isn't a directory */
    4123        1760 :         if (!S_ISDIR(stat_buf.st_mode))
    4124           0 :             ereport(FATAL,
    4125             :                     (errcode_for_file_access(),
    4126             :                      errmsg("required WAL directory \"%s\" does not exist",
    4127             :                             path)));
    4128             :     }
    4129             :     else
    4130             :     {
    4131           2 :         ereport(LOG,
    4132             :                 (errmsg("creating missing WAL directory \"%s\"", path)));
    4133           2 :         if (MakePGDirectory(path) < 0)
    4134           0 :             ereport(FATAL,
    4135             :                     (errcode_for_file_access(),
    4136             :                      errmsg("could not create missing directory \"%s\": %m",
    4137             :                             path)));
    4138             :     }
    4139             : 
    4140             :     /* Check for summaries */
    4141        1762 :     snprintf(path, MAXPGPATH, XLOGDIR "/summaries");
    4142        1762 :     if (stat(path, &stat_buf) == 0)
    4143             :     {
    4144             :         /* Check for weird cases where it exists but isn't a directory */
    4145        1760 :         if (!S_ISDIR(stat_buf.st_mode))
    4146           0 :             ereport(FATAL,
    4147             :                     (errmsg("required WAL directory \"%s\" does not exist",
    4148             :                             path)));
    4149             :     }
    4150             :     else
    4151             :     {
    4152           2 :         ereport(LOG,
    4153             :                 (errmsg("creating missing WAL directory \"%s\"", path)));
    4154           2 :         if (MakePGDirectory(path) < 0)
    4155           0 :             ereport(FATAL,
    4156             :                     (errmsg("could not create missing directory \"%s\": %m",
    4157             :                             path)));
    4158             :     }
    4159        1762 : }
    4160             : 
    4161             : /*
    4162             :  * Remove previous backup history files.  This also retries creation of
    4163             :  * .ready files for any backup history files for which XLogArchiveNotify
    4164             :  * failed earlier.
    4165             :  */
    4166             : static void
    4167         296 : CleanupBackupHistory(void)
    4168             : {
    4169             :     DIR        *xldir;
    4170             :     struct dirent *xlde;
    4171             :     char        path[MAXPGPATH + sizeof(XLOGDIR)];
    4172             : 
    4173         296 :     xldir = AllocateDir(XLOGDIR);
    4174             : 
    4175        2672 :     while ((xlde = ReadDir(xldir, XLOGDIR)) != NULL)
    4176             :     {
    4177        2376 :         if (IsBackupHistoryFileName(xlde->d_name))
    4178             :         {
    4179         314 :             if (XLogArchiveCheckDone(xlde->d_name))
    4180             :             {
    4181         248 :                 elog(DEBUG2, "removing WAL backup history file \"%s\"",
    4182             :                      xlde->d_name);
    4183         248 :                 snprintf(path, sizeof(path), XLOGDIR "/%s", xlde->d_name);
    4184         248 :                 unlink(path);
    4185         248 :                 XLogArchiveCleanup(xlde->d_name);
    4186             :             }
    4187             :         }
    4188             :     }
    4189             : 
    4190         296 :     FreeDir(xldir);
    4191         296 : }
    4192             : 
    4193             : /*
    4194             :  * I/O routines for pg_control
    4195             :  *
    4196             :  * *ControlFile is a buffer in shared memory that holds an image of the
    4197             :  * contents of pg_control.  WriteControlFile() initializes pg_control
    4198             :  * given a preloaded buffer, ReadControlFile() loads the buffer from
    4199             :  * the pg_control file (during postmaster or standalone-backend startup),
    4200             :  * and UpdateControlFile() rewrites pg_control after we modify xlog state.
    4201             :  * InitControlFile() fills the buffer with initial values.
    4202             :  *
    4203             :  * For simplicity, WriteControlFile() initializes the fields of pg_control
    4204             :  * that are related to checking backend/database compatibility, and
    4205             :  * ReadControlFile() verifies they are correct.  We could split out the
    4206             :  * I/O and compatibility-check functions, but there seems no need currently.
    4207             :  */
    4208             : 
    4209             : static void
    4210          90 : InitControlFile(uint64 sysidentifier, uint32 data_checksum_version)
    4211             : {
    4212             :     char        mock_auth_nonce[MOCK_AUTH_NONCE_LEN];
    4213             : 
    4214             :     /*
    4215             :      * Generate a random nonce. This is used for authentication requests that
    4216             :      * will fail because the user does not exist. The nonce is used to create
    4217             :      * a genuine-looking password challenge for the non-existent user, in lieu
    4218             :      * of an actual stored password.
    4219             :      */
    4220          90 :     if (!pg_strong_random(mock_auth_nonce, MOCK_AUTH_NONCE_LEN))
    4221           0 :         ereport(PANIC,
    4222             :                 (errcode(ERRCODE_INTERNAL_ERROR),
    4223             :                  errmsg("could not generate secret authorization token")));
    4224             : 
    4225          90 :     memset(ControlFile, 0, sizeof(ControlFileData));
    4226             :     /* Initialize pg_control status fields */
    4227          90 :     ControlFile->system_identifier = sysidentifier;
    4228          90 :     memcpy(ControlFile->mock_authentication_nonce, mock_auth_nonce, MOCK_AUTH_NONCE_LEN);
    4229          90 :     ControlFile->state = DB_SHUTDOWNED;
    4230          90 :     ControlFile->unloggedLSN = FirstNormalUnloggedLSN;
    4231             : 
    4232             :     /* Set important parameter values for use when replaying WAL */
    4233          90 :     ControlFile->MaxConnections = MaxConnections;
    4234          90 :     ControlFile->max_worker_processes = max_worker_processes;
    4235          90 :     ControlFile->max_wal_senders = max_wal_senders;
    4236          90 :     ControlFile->max_prepared_xacts = max_prepared_xacts;
    4237          90 :     ControlFile->max_locks_per_xact = max_locks_per_xact;
    4238          90 :     ControlFile->wal_level = wal_level;
    4239          90 :     ControlFile->wal_log_hints = wal_log_hints;
    4240          90 :     ControlFile->track_commit_timestamp = track_commit_timestamp;
    4241          90 :     ControlFile->data_checksum_version = data_checksum_version;
    4242          90 : }
    4243             : 
    4244             : static void
    4245          90 : WriteControlFile(void)
    4246             : {
    4247             :     int         fd;
    4248             :     char        buffer[PG_CONTROL_FILE_SIZE];   /* need not be aligned */
    4249             : 
    4250             :     /*
    4251             :      * Initialize version and compatibility-check fields
    4252             :      */
    4253          90 :     ControlFile->pg_control_version = PG_CONTROL_VERSION;
    4254          90 :     ControlFile->catalog_version_no = CATALOG_VERSION_NO;
    4255             : 
    4256          90 :     ControlFile->maxAlign = MAXIMUM_ALIGNOF;
    4257          90 :     ControlFile->floatFormat = FLOATFORMAT_VALUE;
    4258             : 
    4259          90 :     ControlFile->blcksz = BLCKSZ;
    4260          90 :     ControlFile->relseg_size = RELSEG_SIZE;
    4261          90 :     ControlFile->xlog_blcksz = XLOG_BLCKSZ;
    4262          90 :     ControlFile->xlog_seg_size = wal_segment_size;
    4263             : 
    4264          90 :     ControlFile->nameDataLen = NAMEDATALEN;
    4265          90 :     ControlFile->indexMaxKeys = INDEX_MAX_KEYS;
    4266             : 
    4267          90 :     ControlFile->toast_max_chunk_size = TOAST_MAX_CHUNK_SIZE;
    4268          90 :     ControlFile->loblksize = LOBLKSIZE;
    4269             : 
    4270          90 :     ControlFile->float8ByVal = FLOAT8PASSBYVAL;
    4271             : 
    4272             :     /*
    4273             :      * Initialize the default 'char' signedness.
    4274             :      *
    4275             :      * The signedness of the char type is implementation-defined. For instance
    4276             :      * on x86 architecture CPUs, the char data type is typically treated as
    4277             :      * signed by default, whereas on aarch architecture CPUs, it is typically
    4278             :      * treated as unsigned by default. In v17 or earlier, we accidentally let
    4279             :      * C implementation signedness affect persistent data. This led to
    4280             :      * inconsistent results when comparing char data across different
    4281             :      * platforms.
    4282             :      *
    4283             :      * This flag can be used as a hint to ensure consistent behavior for
    4284             :      * pre-v18 data files that store data sorted by the 'char' type on disk,
    4285             :      * especially in cross-platform replication scenarios.
    4286             :      *
    4287             :      * Newly created database clusters unconditionally set the default char
    4288             :      * signedness to true. pg_upgrade changes this flag for clusters that were
    4289             :      * initialized on signedness=false platforms. As a result,
    4290             :      * signedness=false setting will become rare over time. If we had known
    4291             :      * about this problem during the last development cycle that forced initdb
    4292             :      * (v8.3), we would have made all clusters signed or all clusters
    4293             :      * unsigned. Making pg_upgrade the only source of signedness=false will
    4294             :      * cause the population of database clusters to converge toward that
    4295             :      * retrospective ideal.
    4296             :      */
    4297          90 :     ControlFile->default_char_signedness = true;
    4298             : 
    4299             :     /* Contents are protected with a CRC */
    4300          90 :     INIT_CRC32C(ControlFile->crc);
    4301          90 :     COMP_CRC32C(ControlFile->crc,
    4302             :                 ControlFile,
    4303             :                 offsetof(ControlFileData, crc));
    4304          90 :     FIN_CRC32C(ControlFile->crc);
    4305             : 
    4306             :     /*
    4307             :      * We write out PG_CONTROL_FILE_SIZE bytes into pg_control, zero-padding
    4308             :      * the excess over sizeof(ControlFileData).  This reduces the odds of
    4309             :      * premature-EOF errors when reading pg_control.  We'll still fail when we
    4310             :      * check the contents of the file, but hopefully with a more specific
    4311             :      * error than "couldn't read pg_control".
    4312             :      */
    4313          90 :     memset(buffer, 0, PG_CONTROL_FILE_SIZE);
    4314          90 :     memcpy(buffer, ControlFile, sizeof(ControlFileData));
    4315             : 
    4316          90 :     fd = BasicOpenFile(XLOG_CONTROL_FILE,
    4317             :                        O_RDWR | O_CREAT | O_EXCL | PG_BINARY);
    4318          90 :     if (fd < 0)
    4319           0 :         ereport(PANIC,
    4320             :                 (errcode_for_file_access(),
    4321             :                  errmsg("could not create file \"%s\": %m",
    4322             :                         XLOG_CONTROL_FILE)));
    4323             : 
    4324          90 :     errno = 0;
    4325          90 :     pgstat_report_wait_start(WAIT_EVENT_CONTROL_FILE_WRITE);
    4326          90 :     if (write(fd, buffer, PG_CONTROL_FILE_SIZE) != PG_CONTROL_FILE_SIZE)
    4327             :     {
    4328             :         /* if write didn't set errno, assume problem is no disk space */
    4329           0 :         if (errno == 0)
    4330           0 :             errno = ENOSPC;
    4331           0 :         ereport(PANIC,
    4332             :                 (errcode_for_file_access(),
    4333             :                  errmsg("could not write to file \"%s\": %m",
    4334             :                         XLOG_CONTROL_FILE)));
    4335             :     }
    4336          90 :     pgstat_report_wait_end();
    4337             : 
    4338          90 :     pgstat_report_wait_start(WAIT_EVENT_CONTROL_FILE_SYNC);
    4339          90 :     if (pg_fsync(fd) != 0)
    4340           0 :         ereport(PANIC,
    4341             :                 (errcode_for_file_access(),
    4342             :                  errmsg("could not fsync file \"%s\": %m",
    4343             :                         XLOG_CONTROL_FILE)));
    4344          90 :     pgstat_report_wait_end();
    4345             : 
    4346          90 :     if (close(fd) != 0)
    4347           0 :         ereport(PANIC,
    4348             :                 (errcode_for_file_access(),
    4349             :                  errmsg("could not close file \"%s\": %m",
    4350             :                         XLOG_CONTROL_FILE)));
    4351          90 : }
    4352             : 
    4353             : static void
    4354        1868 : ReadControlFile(void)
    4355             : {
    4356             :     pg_crc32c   crc;
    4357             :     int         fd;
    4358             :     char        wal_segsz_str[20];
    4359             :     int         r;
    4360             : 
    4361             :     /*
    4362             :      * Read data...
    4363             :      */
    4364        1868 :     fd = BasicOpenFile(XLOG_CONTROL_FILE,
    4365             :                        O_RDWR | PG_BINARY);
    4366        1868 :     if (fd < 0)
    4367           0 :         ereport(PANIC,
    4368             :                 (errcode_for_file_access(),
    4369             :                  errmsg("could not open file \"%s\": %m",
    4370             :                         XLOG_CONTROL_FILE)));
    4371             : 
    4372        1868 :     pgstat_report_wait_start(WAIT_EVENT_CONTROL_FILE_READ);
    4373        1868 :     r = read(fd, ControlFile, sizeof(ControlFileData));
    4374        1868 :     if (r != sizeof(ControlFileData))
    4375             :     {
    4376           0 :         if (r < 0)
    4377           0 :             ereport(PANIC,
    4378             :                     (errcode_for_file_access(),
    4379             :                      errmsg("could not read file \"%s\": %m",
    4380             :                             XLOG_CONTROL_FILE)));
    4381             :         else
    4382           0 :             ereport(PANIC,
    4383             :                     (errcode(ERRCODE_DATA_CORRUPTED),
    4384             :                      errmsg("could not read file \"%s\": read %d of %zu",
    4385             :                             XLOG_CONTROL_FILE, r, sizeof(ControlFileData))));
    4386             :     }
    4387        1868 :     pgstat_report_wait_end();
    4388             : 
    4389        1868 :     close(fd);
    4390             : 
    4391             :     /*
    4392             :      * Check for expected pg_control format version.  If this is wrong, the
    4393             :      * CRC check will likely fail because we'll be checking the wrong number
    4394             :      * of bytes.  Complaining about wrong version will probably be more
    4395             :      * enlightening than complaining about wrong CRC.
    4396             :      */
    4397             : 
    4398        1868 :     if (ControlFile->pg_control_version != PG_CONTROL_VERSION && ControlFile->pg_control_version % 65536 == 0 && ControlFile->pg_control_version / 65536 != 0)
    4399           0 :         ereport(FATAL,
    4400             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4401             :                  errmsg("database files are incompatible with server"),
    4402             :                  errdetail("The database cluster was initialized with PG_CONTROL_VERSION %d (0x%08x),"
    4403             :                            " but the server was compiled with PG_CONTROL_VERSION %d (0x%08x).",
    4404             :                            ControlFile->pg_control_version, ControlFile->pg_control_version,
    4405             :                            PG_CONTROL_VERSION, PG_CONTROL_VERSION),
    4406             :                  errhint("This could be a problem of mismatched byte ordering.  It looks like you need to initdb.")));
    4407             : 
    4408        1868 :     if (ControlFile->pg_control_version != PG_CONTROL_VERSION)
    4409           0 :         ereport(FATAL,
    4410             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4411             :                  errmsg("database files are incompatible with server"),
    4412             :                  errdetail("The database cluster was initialized with PG_CONTROL_VERSION %d,"
    4413             :                            " but the server was compiled with PG_CONTROL_VERSION %d.",
    4414             :                            ControlFile->pg_control_version, PG_CONTROL_VERSION),
    4415             :                  errhint("It looks like you need to initdb.")));
    4416             : 
    4417             :     /* Now check the CRC. */
    4418        1868 :     INIT_CRC32C(crc);
    4419        1868 :     COMP_CRC32C(crc,
    4420             :                 ControlFile,
    4421             :                 offsetof(ControlFileData, crc));
    4422        1868 :     FIN_CRC32C(crc);
    4423             : 
    4424        1868 :     if (!EQ_CRC32C(crc, ControlFile->crc))
    4425           0 :         ereport(FATAL,
    4426             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4427             :                  errmsg("incorrect checksum in control file")));
    4428             : 
    4429             :     /*
    4430             :      * Do compatibility checking immediately.  If the database isn't
    4431             :      * compatible with the backend executable, we want to abort before we can
    4432             :      * possibly do any damage.
    4433             :      */
    4434        1868 :     if (ControlFile->catalog_version_no != CATALOG_VERSION_NO)
    4435           0 :         ereport(FATAL,
    4436             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4437             :                  errmsg("database files are incompatible with server"),
    4438             :         /* translator: %s is a variable name and %d is its value */
    4439             :                  errdetail("The database cluster was initialized with %s %d,"
    4440             :                            " but the server was compiled with %s %d.",
    4441             :                            "CATALOG_VERSION_NO", ControlFile->catalog_version_no,
    4442             :                            "CATALOG_VERSION_NO", CATALOG_VERSION_NO),
    4443             :                  errhint("It looks like you need to initdb.")));
    4444        1868 :     if (ControlFile->maxAlign != MAXIMUM_ALIGNOF)
    4445           0 :         ereport(FATAL,
    4446             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4447             :                  errmsg("database files are incompatible with server"),
    4448             :         /* translator: %s is a variable name and %d is its value */
    4449             :                  errdetail("The database cluster was initialized with %s %d,"
    4450             :                            " but the server was compiled with %s %d.",
    4451             :                            "MAXALIGN", ControlFile->maxAlign,
    4452             :                            "MAXALIGN", MAXIMUM_ALIGNOF),
    4453             :                  errhint("It looks like you need to initdb.")));
    4454        1868 :     if (ControlFile->floatFormat != FLOATFORMAT_VALUE)
    4455           0 :         ereport(FATAL,
    4456             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4457             :                  errmsg("database files are incompatible with server"),
    4458             :                  errdetail("The database cluster appears to use a different floating-point number format than the server executable."),
    4459             :                  errhint("It looks like you need to initdb.")));
    4460        1868 :     if (ControlFile->blcksz != BLCKSZ)
    4461           0 :         ereport(FATAL,
    4462             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4463             :                  errmsg("database files are incompatible with server"),
    4464             :         /* translator: %s is a variable name and %d is its value */
    4465             :                  errdetail("The database cluster was initialized with %s %d,"
    4466             :                            " but the server was compiled with %s %d.",
    4467             :                            "BLCKSZ", ControlFile->blcksz,
    4468             :                            "BLCKSZ", BLCKSZ),
    4469             :                  errhint("It looks like you need to recompile or initdb.")));
    4470        1868 :     if (ControlFile->relseg_size != RELSEG_SIZE)
    4471           0 :         ereport(FATAL,
    4472             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4473             :                  errmsg("database files are incompatible with server"),
    4474             :         /* translator: %s is a variable name and %d is its value */
    4475             :                  errdetail("The database cluster was initialized with %s %d,"
    4476             :                            " but the server was compiled with %s %d.",
    4477             :                            "RELSEG_SIZE", ControlFile->relseg_size,
    4478             :                            "RELSEG_SIZE", RELSEG_SIZE),
    4479             :                  errhint("It looks like you need to recompile or initdb.")));
    4480        1868 :     if (ControlFile->xlog_blcksz != XLOG_BLCKSZ)
    4481           0 :         ereport(FATAL,
    4482             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4483             :                  errmsg("database files are incompatible with server"),
    4484             :         /* translator: %s is a variable name and %d is its value */
    4485             :                  errdetail("The database cluster was initialized with %s %d,"
    4486             :                            " but the server was compiled with %s %d.",
    4487             :                            "XLOG_BLCKSZ", ControlFile->xlog_blcksz,
    4488             :                            "XLOG_BLCKSZ", XLOG_BLCKSZ),
    4489             :                  errhint("It looks like you need to recompile or initdb.")));
    4490        1868 :     if (ControlFile->nameDataLen != NAMEDATALEN)
    4491           0 :         ereport(FATAL,
    4492             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4493             :                  errmsg("database files are incompatible with server"),
    4494             :         /* translator: %s is a variable name and %d is its value */
    4495             :                  errdetail("The database cluster was initialized with %s %d,"
    4496             :                            " but the server was compiled with %s %d.",
    4497             :                            "NAMEDATALEN", ControlFile->nameDataLen,
    4498             :                            "NAMEDATALEN", NAMEDATALEN),
    4499             :                  errhint("It looks like you need to recompile or initdb.")));
    4500        1868 :     if (ControlFile->indexMaxKeys != INDEX_MAX_KEYS)
    4501           0 :         ereport(FATAL,
    4502             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4503             :                  errmsg("database files are incompatible with server"),
    4504             :         /* translator: %s is a variable name and %d is its value */
    4505             :                  errdetail("The database cluster was initialized with %s %d,"
    4506             :                            " but the server was compiled with %s %d.",
    4507             :                            "INDEX_MAX_KEYS", ControlFile->indexMaxKeys,
    4508             :                            "INDEX_MAX_KEYS", INDEX_MAX_KEYS),
    4509             :                  errhint("It looks like you need to recompile or initdb.")));
    4510        1868 :     if (ControlFile->toast_max_chunk_size != TOAST_MAX_CHUNK_SIZE)
    4511           0 :         ereport(FATAL,
    4512             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4513             :                  errmsg("database files are incompatible with server"),
    4514             :         /* translator: %s is a variable name and %d is its value */
    4515             :                  errdetail("The database cluster was initialized with %s %d,"
    4516             :                            " but the server was compiled with %s %d.",
    4517             :                            "TOAST_MAX_CHUNK_SIZE", ControlFile->toast_max_chunk_size,
    4518             :                            "TOAST_MAX_CHUNK_SIZE", (int) TOAST_MAX_CHUNK_SIZE),
    4519             :                  errhint("It looks like you need to recompile or initdb.")));
    4520        1868 :     if (ControlFile->loblksize != LOBLKSIZE)
    4521           0 :         ereport(FATAL,
    4522             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4523             :                  errmsg("database files are incompatible with server"),
    4524             :         /* translator: %s is a variable name and %d is its value */
    4525             :                  errdetail("The database cluster was initialized with %s %d,"
    4526             :                            " but the server was compiled with %s %d.",
    4527             :                            "LOBLKSIZE", ControlFile->loblksize,
    4528             :                            "LOBLKSIZE", (int) LOBLKSIZE),
    4529             :                  errhint("It looks like you need to recompile or initdb.")));
    4530             : 
    4531             : #ifdef USE_FLOAT8_BYVAL
    4532        1868 :     if (ControlFile->float8ByVal != true)
    4533           0 :         ereport(FATAL,
    4534             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4535             :                  errmsg("database files are incompatible with server"),
    4536             :                  errdetail("The database cluster was initialized without USE_FLOAT8_BYVAL"
    4537             :                            " but the server was compiled with USE_FLOAT8_BYVAL."),
    4538             :                  errhint("It looks like you need to recompile or initdb.")));
    4539             : #else
    4540             :     if (ControlFile->float8ByVal != false)
    4541             :         ereport(FATAL,
    4542             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4543             :                  errmsg("database files are incompatible with server"),
    4544             :                  errdetail("The database cluster was initialized with USE_FLOAT8_BYVAL"
    4545             :                            " but the server was compiled without USE_FLOAT8_BYVAL."),
    4546             :                  errhint("It looks like you need to recompile or initdb.")));
    4547             : #endif
    4548             : 
    4549        1868 :     wal_segment_size = ControlFile->xlog_seg_size;
    4550             : 
    4551        1868 :     if (!IsValidWalSegSize(wal_segment_size))
    4552           0 :         ereport(ERROR, (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    4553             :                         errmsg_plural("invalid WAL segment size in control file (%d byte)",
    4554             :                                       "invalid WAL segment size in control file (%d bytes)",
    4555             :                                       wal_segment_size,
    4556             :                                       wal_segment_size),
    4557             :                         errdetail("The WAL segment size must be a power of two between 1 MB and 1 GB.")));
    4558             : 
    4559        1868 :     snprintf(wal_segsz_str, sizeof(wal_segsz_str), "%d", wal_segment_size);
    4560        1868 :     SetConfigOption("wal_segment_size", wal_segsz_str, PGC_INTERNAL,
    4561             :                     PGC_S_DYNAMIC_DEFAULT);
    4562             : 
    4563             :     /* check and update variables dependent on wal_segment_size */
    4564        1868 :     if (ConvertToXSegs(min_wal_size_mb, wal_segment_size) < 2)
    4565           0 :         ereport(ERROR, (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    4566             :         /* translator: both %s are GUC names */
    4567             :                         errmsg("\"%s\" must be at least twice \"%s\"",
    4568             :                                "min_wal_size", "wal_segment_size")));
    4569             : 
    4570        1868 :     if (ConvertToXSegs(max_wal_size_mb, wal_segment_size) < 2)
    4571           0 :         ereport(ERROR, (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    4572             :         /* translator: both %s are GUC names */
    4573             :                         errmsg("\"%s\" must be at least twice \"%s\"",
    4574             :                                "max_wal_size", "wal_segment_size")));
    4575             : 
    4576        1868 :     UsableBytesInSegment =
    4577        1868 :         (wal_segment_size / XLOG_BLCKSZ * UsableBytesInPage) -
    4578             :         (SizeOfXLogLongPHD - SizeOfXLogShortPHD);
    4579             : 
    4580        1868 :     CalculateCheckpointSegments();
    4581             : 
    4582             :     /* Make the initdb settings visible as GUC variables, too */
    4583        1868 :     SetConfigOption("data_checksums", DataChecksumsEnabled() ? "yes" : "no",
    4584             :                     PGC_INTERNAL, PGC_S_DYNAMIC_DEFAULT);
    4585        1868 : }
    4586             : 
    4587             : /*
    4588             :  * Utility wrapper to update the control file.  Note that the control
    4589             :  * file gets flushed.
    4590             :  */
    4591             : static void
    4592       16690 : UpdateControlFile(void)
    4593             : {
    4594       16690 :     update_controlfile(DataDir, ControlFile, true);
    4595       16690 : }
    4596             : 
    4597             : /*
    4598             :  * Returns the unique system identifier from control file.
    4599             :  */
    4600             : uint64
    4601        2686 : GetSystemIdentifier(void)
    4602             : {
    4603             :     Assert(ControlFile != NULL);
    4604        2686 :     return ControlFile->system_identifier;
    4605             : }
    4606             : 
    4607             : /*
    4608             :  * Returns the random nonce from control file.
    4609             :  */
    4610             : char *
    4611           2 : GetMockAuthenticationNonce(void)
    4612             : {
    4613             :     Assert(ControlFile != NULL);
    4614           2 :     return ControlFile->mock_authentication_nonce;
    4615             : }
    4616             : 
    4617             : /*
    4618             :  * Are checksums enabled for data pages?
    4619             :  */
    4620             : bool
    4621    23201836 : DataChecksumsEnabled(void)
    4622             : {
    4623             :     Assert(ControlFile != NULL);
    4624    23201836 :     return (ControlFile->data_checksum_version > 0);
    4625             : }
    4626             : 
    4627             : /*
    4628             :  * Return true if the cluster was initialized on a platform where the
    4629             :  * default signedness of char is "signed". This function exists for code
    4630             :  * that deals with pre-v18 data files that store data sorted by the 'char'
    4631             :  * type on disk (e.g., GIN and GiST indexes). See the comments in
    4632             :  * WriteControlFile() for details.
    4633             :  */
    4634             : bool
    4635           6 : GetDefaultCharSignedness(void)
    4636             : {
    4637           6 :     return ControlFile->default_char_signedness;
    4638             : }
    4639             : 
    4640             : /*
    4641             :  * Returns a fake LSN for unlogged relations.
    4642             :  *
    4643             :  * Each call generates an LSN that is greater than any previous value
    4644             :  * returned. The current counter value is saved and restored across clean
    4645             :  * shutdowns, but like unlogged relations, does not survive a crash. This can
    4646             :  * be used in lieu of real LSN values returned by XLogInsert, if you need an
    4647             :  * LSN-like increasing sequence of numbers without writing any WAL.
    4648             :  */
    4649             : XLogRecPtr
    4650          66 : GetFakeLSNForUnloggedRel(void)
    4651             : {
    4652          66 :     return pg_atomic_fetch_add_u64(&XLogCtl->unloggedLSN, 1);
    4653             : }
    4654             : 
    4655             : /*
    4656             :  * Auto-tune the number of XLOG buffers.
    4657             :  *
    4658             :  * The preferred setting for wal_buffers is about 3% of shared_buffers, with
    4659             :  * a maximum of one XLOG segment (there is little reason to think that more
    4660             :  * is helpful, at least so long as we force an fsync when switching log files)
    4661             :  * and a minimum of 8 blocks (which was the default value prior to PostgreSQL
    4662             :  * 9.1, when auto-tuning was added).
    4663             :  *
    4664             :  * This should not be called until NBuffers has received its final value.
    4665             :  */
    4666             : static int
    4667        2028 : XLOGChooseNumBuffers(void)
    4668             : {
    4669             :     int         xbuffers;
    4670             : 
    4671        2028 :     xbuffers = NBuffers / 32;
    4672        2028 :     if (xbuffers > (wal_segment_size / XLOG_BLCKSZ))
    4673          44 :         xbuffers = (wal_segment_size / XLOG_BLCKSZ);
    4674        2028 :     if (xbuffers < 8)
    4675         768 :         xbuffers = 8;
    4676        2028 :     return xbuffers;
    4677             : }
    4678             : 
    4679             : /*
    4680             :  * GUC check_hook for wal_buffers
    4681             :  */
    4682             : bool
    4683        4126 : check_wal_buffers(int *newval, void **extra, GucSource source)
    4684             : {
    4685             :     /*
    4686             :      * -1 indicates a request for auto-tune.
    4687             :      */
    4688        4126 :     if (*newval == -1)
    4689             :     {
    4690             :         /*
    4691             :          * If we haven't yet changed the boot_val default of -1, just let it
    4692             :          * be.  We'll fix it when XLOGShmemSize is called.
    4693             :          */
    4694        2098 :         if (XLOGbuffers == -1)
    4695        2098 :             return true;
    4696             : 
    4697             :         /* Otherwise, substitute the auto-tune value */
    4698           0 :         *newval = XLOGChooseNumBuffers();
    4699             :     }
    4700             : 
    4701             :     /*
    4702             :      * We clamp manually-set values to at least 4 blocks.  Prior to PostgreSQL
    4703             :      * 9.1, a minimum of 4 was enforced by guc.c, but since that is no longer
    4704             :      * the case, we just silently treat such values as a request for the
    4705             :      * minimum.  (We could throw an error instead, but that doesn't seem very
    4706             :      * helpful.)
    4707             :      */
    4708        2028 :     if (*newval < 4)
    4709           0 :         *newval = 4;
    4710             : 
    4711        2028 :     return true;
    4712             : }
    4713             : 
    4714             : /*
    4715             :  * GUC check_hook for wal_consistency_checking
    4716             :  */
    4717             : bool
    4718        3890 : check_wal_consistency_checking(char **newval, void **extra, GucSource source)
    4719             : {
    4720             :     char       *rawstring;
    4721             :     List       *elemlist;
    4722             :     ListCell   *l;
    4723             :     bool        newwalconsistency[RM_MAX_ID + 1];
    4724             : 
    4725             :     /* Initialize the array */
    4726      128370 :     MemSet(newwalconsistency, 0, (RM_MAX_ID + 1) * sizeof(bool));
    4727             : 
    4728             :     /* Need a modifiable copy of string */
    4729        3890 :     rawstring = pstrdup(*newval);
    4730             : 
    4731             :     /* Parse string into list of identifiers */
    4732        3890 :     if (!SplitIdentifierString(rawstring, ',', &elemlist))
    4733             :     {
    4734             :         /* syntax error in list */
    4735           0 :         GUC_check_errdetail("List syntax is invalid.");
    4736           0 :         pfree(rawstring);
    4737           0 :         list_free(elemlist);
    4738           0 :         return false;
    4739             :     }
    4740             : 
    4741        4792 :     foreach(l, elemlist)
    4742             :     {
    4743         902 :         char       *tok = (char *) lfirst(l);
    4744             :         int         rmid;
    4745             : 
    4746             :         /* Check for 'all'. */
    4747         902 :         if (pg_strcasecmp(tok, "all") == 0)
    4748             :         {
    4749      230786 :             for (rmid = 0; rmid <= RM_MAX_ID; rmid++)
    4750      229888 :                 if (RmgrIdExists(rmid) && GetRmgr(rmid).rm_mask != NULL)
    4751        8980 :                     newwalconsistency[rmid] = true;
    4752             :         }
    4753             :         else
    4754             :         {
    4755             :             /* Check if the token matches any known resource manager. */
    4756           4 :             bool        found = false;
    4757             : 
    4758          72 :             for (rmid = 0; rmid <= RM_MAX_ID; rmid++)
    4759             :             {
    4760         108 :                 if (RmgrIdExists(rmid) && GetRmgr(rmid).rm_mask != NULL &&
    4761          36 :                     pg_strcasecmp(tok, GetRmgr(rmid).rm_name) == 0)
    4762             :                 {
    4763           4 :                     newwalconsistency[rmid] = true;
    4764           4 :                     found = true;
    4765           4 :                     break;
    4766             :                 }
    4767             :             }
    4768           4 :             if (!found)
    4769             :             {
    4770             :                 /*
    4771             :                  * During startup, it might be a not-yet-loaded custom
    4772             :                  * resource manager.  Defer checking until
    4773             :                  * InitializeWalConsistencyChecking().
    4774             :                  */
    4775           0 :                 if (!process_shared_preload_libraries_done)
    4776             :                 {
    4777           0 :                     check_wal_consistency_checking_deferred = true;
    4778             :                 }
    4779             :                 else
    4780             :                 {
    4781           0 :                     GUC_check_errdetail("Unrecognized key word: \"%s\".", tok);
    4782           0 :                     pfree(rawstring);
    4783           0 :                     list_free(elemlist);
    4784           0 :                     return false;
    4785             :                 }
    4786             :             }
    4787             :         }
    4788             :     }
    4789             : 
    4790        3890 :     pfree(rawstring);
    4791        3890 :     list_free(elemlist);
    4792             : 
    4793             :     /* assign new value */
    4794        3890 :     *extra = guc_malloc(LOG, (RM_MAX_ID + 1) * sizeof(bool));
    4795        3890 :     if (!*extra)
    4796           0 :         return false;
    4797        3890 :     memcpy(*extra, newwalconsistency, (RM_MAX_ID + 1) * sizeof(bool));
    4798        3890 :     return true;
    4799             : }
    4800             : 
    4801             : /*
    4802             :  * GUC assign_hook for wal_consistency_checking
    4803             :  */
    4804             : void
    4805        3888 : assign_wal_consistency_checking(const char *newval, void *extra)
    4806             : {
    4807             :     /*
    4808             :      * If some checks were deferred, it's possible that the checks will fail
    4809             :      * later during InitializeWalConsistencyChecking(). But in that case, the
    4810             :      * postmaster will exit anyway, so it's safe to proceed with the
    4811             :      * assignment.
    4812             :      *
    4813             :      * Any built-in resource managers specified are assigned immediately,
    4814             :      * which affects WAL created before shared_preload_libraries are
    4815             :      * processed. Any custom resource managers specified won't be assigned
    4816             :      * until after shared_preload_libraries are processed, but that's OK
    4817             :      * because WAL for a custom resource manager can't be written before the
    4818             :      * module is loaded anyway.
    4819             :      */
    4820        3888 :     wal_consistency_checking = extra;
    4821        3888 : }
    4822             : 
    4823             : /*
    4824             :  * InitializeWalConsistencyChecking: run after loading custom resource managers
    4825             :  *
    4826             :  * If any unknown resource managers were specified in the
    4827             :  * wal_consistency_checking GUC, processing was deferred.  Now that
    4828             :  * shared_preload_libraries have been loaded, process wal_consistency_checking
    4829             :  * again.
    4830             :  */
    4831             : void
    4832        1758 : InitializeWalConsistencyChecking(void)
    4833             : {
    4834             :     Assert(process_shared_preload_libraries_done);
    4835             : 
    4836        1758 :     if (check_wal_consistency_checking_deferred)
    4837             :     {
    4838             :         struct config_generic *guc;
    4839             : 
    4840           0 :         guc = find_option("wal_consistency_checking", false, false, ERROR);
    4841             : 
    4842           0 :         check_wal_consistency_checking_deferred = false;
    4843             : 
    4844           0 :         set_config_option_ext("wal_consistency_checking",
    4845             :                               wal_consistency_checking_string,
    4846             :                               guc->scontext, guc->source, guc->srole,
    4847             :                               GUC_ACTION_SET, true, ERROR, false);
    4848             : 
    4849             :         /* checking should not be deferred again */
    4850             :         Assert(!check_wal_consistency_checking_deferred);
    4851             :     }
    4852        1758 : }
    4853             : 
    4854             : /*
    4855             :  * GUC show_hook for archive_command
    4856             :  */
    4857             : const char *
    4858        3470 : show_archive_command(void)
    4859             : {
    4860        3470 :     if (XLogArchivingActive())
    4861           4 :         return XLogArchiveCommand;
    4862             :     else
    4863        3466 :         return "(disabled)";
    4864             : }
    4865             : 
    4866             : /*
    4867             :  * GUC show_hook for in_hot_standby
    4868             :  */
    4869             : const char *
    4870       31020 : show_in_hot_standby(void)
    4871             : {
    4872             :     /*
    4873             :      * We display the actual state based on shared memory, so that this GUC
    4874             :      * reports up-to-date state if examined intra-query.  The underlying
    4875             :      * variable (in_hot_standby_guc) changes only when we transmit a new value
    4876             :      * to the client.
    4877             :      */
    4878       31020 :     return RecoveryInProgress() ? "on" : "off";
    4879             : }
    4880             : 
    4881             : /*
    4882             :  * Read the control file, set respective GUCs.
    4883             :  *
    4884             :  * This is to be called during startup, including a crash recovery cycle,
    4885             :  * unless in bootstrap mode, where no control file yet exists.  As there's no
    4886             :  * usable shared memory yet (its sizing can depend on the contents of the
    4887             :  * control file!), first store the contents in local memory. XLOGShmemInit()
    4888             :  * will then copy it to shared memory later.
    4889             :  *
    4890             :  * reset just controls whether previous contents are to be expected (in the
    4891             :  * reset case, there's a dangling pointer into old shared memory), or not.
    4892             :  */
    4893             : void
    4894        1778 : LocalProcessControlFile(bool reset)
    4895             : {
    4896             :     Assert(reset || ControlFile == NULL);
    4897        1778 :     ControlFile = palloc(sizeof(ControlFileData));
    4898        1778 :     ReadControlFile();
    4899        1778 : }
    4900             : 
    4901             : /*
    4902             :  * Get the wal_level from the control file. For a standby, this value should be
    4903             :  * considered as its active wal_level, because it may be different from what
    4904             :  * was originally configured on standby.
    4905             :  */
    4906             : WalLevel
    4907         136 : GetActiveWalLevelOnStandby(void)
    4908             : {
    4909         136 :     return ControlFile->wal_level;
    4910             : }
    4911             : 
    4912             : /*
    4913             :  * Initialization of shared memory for XLOG
    4914             :  */
    4915             : Size
    4916        5826 : XLOGShmemSize(void)
    4917             : {
    4918             :     Size        size;
    4919             : 
    4920             :     /*
    4921             :      * If the value of wal_buffers is -1, use the preferred auto-tune value.
    4922             :      * This isn't an amazingly clean place to do this, but we must wait till
    4923             :      * NBuffers has received its final value, and must do it before using the
    4924             :      * value of XLOGbuffers to do anything important.
    4925             :      *
    4926             :      * We prefer to report this value's source as PGC_S_DYNAMIC_DEFAULT.
    4927             :      * However, if the DBA explicitly set wal_buffers = -1 in the config file,
    4928             :      * then PGC_S_DYNAMIC_DEFAULT will fail to override that and we must force
    4929             :      * the matter with PGC_S_OVERRIDE.
    4930             :      */
    4931        5826 :     if (XLOGbuffers == -1)
    4932             :     {
    4933             :         char        buf[32];
    4934             : 
    4935        2028 :         snprintf(buf, sizeof(buf), "%d", XLOGChooseNumBuffers());
    4936        2028 :         SetConfigOption("wal_buffers", buf, PGC_POSTMASTER,
    4937             :                         PGC_S_DYNAMIC_DEFAULT);
    4938        2028 :         if (XLOGbuffers == -1)  /* failed to apply it? */
    4939           0 :             SetConfigOption("wal_buffers", buf, PGC_POSTMASTER,
    4940             :                             PGC_S_OVERRIDE);
    4941             :     }
    4942             :     Assert(XLOGbuffers > 0);
    4943             : 
    4944             :     /* XLogCtl */
    4945        5826 :     size = sizeof(XLogCtlData);
    4946             : 
    4947             :     /* WAL insertion locks, plus alignment */
    4948        5826 :     size = add_size(size, mul_size(sizeof(WALInsertLockPadded), NUM_XLOGINSERT_LOCKS + 1));
    4949             :     /* xlblocks array */
    4950        5826 :     size = add_size(size, mul_size(sizeof(pg_atomic_uint64), XLOGbuffers));
    4951             :     /* extra alignment padding for XLOG I/O buffers */
    4952        5826 :     size = add_size(size, Max(XLOG_BLCKSZ, PG_IO_ALIGN_SIZE));
    4953             :     /* and the buffers themselves */
    4954        5826 :     size = add_size(size, mul_size(XLOG_BLCKSZ, XLOGbuffers));
    4955             : 
    4956             :     /*
    4957             :      * Note: we don't count ControlFileData, it comes out of the "slop factor"
    4958             :      * added by CreateSharedMemoryAndSemaphores.  This lets us use this
    4959             :      * routine again below to compute the actual allocation size.
    4960             :      */
    4961             : 
    4962        5826 :     return size;
    4963             : }
    4964             : 
    4965             : void
    4966        2032 : XLOGShmemInit(void)
    4967             : {
    4968             :     bool        foundCFile,
    4969             :                 foundXLog;
    4970             :     char       *allocptr;
    4971             :     int         i;
    4972             :     ControlFileData *localControlFile;
    4973             : 
    4974             : #ifdef WAL_DEBUG
    4975             : 
    4976             :     /*
    4977             :      * Create a memory context for WAL debugging that's exempt from the normal
    4978             :      * "no pallocs in critical section" rule. Yes, that can lead to a PANIC if
    4979             :      * an allocation fails, but wal_debug is not for production use anyway.
    4980             :      */
    4981             :     if (walDebugCxt == NULL)
    4982             :     {
    4983             :         walDebugCxt = AllocSetContextCreate(TopMemoryContext,
    4984             :                                             "WAL Debug",
    4985             :                                             ALLOCSET_DEFAULT_SIZES);
    4986             :         MemoryContextAllowInCriticalSection(walDebugCxt, true);
    4987             :     }
    4988             : #endif
    4989             : 
    4990             : 
    4991        2032 :     XLogCtl = (XLogCtlData *)
    4992        2032 :         ShmemInitStruct("XLOG Ctl", XLOGShmemSize(), &foundXLog);
    4993             : 
    4994        2032 :     localControlFile = ControlFile;
    4995        2032 :     ControlFile = (ControlFileData *)
    4996        2032 :         ShmemInitStruct("Control File", sizeof(ControlFileData), &foundCFile);
    4997             : 
    4998        2032 :     if (foundCFile || foundXLog)
    4999             :     {
    5000             :         /* both should be present or neither */
    5001             :         Assert(foundCFile && foundXLog);
    5002             : 
    5003             :         /* Initialize local copy of WALInsertLocks */
    5004           0 :         WALInsertLocks = XLogCtl->Insert.WALInsertLocks;
    5005             : 
    5006           0 :         if (localControlFile)
    5007           0 :             pfree(localControlFile);
    5008           0 :         return;
    5009             :     }
    5010        2032 :     memset(XLogCtl, 0, sizeof(XLogCtlData));
    5011             : 
    5012             :     /*
    5013             :      * Already have read control file locally, unless in bootstrap mode. Move
    5014             :      * contents into shared memory.
    5015             :      */
    5016        2032 :     if (localControlFile)
    5017             :     {
    5018        1762 :         memcpy(ControlFile, localControlFile, sizeof(ControlFileData));
    5019        1762 :         pfree(localControlFile);
    5020             :     }
    5021             : 
    5022             :     /*
    5023             :      * Since XLogCtlData contains XLogRecPtr fields, its sizeof should be a
    5024             :      * multiple of the alignment for same, so no extra alignment padding is
    5025             :      * needed here.
    5026             :      */
    5027        2032 :     allocptr = ((char *) XLogCtl) + sizeof(XLogCtlData);
    5028        2032 :     XLogCtl->xlblocks = (pg_atomic_uint64 *) allocptr;
    5029        2032 :     allocptr += sizeof(pg_atomic_uint64) * XLOGbuffers;
    5030             : 
    5031      592134 :     for (i = 0; i < XLOGbuffers; i++)
    5032             :     {
    5033      590102 :         pg_atomic_init_u64(&XLogCtl->xlblocks[i], InvalidXLogRecPtr);
    5034             :     }
    5035             : 
    5036             :     /* WAL insertion locks. Ensure they're aligned to the full padded size */
    5037        2032 :     allocptr += sizeof(WALInsertLockPadded) -
    5038        2032 :         ((uintptr_t) allocptr) % sizeof(WALInsertLockPadded);
    5039        2032 :     WALInsertLocks = XLogCtl->Insert.WALInsertLocks =
    5040             :         (WALInsertLockPadded *) allocptr;
    5041        2032 :     allocptr += sizeof(WALInsertLockPadded) * NUM_XLOGINSERT_LOCKS;
    5042             : 
    5043       18288 :     for (i = 0; i < NUM_XLOGINSERT_LOCKS; i++)
    5044             :     {
    5045       16256 :         LWLockInitialize(&WALInsertLocks[i].l.lock, LWTRANCHE_WAL_INSERT);
    5046       16256 :         pg_atomic_init_u64(&WALInsertLocks[i].l.insertingAt, InvalidXLogRecPtr);
    5047       16256 :         WALInsertLocks[i].l.lastImportantAt = InvalidXLogRecPtr;
    5048             :     }
    5049             : 
    5050             :     /*
    5051             :      * Align the start of the page buffers to a full xlog block size boundary.
    5052             :      * This simplifies some calculations in XLOG insertion. It is also
    5053             :      * required for O_DIRECT.
    5054             :      */
    5055        2032 :     allocptr = (char *) TYPEALIGN(XLOG_BLCKSZ, allocptr);
    5056        2032 :     XLogCtl->pages = allocptr;
    5057        2032 :     memset(XLogCtl->pages, 0, (Size) XLOG_BLCKSZ * XLOGbuffers);
    5058             : 
    5059             :     /*
    5060             :      * Do basic initialization of XLogCtl shared data. (StartupXLOG will fill
    5061             :      * in additional info.)
    5062             :      */
    5063        2032 :     XLogCtl->XLogCacheBlck = XLOGbuffers - 1;
    5064        2032 :     XLogCtl->SharedRecoveryState = RECOVERY_STATE_CRASH;
    5065        2032 :     XLogCtl->InstallXLogFileSegmentActive = false;
    5066        2032 :     XLogCtl->WalWriterSleeping = false;
    5067             : 
    5068        2032 :     SpinLockInit(&XLogCtl->Insert.insertpos_lck);
    5069        2032 :     SpinLockInit(&XLogCtl->info_lck);
    5070        2032 :     pg_atomic_init_u64(&XLogCtl->logInsertResult, InvalidXLogRecPtr);
    5071        2032 :     pg_atomic_init_u64(&XLogCtl->logWriteResult, InvalidXLogRecPtr);
    5072        2032 :     pg_atomic_init_u64(&XLogCtl->logFlushResult, InvalidXLogRecPtr);
    5073        2032 :     pg_atomic_init_u64(&XLogCtl->unloggedLSN, InvalidXLogRecPtr);
    5074             : }
    5075             : 
    5076             : /*
    5077             :  * This func must be called ONCE on system install.  It creates pg_control
    5078             :  * and the initial XLOG segment.
    5079             :  */
    5080             : void
    5081          90 : BootStrapXLOG(uint32 data_checksum_version)
    5082             : {
    5083             :     CheckPoint  checkPoint;
    5084             :     char       *buffer;
    5085             :     XLogPageHeader page;
    5086             :     XLogLongPageHeader longpage;
    5087             :     XLogRecord *record;
    5088             :     char       *recptr;
    5089             :     uint64      sysidentifier;
    5090             :     struct timeval tv;
    5091             :     pg_crc32c   crc;
    5092             : 
    5093             :     /* allow ordinary WAL segment creation, like StartupXLOG() would */
    5094          90 :     SetInstallXLogFileSegmentActive();
    5095             : 
    5096             :     /*
    5097             :      * Select a hopefully-unique system identifier code for this installation.
    5098             :      * We use the result of gettimeofday(), including the fractional seconds
    5099             :      * field, as being about as unique as we can easily get.  (Think not to
    5100             :      * use random(), since it hasn't been seeded and there's no portable way
    5101             :      * to seed it other than the system clock value...)  The upper half of the
    5102             :      * uint64 value is just the tv_sec part, while the lower half contains the
    5103             :      * tv_usec part (which must fit in 20 bits), plus 12 bits from our current
    5104             :      * PID for a little extra uniqueness.  A person knowing this encoding can
    5105             :      * determine the initialization time of the installation, which could
    5106             :      * perhaps be useful sometimes.
    5107             :      */
    5108          90 :     gettimeofday(&tv, NULL);
    5109          90 :     sysidentifier = ((uint64) tv.tv_sec) << 32;
    5110          90 :     sysidentifier |= ((uint64) tv.tv_usec) << 12;
    5111          90 :     sysidentifier |= getpid() & 0xFFF;
    5112             : 
    5113             :     /* page buffer must be aligned suitably for O_DIRECT */
    5114          90 :     buffer = (char *) palloc(XLOG_BLCKSZ + XLOG_BLCKSZ);
    5115          90 :     page = (XLogPageHeader) TYPEALIGN(XLOG_BLCKSZ, buffer);
    5116          90 :     memset(page, 0, XLOG_BLCKSZ);
    5117             : 
    5118             :     /*
    5119             :      * Set up information for the initial checkpoint record
    5120             :      *
    5121             :      * The initial checkpoint record is written to the beginning of the WAL
    5122             :      * segment with logid=0 logseg=1. The very first WAL segment, 0/0, is not
    5123             :      * used, so that we can use 0/0 to mean "before any valid WAL segment".
    5124             :      */
    5125          90 :     checkPoint.redo = wal_segment_size + SizeOfXLogLongPHD;
    5126          90 :     checkPoint.ThisTimeLineID = BootstrapTimeLineID;
    5127          90 :     checkPoint.PrevTimeLineID = BootstrapTimeLineID;
    5128          90 :     checkPoint.fullPageWrites = fullPageWrites;
    5129          90 :     checkPoint.wal_level = wal_level;
    5130             :     checkPoint.nextXid =
    5131          90 :         FullTransactionIdFromEpochAndXid(0, FirstNormalTransactionId);
    5132          90 :     checkPoint.nextOid = FirstGenbkiObjectId;
    5133          90 :     checkPoint.nextMulti = FirstMultiXactId;
    5134          90 :     checkPoint.nextMultiOffset = 0;
    5135          90 :     checkPoint.oldestXid = FirstNormalTransactionId;
    5136          90 :     checkPoint.oldestXidDB = Template1DbOid;
    5137          90 :     checkPoint.oldestMulti = FirstMultiXactId;
    5138          90 :     checkPoint.oldestMultiDB = Template1DbOid;
    5139          90 :     checkPoint.oldestCommitTsXid = InvalidTransactionId;
    5140          90 :     checkPoint.newestCommitTsXid = InvalidTransactionId;
    5141          90 :     checkPoint.time = (pg_time_t) time(NULL);
    5142          90 :     checkPoint.oldestActiveXid = InvalidTransactionId;
    5143             : 
    5144          90 :     TransamVariables->nextXid = checkPoint.nextXid;
    5145          90 :     TransamVariables->nextOid = checkPoint.nextOid;
    5146          90 :     TransamVariables->oidCount = 0;
    5147          90 :     MultiXactSetNextMXact(checkPoint.nextMulti, checkPoint.nextMultiOffset);
    5148          90 :     AdvanceOldestClogXid(checkPoint.oldestXid);
    5149          90 :     SetTransactionIdLimit(checkPoint.oldestXid, checkPoint.oldestXidDB);
    5150          90 :     SetMultiXactIdLimit(checkPoint.oldestMulti, checkPoint.oldestMultiDB, true);
    5151          90 :     SetCommitTsLimit(InvalidTransactionId, InvalidTransactionId);
    5152             : 
    5153             :     /* Set up the XLOG page header */
    5154          90 :     page->xlp_magic = XLOG_PAGE_MAGIC;
    5155          90 :     page->xlp_info = XLP_LONG_HEADER;
    5156          90 :     page->xlp_tli = BootstrapTimeLineID;
    5157          90 :     page->xlp_pageaddr = wal_segment_size;
    5158          90 :     longpage = (XLogLongPageHeader) page;
    5159          90 :     longpage->xlp_sysid = sysidentifier;
    5160          90 :     longpage->xlp_seg_size = wal_segment_size;
    5161          90 :     longpage->xlp_xlog_blcksz = XLOG_BLCKSZ;
    5162             : 
    5163             :     /* Insert the initial checkpoint record */
    5164          90 :     recptr = ((char *) page + SizeOfXLogLongPHD);
    5165          90 :     record = (XLogRecord *) recptr;
    5166          90 :     record->xl_prev = 0;
    5167          90 :     record->xl_xid = InvalidTransactionId;
    5168          90 :     record->xl_tot_len = SizeOfXLogRecord + SizeOfXLogRecordDataHeaderShort + sizeof(checkPoint);
    5169          90 :     record->xl_info = XLOG_CHECKPOINT_SHUTDOWN;
    5170          90 :     record->xl_rmid = RM_XLOG_ID;
    5171          90 :     recptr += SizeOfXLogRecord;
    5172             :     /* fill the XLogRecordDataHeaderShort struct */
    5173          90 :     *(recptr++) = (char) XLR_BLOCK_ID_DATA_SHORT;
    5174          90 :     *(recptr++) = sizeof(checkPoint);
    5175          90 :     memcpy(recptr, &checkPoint, sizeof(checkPoint));
    5176          90 :     recptr += sizeof(checkPoint);
    5177             :     Assert(recptr - (char *) record == record->xl_tot_len);
    5178             : 
    5179          90 :     INIT_CRC32C(crc);
    5180          90 :     COMP_CRC32C(crc, ((char *) record) + SizeOfXLogRecord, record->xl_tot_len - SizeOfXLogRecord);
    5181          90 :     COMP_CRC32C(crc, (char *) record, offsetof(XLogRecord, xl_crc));
    5182          90 :     FIN_CRC32C(crc);
    5183          90 :     record->xl_crc = crc;
    5184             : 
    5185             :     /* Create first XLOG segment file */
    5186          90 :     openLogTLI = BootstrapTimeLineID;
    5187          90 :     openLogFile = XLogFileInit(1, BootstrapTimeLineID);
    5188             : 
    5189             :     /*
    5190             :      * We needn't bother with Reserve/ReleaseExternalFD here, since we'll
    5191             :      * close the file again in a moment.
    5192             :      */
    5193             : 
    5194             :     /* Write the first page with the initial record */
    5195          90 :     errno = 0;
    5196          90 :     pgstat_report_wait_start(WAIT_EVENT_WAL_BOOTSTRAP_WRITE);
    5197          90 :     if (write(openLogFile, page, XLOG_BLCKSZ) != XLOG_BLCKSZ)
    5198             :     {
    5199             :         /* if write didn't set errno, assume problem is no disk space */
    5200           0 :         if (errno == 0)
    5201           0 :             errno = ENOSPC;
    5202           0 :         ereport(PANIC,
    5203             :                 (errcode_for_file_access(),
    5204             :                  errmsg("could not write bootstrap write-ahead log file: %m")));
    5205             :     }
    5206          90 :     pgstat_report_wait_end();
    5207             : 
    5208          90 :     pgstat_report_wait_start(WAIT_EVENT_WAL_BOOTSTRAP_SYNC);
    5209          90 :     if (pg_fsync(openLogFile) != 0)
    5210           0 :         ereport(PANIC,
    5211             :                 (errcode_for_file_access(),
    5212             :                  errmsg("could not fsync bootstrap write-ahead log file: %m")));
    5213          90 :     pgstat_report_wait_end();
    5214             : 
    5215          90 :     if (close(openLogFile) != 0)
    5216           0 :         ereport(PANIC,
    5217             :                 (errcode_for_file_access(),
    5218             :                  errmsg("could not close bootstrap write-ahead log file: %m")));
    5219             : 
    5220          90 :     openLogFile = -1;
    5221             : 
    5222             :     /* Now create pg_control */
    5223          90 :     InitControlFile(sysidentifier, data_checksum_version);
    5224          90 :     ControlFile->time = checkPoint.time;
    5225          90 :     ControlFile->checkPoint = checkPoint.redo;
    5226          90 :     ControlFile->checkPointCopy = checkPoint;
    5227             : 
    5228             :     /* some additional ControlFile fields are set in WriteControlFile() */
    5229          90 :     WriteControlFile();
    5230             : 
    5231             :     /* Bootstrap the commit log, too */
    5232          90 :     BootStrapCLOG();
    5233          90 :     BootStrapCommitTs();
    5234          90 :     BootStrapSUBTRANS();
    5235          90 :     BootStrapMultiXact();
    5236             : 
    5237          90 :     pfree(buffer);
    5238             : 
    5239             :     /*
    5240             :      * Force control file to be read - in contrast to normal processing we'd
    5241             :      * otherwise never run the checks and GUC related initializations therein.
    5242             :      */
    5243          90 :     ReadControlFile();
    5244          90 : }
    5245             : 
    5246             : static char *
    5247        1582 : str_time(pg_time_t tnow)
    5248             : {
    5249        1582 :     char       *buf = palloc(128);
    5250             : 
    5251        1582 :     pg_strftime(buf, 128,
    5252             :                 "%Y-%m-%d %H:%M:%S %Z",
    5253        1582 :                 pg_localtime(&tnow, log_timezone));
    5254             : 
    5255        1582 :     return buf;
    5256             : }
    5257             : 
    5258             : /*
    5259             :  * Initialize the first WAL segment on new timeline.
    5260             :  */
    5261             : static void
    5262          98 : XLogInitNewTimeline(TimeLineID endTLI, XLogRecPtr endOfLog, TimeLineID newTLI)
    5263             : {
    5264             :     char        xlogfname[MAXFNAMELEN];
    5265             :     XLogSegNo   endLogSegNo;
    5266             :     XLogSegNo   startLogSegNo;
    5267             : 
    5268             :     /* we always switch to a new timeline after archive recovery */
    5269             :     Assert(endTLI != newTLI);
    5270             : 
    5271             :     /*
    5272             :      * Update min recovery point one last time.
    5273             :      */
    5274          98 :     UpdateMinRecoveryPoint(InvalidXLogRecPtr, true);
    5275             : 
    5276             :     /*
    5277             :      * Calculate the last segment on the old timeline, and the first segment
    5278             :      * on the new timeline. If the switch happens in the middle of a segment,
    5279             :      * they are the same, but if the switch happens exactly at a segment
    5280             :      * boundary, startLogSegNo will be endLogSegNo + 1.
    5281             :      */
    5282          98 :     XLByteToPrevSeg(endOfLog, endLogSegNo, wal_segment_size);
    5283          98 :     XLByteToSeg(endOfLog, startLogSegNo, wal_segment_size);
    5284             : 
    5285             :     /*
    5286             :      * Initialize the starting WAL segment for the new timeline. If the switch
    5287             :      * happens in the middle of a segment, copy data from the last WAL segment
    5288             :      * of the old timeline up to the switch point, to the starting WAL segment
    5289             :      * on the new timeline.
    5290             :      */
    5291          98 :     if (endLogSegNo == startLogSegNo)
    5292             :     {
    5293             :         /*
    5294             :          * Make a copy of the file on the new timeline.
    5295             :          *
    5296             :          * Writing WAL isn't allowed yet, so there are no locking
    5297             :          * considerations. But we should be just as tense as XLogFileInit to
    5298             :          * avoid emplacing a bogus file.
    5299             :          */
    5300          76 :         XLogFileCopy(newTLI, endLogSegNo, endTLI, endLogSegNo,
    5301          76 :                      XLogSegmentOffset(endOfLog, wal_segment_size));
    5302             :     }
    5303             :     else
    5304             :     {
    5305             :         /*
    5306             :          * The switch happened at a segment boundary, so just create the next
    5307             :          * segment on the new timeline.
    5308             :          */
    5309             :         int         fd;
    5310             : 
    5311          22 :         fd = XLogFileInit(startLogSegNo, newTLI);
    5312             : 
    5313          22 :         if (close(fd) != 0)
    5314             :         {
    5315           0 :             int         save_errno = errno;
    5316             : 
    5317           0 :             XLogFileName(xlogfname, newTLI, startLogSegNo, wal_segment_size);
    5318           0 :             errno = save_errno;
    5319           0 :             ereport(ERROR,
    5320             :                     (errcode_for_file_access(),
    5321             :                      errmsg("could not close file \"%s\": %m", xlogfname)));
    5322             :         }
    5323             :     }
    5324             : 
    5325             :     /*
    5326             :      * Let's just make real sure there are not .ready or .done flags posted
    5327             :      * for the new segment.
    5328             :      */
    5329          98 :     XLogFileName(xlogfname, newTLI, startLogSegNo, wal_segment_size);
    5330          98 :     XLogArchiveCleanup(xlogfname);
    5331          98 : }
    5332             : 
    5333             : /*
    5334             :  * Perform cleanup actions at the conclusion of archive recovery.
    5335             :  */
    5336             : static void
    5337          98 : CleanupAfterArchiveRecovery(TimeLineID EndOfLogTLI, XLogRecPtr EndOfLog,
    5338             :                             TimeLineID newTLI)
    5339             : {
    5340             :     /*
    5341             :      * Execute the recovery_end_command, if any.
    5342             :      */
    5343          98 :     if (recoveryEndCommand && strcmp(recoveryEndCommand, "") != 0)
    5344           4 :         ExecuteRecoveryCommand(recoveryEndCommand,
    5345             :                                "recovery_end_command",
    5346             :                                true,
    5347             :                                WAIT_EVENT_RECOVERY_END_COMMAND);
    5348             : 
    5349             :     /*
    5350             :      * We switched to a new timeline. Clean up segments on the old timeline.
    5351             :      *
    5352             :      * If there are any higher-numbered segments on the old timeline, remove
    5353             :      * them. They might contain valid WAL, but they might also be
    5354             :      * pre-allocated files containing garbage. In any case, they are not part
    5355             :      * of the new timeline's history so we don't need them.
    5356             :      */
    5357          98 :     RemoveNonParentXlogFiles(EndOfLog, newTLI);
    5358             : 
    5359             :     /*
    5360             :      * If the switch happened in the middle of a segment, what to do with the
    5361             :      * last, partial segment on the old timeline? If we don't archive it, and
    5362             :      * the server that created the WAL never archives it either (e.g. because
    5363             :      * it was hit by a meteor), it will never make it to the archive. That's
    5364             :      * OK from our point of view, because the new segment that we created with
    5365             :      * the new TLI contains all the WAL from the old timeline up to the switch
    5366             :      * point. But if you later try to do PITR to the "missing" WAL on the old
    5367             :      * timeline, recovery won't find it in the archive. It's physically
    5368             :      * present in the new file with new TLI, but recovery won't look there
    5369             :      * when it's recovering to the older timeline. On the other hand, if we
    5370             :      * archive the partial segment, and the original server on that timeline
    5371             :      * is still running and archives the completed version of the same segment
    5372             :      * later, it will fail. (We used to do that in 9.4 and below, and it
    5373             :      * caused such problems).
    5374             :      *
    5375             :      * As a compromise, we rename the last segment with the .partial suffix,
    5376             :      * and archive it. Archive recovery will never try to read .partial
    5377             :      * segments, so they will normally go unused. But in the odd PITR case,
    5378             :      * the administrator can copy them manually to the pg_wal directory
    5379             :      * (removing the suffix). They can be useful in debugging, too.
    5380             :      *
    5381             :      * If a .done or .ready file already exists for the old timeline, however,
    5382             :      * we had already determined that the segment is complete, so we can let
    5383             :      * it be archived normally. (In particular, if it was restored from the
    5384             :      * archive to begin with, it's expected to have a .done file).
    5385             :      */
    5386          98 :     if (XLogSegmentOffset(EndOfLog, wal_segment_size) != 0 &&
    5387             :         XLogArchivingActive())
    5388             :     {
    5389             :         char        origfname[MAXFNAMELEN];
    5390             :         XLogSegNo   endLogSegNo;
    5391             : 
    5392          18 :         XLByteToPrevSeg(EndOfLog, endLogSegNo, wal_segment_size);
    5393          18 :         XLogFileName(origfname, EndOfLogTLI, endLogSegNo, wal_segment_size);
    5394             : 
    5395          18 :         if (!XLogArchiveIsReadyOrDone(origfname))
    5396             :         {
    5397             :             char        origpath[MAXPGPATH];
    5398             :             char        partialfname[MAXFNAMELEN];
    5399             :             char        partialpath[MAXPGPATH];
    5400             : 
    5401             :             /*
    5402             :              * If we're summarizing WAL, we can't rename the partial file
    5403             :              * until the summarizer finishes with it, else it will fail.
    5404             :              */
    5405          10 :             if (summarize_wal)
    5406           2 :                 WaitForWalSummarization(EndOfLog);
    5407             : 
    5408          10 :             XLogFilePath(origpath, EndOfLogTLI, endLogSegNo, wal_segment_size);
    5409          10 :             snprintf(partialfname, MAXFNAMELEN, "%s.partial", origfname);
    5410          10 :             snprintf(partialpath, MAXPGPATH, "%s.partial", origpath);
    5411             : 
    5412             :             /*
    5413             :              * Make sure there's no .done or .ready file for the .partial
    5414             :              * file.
    5415             :              */
    5416          10 :             XLogArchiveCleanup(partialfname);
    5417             : 
    5418          10 :             durable_rename(origpath, partialpath, ERROR);
    5419          10 :             XLogArchiveNotify(partialfname);
    5420             :         }
    5421             :     }
    5422          98 : }
    5423             : 
    5424             : /*
    5425             :  * Check to see if required parameters are set high enough on this server
    5426             :  * for various aspects of recovery operation.
    5427             :  *
    5428             :  * Note that all the parameters which this function tests need to be
    5429             :  * listed in Administrator's Overview section in high-availability.sgml.
    5430             :  * If you change them, don't forget to update the list.
    5431             :  */
    5432             : static void
    5433         482 : CheckRequiredParameterValues(void)
    5434             : {
    5435             :     /*
    5436             :      * For archive recovery, the WAL must be generated with at least 'replica'
    5437             :      * wal_level.
    5438             :      */
    5439         482 :     if (ArchiveRecoveryRequested && ControlFile->wal_level == WAL_LEVEL_MINIMAL)
    5440             :     {
    5441           4 :         ereport(FATAL,
    5442             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    5443             :                  errmsg("WAL was generated with \"wal_level=minimal\", cannot continue recovering"),
    5444             :                  errdetail("This happens if you temporarily set \"wal_level=minimal\" on the server."),
    5445             :                  errhint("Use a backup taken after setting \"wal_level\" to higher than \"minimal\".")));
    5446             :     }
    5447             : 
    5448             :     /*
    5449             :      * For Hot Standby, the WAL must be generated with 'replica' mode, and we
    5450             :      * must have at least as many backend slots as the primary.
    5451             :      */
    5452         478 :     if (ArchiveRecoveryRequested && EnableHotStandby)
    5453             :     {
    5454             :         /* We ignore autovacuum_worker_slots when we make this test. */
    5455         240 :         RecoveryRequiresIntParameter("max_connections",
    5456             :                                      MaxConnections,
    5457         240 :                                      ControlFile->MaxConnections);
    5458         240 :         RecoveryRequiresIntParameter("max_worker_processes",
    5459             :                                      max_worker_processes,
    5460         240 :                                      ControlFile->max_worker_processes);
    5461         240 :         RecoveryRequiresIntParameter("max_wal_senders",
    5462             :                                      max_wal_senders,
    5463         240 :                                      ControlFile->max_wal_senders);
    5464         240 :         RecoveryRequiresIntParameter("max_prepared_transactions",
    5465             :                                      max_prepared_xacts,
    5466         240 :                                      ControlFile->max_prepared_xacts);
    5467         240 :         RecoveryRequiresIntParameter("max_locks_per_transaction",
    5468             :                                      max_locks_per_xact,
    5469         240 :                                      ControlFile->max_locks_per_xact);
    5470             :     }
    5471         478 : }
    5472             : 
    5473             : /*
    5474             :  * This must be called ONCE during postmaster or standalone-backend startup
    5475             :  */
    5476             : void
    5477        1762 : StartupXLOG(void)
    5478             : {
    5479             :     XLogCtlInsert *Insert;
    5480             :     CheckPoint  checkPoint;
    5481             :     bool        wasShutdown;
    5482             :     bool        didCrash;
    5483             :     bool        haveTblspcMap;
    5484             :     bool        haveBackupLabel;
    5485             :     XLogRecPtr  EndOfLog;
    5486             :     TimeLineID  EndOfLogTLI;
    5487             :     TimeLineID  newTLI;
    5488             :     bool        performedWalRecovery;
    5489             :     EndOfWalRecoveryInfo *endOfRecoveryInfo;
    5490             :     XLogRecPtr  abortedRecPtr;
    5491             :     XLogRecPtr  missingContrecPtr;
    5492             :     TransactionId oldestActiveXID;
    5493        1762 :     bool        promoted = false;
    5494             : 
    5495             :     /*
    5496             :      * We should have an aux process resource owner to use, and we should not
    5497             :      * be in a transaction that's installed some other resowner.
    5498             :      */
    5499             :     Assert(AuxProcessResourceOwner != NULL);
    5500             :     Assert(CurrentResourceOwner == NULL ||
    5501             :            CurrentResourceOwner == AuxProcessResourceOwner);
    5502        1762 :     CurrentResourceOwner = AuxProcessResourceOwner;
    5503             : 
    5504             :     /*
    5505             :      * Check that contents look valid.
    5506             :      */
    5507        1762 :     if (!XRecOffIsValid(ControlFile->checkPoint))
    5508           0 :         ereport(FATAL,
    5509             :                 (errcode(ERRCODE_DATA_CORRUPTED),
    5510             :                  errmsg("control file contains invalid checkpoint location")));
    5511             : 
    5512        1762 :     switch (ControlFile->state)
    5513             :     {
    5514        1356 :         case DB_SHUTDOWNED:
    5515             : 
    5516             :             /*
    5517             :              * This is the expected case, so don't be chatty in standalone
    5518             :              * mode
    5519             :              */
    5520        1356 :             ereport(IsPostmasterEnvironment ? LOG : NOTICE,
    5521             :                     (errmsg("database system was shut down at %s",
    5522             :                             str_time(ControlFile->time))));
    5523        1356 :             break;
    5524             : 
    5525          64 :         case DB_SHUTDOWNED_IN_RECOVERY:
    5526          64 :             ereport(LOG,
    5527             :                     (errmsg("database system was shut down in recovery at %s",
    5528             :                             str_time(ControlFile->time))));
    5529          64 :             break;
    5530             : 
    5531           0 :         case DB_SHUTDOWNING:
    5532           0 :             ereport(LOG,
    5533             :                     (errmsg("database system shutdown was interrupted; last known up at %s",
    5534             :                             str_time(ControlFile->time))));
    5535           0 :             break;
    5536             : 
    5537           0 :         case DB_IN_CRASH_RECOVERY:
    5538           0 :             ereport(LOG,
    5539             :                     (errmsg("database system was interrupted while in recovery at %s",
    5540             :                             str_time(ControlFile->time)),
    5541             :                      errhint("This probably means that some data is corrupted and"
    5542             :                              " you will have to use the last backup for recovery.")));
    5543           0 :             break;
    5544             : 
    5545          12 :         case DB_IN_ARCHIVE_RECOVERY:
    5546          12 :             ereport(LOG,
    5547             :                     (errmsg("database system was interrupted while in recovery at log time %s",
    5548             :                             str_time(ControlFile->checkPointCopy.time)),
    5549             :                      errhint("If this has occurred more than once some data might be corrupted"
    5550             :                              " and you might need to choose an earlier recovery target.")));
    5551          12 :             break;
    5552             : 
    5553         330 :         case DB_IN_PRODUCTION:
    5554         330 :             ereport(LOG,
    5555             :                     (errmsg("database system was interrupted; last known up at %s",
    5556             :                             str_time(ControlFile->time))));
    5557         330 :             break;
    5558             : 
    5559           0 :         default:
    5560           0 :             ereport(FATAL,
    5561             :                     (errcode(ERRCODE_DATA_CORRUPTED),
    5562             :                      errmsg("control file contains invalid database cluster state")));
    5563             :     }
    5564             : 
    5565             :     /* This is just to allow attaching to startup process with a debugger */
    5566             : #ifdef XLOG_REPLAY_DELAY
    5567             :     if (ControlFile->state != DB_SHUTDOWNED)
    5568             :         pg_usleep(60000000L);
    5569             : #endif
    5570             : 
    5571             :     /*
    5572             :      * Verify that pg_wal, pg_wal/archive_status, and pg_wal/summaries exist.
    5573             :      * In cases where someone has performed a copy for PITR, these directories
    5574             :      * may have been excluded and need to be re-created.
    5575             :      */
    5576        1762 :     ValidateXLOGDirectoryStructure();
    5577             : 
    5578             :     /* Set up timeout handler needed to report startup progress. */
    5579        1762 :     if (!IsBootstrapProcessingMode())
    5580        1672 :         RegisterTimeout(STARTUP_PROGRESS_TIMEOUT,
    5581             :                         startup_progress_timeout_handler);
    5582             : 
    5583             :     /*----------
    5584             :      * If we previously crashed, perform a couple of actions:
    5585             :      *
    5586             :      * - The pg_wal directory may still include some temporary WAL segments
    5587             :      *   used when creating a new segment, so perform some clean up to not
    5588             :      *   bloat this path.  This is done first as there is no point to sync
    5589             :      *   this temporary data.
    5590             :      *
    5591             :      * - There might be data which we had written, intending to fsync it, but
    5592             :      *   which we had not actually fsync'd yet.  Therefore, a power failure in
    5593             :      *   the near future might cause earlier unflushed writes to be lost, even
    5594             :      *   though more recent data written to disk from here on would be
    5595             :      *   persisted.  To avoid that, fsync the entire data directory.
    5596             :      */
    5597        1762 :     if (ControlFile->state != DB_SHUTDOWNED &&
    5598         406 :         ControlFile->state != DB_SHUTDOWNED_IN_RECOVERY)
    5599             :     {
    5600         342 :         RemoveTempXlogFiles();
    5601         342 :         SyncDataDirectory();
    5602         342 :         didCrash = true;
    5603             :     }
    5604             :     else
    5605        1420 :         didCrash = false;
    5606             : 
    5607             :     /*
    5608             :      * Prepare for WAL recovery if needed.
    5609             :      *
    5610             :      * InitWalRecovery analyzes the control file and the backup label file, if
    5611             :      * any.  It updates the in-memory ControlFile buffer according to the
    5612             :      * starting checkpoint, and sets InRecovery and ArchiveRecoveryRequested.
    5613             :      * It also applies the tablespace map file, if any.
    5614             :      */
    5615        1762 :     InitWalRecovery(ControlFile, &wasShutdown,
    5616             :                     &haveBackupLabel, &haveTblspcMap);
    5617        1762 :     checkPoint = ControlFile->checkPointCopy;
    5618             : 
    5619             :     /* initialize shared memory variables from the checkpoint record */
    5620        1762 :     TransamVariables->nextXid = checkPoint.nextXid;
    5621        1762 :     TransamVariables->nextOid = checkPoint.nextOid;
    5622        1762 :     TransamVariables->oidCount = 0;
    5623        1762 :     MultiXactSetNextMXact(checkPoint.nextMulti, checkPoint.nextMultiOffset);
    5624        1762 :     AdvanceOldestClogXid(checkPoint.oldestXid);
    5625        1762 :     SetTransactionIdLimit(checkPoint.oldestXid, checkPoint.oldestXidDB);
    5626        1762 :     SetMultiXactIdLimit(checkPoint.oldestMulti, checkPoint.oldestMultiDB, true);
    5627        1762 :     SetCommitTsLimit(checkPoint.oldestCommitTsXid,
    5628             :                      checkPoint.newestCommitTsXid);
    5629        1762 :     XLogCtl->ckptFullXid = checkPoint.nextXid;
    5630             : 
    5631             :     /*
    5632             :      * Clear out any old relcache cache files.  This is *necessary* if we do
    5633             :      * any WAL replay, since that would probably result in the cache files
    5634             :      * being out of sync with database reality.  In theory we could leave them
    5635             :      * in place if the database had been cleanly shut down, but it seems
    5636             :      * safest to just remove them always and let them be rebuilt during the
    5637             :      * first backend startup.  These files needs to be removed from all
    5638             :      * directories including pg_tblspc, however the symlinks are created only
    5639             :      * after reading tablespace_map file in case of archive recovery from
    5640             :      * backup, so needs to clear old relcache files here after creating
    5641             :      * symlinks.
    5642             :      */
    5643        1762 :     RelationCacheInitFileRemove();
    5644             : 
    5645             :     /*
    5646             :      * Initialize replication slots, before there's a chance to remove
    5647             :      * required resources.
    5648             :      */
    5649        1762 :     StartupReplicationSlots();
    5650             : 
    5651             :     /*
    5652             :      * Startup logical state, needs to be setup now so we have proper data
    5653             :      * during crash recovery.
    5654             :      */
    5655        1760 :     StartupReorderBuffer();
    5656             : 
    5657             :     /*
    5658             :      * Startup CLOG. This must be done after TransamVariables->nextXid has
    5659             :      * been initialized and before we accept connections or begin WAL replay.
    5660             :      */
    5661        1760 :     StartupCLOG();
    5662             : 
    5663             :     /*
    5664             :      * Startup MultiXact. We need to do this early to be able to replay
    5665             :      * truncations.
    5666             :      */
    5667        1760 :     StartupMultiXact();
    5668             : 
    5669             :     /*
    5670             :      * Ditto for commit timestamps.  Activate the facility if the setting is
    5671             :      * enabled in the control file, as there should be no tracking of commit
    5672             :      * timestamps done when the setting was disabled.  This facility can be
    5673             :      * started or stopped when replaying a XLOG_PARAMETER_CHANGE record.
    5674             :      */
    5675        1760 :     if (ControlFile->track_commit_timestamp)
    5676          20 :         StartupCommitTs();
    5677             : 
    5678             :     /*
    5679             :      * Recover knowledge about replay progress of known replication partners.
    5680             :      */
    5681        1760 :     StartupReplicationOrigin();
    5682             : 
    5683             :     /*
    5684             :      * Initialize unlogged LSN. On a clean shutdown, it's restored from the
    5685             :      * control file. On recovery, all unlogged relations are blown away, so
    5686             :      * the unlogged LSN counter can be reset too.
    5687             :      */
    5688        1760 :     if (ControlFile->state == DB_SHUTDOWNED)
    5689        1342 :         pg_atomic_write_membarrier_u64(&XLogCtl->unloggedLSN,
    5690        1342 :                                        ControlFile->unloggedLSN);
    5691             :     else
    5692         418 :         pg_atomic_write_membarrier_u64(&XLogCtl->unloggedLSN,
    5693             :                                        FirstNormalUnloggedLSN);
    5694             : 
    5695             :     /*
    5696             :      * Copy any missing timeline history files between 'now' and the recovery
    5697             :      * target timeline from archive to pg_wal. While we don't need those files
    5698             :      * ourselves - the history file of the recovery target timeline covers all
    5699             :      * the previous timelines in the history too - a cascading standby server
    5700             :      * might be interested in them. Or, if you archive the WAL from this
    5701             :      * server to a different archive than the primary, it'd be good for all
    5702             :      * the history files to get archived there after failover, so that you can
    5703             :      * use one of the old timelines as a PITR target. Timeline history files
    5704             :      * are small, so it's better to copy them unnecessarily than not copy them
    5705             :      * and regret later.
    5706             :      */
    5707        1760 :     restoreTimeLineHistoryFiles(checkPoint.ThisTimeLineID, recoveryTargetTLI);
    5708             : 
    5709             :     /*
    5710             :      * Before running in recovery, scan pg_twophase and fill in its status to
    5711             :      * be able to work on entries generated by redo.  Doing a scan before
    5712             :      * taking any recovery action has the merit to discard any 2PC files that
    5713             :      * are newer than the first record to replay, saving from any conflicts at
    5714             :      * replay.  This avoids as well any subsequent scans when doing recovery
    5715             :      * of the on-disk two-phase data.
    5716             :      */
    5717        1760 :     restoreTwoPhaseData();
    5718             : 
    5719             :     /*
    5720             :      * When starting with crash recovery, reset pgstat data - it might not be
    5721             :      * valid. Otherwise restore pgstat data. It's safe to do this here,
    5722             :      * because postmaster will not yet have started any other processes.
    5723             :      *
    5724             :      * NB: Restoring replication slot stats relies on slot state to have
    5725             :      * already been restored from disk.
    5726             :      *
    5727             :      * TODO: With a bit of extra work we could just start with a pgstat file
    5728             :      * associated with the checkpoint redo location we're starting from.
    5729             :      */
    5730        1760 :     if (didCrash)
    5731         342 :         pgstat_discard_stats();
    5732             :     else
    5733        1418 :         pgstat_restore_stats();
    5734             : 
    5735        1760 :     lastFullPageWrites = checkPoint.fullPageWrites;
    5736             : 
    5737        1760 :     RedoRecPtr = XLogCtl->RedoRecPtr = XLogCtl->Insert.RedoRecPtr = checkPoint.redo;
    5738        1760 :     doPageWrites = lastFullPageWrites;
    5739             : 
    5740             :     /* REDO */
    5741        1760 :     if (InRecovery)
    5742             :     {
    5743             :         /* Initialize state for RecoveryInProgress() */
    5744         418 :         SpinLockAcquire(&XLogCtl->info_lck);
    5745         418 :         if (InArchiveRecovery)
    5746         218 :             XLogCtl->SharedRecoveryState = RECOVERY_STATE_ARCHIVE;
    5747             :         else
    5748         200 :             XLogCtl->SharedRecoveryState = RECOVERY_STATE_CRASH;
    5749         418 :         SpinLockRelease(&XLogCtl->info_lck);
    5750             : 
    5751             :         /*
    5752             :          * Update pg_control to show that we are recovering and to show the
    5753             :          * selected checkpoint as the place we are starting from. We also mark
    5754             :          * pg_control with any minimum recovery stop point obtained from a
    5755             :          * backup history file.
    5756             :          *
    5757             :          * No need to hold ControlFileLock yet, we aren't up far enough.
    5758             :          */
    5759         418 :         UpdateControlFile();
    5760             : 
    5761             :         /*
    5762             :          * If there was a backup label file, it's done its job and the info
    5763             :          * has now been propagated into pg_control.  We must get rid of the
    5764             :          * label file so that if we crash during recovery, we'll pick up at
    5765             :          * the latest recovery restartpoint instead of going all the way back
    5766             :          * to the backup start point.  It seems prudent though to just rename
    5767             :          * the file out of the way rather than delete it completely.
    5768             :          */
    5769         418 :         if (haveBackupLabel)
    5770             :         {
    5771         138 :             unlink(BACKUP_LABEL_OLD);
    5772         138 :             durable_rename(BACKUP_LABEL_FILE, BACKUP_LABEL_OLD, FATAL);
    5773             :         }
    5774             : 
    5775             :         /*
    5776             :          * If there was a tablespace_map file, it's done its job and the
    5777             :          * symlinks have been created.  We must get rid of the map file so
    5778             :          * that if we crash during recovery, we don't create symlinks again.
    5779             :          * It seems prudent though to just rename the file out of the way
    5780             :          * rather than delete it completely.
    5781             :          */
    5782         418 :         if (haveTblspcMap)
    5783             :         {
    5784           4 :             unlink(TABLESPACE_MAP_OLD);
    5785           4 :             durable_rename(TABLESPACE_MAP, TABLESPACE_MAP_OLD, FATAL);
    5786             :         }
    5787             : 
    5788             :         /*
    5789             :          * Initialize our local copy of minRecoveryPoint.  When doing crash
    5790             :          * recovery we want to replay up to the end of WAL.  Particularly, in
    5791             :          * the case of a promoted standby minRecoveryPoint value in the
    5792             :          * control file is only updated after the first checkpoint.  However,
    5793             :          * if the instance crashes before the first post-recovery checkpoint
    5794             :          * is completed then recovery will use a stale location causing the
    5795             :          * startup process to think that there are still invalid page
    5796             :          * references when checking for data consistency.
    5797             :          */
    5798         418 :         if (InArchiveRecovery)
    5799             :         {
    5800         218 :             LocalMinRecoveryPoint = ControlFile->minRecoveryPoint;
    5801         218 :             LocalMinRecoveryPointTLI = ControlFile->minRecoveryPointTLI;
    5802             :         }
    5803             :         else
    5804             :         {
    5805         200 :             LocalMinRecoveryPoint = InvalidXLogRecPtr;
    5806         200 :             LocalMinRecoveryPointTLI = 0;
    5807             :         }
    5808             : 
    5809             :         /* Check that the GUCs used to generate the WAL allow recovery */
    5810         418 :         CheckRequiredParameterValues();
    5811             : 
    5812             :         /*
    5813             :          * We're in recovery, so unlogged relations may be trashed and must be
    5814             :          * reset.  This should be done BEFORE allowing Hot Standby
    5815             :          * connections, so that read-only backends don't try to read whatever
    5816             :          * garbage is left over from before.
    5817             :          */
    5818         418 :         ResetUnloggedRelations(UNLOGGED_RELATION_CLEANUP);
    5819             : 
    5820             :         /*
    5821             :          * Likewise, delete any saved transaction snapshot files that got left
    5822             :          * behind by crashed backends.
    5823             :          */
    5824         418 :         DeleteAllExportedSnapshotFiles();
    5825             : 
    5826             :         /*
    5827             :          * Initialize for Hot Standby, if enabled. We won't let backends in
    5828             :          * yet, not until we've reached the min recovery point specified in
    5829             :          * control file and we've established a recovery snapshot from a
    5830             :          * running-xacts WAL record.
    5831             :          */
    5832         418 :         if (ArchiveRecoveryRequested && EnableHotStandby)
    5833             :         {
    5834             :             TransactionId *xids;
    5835             :             int         nxids;
    5836             : 
    5837         206 :             ereport(DEBUG1,
    5838             :                     (errmsg_internal("initializing for hot standby")));
    5839             : 
    5840         206 :             InitRecoveryTransactionEnvironment();
    5841             : 
    5842         206 :             if (wasShutdown)
    5843          52 :                 oldestActiveXID = PrescanPreparedTransactions(&xids, &nxids);
    5844             :             else
    5845         154 :                 oldestActiveXID = checkPoint.oldestActiveXid;
    5846             :             Assert(TransactionIdIsValid(oldestActiveXID));
    5847             : 
    5848             :             /* Tell procarray about the range of xids it has to deal with */
    5849         206 :             ProcArrayInitRecovery(XidFromFullTransactionId(TransamVariables->nextXid));
    5850             : 
    5851             :             /*
    5852             :              * Startup subtrans only.  CLOG, MultiXact and commit timestamp
    5853             :              * have already been started up and other SLRUs are not maintained
    5854             :              * during recovery and need not be started yet.
    5855             :              */
    5856         206 :             StartupSUBTRANS(oldestActiveXID);
    5857             : 
    5858             :             /*
    5859             :              * If we're beginning at a shutdown checkpoint, we know that
    5860             :              * nothing was running on the primary at this point. So fake-up an
    5861             :              * empty running-xacts record and use that here and now. Recover
    5862             :              * additional standby state for prepared transactions.
    5863             :              */
    5864         206 :             if (wasShutdown)
    5865             :             {
    5866             :                 RunningTransactionsData running;
    5867             :                 TransactionId latestCompletedXid;
    5868             : 
    5869             :                 /* Update pg_subtrans entries for any prepared transactions */
    5870          52 :                 StandbyRecoverPreparedTransactions();
    5871             : 
    5872             :                 /*
    5873             :                  * Construct a RunningTransactions snapshot representing a
    5874             :                  * shut down server, with only prepared transactions still
    5875             :                  * alive. We're never overflowed at this point because all
    5876             :                  * subxids are listed with their parent prepared transactions.
    5877             :                  */
    5878          52 :                 running.xcnt = nxids;
    5879          52 :                 running.subxcnt = 0;
    5880          52 :                 running.subxid_status = SUBXIDS_IN_SUBTRANS;
    5881          52 :                 running.nextXid = XidFromFullTransactionId(checkPoint.nextXid);
    5882          52 :                 running.oldestRunningXid = oldestActiveXID;
    5883          52 :                 latestCompletedXid = XidFromFullTransactionId(checkPoint.nextXid);
    5884          52 :                 TransactionIdRetreat(latestCompletedXid);
    5885             :                 Assert(TransactionIdIsNormal(latestCompletedXid));
    5886          52 :                 running.latestCompletedXid = latestCompletedXid;
    5887          52 :                 running.xids = xids;
    5888             : 
    5889          52 :                 ProcArrayApplyRecoveryInfo(&running);
    5890             :             }
    5891             :         }
    5892             : 
    5893             :         /*
    5894             :          * We're all set for replaying the WAL now. Do it.
    5895             :          */
    5896         418 :         PerformWalRecovery();
    5897         306 :         performedWalRecovery = true;
    5898             :     }
    5899             :     else
    5900        1342 :         performedWalRecovery = false;
    5901             : 
    5902             :     /*
    5903             :      * Finish WAL recovery.
    5904             :      */
    5905        1648 :     endOfRecoveryInfo = FinishWalRecovery();
    5906        1648 :     EndOfLog = endOfRecoveryInfo->endOfLog;
    5907        1648 :     EndOfLogTLI = endOfRecoveryInfo->endOfLogTLI;
    5908        1648 :     abortedRecPtr = endOfRecoveryInfo->abortedRecPtr;
    5909        1648 :     missingContrecPtr = endOfRecoveryInfo->missingContrecPtr;
    5910             : 
    5911             :     /*
    5912             :      * Reset ps status display, so as no information related to recovery shows
    5913             :      * up.
    5914             :      */
    5915        1648 :     set_ps_display("");
    5916             : 
    5917             :     /*
    5918             :      * When recovering from a backup (we are in recovery, and archive recovery
    5919             :      * was requested), complain if we did not roll forward far enough to reach
    5920             :      * the point where the database is consistent.  For regular online
    5921             :      * backup-from-primary, that means reaching the end-of-backup WAL record
    5922             :      * (at which point we reset backupStartPoint to be Invalid), for
    5923             :      * backup-from-replica (which can't inject records into the WAL stream),
    5924             :      * that point is when we reach the minRecoveryPoint in pg_control (which
    5925             :      * we purposefully copy last when backing up from a replica).  For
    5926             :      * pg_rewind (which creates a backup_label with a method of "pg_rewind")
    5927             :      * or snapshot-style backups (which don't), backupEndRequired will be set
    5928             :      * to false.
    5929             :      *
    5930             :      * Note: it is indeed okay to look at the local variable
    5931             :      * LocalMinRecoveryPoint here, even though ControlFile->minRecoveryPoint
    5932             :      * might be further ahead --- ControlFile->minRecoveryPoint cannot have
    5933             :      * been advanced beyond the WAL we processed.
    5934             :      */
    5935        1648 :     if (InRecovery &&
    5936         306 :         (EndOfLog < LocalMinRecoveryPoint ||
    5937         306 :          !XLogRecPtrIsInvalid(ControlFile->backupStartPoint)))
    5938             :     {
    5939             :         /*
    5940             :          * Ran off end of WAL before reaching end-of-backup WAL record, or
    5941             :          * minRecoveryPoint. That's a bad sign, indicating that you tried to
    5942             :          * recover from an online backup but never called pg_backup_stop(), or
    5943             :          * you didn't archive all the WAL needed.
    5944             :          */
    5945           0 :         if (ArchiveRecoveryRequested || ControlFile->backupEndRequired)
    5946             :         {
    5947           0 :             if (!XLogRecPtrIsInvalid(ControlFile->backupStartPoint) || ControlFile->backupEndRequired)
    5948           0 :                 ereport(FATAL,
    5949             :                         (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    5950             :                          errmsg("WAL ends before end of online backup"),
    5951             :                          errhint("All WAL generated while online backup was taken must be available at recovery.")));
    5952             :             else
    5953           0 :                 ereport(FATAL,
    5954             :                         (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    5955             :                          errmsg("WAL ends before consistent recovery point")));
    5956             :         }
    5957             :     }
    5958             : 
    5959             :     /*
    5960             :      * Reset unlogged relations to the contents of their INIT fork. This is
    5961             :      * done AFTER recovery is complete so as to include any unlogged relations
    5962             :      * created during recovery, but BEFORE recovery is marked as having
    5963             :      * completed successfully. Otherwise we'd not retry if any of the post
    5964             :      * end-of-recovery steps fail.
    5965             :      */
    5966        1648 :     if (InRecovery)
    5967         306 :         ResetUnloggedRelations(UNLOGGED_RELATION_INIT);
    5968             : 
    5969             :     /*
    5970             :      * Pre-scan prepared transactions to find out the range of XIDs present.
    5971             :      * This information is not quite needed yet, but it is positioned here so
    5972             :      * as potential problems are detected before any on-disk change is done.
    5973             :      */
    5974        1648 :     oldestActiveXID = PrescanPreparedTransactions(NULL, NULL);
    5975             : 
    5976             :     /*
    5977             :      * Allow ordinary WAL segment creation before possibly switching to a new
    5978             :      * timeline, which creates a new segment, and after the last ReadRecord().
    5979             :      */
    5980        1648 :     SetInstallXLogFileSegmentActive();
    5981             : 
    5982             :     /*
    5983             :      * Consider whether we need to assign a new timeline ID.
    5984             :      *
    5985             :      * If we did archive recovery, we always assign a new ID.  This handles a
    5986             :      * couple of issues.  If we stopped short of the end of WAL during
    5987             :      * recovery, then we are clearly generating a new timeline and must assign
    5988             :      * it a unique new ID.  Even if we ran to the end, modifying the current
    5989             :      * last segment is problematic because it may result in trying to
    5990             :      * overwrite an already-archived copy of that segment, and we encourage
    5991             :      * DBAs to make their archive_commands reject that.  We can dodge the
    5992             :      * problem by making the new active segment have a new timeline ID.
    5993             :      *
    5994             :      * In a normal crash recovery, we can just extend the timeline we were in.
    5995             :      */
    5996        1648 :     newTLI = endOfRecoveryInfo->lastRecTLI;
    5997        1648 :     if (ArchiveRecoveryRequested)
    5998             :     {
    5999          98 :         newTLI = findNewestTimeLine(recoveryTargetTLI) + 1;
    6000          98 :         ereport(LOG,
    6001             :                 (errmsg("selected new timeline ID: %u", newTLI)));
    6002             : 
    6003             :         /*
    6004             :          * Make a writable copy of the last WAL segment.  (Note that we also
    6005             :          * have a copy of the last block of the old WAL in
    6006             :          * endOfRecovery->lastPage; we will use that below.)
    6007             :          */
    6008          98 :         XLogInitNewTimeline(EndOfLogTLI, EndOfLog, newTLI);
    6009             : 
    6010             :         /*
    6011             :          * Remove the signal files out of the way, so that we don't
    6012             :          * accidentally re-enter archive recovery mode in a subsequent crash.
    6013             :          */
    6014          98 :         if (endOfRecoveryInfo->standby_signal_file_found)
    6015          92 :             durable_unlink(STANDBY_SIGNAL_FILE, FATAL);
    6016             : 
    6017          98 :         if (endOfRecoveryInfo->recovery_signal_file_found)
    6018           6 :             durable_unlink(RECOVERY_SIGNAL_FILE, FATAL);
    6019             : 
    6020             :         /*
    6021             :          * Write the timeline history file, and have it archived. After this
    6022             :          * point (or rather, as soon as the file is archived), the timeline
    6023             :          * will appear as "taken" in the WAL archive and to any standby
    6024             :          * servers.  If we crash before actually switching to the new
    6025             :          * timeline, standby servers will nevertheless think that we switched
    6026             :          * to the new timeline, and will try to connect to the new timeline.
    6027             :          * To minimize the window for that, try to do as little as possible
    6028             :          * between here and writing the end-of-recovery record.
    6029             :          */
    6030          98 :         writeTimeLineHistory(newTLI, recoveryTargetTLI,
    6031             :                              EndOfLog, endOfRecoveryInfo->recoveryStopReason);
    6032             : 
    6033          98 :         ereport(LOG,
    6034             :                 (errmsg("archive recovery complete")));
    6035             :     }
    6036             : 
    6037             :     /* Save the selected TimeLineID in shared memory, too */
    6038        1648 :     SpinLockAcquire(&XLogCtl->info_lck);
    6039        1648 :     XLogCtl->InsertTimeLineID = newTLI;
    6040        1648 :     XLogCtl->PrevTimeLineID = endOfRecoveryInfo->lastRecTLI;
    6041        1648 :     SpinLockRelease(&XLogCtl->info_lck);
    6042             : 
    6043             :     /*
    6044             :      * Actually, if WAL ended in an incomplete record, skip the parts that
    6045             :      * made it through and start writing after the portion that persisted.
    6046             :      * (It's critical to first write an OVERWRITE_CONTRECORD message, which
    6047             :      * we'll do as soon as we're open for writing new WAL.)
    6048             :      */
    6049        1648 :     if (!XLogRecPtrIsInvalid(missingContrecPtr))
    6050             :     {
    6051             :         /*
    6052             :          * We should only have a missingContrecPtr if we're not switching to a
    6053             :          * new timeline. When a timeline switch occurs, WAL is copied from the
    6054             :          * old timeline to the new only up to the end of the last complete
    6055             :          * record, so there can't be an incomplete WAL record that we need to
    6056             :          * disregard.
    6057             :          */
    6058             :         Assert(newTLI == endOfRecoveryInfo->lastRecTLI);
    6059             :         Assert(!XLogRecPtrIsInvalid(abortedRecPtr));
    6060          22 :         EndOfLog = missingContrecPtr;
    6061             :     }
    6062             : 
    6063             :     /*
    6064             :      * Prepare to write WAL starting at EndOfLog location, and init xlog
    6065             :      * buffer cache using the block containing the last record from the
    6066             :      * previous incarnation.
    6067             :      */
    6068        1648 :     Insert = &XLogCtl->Insert;
    6069        1648 :     Insert->PrevBytePos = XLogRecPtrToBytePos(endOfRecoveryInfo->lastRec);
    6070        1648 :     Insert->CurrBytePos = XLogRecPtrToBytePos(EndOfLog);
    6071             : 
    6072             :     /*
    6073             :      * Tricky point here: lastPage contains the *last* block that the LastRec
    6074             :      * record spans, not the one it starts in.  The last block is indeed the
    6075             :      * one we want to use.
    6076             :      */
    6077        1648 :     if (EndOfLog % XLOG_BLCKSZ != 0)
    6078             :     {
    6079             :         char       *page;
    6080             :         int         len;
    6081             :         int         firstIdx;
    6082             : 
    6083        1584 :         firstIdx = XLogRecPtrToBufIdx(EndOfLog);
    6084        1584 :         len = EndOfLog - endOfRecoveryInfo->lastPageBeginPtr;
    6085             :         Assert(len < XLOG_BLCKSZ);
    6086             : 
    6087             :         /* Copy the valid part of the last block, and zero the rest */
    6088        1584 :         page = &XLogCtl->pages[firstIdx * XLOG_BLCKSZ];
    6089        1584 :         memcpy(page, endOfRecoveryInfo->lastPage, len);
    6090        1584 :         memset(page + len, 0, XLOG_BLCKSZ - len);
    6091             : 
    6092        1584 :         pg_atomic_write_u64(&XLogCtl->xlblocks[firstIdx], endOfRecoveryInfo->lastPageBeginPtr + XLOG_BLCKSZ);
    6093        1584 :         XLogCtl->InitializedUpTo = endOfRecoveryInfo->lastPageBeginPtr + XLOG_BLCKSZ;
    6094             :     }
    6095             :     else
    6096             :     {
    6097             :         /*
    6098             :          * There is no partial block to copy. Just set InitializedUpTo, and
    6099             :          * let the first attempt to insert a log record to initialize the next
    6100             :          * buffer.
    6101             :          */
    6102          64 :         XLogCtl->InitializedUpTo = EndOfLog;
    6103             :     }
    6104             : 
    6105             :     /*
    6106             :      * Update local and shared status.  This is OK to do without any locks
    6107             :      * because no other process can be reading or writing WAL yet.
    6108             :      */
    6109        1648 :     LogwrtResult.Write = LogwrtResult.Flush = EndOfLog;
    6110        1648 :     pg_atomic_write_u64(&XLogCtl->logInsertResult, EndOfLog);
    6111        1648 :     pg_atomic_write_u64(&XLogCtl->logWriteResult, EndOfLog);
    6112        1648 :     pg_atomic_write_u64(&XLogCtl->logFlushResult, EndOfLog);
    6113        1648 :     XLogCtl->LogwrtRqst.Write = EndOfLog;
    6114        1648 :     XLogCtl->LogwrtRqst.Flush = EndOfLog;
    6115             : 
    6116             :     /*
    6117             :      * Preallocate additional log files, if wanted.
    6118             :      */
    6119        1648 :     PreallocXlogFiles(EndOfLog, newTLI);
    6120             : 
    6121             :     /*
    6122             :      * Okay, we're officially UP.
    6123             :      */
    6124        1648 :     InRecovery = false;
    6125             : 
    6126             :     /* start the archive_timeout timer and LSN running */
    6127        1648 :     XLogCtl->lastSegSwitchTime = (pg_time_t) time(NULL);
    6128        1648 :     XLogCtl->lastSegSwitchLSN = EndOfLog;
    6129             : 
    6130             :     /* also initialize latestCompletedXid, to nextXid - 1 */
    6131        1648 :     LWLockAcquire(ProcArrayLock, LW_EXCLUSIVE);
    6132        1648 :     TransamVariables->latestCompletedXid = TransamVariables->nextXid;
    6133        1648 :     FullTransactionIdRetreat(&TransamVariables->latestCompletedXid);
    6134        1648 :     LWLockRelease(ProcArrayLock);
    6135             : 
    6136             :     /*
    6137             :      * Start up subtrans, if not already done for hot standby.  (commit
    6138             :      * timestamps are started below, if necessary.)
    6139             :      */
    6140        1648 :     if (standbyState == STANDBY_DISABLED)
    6141        1550 :         StartupSUBTRANS(oldestActiveXID);
    6142             : 
    6143             :     /*
    6144             :      * Perform end of recovery actions for any SLRUs that need it.
    6145             :      */
    6146        1648 :     TrimCLOG();
    6147        1648 :     TrimMultiXact();
    6148             : 
    6149             :     /*
    6150             :      * Reload shared-memory state for prepared transactions.  This needs to
    6151             :      * happen before renaming the last partial segment of the old timeline as
    6152             :      * it may be possible that we have to recover some transactions from it.
    6153             :      */
    6154        1648 :     RecoverPreparedTransactions();
    6155             : 
    6156             :     /* Shut down xlogreader */
    6157        1648 :     ShutdownWalRecovery();
    6158             : 
    6159             :     /* Enable WAL writes for this backend only. */
    6160        1648 :     LocalSetXLogInsertAllowed();
    6161             : 
    6162             :     /* If necessary, write overwrite-contrecord before doing anything else */
    6163        1648 :     if (!XLogRecPtrIsInvalid(abortedRecPtr))
    6164             :     {
    6165             :         Assert(!XLogRecPtrIsInvalid(missingContrecPtr));
    6166          22 :         CreateOverwriteContrecordRecord(abortedRecPtr, missingContrecPtr, newTLI);
    6167             :     }
    6168             : 
    6169             :     /*
    6170             :      * Update full_page_writes in shared memory and write an XLOG_FPW_CHANGE
    6171             :      * record before resource manager writes cleanup WAL records or checkpoint
    6172             :      * record is written.
    6173             :      */
    6174        1648 :     Insert->fullPageWrites = lastFullPageWrites;
    6175        1648 :     UpdateFullPageWrites();
    6176             : 
    6177             :     /*
    6178             :      * Emit checkpoint or end-of-recovery record in XLOG, if required.
    6179             :      */
    6180        1648 :     if (performedWalRecovery)
    6181         306 :         promoted = PerformRecoveryXLogAction();
    6182             : 
    6183             :     /*
    6184             :      * If any of the critical GUCs have changed, log them before we allow
    6185             :      * backends to write WAL.
    6186             :      */
    6187        1648 :     XLogReportParameters();
    6188             : 
    6189             :     /* If this is archive recovery, perform post-recovery cleanup actions. */
    6190        1648 :     if (ArchiveRecoveryRequested)
    6191          98 :         CleanupAfterArchiveRecovery(EndOfLogTLI, EndOfLog, newTLI);
    6192             : 
    6193             :     /*
    6194             :      * Local WAL inserts enabled, so it's time to finish initialization of
    6195             :      * commit timestamp.
    6196             :      */
    6197        1648 :     CompleteCommitTsInitialization();
    6198             : 
    6199             :     /*
    6200             :      * All done with end-of-recovery actions.
    6201             :      *
    6202             :      * Now allow backends to write WAL and update the control file status in
    6203             :      * consequence.  SharedRecoveryState, that controls if backends can write
    6204             :      * WAL, is updated while holding ControlFileLock to prevent other backends
    6205             :      * to look at an inconsistent state of the control file in shared memory.
    6206             :      * There is still a small window during which backends can write WAL and
    6207             :      * the control file is still referring to a system not in DB_IN_PRODUCTION
    6208             :      * state while looking at the on-disk control file.
    6209             :      *
    6210             :      * Also, we use info_lck to update SharedRecoveryState to ensure that
    6211             :      * there are no race conditions concerning visibility of other recent
    6212             :      * updates to shared memory.
    6213             :      */
    6214        1648 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    6215        1648 :     ControlFile->state = DB_IN_PRODUCTION;
    6216             : 
    6217        1648 :     SpinLockAcquire(&XLogCtl->info_lck);
    6218        1648 :     XLogCtl->SharedRecoveryState = RECOVERY_STATE_DONE;
    6219        1648 :     SpinLockRelease(&XLogCtl->info_lck);
    6220             : 
    6221        1648 :     UpdateControlFile();
    6222        1648 :     LWLockRelease(ControlFileLock);
    6223             : 
    6224             :     /*
    6225             :      * Shutdown the recovery environment.  This must occur after
    6226             :      * RecoverPreparedTransactions() (see notes in lock_twophase_recover())
    6227             :      * and after switching SharedRecoveryState to RECOVERY_STATE_DONE so as
    6228             :      * any session building a snapshot will not rely on KnownAssignedXids as
    6229             :      * RecoveryInProgress() would return false at this stage.  This is
    6230             :      * particularly critical for prepared 2PC transactions, that would still
    6231             :      * need to be included in snapshots once recovery has ended.
    6232             :      */
    6233        1648 :     if (standbyState != STANDBY_DISABLED)
    6234          98 :         ShutdownRecoveryTransactionEnvironment();
    6235             : 
    6236             :     /*
    6237             :      * If there were cascading standby servers connected to us, nudge any wal
    6238             :      * sender processes to notice that we've been promoted.
    6239             :      */
    6240        1648 :     WalSndWakeup(true, true);
    6241             : 
    6242             :     /*
    6243             :      * If this was a promotion, request an (online) checkpoint now. This isn't
    6244             :      * required for consistency, but the last restartpoint might be far back,
    6245             :      * and in case of a crash, recovering from it might take a longer than is
    6246             :      * appropriate now that we're not in standby mode anymore.
    6247             :      */
    6248        1648 :     if (promoted)
    6249          84 :         RequestCheckpoint(CHECKPOINT_FORCE);
    6250        1648 : }
    6251             : 
    6252             : /*
    6253             :  * Callback from PerformWalRecovery(), called when we switch from crash
    6254             :  * recovery to archive recovery mode.  Updates the control file accordingly.
    6255             :  */
    6256             : void
    6257           4 : SwitchIntoArchiveRecovery(XLogRecPtr EndRecPtr, TimeLineID replayTLI)
    6258             : {
    6259             :     /* initialize minRecoveryPoint to this record */
    6260           4 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    6261           4 :     ControlFile->state = DB_IN_ARCHIVE_RECOVERY;
    6262           4 :     if (ControlFile->minRecoveryPoint < EndRecPtr)
    6263             :     {
    6264           4 :         ControlFile->minRecoveryPoint = EndRecPtr;
    6265           4 :         ControlFile->minRecoveryPointTLI = replayTLI;
    6266             :     }
    6267             :     /* update local copy */
    6268           4 :     LocalMinRecoveryPoint = ControlFile->minRecoveryPoint;
    6269           4 :     LocalMinRecoveryPointTLI = ControlFile->minRecoveryPointTLI;
    6270             : 
    6271             :     /*
    6272             :      * The startup process can update its local copy of minRecoveryPoint from
    6273             :      * this point.
    6274             :      */
    6275           4 :     updateMinRecoveryPoint = true;
    6276             : 
    6277           4 :     UpdateControlFile();
    6278             : 
    6279             :     /*
    6280             :      * We update SharedRecoveryState while holding the lock on ControlFileLock
    6281             :      * so both states are consistent in shared memory.
    6282             :      */
    6283           4 :     SpinLockAcquire(&XLogCtl->info_lck);
    6284           4 :     XLogCtl->SharedRecoveryState = RECOVERY_STATE_ARCHIVE;
    6285           4 :     SpinLockRelease(&XLogCtl->info_lck);
    6286             : 
    6287           4 :     LWLockRelease(ControlFileLock);
    6288           4 : }
    6289             : 
    6290             : /*
    6291             :  * Callback from PerformWalRecovery(), called when we reach the end of backup.
    6292             :  * Updates the control file accordingly.
    6293             :  */
    6294             : void
    6295         138 : ReachedEndOfBackup(XLogRecPtr EndRecPtr, TimeLineID tli)
    6296             : {
    6297             :     /*
    6298             :      * We have reached the end of base backup, as indicated by pg_control. The
    6299             :      * data on disk is now consistent (unless minRecoveryPoint is further
    6300             :      * ahead, which can happen if we crashed during previous recovery).  Reset
    6301             :      * backupStartPoint and backupEndPoint, and update minRecoveryPoint to
    6302             :      * make sure we don't allow starting up at an earlier point even if
    6303             :      * recovery is stopped and restarted soon after this.
    6304             :      */
    6305         138 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    6306             : 
    6307         138 :     if (ControlFile->minRecoveryPoint < EndRecPtr)
    6308             :     {
    6309         130 :         ControlFile->minRecoveryPoint = EndRecPtr;
    6310         130 :         ControlFile->minRecoveryPointTLI = tli;
    6311             :     }
    6312             : 
    6313         138 :     ControlFile->backupStartPoint = InvalidXLogRecPtr;
    6314         138 :     ControlFile->backupEndPoint = InvalidXLogRecPtr;
    6315         138 :     ControlFile->backupEndRequired = false;
    6316         138 :     UpdateControlFile();
    6317             : 
    6318         138 :     LWLockRelease(ControlFileLock);
    6319         138 : }
    6320             : 
    6321             : /*
    6322             :  * Perform whatever XLOG actions are necessary at end of REDO.
    6323             :  *
    6324             :  * The goal here is to make sure that we'll be able to recover properly if
    6325             :  * we crash again. If we choose to write a checkpoint, we'll write a shutdown
    6326             :  * checkpoint rather than an on-line one. This is not particularly critical,
    6327             :  * but since we may be assigning a new TLI, using a shutdown checkpoint allows
    6328             :  * us to have the rule that TLI only changes in shutdown checkpoints, which
    6329             :  * allows some extra error checking in xlog_redo.
    6330             :  */
    6331             : static bool
    6332         306 : PerformRecoveryXLogAction(void)
    6333             : {
    6334         306 :     bool        promoted = false;
    6335             : 
    6336             :     /*
    6337             :      * Perform a checkpoint to update all our recovery activity to disk.
    6338             :      *
    6339             :      * Note that we write a shutdown checkpoint rather than an on-line one.
    6340             :      * This is not particularly critical, but since we may be assigning a new
    6341             :      * TLI, using a shutdown checkpoint allows us to have the rule that TLI
    6342             :      * only changes in shutdown checkpoints, which allows some extra error
    6343             :      * checking in xlog_redo.
    6344             :      *
    6345             :      * In promotion, only create a lightweight end-of-recovery record instead
    6346             :      * of a full checkpoint. A checkpoint is requested later, after we're
    6347             :      * fully out of recovery mode and already accepting queries.
    6348             :      */
    6349         404 :     if (ArchiveRecoveryRequested && IsUnderPostmaster &&
    6350          98 :         PromoteIsTriggered())
    6351             :     {
    6352          84 :         promoted = true;
    6353             : 
    6354             :         /*
    6355             :          * Insert a special WAL record to mark the end of recovery, since we
    6356             :          * aren't doing a checkpoint. That means that the checkpointer process
    6357             :          * may likely be in the middle of a time-smoothed restartpoint and
    6358             :          * could continue to be for minutes after this.  That sounds strange,
    6359             :          * but the effect is roughly the same and it would be stranger to try
    6360             :          * to come out of the restartpoint and then checkpoint. We request a
    6361             :          * checkpoint later anyway, just for safety.
    6362             :          */
    6363          84 :         CreateEndOfRecoveryRecord();
    6364             :     }
    6365             :     else
    6366             :     {
    6367         222 :         RequestCheckpoint(CHECKPOINT_END_OF_RECOVERY |
    6368             :                           CHECKPOINT_IMMEDIATE |
    6369             :                           CHECKPOINT_WAIT);
    6370             :     }
    6371             : 
    6372         306 :     return promoted;
    6373             : }
    6374             : 
    6375             : /*
    6376             :  * Is the system still in recovery?
    6377             :  *
    6378             :  * Unlike testing InRecovery, this works in any process that's connected to
    6379             :  * shared memory.
    6380             :  */
    6381             : bool
    6382   169708662 : RecoveryInProgress(void)
    6383             : {
    6384             :     /*
    6385             :      * We check shared state each time only until we leave recovery mode. We
    6386             :      * can't re-enter recovery, so there's no need to keep checking after the
    6387             :      * shared variable has once been seen false.
    6388             :      */
    6389   169708662 :     if (!LocalRecoveryInProgress)
    6390   164502432 :         return false;
    6391             :     else
    6392             :     {
    6393             :         /*
    6394             :          * use volatile pointer to make sure we make a fresh read of the
    6395             :          * shared variable.
    6396             :          */
    6397     5206230 :         volatile XLogCtlData *xlogctl = XLogCtl;
    6398             : 
    6399     5206230 :         LocalRecoveryInProgress = (xlogctl->SharedRecoveryState != RECOVERY_STATE_DONE);
    6400             : 
    6401             :         /*
    6402             :          * Note: We don't need a memory barrier when we're still in recovery.
    6403             :          * We might exit recovery immediately after return, so the caller
    6404             :          * can't rely on 'true' meaning that we're still in recovery anyway.
    6405             :          */
    6406             : 
    6407     5206230 :         return LocalRecoveryInProgress;
    6408             :     }
    6409             : }
    6410             : 
    6411             : /*
    6412             :  * Returns current recovery state from shared memory.
    6413             :  *
    6414             :  * This returned state is kept consistent with the contents of the control
    6415             :  * file.  See details about the possible values of RecoveryState in xlog.h.
    6416             :  */
    6417             : RecoveryState
    6418         122 : GetRecoveryState(void)
    6419             : {
    6420             :     RecoveryState retval;
    6421             : 
    6422         122 :     SpinLockAcquire(&XLogCtl->info_lck);
    6423         122 :     retval = XLogCtl->SharedRecoveryState;
    6424         122 :     SpinLockRelease(&XLogCtl->info_lck);
    6425             : 
    6426         122 :     return retval;
    6427             : }
    6428             : 
    6429             : /*
    6430             :  * Is this process allowed to insert new WAL records?
    6431             :  *
    6432             :  * Ordinarily this is essentially equivalent to !RecoveryInProgress().
    6433             :  * But we also have provisions for forcing the result "true" or "false"
    6434             :  * within specific processes regardless of the global state.
    6435             :  */
    6436             : bool
    6437    59202688 : XLogInsertAllowed(void)
    6438             : {
    6439             :     /*
    6440             :      * If value is "unconditionally true" or "unconditionally false", just
    6441             :      * return it.  This provides the normal fast path once recovery is known
    6442             :      * done.
    6443             :      */
    6444    59202688 :     if (LocalXLogInsertAllowed >= 0)
    6445    58996166 :         return (bool) LocalXLogInsertAllowed;
    6446             : 
    6447             :     /*
    6448             :      * Else, must check to see if we're still in recovery.
    6449             :      */
    6450      206522 :     if (RecoveryInProgress())
    6451      190904 :         return false;
    6452             : 
    6453             :     /*
    6454             :      * On exit from recovery, reset to "unconditionally true", since there is
    6455             :      * no need to keep checking.
    6456             :      */
    6457       15618 :     LocalXLogInsertAllowed = 1;
    6458       15618 :     return true;
    6459             : }
    6460             : 
    6461             : /*
    6462             :  * Make XLogInsertAllowed() return true in the current process only.
    6463             :  *
    6464             :  * Note: it is allowed to switch LocalXLogInsertAllowed back to -1 later,
    6465             :  * and even call LocalSetXLogInsertAllowed() again after that.
    6466             :  *
    6467             :  * Returns the previous value of LocalXLogInsertAllowed.
    6468             :  */
    6469             : static int
    6470        1706 : LocalSetXLogInsertAllowed(void)
    6471             : {
    6472        1706 :     int         oldXLogAllowed = LocalXLogInsertAllowed;
    6473             : 
    6474        1706 :     LocalXLogInsertAllowed = 1;
    6475             : 
    6476        1706 :     return oldXLogAllowed;
    6477             : }
    6478             : 
    6479             : /*
    6480             :  * Return the current Redo pointer from shared memory.
    6481             :  *
    6482             :  * As a side-effect, the local RedoRecPtr copy is updated.
    6483             :  */
    6484             : XLogRecPtr
    6485      574278 : GetRedoRecPtr(void)
    6486             : {
    6487             :     XLogRecPtr  ptr;
    6488             : 
    6489             :     /*
    6490             :      * The possibly not up-to-date copy in XlogCtl is enough. Even if we
    6491             :      * grabbed a WAL insertion lock to read the authoritative value in
    6492             :      * Insert->RedoRecPtr, someone might update it just after we've released
    6493             :      * the lock.
    6494             :      */
    6495      574278 :     SpinLockAcquire(&XLogCtl->info_lck);
    6496      574278 :     ptr = XLogCtl->RedoRecPtr;
    6497      574278 :     SpinLockRelease(&XLogCtl->info_lck);
    6498             : 
    6499      574278 :     if (RedoRecPtr < ptr)
    6500        2728 :         RedoRecPtr = ptr;
    6501             : 
    6502      574278 :     return RedoRecPtr;
    6503             : }
    6504             : 
    6505             : /*
    6506             :  * Return information needed to decide whether a modified block needs a
    6507             :  * full-page image to be included in the WAL record.
    6508             :  *
    6509             :  * The returned values are cached copies from backend-private memory, and
    6510             :  * possibly out-of-date or, indeed, uninitialized, in which case they will
    6511             :  * be InvalidXLogRecPtr and false, respectively.  XLogInsertRecord will
    6512             :  * re-check them against up-to-date values, while holding the WAL insert lock.
    6513             :  */
    6514             : void
    6515    28698472 : GetFullPageWriteInfo(XLogRecPtr *RedoRecPtr_p, bool *doPageWrites_p)
    6516             : {
    6517    28698472 :     *RedoRecPtr_p = RedoRecPtr;
    6518    28698472 :     *doPageWrites_p = doPageWrites;
    6519    28698472 : }
    6520             : 
    6521             : /*
    6522             :  * GetInsertRecPtr -- Returns the current insert position.
    6523             :  *
    6524             :  * NOTE: The value *actually* returned is the position of the last full
    6525             :  * xlog page. It lags behind the real insert position by at most 1 page.
    6526             :  * For that, we don't need to scan through WAL insertion locks, and an
    6527             :  * approximation is enough for the current usage of this function.
    6528             :  */
    6529             : XLogRecPtr
    6530       12384 : GetInsertRecPtr(void)
    6531             : {
    6532             :     XLogRecPtr  recptr;
    6533             : 
    6534       12384 :     SpinLockAcquire(&XLogCtl->info_lck);
    6535       12384 :     recptr = XLogCtl->LogwrtRqst.Write;
    6536       12384 :     SpinLockRelease(&XLogCtl->info_lck);
    6537             : 
    6538       12384 :     return recptr;
    6539             : }
    6540             : 
    6541             : /*
    6542             :  * GetFlushRecPtr -- Returns the current flush position, ie, the last WAL
    6543             :  * position known to be fsync'd to disk. This should only be used on a
    6544             :  * system that is known not to be in recovery.
    6545             :  */
    6546             : XLogRecPtr
    6547      349208 : GetFlushRecPtr(TimeLineID *insertTLI)
    6548             : {
    6549             :     Assert(XLogCtl->SharedRecoveryState == RECOVERY_STATE_DONE);
    6550             : 
    6551      349208 :     RefreshXLogWriteResult(LogwrtResult);
    6552             : 
    6553             :     /*
    6554             :      * If we're writing and flushing WAL, the time line can't be changing, so
    6555             :      * no lock is required.
    6556             :      */
    6557      349208 :     if (insertTLI)
    6558       52244 :         *insertTLI = XLogCtl->InsertTimeLineID;
    6559             : 
    6560      349208 :     return LogwrtResult.Flush;
    6561             : }
    6562             : 
    6563             : /*
    6564             :  * GetWALInsertionTimeLine -- Returns the current timeline of a system that
    6565             :  * is not in recovery.
    6566             :  */
    6567             : TimeLineID
    6568      214236 : GetWALInsertionTimeLine(void)
    6569             : {
    6570             :     Assert(XLogCtl->SharedRecoveryState == RECOVERY_STATE_DONE);
    6571             : 
    6572             :     /* Since the value can't be changing, no lock is required. */
    6573      214236 :     return XLogCtl->InsertTimeLineID;
    6574             : }
    6575             : 
    6576             : /*
    6577             :  * GetWALInsertionTimeLineIfSet -- If the system is not in recovery, returns
    6578             :  * the WAL insertion timeline; else, returns 0. Wherever possible, use
    6579             :  * GetWALInsertionTimeLine() instead, since it's cheaper. Note that this
    6580             :  * function decides recovery has ended as soon as the insert TLI is set, which
    6581             :  * happens before we set XLogCtl->SharedRecoveryState to RECOVERY_STATE_DONE.
    6582             :  */
    6583             : TimeLineID
    6584           0 : GetWALInsertionTimeLineIfSet(void)
    6585             : {
    6586             :     TimeLineID  insertTLI;
    6587             : 
    6588           0 :     SpinLockAcquire(&XLogCtl->info_lck);
    6589           0 :     insertTLI = XLogCtl->InsertTimeLineID;
    6590           0 :     SpinLockRelease(&XLogCtl->info_lck);
    6591             : 
    6592           0 :     return insertTLI;
    6593             : }
    6594             : 
    6595             : /*
    6596             :  * GetLastImportantRecPtr -- Returns the LSN of the last important record
    6597             :  * inserted. All records not explicitly marked as unimportant are considered
    6598             :  * important.
    6599             :  *
    6600             :  * The LSN is determined by computing the maximum of
    6601             :  * WALInsertLocks[i].lastImportantAt.
    6602             :  */
    6603             : XLogRecPtr
    6604        2292 : GetLastImportantRecPtr(void)
    6605             : {
    6606        2292 :     XLogRecPtr  res = InvalidXLogRecPtr;
    6607             :     int         i;
    6608             : 
    6609       20628 :     for (i = 0; i < NUM_XLOGINSERT_LOCKS; i++)
    6610             :     {
    6611             :         XLogRecPtr  last_important;
    6612             : 
    6613             :         /*
    6614             :          * Need to take a lock to prevent torn reads of the LSN, which are
    6615             :          * possible on some of the supported platforms. WAL insert locks only
    6616             :          * support exclusive mode, so we have to use that.
    6617             :          */
    6618       18336 :         LWLockAcquire(&WALInsertLocks[i].l.lock, LW_EXCLUSIVE);
    6619       18336 :         last_important = WALInsertLocks[i].l.lastImportantAt;
    6620       18336 :         LWLockRelease(&WALInsertLocks[i].l.lock);
    6621             : 
    6622       18336 :         if (res < last_important)
    6623        4416 :             res = last_important;
    6624             :     }
    6625             : 
    6626        2292 :     return res;
    6627             : }
    6628             : 
    6629             : /*
    6630             :  * Get the time and LSN of the last xlog segment switch
    6631             :  */
    6632             : pg_time_t
    6633           0 : GetLastSegSwitchData(XLogRecPtr *lastSwitchLSN)
    6634             : {
    6635             :     pg_time_t   result;
    6636             : 
    6637             :     /* Need WALWriteLock, but shared lock is sufficient */
    6638           0 :     LWLockAcquire(WALWriteLock, LW_SHARED);
    6639           0 :     result = XLogCtl->lastSegSwitchTime;
    6640           0 :     *lastSwitchLSN = XLogCtl->lastSegSwitchLSN;
    6641           0 :     LWLockRelease(WALWriteLock);
    6642             : 
    6643           0 :     return result;
    6644             : }
    6645             : 
    6646             : /*
    6647             :  * This must be called ONCE during postmaster or standalone-backend shutdown
    6648             :  */
    6649             : void
    6650        1178 : ShutdownXLOG(int code, Datum arg)
    6651             : {
    6652             :     /*
    6653             :      * We should have an aux process resource owner to use, and we should not
    6654             :      * be in a transaction that's installed some other resowner.
    6655             :      */
    6656             :     Assert(AuxProcessResourceOwner != NULL);
    6657             :     Assert(CurrentResourceOwner == NULL ||
    6658             :            CurrentResourceOwner == AuxProcessResourceOwner);
    6659        1178 :     CurrentResourceOwner = AuxProcessResourceOwner;
    6660             : 
    6661             :     /* Don't be chatty in standalone mode */
    6662        1178 :     ereport(IsPostmasterEnvironment ? LOG : NOTICE,
    6663             :             (errmsg("shutting down")));
    6664             : 
    6665             :     /*
    6666             :      * Signal walsenders to move to stopping state.
    6667             :      */
    6668        1178 :     WalSndInitStopping();
    6669             : 
    6670             :     /*
    6671             :      * Wait for WAL senders to be in stopping state.  This prevents commands
    6672             :      * from writing new WAL.
    6673             :      */
    6674        1178 :     WalSndWaitStopping();
    6675             : 
    6676        1178 :     if (RecoveryInProgress())
    6677         106 :         CreateRestartPoint(CHECKPOINT_IS_SHUTDOWN | CHECKPOINT_IMMEDIATE);
    6678             :     else
    6679             :     {
    6680             :         /*
    6681             :          * If archiving is enabled, rotate the last XLOG file so that all the
    6682             :          * remaining records are archived (postmaster wakes up the archiver
    6683             :          * process one more time at the end of shutdown). The checkpoint
    6684             :          * record will go to the next XLOG file and won't be archived (yet).
    6685             :          */
    6686        1072 :         if (XLogArchivingActive())
    6687          26 :             RequestXLogSwitch(false);
    6688             : 
    6689        1072 :         CreateCheckPoint(CHECKPOINT_IS_SHUTDOWN | CHECKPOINT_IMMEDIATE);
    6690             :     }
    6691        1178 : }
    6692             : 
    6693             : /*
    6694             :  * Log start of a checkpoint.
    6695             :  */
    6696             : static void
    6697        2082 : LogCheckpointStart(int flags, bool restartpoint)
    6698             : {
    6699        2082 :     if (restartpoint)
    6700         376 :         ereport(LOG,
    6701             :         /* translator: the placeholders show checkpoint options */
    6702             :                 (errmsg("restartpoint starting:%s%s%s%s%s%s%s%s",
    6703             :                         (flags & CHECKPOINT_IS_SHUTDOWN) ? " shutdown" : "",
    6704             :                         (flags & CHECKPOINT_END_OF_RECOVERY) ? " end-of-recovery" : "",
    6705             :                         (flags & CHECKPOINT_IMMEDIATE) ? " immediate" : "",
    6706             :                         (flags & CHECKPOINT_FORCE) ? " force" : "",
    6707             :                         (flags & CHECKPOINT_WAIT) ? " wait" : "",
    6708             :                         (flags & CHECKPOINT_CAUSE_XLOG) ? " wal" : "",
    6709             :                         (flags & CHECKPOINT_CAUSE_TIME) ? " time" : "",
    6710             :                         (flags & CHECKPOINT_FLUSH_ALL) ? " flush-all" : "")));
    6711             :     else
    6712        1706 :         ereport(LOG,
    6713             :         /* translator: the placeholders show checkpoint options */
    6714             :                 (errmsg("checkpoint starting:%s%s%s%s%s%s%s%s",
    6715             :                         (flags & CHECKPOINT_IS_SHUTDOWN) ? " shutdown" : "",
    6716             :                         (flags & CHECKPOINT_END_OF_RECOVERY) ? " end-of-recovery" : "",
    6717             :                         (flags & CHECKPOINT_IMMEDIATE) ? " immediate" : "",
    6718             :                         (flags & CHECKPOINT_FORCE) ? " force" : "",
    6719             :                         (flags & CHECKPOINT_WAIT) ? " wait" : "",
    6720             :                         (flags & CHECKPOINT_CAUSE_XLOG) ? " wal" : "",
    6721             :                         (flags & CHECKPOINT_CAUSE_TIME) ? " time" : "",
    6722             :                         (flags & CHECKPOINT_FLUSH_ALL) ? " flush-all" : "")));
    6723        2082 : }
    6724             : 
    6725             : /*
    6726             :  * Log end of a checkpoint.
    6727             :  */
    6728             : static void
    6729        2606 : LogCheckpointEnd(bool restartpoint)
    6730             : {
    6731             :     long        write_msecs,
    6732             :                 sync_msecs,
    6733             :                 total_msecs,
    6734             :                 longest_msecs,
    6735             :                 average_msecs;
    6736             :     uint64      average_sync_time;
    6737             : 
    6738        2606 :     CheckpointStats.ckpt_end_t = GetCurrentTimestamp();
    6739             : 
    6740        2606 :     write_msecs = TimestampDifferenceMilliseconds(CheckpointStats.ckpt_write_t,
    6741             :                                                   CheckpointStats.ckpt_sync_t);
    6742             : 
    6743        2606 :     sync_msecs = TimestampDifferenceMilliseconds(CheckpointStats.ckpt_sync_t,
    6744             :                                                  CheckpointStats.ckpt_sync_end_t);
    6745             : 
    6746             :     /* Accumulate checkpoint timing summary data, in milliseconds. */
    6747        2606 :     PendingCheckpointerStats.write_time += write_msecs;
    6748        2606 :     PendingCheckpointerStats.sync_time += sync_msecs;
    6749             : 
    6750             :     /*
    6751             :      * All of the published timing statistics are accounted for.  Only
    6752             :      * continue if a log message is to be written.
    6753             :      */
    6754        2606 :     if (!log_checkpoints)
    6755         524 :         return;
    6756             : 
    6757        2082 :     total_msecs = TimestampDifferenceMilliseconds(CheckpointStats.ckpt_start_t,
    6758             :                                                   CheckpointStats.ckpt_end_t);
    6759             : 
    6760             :     /*
    6761             :      * Timing values returned from CheckpointStats are in microseconds.
    6762             :      * Convert to milliseconds for consistent printing.
    6763             :      */
    6764        2082 :     longest_msecs = (long) ((CheckpointStats.ckpt_longest_sync + 999) / 1000);
    6765             : 
    6766        2082 :     average_sync_time = 0;
    6767        2082 :     if (CheckpointStats.ckpt_sync_rels > 0)
    6768           0 :         average_sync_time = CheckpointStats.ckpt_agg_sync_time /
    6769           0 :             CheckpointStats.ckpt_sync_rels;
    6770        2082 :     average_msecs = (long) ((average_sync_time + 999) / 1000);
    6771             : 
    6772             :     /*
    6773             :      * ControlFileLock is not required to see ControlFile->checkPoint and
    6774             :      * ->checkPointCopy here as we are the only updator of those variables at
    6775             :      * this moment.
    6776             :      */
    6777        2082 :     if (restartpoint)
    6778         376 :         ereport(LOG,
    6779             :                 (errmsg("restartpoint complete: wrote %d buffers (%.1f%%), "
    6780             :                         "wrote %d SLRU buffers; %d WAL file(s) added, "
    6781             :                         "%d removed, %d recycled; write=%ld.%03d s, "
    6782             :                         "sync=%ld.%03d s, total=%ld.%03d s; sync files=%d, "
    6783             :                         "longest=%ld.%03d s, average=%ld.%03d s; distance=%d kB, "
    6784             :                         "estimate=%d kB; lsn=%X/%X, redo lsn=%X/%X",
    6785             :                         CheckpointStats.ckpt_bufs_written,
    6786             :                         (double) CheckpointStats.ckpt_bufs_written * 100 / NBuffers,
    6787             :                         CheckpointStats.ckpt_slru_written,
    6788             :                         CheckpointStats.ckpt_segs_added,
    6789             :                         CheckpointStats.ckpt_segs_removed,
    6790             :                         CheckpointStats.ckpt_segs_recycled,
    6791             :                         write_msecs / 1000, (int) (write_msecs % 1000),
    6792             :                         sync_msecs / 1000, (int) (sync_msecs % 1000),
    6793             :                         total_msecs / 1000, (int) (total_msecs % 1000),
    6794             :                         CheckpointStats.ckpt_sync_rels,
    6795             :                         longest_msecs / 1000, (int) (longest_msecs % 1000),
    6796             :                         average_msecs / 1000, (int) (average_msecs % 1000),
    6797             :                         (int) (PrevCheckPointDistance / 1024.0),
    6798             :                         (int) (CheckPointDistanceEstimate / 1024.0),
    6799             :                         LSN_FORMAT_ARGS(ControlFile->checkPoint),
    6800             :                         LSN_FORMAT_ARGS(ControlFile->checkPointCopy.redo))));
    6801             :     else
    6802        1706 :         ereport(LOG,
    6803             :                 (errmsg("checkpoint complete: wrote %d buffers (%.1f%%), "
    6804             :                         "wrote %d SLRU buffers; %d WAL file(s) added, "
    6805             :                         "%d removed, %d recycled; write=%ld.%03d s, "
    6806             :                         "sync=%ld.%03d s, total=%ld.%03d s; sync files=%d, "
    6807             :                         "longest=%ld.%03d s, average=%ld.%03d s; distance=%d kB, "
    6808             :                         "estimate=%d kB; lsn=%X/%X, redo lsn=%X/%X",
    6809             :                         CheckpointStats.ckpt_bufs_written,
    6810             :                         (double) CheckpointStats.ckpt_bufs_written * 100 / NBuffers,
    6811             :                         CheckpointStats.ckpt_slru_written,
    6812             :                         CheckpointStats.ckpt_segs_added,
    6813             :                         CheckpointStats.ckpt_segs_removed,
    6814             :                         CheckpointStats.ckpt_segs_recycled,
    6815             :                         write_msecs / 1000, (int) (write_msecs % 1000),
    6816             :                         sync_msecs / 1000, (int) (sync_msecs % 1000),
    6817             :                         total_msecs / 1000, (int) (total_msecs % 1000),
    6818             :                         CheckpointStats.ckpt_sync_rels,
    6819             :                         longest_msecs / 1000, (int) (longest_msecs % 1000),
    6820             :                         average_msecs / 1000, (int) (average_msecs % 1000),
    6821             :                         (int) (PrevCheckPointDistance / 1024.0),
    6822             :                         (int) (CheckPointDistanceEstimate / 1024.0),
    6823             :                         LSN_FORMAT_ARGS(ControlFile->checkPoint),
    6824             :                         LSN_FORMAT_ARGS(ControlFile->checkPointCopy.redo))));
    6825             : }
    6826             : 
    6827             : /*
    6828             :  * Update the estimate of distance between checkpoints.
    6829             :  *
    6830             :  * The estimate is used to calculate the number of WAL segments to keep
    6831             :  * preallocated, see XLOGfileslop().
    6832             :  */
    6833             : static void
    6834        2606 : UpdateCheckPointDistanceEstimate(uint64 nbytes)
    6835             : {
    6836             :     /*
    6837             :      * To estimate the number of segments consumed between checkpoints, keep a
    6838             :      * moving average of the amount of WAL generated in previous checkpoint
    6839             :      * cycles. However, if the load is bursty, with quiet periods and busy
    6840             :      * periods, we want to cater for the peak load. So instead of a plain
    6841             :      * moving average, let the average decline slowly if the previous cycle
    6842             :      * used less WAL than estimated, but bump it up immediately if it used
    6843             :      * more.
    6844             :      *
    6845             :      * When checkpoints are triggered by max_wal_size, this should converge to
    6846             :      * CheckpointSegments * wal_segment_size,
    6847             :      *
    6848             :      * Note: This doesn't pay any attention to what caused the checkpoint.
    6849             :      * Checkpoints triggered manually with CHECKPOINT command, or by e.g.
    6850             :      * starting a base backup, are counted the same as those created
    6851             :      * automatically. The slow-decline will largely mask them out, if they are
    6852             :      * not frequent. If they are frequent, it seems reasonable to count them
    6853             :      * in as any others; if you issue a manual checkpoint every 5 minutes and
    6854             :      * never let a timed checkpoint happen, it makes sense to base the
    6855             :      * preallocation on that 5 minute interval rather than whatever
    6856             :      * checkpoint_timeout is set to.
    6857             :      */
    6858        2606 :     PrevCheckPointDistance = nbytes;
    6859        2606 :     if (CheckPointDistanceEstimate < nbytes)
    6860        1328 :         CheckPointDistanceEstimate = nbytes;
    6861             :     else
    6862        1278 :         CheckPointDistanceEstimate =
    6863        1278 :             (0.90 * CheckPointDistanceEstimate + 0.10 * (double) nbytes);
    6864        2606 : }
    6865             : 
    6866             : /*
    6867             :  * Update the ps display for a process running a checkpoint.  Note that
    6868             :  * this routine should not do any allocations so as it can be called
    6869             :  * from a critical section.
    6870             :  */
    6871             : static void
    6872        5212 : update_checkpoint_display(int flags, bool restartpoint, bool reset)
    6873             : {
    6874             :     /*
    6875             :      * The status is reported only for end-of-recovery and shutdown
    6876             :      * checkpoints or shutdown restartpoints.  Updating the ps display is
    6877             :      * useful in those situations as it may not be possible to rely on
    6878             :      * pg_stat_activity to see the status of the checkpointer or the startup
    6879             :      * process.
    6880             :      */
    6881        5212 :     if ((flags & (CHECKPOINT_END_OF_RECOVERY | CHECKPOINT_IS_SHUTDOWN)) == 0)
    6882        2872 :         return;
    6883             : 
    6884        2340 :     if (reset)
    6885        1170 :         set_ps_display("");
    6886             :     else
    6887             :     {
    6888             :         char        activitymsg[128];
    6889             : 
    6890        3510 :         snprintf(activitymsg, sizeof(activitymsg), "performing %s%s%s",
    6891        1170 :                  (flags & CHECKPOINT_END_OF_RECOVERY) ? "end-of-recovery " : "",
    6892        1170 :                  (flags & CHECKPOINT_IS_SHUTDOWN) ? "shutdown " : "",
    6893             :                  restartpoint ? "restartpoint" : "checkpoint");
    6894        1170 :         set_ps_display(activitymsg);
    6895             :     }
    6896             : }
    6897             : 
    6898             : 
    6899             : /*
    6900             :  * Perform a checkpoint --- either during shutdown, or on-the-fly
    6901             :  *
    6902             :  * flags is a bitwise OR of the following:
    6903             :  *  CHECKPOINT_IS_SHUTDOWN: checkpoint is for database shutdown.
    6904             :  *  CHECKPOINT_END_OF_RECOVERY: checkpoint is for end of WAL recovery.
    6905             :  *  CHECKPOINT_IMMEDIATE: finish the checkpoint ASAP,
    6906             :  *      ignoring checkpoint_completion_target parameter.
    6907             :  *  CHECKPOINT_FORCE: force a checkpoint even if no XLOG activity has occurred
    6908             :  *      since the last one (implied by CHECKPOINT_IS_SHUTDOWN or
    6909             :  *      CHECKPOINT_END_OF_RECOVERY).
    6910             :  *  CHECKPOINT_FLUSH_ALL: also flush buffers of unlogged tables.
    6911             :  *
    6912             :  * Note: flags contains other bits, of interest here only for logging purposes.
    6913             :  * In particular note that this routine is synchronous and does not pay
    6914             :  * attention to CHECKPOINT_WAIT.
    6915             :  *
    6916             :  * If !shutdown then we are writing an online checkpoint. An XLOG_CHECKPOINT_REDO
    6917             :  * record is inserted into WAL at the logical location of the checkpoint, before
    6918             :  * flushing anything to disk, and when the checkpoint is eventually completed,
    6919             :  * and it is from this point that WAL replay will begin in the case of a recovery
    6920             :  * from this checkpoint. Once everything is written to disk, an
    6921             :  * XLOG_CHECKPOINT_ONLINE record is written to complete the checkpoint, and
    6922             :  * points back to the earlier XLOG_CHECKPOINT_REDO record. This mechanism allows
    6923             :  * other write-ahead log records to be written while the checkpoint is in
    6924             :  * progress, but we must be very careful about order of operations. This function
    6925             :  * may take many minutes to execute on a busy system.
    6926             :  *
    6927             :  * On the other hand, when shutdown is true, concurrent insertion into the
    6928             :  * write-ahead log is impossible, so there is no need for two separate records.
    6929             :  * In this case, we only insert an XLOG_CHECKPOINT_SHUTDOWN record, and it's
    6930             :  * both the record marking the completion of the checkpoint and the location
    6931             :  * from which WAL replay would begin if needed.
    6932             :  *
    6933             :  * Returns true if a new checkpoint was performed, or false if it was skipped
    6934             :  * because the system was idle.
    6935             :  */
    6936             : bool
    6937        2230 : CreateCheckPoint(int flags)
    6938             : {
    6939             :     bool        shutdown;
    6940             :     CheckPoint  checkPoint;
    6941             :     XLogRecPtr  recptr;
    6942             :     XLogSegNo   _logSegNo;
    6943        2230 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    6944             :     uint32      freespace;
    6945             :     XLogRecPtr  PriorRedoPtr;
    6946             :     XLogRecPtr  last_important_lsn;
    6947             :     VirtualTransactionId *vxids;
    6948             :     int         nvxids;
    6949        2230 :     int         oldXLogAllowed = 0;
    6950             : 
    6951             :     /*
    6952             :      * An end-of-recovery checkpoint is really a shutdown checkpoint, just
    6953             :      * issued at a different time.
    6954             :      */
    6955        2230 :     if (flags & (CHECKPOINT_IS_SHUTDOWN | CHECKPOINT_END_OF_RECOVERY))
    6956        1130 :         shutdown = true;
    6957             :     else
    6958        1100 :         shutdown = false;
    6959             : 
    6960             :     /* sanity check */
    6961        2230 :     if (RecoveryInProgress() && (flags & CHECKPOINT_END_OF_RECOVERY) == 0)
    6962           0 :         elog(ERROR, "can't create a checkpoint during recovery");
    6963             : 
    6964             :     /*
    6965             :      * Prepare to accumulate statistics.
    6966             :      *
    6967             :      * Note: because it is possible for log_checkpoints to change while a
    6968             :      * checkpoint proceeds, we always accumulate stats, even if
    6969             :      * log_checkpoints is currently off.
    6970             :      */
    6971       24530 :     MemSet(&CheckpointStats, 0, sizeof(CheckpointStats));
    6972        2230 :     CheckpointStats.ckpt_start_t = GetCurrentTimestamp();
    6973             : 
    6974             :     /*
    6975             :      * Let smgr prepare for checkpoint; this has to happen outside the
    6976             :      * critical section and before we determine the REDO pointer.  Note that
    6977             :      * smgr must not do anything that'd have to be undone if we decide no
    6978             :      * checkpoint is needed.
    6979             :      */
    6980        2230 :     SyncPreCheckpoint();
    6981             : 
    6982             :     /*
    6983             :      * Use a critical section to force system panic if we have trouble.
    6984             :      */
    6985        2230 :     START_CRIT_SECTION();
    6986             : 
    6987        2230 :     if (shutdown)
    6988             :     {
    6989        1130 :         LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    6990        1130 :         ControlFile->state = DB_SHUTDOWNING;
    6991        1130 :         UpdateControlFile();
    6992        1130 :         LWLockRelease(ControlFileLock);
    6993             :     }
    6994             : 
    6995             :     /* Begin filling in the checkpoint WAL record */
    6996       26760 :     MemSet(&checkPoint, 0, sizeof(checkPoint));
    6997        2230 :     checkPoint.time = (pg_time_t) time(NULL);
    6998             : 
    6999             :     /*
    7000             :      * For Hot Standby, derive the oldestActiveXid before we fix the redo
    7001             :      * pointer. This allows us to begin accumulating changes to assemble our
    7002             :      * starting snapshot of locks and transactions.
    7003             :      */
    7004        2230 :     if (!shutdown && XLogStandbyInfoActive())
    7005        1006 :         checkPoint.oldestActiveXid = GetOldestActiveTransactionId();
    7006             :     else
    7007        1224 :         checkPoint.oldestActiveXid = InvalidTransactionId;
    7008             : 
    7009             :     /*
    7010             :      * Get location of last important record before acquiring insert locks (as
    7011             :      * GetLastImportantRecPtr() also locks WAL locks).
    7012             :      */
    7013        2230 :     last_important_lsn = GetLastImportantRecPtr();
    7014             : 
    7015             :     /*
    7016             :      * If this isn't a shutdown or forced checkpoint, and if there has been no
    7017             :      * WAL activity requiring a checkpoint, skip it.  The idea here is to
    7018             :      * avoid inserting duplicate checkpoints when the system is idle.
    7019             :      */
    7020        2230 :     if ((flags & (CHECKPOINT_IS_SHUTDOWN | CHECKPOINT_END_OF_RECOVERY |
    7021             :                   CHECKPOINT_FORCE)) == 0)
    7022             :     {
    7023         372 :         if (last_important_lsn == ControlFile->checkPoint)
    7024             :         {
    7025           0 :             END_CRIT_SECTION();
    7026           0 :             ereport(DEBUG1,
    7027             :                     (errmsg_internal("checkpoint skipped because system is idle")));
    7028           0 :             return false;
    7029             :         }
    7030             :     }
    7031             : 
    7032             :     /*
    7033             :      * An end-of-recovery checkpoint is created before anyone is allowed to
    7034             :      * write WAL. To allow us to write the checkpoint record, temporarily
    7035             :      * enable XLogInsertAllowed.
    7036             :      */
    7037        2230 :     if (flags & CHECKPOINT_END_OF_RECOVERY)
    7038          58 :         oldXLogAllowed = LocalSetXLogInsertAllowed();
    7039             : 
    7040        2230 :     checkPoint.ThisTimeLineID = XLogCtl->InsertTimeLineID;
    7041        2230 :     if (flags & CHECKPOINT_END_OF_RECOVERY)
    7042          58 :         checkPoint.PrevTimeLineID = XLogCtl->PrevTimeLineID;
    7043             :     else
    7044        2172 :         checkPoint.PrevTimeLineID = checkPoint.ThisTimeLineID;
    7045             : 
    7046             :     /*
    7047             :      * We must block concurrent insertions while examining insert state.
    7048             :      */
    7049        2230 :     WALInsertLockAcquireExclusive();
    7050             : 
    7051        2230 :     checkPoint.fullPageWrites = Insert->fullPageWrites;
    7052        2230 :     checkPoint.wal_level = wal_level;
    7053             : 
    7054        2230 :     if (shutdown)
    7055             :     {
    7056        1130 :         XLogRecPtr  curInsert = XLogBytePosToRecPtr(Insert->CurrBytePos);
    7057             : 
    7058             :         /*
    7059             :          * Compute new REDO record ptr = location of next XLOG record.
    7060             :          *
    7061             :          * Since this is a shutdown checkpoint, there can't be any concurrent
    7062             :          * WAL insertion.
    7063             :          */
    7064        1130 :         freespace = INSERT_FREESPACE(curInsert);
    7065        1130 :         if (freespace == 0)
    7066             :         {
    7067           0 :             if (XLogSegmentOffset(curInsert, wal_segment_size) == 0)
    7068           0 :                 curInsert += SizeOfXLogLongPHD;
    7069             :             else
    7070           0 :                 curInsert += SizeOfXLogShortPHD;
    7071             :         }
    7072        1130 :         checkPoint.redo = curInsert;
    7073             : 
    7074             :         /*
    7075             :          * Here we update the shared RedoRecPtr for future XLogInsert calls;
    7076             :          * this must be done while holding all the insertion locks.
    7077             :          *
    7078             :          * Note: if we fail to complete the checkpoint, RedoRecPtr will be
    7079             :          * left pointing past where it really needs to point.  This is okay;
    7080             :          * the only consequence is that XLogInsert might back up whole buffers
    7081             :          * that it didn't really need to.  We can't postpone advancing
    7082             :          * RedoRecPtr because XLogInserts that happen while we are dumping
    7083             :          * buffers must assume that their buffer changes are not included in
    7084             :          * the checkpoint.
    7085             :          */
    7086        1130 :         RedoRecPtr = XLogCtl->Insert.RedoRecPtr = checkPoint.redo;
    7087             :     }
    7088             : 
    7089             :     /*
    7090             :      * Now we can release the WAL insertion locks, allowing other xacts to
    7091             :      * proceed while we are flushing disk buffers.
    7092             :      */
    7093        2230 :     WALInsertLockRelease();
    7094             : 
    7095             :     /*
    7096             :      * If this is an online checkpoint, we have not yet determined the redo
    7097             :      * point. We do so now by inserting the special XLOG_CHECKPOINT_REDO
    7098             :      * record; the LSN at which it starts becomes the new redo pointer. We
    7099             :      * don't do this for a shutdown checkpoint, because in that case no WAL
    7100             :      * can be written between the redo point and the insertion of the
    7101             :      * checkpoint record itself, so the checkpoint record itself serves to
    7102             :      * mark the redo point.
    7103             :      */
    7104        2230 :     if (!shutdown)
    7105             :     {
    7106             :         /* Include WAL level in record for WAL summarizer's benefit. */
    7107        1100 :         XLogBeginInsert();
    7108        1100 :         XLogRegisterData(&wal_level, sizeof(wal_level));
    7109        1100 :         (void) XLogInsert(RM_XLOG_ID, XLOG_CHECKPOINT_REDO);
    7110             : 
    7111             :         /*
    7112             :          * XLogInsertRecord will have updated XLogCtl->Insert.RedoRecPtr in
    7113             :          * shared memory and RedoRecPtr in backend-local memory, but we need
    7114             :          * to copy that into the record that will be inserted when the
    7115             :          * checkpoint is complete.
    7116             :          */
    7117        1100 :         checkPoint.redo = RedoRecPtr;
    7118             :     }
    7119             : 
    7120             :     /* Update the info_lck-protected copy of RedoRecPtr as well */
    7121        2230 :     SpinLockAcquire(&XLogCtl->info_lck);
    7122        2230 :     XLogCtl->RedoRecPtr = checkPoint.redo;
    7123        2230 :     SpinLockRelease(&XLogCtl->info_lck);
    7124             : 
    7125             :     /*
    7126             :      * If enabled, log checkpoint start.  We postpone this until now so as not
    7127             :      * to log anything if we decided to skip the checkpoint.
    7128             :      */
    7129        2230 :     if (log_checkpoints)
    7130        1706 :         LogCheckpointStart(flags, false);
    7131             : 
    7132             :     /* Update the process title */
    7133        2230 :     update_checkpoint_display(flags, false, false);
    7134             : 
    7135             :     TRACE_POSTGRESQL_CHECKPOINT_START(flags);
    7136             : 
    7137             :     /*
    7138             :      * Get the other info we need for the checkpoint record.
    7139             :      *
    7140             :      * We don't need to save oldestClogXid in the checkpoint, it only matters
    7141             :      * for the short period in which clog is being truncated, and if we crash
    7142             :      * during that we'll redo the clog truncation and fix up oldestClogXid
    7143             :      * there.
    7144             :      */
    7145        2230 :     LWLockAcquire(XidGenLock, LW_SHARED);
    7146        2230 :     checkPoint.nextXid = TransamVariables->nextXid;
    7147        2230 :     checkPoint.oldestXid = TransamVariables->oldestXid;
    7148        2230 :     checkPoint.oldestXidDB = TransamVariables->oldestXidDB;
    7149        2230 :     LWLockRelease(XidGenLock);
    7150             : 
    7151        2230 :     LWLockAcquire(CommitTsLock, LW_SHARED);
    7152        2230 :     checkPoint.oldestCommitTsXid = TransamVariables->oldestCommitTsXid;
    7153        2230 :     checkPoint.newestCommitTsXid = TransamVariables->newestCommitTsXid;
    7154        2230 :     LWLockRelease(CommitTsLock);
    7155             : 
    7156        2230 :     LWLockAcquire(OidGenLock, LW_SHARED);
    7157        2230 :     checkPoint.nextOid = TransamVariables->nextOid;
    7158        2230 :     if (!shutdown)
    7159        1100 :         checkPoint.nextOid += TransamVariables->oidCount;
    7160        2230 :     LWLockRelease(OidGenLock);
    7161             : 
    7162        2230 :     MultiXactGetCheckptMulti(shutdown,
    7163             :                              &checkPoint.nextMulti,
    7164             :                              &checkPoint.nextMultiOffset,
    7165             :                              &checkPoint.oldestMulti,
    7166             :                              &checkPoint.oldestMultiDB);
    7167             : 
    7168             :     /*
    7169             :      * Having constructed the checkpoint record, ensure all shmem disk buffers
    7170             :      * and commit-log buffers are flushed to disk.
    7171             :      *
    7172             :      * This I/O could fail for various reasons.  If so, we will fail to
    7173             :      * complete the checkpoint, but there is no reason to force a system
    7174             :      * panic. Accordingly, exit critical section while doing it.
    7175             :      */
    7176        2230 :     END_CRIT_SECTION();
    7177             : 
    7178             :     /*
    7179             :      * In some cases there are groups of actions that must all occur on one
    7180             :      * side or the other of a checkpoint record. Before flushing the
    7181             :      * checkpoint record we must explicitly wait for any backend currently
    7182             :      * performing those groups of actions.
    7183             :      *
    7184             :      * One example is end of transaction, so we must wait for any transactions
    7185             :      * that are currently in commit critical sections.  If an xact inserted
    7186             :      * its commit record into XLOG just before the REDO point, then a crash
    7187             :      * restart from the REDO point would not replay that record, which means
    7188             :      * that our flushing had better include the xact's update of pg_xact.  So
    7189             :      * we wait till he's out of his commit critical section before proceeding.
    7190             :      * See notes in RecordTransactionCommit().
    7191             :      *
    7192             :      * Because we've already released the insertion locks, this test is a bit
    7193             :      * fuzzy: it is possible that we will wait for xacts we didn't really need
    7194             :      * to wait for.  But the delay should be short and it seems better to make
    7195             :      * checkpoint take a bit longer than to hold off insertions longer than
    7196             :      * necessary. (In fact, the whole reason we have this issue is that xact.c
    7197             :      * does commit record XLOG insertion and clog update as two separate steps
    7198             :      * protected by different locks, but again that seems best on grounds of
    7199             :      * minimizing lock contention.)
    7200             :      *
    7201             :      * A transaction that has not yet set delayChkptFlags when we look cannot
    7202             :      * be at risk, since it has not inserted its commit record yet; and one
    7203             :      * that's already cleared it is not at risk either, since it's done fixing
    7204             :      * clog and we will correctly flush the update below.  So we cannot miss
    7205             :      * any xacts we need to wait for.
    7206             :      */
    7207        2230 :     vxids = GetVirtualXIDsDelayingChkpt(&nvxids, DELAY_CHKPT_START);
    7208        2230 :     if (nvxids > 0)
    7209             :     {
    7210             :         do
    7211             :         {
    7212             :             /*
    7213             :              * Keep absorbing fsync requests while we wait. There could even
    7214             :              * be a deadlock if we don't, if the process that prevents the
    7215             :              * checkpoint is trying to add a request to the queue.
    7216             :              */
    7217          54 :             AbsorbSyncRequests();
    7218             : 
    7219          54 :             pgstat_report_wait_start(WAIT_EVENT_CHECKPOINT_DELAY_START);
    7220          54 :             pg_usleep(10000L);  /* wait for 10 msec */
    7221          54 :             pgstat_report_wait_end();
    7222          54 :         } while (HaveVirtualXIDsDelayingChkpt(vxids, nvxids,
    7223          54 :                                               DELAY_CHKPT_START));
    7224             :     }
    7225        2230 :     pfree(vxids);
    7226             : 
    7227        2230 :     CheckPointGuts(checkPoint.redo, flags);
    7228             : 
    7229        2230 :     vxids = GetVirtualXIDsDelayingChkpt(&nvxids, DELAY_CHKPT_COMPLETE);
    7230        2230 :     if (nvxids > 0)
    7231             :     {
    7232             :         do
    7233             :         {
    7234           0 :             AbsorbSyncRequests();
    7235             : 
    7236           0 :             pgstat_report_wait_start(WAIT_EVENT_CHECKPOINT_DELAY_COMPLETE);
    7237           0 :             pg_usleep(10000L);  /* wait for 10 msec */
    7238           0 :             pgstat_report_wait_end();
    7239           0 :         } while (HaveVirtualXIDsDelayingChkpt(vxids, nvxids,
    7240           0 :                                               DELAY_CHKPT_COMPLETE));
    7241             :     }
    7242        2230 :     pfree(vxids);
    7243             : 
    7244             :     /*
    7245             :      * Take a snapshot of running transactions and write this to WAL. This
    7246             :      * allows us to reconstruct the state of running transactions during
    7247             :      * archive recovery, if required. Skip, if this info disabled.
    7248             :      *
    7249             :      * If we are shutting down, or Startup process is completing crash
    7250             :      * recovery we don't need to write running xact data.
    7251             :      */
    7252        2230 :     if (!shutdown && XLogStandbyInfoActive())
    7253        1006 :         LogStandbySnapshot();
    7254             : 
    7255        2230 :     START_CRIT_SECTION();
    7256             : 
    7257             :     /*
    7258             :      * Now insert the checkpoint record into XLOG.
    7259             :      */
    7260        2230 :     XLogBeginInsert();
    7261        2230 :     XLogRegisterData(&checkPoint, sizeof(checkPoint));
    7262        2230 :     recptr = XLogInsert(RM_XLOG_ID,
    7263             :                         shutdown ? XLOG_CHECKPOINT_SHUTDOWN :
    7264             :                         XLOG_CHECKPOINT_ONLINE);
    7265             : 
    7266        2230 :     XLogFlush(recptr);
    7267             : 
    7268             :     /*
    7269             :      * We mustn't write any new WAL after a shutdown checkpoint, or it will be
    7270             :      * overwritten at next startup.  No-one should even try, this just allows
    7271             :      * sanity-checking.  In the case of an end-of-recovery checkpoint, we want
    7272             :      * to just temporarily disable writing until the system has exited
    7273             :      * recovery.
    7274             :      */
    7275        2230 :     if (shutdown)
    7276             :     {
    7277        1130 :         if (flags & CHECKPOINT_END_OF_RECOVERY)
    7278          58 :             LocalXLogInsertAllowed = oldXLogAllowed;
    7279             :         else
    7280        1072 :             LocalXLogInsertAllowed = 0; /* never again write WAL */
    7281             :     }
    7282             : 
    7283             :     /*
    7284             :      * We now have ProcLastRecPtr = start of actual checkpoint record, recptr
    7285             :      * = end of actual checkpoint record.
    7286             :      */
    7287        2230 :     if (shutdown && checkPoint.redo != ProcLastRecPtr)
    7288           0 :         ereport(PANIC,
    7289             :                 (errmsg("concurrent write-ahead log activity while database system is shutting down")));
    7290             : 
    7291             :     /*
    7292             :      * Remember the prior checkpoint's redo ptr for
    7293             :      * UpdateCheckPointDistanceEstimate()
    7294             :      */
    7295        2230 :     PriorRedoPtr = ControlFile->checkPointCopy.redo;
    7296             : 
    7297             :     /*
    7298             :      * Update the control file.
    7299             :      */
    7300        2230 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    7301        2230 :     if (shutdown)
    7302        1130 :         ControlFile->state = DB_SHUTDOWNED;
    7303        2230 :     ControlFile->checkPoint = ProcLastRecPtr;
    7304        2230 :     ControlFile->checkPointCopy = checkPoint;
    7305             :     /* crash recovery should always recover to the end of WAL */
    7306        2230 :     ControlFile->minRecoveryPoint = InvalidXLogRecPtr;
    7307        2230 :     ControlFile->minRecoveryPointTLI = 0;
    7308             : 
    7309             :     /*
    7310             :      * Persist unloggedLSN value. It's reset on crash recovery, so this goes
    7311             :      * unused on non-shutdown checkpoints, but seems useful to store it always
    7312             :      * for debugging purposes.
    7313             :      */
    7314        2230 :     ControlFile->unloggedLSN = pg_atomic_read_membarrier_u64(&XLogCtl->unloggedLSN);
    7315             : 
    7316        2230 :     UpdateControlFile();
    7317        2230 :     LWLockRelease(ControlFileLock);
    7318             : 
    7319             :     /* Update shared-memory copy of checkpoint XID/epoch */
    7320        2230 :     SpinLockAcquire(&XLogCtl->info_lck);
    7321        2230 :     XLogCtl->ckptFullXid = checkPoint.nextXid;
    7322        2230 :     SpinLockRelease(&XLogCtl->info_lck);
    7323             : 
    7324             :     /*
    7325             :      * We are now done with critical updates; no need for system panic if we
    7326             :      * have trouble while fooling with old log segments.
    7327             :      */
    7328        2230 :     END_CRIT_SECTION();
    7329             : 
    7330             :     /*
    7331             :      * WAL summaries end when the next XLOG_CHECKPOINT_REDO or
    7332             :      * XLOG_CHECKPOINT_SHUTDOWN record is reached. This is the first point
    7333             :      * where (a) we're not inside of a critical section and (b) we can be
    7334             :      * certain that the relevant record has been flushed to disk, which must
    7335             :      * happen before it can be summarized.
    7336             :      *
    7337             :      * If this is a shutdown checkpoint, then this happens reasonably
    7338             :      * promptly: we've only just inserted and flushed the
    7339             :      * XLOG_CHECKPOINT_SHUTDOWN record. If this is not a shutdown checkpoint,
    7340             :      * then this might not be very prompt at all: the XLOG_CHECKPOINT_REDO
    7341             :      * record was written before we began flushing data to disk, and that
    7342             :      * could be many minutes ago at this point. However, we don't XLogFlush()
    7343             :      * after inserting that record, so we're not guaranteed that it's on disk
    7344             :      * until after the above call that flushes the XLOG_CHECKPOINT_ONLINE
    7345             :      * record.
    7346             :      */
    7347        2230 :     WakeupWalSummarizer();
    7348             : 
    7349             :     /*
    7350             :      * Let smgr do post-checkpoint cleanup (eg, deleting old files).
    7351             :      */
    7352        2230 :     SyncPostCheckpoint();
    7353             : 
    7354             :     /*
    7355             :      * Update the average distance between checkpoints if the prior checkpoint
    7356             :      * exists.
    7357             :      */
    7358        2230 :     if (PriorRedoPtr != InvalidXLogRecPtr)
    7359        2230 :         UpdateCheckPointDistanceEstimate(RedoRecPtr - PriorRedoPtr);
    7360             : 
    7361             :     /*
    7362             :      * Delete old log files, those no longer needed for last checkpoint to
    7363             :      * prevent the disk holding the xlog from growing full.
    7364             :      */
    7365        2230 :     XLByteToSeg(RedoRecPtr, _logSegNo, wal_segment_size);
    7366        2230 :     KeepLogSeg(recptr, &_logSegNo);
    7367        2230 :     if (InvalidateObsoleteReplicationSlots(RS_INVAL_WAL_REMOVED | RS_INVAL_IDLE_TIMEOUT,
    7368             :                                            _logSegNo, InvalidOid,
    7369             :                                            InvalidTransactionId))
    7370             :     {
    7371             :         /*
    7372             :          * Some slots have been invalidated; recalculate the old-segment
    7373             :          * horizon, starting again from RedoRecPtr.
    7374             :          */
    7375           6 :         XLByteToSeg(RedoRecPtr, _logSegNo, wal_segment_size);
    7376           6 :         KeepLogSeg(recptr, &_logSegNo);
    7377             :     }
    7378        2230 :     _logSegNo--;
    7379        2230 :     RemoveOldXlogFiles(_logSegNo, RedoRecPtr, recptr,
    7380             :                        checkPoint.ThisTimeLineID);
    7381             : 
    7382             :     /*
    7383             :      * Make more log segments if needed.  (Do this after recycling old log
    7384             :      * segments, since that may supply some of the needed files.)
    7385             :      */
    7386        2230 :     if (!shutdown)
    7387        1100 :         PreallocXlogFiles(recptr, checkPoint.ThisTimeLineID);
    7388             : 
    7389             :     /*
    7390             :      * Truncate pg_subtrans if possible.  We can throw away all data before
    7391             :      * the oldest XMIN of any running transaction.  No future transaction will
    7392             :      * attempt to reference any pg_subtrans entry older than that (see Asserts
    7393             :      * in subtrans.c).  During recovery, though, we mustn't do this because
    7394             :      * StartupSUBTRANS hasn't been called yet.
    7395             :      */
    7396        2230 :     if (!RecoveryInProgress())
    7397        2172 :         TruncateSUBTRANS(GetOldestTransactionIdConsideredRunning());
    7398             : 
    7399             :     /* Real work is done; log and update stats. */
    7400        2230 :     LogCheckpointEnd(false);
    7401             : 
    7402             :     /* Reset the process title */
    7403        2230 :     update_checkpoint_display(flags, false, true);
    7404             : 
    7405             :     TRACE_POSTGRESQL_CHECKPOINT_DONE(CheckpointStats.ckpt_bufs_written,
    7406             :                                      NBuffers,
    7407             :                                      CheckpointStats.ckpt_segs_added,
    7408             :                                      CheckpointStats.ckpt_segs_removed,
    7409             :                                      CheckpointStats.ckpt_segs_recycled);
    7410             : 
    7411        2230 :     return true;
    7412             : }
    7413             : 
    7414             : /*
    7415             :  * Mark the end of recovery in WAL though without running a full checkpoint.
    7416             :  * We can expect that a restartpoint is likely to be in progress as we
    7417             :  * do this, though we are unwilling to wait for it to complete.
    7418             :  *
    7419             :  * CreateRestartPoint() allows for the case where recovery may end before
    7420             :  * the restartpoint completes so there is no concern of concurrent behaviour.
    7421             :  */
    7422             : static void
    7423          84 : CreateEndOfRecoveryRecord(void)
    7424             : {
    7425             :     xl_end_of_recovery xlrec;
    7426             :     XLogRecPtr  recptr;
    7427             : 
    7428             :     /* sanity check */
    7429          84 :     if (!RecoveryInProgress())
    7430           0 :         elog(ERROR, "can only be used to end recovery");
    7431             : 
    7432          84 :     xlrec.end_time = GetCurrentTimestamp();
    7433          84 :     xlrec.wal_level = wal_level;
    7434             : 
    7435          84 :     WALInsertLockAcquireExclusive();
    7436          84 :     xlrec.ThisTimeLineID = XLogCtl->InsertTimeLineID;
    7437          84 :     xlrec.PrevTimeLineID = XLogCtl->PrevTimeLineID;
    7438          84 :     WALInsertLockRelease();
    7439             : 
    7440          84 :     START_CRIT_SECTION();
    7441             : 
    7442          84 :     XLogBeginInsert();
    7443          84 :     XLogRegisterData(&xlrec, sizeof(xl_end_of_recovery));
    7444          84 :     recptr = XLogInsert(RM_XLOG_ID, XLOG_END_OF_RECOVERY);
    7445             : 
    7446          84 :     XLogFlush(recptr);
    7447             : 
    7448             :     /*
    7449             :      * Update the control file so that crash recovery can follow the timeline
    7450             :      * changes to this point.
    7451             :      */
    7452          84 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    7453          84 :     ControlFile->minRecoveryPoint = recptr;
    7454          84 :     ControlFile->minRecoveryPointTLI = xlrec.ThisTimeLineID;
    7455          84 :     UpdateControlFile();
    7456          84 :     LWLockRelease(ControlFileLock);
    7457             : 
    7458          84 :     END_CRIT_SECTION();
    7459          84 : }
    7460             : 
    7461             : /*
    7462             :  * Write an OVERWRITE_CONTRECORD message.
    7463             :  *
    7464             :  * When on WAL replay we expect a continuation record at the start of a page
    7465             :  * that is not there, recovery ends and WAL writing resumes at that point.
    7466             :  * But it's wrong to resume writing new WAL back at the start of the record
    7467             :  * that was broken, because downstream consumers of that WAL (physical
    7468             :  * replicas) are not prepared to "rewind".  So the first action after
    7469             :  * finishing replay of all valid WAL must be to write a record of this type
    7470             :  * at the point where the contrecord was missing; to support xlogreader
    7471             :  * detecting the special case, XLP_FIRST_IS_OVERWRITE_CONTRECORD is also added
    7472             :  * to the page header where the record occurs.  xlogreader has an ad-hoc
    7473             :  * mechanism to report metadata about the broken record, which is what we
    7474             :  * use here.
    7475             :  *
    7476             :  * At replay time, XLP_FIRST_IS_OVERWRITE_CONTRECORD instructs xlogreader to
    7477             :  * skip the record it was reading, and pass back the LSN of the skipped
    7478             :  * record, so that its caller can verify (on "replay" of that record) that the
    7479             :  * XLOG_OVERWRITE_CONTRECORD matches what was effectively overwritten.
    7480             :  *
    7481             :  * 'aborted_lsn' is the beginning position of the record that was incomplete.
    7482             :  * It is included in the WAL record.  'pagePtr' and 'newTLI' point to the
    7483             :  * beginning of the XLOG page where the record is to be inserted.  They must
    7484             :  * match the current WAL insert position, they're passed here just so that we
    7485             :  * can verify that.
    7486             :  */
    7487             : static XLogRecPtr
    7488          22 : CreateOverwriteContrecordRecord(XLogRecPtr aborted_lsn, XLogRecPtr pagePtr,
    7489             :                                 TimeLineID newTLI)
    7490             : {
    7491             :     xl_overwrite_contrecord xlrec;
    7492             :     XLogRecPtr  recptr;
    7493             :     XLogPageHeader pagehdr;
    7494             :     XLogRecPtr  startPos;
    7495             : 
    7496             :     /* sanity checks */
    7497          22 :     if (!RecoveryInProgress())
    7498           0 :         elog(ERROR, "can only be used at end of recovery");
    7499          22 :     if (pagePtr % XLOG_BLCKSZ != 0)
    7500           0 :         elog(ERROR, "invalid position for missing continuation record %X/%X",
    7501             :              LSN_FORMAT_ARGS(pagePtr));
    7502             : 
    7503             :     /* The current WAL insert position should be right after the page header */
    7504          22 :     startPos = pagePtr;
    7505          22 :     if (XLogSegmentOffset(startPos, wal_segment_size) == 0)
    7506           2 :         startPos += SizeOfXLogLongPHD;
    7507             :     else
    7508          20 :         startPos += SizeOfXLogShortPHD;
    7509          22 :     recptr = GetXLogInsertRecPtr();
    7510          22 :     if (recptr != startPos)
    7511           0 :         elog(ERROR, "invalid WAL insert position %X/%X for OVERWRITE_CONTRECORD",
    7512             :              LSN_FORMAT_ARGS(recptr));
    7513             : 
    7514          22 :     START_CRIT_SECTION();
    7515             : 
    7516             :     /*
    7517             :      * Initialize the XLOG page header (by GetXLogBuffer), and set the
    7518             :      * XLP_FIRST_IS_OVERWRITE_CONTRECORD flag.
    7519             :      *
    7520             :      * No other backend is allowed to write WAL yet, so acquiring the WAL
    7521             :      * insertion lock is just pro forma.
    7522             :      */
    7523          22 :     WALInsertLockAcquire();
    7524          22 :     pagehdr = (XLogPageHeader) GetXLogBuffer(pagePtr, newTLI);
    7525          22 :     pagehdr->xlp_info |= XLP_FIRST_IS_OVERWRITE_CONTRECORD;
    7526          22 :     WALInsertLockRelease();
    7527             : 
    7528             :     /*
    7529             :      * Insert the XLOG_OVERWRITE_CONTRECORD record as the first record on the
    7530             :      * page.  We know it becomes the first record, because no other backend is
    7531             :      * allowed to write WAL yet.
    7532             :      */
    7533          22 :     XLogBeginInsert();
    7534          22 :     xlrec.overwritten_lsn = aborted_lsn;
    7535          22 :     xlrec.overwrite_time = GetCurrentTimestamp();
    7536          22 :     XLogRegisterData(&xlrec, sizeof(xl_overwrite_contrecord));
    7537          22 :     recptr = XLogInsert(RM_XLOG_ID, XLOG_OVERWRITE_CONTRECORD);
    7538             : 
    7539             :     /* check that the record was inserted to the right place */
    7540          22 :     if (ProcLastRecPtr != startPos)
    7541           0 :         elog(ERROR, "OVERWRITE_CONTRECORD was inserted to unexpected position %X/%X",
    7542             :              LSN_FORMAT_ARGS(ProcLastRecPtr));
    7543             : 
    7544          22 :     XLogFlush(recptr);
    7545             : 
    7546          22 :     END_CRIT_SECTION();
    7547             : 
    7548          22 :     return recptr;
    7549             : }
    7550             : 
    7551             : /*
    7552             :  * Flush all data in shared memory to disk, and fsync
    7553             :  *
    7554             :  * This is the common code shared between regular checkpoints and
    7555             :  * recovery restartpoints.
    7556             :  */
    7557             : static void
    7558        2606 : CheckPointGuts(XLogRecPtr checkPointRedo, int flags)
    7559             : {
    7560        2606 :     CheckPointRelationMap();
    7561        2606 :     CheckPointReplicationSlots(flags & CHECKPOINT_IS_SHUTDOWN);
    7562        2606 :     CheckPointSnapBuild();
    7563        2606 :     CheckPointLogicalRewriteHeap();
    7564        2606 :     CheckPointReplicationOrigin();
    7565             : 
    7566             :     /* Write out all dirty data in SLRUs and the main buffer pool */
    7567             :     TRACE_POSTGRESQL_BUFFER_CHECKPOINT_START(flags);
    7568        2606 :     CheckpointStats.ckpt_write_t = GetCurrentTimestamp();
    7569        2606 :     CheckPointCLOG();
    7570        2606 :     CheckPointCommitTs();
    7571        2606 :     CheckPointSUBTRANS();
    7572        2606 :     CheckPointMultiXact();
    7573        2606 :     CheckPointPredicate();
    7574        2606 :     CheckPointBuffers(flags);
    7575             : 
    7576             :     /* Perform all queued up fsyncs */
    7577             :     TRACE_POSTGRESQL_BUFFER_CHECKPOINT_SYNC_START();
    7578        2606 :     CheckpointStats.ckpt_sync_t = GetCurrentTimestamp();
    7579        2606 :     ProcessSyncRequests();
    7580        2606 :     CheckpointStats.ckpt_sync_end_t = GetCurrentTimestamp();
    7581             :     TRACE_POSTGRESQL_BUFFER_CHECKPOINT_DONE();
    7582             : 
    7583             :     /* We deliberately delay 2PC checkpointing as long as possible */
    7584        2606 :     CheckPointTwoPhase(checkPointRedo);
    7585        2606 : }
    7586             : 
    7587             : /*
    7588             :  * Save a checkpoint for recovery restart if appropriate
    7589             :  *
    7590             :  * This function is called each time a checkpoint record is read from XLOG.
    7591             :  * It must determine whether the checkpoint represents a safe restartpoint or
    7592             :  * not.  If so, the checkpoint record is stashed in shared memory so that
    7593             :  * CreateRestartPoint can consult it.  (Note that the latter function is
    7594             :  * executed by the checkpointer, while this one will be executed by the
    7595             :  * startup process.)
    7596             :  */
    7597             : static void
    7598         764 : RecoveryRestartPoint(const CheckPoint *checkPoint, XLogReaderState *record)
    7599             : {
    7600             :     /*
    7601             :      * Also refrain from creating a restartpoint if we have seen any
    7602             :      * references to non-existent pages. Restarting recovery from the
    7603             :      * restartpoint would not see the references, so we would lose the
    7604             :      * cross-check that the pages belonged to a relation that was dropped
    7605             :      * later.
    7606             :      */
    7607         764 :     if (XLogHaveInvalidPages())
    7608             :     {
    7609           0 :         elog(DEBUG2,
    7610             :              "could not record restart point at %X/%X because there "
    7611             :              "are unresolved references to invalid pages",
    7612             :              LSN_FORMAT_ARGS(checkPoint->redo));
    7613           0 :         return;
    7614             :     }
    7615             : 
    7616             :     /*
    7617             :      * Copy the checkpoint record to shared memory, so that checkpointer can
    7618             :      * work out the next time it wants to perform a restartpoint.
    7619             :      */
    7620         764 :     SpinLockAcquire(&XLogCtl->info_lck);
    7621         764 :     XLogCtl->lastCheckPointRecPtr = record->ReadRecPtr;
    7622         764 :     XLogCtl->lastCheckPointEndPtr = record->EndRecPtr;
    7623         764 :     XLogCtl->lastCheckPoint = *checkPoint;
    7624         764 :     SpinLockRelease(&XLogCtl->info_lck);
    7625             : }
    7626             : 
    7627             : /*
    7628             :  * Establish a restartpoint if possible.
    7629             :  *
    7630             :  * This is similar to CreateCheckPoint, but is used during WAL recovery
    7631             :  * to establish a point from which recovery can roll forward without
    7632             :  * replaying the entire recovery log.
    7633             :  *
    7634             :  * Returns true if a new restartpoint was established. We can only establish
    7635             :  * a restartpoint if we have replayed a safe checkpoint record since last
    7636             :  * restartpoint.
    7637             :  */
    7638             : bool
    7639         524 : CreateRestartPoint(int flags)
    7640             : {
    7641             :     XLogRecPtr  lastCheckPointRecPtr;
    7642             :     XLogRecPtr  lastCheckPointEndPtr;
    7643             :     CheckPoint  lastCheckPoint;
    7644             :     XLogRecPtr  PriorRedoPtr;
    7645             :     XLogRecPtr  receivePtr;
    7646             :     XLogRecPtr  replayPtr;
    7647             :     TimeLineID  replayTLI;
    7648             :     XLogRecPtr  endptr;
    7649             :     XLogSegNo   _logSegNo;
    7650             :     TimestampTz xtime;
    7651             : 
    7652             :     /* Concurrent checkpoint/restartpoint cannot happen */
    7653             :     Assert(!IsUnderPostmaster || MyBackendType == B_CHECKPOINTER);
    7654             : 
    7655             :     /* Get a local copy of the last safe checkpoint record. */
    7656         524 :     SpinLockAcquire(&XLogCtl->info_lck);
    7657         524 :     lastCheckPointRecPtr = XLogCtl->lastCheckPointRecPtr;
    7658         524 :     lastCheckPointEndPtr = XLogCtl->lastCheckPointEndPtr;
    7659         524 :     lastCheckPoint = XLogCtl->lastCheckPoint;
    7660         524 :     SpinLockRelease(&XLogCtl->info_lck);
    7661             : 
    7662             :     /*
    7663             :      * Check that we're still in recovery mode. It's ok if we exit recovery
    7664             :      * mode after this check, the restart point is valid anyway.
    7665             :      */
    7666         524 :     if (!RecoveryInProgress())
    7667             :     {
    7668           0 :         ereport(DEBUG2,
    7669             :                 (errmsg_internal("skipping restartpoint, recovery has already ended")));
    7670           0 :         return false;
    7671             :     }
    7672             : 
    7673             :     /*
    7674             :      * If the last checkpoint record we've replayed is already our last
    7675             :      * restartpoint, we can't perform a new restart point. We still update
    7676             :      * minRecoveryPoint in that case, so that if this is a shutdown restart
    7677             :      * point, we won't start up earlier than before. That's not strictly
    7678             :      * necessary, but when hot standby is enabled, it would be rather weird if
    7679             :      * the database opened up for read-only connections at a point-in-time
    7680             :      * before the last shutdown. Such time travel is still possible in case of
    7681             :      * immediate shutdown, though.
    7682             :      *
    7683             :      * We don't explicitly advance minRecoveryPoint when we do create a
    7684             :      * restartpoint. It's assumed that flushing the buffers will do that as a
    7685             :      * side-effect.
    7686             :      */
    7687         524 :     if (XLogRecPtrIsInvalid(lastCheckPointRecPtr) ||
    7688         502 :         lastCheckPoint.redo <= ControlFile->checkPointCopy.redo)
    7689             :     {
    7690         148 :         ereport(DEBUG2,
    7691             :                 (errmsg_internal("skipping restartpoint, already performed at %X/%X",
    7692             :                                  LSN_FORMAT_ARGS(lastCheckPoint.redo))));
    7693             : 
    7694         148 :         UpdateMinRecoveryPoint(InvalidXLogRecPtr, true);
    7695         148 :         if (flags & CHECKPOINT_IS_SHUTDOWN)
    7696             :         {
    7697          66 :             LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    7698          66 :             ControlFile->state = DB_SHUTDOWNED_IN_RECOVERY;
    7699          66 :             UpdateControlFile();
    7700          66 :             LWLockRelease(ControlFileLock);
    7701             :         }
    7702         148 :         return false;
    7703             :     }
    7704             : 
    7705             :     /*
    7706             :      * Update the shared RedoRecPtr so that the startup process can calculate
    7707             :      * the number of segments replayed since last restartpoint, and request a
    7708             :      * restartpoint if it exceeds CheckPointSegments.
    7709             :      *
    7710             :      * Like in CreateCheckPoint(), hold off insertions to update it, although
    7711             :      * during recovery this is just pro forma, because no WAL insertions are
    7712             :      * happening.
    7713             :      */
    7714         376 :     WALInsertLockAcquireExclusive();
    7715         376 :     RedoRecPtr = XLogCtl->Insert.RedoRecPtr = lastCheckPoint.redo;
    7716         376 :     WALInsertLockRelease();
    7717             : 
    7718             :     /* Also update the info_lck-protected copy */
    7719         376 :     SpinLockAcquire(&XLogCtl->info_lck);
    7720         376 :     XLogCtl->RedoRecPtr = lastCheckPoint.redo;
    7721         376 :     SpinLockRelease(&XLogCtl->info_lck);
    7722             : 
    7723             :     /*
    7724             :      * Prepare to accumulate statistics.
    7725             :      *
    7726             :      * Note: because it is possible for log_checkpoints to change while a
    7727             :      * checkpoint proceeds, we always accumulate stats, even if
    7728             :      * log_checkpoints is currently off.
    7729             :      */
    7730        4136 :     MemSet(&CheckpointStats, 0, sizeof(CheckpointStats));
    7731         376 :     CheckpointStats.ckpt_start_t = GetCurrentTimestamp();
    7732             : 
    7733         376 :     if (log_checkpoints)
    7734         376 :         LogCheckpointStart(flags, true);
    7735             : 
    7736             :     /* Update the process title */
    7737         376 :     update_checkpoint_display(flags, true, false);
    7738             : 
    7739         376 :     CheckPointGuts(lastCheckPoint.redo, flags);
    7740             : 
    7741             :     /*
    7742             :      * This location needs to be after CheckPointGuts() to ensure that some
    7743             :      * work has already happened during this checkpoint.
    7744             :      */
    7745         376 :     INJECTION_POINT("create-restart-point");
    7746             : 
    7747             :     /*
    7748             :      * Remember the prior checkpoint's redo ptr for
    7749             :      * UpdateCheckPointDistanceEstimate()
    7750             :      */
    7751         376 :     PriorRedoPtr = ControlFile->checkPointCopy.redo;
    7752             : 
    7753             :     /*
    7754             :      * Update pg_control, using current time.  Check that it still shows an
    7755             :      * older checkpoint, else do nothing; this is a quick hack to make sure
    7756             :      * nothing really bad happens if somehow we get here after the
    7757             :      * end-of-recovery checkpoint.
    7758             :      */
    7759         376 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    7760         376 :     if (ControlFile->checkPointCopy.redo < lastCheckPoint.redo)
    7761             :     {
    7762             :         /*
    7763             :          * Update the checkpoint information.  We do this even if the cluster
    7764             :          * does not show DB_IN_ARCHIVE_RECOVERY to match with the set of WAL
    7765             :          * segments recycled below.
    7766             :          */
    7767         376 :         ControlFile->checkPoint = lastCheckPointRecPtr;
    7768         376 :         ControlFile->checkPointCopy = lastCheckPoint;
    7769             : 
    7770             :         /*
    7771             :          * Ensure minRecoveryPoint is past the checkpoint record and update it
    7772             :          * if the control file still shows DB_IN_ARCHIVE_RECOVERY.  Normally,
    7773             :          * this will have happened already while writing out dirty buffers,
    7774             :          * but not necessarily - e.g. because no buffers were dirtied.  We do
    7775             :          * this because a backup performed in recovery uses minRecoveryPoint
    7776             :          * to determine which WAL files must be included in the backup, and
    7777             :          * the file (or files) containing the checkpoint record must be
    7778             :          * included, at a minimum.  Note that for an ordinary restart of
    7779             :          * recovery there's no value in having the minimum recovery point any
    7780             :          * earlier than this anyway, because redo will begin just after the
    7781             :          * checkpoint record.
    7782             :          */
    7783         376 :         if (ControlFile->state == DB_IN_ARCHIVE_RECOVERY)
    7784             :         {
    7785         376 :             if (ControlFile->minRecoveryPoint < lastCheckPointEndPtr)
    7786             :             {
    7787          40 :                 ControlFile->minRecoveryPoint = lastCheckPointEndPtr;
    7788          40 :                 ControlFile->minRecoveryPointTLI = lastCheckPoint.ThisTimeLineID;
    7789             : 
    7790             :                 /* update local copy */
    7791          40 :                 LocalMinRecoveryPoint = ControlFile->minRecoveryPoint;
    7792          40 :                 LocalMinRecoveryPointTLI = ControlFile->minRecoveryPointTLI;
    7793             :             }
    7794         376 :             if (flags & CHECKPOINT_IS_SHUTDOWN)
    7795          40 :                 ControlFile->state = DB_SHUTDOWNED_IN_RECOVERY;
    7796             :         }
    7797         376 :         UpdateControlFile();
    7798             :     }
    7799         376 :     LWLockRelease(ControlFileLock);
    7800             : 
    7801             :     /*
    7802             :      * Update the average distance between checkpoints/restartpoints if the
    7803             :      * prior checkpoint exists.
    7804             :      */
    7805         376 :     if (PriorRedoPtr != InvalidXLogRecPtr)
    7806         376 :         UpdateCheckPointDistanceEstimate(RedoRecPtr - PriorRedoPtr);
    7807             : 
    7808             :     /*
    7809             :      * Delete old log files, those no longer needed for last restartpoint to
    7810             :      * prevent the disk holding the xlog from growing full.
    7811             :      */
    7812         376 :     XLByteToSeg(RedoRecPtr, _logSegNo, wal_segment_size);
    7813             : 
    7814             :     /*
    7815             :      * Retreat _logSegNo using the current end of xlog replayed or received,
    7816             :      * whichever is later.
    7817             :      */
    7818         376 :     receivePtr = GetWalRcvFlushRecPtr(NULL, NULL);
    7819         376 :     replayPtr = GetXLogReplayRecPtr(&replayTLI);
    7820         376 :     endptr = (receivePtr < replayPtr) ? replayPtr : receivePtr;
    7821         376 :     KeepLogSeg(endptr, &_logSegNo);
    7822         376 :     if (InvalidateObsoleteReplicationSlots(RS_INVAL_WAL_REMOVED | RS_INVAL_IDLE_TIMEOUT,
    7823             :                                            _logSegNo, InvalidOid,
    7824             :                                            InvalidTransactionId))
    7825             :     {
    7826             :         /*
    7827             :          * Some slots have been invalidated; recalculate the old-segment
    7828             :          * horizon, starting again from RedoRecPtr.
    7829             :          */
    7830           2 :         XLByteToSeg(RedoRecPtr, _logSegNo, wal_segment_size);
    7831           2 :         KeepLogSeg(endptr, &_logSegNo);
    7832             :     }
    7833         376 :     _logSegNo--;
    7834             : 
    7835             :     /*
    7836             :      * Try to recycle segments on a useful timeline. If we've been promoted
    7837             :      * since the beginning of this restartpoint, use the new timeline chosen
    7838             :      * at end of recovery.  If we're still in recovery, use the timeline we're
    7839             :      * currently replaying.
    7840             :      *
    7841             :      * There is no guarantee that the WAL segments will be useful on the
    7842             :      * current timeline; if recovery proceeds to a new timeline right after
    7843             :      * this, the pre-allocated WAL segments on this timeline will not be used,
    7844             :      * and will go wasted until recycled on the next restartpoint. We'll live
    7845             :      * with that.
    7846             :      */
    7847         376 :     if (!RecoveryInProgress())
    7848           0 :         replayTLI = XLogCtl->InsertTimeLineID;
    7849             : 
    7850         376 :     RemoveOldXlogFiles(_logSegNo, RedoRecPtr, endptr, replayTLI);
    7851             : 
    7852             :     /*
    7853             :      * Make more log segments if needed.  (Do this after recycling old log
    7854             :      * segments, since that may supply some of the needed files.)
    7855             :      */
    7856         376 :     PreallocXlogFiles(endptr, replayTLI);
    7857             : 
    7858             :     /*
    7859             :      * Truncate pg_subtrans if possible.  We can throw away all data before
    7860             :      * the oldest XMIN of any running transaction.  No future transaction will
    7861             :      * attempt to reference any pg_subtrans entry older than that (see Asserts
    7862             :      * in subtrans.c).  When hot standby is disabled, though, we mustn't do
    7863             :      * this because StartupSUBTRANS hasn't been called yet.
    7864             :      */
    7865         376 :     if (EnableHotStandby)
    7866         376 :         TruncateSUBTRANS(GetOldestTransactionIdConsideredRunning());
    7867             : 
    7868             :     /* Real work is done; log and update stats. */
    7869         376 :     LogCheckpointEnd(true);
    7870             : 
    7871             :     /* Reset the process title */
    7872         376 :     update_checkpoint_display(flags, true, true);
    7873             : 
    7874         376 :     xtime = GetLatestXTime();
    7875         376 :     ereport((log_checkpoints ? LOG : DEBUG2),
    7876             :             (errmsg("recovery restart point at %X/%X",
    7877             :                     LSN_FORMAT_ARGS(lastCheckPoint.redo)),
    7878             :              xtime ? errdetail("Last completed transaction was at log time %s.",
    7879             :                                timestamptz_to_str(xtime)) : 0));
    7880             : 
    7881             :     /*
    7882             :      * Finally, execute archive_cleanup_command, if any.
    7883             :      */
    7884         376 :     if (archiveCleanupCommand && strcmp(archiveCleanupCommand, "") != 0)
    7885           0 :         ExecuteRecoveryCommand(archiveCleanupCommand,
    7886             :                                "archive_cleanup_command",
    7887             :                                false,
    7888             :                                WAIT_EVENT_ARCHIVE_CLEANUP_COMMAND);
    7889             : 
    7890         376 :     return true;
    7891             : }
    7892             : 
    7893             : /*
    7894             :  * Report availability of WAL for the given target LSN
    7895             :  *      (typically a slot's restart_lsn)
    7896             :  *
    7897             :  * Returns one of the following enum values:
    7898             :  *
    7899             :  * * WALAVAIL_RESERVED means targetLSN is available and it is in the range of
    7900             :  *   max_wal_size.
    7901             :  *
    7902             :  * * WALAVAIL_EXTENDED means it is still available by preserving extra
    7903             :  *   segments beyond max_wal_size. If max_slot_wal_keep_size is smaller
    7904             :  *   than max_wal_size, this state is not returned.
    7905             :  *
    7906             :  * * WALAVAIL_UNRESERVED means it is being lost and the next checkpoint will
    7907             :  *   remove reserved segments. The walsender using this slot may return to the
    7908             :  *   above.
    7909             :  *
    7910             :  * * WALAVAIL_REMOVED means it has been removed. A replication stream on
    7911             :  *   a slot with this LSN cannot continue.  (Any associated walsender
    7912             :  *   processes should have been terminated already.)
    7913             :  *
    7914             :  * * WALAVAIL_INVALID_LSN means the slot hasn't been set to reserve WAL.
    7915             :  */
    7916             : WALAvailability
    7917         860 : GetWALAvailability(XLogRecPtr targetLSN)
    7918             : {
    7919             :     XLogRecPtr  currpos;        /* current write LSN */
    7920             :     XLogSegNo   currSeg;        /* segid of currpos */
    7921             :     XLogSegNo   targetSeg;      /* segid of targetLSN */
    7922             :     XLogSegNo   oldestSeg;      /* actual oldest segid */
    7923             :     XLogSegNo   oldestSegMaxWalSize;    /* oldest segid kept by max_wal_size */
    7924             :     XLogSegNo   oldestSlotSeg;  /* oldest segid kept by slot */
    7925             :     uint64      keepSegs;
    7926             : 
    7927             :     /*
    7928             :      * slot does not reserve WAL. Either deactivated, or has never been active
    7929             :      */
    7930         860 :     if (XLogRecPtrIsInvalid(targetLSN))
    7931          26 :         return WALAVAIL_INVALID_LSN;
    7932             : 
    7933             :     /*
    7934             :      * Calculate the oldest segment currently reserved by all slots,
    7935             :      * considering wal_keep_size and max_slot_wal_keep_size.  Initialize
    7936             :      * oldestSlotSeg to the current segment.
    7937             :      */
    7938         834 :     currpos = GetXLogWriteRecPtr();
    7939         834 :     XLByteToSeg(currpos, oldestSlotSeg, wal_segment_size);
    7940         834 :     KeepLogSeg(currpos, &oldestSlotSeg);
    7941             : 
    7942             :     /*
    7943             :      * Find the oldest extant segment file. We get 1 until checkpoint removes
    7944             :      * the first WAL segment file since startup, which causes the status being
    7945             :      * wrong under certain abnormal conditions but that doesn't actually harm.
    7946             :      */
    7947         834 :     oldestSeg = XLogGetLastRemovedSegno() + 1;
    7948             : 
    7949             :     /* calculate oldest segment by max_wal_size */
    7950         834 :     XLByteToSeg(currpos, currSeg, wal_segment_size);
    7951         834 :     keepSegs = ConvertToXSegs(max_wal_size_mb, wal_segment_size) + 1;
    7952             : 
    7953         834 :     if (currSeg > keepSegs)
    7954          16 :         oldestSegMaxWalSize = currSeg - keepSegs;
    7955             :     else
    7956         818 :         oldestSegMaxWalSize = 1;
    7957             : 
    7958             :     /* the segment we care about */
    7959         834 :     XLByteToSeg(targetLSN, targetSeg, wal_segment_size);
    7960             : 
    7961             :     /*
    7962             :      * No point in returning reserved or extended status values if the
    7963             :      * targetSeg is known to be lost.
    7964             :      */
    7965         834 :     if (targetSeg >= oldestSlotSeg)
    7966             :     {
    7967             :         /* show "reserved" when targetSeg is within max_wal_size */
    7968         832 :         if (targetSeg >= oldestSegMaxWalSize)
    7969         828 :             return WALAVAIL_RESERVED;
    7970             : 
    7971             :         /* being retained by slots exceeding max_wal_size */
    7972           4 :         return WALAVAIL_EXTENDED;
    7973             :     }
    7974             : 
    7975             :     /* WAL segments are no longer retained but haven't been removed yet */
    7976           2 :     if (targetSeg >= oldestSeg)
    7977           2 :         return WALAVAIL_UNRESERVED;
    7978             : 
    7979             :     /* Definitely lost */
    7980           0 :     return WALAVAIL_REMOVED;
    7981             : }
    7982             : 
    7983             : 
    7984             : /*
    7985             :  * Retreat *logSegNo to the last segment that we need to retain because of
    7986             :  * either wal_keep_size or replication slots.
    7987             :  *
    7988             :  * This is calculated by subtracting wal_keep_size from the given xlog
    7989             :  * location, recptr and by making sure that that result is below the
    7990             :  * requirement of replication slots.  For the latter criterion we do consider
    7991             :  * the effects of max_slot_wal_keep_size: reserve at most that much space back
    7992             :  * from recptr.
    7993             :  *
    7994             :  * Note about replication slots: if this function calculates a value
    7995             :  * that's further ahead than what slots need reserved, then affected
    7996             :  * slots need to be invalidated and this function invoked again.
    7997             :  * XXX it might be a good idea to rewrite this function so that
    7998             :  * invalidation is optionally done here, instead.
    7999             :  */
    8000             : static void
    8001        3448 : KeepLogSeg(XLogRecPtr recptr, XLogSegNo *logSegNo)
    8002             : {
    8003             :     XLogSegNo   currSegNo;
    8004             :     XLogSegNo   segno;
    8005             :     XLogRecPtr  keep;
    8006             : 
    8007        3448 :     XLByteToSeg(recptr, currSegNo, wal_segment_size);
    8008        3448 :     segno = currSegNo;
    8009             : 
    8010             :     /*
    8011             :      * Calculate how many segments are kept by slots first, adjusting for
    8012             :      * max_slot_wal_keep_size.
    8013             :      */
    8014        3448 :     keep = XLogGetReplicationSlotMinimumLSN();
    8015        3448 :     if (keep != InvalidXLogRecPtr && keep < recptr)
    8016             :     {
    8017        1070 :         XLByteToSeg(keep, segno, wal_segment_size);
    8018             : 
    8019             :         /* Cap by max_slot_wal_keep_size ... */
    8020        1070 :         if (max_slot_wal_keep_size_mb >= 0)
    8021             :         {
    8022             :             uint64      slot_keep_segs;
    8023             : 
    8024          38 :             slot_keep_segs =
    8025          38 :                 ConvertToXSegs(max_slot_wal_keep_size_mb, wal_segment_size);
    8026             : 
    8027          38 :             if (currSegNo - segno > slot_keep_segs)
    8028          10 :                 segno = currSegNo - slot_keep_segs;
    8029             :         }
    8030             :     }
    8031             : 
    8032             :     /*
    8033             :      * If WAL summarization is in use, don't remove WAL that has yet to be
    8034             :      * summarized.
    8035             :      */
    8036        3448 :     keep = GetOldestUnsummarizedLSN(NULL, NULL);
    8037        3448 :     if (keep != InvalidXLogRecPtr)
    8038             :     {
    8039             :         XLogSegNo   unsummarized_segno;
    8040             : 
    8041           4 :         XLByteToSeg(keep, unsummarized_segno, wal_segment_size);
    8042           4 :         if (unsummarized_segno < segno)
    8043           4 :             segno = unsummarized_segno;
    8044             :     }
    8045             : 
    8046             :     /* but, keep at least wal_keep_size if that's set */
    8047        3448 :     if (wal_keep_size_mb > 0)
    8048             :     {
    8049             :         uint64      keep_segs;
    8050             : 
    8051         138 :         keep_segs = ConvertToXSegs(wal_keep_size_mb, wal_segment_size);
    8052         138 :         if (currSegNo - segno < keep_segs)
    8053             :         {
    8054             :             /* avoid underflow, don't go below 1 */
    8055         138 :             if (currSegNo <= keep_segs)
    8056         130 :                 segno = 1;
    8057             :             else
    8058           8 :                 segno = currSegNo - keep_segs;
    8059             :         }
    8060             :     }
    8061             : 
    8062             :     /* don't delete WAL segments newer than the calculated segment */
    8063        3448 :     if (segno < *logSegNo)
    8064         618 :         *logSegNo = segno;
    8065        3448 : }
    8066             : 
    8067             : /*
    8068             :  * Write a NEXTOID log record
    8069             :  */
    8070             : void
    8071        1128 : XLogPutNextOid(Oid nextOid)
    8072             : {
    8073        1128 :     XLogBeginInsert();
    8074        1128 :     XLogRegisterData(&nextOid, sizeof(Oid));
    8075        1128 :     (void) XLogInsert(RM_XLOG_ID, XLOG_NEXTOID);
    8076             : 
    8077             :     /*
    8078             :      * We need not flush the NEXTOID record immediately, because any of the
    8079             :      * just-allocated OIDs could only reach disk as part of a tuple insert or
    8080             :      * update that would have its own XLOG record that must follow the NEXTOID
    8081             :      * record.  Therefore, the standard buffer LSN interlock applied to those
    8082             :      * records will ensure no such OID reaches disk before the NEXTOID record
    8083             :      * does.
    8084             :      *
    8085             :      * Note, however, that the above statement only covers state "within" the
    8086             :      * database.  When we use a generated OID as a file or directory name, we
    8087             :      * are in a sense violating the basic WAL rule, because that filesystem
    8088             :      * change may reach disk before the NEXTOID WAL record does.  The impact
    8089             :      * of this is that if a database crash occurs immediately afterward, we
    8090             :      * might after restart re-generate the same OID and find that it conflicts
    8091             :      * with the leftover file or directory.  But since for safety's sake we
    8092             :      * always loop until finding a nonconflicting filename, this poses no real
    8093             :      * problem in practice. See pgsql-hackers discussion 27-Sep-2006.
    8094             :      */
    8095        1128 : }
    8096             : 
    8097             : /*
    8098             :  * Write an XLOG SWITCH record.
    8099             :  *
    8100             :  * Here we just blindly issue an XLogInsert request for the record.
    8101             :  * All the magic happens inside XLogInsert.
    8102             :  *
    8103             :  * The return value is either the end+1 address of the switch record,
    8104             :  * or the end+1 address of the prior segment if we did not need to
    8105             :  * write a switch record because we are already at segment start.
    8106             :  */
    8107             : XLogRecPtr
    8108         750 : RequestXLogSwitch(bool mark_unimportant)
    8109             : {
    8110             :     XLogRecPtr  RecPtr;
    8111             : 
    8112             :     /* XLOG SWITCH has no data */
    8113         750 :     XLogBeginInsert();
    8114             : 
    8115         750 :     if (mark_unimportant)
    8116           0 :         XLogSetRecordFlags(XLOG_MARK_UNIMPORTANT);
    8117         750 :     RecPtr = XLogInsert(RM_XLOG_ID, XLOG_SWITCH);
    8118             : 
    8119         750 :     return RecPtr;
    8120             : }
    8121             : 
    8122             : /*
    8123             :  * Write a RESTORE POINT record
    8124             :  */
    8125             : XLogRecPtr
    8126           6 : XLogRestorePoint(const char *rpName)
    8127             : {
    8128             :     XLogRecPtr  RecPtr;
    8129             :     xl_restore_point xlrec;
    8130             : 
    8131           6 :     xlrec.rp_time = GetCurrentTimestamp();
    8132           6 :     strlcpy(xlrec.rp_name, rpName, MAXFNAMELEN);
    8133             : 
    8134           6 :     XLogBeginInsert();
    8135           6 :     XLogRegisterData(&xlrec, sizeof(xl_restore_point));
    8136             : 
    8137           6 :     RecPtr = XLogInsert(RM_XLOG_ID, XLOG_RESTORE_POINT);
    8138             : 
    8139           6 :     ereport(LOG,
    8140             :             (errmsg("restore point \"%s\" created at %X/%X",
    8141             :                     rpName, LSN_FORMAT_ARGS(RecPtr))));
    8142             : 
    8143           6 :     return RecPtr;
    8144             : }
    8145             : 
    8146             : /*
    8147             :  * Check if any of the GUC parameters that are critical for hot standby
    8148             :  * have changed, and update the value in pg_control file if necessary.
    8149             :  */
    8150             : static void
    8151        1648 : XLogReportParameters(void)
    8152             : {
    8153        1648 :     if (wal_level != ControlFile->wal_level ||
    8154        1200 :         wal_log_hints != ControlFile->wal_log_hints ||
    8155        1042 :         MaxConnections != ControlFile->MaxConnections ||
    8156        1040 :         max_worker_processes != ControlFile->max_worker_processes ||
    8157        1038 :         max_wal_senders != ControlFile->max_wal_senders ||
    8158         994 :         max_prepared_xacts != ControlFile->max_prepared_xacts ||
    8159         818 :         max_locks_per_xact != ControlFile->max_locks_per_xact ||
    8160         818 :         track_commit_timestamp != ControlFile->track_commit_timestamp)
    8161             :     {
    8162             :         /*
    8163             :          * The change in number of backend slots doesn't need to be WAL-logged
    8164             :          * if archiving is not enabled, as you can't start archive recovery
    8165             :          * with wal_level=minimal anyway. We don't really care about the
    8166             :          * values in pg_control either if wal_level=minimal, but seems better
    8167             :          * to keep them up-to-date to avoid confusion.
    8168             :          */
    8169         850 :         if (wal_level != ControlFile->wal_level || XLogIsNeeded())
    8170             :         {
    8171             :             xl_parameter_change xlrec;
    8172             :             XLogRecPtr  recptr;
    8173             : 
    8174         806 :             xlrec.MaxConnections = MaxConnections;
    8175         806 :             xlrec.max_worker_processes = max_worker_processes;
    8176         806 :             xlrec.max_wal_senders = max_wal_senders;
    8177         806 :             xlrec.max_prepared_xacts = max_prepared_xacts;
    8178         806 :             xlrec.max_locks_per_xact = max_locks_per_xact;
    8179         806 :             xlrec.wal_level = wal_level;
    8180         806 :             xlrec.wal_log_hints = wal_log_hints;
    8181         806 :             xlrec.track_commit_timestamp = track_commit_timestamp;
    8182             : 
    8183         806 :             XLogBeginInsert();
    8184         806 :             XLogRegisterData(&xlrec, sizeof(xlrec));
    8185             : 
    8186         806 :             recptr = XLogInsert(RM_XLOG_ID, XLOG_PARAMETER_CHANGE);
    8187         806 :             XLogFlush(recptr);
    8188             :         }
    8189             : 
    8190         850 :         LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    8191             : 
    8192         850 :         ControlFile->MaxConnections = MaxConnections;
    8193         850 :         ControlFile->max_worker_processes = max_worker_processes;
    8194         850 :         ControlFile->max_wal_senders = max_wal_senders;
    8195         850 :         ControlFile->max_prepared_xacts = max_prepared_xacts;
    8196         850 :         ControlFile->max_locks_per_xact = max_locks_per_xact;
    8197         850 :         ControlFile->wal_level = wal_level;
    8198         850 :         ControlFile->wal_log_hints = wal_log_hints;
    8199         850 :         ControlFile->track_commit_timestamp = track_commit_timestamp;
    8200         850 :         UpdateControlFile();
    8201             : 
    8202         850 :         LWLockRelease(ControlFileLock);
    8203             :     }
    8204        1648 : }
    8205             : 
    8206             : /*
    8207             :  * Update full_page_writes in shared memory, and write an
    8208             :  * XLOG_FPW_CHANGE record if necessary.
    8209             :  *
    8210             :  * Note: this function assumes there is no other process running
    8211             :  * concurrently that could update it.
    8212             :  */
    8213             : void
    8214        2738 : UpdateFullPageWrites(void)
    8215             : {
    8216        2738 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    8217             :     bool        recoveryInProgress;
    8218             : 
    8219             :     /*
    8220             :      * Do nothing if full_page_writes has not been changed.
    8221             :      *
    8222             :      * It's safe to check the shared full_page_writes without the lock,
    8223             :      * because we assume that there is no concurrently running process which
    8224             :      * can update it.
    8225             :      */
    8226        2738 :     if (fullPageWrites == Insert->fullPageWrites)
    8227        1782 :         return;
    8228             : 
    8229             :     /*
    8230             :      * Perform this outside critical section so that the WAL insert
    8231             :      * initialization done by RecoveryInProgress() doesn't trigger an
    8232             :      * assertion failure.
    8233             :      */
    8234         956 :     recoveryInProgress = RecoveryInProgress();
    8235             : 
    8236         956 :     START_CRIT_SECTION();
    8237             : 
    8238             :     /*
    8239             :      * It's always safe to take full page images, even when not strictly
    8240             :      * required, but not the other round. So if we're setting full_page_writes
    8241             :      * to true, first set it true and then write the WAL record. If we're
    8242             :      * setting it to false, first write the WAL record and then set the global
    8243             :      * flag.
    8244             :      */
    8245         956 :     if (fullPageWrites)
    8246             :     {
    8247         936 :         WALInsertLockAcquireExclusive();
    8248         936 :         Insert->fullPageWrites = true;
    8249         936 :         WALInsertLockRelease();
    8250             :     }
    8251             : 
    8252             :     /*
    8253             :      * Write an XLOG_FPW_CHANGE record. This allows us to keep track of
    8254             :      * full_page_writes during archive recovery, if required.
    8255             :      */
    8256         956 :     if (XLogStandbyInfoActive() && !recoveryInProgress)
    8257             :     {
    8258           0 :         XLogBeginInsert();
    8259           0 :         XLogRegisterData(&fullPageWrites, sizeof(bool));
    8260             : 
    8261           0 :         XLogInsert(RM_XLOG_ID, XLOG_FPW_CHANGE);
    8262             :     }
    8263             : 
    8264         956 :     if (!fullPageWrites)
    8265             :     {
    8266          20 :         WALInsertLockAcquireExclusive();
    8267          20 :         Insert->fullPageWrites = false;
    8268          20 :         WALInsertLockRelease();
    8269             :     }
    8270         956 :     END_CRIT_SECTION();
    8271             : }
    8272             : 
    8273             : /*
    8274             :  * XLOG resource manager's routines
    8275             :  *
    8276             :  * Definitions of info values are in include/catalog/pg_control.h, though
    8277             :  * not all record types are related to control file updates.
    8278             :  *
    8279             :  * NOTE: Some XLOG record types that are directly related to WAL recovery
    8280             :  * are handled in xlogrecovery_redo().
    8281             :  */
    8282             : void
    8283       79542 : xlog_redo(XLogReaderState *record)
    8284             : {
    8285       79542 :     uint8       info = XLogRecGetInfo(record) & ~XLR_INFO_MASK;
    8286       79542 :     XLogRecPtr  lsn = record->EndRecPtr;
    8287             : 
    8288             :     /*
    8289             :      * In XLOG rmgr, backup blocks are only used by XLOG_FPI and
    8290             :      * XLOG_FPI_FOR_HINT records.
    8291             :      */
    8292             :     Assert(info == XLOG_FPI || info == XLOG_FPI_FOR_HINT ||
    8293             :            !XLogRecHasAnyBlockRefs(record));
    8294             : 
    8295       79542 :     if (info == XLOG_NEXTOID)
    8296             :     {
    8297             :         Oid         nextOid;
    8298             : 
    8299             :         /*
    8300             :          * We used to try to take the maximum of TransamVariables->nextOid and
    8301             :          * the recorded nextOid, but that fails if the OID counter wraps
    8302             :          * around.  Since no OID allocation should be happening during replay
    8303             :          * anyway, better to just believe the record exactly.  We still take
    8304             :          * OidGenLock while setting the variable, just in case.
    8305             :          */
    8306         184 :         memcpy(&nextOid, XLogRecGetData(record), sizeof(Oid));
    8307         184 :         LWLockAcquire(OidGenLock, LW_EXCLUSIVE);
    8308         184 :         TransamVariables->nextOid = nextOid;
    8309         184 :         TransamVariables->oidCount = 0;
    8310         184 :         LWLockRelease(OidGenLock);
    8311             :     }
    8312       79358 :     else if (info == XLOG_CHECKPOINT_SHUTDOWN)
    8313             :     {
    8314             :         CheckPoint  checkPoint;
    8315             :         TimeLineID  replayTLI;
    8316             : 
    8317          68 :         memcpy(&checkPoint, XLogRecGetData(record), sizeof(CheckPoint));
    8318             :         /* In a SHUTDOWN checkpoint, believe the counters exactly */
    8319          68 :         LWLockAcquire(XidGenLock, LW_EXCLUSIVE);
    8320          68 :         TransamVariables->nextXid = checkPoint.nextXid;
    8321          68 :         LWLockRelease(XidGenLock);
    8322          68 :         LWLockAcquire(OidGenLock, LW_EXCLUSIVE);
    8323          68 :         TransamVariables->nextOid = checkPoint.nextOid;
    8324          68 :         TransamVariables->oidCount = 0;
    8325          68 :         LWLockRelease(OidGenLock);
    8326          68 :         MultiXactSetNextMXact(checkPoint.nextMulti,
    8327             :                               checkPoint.nextMultiOffset);
    8328             : 
    8329          68 :         MultiXactAdvanceOldest(checkPoint.oldestMulti,
    8330             :                                checkPoint.oldestMultiDB);
    8331             : 
    8332             :         /*
    8333             :          * No need to set oldestClogXid here as well; it'll be set when we
    8334             :          * redo an xl_clog_truncate if it changed since initialization.
    8335             :          */
    8336          68 :         SetTransactionIdLimit(checkPoint.oldestXid, checkPoint.oldestXidDB);
    8337             : 
    8338             :         /*
    8339             :          * If we see a shutdown checkpoint while waiting for an end-of-backup
    8340             :          * record, the backup was canceled and the end-of-backup record will
    8341             :          * never arrive.
    8342             :          */
    8343          68 :         if (ArchiveRecoveryRequested &&
    8344          66 :             !XLogRecPtrIsInvalid(ControlFile->backupStartPoint) &&
    8345           0 :             XLogRecPtrIsInvalid(ControlFile->backupEndPoint))
    8346           0 :             ereport(PANIC,
    8347             :                     (errmsg("online backup was canceled, recovery cannot continue")));
    8348             : 
    8349             :         /*
    8350             :          * If we see a shutdown checkpoint, we know that nothing was running
    8351             :          * on the primary at this point. So fake-up an empty running-xacts
    8352             :          * record and use that here and now. Recover additional standby state
    8353             :          * for prepared transactions.
    8354             :          */
    8355          68 :         if (standbyState >= STANDBY_INITIALIZED)
    8356             :         {
    8357             :             TransactionId *xids;
    8358             :             int         nxids;
    8359             :             TransactionId oldestActiveXID;
    8360             :             TransactionId latestCompletedXid;
    8361             :             RunningTransactionsData running;
    8362             : 
    8363          62 :             oldestActiveXID = PrescanPreparedTransactions(&xids, &nxids);
    8364             : 
    8365             :             /* Update pg_subtrans entries for any prepared transactions */
    8366          62 :             StandbyRecoverPreparedTransactions();
    8367             : 
    8368             :             /*
    8369             :              * Construct a RunningTransactions snapshot representing a shut
    8370             :              * down server, with only prepared transactions still alive. We're
    8371             :              * never overflowed at this point because all subxids are listed
    8372             :              * with their parent prepared transactions.
    8373             :              */
    8374          62 :             running.xcnt = nxids;
    8375          62 :             running.subxcnt = 0;
    8376          62 :             running.subxid_status = SUBXIDS_IN_SUBTRANS;
    8377          62 :             running.nextXid = XidFromFullTransactionId(checkPoint.nextXid);
    8378          62 :             running.oldestRunningXid = oldestActiveXID;
    8379          62 :             latestCompletedXid = XidFromFullTransactionId(checkPoint.nextXid);
    8380          62 :             TransactionIdRetreat(latestCompletedXid);
    8381             :             Assert(TransactionIdIsNormal(latestCompletedXid));
    8382          62 :             running.latestCompletedXid = latestCompletedXid;
    8383          62 :             running.xids = xids;
    8384             : 
    8385          62 :             ProcArrayApplyRecoveryInfo(&running);
    8386             :         }
    8387             : 
    8388             :         /* ControlFile->checkPointCopy always tracks the latest ckpt XID */
    8389          68 :         LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    8390          68 :         ControlFile->checkPointCopy.nextXid = checkPoint.nextXid;
    8391          68 :         LWLockRelease(ControlFileLock);
    8392             : 
    8393             :         /* Update shared-memory copy of checkpoint XID/epoch */
    8394          68 :         SpinLockAcquire(&XLogCtl->info_lck);
    8395          68 :         XLogCtl->ckptFullXid = checkPoint.nextXid;
    8396          68 :         SpinLockRelease(&XLogCtl->info_lck);
    8397             : 
    8398             :         /*
    8399             :          * We should've already switched to the new TLI before replaying this
    8400             :          * record.
    8401             :          */
    8402          68 :         (void) GetCurrentReplayRecPtr(&replayTLI);
    8403          68 :         if (checkPoint.ThisTimeLineID != replayTLI)
    8404           0 :             ereport(PANIC,
    8405             :                     (errmsg("unexpected timeline ID %u (should be %u) in shutdown checkpoint record",
    8406             :                             checkPoint.ThisTimeLineID, replayTLI)));
    8407             : 
    8408          68 :         RecoveryRestartPoint(&checkPoint, record);
    8409             :     }
    8410       79290 :     else if (info == XLOG_CHECKPOINT_ONLINE)
    8411             :     {
    8412             :         CheckPoint  checkPoint;
    8413             :         TimeLineID  replayTLI;
    8414             : 
    8415         696 :         memcpy(&checkPoint, XLogRecGetData(record), sizeof(CheckPoint));
    8416             :         /* In an ONLINE checkpoint, treat the XID counter as a minimum */
    8417         696 :         LWLockAcquire(XidGenLock, LW_EXCLUSIVE);
    8418         696 :         if (FullTransactionIdPrecedes(TransamVariables->nextXid,
    8419             :                                       checkPoint.nextXid))
    8420           0 :             TransamVariables->nextXid = checkPoint.nextXid;
    8421         696 :         LWLockRelease(XidGenLock);
    8422             : 
    8423             :         /*
    8424             :          * We ignore the nextOid counter in an ONLINE checkpoint, preferring
    8425             :          * to track OID assignment through XLOG_NEXTOID records.  The nextOid
    8426             :          * counter is from the start of the checkpoint and might well be stale
    8427             :          * compared to later XLOG_NEXTOID records.  We could try to take the
    8428             :          * maximum of the nextOid counter and our latest value, but since
    8429             :          * there's no particular guarantee about the speed with which the OID
    8430             :          * counter wraps around, that's a risky thing to do.  In any case,
    8431             :          * users of the nextOid counter are required to avoid assignment of
    8432             :          * duplicates, so that a somewhat out-of-date value should be safe.
    8433             :          */
    8434             : 
    8435             :         /* Handle multixact */
    8436         696 :         MultiXactAdvanceNextMXact(checkPoint.nextMulti,
    8437             :                                   checkPoint.nextMultiOffset);
    8438             : 
    8439             :         /*
    8440             :          * NB: This may perform multixact truncation when replaying WAL
    8441             :          * generated by an older primary.
    8442             :          */
    8443         696 :         MultiXactAdvanceOldest(checkPoint.oldestMulti,
    8444             :                                checkPoint.oldestMultiDB);
    8445         696 :         if (TransactionIdPrecedes(TransamVariables->oldestXid,
    8446             :                                   checkPoint.oldestXid))
    8447           0 :             SetTransactionIdLimit(checkPoint.oldestXid,
    8448             :                                   checkPoint.oldestXidDB);
    8449             :         /* ControlFile->checkPointCopy always tracks the latest ckpt XID */
    8450         696 :         LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    8451         696 :         ControlFile->checkPointCopy.nextXid = checkPoint.nextXid;
    8452         696 :         LWLockRelease(ControlFileLock);
    8453             : 
    8454             :         /* Update shared-memory copy of checkpoint XID/epoch */
    8455         696 :         SpinLockAcquire(&XLogCtl->info_lck);
    8456         696 :         XLogCtl->ckptFullXid = checkPoint.nextXid;
    8457         696 :         SpinLockRelease(&XLogCtl->info_lck);
    8458             : 
    8459             :         /* TLI should not change in an on-line checkpoint */
    8460         696 :         (void) GetCurrentReplayRecPtr(&replayTLI);
    8461         696 :         if (checkPoint.ThisTimeLineID != replayTLI)
    8462           0 :             ereport(PANIC,
    8463             :                     (errmsg("unexpected timeline ID %u (should be %u) in online checkpoint record",
    8464             :                             checkPoint.ThisTimeLineID, replayTLI)));
    8465             : 
    8466         696 :         RecoveryRestartPoint(&checkPoint, record);
    8467             :     }
    8468       78594 :     else if (info == XLOG_OVERWRITE_CONTRECORD)
    8469             :     {
    8470             :         /* nothing to do here, handled in xlogrecovery_redo() */
    8471             :     }
    8472       78592 :     else if (info == XLOG_END_OF_RECOVERY)
    8473             :     {
    8474             :         xl_end_of_recovery xlrec;
    8475             :         TimeLineID  replayTLI;
    8476             : 
    8477          20 :         memcpy(&xlrec, XLogRecGetData(record), sizeof(xl_end_of_recovery));
    8478             : 
    8479             :         /*
    8480             :          * For Hot Standby, we could treat this like a Shutdown Checkpoint,
    8481             :          * but this case is rarer and harder to test, so the benefit doesn't
    8482             :          * outweigh the potential extra cost of maintenance.
    8483             :          */
    8484             : 
    8485             :         /*
    8486             :          * We should've already switched to the new TLI before replaying this
    8487             :          * record.
    8488             :          */
    8489          20 :         (void) GetCurrentReplayRecPtr(&replayTLI);
    8490          20 :         if (xlrec.ThisTimeLineID != replayTLI)
    8491           0 :             ereport(PANIC,
    8492             :                     (errmsg("unexpected timeline ID %u (should be %u) in end-of-recovery record",
    8493             :                             xlrec.ThisTimeLineID, replayTLI)));
    8494             :     }
    8495       78572 :     else if (info == XLOG_NOOP)
    8496             :     {
    8497             :         /* nothing to do here */
    8498             :     }
    8499       78572 :     else if (info == XLOG_SWITCH)
    8500             :     {
    8501             :         /* nothing to do here */
    8502             :     }
    8503       78332 :     else if (info == XLOG_RESTORE_POINT)
    8504             :     {
    8505             :         /* nothing to do here, handled in xlogrecovery.c */
    8506             :     }
    8507       78322 :     else if (info == XLOG_FPI || info == XLOG_FPI_FOR_HINT)
    8508             :     {
    8509             :         /*
    8510             :          * XLOG_FPI records contain nothing else but one or more block
    8511             :          * references. Every block reference must include a full-page image
    8512             :          * even if full_page_writes was disabled when the record was generated
    8513             :          * - otherwise there would be no point in this record.
    8514             :          *
    8515             :          * XLOG_FPI_FOR_HINT records are generated when a page needs to be
    8516             :          * WAL-logged because of a hint bit update. They are only generated
    8517             :          * when checksums and/or wal_log_hints are enabled. They may include
    8518             :          * no full-page images if full_page_writes was disabled when they were
    8519             :          * generated. In this case there is nothing to do here.
    8520             :          *
    8521             :          * No recovery conflicts are generated by these generic records - if a
    8522             :          * resource manager needs to generate conflicts, it has to define a
    8523             :          * separate WAL record type and redo routine.
    8524             :          */
    8525      164402 :         for (uint8 block_id = 0; block_id <= XLogRecMaxBlockId(record); block_id++)
    8526             :         {
    8527             :             Buffer      buffer;
    8528             : 
    8529       87008 :             if (!XLogRecHasBlockImage(record, block_id))
    8530             :             {
    8531         132 :                 if (info == XLOG_FPI)
    8532           0 :                     elog(ERROR, "XLOG_FPI record did not contain a full-page image");
    8533         132 :                 continue;
    8534             :             }
    8535             : 
    8536       86876 :             if (XLogReadBufferForRedo(record, block_id, &buffer) != BLK_RESTORED)
    8537           0 :                 elog(ERROR, "unexpected XLogReadBufferForRedo result when restoring backup block");
    8538       86876 :             UnlockReleaseBuffer(buffer);
    8539             :         }
    8540             :     }
    8541         928 :     else if (info == XLOG_BACKUP_END)
    8542             :     {
    8543             :         /* nothing to do here, handled in xlogrecovery_redo() */
    8544             :     }
    8545         762 :     else if (info == XLOG_PARAMETER_CHANGE)
    8546             :     {
    8547             :         xl_parameter_change xlrec;
    8548             : 
    8549             :         /* Update our copy of the parameters in pg_control */
    8550          64 :         memcpy(&xlrec, XLogRecGetData(record), sizeof(xl_parameter_change));
    8551             : 
    8552             :         /*
    8553             :          * Invalidate logical slots if we are in hot standby and the primary
    8554             :          * does not have a WAL level sufficient for logical decoding. No need
    8555             :          * to search for potentially conflicting logically slots if standby is
    8556             :          * running with wal_level lower than logical, because in that case, we
    8557             :          * would have either disallowed creation of logical slots or
    8558             :          * invalidated existing ones.
    8559             :          */
    8560          64 :         if (InRecovery && InHotStandby &&
    8561          34 :             xlrec.wal_level < WAL_LEVEL_LOGICAL &&
    8562          12 :             wal_level >= WAL_LEVEL_LOGICAL)
    8563           8 :             InvalidateObsoleteReplicationSlots(RS_INVAL_WAL_LEVEL,
    8564             :                                                0, InvalidOid,
    8565             :                                                InvalidTransactionId);
    8566             : 
    8567          64 :         LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    8568          64 :         ControlFile->MaxConnections = xlrec.MaxConnections;
    8569          64 :         ControlFile->max_worker_processes = xlrec.max_worker_processes;
    8570          64 :         ControlFile->max_wal_senders = xlrec.max_wal_senders;
    8571          64 :         ControlFile->max_prepared_xacts = xlrec.max_prepared_xacts;
    8572          64 :         ControlFile->max_locks_per_xact = xlrec.max_locks_per_xact;
    8573          64 :         ControlFile->wal_level = xlrec.wal_level;
    8574          64 :         ControlFile->wal_log_hints = xlrec.wal_log_hints;
    8575             : 
    8576             :         /*
    8577             :          * Update minRecoveryPoint to ensure that if recovery is aborted, we
    8578             :          * recover back up to this point before allowing hot standby again.
    8579             :          * This is important if the max_* settings are decreased, to ensure
    8580             :          * you don't run queries against the WAL preceding the change. The
    8581             :          * local copies cannot be updated as long as crash recovery is
    8582             :          * happening and we expect all the WAL to be replayed.
    8583             :          */
    8584          64 :         if (InArchiveRecovery)
    8585             :         {
    8586          36 :             LocalMinRecoveryPoint = ControlFile->minRecoveryPoint;
    8587          36 :             LocalMinRecoveryPointTLI = ControlFile->minRecoveryPointTLI;
    8588             :         }
    8589          64 :         if (LocalMinRecoveryPoint != InvalidXLogRecPtr && LocalMinRecoveryPoint < lsn)
    8590             :         {
    8591             :             TimeLineID  replayTLI;
    8592             : 
    8593          14 :             (void) GetCurrentReplayRecPtr(&replayTLI);
    8594          14 :             ControlFile->minRecoveryPoint = lsn;
    8595          14 :             ControlFile->minRecoveryPointTLI = replayTLI;
    8596             :         }
    8597             : 
    8598          64 :         CommitTsParameterChange(xlrec.track_commit_timestamp,
    8599          64 :                                 ControlFile->track_commit_timestamp);
    8600          64 :         ControlFile->track_commit_timestamp = xlrec.track_commit_timestamp;
    8601             : 
    8602          64 :         UpdateControlFile();
    8603          64 :         LWLockRelease(ControlFileLock);
    8604             : 
    8605             :         /* Check to see if any parameter change gives a problem on recovery */
    8606          64 :         CheckRequiredParameterValues();
    8607             :     }
    8608         698 :     else if (info == XLOG_FPW_CHANGE)
    8609             :     {
    8610             :         bool        fpw;
    8611             : 
    8612           0 :         memcpy(&fpw, XLogRecGetData(record), sizeof(bool));
    8613             : 
    8614             :         /*
    8615             :          * Update the LSN of the last replayed XLOG_FPW_CHANGE record so that
    8616             :          * do_pg_backup_start() and do_pg_backup_stop() can check whether
    8617             :          * full_page_writes has been disabled during online backup.
    8618             :          */
    8619           0 :         if (!fpw)
    8620             :         {
    8621           0 :             SpinLockAcquire(&XLogCtl->info_lck);
    8622           0 :             if (XLogCtl->lastFpwDisableRecPtr < record->ReadRecPtr)
    8623           0 :                 XLogCtl->lastFpwDisableRecPtr = record->ReadRecPtr;
    8624           0 :             SpinLockRelease(&XLogCtl->info_lck);
    8625             :         }
    8626             : 
    8627             :         /* Keep track of full_page_writes */
    8628           0 :         lastFullPageWrites = fpw;
    8629             :     }
    8630             :     else if (info == XLOG_CHECKPOINT_REDO)
    8631             :     {
    8632             :         /* nothing to do here, just for informational purposes */
    8633             :     }
    8634       79538 : }
    8635             : 
    8636             : /*
    8637             :  * Return the extra open flags used for opening a file, depending on the
    8638             :  * value of the GUCs wal_sync_method, fsync and debug_io_direct.
    8639             :  */
    8640             : static int
    8641       27672 : get_sync_bit(int method)
    8642             : {
    8643       27672 :     int         o_direct_flag = 0;
    8644             : 
    8645             :     /*
    8646             :      * Use O_DIRECT if requested, except in walreceiver process.  The WAL
    8647             :      * written by walreceiver is normally read by the startup process soon
    8648             :      * after it's written.  Also, walreceiver performs unaligned writes, which
    8649             :      * don't work with O_DIRECT, so it is required for correctness too.
    8650             :      */
    8651       27672 :     if ((io_direct_flags & IO_DIRECT_WAL) && !AmWalReceiverProcess())
    8652          18 :         o_direct_flag = PG_O_DIRECT;
    8653             : 
    8654             :     /* If fsync is disabled, never open in sync mode */
    8655       27672 :     if (!enableFsync)
    8656       27672 :         return o_direct_flag;
    8657             : 
    8658           0 :     switch (method)
    8659             :     {
    8660             :             /*
    8661             :              * enum values for all sync options are defined even if they are
    8662             :              * not supported on the current platform.  But if not, they are
    8663             :              * not included in the enum option array, and therefore will never
    8664             :              * be seen here.
    8665             :              */
    8666           0 :         case WAL_SYNC_METHOD_FSYNC:
    8667             :         case WAL_SYNC_METHOD_FSYNC_WRITETHROUGH:
    8668             :         case WAL_SYNC_METHOD_FDATASYNC:
    8669           0 :             return o_direct_flag;
    8670             : #ifdef O_SYNC
    8671           0 :         case WAL_SYNC_METHOD_OPEN:
    8672           0 :             return O_SYNC | o_direct_flag;
    8673             : #endif
    8674             : #ifdef O_DSYNC
    8675           0 :         case WAL_SYNC_METHOD_OPEN_DSYNC:
    8676           0 :             return O_DSYNC | o_direct_flag;
    8677             : #endif
    8678           0 :         default:
    8679             :             /* can't happen (unless we are out of sync with option array) */
    8680           0 :             elog(ERROR, "unrecognized \"wal_sync_method\": %d", method);
    8681             :             return 0;           /* silence warning */
    8682             :     }
    8683             : }
    8684             : 
    8685             : /*
    8686             :  * GUC support
    8687             :  */
    8688             : void
    8689        2098 : assign_wal_sync_method(int new_wal_sync_method, void *extra)
    8690             : {
    8691        2098 :     if (wal_sync_method != new_wal_sync_method)
    8692             :     {
    8693             :         /*
    8694             :          * To ensure that no blocks escape unsynced, force an fsync on the
    8695             :          * currently open log segment (if any).  Also, if the open flag is
    8696             :          * changing, close the log file so it will be reopened (with new flag
    8697             :          * bit) at next use.
    8698             :          */
    8699           0 :         if (openLogFile >= 0)
    8700             :         {
    8701           0 :             pgstat_report_wait_start(WAIT_EVENT_WAL_SYNC_METHOD_ASSIGN);
    8702           0 :             if (pg_fsync(openLogFile) != 0)
    8703             :             {
    8704             :                 char        xlogfname[MAXFNAMELEN];
    8705             :                 int         save_errno;
    8706             : 
    8707           0 :                 save_errno = errno;
    8708           0 :                 XLogFileName(xlogfname, openLogTLI, openLogSegNo,
    8709             :                              wal_segment_size);
    8710           0 :                 errno = save_errno;
    8711           0 :                 ereport(PANIC,
    8712             :                         (errcode_for_file_access(),
    8713             :                          errmsg("could not fsync file \"%s\": %m", xlogfname)));
    8714             :             }
    8715             : 
    8716           0 :             pgstat_report_wait_end();
    8717           0 :             if (get_sync_bit(wal_sync_method) != get_sync_bit(new_wal_sync_method))
    8718           0 :                 XLogFileClose();
    8719             :         }
    8720             :     }
    8721        2098 : }
    8722             : 
    8723             : 
    8724             : /*
    8725             :  * Issue appropriate kind of fsync (if any) for an XLOG output file.
    8726             :  *
    8727             :  * 'fd' is a file descriptor for the XLOG file to be fsync'd.
    8728             :  * 'segno' is for error reporting purposes.
    8729             :  */
    8730             : void
    8731      269464 : issue_xlog_fsync(int fd, XLogSegNo segno, TimeLineID tli)
    8732             : {
    8733      269464 :     char       *msg = NULL;
    8734             :     instr_time  start;
    8735             : 
    8736             :     Assert(tli != 0);
    8737             : 
    8738             :     /*
    8739             :      * Quick exit if fsync is disabled or write() has already synced the WAL
    8740             :      * file.
    8741             :      */
    8742      269464 :     if (!enableFsync ||
    8743           0 :         wal_sync_method == WAL_SYNC_METHOD_OPEN ||
    8744           0 :         wal_sync_method == WAL_SYNC_METHOD_OPEN_DSYNC)
    8745      269464 :         return;
    8746             : 
    8747             :     /*
    8748             :      * Measure I/O timing to sync the WAL file for pg_stat_io.
    8749             :      */
    8750           0 :     start = pgstat_prepare_io_time(track_wal_io_timing);
    8751             : 
    8752           0 :     pgstat_report_wait_start(WAIT_EVENT_WAL_SYNC);
    8753           0 :     switch (wal_sync_method)
    8754             :     {
    8755           0 :         case WAL_SYNC_METHOD_FSYNC:
    8756           0 :             if (pg_fsync_no_writethrough(fd) != 0)
    8757           0 :                 msg = _("could not fsync file \"%s\": %m");
    8758           0 :             break;
    8759             : #ifdef HAVE_FSYNC_WRITETHROUGH
    8760             :         case WAL_SYNC_METHOD_FSYNC_WRITETHROUGH:
    8761             :             if (pg_fsync_writethrough(fd) != 0)
    8762             :                 msg = _("could not fsync write-through file \"%s\": %m");
    8763             :             break;
    8764             : #endif
    8765           0 :         case WAL_SYNC_METHOD_FDATASYNC:
    8766           0 :             if (pg_fdatasync(fd) != 0)
    8767           0 :                 msg = _("could not fdatasync file \"%s\": %m");
    8768           0 :             break;
    8769           0 :         case WAL_SYNC_METHOD_OPEN:
    8770             :         case WAL_SYNC_METHOD_OPEN_DSYNC:
    8771             :             /* not reachable */
    8772             :             Assert(false);
    8773           0 :             break;
    8774           0 :         default:
    8775           0 :             ereport(PANIC,
    8776             :                     errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    8777             :                     errmsg_internal("unrecognized \"wal_sync_method\": %d", wal_sync_method));
    8778             :             break;
    8779             :     }
    8780             : 
    8781             :     /* PANIC if failed to fsync */
    8782           0 :     if (msg)
    8783             :     {
    8784             :         char        xlogfname[MAXFNAMELEN];
    8785           0 :         int         save_errno = errno;
    8786             : 
    8787           0 :         XLogFileName(xlogfname, tli, segno, wal_segment_size);
    8788           0 :         errno = save_errno;
    8789           0 :         ereport(PANIC,
    8790             :                 (errcode_for_file_access(),
    8791             :                  errmsg(msg, xlogfname)));
    8792             :     }
    8793             : 
    8794           0 :     pgstat_report_wait_end();
    8795             : 
    8796           0 :     pgstat_count_io_op_time(IOOBJECT_WAL, IOCONTEXT_NORMAL, IOOP_FSYNC,
    8797             :                             start, 1, 0);
    8798             : }
    8799             : 
    8800             : /*
    8801             :  * do_pg_backup_start is the workhorse of the user-visible pg_backup_start()
    8802             :  * function. It creates the necessary starting checkpoint and constructs the
    8803             :  * backup state and tablespace map.
    8804             :  *
    8805             :  * Input parameters are "state" (the backup state), "fast" (if true, we do
    8806             :  * the checkpoint in immediate mode to make it faster), and "tablespaces"
    8807             :  * (if non-NULL, indicates a list of tablespaceinfo structs describing the
    8808             :  * cluster's tablespaces.).
    8809             :  *
    8810             :  * The tablespace map contents are appended to passed-in parameter
    8811             :  * tablespace_map and the caller is responsible for including it in the backup
    8812             :  * archive as 'tablespace_map'. The tablespace_map file is required mainly for
    8813             :  * tar format in windows as native windows utilities are not able to create
    8814             :  * symlinks while extracting files from tar. However for consistency and
    8815             :  * platform-independence, we do it the same way everywhere.
    8816             :  *
    8817             :  * It fills in "state" with the information required for the backup, such
    8818             :  * as the minimum WAL location that must be present to restore from this
    8819             :  * backup (starttli) and the corresponding timeline ID (starttli).
    8820             :  *
    8821             :  * Every successfully started backup must be stopped by calling
    8822             :  * do_pg_backup_stop() or do_pg_abort_backup(). There can be many
    8823             :  * backups active at the same time.
    8824             :  *
    8825             :  * It is the responsibility of the caller of this function to verify the
    8826             :  * permissions of the calling user!
    8827             :  */
    8828             : void
    8829         324 : do_pg_backup_start(const char *backupidstr, bool fast, List **tablespaces,
    8830             :                    BackupState *state, StringInfo tblspcmapfile)
    8831             : {
    8832             :     bool        backup_started_in_recovery;
    8833             : 
    8834             :     Assert(state != NULL);
    8835         324 :     backup_started_in_recovery = RecoveryInProgress();
    8836             : 
    8837             :     /*
    8838             :      * During recovery, we don't need to check WAL level. Because, if WAL
    8839             :      * level is not sufficient, it's impossible to get here during recovery.
    8840             :      */
    8841         324 :     if (!backup_started_in_recovery && !XLogIsNeeded())
    8842           0 :         ereport(ERROR,
    8843             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    8844             :                  errmsg("WAL level not sufficient for making an online backup"),
    8845             :                  errhint("\"wal_level\" must be set to \"replica\" or \"logical\" at server start.")));
    8846             : 
    8847         324 :     if (strlen(backupidstr) > MAXPGPATH)
    8848           2 :         ereport(ERROR,
    8849             :                 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    8850             :                  errmsg("backup label too long (max %d bytes)",
    8851             :                         MAXPGPATH)));
    8852             : 
    8853         322 :     strlcpy(state->name, backupidstr, sizeof(state->name));
    8854             : 
    8855             :     /*
    8856             :      * Mark backup active in shared memory.  We must do full-page WAL writes
    8857             :      * during an on-line backup even if not doing so at other times, because
    8858             :      * it's quite possible for the backup dump to obtain a "torn" (partially
    8859             :      * written) copy of a database page if it reads the page concurrently with
    8860             :      * our write to the same page.  This can be fixed as long as the first
    8861             :      * write to the page in the WAL sequence is a full-page write. Hence, we
    8862             :      * increment runningBackups then force a CHECKPOINT, to ensure there are
    8863             :      * no dirty pages in shared memory that might get dumped while the backup
    8864             :      * is in progress without having a corresponding WAL record.  (Once the
    8865             :      * backup is complete, we need not force full-page writes anymore, since
    8866             :      * we expect that any pages not modified during the backup interval must
    8867             :      * have been correctly captured by the backup.)
    8868             :      *
    8869             :      * Note that forcing full-page writes has no effect during an online
    8870             :      * backup from the standby.
    8871             :      *
    8872             :      * We must hold all the insertion locks to change the value of
    8873             :      * runningBackups, to ensure adequate interlocking against
    8874             :      * XLogInsertRecord().
    8875             :      */
    8876         322 :     WALInsertLockAcquireExclusive();
    8877         322 :     XLogCtl->Insert.runningBackups++;
    8878         322 :     WALInsertLockRelease();
    8879             : 
    8880             :     /*
    8881             :      * Ensure we decrement runningBackups if we fail below. NB -- for this to
    8882             :      * work correctly, it is critical that sessionBackupState is only updated
    8883             :      * after this block is over.
    8884             :      */
    8885         322 :     PG_ENSURE_ERROR_CLEANUP(do_pg_abort_backup, DatumGetBool(true));
    8886             :     {
    8887         322 :         bool        gotUniqueStartpoint = false;
    8888             :         DIR        *tblspcdir;
    8889             :         struct dirent *de;
    8890             :         tablespaceinfo *ti;
    8891             :         int         datadirpathlen;
    8892             : 
    8893             :         /*
    8894             :          * Force an XLOG file switch before the checkpoint, to ensure that the
    8895             :          * WAL segment the checkpoint is written to doesn't contain pages with
    8896             :          * old timeline IDs.  That would otherwise happen if you called
    8897             :          * pg_backup_start() right after restoring from a PITR archive: the
    8898             :          * first WAL segment containing the startup checkpoint has pages in
    8899             :          * the beginning with the old timeline ID.  That can cause trouble at
    8900             :          * recovery: we won't have a history file covering the old timeline if
    8901             :          * pg_wal directory was not included in the base backup and the WAL
    8902             :          * archive was cleared too before starting the backup.
    8903             :          *
    8904             :          * This also ensures that we have emitted a WAL page header that has
    8905             :          * XLP_BKP_REMOVABLE off before we emit the checkpoint record.
    8906             :          * Therefore, if a WAL archiver (such as pglesslog) is trying to
    8907             :          * compress out removable backup blocks, it won't remove any that
    8908             :          * occur after this point.
    8909             :          *
    8910             :          * During recovery, we skip forcing XLOG file switch, which means that
    8911             :          * the backup taken during recovery is not available for the special
    8912             :          * recovery case described above.
    8913             :          */
    8914         322 :         if (!backup_started_in_recovery)
    8915         308 :             RequestXLogSwitch(false);
    8916             : 
    8917             :         do
    8918             :         {
    8919             :             bool        checkpointfpw;
    8920             : 
    8921             :             /*
    8922             :              * Force a CHECKPOINT.  Aside from being necessary to prevent torn
    8923             :              * page problems, this guarantees that two successive backup runs
    8924             :              * will have different checkpoint positions and hence different
    8925             :              * history file names, even if nothing happened in between.
    8926             :              *
    8927             :              * During recovery, establish a restartpoint if possible. We use
    8928             :              * the last restartpoint as the backup starting checkpoint. This
    8929             :              * means that two successive backup runs can have same checkpoint
    8930             :              * positions.
    8931             :              *
    8932             :              * Since the fact that we are executing do_pg_backup_start()
    8933             :              * during recovery means that checkpointer is running, we can use
    8934             :              * RequestCheckpoint() to establish a restartpoint.
    8935             :              *
    8936             :              * We use CHECKPOINT_IMMEDIATE only if requested by user (via
    8937             :              * passing fast = true).  Otherwise this can take awhile.
    8938             :              */
    8939         322 :             RequestCheckpoint(CHECKPOINT_FORCE | CHECKPOINT_WAIT |
    8940             :                               (fast ? CHECKPOINT_IMMEDIATE : 0));
    8941             : 
    8942             :             /*
    8943             :              * Now we need to fetch the checkpoint record location, and also
    8944             :              * its REDO pointer.  The oldest point in WAL that would be needed
    8945             :              * to restore starting from the checkpoint is precisely the REDO
    8946             :              * pointer.
    8947             :              */
    8948         322 :             LWLockAcquire(ControlFileLock, LW_SHARED);
    8949         322 :             state->checkpointloc = ControlFile->checkPoint;
    8950         322 :             state->startpoint = ControlFile->checkPointCopy.redo;
    8951         322 :             state->starttli = ControlFile->checkPointCopy.ThisTimeLineID;
    8952         322 :             checkpointfpw = ControlFile->checkPointCopy.fullPageWrites;
    8953         322 :             LWLockRelease(ControlFileLock);
    8954             : 
    8955         322 :             if (backup_started_in_recovery)
    8956             :             {
    8957             :                 XLogRecPtr  recptr;
    8958             : 
    8959             :                 /*
    8960             :                  * Check to see if all WAL replayed during online backup
    8961             :                  * (i.e., since last restartpoint used as backup starting
    8962             :                  * checkpoint) contain full-page writes.
    8963             :                  */
    8964          14 :                 SpinLockAcquire(&XLogCtl->info_lck);
    8965          14 :                 recptr = XLogCtl->lastFpwDisableRecPtr;
    8966          14 :                 SpinLockRelease(&XLogCtl->info_lck);
    8967             : 
    8968          14 :                 if (!checkpointfpw || state->startpoint <= recptr)
    8969           0 :                     ereport(ERROR,
    8970             :                             (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    8971             :                              errmsg("WAL generated with \"full_page_writes=off\" was replayed "
    8972             :                                     "since last restartpoint"),
    8973             :                              errhint("This means that the backup being taken on the standby "
    8974             :                                      "is corrupt and should not be used. "
    8975             :                                      "Enable \"full_page_writes\" and run CHECKPOINT on the primary, "
    8976             :                                      "and then try an online backup again.")));
    8977             : 
    8978             :                 /*
    8979             :                  * During recovery, since we don't use the end-of-backup WAL
    8980             :                  * record and don't write the backup history file, the
    8981             :                  * starting WAL location doesn't need to be unique. This means
    8982             :                  * that two base backups started at the same time might use
    8983             :                  * the same checkpoint as starting locations.
    8984             :                  */
    8985          14 :                 gotUniqueStartpoint = true;
    8986             :             }
    8987             : 
    8988             :             /*
    8989             :              * If two base backups are started at the same time (in WAL sender
    8990             :              * processes), we need to make sure that they use different
    8991             :              * checkpoints as starting locations, because we use the starting
    8992             :              * WAL location as a unique identifier for the base backup in the
    8993             :              * end-of-backup WAL record and when we write the backup history
    8994             :              * file. Perhaps it would be better generate a separate unique ID
    8995             :              * for each backup instead of forcing another checkpoint, but
    8996             :              * taking a checkpoint right after another is not that expensive
    8997             :              * either because only few buffers have been dirtied yet.
    8998             :              */
    8999         322 :             WALInsertLockAcquireExclusive();
    9000         322 :             if (XLogCtl->Insert.lastBackupStart < state->startpoint)
    9001             :             {
    9002         322 :                 XLogCtl->Insert.lastBackupStart = state->startpoint;
    9003         322 :                 gotUniqueStartpoint = true;
    9004             :             }
    9005         322 :             WALInsertLockRelease();
    9006         322 :         } while (!gotUniqueStartpoint);
    9007             : 
    9008             :         /*
    9009             :          * Construct tablespace_map file.
    9010             :          */
    9011         322 :         datadirpathlen = strlen(DataDir);
    9012             : 
    9013             :         /* Collect information about all tablespaces */
    9014         322 :         tblspcdir = AllocateDir(PG_TBLSPC_DIR);
    9015        1038 :         while ((de = ReadDir(tblspcdir, PG_TBLSPC_DIR)) != NULL)
    9016             :         {
    9017             :             char        fullpath[MAXPGPATH + sizeof(PG_TBLSPC_DIR)];
    9018             :             char        linkpath[MAXPGPATH];
    9019         716 :             char       *relpath = NULL;
    9020             :             char       *s;
    9021             :             PGFileType  de_type;
    9022             :             char       *badp;
    9023             :             Oid         tsoid;
    9024             : 
    9025             :             /*
    9026             :              * Try to parse the directory name as an unsigned integer.
    9027             :              *
    9028             :              * Tablespace directories should be positive integers that can be
    9029             :              * represented in 32 bits, with no leading zeroes or trailing
    9030             :              * garbage. If we come across a name that doesn't meet those
    9031             :              * criteria, skip it.
    9032             :              */
    9033         716 :             if (de->d_name[0] < '1' || de->d_name[1] > '9')
    9034         644 :                 continue;
    9035          72 :             errno = 0;
    9036          72 :             tsoid = strtoul(de->d_name, &badp, 10);
    9037          72 :             if (*badp != '\0' || errno == EINVAL || errno == ERANGE)
    9038           0 :                 continue;
    9039             : 
    9040          72 :             snprintf(fullpath, sizeof(fullpath), "%s/%s", PG_TBLSPC_DIR, de->d_name);
    9041             : 
    9042          72 :             de_type = get_dirent_type(fullpath, de, false, ERROR);
    9043             : 
    9044          72 :             if (de_type == PGFILETYPE_LNK)
    9045             :             {
    9046             :                 StringInfoData escapedpath;
    9047             :                 int         rllen;
    9048             : 
    9049          44 :                 rllen = readlink(fullpath, linkpath, sizeof(linkpath));
    9050          44 :                 if (rllen < 0)
    9051             :                 {
    9052           0 :                     ereport(WARNING,
    9053             :                             (errmsg("could not read symbolic link \"%s\": %m",
    9054             :                                     fullpath)));
    9055           0 :                     continue;
    9056             :                 }
    9057          44 :                 else if (rllen >= sizeof(linkpath))
    9058             :                 {
    9059           0 :                     ereport(WARNING,
    9060             :                             (errmsg("symbolic link \"%s\" target is too long",
    9061             :                                     fullpath)));
    9062           0 :                     continue;
    9063             :                 }
    9064          44 :                 linkpath[rllen] = '\0';
    9065             : 
    9066             :                 /*
    9067             :                  * Relpath holds the relative path of the tablespace directory
    9068             :                  * when it's located within PGDATA, or NULL if it's located
    9069             :                  * elsewhere.
    9070             :                  */
    9071          44 :                 if (rllen > datadirpathlen &&
    9072           2 :                     strncmp(linkpath, DataDir, datadirpathlen) == 0 &&
    9073           0 :                     IS_DIR_SEP(linkpath[datadirpathlen]))
    9074           0 :                     relpath = pstrdup(linkpath + datadirpathlen + 1);
    9075             : 
    9076             :                 /*
    9077             :                  * Add a backslash-escaped version of the link path to the
    9078             :                  * tablespace map file.
    9079             :                  */
    9080          44 :                 initStringInfo(&escapedpath);
    9081        1092 :                 for (s = linkpath; *s; s++)
    9082             :                 {
    9083        1048 :                     if (*s == '\n' || *s == '\r' || *s == '\\')
    9084           0 :                         appendStringInfoChar(&escapedpath, '\\');
    9085        1048 :                     appendStringInfoChar(&escapedpath, *s);
    9086             :                 }
    9087          44 :                 appendStringInfo(tblspcmapfile, "%s %s\n",
    9088          44 :                                  de->d_name, escapedpath.data);
    9089          44 :                 pfree(escapedpath.data);
    9090             :             }
    9091          28 :             else if (de_type == PGFILETYPE_DIR)
    9092             :             {
    9093             :                 /*
    9094             :                  * It's possible to use allow_in_place_tablespaces to create
    9095             :                  * directories directly under pg_tblspc, for testing purposes
    9096             :                  * only.
    9097             :                  *
    9098             :                  * In this case, we store a relative path rather than an
    9099             :                  * absolute path into the tablespaceinfo.
    9100             :                  */
    9101          28 :                 snprintf(linkpath, sizeof(linkpath), "%s/%s",
    9102          28 :                          PG_TBLSPC_DIR, de->d_name);
    9103          28 :                 relpath = pstrdup(linkpath);
    9104             :             }
    9105             :             else
    9106             :             {
    9107             :                 /* Skip any other file type that appears here. */
    9108           0 :                 continue;
    9109             :             }
    9110             : 
    9111          72 :             ti = palloc(sizeof(tablespaceinfo));
    9112          72 :             ti->oid = tsoid;
    9113          72 :             ti->path = pstrdup(linkpath);
    9114          72 :             ti->rpath = relpath;
    9115          72 :             ti->size = -1;
    9116             : 
    9117          72 :             if (tablespaces)
    9118          72 :                 *tablespaces = lappend(*tablespaces, ti);
    9119             :         }
    9120         322 :         FreeDir(tblspcdir);
    9121             : 
    9122         322 :         state->starttime = (pg_time_t) time(NULL);
    9123             :     }
    9124         322 :     PG_END_ENSURE_ERROR_CLEANUP(do_pg_abort_backup, DatumGetBool(true));
    9125             : 
    9126         322 :     state->started_in_recovery = backup_started_in_recovery;
    9127             : 
    9128             :     /*
    9129             :      * Mark that the start phase has correctly finished for the backup.
    9130             :      */
    9131         322 :     sessionBackupState = SESSION_BACKUP_RUNNING;
    9132         322 : }
    9133             : 
    9134             : /*
    9135             :  * Utility routine to fetch the session-level status of a backup running.
    9136             :  */
    9137             : SessionBackupState
    9138         366 : get_backup_status(void)
    9139             : {
    9140         366 :     return sessionBackupState;
    9141             : }
    9142             : 
    9143             : /*
    9144             :  * do_pg_backup_stop
    9145             :  *
    9146             :  * Utility function called at the end of an online backup.  It creates history
    9147             :  * file (if required), resets sessionBackupState and so on.  It can optionally
    9148             :  * wait for WAL segments to be archived.
    9149             :  *
    9150             :  * "state" is filled with the information necessary to restore from this
    9151             :  * backup with its stop LSN (stoppoint), its timeline ID (stoptli), etc.
    9152             :  *
    9153             :  * It is the responsibility of the caller of this function to verify the
    9154             :  * permissions of the calling user!
    9155             :  */
    9156             : void
    9157         310 : do_pg_backup_stop(BackupState *state, bool waitforarchive)
    9158             : {
    9159         310 :     bool        backup_stopped_in_recovery = false;
    9160             :     char        histfilepath[MAXPGPATH];
    9161             :     char        lastxlogfilename[MAXFNAMELEN];
    9162             :     char        histfilename[MAXFNAMELEN];
    9163             :     XLogSegNo   _logSegNo;
    9164             :     FILE       *fp;
    9165             :     int         seconds_before_warning;
    9166         310 :     int         waits = 0;
    9167         310 :     bool        reported_waiting = false;
    9168             : 
    9169             :     Assert(state != NULL);
    9170             : 
    9171         310 :     backup_stopped_in_recovery = RecoveryInProgress();
    9172             : 
    9173             :     /*
    9174             :      * During recovery, we don't need to check WAL level. Because, if WAL
    9175             :      * level is not sufficient, it's impossible to get here during recovery.
    9176             :      */
    9177         310 :     if (!backup_stopped_in_recovery && !XLogIsNeeded())
    9178           0 :         ereport(ERROR,
    9179             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    9180             :                  errmsg("WAL level not sufficient for making an online backup"),
    9181             :                  errhint("\"wal_level\" must be set to \"replica\" or \"logical\" at server start.")));
    9182             : 
    9183             :     /*
    9184             :      * OK to update backup counter and session-level lock.
    9185             :      *
    9186             :      * Note that CHECK_FOR_INTERRUPTS() must not occur while updating them,
    9187             :      * otherwise they can be updated inconsistently, which might cause
    9188             :      * do_pg_abort_backup() to fail.
    9189             :      */
    9190         310 :     WALInsertLockAcquireExclusive();
    9191             : 
    9192             :     /*
    9193             :      * It is expected that each do_pg_backup_start() call is matched by
    9194             :      * exactly one do_pg_backup_stop() call.
    9195             :      */
    9196             :     Assert(XLogCtl->Insert.runningBackups > 0);
    9197         310 :     XLogCtl->Insert.runningBackups--;
    9198             : 
    9199             :     /*
    9200             :      * Clean up session-level lock.
    9201             :      *
    9202             :      * You might think that WALInsertLockRelease() can be called before
    9203             :      * cleaning up session-level lock because session-level lock doesn't need
    9204             :      * to be protected with WAL insertion lock. But since
    9205             :      * CHECK_FOR_INTERRUPTS() can occur in it, session-level lock must be
    9206             :      * cleaned up before it.
    9207             :      */
    9208         310 :     sessionBackupState = SESSION_BACKUP_NONE;
    9209             : 
    9210         310 :     WALInsertLockRelease();
    9211             : 
    9212             :     /*
    9213             :      * If we are taking an online backup from the standby, we confirm that the
    9214             :      * standby has not been promoted during the backup.
    9215             :      */
    9216         310 :     if (state->started_in_recovery && !backup_stopped_in_recovery)
    9217           0 :         ereport(ERROR,
    9218             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    9219             :                  errmsg("the standby was promoted during online backup"),
    9220             :                  errhint("This means that the backup being taken is corrupt "
    9221             :                          "and should not be used. "
    9222             :                          "Try taking another online backup.")));
    9223             : 
    9224             :     /*
    9225             :      * During recovery, we don't write an end-of-backup record. We assume that
    9226             :      * pg_control was backed up last and its minimum recovery point can be
    9227             :      * available as the backup end location. Since we don't have an
    9228             :      * end-of-backup record, we use the pg_control value to check whether
    9229             :      * we've reached the end of backup when starting recovery from this
    9230             :      * backup. We have no way of checking if pg_control wasn't backed up last
    9231             :      * however.
    9232             :      *
    9233             :      * We don't force a switch to new WAL file but it is still possible to
    9234             :      * wait for all the required files to be archived if waitforarchive is
    9235             :      * true. This is okay if we use the backup to start a standby and fetch
    9236             :      * the missing WAL using streaming replication. But in the case of an
    9237             :      * archive recovery, a user should set waitforarchive to true and wait for
    9238             :      * them to be archived to ensure that all the required files are
    9239             :      * available.
    9240             :      *
    9241             :      * We return the current minimum recovery point as the backup end
    9242             :      * location. Note that it can be greater than the exact backup end
    9243             :      * location if the minimum recovery point is updated after the backup of
    9244             :      * pg_control. This is harmless for current uses.
    9245             :      *
    9246             :      * XXX currently a backup history file is for informational and debug
    9247             :      * purposes only. It's not essential for an online backup. Furthermore,
    9248             :      * even if it's created, it will not be archived during recovery because
    9249             :      * an archiver is not invoked. So it doesn't seem worthwhile to write a
    9250             :      * backup history file during recovery.
    9251             :      */
    9252         310 :     if (backup_stopped_in_recovery)
    9253             :     {
    9254             :         XLogRecPtr  recptr;
    9255             : 
    9256             :         /*
    9257             :          * Check to see if all WAL replayed during online backup contain
    9258             :          * full-page writes.
    9259             :          */
    9260          14 :         SpinLockAcquire(&XLogCtl->info_lck);
    9261          14 :         recptr = XLogCtl->lastFpwDisableRecPtr;
    9262          14 :         SpinLockRelease(&XLogCtl->info_lck);
    9263             : 
    9264          14 :         if (state->startpoint <= recptr)
    9265           0 :             ereport(ERROR,
    9266             :                     (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    9267             :                      errmsg("WAL generated with \"full_page_writes=off\" was replayed "
    9268             :                             "during online backup"),
    9269             :                      errhint("This means that the backup being taken on the standby "
    9270             :                              "is corrupt and should not be used. "
    9271             :                              "Enable \"full_page_writes\" and run CHECKPOINT on the primary, "
    9272             :                              "and then try an online backup again.")));
    9273             : 
    9274             : 
    9275          14 :         LWLockAcquire(ControlFileLock, LW_SHARED);
    9276          14 :         state->stoppoint = ControlFile->minRecoveryPoint;
    9277          14 :         state->stoptli = ControlFile->minRecoveryPointTLI;
    9278          14 :         LWLockRelease(ControlFileLock);
    9279             :     }
    9280             :     else
    9281             :     {
    9282             :         char       *history_file;
    9283             : 
    9284             :         /*
    9285             :          * Write the backup-end xlog record
    9286             :          */
    9287         296 :         XLogBeginInsert();
    9288         296 :         XLogRegisterData(&state->startpoint,
    9289             :                          sizeof(state->startpoint));
    9290         296 :         state->stoppoint = XLogInsert(RM_XLOG_ID, XLOG_BACKUP_END);
    9291             : 
    9292             :         /*
    9293             :          * Given that we're not in recovery, InsertTimeLineID is set and can't
    9294             :          * change, so we can read it without a lock.
    9295             :          */
    9296         296 :         state->stoptli = XLogCtl->InsertTimeLineID;
    9297             : 
    9298             :         /*
    9299             :          * Force a switch to a new xlog segment file, so that the backup is
    9300             :          * valid as soon as archiver moves out the current segment file.
    9301             :          */
    9302         296 :         RequestXLogSwitch(false);
    9303             : 
    9304         296 :         state->stoptime = (pg_time_t) time(NULL);
    9305             : 
    9306             :         /*
    9307             :          * Write the backup history file
    9308             :          */
    9309         296 :         XLByteToSeg(state->startpoint, _logSegNo, wal_segment_size);
    9310         296 :         BackupHistoryFilePath(histfilepath, state->stoptli, _logSegNo,
    9311             :                               state->startpoint, wal_segment_size);
    9312         296 :         fp = AllocateFile(histfilepath, "w");
    9313         296 :         if (!fp)
    9314           0 :             ereport(ERROR,
    9315             :                     (errcode_for_file_access(),
    9316             :                      errmsg("could not create file \"%s\": %m",
    9317             :                             histfilepath)));
    9318             : 
    9319             :         /* Build and save the contents of the backup history file */
    9320         296 :         history_file = build_backup_content(state, true);
    9321         296 :         fprintf(fp, "%s", history_file);
    9322         296 :         pfree(history_file);
    9323             : 
    9324         296 :         if (fflush(fp) || ferror(fp) || FreeFile(fp))
    9325           0 :             ereport(ERROR,
    9326             :                     (errcode_for_file_access(),
    9327             :                      errmsg("could not write file \"%s\": %m",
    9328             :                             histfilepath)));
    9329             : 
    9330             :         /*
    9331             :          * Clean out any no-longer-needed history files.  As a side effect,
    9332             :          * this will post a .ready file for the newly created history file,
    9333             :          * notifying the archiver that history file may be archived
    9334             :          * immediately.
    9335             :          */
    9336         296 :         CleanupBackupHistory();
    9337             :     }
    9338             : 
    9339             :     /*
    9340             :      * If archiving is enabled, wait for all the required WAL files to be
    9341             :      * archived before returning. If archiving isn't enabled, the required WAL
    9342             :      * needs to be transported via streaming replication (hopefully with
    9343             :      * wal_keep_size set high enough), or some more exotic mechanism like
    9344             :      * polling and copying files from pg_wal with script. We have no knowledge
    9345             :      * of those mechanisms, so it's up to the user to ensure that he gets all
    9346             :      * the required WAL.
    9347             :      *
    9348             :      * We wait until both the last WAL file filled during backup and the
    9349             :      * history file have been archived, and assume that the alphabetic sorting
    9350             :      * property of the WAL files ensures any earlier WAL files are safely
    9351             :      * archived as well.
    9352             :      *
    9353             :      * We wait forever, since archive_command is supposed to work and we
    9354             :      * assume the admin wanted his backup to work completely. If you don't
    9355             :      * wish to wait, then either waitforarchive should be passed in as false,
    9356             :      * or you can set statement_timeout.  Also, some notices are issued to
    9357             :      * clue in anyone who might be doing this interactively.
    9358             :      */
    9359             : 
    9360         310 :     if (waitforarchive &&
    9361          22 :         ((!backup_stopped_in_recovery && XLogArchivingActive()) ||
    9362           2 :          (backup_stopped_in_recovery && XLogArchivingAlways())))
    9363             :     {
    9364          10 :         XLByteToPrevSeg(state->stoppoint, _logSegNo, wal_segment_size);
    9365          10 :         XLogFileName(lastxlogfilename, state->stoptli, _logSegNo,
    9366             :                      wal_segment_size);
    9367             : 
    9368          10 :         XLByteToSeg(state->startpoint, _logSegNo, wal_segment_size);
    9369          10 :         BackupHistoryFileName(histfilename, state->stoptli, _logSegNo,
    9370             :                               state->startpoint, wal_segment_size);
    9371             : 
    9372          10 :         seconds_before_warning = 60;
    9373          10 :         waits = 0;
    9374             : 
    9375          30 :         while (XLogArchiveIsBusy(lastxlogfilename) ||
    9376          10 :                XLogArchiveIsBusy(histfilename))
    9377             :         {
    9378          10 :             CHECK_FOR_INTERRUPTS();
    9379             : 
    9380          10 :             if (!reported_waiting && waits > 5)
    9381             :             {
    9382           0 :                 ereport(NOTICE,
    9383             :                         (errmsg("base backup done, waiting for required WAL segments to be archived")));
    9384           0 :                 reported_waiting = true;
    9385             :             }
    9386             : 
    9387          10 :             (void) WaitLatch(MyLatch,
    9388             :                              WL_LATCH_SET | WL_TIMEOUT | WL_EXIT_ON_PM_DEATH,
    9389             :                              1000L,
    9390             :                              WAIT_EVENT_BACKUP_WAIT_WAL_ARCHIVE);
    9391          10 :             ResetLatch(MyLatch);
    9392             : 
    9393          10 :             if (++waits >= seconds_before_warning)
    9394             :             {
    9395           0 :                 seconds_before_warning *= 2;    /* This wraps in >10 years... */
    9396           0 :                 ereport(WARNING,
    9397             :                         (errmsg("still waiting for all required WAL segments to be archived (%d seconds elapsed)",
    9398             :                                 waits),
    9399             :                          errhint("Check that your \"archive_command\" is executing properly.  "
    9400             :                                  "You can safely cancel this backup, "
    9401             :                                  "but the database backup will not be usable without all the WAL segments.")));
    9402             :             }
    9403             :         }
    9404             : 
    9405          10 :         ereport(NOTICE,
    9406             :                 (errmsg("all required WAL segments have been archived")));
    9407             :     }
    9408         300 :     else if (waitforarchive)
    9409          12 :         ereport(NOTICE,
    9410             :                 (errmsg("WAL archiving is not enabled; you must ensure that all required WAL segments are copied through other means to complete the backup")));
    9411         310 : }
    9412             : 
    9413             : 
    9414             : /*
    9415             :  * do_pg_abort_backup: abort a running backup
    9416             :  *
    9417             :  * This does just the most basic steps of do_pg_backup_stop(), by taking the
    9418             :  * system out of backup mode, thus making it a lot more safe to call from
    9419             :  * an error handler.
    9420             :  *
    9421             :  * 'arg' indicates that it's being called during backup setup; so
    9422             :  * sessionBackupState has not been modified yet, but runningBackups has
    9423             :  * already been incremented.  When it's false, then it's invoked as a
    9424             :  * before_shmem_exit handler, and therefore we must not change state
    9425             :  * unless sessionBackupState indicates that a backup is actually running.
    9426             :  *
    9427             :  * NB: This gets used as a PG_ENSURE_ERROR_CLEANUP callback and
    9428             :  * before_shmem_exit handler, hence the odd-looking signature.
    9429             :  */
    9430             : void
    9431          18 : do_pg_abort_backup(int code, Datum arg)
    9432             : {
    9433          18 :     bool        during_backup_start = DatumGetBool(arg);
    9434             : 
    9435             :     /* If called during backup start, there shouldn't be one already running */
    9436             :     Assert(!during_backup_start || sessionBackupState == SESSION_BACKUP_NONE);
    9437             : 
    9438          18 :     if (during_backup_start || sessionBackupState != SESSION_BACKUP_NONE)
    9439             :     {
    9440          12 :         WALInsertLockAcquireExclusive();
    9441             :         Assert(XLogCtl->Insert.runningBackups > 0);
    9442          12 :         XLogCtl->Insert.runningBackups--;
    9443             : 
    9444          12 :         sessionBackupState = SESSION_BACKUP_NONE;
    9445          12 :         WALInsertLockRelease();
    9446             : 
    9447          12 :         if (!during_backup_start)
    9448          12 :             ereport(WARNING,
    9449             :                     errmsg("aborting backup due to backend exiting before pg_backup_stop was called"));
    9450             :     }
    9451          18 : }
    9452             : 
    9453             : /*
    9454             :  * Register a handler that will warn about unterminated backups at end of
    9455             :  * session, unless this has already been done.
    9456             :  */
    9457             : void
    9458          10 : register_persistent_abort_backup_handler(void)
    9459             : {
    9460             :     static bool already_done = false;
    9461             : 
    9462          10 :     if (already_done)
    9463           2 :         return;
    9464           8 :     before_shmem_exit(do_pg_abort_backup, DatumGetBool(false));
    9465           8 :     already_done = true;
    9466             : }
    9467             : 
    9468             : /*
    9469             :  * Get latest WAL insert pointer
    9470             :  */
    9471             : XLogRecPtr
    9472        3986 : GetXLogInsertRecPtr(void)
    9473             : {
    9474        3986 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    9475             :     uint64      current_bytepos;
    9476             : 
    9477        3986 :     SpinLockAcquire(&Insert->insertpos_lck);
    9478        3986 :     current_bytepos = Insert->CurrBytePos;
    9479        3986 :     SpinLockRelease(&Insert->insertpos_lck);
    9480             : 
    9481        3986 :     return XLogBytePosToRecPtr(current_bytepos);
    9482             : }
    9483             : 
    9484             : /*
    9485             :  * Get latest WAL write pointer
    9486             :  */
    9487             : XLogRecPtr
    9488        2744 : GetXLogWriteRecPtr(void)
    9489             : {
    9490        2744 :     RefreshXLogWriteResult(LogwrtResult);
    9491             : 
    9492        2744 :     return LogwrtResult.Write;
    9493             : }
    9494             : 
    9495             : /*
    9496             :  * Returns the redo pointer of the last checkpoint or restartpoint. This is
    9497             :  * the oldest point in WAL that we still need, if we have to restart recovery.
    9498             :  */
    9499             : void
    9500         140 : GetOldestRestartPoint(XLogRecPtr *oldrecptr, TimeLineID *oldtli)
    9501             : {
    9502         140 :     LWLockAcquire(ControlFileLock, LW_SHARED);
    9503         140 :     *oldrecptr = ControlFile->checkPointCopy.redo;
    9504         140 :     *oldtli = ControlFile->checkPointCopy.ThisTimeLineID;
    9505         140 :     LWLockRelease(ControlFileLock);
    9506         140 : }
    9507             : 
    9508             : /* Thin wrapper around ShutdownWalRcv(). */
    9509             : void
    9510        1964 : XLogShutdownWalRcv(void)
    9511             : {
    9512        1964 :     ShutdownWalRcv();
    9513             : 
    9514        1964 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    9515        1964 :     XLogCtl->InstallXLogFileSegmentActive = false;
    9516        1964 :     LWLockRelease(ControlFileLock);
    9517        1964 : }
    9518             : 
    9519             : /* Enable WAL file recycling and preallocation. */
    9520             : void
    9521        2052 : SetInstallXLogFileSegmentActive(void)
    9522             : {
    9523        2052 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    9524        2052 :     XLogCtl->InstallXLogFileSegmentActive = true;
    9525        2052 :     LWLockRelease(ControlFileLock);
    9526        2052 : }
    9527             : 
    9528             : bool
    9529           0 : IsInstallXLogFileSegmentActive(void)
    9530             : {
    9531             :     bool        result;
    9532             : 
    9533           0 :     LWLockAcquire(ControlFileLock, LW_SHARED);
    9534           0 :     result = XLogCtl->InstallXLogFileSegmentActive;
    9535           0 :     LWLockRelease(ControlFileLock);
    9536             : 
    9537           0 :     return result;
    9538             : }
    9539             : 
    9540             : /*
    9541             :  * Update the WalWriterSleeping flag.
    9542             :  */
    9543             : void
    9544         908 : SetWalWriterSleeping(bool sleeping)
    9545             : {
    9546         908 :     SpinLockAcquire(&XLogCtl->info_lck);
    9547         908 :     XLogCtl->WalWriterSleeping = sleeping;
    9548         908 :     SpinLockRelease(&XLogCtl->info_lck);
    9549         908 : }

Generated by: LCOV version 1.14