LCOV - code coverage report
Current view: top level - src/backend/access/transam - xlog.c (source / functions) Hit Total Coverage
Test: PostgreSQL 19devel Lines: 2170 2446 88.7 %
Date: 2025-09-10 21:18:40 Functions: 118 121 97.5 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /*-------------------------------------------------------------------------
       2             :  *
       3             :  * xlog.c
       4             :  *      PostgreSQL write-ahead log manager
       5             :  *
       6             :  * The Write-Ahead Log (WAL) functionality is split into several source
       7             :  * files, in addition to this one:
       8             :  *
       9             :  * xloginsert.c - Functions for constructing WAL records
      10             :  * xlogrecovery.c - WAL recovery and standby code
      11             :  * xlogreader.c - Facility for reading WAL files and parsing WAL records
      12             :  * xlogutils.c - Helper functions for WAL redo routines
      13             :  *
      14             :  * This file contains functions for coordinating database startup and
      15             :  * checkpointing, and managing the write-ahead log buffers when the
      16             :  * system is running.
      17             :  *
      18             :  * StartupXLOG() is the main entry point of the startup process.  It
      19             :  * coordinates database startup, performing WAL recovery, and the
      20             :  * transition from WAL recovery into normal operations.
      21             :  *
      22             :  * XLogInsertRecord() inserts a WAL record into the WAL buffers.  Most
      23             :  * callers should not call this directly, but use the functions in
      24             :  * xloginsert.c to construct the WAL record.  XLogFlush() can be used
      25             :  * to force the WAL to disk.
      26             :  *
      27             :  * In addition to those, there are many other functions for interrogating
      28             :  * the current system state, and for starting/stopping backups.
      29             :  *
      30             :  *
      31             :  * Portions Copyright (c) 1996-2025, PostgreSQL Global Development Group
      32             :  * Portions Copyright (c) 1994, Regents of the University of California
      33             :  *
      34             :  * src/backend/access/transam/xlog.c
      35             :  *
      36             :  *-------------------------------------------------------------------------
      37             :  */
      38             : 
      39             : #include "postgres.h"
      40             : 
      41             : #include <ctype.h>
      42             : #include <math.h>
      43             : #include <time.h>
      44             : #include <fcntl.h>
      45             : #include <sys/stat.h>
      46             : #include <sys/time.h>
      47             : #include <unistd.h>
      48             : 
      49             : #include "access/clog.h"
      50             : #include "access/commit_ts.h"
      51             : #include "access/heaptoast.h"
      52             : #include "access/multixact.h"
      53             : #include "access/rewriteheap.h"
      54             : #include "access/subtrans.h"
      55             : #include "access/timeline.h"
      56             : #include "access/transam.h"
      57             : #include "access/twophase.h"
      58             : #include "access/xact.h"
      59             : #include "access/xlog_internal.h"
      60             : #include "access/xlogarchive.h"
      61             : #include "access/xloginsert.h"
      62             : #include "access/xlogreader.h"
      63             : #include "access/xlogrecovery.h"
      64             : #include "access/xlogutils.h"
      65             : #include "backup/basebackup.h"
      66             : #include "catalog/catversion.h"
      67             : #include "catalog/pg_control.h"
      68             : #include "catalog/pg_database.h"
      69             : #include "common/controldata_utils.h"
      70             : #include "common/file_utils.h"
      71             : #include "executor/instrument.h"
      72             : #include "miscadmin.h"
      73             : #include "pg_trace.h"
      74             : #include "pgstat.h"
      75             : #include "port/atomics.h"
      76             : #include "postmaster/bgwriter.h"
      77             : #include "postmaster/startup.h"
      78             : #include "postmaster/walsummarizer.h"
      79             : #include "postmaster/walwriter.h"
      80             : #include "replication/origin.h"
      81             : #include "replication/slot.h"
      82             : #include "replication/snapbuild.h"
      83             : #include "replication/walreceiver.h"
      84             : #include "replication/walsender.h"
      85             : #include "storage/bufmgr.h"
      86             : #include "storage/fd.h"
      87             : #include "storage/ipc.h"
      88             : #include "storage/large_object.h"
      89             : #include "storage/latch.h"
      90             : #include "storage/predicate.h"
      91             : #include "storage/proc.h"
      92             : #include "storage/procarray.h"
      93             : #include "storage/reinit.h"
      94             : #include "storage/spin.h"
      95             : #include "storage/sync.h"
      96             : #include "utils/guc_hooks.h"
      97             : #include "utils/guc_tables.h"
      98             : #include "utils/injection_point.h"
      99             : #include "utils/pgstat_internal.h"
     100             : #include "utils/ps_status.h"
     101             : #include "utils/relmapper.h"
     102             : #include "utils/snapmgr.h"
     103             : #include "utils/timeout.h"
     104             : #include "utils/timestamp.h"
     105             : #include "utils/varlena.h"
     106             : 
     107             : #ifdef WAL_DEBUG
     108             : #include "utils/memutils.h"
     109             : #endif
     110             : 
     111             : /* timeline ID to be used when bootstrapping */
     112             : #define BootstrapTimeLineID     1
     113             : 
     114             : /* User-settable parameters */
     115             : int         max_wal_size_mb = 1024; /* 1 GB */
     116             : int         min_wal_size_mb = 80;   /* 80 MB */
     117             : int         wal_keep_size_mb = 0;
     118             : int         XLOGbuffers = -1;
     119             : int         XLogArchiveTimeout = 0;
     120             : int         XLogArchiveMode = ARCHIVE_MODE_OFF;
     121             : char       *XLogArchiveCommand = NULL;
     122             : bool        EnableHotStandby = false;
     123             : bool        fullPageWrites = true;
     124             : bool        wal_log_hints = false;
     125             : int         wal_compression = WAL_COMPRESSION_NONE;
     126             : char       *wal_consistency_checking_string = NULL;
     127             : bool       *wal_consistency_checking = NULL;
     128             : bool        wal_init_zero = true;
     129             : bool        wal_recycle = true;
     130             : bool        log_checkpoints = true;
     131             : int         wal_sync_method = DEFAULT_WAL_SYNC_METHOD;
     132             : int         wal_level = WAL_LEVEL_REPLICA;
     133             : int         CommitDelay = 0;    /* precommit delay in microseconds */
     134             : int         CommitSiblings = 5; /* # concurrent xacts needed to sleep */
     135             : int         wal_retrieve_retry_interval = 5000;
     136             : int         max_slot_wal_keep_size_mb = -1;
     137             : int         wal_decode_buffer_size = 512 * 1024;
     138             : bool        track_wal_io_timing = false;
     139             : 
     140             : #ifdef WAL_DEBUG
     141             : bool        XLOG_DEBUG = false;
     142             : #endif
     143             : 
     144             : int         wal_segment_size = DEFAULT_XLOG_SEG_SIZE;
     145             : 
     146             : /*
     147             :  * Number of WAL insertion locks to use. A higher value allows more insertions
     148             :  * to happen concurrently, but adds some CPU overhead to flushing the WAL,
     149             :  * which needs to iterate all the locks.
     150             :  */
     151             : #define NUM_XLOGINSERT_LOCKS  8
     152             : 
     153             : /*
     154             :  * Max distance from last checkpoint, before triggering a new xlog-based
     155             :  * checkpoint.
     156             :  */
     157             : int         CheckPointSegments;
     158             : 
     159             : /* Estimated distance between checkpoints, in bytes */
     160             : static double CheckPointDistanceEstimate = 0;
     161             : static double PrevCheckPointDistance = 0;
     162             : 
     163             : /*
     164             :  * Track whether there were any deferred checks for custom resource managers
     165             :  * specified in wal_consistency_checking.
     166             :  */
     167             : static bool check_wal_consistency_checking_deferred = false;
     168             : 
     169             : /*
     170             :  * GUC support
     171             :  */
     172             : const struct config_enum_entry wal_sync_method_options[] = {
     173             :     {"fsync", WAL_SYNC_METHOD_FSYNC, false},
     174             : #ifdef HAVE_FSYNC_WRITETHROUGH
     175             :     {"fsync_writethrough", WAL_SYNC_METHOD_FSYNC_WRITETHROUGH, false},
     176             : #endif
     177             :     {"fdatasync", WAL_SYNC_METHOD_FDATASYNC, false},
     178             : #ifdef O_SYNC
     179             :     {"open_sync", WAL_SYNC_METHOD_OPEN, false},
     180             : #endif
     181             : #ifdef O_DSYNC
     182             :     {"open_datasync", WAL_SYNC_METHOD_OPEN_DSYNC, false},
     183             : #endif
     184             :     {NULL, 0, false}
     185             : };
     186             : 
     187             : 
     188             : /*
     189             :  * Although only "on", "off", and "always" are documented,
     190             :  * we accept all the likely variants of "on" and "off".
     191             :  */
     192             : const struct config_enum_entry archive_mode_options[] = {
     193             :     {"always", ARCHIVE_MODE_ALWAYS, false},
     194             :     {"on", ARCHIVE_MODE_ON, false},
     195             :     {"off", ARCHIVE_MODE_OFF, false},
     196             :     {"true", ARCHIVE_MODE_ON, true},
     197             :     {"false", ARCHIVE_MODE_OFF, true},
     198             :     {"yes", ARCHIVE_MODE_ON, true},
     199             :     {"no", ARCHIVE_MODE_OFF, true},
     200             :     {"1", ARCHIVE_MODE_ON, true},
     201             :     {"0", ARCHIVE_MODE_OFF, true},
     202             :     {NULL, 0, false}
     203             : };
     204             : 
     205             : /*
     206             :  * Statistics for current checkpoint are collected in this global struct.
     207             :  * Because only the checkpointer or a stand-alone backend can perform
     208             :  * checkpoints, this will be unused in normal backends.
     209             :  */
     210             : CheckpointStatsData CheckpointStats;
     211             : 
     212             : /*
     213             :  * During recovery, lastFullPageWrites keeps track of full_page_writes that
     214             :  * the replayed WAL records indicate. It's initialized with full_page_writes
     215             :  * that the recovery starting checkpoint record indicates, and then updated
     216             :  * each time XLOG_FPW_CHANGE record is replayed.
     217             :  */
     218             : static bool lastFullPageWrites;
     219             : 
     220             : /*
     221             :  * Local copy of the state tracked by SharedRecoveryState in shared memory,
     222             :  * It is false if SharedRecoveryState is RECOVERY_STATE_DONE.  True actually
     223             :  * means "not known, need to check the shared state".
     224             :  */
     225             : static bool LocalRecoveryInProgress = true;
     226             : 
     227             : /*
     228             :  * Local state for XLogInsertAllowed():
     229             :  *      1: unconditionally allowed to insert XLOG
     230             :  *      0: unconditionally not allowed to insert XLOG
     231             :  *      -1: must check RecoveryInProgress(); disallow until it is false
     232             :  * Most processes start with -1 and transition to 1 after seeing that recovery
     233             :  * is not in progress.  But we can also force the value for special cases.
     234             :  * The coding in XLogInsertAllowed() depends on the first two of these states
     235             :  * being numerically the same as bool true and false.
     236             :  */
     237             : static int  LocalXLogInsertAllowed = -1;
     238             : 
     239             : /*
     240             :  * ProcLastRecPtr points to the start of the last XLOG record inserted by the
     241             :  * current backend.  It is updated for all inserts.  XactLastRecEnd points to
     242             :  * end+1 of the last record, and is reset when we end a top-level transaction,
     243             :  * or start a new one; so it can be used to tell if the current transaction has
     244             :  * created any XLOG records.
     245             :  *
     246             :  * While in parallel mode, this may not be fully up to date.  When committing,
     247             :  * a transaction can assume this covers all xlog records written either by the
     248             :  * user backend or by any parallel worker which was present at any point during
     249             :  * the transaction.  But when aborting, or when still in parallel mode, other
     250             :  * parallel backends may have written WAL records at later LSNs than the value
     251             :  * stored here.  The parallel leader advances its own copy, when necessary,
     252             :  * in WaitForParallelWorkersToFinish.
     253             :  */
     254             : XLogRecPtr  ProcLastRecPtr = InvalidXLogRecPtr;
     255             : XLogRecPtr  XactLastRecEnd = InvalidXLogRecPtr;
     256             : XLogRecPtr  XactLastCommitEnd = InvalidXLogRecPtr;
     257             : 
     258             : /*
     259             :  * RedoRecPtr is this backend's local copy of the REDO record pointer
     260             :  * (which is almost but not quite the same as a pointer to the most recent
     261             :  * CHECKPOINT record).  We update this from the shared-memory copy,
     262             :  * XLogCtl->Insert.RedoRecPtr, whenever we can safely do so (ie, when we
     263             :  * hold an insertion lock).  See XLogInsertRecord for details.  We are also
     264             :  * allowed to update from XLogCtl->RedoRecPtr if we hold the info_lck;
     265             :  * see GetRedoRecPtr.
     266             :  *
     267             :  * NB: Code that uses this variable must be prepared not only for the
     268             :  * possibility that it may be arbitrarily out of date, but also for the
     269             :  * possibility that it might be set to InvalidXLogRecPtr. We used to
     270             :  * initialize it as a side effect of the first call to RecoveryInProgress(),
     271             :  * which meant that most code that might use it could assume that it had a
     272             :  * real if perhaps stale value. That's no longer the case.
     273             :  */
     274             : static XLogRecPtr RedoRecPtr;
     275             : 
     276             : /*
     277             :  * doPageWrites is this backend's local copy of (fullPageWrites ||
     278             :  * runningBackups > 0).  It is used together with RedoRecPtr to decide whether
     279             :  * a full-page image of a page need to be taken.
     280             :  *
     281             :  * NB: Initially this is false, and there's no guarantee that it will be
     282             :  * initialized to any other value before it is first used. Any code that
     283             :  * makes use of it must recheck the value after obtaining a WALInsertLock,
     284             :  * and respond appropriately if it turns out that the previous value wasn't
     285             :  * accurate.
     286             :  */
     287             : static bool doPageWrites;
     288             : 
     289             : /*----------
     290             :  * Shared-memory data structures for XLOG control
     291             :  *
     292             :  * LogwrtRqst indicates a byte position that we need to write and/or fsync
     293             :  * the log up to (all records before that point must be written or fsynced).
     294             :  * The positions already written/fsynced are maintained in logWriteResult
     295             :  * and logFlushResult using atomic access.
     296             :  * In addition to the shared variable, each backend has a private copy of
     297             :  * both in LogwrtResult, which is updated when convenient.
     298             :  *
     299             :  * The request bookkeeping is simpler: there is a shared XLogCtl->LogwrtRqst
     300             :  * (protected by info_lck), but we don't need to cache any copies of it.
     301             :  *
     302             :  * info_lck is only held long enough to read/update the protected variables,
     303             :  * so it's a plain spinlock.  The other locks are held longer (potentially
     304             :  * over I/O operations), so we use LWLocks for them.  These locks are:
     305             :  *
     306             :  * WALBufMappingLock: must be held to replace a page in the WAL buffer cache.
     307             :  * It is only held while initializing and changing the mapping.  If the
     308             :  * contents of the buffer being replaced haven't been written yet, the mapping
     309             :  * lock is released while the write is done, and reacquired afterwards.
     310             :  *
     311             :  * WALWriteLock: must be held to write WAL buffers to disk (XLogWrite or
     312             :  * XLogFlush).
     313             :  *
     314             :  * ControlFileLock: must be held to read/update control file or create
     315             :  * new log file.
     316             :  *
     317             :  *----------
     318             :  */
     319             : 
     320             : typedef struct XLogwrtRqst
     321             : {
     322             :     XLogRecPtr  Write;          /* last byte + 1 to write out */
     323             :     XLogRecPtr  Flush;          /* last byte + 1 to flush */
     324             : } XLogwrtRqst;
     325             : 
     326             : typedef struct XLogwrtResult
     327             : {
     328             :     XLogRecPtr  Write;          /* last byte + 1 written out */
     329             :     XLogRecPtr  Flush;          /* last byte + 1 flushed */
     330             : } XLogwrtResult;
     331             : 
     332             : /*
     333             :  * Inserting to WAL is protected by a small fixed number of WAL insertion
     334             :  * locks. To insert to the WAL, you must hold one of the locks - it doesn't
     335             :  * matter which one. To lock out other concurrent insertions, you must hold
     336             :  * of them. Each WAL insertion lock consists of a lightweight lock, plus an
     337             :  * indicator of how far the insertion has progressed (insertingAt).
     338             :  *
     339             :  * The insertingAt values are read when a process wants to flush WAL from
     340             :  * the in-memory buffers to disk, to check that all the insertions to the
     341             :  * region the process is about to write out have finished. You could simply
     342             :  * wait for all currently in-progress insertions to finish, but the
     343             :  * insertingAt indicator allows you to ignore insertions to later in the WAL,
     344             :  * so that you only wait for the insertions that are modifying the buffers
     345             :  * you're about to write out.
     346             :  *
     347             :  * This isn't just an optimization. If all the WAL buffers are dirty, an
     348             :  * inserter that's holding a WAL insert lock might need to evict an old WAL
     349             :  * buffer, which requires flushing the WAL. If it's possible for an inserter
     350             :  * to block on another inserter unnecessarily, deadlock can arise when two
     351             :  * inserters holding a WAL insert lock wait for each other to finish their
     352             :  * insertion.
     353             :  *
     354             :  * Small WAL records that don't cross a page boundary never update the value,
     355             :  * the WAL record is just copied to the page and the lock is released. But
     356             :  * to avoid the deadlock-scenario explained above, the indicator is always
     357             :  * updated before sleeping while holding an insertion lock.
     358             :  *
     359             :  * lastImportantAt contains the LSN of the last important WAL record inserted
     360             :  * using a given lock. This value is used to detect if there has been
     361             :  * important WAL activity since the last time some action, like a checkpoint,
     362             :  * was performed - allowing to not repeat the action if not. The LSN is
     363             :  * updated for all insertions, unless the XLOG_MARK_UNIMPORTANT flag was
     364             :  * set. lastImportantAt is never cleared, only overwritten by the LSN of newer
     365             :  * records.  Tracking the WAL activity directly in WALInsertLock has the
     366             :  * advantage of not needing any additional locks to update the value.
     367             :  */
     368             : typedef struct
     369             : {
     370             :     LWLock      lock;
     371             :     pg_atomic_uint64 insertingAt;
     372             :     XLogRecPtr  lastImportantAt;
     373             : } WALInsertLock;
     374             : 
     375             : /*
     376             :  * All the WAL insertion locks are allocated as an array in shared memory. We
     377             :  * force the array stride to be a power of 2, which saves a few cycles in
     378             :  * indexing, but more importantly also ensures that individual slots don't
     379             :  * cross cache line boundaries. (Of course, we have to also ensure that the
     380             :  * array start address is suitably aligned.)
     381             :  */
     382             : typedef union WALInsertLockPadded
     383             : {
     384             :     WALInsertLock l;
     385             :     char        pad[PG_CACHE_LINE_SIZE];
     386             : } WALInsertLockPadded;
     387             : 
     388             : /*
     389             :  * Session status of running backup, used for sanity checks in SQL-callable
     390             :  * functions to start and stop backups.
     391             :  */
     392             : static SessionBackupState sessionBackupState = SESSION_BACKUP_NONE;
     393             : 
     394             : /*
     395             :  * Shared state data for WAL insertion.
     396             :  */
     397             : typedef struct XLogCtlInsert
     398             : {
     399             :     slock_t     insertpos_lck;  /* protects CurrBytePos and PrevBytePos */
     400             : 
     401             :     /*
     402             :      * CurrBytePos is the end of reserved WAL. The next record will be
     403             :      * inserted at that position. PrevBytePos is the start position of the
     404             :      * previously inserted (or rather, reserved) record - it is copied to the
     405             :      * prev-link of the next record. These are stored as "usable byte
     406             :      * positions" rather than XLogRecPtrs (see XLogBytePosToRecPtr()).
     407             :      */
     408             :     uint64      CurrBytePos;
     409             :     uint64      PrevBytePos;
     410             : 
     411             :     /*
     412             :      * Make sure the above heavily-contended spinlock and byte positions are
     413             :      * on their own cache line. In particular, the RedoRecPtr and full page
     414             :      * write variables below should be on a different cache line. They are
     415             :      * read on every WAL insertion, but updated rarely, and we don't want
     416             :      * those reads to steal the cache line containing Curr/PrevBytePos.
     417             :      */
     418             :     char        pad[PG_CACHE_LINE_SIZE];
     419             : 
     420             :     /*
     421             :      * fullPageWrites is the authoritative value used by all backends to
     422             :      * determine whether to write full-page image to WAL. This shared value,
     423             :      * instead of the process-local fullPageWrites, is required because, when
     424             :      * full_page_writes is changed by SIGHUP, we must WAL-log it before it
     425             :      * actually affects WAL-logging by backends.  Checkpointer sets at startup
     426             :      * or after SIGHUP.
     427             :      *
     428             :      * To read these fields, you must hold an insertion lock. To modify them,
     429             :      * you must hold ALL the locks.
     430             :      */
     431             :     XLogRecPtr  RedoRecPtr;     /* current redo point for insertions */
     432             :     bool        fullPageWrites;
     433             : 
     434             :     /*
     435             :      * runningBackups is a counter indicating the number of backups currently
     436             :      * in progress. lastBackupStart is the latest checkpoint redo location
     437             :      * used as a starting point for an online backup.
     438             :      */
     439             :     int         runningBackups;
     440             :     XLogRecPtr  lastBackupStart;
     441             : 
     442             :     /*
     443             :      * WAL insertion locks.
     444             :      */
     445             :     WALInsertLockPadded *WALInsertLocks;
     446             : } XLogCtlInsert;
     447             : 
     448             : /*
     449             :  * Total shared-memory state for XLOG.
     450             :  */
     451             : typedef struct XLogCtlData
     452             : {
     453             :     XLogCtlInsert Insert;
     454             : 
     455             :     /* Protected by info_lck: */
     456             :     XLogwrtRqst LogwrtRqst;
     457             :     XLogRecPtr  RedoRecPtr;     /* a recent copy of Insert->RedoRecPtr */
     458             :     XLogRecPtr  asyncXactLSN;   /* LSN of newest async commit/abort */
     459             :     XLogRecPtr  replicationSlotMinLSN;  /* oldest LSN needed by any slot */
     460             : 
     461             :     XLogSegNo   lastRemovedSegNo;   /* latest removed/recycled XLOG segment */
     462             : 
     463             :     /* Fake LSN counter, for unlogged relations. */
     464             :     pg_atomic_uint64 unloggedLSN;
     465             : 
     466             :     /* Time and LSN of last xlog segment switch. Protected by WALWriteLock. */
     467             :     pg_time_t   lastSegSwitchTime;
     468             :     XLogRecPtr  lastSegSwitchLSN;
     469             : 
     470             :     /* These are accessed using atomics -- info_lck not needed */
     471             :     pg_atomic_uint64 logInsertResult;   /* last byte + 1 inserted to buffers */
     472             :     pg_atomic_uint64 logWriteResult;    /* last byte + 1 written out */
     473             :     pg_atomic_uint64 logFlushResult;    /* last byte + 1 flushed */
     474             : 
     475             :     /*
     476             :      * Latest initialized page in the cache (last byte position + 1).
     477             :      *
     478             :      * To change the identity of a buffer (and InitializedUpTo), you need to
     479             :      * hold WALBufMappingLock.  To change the identity of a buffer that's
     480             :      * still dirty, the old page needs to be written out first, and for that
     481             :      * you need WALWriteLock, and you need to ensure that there are no
     482             :      * in-progress insertions to the page by calling
     483             :      * WaitXLogInsertionsToFinish().
     484             :      */
     485             :     XLogRecPtr  InitializedUpTo;
     486             : 
     487             :     /*
     488             :      * These values do not change after startup, although the pointed-to pages
     489             :      * and xlblocks values certainly do.  xlblocks values are protected by
     490             :      * WALBufMappingLock.
     491             :      */
     492             :     char       *pages;          /* buffers for unwritten XLOG pages */
     493             :     pg_atomic_uint64 *xlblocks; /* 1st byte ptr-s + XLOG_BLCKSZ */
     494             :     int         XLogCacheBlck;  /* highest allocated xlog buffer index */
     495             : 
     496             :     /*
     497             :      * InsertTimeLineID is the timeline into which new WAL is being inserted
     498             :      * and flushed. It is zero during recovery, and does not change once set.
     499             :      *
     500             :      * If we create a new timeline when the system was started up,
     501             :      * PrevTimeLineID is the old timeline's ID that we forked off from.
     502             :      * Otherwise it's equal to InsertTimeLineID.
     503             :      *
     504             :      * We set these fields while holding info_lck. Most that reads these
     505             :      * values knows that recovery is no longer in progress and so can safely
     506             :      * read the value without a lock, but code that could be run either during
     507             :      * or after recovery can take info_lck while reading these values.
     508             :      */
     509             :     TimeLineID  InsertTimeLineID;
     510             :     TimeLineID  PrevTimeLineID;
     511             : 
     512             :     /*
     513             :      * SharedRecoveryState indicates if we're still in crash or archive
     514             :      * recovery.  Protected by info_lck.
     515             :      */
     516             :     RecoveryState SharedRecoveryState;
     517             : 
     518             :     /*
     519             :      * InstallXLogFileSegmentActive indicates whether the checkpointer should
     520             :      * arrange for future segments by recycling and/or PreallocXlogFiles().
     521             :      * Protected by ControlFileLock.  Only the startup process changes it.  If
     522             :      * true, anyone can use InstallXLogFileSegment().  If false, the startup
     523             :      * process owns the exclusive right to install segments, by reading from
     524             :      * the archive and possibly replacing existing files.
     525             :      */
     526             :     bool        InstallXLogFileSegmentActive;
     527             : 
     528             :     /*
     529             :      * WalWriterSleeping indicates whether the WAL writer is currently in
     530             :      * low-power mode (and hence should be nudged if an async commit occurs).
     531             :      * Protected by info_lck.
     532             :      */
     533             :     bool        WalWriterSleeping;
     534             : 
     535             :     /*
     536             :      * During recovery, we keep a copy of the latest checkpoint record here.
     537             :      * lastCheckPointRecPtr points to start of checkpoint record and
     538             :      * lastCheckPointEndPtr points to end+1 of checkpoint record.  Used by the
     539             :      * checkpointer when it wants to create a restartpoint.
     540             :      *
     541             :      * Protected by info_lck.
     542             :      */
     543             :     XLogRecPtr  lastCheckPointRecPtr;
     544             :     XLogRecPtr  lastCheckPointEndPtr;
     545             :     CheckPoint  lastCheckPoint;
     546             : 
     547             :     /*
     548             :      * lastFpwDisableRecPtr points to the start of the last replayed
     549             :      * XLOG_FPW_CHANGE record that instructs full_page_writes is disabled.
     550             :      */
     551             :     XLogRecPtr  lastFpwDisableRecPtr;
     552             : 
     553             :     slock_t     info_lck;       /* locks shared variables shown above */
     554             : } XLogCtlData;
     555             : 
     556             : /*
     557             :  * Classification of XLogInsertRecord operations.
     558             :  */
     559             : typedef enum
     560             : {
     561             :     WALINSERT_NORMAL,
     562             :     WALINSERT_SPECIAL_SWITCH,
     563             :     WALINSERT_SPECIAL_CHECKPOINT
     564             : } WalInsertClass;
     565             : 
     566             : static XLogCtlData *XLogCtl = NULL;
     567             : 
     568             : /* a private copy of XLogCtl->Insert.WALInsertLocks, for convenience */
     569             : static WALInsertLockPadded *WALInsertLocks = NULL;
     570             : 
     571             : /*
     572             :  * We maintain an image of pg_control in shared memory.
     573             :  */
     574             : static ControlFileData *ControlFile = NULL;
     575             : 
     576             : /*
     577             :  * Calculate the amount of space left on the page after 'endptr'. Beware
     578             :  * multiple evaluation!
     579             :  */
     580             : #define INSERT_FREESPACE(endptr)    \
     581             :     (((endptr) % XLOG_BLCKSZ == 0) ? 0 : (XLOG_BLCKSZ - (endptr) % XLOG_BLCKSZ))
     582             : 
     583             : /* Macro to advance to next buffer index. */
     584             : #define NextBufIdx(idx)     \
     585             :         (((idx) == XLogCtl->XLogCacheBlck) ? 0 : ((idx) + 1))
     586             : 
     587             : /*
     588             :  * XLogRecPtrToBufIdx returns the index of the WAL buffer that holds, or
     589             :  * would hold if it was in cache, the page containing 'recptr'.
     590             :  */
     591             : #define XLogRecPtrToBufIdx(recptr)  \
     592             :     (((recptr) / XLOG_BLCKSZ) % (XLogCtl->XLogCacheBlck + 1))
     593             : 
     594             : /*
     595             :  * These are the number of bytes in a WAL page usable for WAL data.
     596             :  */
     597             : #define UsableBytesInPage (XLOG_BLCKSZ - SizeOfXLogShortPHD)
     598             : 
     599             : /*
     600             :  * Convert values of GUCs measured in megabytes to equiv. segment count.
     601             :  * Rounds down.
     602             :  */
     603             : #define ConvertToXSegs(x, segsize)  XLogMBVarToSegs((x), (segsize))
     604             : 
     605             : /* The number of bytes in a WAL segment usable for WAL data. */
     606             : static int  UsableBytesInSegment;
     607             : 
     608             : /*
     609             :  * Private, possibly out-of-date copy of shared LogwrtResult.
     610             :  * See discussion above.
     611             :  */
     612             : static XLogwrtResult LogwrtResult = {0, 0};
     613             : 
     614             : /*
     615             :  * Update local copy of shared XLogCtl->log{Write,Flush}Result
     616             :  *
     617             :  * It's critical that Flush always trails Write, so the order of the reads is
     618             :  * important, as is the barrier.  See also XLogWrite.
     619             :  */
     620             : #define RefreshXLogWriteResult(_target) \
     621             :     do { \
     622             :         _target.Flush = pg_atomic_read_u64(&XLogCtl->logFlushResult); \
     623             :         pg_read_barrier(); \
     624             :         _target.Write = pg_atomic_read_u64(&XLogCtl->logWriteResult); \
     625             :     } while (0)
     626             : 
     627             : /*
     628             :  * openLogFile is -1 or a kernel FD for an open log file segment.
     629             :  * openLogSegNo identifies the segment, and openLogTLI the corresponding TLI.
     630             :  * These variables are only used to write the XLOG, and so will normally refer
     631             :  * to the active segment.
     632             :  *
     633             :  * Note: call Reserve/ReleaseExternalFD to track consumption of this FD.
     634             :  */
     635             : static int  openLogFile = -1;
     636             : static XLogSegNo openLogSegNo = 0;
     637             : static TimeLineID openLogTLI = 0;
     638             : 
     639             : /*
     640             :  * Local copies of equivalent fields in the control file.  When running
     641             :  * crash recovery, LocalMinRecoveryPoint is set to InvalidXLogRecPtr as we
     642             :  * expect to replay all the WAL available, and updateMinRecoveryPoint is
     643             :  * switched to false to prevent any updates while replaying records.
     644             :  * Those values are kept consistent as long as crash recovery runs.
     645             :  */
     646             : static XLogRecPtr LocalMinRecoveryPoint;
     647             : static TimeLineID LocalMinRecoveryPointTLI;
     648             : static bool updateMinRecoveryPoint = true;
     649             : 
     650             : /* For WALInsertLockAcquire/Release functions */
     651             : static int  MyLockNo = 0;
     652             : static bool holdingAllLocks = false;
     653             : 
     654             : #ifdef WAL_DEBUG
     655             : static MemoryContext walDebugCxt = NULL;
     656             : #endif
     657             : 
     658             : static void CleanupAfterArchiveRecovery(TimeLineID EndOfLogTLI,
     659             :                                         XLogRecPtr EndOfLog,
     660             :                                         TimeLineID newTLI);
     661             : static void CheckRequiredParameterValues(void);
     662             : static void XLogReportParameters(void);
     663             : static int  LocalSetXLogInsertAllowed(void);
     664             : static void CreateEndOfRecoveryRecord(void);
     665             : static XLogRecPtr CreateOverwriteContrecordRecord(XLogRecPtr aborted_lsn,
     666             :                                                   XLogRecPtr pagePtr,
     667             :                                                   TimeLineID newTLI);
     668             : static void CheckPointGuts(XLogRecPtr checkPointRedo, int flags);
     669             : static void KeepLogSeg(XLogRecPtr recptr, XLogSegNo *logSegNo);
     670             : static XLogRecPtr XLogGetReplicationSlotMinimumLSN(void);
     671             : 
     672             : static void AdvanceXLInsertBuffer(XLogRecPtr upto, TimeLineID tli,
     673             :                                   bool opportunistic);
     674             : static void XLogWrite(XLogwrtRqst WriteRqst, TimeLineID tli, bool flexible);
     675             : static bool InstallXLogFileSegment(XLogSegNo *segno, char *tmppath,
     676             :                                    bool find_free, XLogSegNo max_segno,
     677             :                                    TimeLineID tli);
     678             : static void XLogFileClose(void);
     679             : static void PreallocXlogFiles(XLogRecPtr endptr, TimeLineID tli);
     680             : static void RemoveTempXlogFiles(void);
     681             : static void RemoveOldXlogFiles(XLogSegNo segno, XLogRecPtr lastredoptr,
     682             :                                XLogRecPtr endptr, TimeLineID insertTLI);
     683             : static void RemoveXlogFile(const struct dirent *segment_de,
     684             :                            XLogSegNo recycleSegNo, XLogSegNo *endlogSegNo,
     685             :                            TimeLineID insertTLI);
     686             : static void UpdateLastRemovedPtr(char *filename);
     687             : static void ValidateXLOGDirectoryStructure(void);
     688             : static void CleanupBackupHistory(void);
     689             : static void UpdateMinRecoveryPoint(XLogRecPtr lsn, bool force);
     690             : static bool PerformRecoveryXLogAction(void);
     691             : static void InitControlFile(uint64 sysidentifier, uint32 data_checksum_version);
     692             : static void WriteControlFile(void);
     693             : static void ReadControlFile(void);
     694             : static void UpdateControlFile(void);
     695             : static char *str_time(pg_time_t tnow, char *buf, size_t bufsize);
     696             : 
     697             : static int  get_sync_bit(int method);
     698             : 
     699             : static void CopyXLogRecordToWAL(int write_len, bool isLogSwitch,
     700             :                                 XLogRecData *rdata,
     701             :                                 XLogRecPtr StartPos, XLogRecPtr EndPos,
     702             :                                 TimeLineID tli);
     703             : static void ReserveXLogInsertLocation(int size, XLogRecPtr *StartPos,
     704             :                                       XLogRecPtr *EndPos, XLogRecPtr *PrevPtr);
     705             : static bool ReserveXLogSwitch(XLogRecPtr *StartPos, XLogRecPtr *EndPos,
     706             :                               XLogRecPtr *PrevPtr);
     707             : static XLogRecPtr WaitXLogInsertionsToFinish(XLogRecPtr upto);
     708             : static char *GetXLogBuffer(XLogRecPtr ptr, TimeLineID tli);
     709             : static XLogRecPtr XLogBytePosToRecPtr(uint64 bytepos);
     710             : static XLogRecPtr XLogBytePosToEndRecPtr(uint64 bytepos);
     711             : static uint64 XLogRecPtrToBytePos(XLogRecPtr ptr);
     712             : 
     713             : static void WALInsertLockAcquire(void);
     714             : static void WALInsertLockAcquireExclusive(void);
     715             : static void WALInsertLockRelease(void);
     716             : static void WALInsertLockUpdateInsertingAt(XLogRecPtr insertingAt);
     717             : 
     718             : /*
     719             :  * Insert an XLOG record represented by an already-constructed chain of data
     720             :  * chunks.  This is a low-level routine; to construct the WAL record header
     721             :  * and data, use the higher-level routines in xloginsert.c.
     722             :  *
     723             :  * If 'fpw_lsn' is valid, it is the oldest LSN among the pages that this
     724             :  * WAL record applies to, that were not included in the record as full page
     725             :  * images.  If fpw_lsn <= RedoRecPtr, the function does not perform the
     726             :  * insertion and returns InvalidXLogRecPtr.  The caller can then recalculate
     727             :  * which pages need a full-page image, and retry.  If fpw_lsn is invalid, the
     728             :  * record is always inserted.
     729             :  *
     730             :  * 'flags' gives more in-depth control on the record being inserted. See
     731             :  * XLogSetRecordFlags() for details.
     732             :  *
     733             :  * 'topxid_included' tells whether the top-transaction id is logged along with
     734             :  * current subtransaction. See XLogRecordAssemble().
     735             :  *
     736             :  * The first XLogRecData in the chain must be for the record header, and its
     737             :  * data must be MAXALIGNed.  XLogInsertRecord fills in the xl_prev and
     738             :  * xl_crc fields in the header, the rest of the header must already be filled
     739             :  * by the caller.
     740             :  *
     741             :  * Returns XLOG pointer to end of record (beginning of next record).
     742             :  * This can be used as LSN for data pages affected by the logged action.
     743             :  * (LSN is the XLOG point up to which the XLOG must be flushed to disk
     744             :  * before the data page can be written out.  This implements the basic
     745             :  * WAL rule "write the log before the data".)
     746             :  */
     747             : XLogRecPtr
     748    29112006 : XLogInsertRecord(XLogRecData *rdata,
     749             :                  XLogRecPtr fpw_lsn,
     750             :                  uint8 flags,
     751             :                  int num_fpi,
     752             :                  bool topxid_included)
     753             : {
     754    29112006 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
     755             :     pg_crc32c   rdata_crc;
     756             :     bool        inserted;
     757    29112006 :     XLogRecord *rechdr = (XLogRecord *) rdata->data;
     758    29112006 :     uint8       info = rechdr->xl_info & ~XLR_INFO_MASK;
     759    29112006 :     WalInsertClass class = WALINSERT_NORMAL;
     760             :     XLogRecPtr  StartPos;
     761             :     XLogRecPtr  EndPos;
     762    29112006 :     bool        prevDoPageWrites = doPageWrites;
     763             :     TimeLineID  insertTLI;
     764             : 
     765             :     /* Does this record type require special handling? */
     766    29112006 :     if (unlikely(rechdr->xl_rmid == RM_XLOG_ID))
     767             :     {
     768      442420 :         if (info == XLOG_SWITCH)
     769        1556 :             class = WALINSERT_SPECIAL_SWITCH;
     770      440864 :         else if (info == XLOG_CHECKPOINT_REDO)
     771        1804 :             class = WALINSERT_SPECIAL_CHECKPOINT;
     772             :     }
     773             : 
     774             :     /* we assume that all of the record header is in the first chunk */
     775             :     Assert(rdata->len >= SizeOfXLogRecord);
     776             : 
     777             :     /* cross-check on whether we should be here or not */
     778    29112006 :     if (!XLogInsertAllowed())
     779           0 :         elog(ERROR, "cannot make new WAL entries during recovery");
     780             : 
     781             :     /*
     782             :      * Given that we're not in recovery, InsertTimeLineID is set and can't
     783             :      * change, so we can read it without a lock.
     784             :      */
     785    29112006 :     insertTLI = XLogCtl->InsertTimeLineID;
     786             : 
     787             :     /*----------
     788             :      *
     789             :      * We have now done all the preparatory work we can without holding a
     790             :      * lock or modifying shared state. From here on, inserting the new WAL
     791             :      * record to the shared WAL buffer cache is a two-step process:
     792             :      *
     793             :      * 1. Reserve the right amount of space from the WAL. The current head of
     794             :      *    reserved space is kept in Insert->CurrBytePos, and is protected by
     795             :      *    insertpos_lck.
     796             :      *
     797             :      * 2. Copy the record to the reserved WAL space. This involves finding the
     798             :      *    correct WAL buffer containing the reserved space, and copying the
     799             :      *    record in place. This can be done concurrently in multiple processes.
     800             :      *
     801             :      * To keep track of which insertions are still in-progress, each concurrent
     802             :      * inserter acquires an insertion lock. In addition to just indicating that
     803             :      * an insertion is in progress, the lock tells others how far the inserter
     804             :      * has progressed. There is a small fixed number of insertion locks,
     805             :      * determined by NUM_XLOGINSERT_LOCKS. When an inserter crosses a page
     806             :      * boundary, it updates the value stored in the lock to the how far it has
     807             :      * inserted, to allow the previous buffer to be flushed.
     808             :      *
     809             :      * Holding onto an insertion lock also protects RedoRecPtr and
     810             :      * fullPageWrites from changing until the insertion is finished.
     811             :      *
     812             :      * Step 2 can usually be done completely in parallel. If the required WAL
     813             :      * page is not initialized yet, you have to grab WALBufMappingLock to
     814             :      * initialize it, but the WAL writer tries to do that ahead of insertions
     815             :      * to avoid that from happening in the critical path.
     816             :      *
     817             :      *----------
     818             :      */
     819    29112006 :     START_CRIT_SECTION();
     820             : 
     821    29112006 :     if (likely(class == WALINSERT_NORMAL))
     822             :     {
     823    29108646 :         WALInsertLockAcquire();
     824             : 
     825             :         /*
     826             :          * Check to see if my copy of RedoRecPtr is out of date. If so, may
     827             :          * have to go back and have the caller recompute everything. This can
     828             :          * only happen just after a checkpoint, so it's better to be slow in
     829             :          * this case and fast otherwise.
     830             :          *
     831             :          * Also check to see if fullPageWrites was just turned on or there's a
     832             :          * running backup (which forces full-page writes); if we weren't
     833             :          * already doing full-page writes then go back and recompute.
     834             :          *
     835             :          * If we aren't doing full-page writes then RedoRecPtr doesn't
     836             :          * actually affect the contents of the XLOG record, so we'll update
     837             :          * our local copy but not force a recomputation.  (If doPageWrites was
     838             :          * just turned off, we could recompute the record without full pages,
     839             :          * but we choose not to bother.)
     840             :          */
     841    29108646 :         if (RedoRecPtr != Insert->RedoRecPtr)
     842             :         {
     843             :             Assert(RedoRecPtr < Insert->RedoRecPtr);
     844       13718 :             RedoRecPtr = Insert->RedoRecPtr;
     845             :         }
     846    29108646 :         doPageWrites = (Insert->fullPageWrites || Insert->runningBackups > 0);
     847             : 
     848    29108646 :         if (doPageWrites &&
     849    28623650 :             (!prevDoPageWrites ||
     850    26268162 :              (fpw_lsn != InvalidXLogRecPtr && fpw_lsn <= RedoRecPtr)))
     851             :         {
     852             :             /*
     853             :              * Oops, some buffer now needs to be backed up that the caller
     854             :              * didn't back up.  Start over.
     855             :              */
     856       15228 :             WALInsertLockRelease();
     857       15228 :             END_CRIT_SECTION();
     858       15228 :             return InvalidXLogRecPtr;
     859             :         }
     860             : 
     861             :         /*
     862             :          * Reserve space for the record in the WAL. This also sets the xl_prev
     863             :          * pointer.
     864             :          */
     865    29093418 :         ReserveXLogInsertLocation(rechdr->xl_tot_len, &StartPos, &EndPos,
     866             :                                   &rechdr->xl_prev);
     867             : 
     868             :         /* Normal records are always inserted. */
     869    29093418 :         inserted = true;
     870             :     }
     871        3360 :     else if (class == WALINSERT_SPECIAL_SWITCH)
     872             :     {
     873             :         /*
     874             :          * In order to insert an XLOG_SWITCH record, we need to hold all of
     875             :          * the WAL insertion locks, not just one, so that no one else can
     876             :          * begin inserting a record until we've figured out how much space
     877             :          * remains in the current WAL segment and claimed all of it.
     878             :          *
     879             :          * Nonetheless, this case is simpler than the normal cases handled
     880             :          * below, which must check for changes in doPageWrites and RedoRecPtr.
     881             :          * Those checks are only needed for records that can contain buffer
     882             :          * references, and an XLOG_SWITCH record never does.
     883             :          */
     884             :         Assert(fpw_lsn == InvalidXLogRecPtr);
     885        1556 :         WALInsertLockAcquireExclusive();
     886        1556 :         inserted = ReserveXLogSwitch(&StartPos, &EndPos, &rechdr->xl_prev);
     887             :     }
     888             :     else
     889             :     {
     890             :         Assert(class == WALINSERT_SPECIAL_CHECKPOINT);
     891             : 
     892             :         /*
     893             :          * We need to update both the local and shared copies of RedoRecPtr,
     894             :          * which means that we need to hold all the WAL insertion locks.
     895             :          * However, there can't be any buffer references, so as above, we need
     896             :          * not check RedoRecPtr before inserting the record; we just need to
     897             :          * update it afterwards.
     898             :          */
     899             :         Assert(fpw_lsn == InvalidXLogRecPtr);
     900        1804 :         WALInsertLockAcquireExclusive();
     901        1804 :         ReserveXLogInsertLocation(rechdr->xl_tot_len, &StartPos, &EndPos,
     902             :                                   &rechdr->xl_prev);
     903        1804 :         RedoRecPtr = Insert->RedoRecPtr = StartPos;
     904        1804 :         inserted = true;
     905             :     }
     906             : 
     907    29096778 :     if (inserted)
     908             :     {
     909             :         /*
     910             :          * Now that xl_prev has been filled in, calculate CRC of the record
     911             :          * header.
     912             :          */
     913    29096664 :         rdata_crc = rechdr->xl_crc;
     914    29096664 :         COMP_CRC32C(rdata_crc, rechdr, offsetof(XLogRecord, xl_crc));
     915    29096664 :         FIN_CRC32C(rdata_crc);
     916    29096664 :         rechdr->xl_crc = rdata_crc;
     917             : 
     918             :         /*
     919             :          * All the record data, including the header, is now ready to be
     920             :          * inserted. Copy the record in the space reserved.
     921             :          */
     922    29096664 :         CopyXLogRecordToWAL(rechdr->xl_tot_len,
     923             :                             class == WALINSERT_SPECIAL_SWITCH, rdata,
     924             :                             StartPos, EndPos, insertTLI);
     925             : 
     926             :         /*
     927             :          * Unless record is flagged as not important, update LSN of last
     928             :          * important record in the current slot. When holding all locks, just
     929             :          * update the first one.
     930             :          */
     931    29096664 :         if ((flags & XLOG_MARK_UNIMPORTANT) == 0)
     932             :         {
     933    28916464 :             int         lockno = holdingAllLocks ? 0 : MyLockNo;
     934             : 
     935    28916464 :             WALInsertLocks[lockno].l.lastImportantAt = StartPos;
     936             :         }
     937             :     }
     938             :     else
     939             :     {
     940             :         /*
     941             :          * This was an xlog-switch record, but the current insert location was
     942             :          * already exactly at the beginning of a segment, so there was no need
     943             :          * to do anything.
     944             :          */
     945             :     }
     946             : 
     947             :     /*
     948             :      * Done! Let others know that we're finished.
     949             :      */
     950    29096778 :     WALInsertLockRelease();
     951             : 
     952    29096778 :     END_CRIT_SECTION();
     953             : 
     954    29096778 :     MarkCurrentTransactionIdLoggedIfAny();
     955             : 
     956             :     /*
     957             :      * Mark top transaction id is logged (if needed) so that we should not try
     958             :      * to log it again with the next WAL record in the current subtransaction.
     959             :      */
     960    29096778 :     if (topxid_included)
     961         438 :         MarkSubxactTopXidLogged();
     962             : 
     963             :     /*
     964             :      * Update shared LogwrtRqst.Write, if we crossed page boundary.
     965             :      */
     966    29096778 :     if (StartPos / XLOG_BLCKSZ != EndPos / XLOG_BLCKSZ)
     967             :     {
     968     3304618 :         SpinLockAcquire(&XLogCtl->info_lck);
     969             :         /* advance global request to include new block(s) */
     970     3304618 :         if (XLogCtl->LogwrtRqst.Write < EndPos)
     971     3097166 :             XLogCtl->LogwrtRqst.Write = EndPos;
     972     3304618 :         SpinLockRelease(&XLogCtl->info_lck);
     973     3304618 :         RefreshXLogWriteResult(LogwrtResult);
     974             :     }
     975             : 
     976             :     /*
     977             :      * If this was an XLOG_SWITCH record, flush the record and the empty
     978             :      * padding space that fills the rest of the segment, and perform
     979             :      * end-of-segment actions (eg, notifying archiver).
     980             :      */
     981    29096778 :     if (class == WALINSERT_SPECIAL_SWITCH)
     982             :     {
     983             :         TRACE_POSTGRESQL_WAL_SWITCH();
     984        1556 :         XLogFlush(EndPos);
     985             : 
     986             :         /*
     987             :          * Even though we reserved the rest of the segment for us, which is
     988             :          * reflected in EndPos, we return a pointer to just the end of the
     989             :          * xlog-switch record.
     990             :          */
     991        1556 :         if (inserted)
     992             :         {
     993        1442 :             EndPos = StartPos + SizeOfXLogRecord;
     994        1442 :             if (StartPos / XLOG_BLCKSZ != EndPos / XLOG_BLCKSZ)
     995             :             {
     996           0 :                 uint64      offset = XLogSegmentOffset(EndPos, wal_segment_size);
     997             : 
     998           0 :                 if (offset == EndPos % XLOG_BLCKSZ)
     999           0 :                     EndPos += SizeOfXLogLongPHD;
    1000             :                 else
    1001           0 :                     EndPos += SizeOfXLogShortPHD;
    1002             :             }
    1003             :         }
    1004             :     }
    1005             : 
    1006             : #ifdef WAL_DEBUG
    1007             :     if (XLOG_DEBUG)
    1008             :     {
    1009             :         static XLogReaderState *debug_reader = NULL;
    1010             :         XLogRecord *record;
    1011             :         DecodedXLogRecord *decoded;
    1012             :         StringInfoData buf;
    1013             :         StringInfoData recordBuf;
    1014             :         char       *errormsg = NULL;
    1015             :         MemoryContext oldCxt;
    1016             : 
    1017             :         oldCxt = MemoryContextSwitchTo(walDebugCxt);
    1018             : 
    1019             :         initStringInfo(&buf);
    1020             :         appendStringInfo(&buf, "INSERT @ %X/%08X: ", LSN_FORMAT_ARGS(EndPos));
    1021             : 
    1022             :         /*
    1023             :          * We have to piece together the WAL record data from the XLogRecData
    1024             :          * entries, so that we can pass it to the rm_desc function as one
    1025             :          * contiguous chunk.
    1026             :          */
    1027             :         initStringInfo(&recordBuf);
    1028             :         for (; rdata != NULL; rdata = rdata->next)
    1029             :             appendBinaryStringInfo(&recordBuf, rdata->data, rdata->len);
    1030             : 
    1031             :         /* We also need temporary space to decode the record. */
    1032             :         record = (XLogRecord *) recordBuf.data;
    1033             :         decoded = (DecodedXLogRecord *)
    1034             :             palloc(DecodeXLogRecordRequiredSpace(record->xl_tot_len));
    1035             : 
    1036             :         if (!debug_reader)
    1037             :             debug_reader = XLogReaderAllocate(wal_segment_size, NULL,
    1038             :                                               XL_ROUTINE(.page_read = NULL,
    1039             :                                                          .segment_open = NULL,
    1040             :                                                          .segment_close = NULL),
    1041             :                                               NULL);
    1042             :         if (!debug_reader)
    1043             :         {
    1044             :             appendStringInfoString(&buf, "error decoding record: out of memory while allocating a WAL reading processor");
    1045             :         }
    1046             :         else if (!DecodeXLogRecord(debug_reader,
    1047             :                                    decoded,
    1048             :                                    record,
    1049             :                                    EndPos,
    1050             :                                    &errormsg))
    1051             :         {
    1052             :             appendStringInfo(&buf, "error decoding record: %s",
    1053             :                              errormsg ? errormsg : "no error message");
    1054             :         }
    1055             :         else
    1056             :         {
    1057             :             appendStringInfoString(&buf, " - ");
    1058             : 
    1059             :             debug_reader->record = decoded;
    1060             :             xlog_outdesc(&buf, debug_reader);
    1061             :             debug_reader->record = NULL;
    1062             :         }
    1063             :         elog(LOG, "%s", buf.data);
    1064             : 
    1065             :         pfree(decoded);
    1066             :         pfree(buf.data);
    1067             :         pfree(recordBuf.data);
    1068             :         MemoryContextSwitchTo(oldCxt);
    1069             :     }
    1070             : #endif
    1071             : 
    1072             :     /*
    1073             :      * Update our global variables
    1074             :      */
    1075    29096778 :     ProcLastRecPtr = StartPos;
    1076    29096778 :     XactLastRecEnd = EndPos;
    1077             : 
    1078             :     /* Report WAL traffic to the instrumentation. */
    1079    29096778 :     if (inserted)
    1080             :     {
    1081    29096664 :         pgWalUsage.wal_bytes += rechdr->xl_tot_len;
    1082    29096664 :         pgWalUsage.wal_records++;
    1083    29096664 :         pgWalUsage.wal_fpi += num_fpi;
    1084             : 
    1085             :         /* Required for the flush of pending stats WAL data */
    1086    29096664 :         pgstat_report_fixed = true;
    1087             :     }
    1088             : 
    1089    29096778 :     return EndPos;
    1090             : }
    1091             : 
    1092             : /*
    1093             :  * Reserves the right amount of space for a record of given size from the WAL.
    1094             :  * *StartPos is set to the beginning of the reserved section, *EndPos to
    1095             :  * its end+1. *PrevPtr is set to the beginning of the previous record; it is
    1096             :  * used to set the xl_prev of this record.
    1097             :  *
    1098             :  * This is the performance critical part of XLogInsert that must be serialized
    1099             :  * across backends. The rest can happen mostly in parallel. Try to keep this
    1100             :  * section as short as possible, insertpos_lck can be heavily contended on a
    1101             :  * busy system.
    1102             :  *
    1103             :  * NB: The space calculation here must match the code in CopyXLogRecordToWAL,
    1104             :  * where we actually copy the record to the reserved space.
    1105             :  *
    1106             :  * NB: Testing shows that XLogInsertRecord runs faster if this code is inlined;
    1107             :  * however, because there are two call sites, the compiler is reluctant to
    1108             :  * inline. We use pg_attribute_always_inline here to try to convince it.
    1109             :  */
    1110             : static pg_attribute_always_inline void
    1111    29095222 : ReserveXLogInsertLocation(int size, XLogRecPtr *StartPos, XLogRecPtr *EndPos,
    1112             :                           XLogRecPtr *PrevPtr)
    1113             : {
    1114    29095222 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    1115             :     uint64      startbytepos;
    1116             :     uint64      endbytepos;
    1117             :     uint64      prevbytepos;
    1118             : 
    1119    29095222 :     size = MAXALIGN(size);
    1120             : 
    1121             :     /* All (non xlog-switch) records should contain data. */
    1122             :     Assert(size > SizeOfXLogRecord);
    1123             : 
    1124             :     /*
    1125             :      * The duration the spinlock needs to be held is minimized by minimizing
    1126             :      * the calculations that have to be done while holding the lock. The
    1127             :      * current tip of reserved WAL is kept in CurrBytePos, as a byte position
    1128             :      * that only counts "usable" bytes in WAL, that is, it excludes all WAL
    1129             :      * page headers. The mapping between "usable" byte positions and physical
    1130             :      * positions (XLogRecPtrs) can be done outside the locked region, and
    1131             :      * because the usable byte position doesn't include any headers, reserving
    1132             :      * X bytes from WAL is almost as simple as "CurrBytePos += X".
    1133             :      */
    1134    29095222 :     SpinLockAcquire(&Insert->insertpos_lck);
    1135             : 
    1136    29095222 :     startbytepos = Insert->CurrBytePos;
    1137    29095222 :     endbytepos = startbytepos + size;
    1138    29095222 :     prevbytepos = Insert->PrevBytePos;
    1139    29095222 :     Insert->CurrBytePos = endbytepos;
    1140    29095222 :     Insert->PrevBytePos = startbytepos;
    1141             : 
    1142    29095222 :     SpinLockRelease(&Insert->insertpos_lck);
    1143             : 
    1144    29095222 :     *StartPos = XLogBytePosToRecPtr(startbytepos);
    1145    29095222 :     *EndPos = XLogBytePosToEndRecPtr(endbytepos);
    1146    29095222 :     *PrevPtr = XLogBytePosToRecPtr(prevbytepos);
    1147             : 
    1148             :     /*
    1149             :      * Check that the conversions between "usable byte positions" and
    1150             :      * XLogRecPtrs work consistently in both directions.
    1151             :      */
    1152             :     Assert(XLogRecPtrToBytePos(*StartPos) == startbytepos);
    1153             :     Assert(XLogRecPtrToBytePos(*EndPos) == endbytepos);
    1154             :     Assert(XLogRecPtrToBytePos(*PrevPtr) == prevbytepos);
    1155    29095222 : }
    1156             : 
    1157             : /*
    1158             :  * Like ReserveXLogInsertLocation(), but for an xlog-switch record.
    1159             :  *
    1160             :  * A log-switch record is handled slightly differently. The rest of the
    1161             :  * segment will be reserved for this insertion, as indicated by the returned
    1162             :  * *EndPos value. However, if we are already at the beginning of the current
    1163             :  * segment, *StartPos and *EndPos are set to the current location without
    1164             :  * reserving any space, and the function returns false.
    1165             : */
    1166             : static bool
    1167        1556 : ReserveXLogSwitch(XLogRecPtr *StartPos, XLogRecPtr *EndPos, XLogRecPtr *PrevPtr)
    1168             : {
    1169        1556 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    1170             :     uint64      startbytepos;
    1171             :     uint64      endbytepos;
    1172             :     uint64      prevbytepos;
    1173        1556 :     uint32      size = MAXALIGN(SizeOfXLogRecord);
    1174             :     XLogRecPtr  ptr;
    1175             :     uint32      segleft;
    1176             : 
    1177             :     /*
    1178             :      * These calculations are a bit heavy-weight to be done while holding a
    1179             :      * spinlock, but since we're holding all the WAL insertion locks, there
    1180             :      * are no other inserters competing for it. GetXLogInsertRecPtr() does
    1181             :      * compete for it, but that's not called very frequently.
    1182             :      */
    1183        1556 :     SpinLockAcquire(&Insert->insertpos_lck);
    1184             : 
    1185        1556 :     startbytepos = Insert->CurrBytePos;
    1186             : 
    1187        1556 :     ptr = XLogBytePosToEndRecPtr(startbytepos);
    1188        1556 :     if (XLogSegmentOffset(ptr, wal_segment_size) == 0)
    1189             :     {
    1190         114 :         SpinLockRelease(&Insert->insertpos_lck);
    1191         114 :         *EndPos = *StartPos = ptr;
    1192         114 :         return false;
    1193             :     }
    1194             : 
    1195        1442 :     endbytepos = startbytepos + size;
    1196        1442 :     prevbytepos = Insert->PrevBytePos;
    1197             : 
    1198        1442 :     *StartPos = XLogBytePosToRecPtr(startbytepos);
    1199        1442 :     *EndPos = XLogBytePosToEndRecPtr(endbytepos);
    1200             : 
    1201        1442 :     segleft = wal_segment_size - XLogSegmentOffset(*EndPos, wal_segment_size);
    1202        1442 :     if (segleft != wal_segment_size)
    1203             :     {
    1204             :         /* consume the rest of the segment */
    1205        1442 :         *EndPos += segleft;
    1206        1442 :         endbytepos = XLogRecPtrToBytePos(*EndPos);
    1207             :     }
    1208        1442 :     Insert->CurrBytePos = endbytepos;
    1209        1442 :     Insert->PrevBytePos = startbytepos;
    1210             : 
    1211        1442 :     SpinLockRelease(&Insert->insertpos_lck);
    1212             : 
    1213        1442 :     *PrevPtr = XLogBytePosToRecPtr(prevbytepos);
    1214             : 
    1215             :     Assert(XLogSegmentOffset(*EndPos, wal_segment_size) == 0);
    1216             :     Assert(XLogRecPtrToBytePos(*EndPos) == endbytepos);
    1217             :     Assert(XLogRecPtrToBytePos(*StartPos) == startbytepos);
    1218             :     Assert(XLogRecPtrToBytePos(*PrevPtr) == prevbytepos);
    1219             : 
    1220        1442 :     return true;
    1221             : }
    1222             : 
    1223             : /*
    1224             :  * Subroutine of XLogInsertRecord.  Copies a WAL record to an already-reserved
    1225             :  * area in the WAL.
    1226             :  */
    1227             : static void
    1228    29096664 : CopyXLogRecordToWAL(int write_len, bool isLogSwitch, XLogRecData *rdata,
    1229             :                     XLogRecPtr StartPos, XLogRecPtr EndPos, TimeLineID tli)
    1230             : {
    1231             :     char       *currpos;
    1232             :     int         freespace;
    1233             :     int         written;
    1234             :     XLogRecPtr  CurrPos;
    1235             :     XLogPageHeader pagehdr;
    1236             : 
    1237             :     /*
    1238             :      * Get a pointer to the right place in the right WAL buffer to start
    1239             :      * inserting to.
    1240             :      */
    1241    29096664 :     CurrPos = StartPos;
    1242    29096664 :     currpos = GetXLogBuffer(CurrPos, tli);
    1243    29096664 :     freespace = INSERT_FREESPACE(CurrPos);
    1244             : 
    1245             :     /*
    1246             :      * there should be enough space for at least the first field (xl_tot_len)
    1247             :      * on this page.
    1248             :      */
    1249             :     Assert(freespace >= sizeof(uint32));
    1250             : 
    1251             :     /* Copy record data */
    1252    29096664 :     written = 0;
    1253   137420190 :     while (rdata != NULL)
    1254             :     {
    1255   108323526 :         const char *rdata_data = rdata->data;
    1256   108323526 :         int         rdata_len = rdata->len;
    1257             : 
    1258   111858478 :         while (rdata_len > freespace)
    1259             :         {
    1260             :             /*
    1261             :              * Write what fits on this page, and continue on the next page.
    1262             :              */
    1263             :             Assert(CurrPos % XLOG_BLCKSZ >= SizeOfXLogShortPHD || freespace == 0);
    1264     3534952 :             memcpy(currpos, rdata_data, freespace);
    1265     3534952 :             rdata_data += freespace;
    1266     3534952 :             rdata_len -= freespace;
    1267     3534952 :             written += freespace;
    1268     3534952 :             CurrPos += freespace;
    1269             : 
    1270             :             /*
    1271             :              * Get pointer to beginning of next page, and set the xlp_rem_len
    1272             :              * in the page header. Set XLP_FIRST_IS_CONTRECORD.
    1273             :              *
    1274             :              * It's safe to set the contrecord flag and xlp_rem_len without a
    1275             :              * lock on the page. All the other flags were already set when the
    1276             :              * page was initialized, in AdvanceXLInsertBuffer, and we're the
    1277             :              * only backend that needs to set the contrecord flag.
    1278             :              */
    1279     3534952 :             currpos = GetXLogBuffer(CurrPos, tli);
    1280     3534952 :             pagehdr = (XLogPageHeader) currpos;
    1281     3534952 :             pagehdr->xlp_rem_len = write_len - written;
    1282     3534952 :             pagehdr->xlp_info |= XLP_FIRST_IS_CONTRECORD;
    1283             : 
    1284             :             /* skip over the page header */
    1285     3534952 :             if (XLogSegmentOffset(CurrPos, wal_segment_size) == 0)
    1286             :             {
    1287        2348 :                 CurrPos += SizeOfXLogLongPHD;
    1288        2348 :                 currpos += SizeOfXLogLongPHD;
    1289             :             }
    1290             :             else
    1291             :             {
    1292     3532604 :                 CurrPos += SizeOfXLogShortPHD;
    1293     3532604 :                 currpos += SizeOfXLogShortPHD;
    1294             :             }
    1295     3534952 :             freespace = INSERT_FREESPACE(CurrPos);
    1296             :         }
    1297             : 
    1298             :         Assert(CurrPos % XLOG_BLCKSZ >= SizeOfXLogShortPHD || rdata_len == 0);
    1299   108323526 :         memcpy(currpos, rdata_data, rdata_len);
    1300   108323526 :         currpos += rdata_len;
    1301   108323526 :         CurrPos += rdata_len;
    1302   108323526 :         freespace -= rdata_len;
    1303   108323526 :         written += rdata_len;
    1304             : 
    1305   108323526 :         rdata = rdata->next;
    1306             :     }
    1307             :     Assert(written == write_len);
    1308             : 
    1309             :     /*
    1310             :      * If this was an xlog-switch, it's not enough to write the switch record,
    1311             :      * we also have to consume all the remaining space in the WAL segment.  We
    1312             :      * have already reserved that space, but we need to actually fill it.
    1313             :      */
    1314    29096664 :     if (isLogSwitch && XLogSegmentOffset(CurrPos, wal_segment_size) != 0)
    1315             :     {
    1316             :         /* An xlog-switch record doesn't contain any data besides the header */
    1317             :         Assert(write_len == SizeOfXLogRecord);
    1318             : 
    1319             :         /* Assert that we did reserve the right amount of space */
    1320             :         Assert(XLogSegmentOffset(EndPos, wal_segment_size) == 0);
    1321             : 
    1322             :         /* Use up all the remaining space on the current page */
    1323        1442 :         CurrPos += freespace;
    1324             : 
    1325             :         /*
    1326             :          * Cause all remaining pages in the segment to be flushed, leaving the
    1327             :          * XLog position where it should be, at the start of the next segment.
    1328             :          * We do this one page at a time, to make sure we don't deadlock
    1329             :          * against ourselves if wal_buffers < wal_segment_size.
    1330             :          */
    1331     1383816 :         while (CurrPos < EndPos)
    1332             :         {
    1333             :             /*
    1334             :              * The minimal action to flush the page would be to call
    1335             :              * WALInsertLockUpdateInsertingAt(CurrPos) followed by
    1336             :              * AdvanceXLInsertBuffer(...).  The page would be left initialized
    1337             :              * mostly to zeros, except for the page header (always the short
    1338             :              * variant, as this is never a segment's first page).
    1339             :              *
    1340             :              * The large vistas of zeros are good for compressibility, but the
    1341             :              * headers interrupting them every XLOG_BLCKSZ (with values that
    1342             :              * differ from page to page) are not.  The effect varies with
    1343             :              * compression tool, but bzip2 for instance compresses about an
    1344             :              * order of magnitude worse if those headers are left in place.
    1345             :              *
    1346             :              * Rather than complicating AdvanceXLInsertBuffer itself (which is
    1347             :              * called in heavily-loaded circumstances as well as this lightly-
    1348             :              * loaded one) with variant behavior, we just use GetXLogBuffer
    1349             :              * (which itself calls the two methods we need) to get the pointer
    1350             :              * and zero most of the page.  Then we just zero the page header.
    1351             :              */
    1352     1382374 :             currpos = GetXLogBuffer(CurrPos, tli);
    1353     5529496 :             MemSet(currpos, 0, SizeOfXLogShortPHD);
    1354             : 
    1355     1382374 :             CurrPos += XLOG_BLCKSZ;
    1356             :         }
    1357             :     }
    1358             :     else
    1359             :     {
    1360             :         /* Align the end position, so that the next record starts aligned */
    1361    29095222 :         CurrPos = MAXALIGN64(CurrPos);
    1362             :     }
    1363             : 
    1364    29096664 :     if (CurrPos != EndPos)
    1365           0 :         ereport(PANIC,
    1366             :                 errcode(ERRCODE_DATA_CORRUPTED),
    1367             :                 errmsg_internal("space reserved for WAL record does not match what was written"));
    1368    29096664 : }
    1369             : 
    1370             : /*
    1371             :  * Acquire a WAL insertion lock, for inserting to WAL.
    1372             :  */
    1373             : static void
    1374    29108668 : WALInsertLockAcquire(void)
    1375             : {
    1376             :     bool        immed;
    1377             : 
    1378             :     /*
    1379             :      * It doesn't matter which of the WAL insertion locks we acquire, so try
    1380             :      * the one we used last time.  If the system isn't particularly busy, it's
    1381             :      * a good bet that it's still available, and it's good to have some
    1382             :      * affinity to a particular lock so that you don't unnecessarily bounce
    1383             :      * cache lines between processes when there's no contention.
    1384             :      *
    1385             :      * If this is the first time through in this backend, pick a lock
    1386             :      * (semi-)randomly.  This allows the locks to be used evenly if you have a
    1387             :      * lot of very short connections.
    1388             :      */
    1389             :     static int  lockToTry = -1;
    1390             : 
    1391    29108668 :     if (lockToTry == -1)
    1392       15974 :         lockToTry = MyProcNumber % NUM_XLOGINSERT_LOCKS;
    1393    29108668 :     MyLockNo = lockToTry;
    1394             : 
    1395             :     /*
    1396             :      * The insertingAt value is initially set to 0, as we don't know our
    1397             :      * insert location yet.
    1398             :      */
    1399    29108668 :     immed = LWLockAcquire(&WALInsertLocks[MyLockNo].l.lock, LW_EXCLUSIVE);
    1400    29108668 :     if (!immed)
    1401             :     {
    1402             :         /*
    1403             :          * If we couldn't get the lock immediately, try another lock next
    1404             :          * time.  On a system with more insertion locks than concurrent
    1405             :          * inserters, this causes all the inserters to eventually migrate to a
    1406             :          * lock that no-one else is using.  On a system with more inserters
    1407             :          * than locks, it still helps to distribute the inserters evenly
    1408             :          * across the locks.
    1409             :          */
    1410       76132 :         lockToTry = (lockToTry + 1) % NUM_XLOGINSERT_LOCKS;
    1411             :     }
    1412    29108668 : }
    1413             : 
    1414             : /*
    1415             :  * Acquire all WAL insertion locks, to prevent other backends from inserting
    1416             :  * to WAL.
    1417             :  */
    1418             : static void
    1419        8558 : WALInsertLockAcquireExclusive(void)
    1420             : {
    1421             :     int         i;
    1422             : 
    1423             :     /*
    1424             :      * When holding all the locks, all but the last lock's insertingAt
    1425             :      * indicator is set to 0xFFFFFFFFFFFFFFFF, which is higher than any real
    1426             :      * XLogRecPtr value, to make sure that no-one blocks waiting on those.
    1427             :      */
    1428       68464 :     for (i = 0; i < NUM_XLOGINSERT_LOCKS - 1; i++)
    1429             :     {
    1430       59906 :         LWLockAcquire(&WALInsertLocks[i].l.lock, LW_EXCLUSIVE);
    1431       59906 :         LWLockUpdateVar(&WALInsertLocks[i].l.lock,
    1432       59906 :                         &WALInsertLocks[i].l.insertingAt,
    1433             :                         PG_UINT64_MAX);
    1434             :     }
    1435             :     /* Variable value reset to 0 at release */
    1436        8558 :     LWLockAcquire(&WALInsertLocks[i].l.lock, LW_EXCLUSIVE);
    1437             : 
    1438        8558 :     holdingAllLocks = true;
    1439        8558 : }
    1440             : 
    1441             : /*
    1442             :  * Release our insertion lock (or locks, if we're holding them all).
    1443             :  *
    1444             :  * NB: Reset all variables to 0, so they cause LWLockWaitForVar to block the
    1445             :  * next time the lock is acquired.
    1446             :  */
    1447             : static void
    1448    29117226 : WALInsertLockRelease(void)
    1449             : {
    1450    29117226 :     if (holdingAllLocks)
    1451             :     {
    1452             :         int         i;
    1453             : 
    1454       77022 :         for (i = 0; i < NUM_XLOGINSERT_LOCKS; i++)
    1455       68464 :             LWLockReleaseClearVar(&WALInsertLocks[i].l.lock,
    1456       68464 :                                   &WALInsertLocks[i].l.insertingAt,
    1457             :                                   0);
    1458             : 
    1459        8558 :         holdingAllLocks = false;
    1460             :     }
    1461             :     else
    1462             :     {
    1463    29108668 :         LWLockReleaseClearVar(&WALInsertLocks[MyLockNo].l.lock,
    1464    29108668 :                               &WALInsertLocks[MyLockNo].l.insertingAt,
    1465             :                               0);
    1466             :     }
    1467    29117226 : }
    1468             : 
    1469             : /*
    1470             :  * Update our insertingAt value, to let others know that we've finished
    1471             :  * inserting up to that point.
    1472             :  */
    1473             : static void
    1474     5210192 : WALInsertLockUpdateInsertingAt(XLogRecPtr insertingAt)
    1475             : {
    1476     5210192 :     if (holdingAllLocks)
    1477             :     {
    1478             :         /*
    1479             :          * We use the last lock to mark our actual position, see comments in
    1480             :          * WALInsertLockAcquireExclusive.
    1481             :          */
    1482     1374790 :         LWLockUpdateVar(&WALInsertLocks[NUM_XLOGINSERT_LOCKS - 1].l.lock,
    1483     1374790 :                         &WALInsertLocks[NUM_XLOGINSERT_LOCKS - 1].l.insertingAt,
    1484             :                         insertingAt);
    1485             :     }
    1486             :     else
    1487     3835402 :         LWLockUpdateVar(&WALInsertLocks[MyLockNo].l.lock,
    1488     3835402 :                         &WALInsertLocks[MyLockNo].l.insertingAt,
    1489             :                         insertingAt);
    1490     5210192 : }
    1491             : 
    1492             : /*
    1493             :  * Wait for any WAL insertions < upto to finish.
    1494             :  *
    1495             :  * Returns the location of the oldest insertion that is still in-progress.
    1496             :  * Any WAL prior to that point has been fully copied into WAL buffers, and
    1497             :  * can be flushed out to disk. Because this waits for any insertions older
    1498             :  * than 'upto' to finish, the return value is always >= 'upto'.
    1499             :  *
    1500             :  * Note: When you are about to write out WAL, you must call this function
    1501             :  * *before* acquiring WALWriteLock, to avoid deadlocks. This function might
    1502             :  * need to wait for an insertion to finish (or at least advance to next
    1503             :  * uninitialized page), and the inserter might need to evict an old WAL buffer
    1504             :  * to make room for a new one, which in turn requires WALWriteLock.
    1505             :  */
    1506             : static XLogRecPtr
    1507     4787642 : WaitXLogInsertionsToFinish(XLogRecPtr upto)
    1508             : {
    1509             :     uint64      bytepos;
    1510             :     XLogRecPtr  inserted;
    1511             :     XLogRecPtr  reservedUpto;
    1512             :     XLogRecPtr  finishedUpto;
    1513     4787642 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    1514             :     int         i;
    1515             : 
    1516     4787642 :     if (MyProc == NULL)
    1517           0 :         elog(PANIC, "cannot wait without a PGPROC structure");
    1518             : 
    1519             :     /*
    1520             :      * Check if there's any work to do.  Use a barrier to ensure we get the
    1521             :      * freshest value.
    1522             :      */
    1523     4787642 :     inserted = pg_atomic_read_membarrier_u64(&XLogCtl->logInsertResult);
    1524     4787642 :     if (upto <= inserted)
    1525     3896750 :         return inserted;
    1526             : 
    1527             :     /* Read the current insert position */
    1528      890892 :     SpinLockAcquire(&Insert->insertpos_lck);
    1529      890892 :     bytepos = Insert->CurrBytePos;
    1530      890892 :     SpinLockRelease(&Insert->insertpos_lck);
    1531      890892 :     reservedUpto = XLogBytePosToEndRecPtr(bytepos);
    1532             : 
    1533             :     /*
    1534             :      * No-one should request to flush a piece of WAL that hasn't even been
    1535             :      * reserved yet. However, it can happen if there is a block with a bogus
    1536             :      * LSN on disk, for example. XLogFlush checks for that situation and
    1537             :      * complains, but only after the flush. Here we just assume that to mean
    1538             :      * that all WAL that has been reserved needs to be finished. In this
    1539             :      * corner-case, the return value can be smaller than 'upto' argument.
    1540             :      */
    1541      890892 :     if (upto > reservedUpto)
    1542             :     {
    1543           0 :         ereport(LOG,
    1544             :                 errmsg("request to flush past end of generated WAL; request %X/%08X, current position %X/%08X",
    1545             :                        LSN_FORMAT_ARGS(upto), LSN_FORMAT_ARGS(reservedUpto)));
    1546           0 :         upto = reservedUpto;
    1547             :     }
    1548             : 
    1549             :     /*
    1550             :      * Loop through all the locks, sleeping on any in-progress insert older
    1551             :      * than 'upto'.
    1552             :      *
    1553             :      * finishedUpto is our return value, indicating the point upto which all
    1554             :      * the WAL insertions have been finished. Initialize it to the head of
    1555             :      * reserved WAL, and as we iterate through the insertion locks, back it
    1556             :      * out for any insertion that's still in progress.
    1557             :      */
    1558      890892 :     finishedUpto = reservedUpto;
    1559     8018028 :     for (i = 0; i < NUM_XLOGINSERT_LOCKS; i++)
    1560             :     {
    1561     7127136 :         XLogRecPtr  insertingat = InvalidXLogRecPtr;
    1562             : 
    1563             :         do
    1564             :         {
    1565             :             /*
    1566             :              * See if this insertion is in progress.  LWLockWaitForVar will
    1567             :              * wait for the lock to be released, or for the 'value' to be set
    1568             :              * by a LWLockUpdateVar call.  When a lock is initially acquired,
    1569             :              * its value is 0 (InvalidXLogRecPtr), which means that we don't
    1570             :              * know where it's inserting yet.  We will have to wait for it. If
    1571             :              * it's a small insertion, the record will most likely fit on the
    1572             :              * same page and the inserter will release the lock without ever
    1573             :              * calling LWLockUpdateVar.  But if it has to sleep, it will
    1574             :              * advertise the insertion point with LWLockUpdateVar before
    1575             :              * sleeping.
    1576             :              *
    1577             :              * In this loop we are only waiting for insertions that started
    1578             :              * before WaitXLogInsertionsToFinish was called.  The lack of
    1579             :              * memory barriers in the loop means that we might see locks as
    1580             :              * "unused" that have since become used.  This is fine because
    1581             :              * they only can be used for later insertions that we would not
    1582             :              * want to wait on anyway.  Not taking a lock to acquire the
    1583             :              * current insertingAt value means that we might see older
    1584             :              * insertingAt values.  This is also fine, because if we read a
    1585             :              * value too old, we will add ourselves to the wait queue, which
    1586             :              * contains atomic operations.
    1587             :              */
    1588     7311868 :             if (LWLockWaitForVar(&WALInsertLocks[i].l.lock,
    1589     7311868 :                                  &WALInsertLocks[i].l.insertingAt,
    1590             :                                  insertingat, &insertingat))
    1591             :             {
    1592             :                 /* the lock was free, so no insertion in progress */
    1593     5102162 :                 insertingat = InvalidXLogRecPtr;
    1594     5102162 :                 break;
    1595             :             }
    1596             : 
    1597             :             /*
    1598             :              * This insertion is still in progress. Have to wait, unless the
    1599             :              * inserter has proceeded past 'upto'.
    1600             :              */
    1601     2209706 :         } while (insertingat < upto);
    1602             : 
    1603     7127136 :         if (insertingat != InvalidXLogRecPtr && insertingat < finishedUpto)
    1604      799798 :             finishedUpto = insertingat;
    1605             :     }
    1606             : 
    1607             :     /*
    1608             :      * Advance the limit we know to have been inserted and return the freshest
    1609             :      * value we know of, which might be beyond what we requested if somebody
    1610             :      * is concurrently doing this with an 'upto' pointer ahead of us.
    1611             :      */
    1612      890892 :     finishedUpto = pg_atomic_monotonic_advance_u64(&XLogCtl->logInsertResult,
    1613             :                                                    finishedUpto);
    1614             : 
    1615      890892 :     return finishedUpto;
    1616             : }
    1617             : 
    1618             : /*
    1619             :  * Get a pointer to the right location in the WAL buffer containing the
    1620             :  * given XLogRecPtr.
    1621             :  *
    1622             :  * If the page is not initialized yet, it is initialized. That might require
    1623             :  * evicting an old dirty buffer from the buffer cache, which means I/O.
    1624             :  *
    1625             :  * The caller must ensure that the page containing the requested location
    1626             :  * isn't evicted yet, and won't be evicted. The way to ensure that is to
    1627             :  * hold onto a WAL insertion lock with the insertingAt position set to
    1628             :  * something <= ptr. GetXLogBuffer() will update insertingAt if it needs
    1629             :  * to evict an old page from the buffer. (This means that once you call
    1630             :  * GetXLogBuffer() with a given 'ptr', you must not access anything before
    1631             :  * that point anymore, and must not call GetXLogBuffer() with an older 'ptr'
    1632             :  * later, because older buffers might be recycled already)
    1633             :  */
    1634             : static char *
    1635    34014012 : GetXLogBuffer(XLogRecPtr ptr, TimeLineID tli)
    1636             : {
    1637             :     int         idx;
    1638             :     XLogRecPtr  endptr;
    1639             :     static uint64 cachedPage = 0;
    1640             :     static char *cachedPos = NULL;
    1641             :     XLogRecPtr  expectedEndPtr;
    1642             : 
    1643             :     /*
    1644             :      * Fast path for the common case that we need to access again the same
    1645             :      * page as last time.
    1646             :      */
    1647    34014012 :     if (ptr / XLOG_BLCKSZ == cachedPage)
    1648             :     {
    1649             :         Assert(((XLogPageHeader) cachedPos)->xlp_magic == XLOG_PAGE_MAGIC);
    1650             :         Assert(((XLogPageHeader) cachedPos)->xlp_pageaddr == ptr - (ptr % XLOG_BLCKSZ));
    1651    27769062 :         return cachedPos + ptr % XLOG_BLCKSZ;
    1652             :     }
    1653             : 
    1654             :     /*
    1655             :      * The XLog buffer cache is organized so that a page is always loaded to a
    1656             :      * particular buffer.  That way we can easily calculate the buffer a given
    1657             :      * page must be loaded into, from the XLogRecPtr alone.
    1658             :      */
    1659     6244950 :     idx = XLogRecPtrToBufIdx(ptr);
    1660             : 
    1661             :     /*
    1662             :      * See what page is loaded in the buffer at the moment. It could be the
    1663             :      * page we're looking for, or something older. It can't be anything newer
    1664             :      * - that would imply the page we're looking for has already been written
    1665             :      * out to disk and evicted, and the caller is responsible for making sure
    1666             :      * that doesn't happen.
    1667             :      *
    1668             :      * We don't hold a lock while we read the value. If someone is just about
    1669             :      * to initialize or has just initialized the page, it's possible that we
    1670             :      * get InvalidXLogRecPtr. That's ok, we'll grab the mapping lock (in
    1671             :      * AdvanceXLInsertBuffer) and retry if we see anything other than the page
    1672             :      * we're looking for.
    1673             :      */
    1674     6244950 :     expectedEndPtr = ptr;
    1675     6244950 :     expectedEndPtr += XLOG_BLCKSZ - ptr % XLOG_BLCKSZ;
    1676             : 
    1677     6244950 :     endptr = pg_atomic_read_u64(&XLogCtl->xlblocks[idx]);
    1678     6244950 :     if (expectedEndPtr != endptr)
    1679             :     {
    1680             :         XLogRecPtr  initializedUpto;
    1681             : 
    1682             :         /*
    1683             :          * Before calling AdvanceXLInsertBuffer(), which can block, let others
    1684             :          * know how far we're finished with inserting the record.
    1685             :          *
    1686             :          * NB: If 'ptr' points to just after the page header, advertise a
    1687             :          * position at the beginning of the page rather than 'ptr' itself. If
    1688             :          * there are no other insertions running, someone might try to flush
    1689             :          * up to our advertised location. If we advertised a position after
    1690             :          * the page header, someone might try to flush the page header, even
    1691             :          * though page might actually not be initialized yet. As the first
    1692             :          * inserter on the page, we are effectively responsible for making
    1693             :          * sure that it's initialized, before we let insertingAt to move past
    1694             :          * the page header.
    1695             :          */
    1696     5210192 :         if (ptr % XLOG_BLCKSZ == SizeOfXLogShortPHD &&
    1697       12448 :             XLogSegmentOffset(ptr, wal_segment_size) > XLOG_BLCKSZ)
    1698       12448 :             initializedUpto = ptr - SizeOfXLogShortPHD;
    1699     5197744 :         else if (ptr % XLOG_BLCKSZ == SizeOfXLogLongPHD &&
    1700        2422 :                  XLogSegmentOffset(ptr, wal_segment_size) < XLOG_BLCKSZ)
    1701        1200 :             initializedUpto = ptr - SizeOfXLogLongPHD;
    1702             :         else
    1703     5196544 :             initializedUpto = ptr;
    1704             : 
    1705     5210192 :         WALInsertLockUpdateInsertingAt(initializedUpto);
    1706             : 
    1707     5210192 :         AdvanceXLInsertBuffer(ptr, tli, false);
    1708     5210192 :         endptr = pg_atomic_read_u64(&XLogCtl->xlblocks[idx]);
    1709             : 
    1710     5210192 :         if (expectedEndPtr != endptr)
    1711           0 :             elog(PANIC, "could not find WAL buffer for %X/%08X",
    1712             :                  LSN_FORMAT_ARGS(ptr));
    1713             :     }
    1714             :     else
    1715             :     {
    1716             :         /*
    1717             :          * Make sure the initialization of the page is visible to us, and
    1718             :          * won't arrive later to overwrite the WAL data we write on the page.
    1719             :          */
    1720     1034758 :         pg_memory_barrier();
    1721             :     }
    1722             : 
    1723             :     /*
    1724             :      * Found the buffer holding this page. Return a pointer to the right
    1725             :      * offset within the page.
    1726             :      */
    1727     6244950 :     cachedPage = ptr / XLOG_BLCKSZ;
    1728     6244950 :     cachedPos = XLogCtl->pages + idx * (Size) XLOG_BLCKSZ;
    1729             : 
    1730             :     Assert(((XLogPageHeader) cachedPos)->xlp_magic == XLOG_PAGE_MAGIC);
    1731             :     Assert(((XLogPageHeader) cachedPos)->xlp_pageaddr == ptr - (ptr % XLOG_BLCKSZ));
    1732             : 
    1733     6244950 :     return cachedPos + ptr % XLOG_BLCKSZ;
    1734             : }
    1735             : 
    1736             : /*
    1737             :  * Read WAL data directly from WAL buffers, if available. Returns the number
    1738             :  * of bytes read successfully.
    1739             :  *
    1740             :  * Fewer than 'count' bytes may be read if some of the requested WAL data has
    1741             :  * already been evicted.
    1742             :  *
    1743             :  * No locks are taken.
    1744             :  *
    1745             :  * Caller should ensure that it reads no further than LogwrtResult.Write
    1746             :  * (which should have been updated by the caller when determining how far to
    1747             :  * read). The 'tli' argument is only used as a convenient safety check so that
    1748             :  * callers do not read from WAL buffers on a historical timeline.
    1749             :  */
    1750             : Size
    1751      196640 : WALReadFromBuffers(char *dstbuf, XLogRecPtr startptr, Size count,
    1752             :                    TimeLineID tli)
    1753             : {
    1754      196640 :     char       *pdst = dstbuf;
    1755      196640 :     XLogRecPtr  recptr = startptr;
    1756             :     XLogRecPtr  inserted;
    1757      196640 :     Size        nbytes = count;
    1758             : 
    1759      196640 :     if (RecoveryInProgress() || tli != GetWALInsertionTimeLine())
    1760        1832 :         return 0;
    1761             : 
    1762             :     Assert(!XLogRecPtrIsInvalid(startptr));
    1763             : 
    1764             :     /*
    1765             :      * Caller should ensure that the requested data has been inserted into WAL
    1766             :      * buffers before we try to read it.
    1767             :      */
    1768      194808 :     inserted = pg_atomic_read_u64(&XLogCtl->logInsertResult);
    1769      194808 :     if (startptr + count > inserted)
    1770           0 :         ereport(ERROR,
    1771             :                 errmsg("cannot read past end of generated WAL: requested %X/%08X, current position %X/%08X",
    1772             :                        LSN_FORMAT_ARGS(startptr + count),
    1773             :                        LSN_FORMAT_ARGS(inserted)));
    1774             : 
    1775             :     /*
    1776             :      * Loop through the buffers without a lock. For each buffer, atomically
    1777             :      * read and verify the end pointer, then copy the data out, and finally
    1778             :      * re-read and re-verify the end pointer.
    1779             :      *
    1780             :      * Once a page is evicted, it never returns to the WAL buffers, so if the
    1781             :      * end pointer matches the expected end pointer before and after we copy
    1782             :      * the data, then the right page must have been present during the data
    1783             :      * copy. Read barriers are necessary to ensure that the data copy actually
    1784             :      * happens between the two verification steps.
    1785             :      *
    1786             :      * If either verification fails, we simply terminate the loop and return
    1787             :      * with the data that had been already copied out successfully.
    1788             :      */
    1789      206364 :     while (nbytes > 0)
    1790             :     {
    1791      203144 :         uint32      offset = recptr % XLOG_BLCKSZ;
    1792      203144 :         int         idx = XLogRecPtrToBufIdx(recptr);
    1793             :         XLogRecPtr  expectedEndPtr;
    1794             :         XLogRecPtr  endptr;
    1795             :         const char *page;
    1796             :         const char *psrc;
    1797             :         Size        npagebytes;
    1798             : 
    1799             :         /*
    1800             :          * Calculate the end pointer we expect in the xlblocks array if the
    1801             :          * correct page is present.
    1802             :          */
    1803      203144 :         expectedEndPtr = recptr + (XLOG_BLCKSZ - offset);
    1804             : 
    1805             :         /*
    1806             :          * First verification step: check that the correct page is present in
    1807             :          * the WAL buffers.
    1808             :          */
    1809      203144 :         endptr = pg_atomic_read_u64(&XLogCtl->xlblocks[idx]);
    1810      203144 :         if (expectedEndPtr != endptr)
    1811      191584 :             break;
    1812             : 
    1813             :         /*
    1814             :          * The correct page is present (or was at the time the endptr was
    1815             :          * read; must re-verify later). Calculate pointer to source data and
    1816             :          * determine how much data to read from this page.
    1817             :          */
    1818       11560 :         page = XLogCtl->pages + idx * (Size) XLOG_BLCKSZ;
    1819       11560 :         psrc = page + offset;
    1820       11560 :         npagebytes = Min(nbytes, XLOG_BLCKSZ - offset);
    1821             : 
    1822             :         /*
    1823             :          * Ensure that the data copy and the first verification step are not
    1824             :          * reordered.
    1825             :          */
    1826       11560 :         pg_read_barrier();
    1827             : 
    1828             :         /* data copy */
    1829       11560 :         memcpy(pdst, psrc, npagebytes);
    1830             : 
    1831             :         /*
    1832             :          * Ensure that the data copy and the second verification step are not
    1833             :          * reordered.
    1834             :          */
    1835       11560 :         pg_read_barrier();
    1836             : 
    1837             :         /*
    1838             :          * Second verification step: check that the page we read from wasn't
    1839             :          * evicted while we were copying the data.
    1840             :          */
    1841       11560 :         endptr = pg_atomic_read_u64(&XLogCtl->xlblocks[idx]);
    1842       11560 :         if (expectedEndPtr != endptr)
    1843           4 :             break;
    1844             : 
    1845       11556 :         pdst += npagebytes;
    1846       11556 :         recptr += npagebytes;
    1847       11556 :         nbytes -= npagebytes;
    1848             :     }
    1849             : 
    1850             :     Assert(pdst - dstbuf <= count);
    1851             : 
    1852      194808 :     return pdst - dstbuf;
    1853             : }
    1854             : 
    1855             : /*
    1856             :  * Converts a "usable byte position" to XLogRecPtr. A usable byte position
    1857             :  * is the position starting from the beginning of WAL, excluding all WAL
    1858             :  * page headers.
    1859             :  */
    1860             : static XLogRecPtr
    1861    58198532 : XLogBytePosToRecPtr(uint64 bytepos)
    1862             : {
    1863             :     uint64      fullsegs;
    1864             :     uint64      fullpages;
    1865             :     uint64      bytesleft;
    1866             :     uint32      seg_offset;
    1867             :     XLogRecPtr  result;
    1868             : 
    1869    58198532 :     fullsegs = bytepos / UsableBytesInSegment;
    1870    58198532 :     bytesleft = bytepos % UsableBytesInSegment;
    1871             : 
    1872    58198532 :     if (bytesleft < XLOG_BLCKSZ - SizeOfXLogLongPHD)
    1873             :     {
    1874             :         /* fits on first page of segment */
    1875      100220 :         seg_offset = bytesleft + SizeOfXLogLongPHD;
    1876             :     }
    1877             :     else
    1878             :     {
    1879             :         /* account for the first page on segment with long header */
    1880    58098312 :         seg_offset = XLOG_BLCKSZ;
    1881    58098312 :         bytesleft -= XLOG_BLCKSZ - SizeOfXLogLongPHD;
    1882             : 
    1883    58098312 :         fullpages = bytesleft / UsableBytesInPage;
    1884    58098312 :         bytesleft = bytesleft % UsableBytesInPage;
    1885             : 
    1886    58098312 :         seg_offset += fullpages * XLOG_BLCKSZ + bytesleft + SizeOfXLogShortPHD;
    1887             :     }
    1888             : 
    1889    58198532 :     XLogSegNoOffsetToRecPtr(fullsegs, seg_offset, wal_segment_size, result);
    1890             : 
    1891    58198532 :     return result;
    1892             : }
    1893             : 
    1894             : /*
    1895             :  * Like XLogBytePosToRecPtr, but if the position is at a page boundary,
    1896             :  * returns a pointer to the beginning of the page (ie. before page header),
    1897             :  * not to where the first xlog record on that page would go to. This is used
    1898             :  * when converting a pointer to the end of a record.
    1899             :  */
    1900             : static XLogRecPtr
    1901    29989112 : XLogBytePosToEndRecPtr(uint64 bytepos)
    1902             : {
    1903             :     uint64      fullsegs;
    1904             :     uint64      fullpages;
    1905             :     uint64      bytesleft;
    1906             :     uint32      seg_offset;
    1907             :     XLogRecPtr  result;
    1908             : 
    1909    29989112 :     fullsegs = bytepos / UsableBytesInSegment;
    1910    29989112 :     bytesleft = bytepos % UsableBytesInSegment;
    1911             : 
    1912    29989112 :     if (bytesleft < XLOG_BLCKSZ - SizeOfXLogLongPHD)
    1913             :     {
    1914             :         /* fits on first page of segment */
    1915      161750 :         if (bytesleft == 0)
    1916      109026 :             seg_offset = 0;
    1917             :         else
    1918       52724 :             seg_offset = bytesleft + SizeOfXLogLongPHD;
    1919             :     }
    1920             :     else
    1921             :     {
    1922             :         /* account for the first page on segment with long header */
    1923    29827362 :         seg_offset = XLOG_BLCKSZ;
    1924    29827362 :         bytesleft -= XLOG_BLCKSZ - SizeOfXLogLongPHD;
    1925             : 
    1926    29827362 :         fullpages = bytesleft / UsableBytesInPage;
    1927    29827362 :         bytesleft = bytesleft % UsableBytesInPage;
    1928             : 
    1929    29827362 :         if (bytesleft == 0)
    1930       28626 :             seg_offset += fullpages * XLOG_BLCKSZ + bytesleft;
    1931             :         else
    1932    29798736 :             seg_offset += fullpages * XLOG_BLCKSZ + bytesleft + SizeOfXLogShortPHD;
    1933             :     }
    1934             : 
    1935    29989112 :     XLogSegNoOffsetToRecPtr(fullsegs, seg_offset, wal_segment_size, result);
    1936             : 
    1937    29989112 :     return result;
    1938             : }
    1939             : 
    1940             : /*
    1941             :  * Convert an XLogRecPtr to a "usable byte position".
    1942             :  */
    1943             : static uint64
    1944        4986 : XLogRecPtrToBytePos(XLogRecPtr ptr)
    1945             : {
    1946             :     uint64      fullsegs;
    1947             :     uint32      fullpages;
    1948             :     uint32      offset;
    1949             :     uint64      result;
    1950             : 
    1951        4986 :     XLByteToSeg(ptr, fullsegs, wal_segment_size);
    1952             : 
    1953        4986 :     fullpages = (XLogSegmentOffset(ptr, wal_segment_size)) / XLOG_BLCKSZ;
    1954        4986 :     offset = ptr % XLOG_BLCKSZ;
    1955             : 
    1956        4986 :     if (fullpages == 0)
    1957             :     {
    1958        1952 :         result = fullsegs * UsableBytesInSegment;
    1959        1952 :         if (offset > 0)
    1960             :         {
    1961             :             Assert(offset >= SizeOfXLogLongPHD);
    1962         470 :             result += offset - SizeOfXLogLongPHD;
    1963             :         }
    1964             :     }
    1965             :     else
    1966             :     {
    1967        3034 :         result = fullsegs * UsableBytesInSegment +
    1968        3034 :             (XLOG_BLCKSZ - SizeOfXLogLongPHD) + /* account for first page */
    1969        3034 :             (fullpages - 1) * UsableBytesInPage;    /* full pages */
    1970        3034 :         if (offset > 0)
    1971             :         {
    1972             :             Assert(offset >= SizeOfXLogShortPHD);
    1973        3014 :             result += offset - SizeOfXLogShortPHD;
    1974             :         }
    1975             :     }
    1976             : 
    1977        4986 :     return result;
    1978             : }
    1979             : 
    1980             : /*
    1981             :  * Initialize XLOG buffers, writing out old buffers if they still contain
    1982             :  * unwritten data, upto the page containing 'upto'. Or if 'opportunistic' is
    1983             :  * true, initialize as many pages as we can without having to write out
    1984             :  * unwritten data. Any new pages are initialized to zeros, with pages headers
    1985             :  * initialized properly.
    1986             :  */
    1987             : static void
    1988     5219708 : AdvanceXLInsertBuffer(XLogRecPtr upto, TimeLineID tli, bool opportunistic)
    1989             : {
    1990     5219708 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    1991             :     int         nextidx;
    1992             :     XLogRecPtr  OldPageRqstPtr;
    1993             :     XLogwrtRqst WriteRqst;
    1994     5219708 :     XLogRecPtr  NewPageEndPtr = InvalidXLogRecPtr;
    1995             :     XLogRecPtr  NewPageBeginPtr;
    1996             :     XLogPageHeader NewPage;
    1997     5219708 :     int         npages pg_attribute_unused() = 0;
    1998             : 
    1999     5219708 :     LWLockAcquire(WALBufMappingLock, LW_EXCLUSIVE);
    2000             : 
    2001             :     /*
    2002             :      * Now that we have the lock, check if someone initialized the page
    2003             :      * already.
    2004             :      */
    2005    14750686 :     while (upto >= XLogCtl->InitializedUpTo || opportunistic)
    2006             :     {
    2007     9540494 :         nextidx = XLogRecPtrToBufIdx(XLogCtl->InitializedUpTo);
    2008             : 
    2009             :         /*
    2010             :          * Get ending-offset of the buffer page we need to replace (this may
    2011             :          * be zero if the buffer hasn't been used yet).  Fall through if it's
    2012             :          * already written out.
    2013             :          */
    2014     9540494 :         OldPageRqstPtr = pg_atomic_read_u64(&XLogCtl->xlblocks[nextidx]);
    2015     9540494 :         if (LogwrtResult.Write < OldPageRqstPtr)
    2016             :         {
    2017             :             /*
    2018             :              * Nope, got work to do. If we just want to pre-initialize as much
    2019             :              * as we can without flushing, give up now.
    2020             :              */
    2021     4653130 :             if (opportunistic)
    2022        9516 :                 break;
    2023             : 
    2024             :             /* Advance shared memory write request position */
    2025     4643614 :             SpinLockAcquire(&XLogCtl->info_lck);
    2026     4643614 :             if (XLogCtl->LogwrtRqst.Write < OldPageRqstPtr)
    2027     1244232 :                 XLogCtl->LogwrtRqst.Write = OldPageRqstPtr;
    2028     4643614 :             SpinLockRelease(&XLogCtl->info_lck);
    2029             : 
    2030             :             /*
    2031             :              * Acquire an up-to-date LogwrtResult value and see if we still
    2032             :              * need to write it or if someone else already did.
    2033             :              */
    2034     4643614 :             RefreshXLogWriteResult(LogwrtResult);
    2035     4643614 :             if (LogwrtResult.Write < OldPageRqstPtr)
    2036             :             {
    2037             :                 /*
    2038             :                  * Must acquire write lock. Release WALBufMappingLock first,
    2039             :                  * to make sure that all insertions that we need to wait for
    2040             :                  * can finish (up to this same position). Otherwise we risk
    2041             :                  * deadlock.
    2042             :                  */
    2043     4512420 :                 LWLockRelease(WALBufMappingLock);
    2044             : 
    2045     4512420 :                 WaitXLogInsertionsToFinish(OldPageRqstPtr);
    2046             : 
    2047     4512420 :                 LWLockAcquire(WALWriteLock, LW_EXCLUSIVE);
    2048             : 
    2049     4512420 :                 RefreshXLogWriteResult(LogwrtResult);
    2050     4512420 :                 if (LogwrtResult.Write >= OldPageRqstPtr)
    2051             :                 {
    2052             :                     /* OK, someone wrote it already */
    2053      566598 :                     LWLockRelease(WALWriteLock);
    2054             :                 }
    2055             :                 else
    2056             :                 {
    2057             :                     /* Have to write it ourselves */
    2058             :                     TRACE_POSTGRESQL_WAL_BUFFER_WRITE_DIRTY_START();
    2059     3945822 :                     WriteRqst.Write = OldPageRqstPtr;
    2060     3945822 :                     WriteRqst.Flush = 0;
    2061     3945822 :                     XLogWrite(WriteRqst, tli, false);
    2062     3945822 :                     LWLockRelease(WALWriteLock);
    2063     3945822 :                     pgWalUsage.wal_buffers_full++;
    2064             :                     TRACE_POSTGRESQL_WAL_BUFFER_WRITE_DIRTY_DONE();
    2065             : 
    2066             :                     /*
    2067             :                      * Required for the flush of pending stats WAL data, per
    2068             :                      * update of pgWalUsage.
    2069             :                      */
    2070     3945822 :                     pgstat_report_fixed = true;
    2071             :                 }
    2072             :                 /* Re-acquire WALBufMappingLock and retry */
    2073     4512420 :                 LWLockAcquire(WALBufMappingLock, LW_EXCLUSIVE);
    2074     4512420 :                 continue;
    2075             :             }
    2076             :         }
    2077             : 
    2078             :         /*
    2079             :          * Now the next buffer slot is free and we can set it up to be the
    2080             :          * next output page.
    2081             :          */
    2082     5018558 :         NewPageBeginPtr = XLogCtl->InitializedUpTo;
    2083     5018558 :         NewPageEndPtr = NewPageBeginPtr + XLOG_BLCKSZ;
    2084             : 
    2085             :         Assert(XLogRecPtrToBufIdx(NewPageBeginPtr) == nextidx);
    2086             : 
    2087     5018558 :         NewPage = (XLogPageHeader) (XLogCtl->pages + nextidx * (Size) XLOG_BLCKSZ);
    2088             : 
    2089             :         /*
    2090             :          * Mark the xlblock with InvalidXLogRecPtr and issue a write barrier
    2091             :          * before initializing. Otherwise, the old page may be partially
    2092             :          * zeroed but look valid.
    2093             :          */
    2094     5018558 :         pg_atomic_write_u64(&XLogCtl->xlblocks[nextidx], InvalidXLogRecPtr);
    2095     5018558 :         pg_write_barrier();
    2096             : 
    2097             :         /*
    2098             :          * Be sure to re-zero the buffer so that bytes beyond what we've
    2099             :          * written will look like zeroes and not valid XLOG records...
    2100             :          */
    2101     5018558 :         MemSet(NewPage, 0, XLOG_BLCKSZ);
    2102             : 
    2103             :         /*
    2104             :          * Fill the new page's header
    2105             :          */
    2106     5018558 :         NewPage->xlp_magic = XLOG_PAGE_MAGIC;
    2107             : 
    2108             :         /* NewPage->xlp_info = 0; */ /* done by memset */
    2109     5018558 :         NewPage->xlp_tli = tli;
    2110     5018558 :         NewPage->xlp_pageaddr = NewPageBeginPtr;
    2111             : 
    2112             :         /* NewPage->xlp_rem_len = 0; */  /* done by memset */
    2113             : 
    2114             :         /*
    2115             :          * If online backup is not in progress, mark the header to indicate
    2116             :          * that WAL records beginning in this page have removable backup
    2117             :          * blocks.  This allows the WAL archiver to know whether it is safe to
    2118             :          * compress archived WAL data by transforming full-block records into
    2119             :          * the non-full-block format.  It is sufficient to record this at the
    2120             :          * page level because we force a page switch (in fact a segment
    2121             :          * switch) when starting a backup, so the flag will be off before any
    2122             :          * records can be written during the backup.  At the end of a backup,
    2123             :          * the last page will be marked as all unsafe when perhaps only part
    2124             :          * is unsafe, but at worst the archiver would miss the opportunity to
    2125             :          * compress a few records.
    2126             :          */
    2127     5018558 :         if (Insert->runningBackups == 0)
    2128     4760184 :             NewPage->xlp_info |= XLP_BKP_REMOVABLE;
    2129             : 
    2130             :         /*
    2131             :          * If first page of an XLOG segment file, make it a long header.
    2132             :          */
    2133     5018558 :         if ((XLogSegmentOffset(NewPage->xlp_pageaddr, wal_segment_size)) == 0)
    2134             :         {
    2135        3582 :             XLogLongPageHeader NewLongPage = (XLogLongPageHeader) NewPage;
    2136             : 
    2137        3582 :             NewLongPage->xlp_sysid = ControlFile->system_identifier;
    2138        3582 :             NewLongPage->xlp_seg_size = wal_segment_size;
    2139        3582 :             NewLongPage->xlp_xlog_blcksz = XLOG_BLCKSZ;
    2140        3582 :             NewPage->xlp_info |= XLP_LONG_HEADER;
    2141             :         }
    2142             : 
    2143             :         /*
    2144             :          * Make sure the initialization of the page becomes visible to others
    2145             :          * before the xlblocks update. GetXLogBuffer() reads xlblocks without
    2146             :          * holding a lock.
    2147             :          */
    2148     5018558 :         pg_write_barrier();
    2149             : 
    2150     5018558 :         pg_atomic_write_u64(&XLogCtl->xlblocks[nextidx], NewPageEndPtr);
    2151     5018558 :         XLogCtl->InitializedUpTo = NewPageEndPtr;
    2152             : 
    2153     5018558 :         npages++;
    2154             :     }
    2155     5219708 :     LWLockRelease(WALBufMappingLock);
    2156             : 
    2157             : #ifdef WAL_DEBUG
    2158             :     if (XLOG_DEBUG && npages > 0)
    2159             :     {
    2160             :         elog(DEBUG1, "initialized %d pages, up to %X/%08X",
    2161             :              npages, LSN_FORMAT_ARGS(NewPageEndPtr));
    2162             :     }
    2163             : #endif
    2164     5219708 : }
    2165             : 
    2166             : /*
    2167             :  * Calculate CheckPointSegments based on max_wal_size_mb and
    2168             :  * checkpoint_completion_target.
    2169             :  */
    2170             : static void
    2171       15390 : CalculateCheckpointSegments(void)
    2172             : {
    2173             :     double      target;
    2174             : 
    2175             :     /*-------
    2176             :      * Calculate the distance at which to trigger a checkpoint, to avoid
    2177             :      * exceeding max_wal_size_mb. This is based on two assumptions:
    2178             :      *
    2179             :      * a) we keep WAL for only one checkpoint cycle (prior to PG11 we kept
    2180             :      *    WAL for two checkpoint cycles to allow us to recover from the
    2181             :      *    secondary checkpoint if the first checkpoint failed, though we
    2182             :      *    only did this on the primary anyway, not on standby. Keeping just
    2183             :      *    one checkpoint simplifies processing and reduces disk space in
    2184             :      *    many smaller databases.)
    2185             :      * b) during checkpoint, we consume checkpoint_completion_target *
    2186             :      *    number of segments consumed between checkpoints.
    2187             :      *-------
    2188             :      */
    2189       15390 :     target = (double) ConvertToXSegs(max_wal_size_mb, wal_segment_size) /
    2190       15390 :         (1.0 + CheckPointCompletionTarget);
    2191             : 
    2192             :     /* round down */
    2193       15390 :     CheckPointSegments = (int) target;
    2194             : 
    2195       15390 :     if (CheckPointSegments < 1)
    2196          20 :         CheckPointSegments = 1;
    2197       15390 : }
    2198             : 
    2199             : void
    2200       11150 : assign_max_wal_size(int newval, void *extra)
    2201             : {
    2202       11150 :     max_wal_size_mb = newval;
    2203       11150 :     CalculateCheckpointSegments();
    2204       11150 : }
    2205             : 
    2206             : void
    2207        2250 : assign_checkpoint_completion_target(double newval, void *extra)
    2208             : {
    2209        2250 :     CheckPointCompletionTarget = newval;
    2210        2250 :     CalculateCheckpointSegments();
    2211        2250 : }
    2212             : 
    2213             : bool
    2214        4342 : check_wal_segment_size(int *newval, void **extra, GucSource source)
    2215             : {
    2216        4342 :     if (!IsValidWalSegSize(*newval))
    2217             :     {
    2218           0 :         GUC_check_errdetail("The WAL segment size must be a power of two between 1 MB and 1 GB.");
    2219           0 :         return false;
    2220             :     }
    2221             : 
    2222        4342 :     return true;
    2223             : }
    2224             : 
    2225             : /*
    2226             :  * At a checkpoint, how many WAL segments to recycle as preallocated future
    2227             :  * XLOG segments? Returns the highest segment that should be preallocated.
    2228             :  */
    2229             : static XLogSegNo
    2230        3422 : XLOGfileslop(XLogRecPtr lastredoptr)
    2231             : {
    2232             :     XLogSegNo   minSegNo;
    2233             :     XLogSegNo   maxSegNo;
    2234             :     double      distance;
    2235             :     XLogSegNo   recycleSegNo;
    2236             : 
    2237             :     /*
    2238             :      * Calculate the segment numbers that min_wal_size_mb and max_wal_size_mb
    2239             :      * correspond to. Always recycle enough segments to meet the minimum, and
    2240             :      * remove enough segments to stay below the maximum.
    2241             :      */
    2242        3422 :     minSegNo = lastredoptr / wal_segment_size +
    2243        3422 :         ConvertToXSegs(min_wal_size_mb, wal_segment_size) - 1;
    2244        3422 :     maxSegNo = lastredoptr / wal_segment_size +
    2245        3422 :         ConvertToXSegs(max_wal_size_mb, wal_segment_size) - 1;
    2246             : 
    2247             :     /*
    2248             :      * Between those limits, recycle enough segments to get us through to the
    2249             :      * estimated end of next checkpoint.
    2250             :      *
    2251             :      * To estimate where the next checkpoint will finish, assume that the
    2252             :      * system runs steadily consuming CheckPointDistanceEstimate bytes between
    2253             :      * every checkpoint.
    2254             :      */
    2255        3422 :     distance = (1.0 + CheckPointCompletionTarget) * CheckPointDistanceEstimate;
    2256             :     /* add 10% for good measure. */
    2257        3422 :     distance *= 1.10;
    2258             : 
    2259        3422 :     recycleSegNo = (XLogSegNo) ceil(((double) lastredoptr + distance) /
    2260             :                                     wal_segment_size);
    2261             : 
    2262        3422 :     if (recycleSegNo < minSegNo)
    2263        2434 :         recycleSegNo = minSegNo;
    2264        3422 :     if (recycleSegNo > maxSegNo)
    2265         768 :         recycleSegNo = maxSegNo;
    2266             : 
    2267        3422 :     return recycleSegNo;
    2268             : }
    2269             : 
    2270             : /*
    2271             :  * Check whether we've consumed enough xlog space that a checkpoint is needed.
    2272             :  *
    2273             :  * new_segno indicates a log file that has just been filled up (or read
    2274             :  * during recovery). We measure the distance from RedoRecPtr to new_segno
    2275             :  * and see if that exceeds CheckPointSegments.
    2276             :  *
    2277             :  * Note: it is caller's responsibility that RedoRecPtr is up-to-date.
    2278             :  */
    2279             : bool
    2280       10288 : XLogCheckpointNeeded(XLogSegNo new_segno)
    2281             : {
    2282             :     XLogSegNo   old_segno;
    2283             : 
    2284       10288 :     XLByteToSeg(RedoRecPtr, old_segno, wal_segment_size);
    2285             : 
    2286       10288 :     if (new_segno >= old_segno + (uint64) (CheckPointSegments - 1))
    2287        6704 :         return true;
    2288        3584 :     return false;
    2289             : }
    2290             : 
    2291             : /*
    2292             :  * Write and/or fsync the log at least as far as WriteRqst indicates.
    2293             :  *
    2294             :  * If flexible == true, we don't have to write as far as WriteRqst, but
    2295             :  * may stop at any convenient boundary (such as a cache or logfile boundary).
    2296             :  * This option allows us to avoid uselessly issuing multiple writes when a
    2297             :  * single one would do.
    2298             :  *
    2299             :  * Must be called with WALWriteLock held. WaitXLogInsertionsToFinish(WriteRqst)
    2300             :  * must be called before grabbing the lock, to make sure the data is ready to
    2301             :  * write.
    2302             :  */
    2303             : static void
    2304     4204164 : XLogWrite(XLogwrtRqst WriteRqst, TimeLineID tli, bool flexible)
    2305             : {
    2306             :     bool        ispartialpage;
    2307             :     bool        last_iteration;
    2308             :     bool        finishing_seg;
    2309             :     int         curridx;
    2310             :     int         npages;
    2311             :     int         startidx;
    2312             :     uint32      startoffset;
    2313             : 
    2314             :     /* We should always be inside a critical section here */
    2315             :     Assert(CritSectionCount > 0);
    2316             : 
    2317             :     /*
    2318             :      * Update local LogwrtResult (caller probably did this already, but...)
    2319             :      */
    2320     4204164 :     RefreshXLogWriteResult(LogwrtResult);
    2321             : 
    2322             :     /*
    2323             :      * Since successive pages in the xlog cache are consecutively allocated,
    2324             :      * we can usually gather multiple pages together and issue just one
    2325             :      * write() call.  npages is the number of pages we have determined can be
    2326             :      * written together; startidx is the cache block index of the first one,
    2327             :      * and startoffset is the file offset at which it should go. The latter
    2328             :      * two variables are only valid when npages > 0, but we must initialize
    2329             :      * all of them to keep the compiler quiet.
    2330             :      */
    2331     4204164 :     npages = 0;
    2332     4204164 :     startidx = 0;
    2333     4204164 :     startoffset = 0;
    2334             : 
    2335             :     /*
    2336             :      * Within the loop, curridx is the cache block index of the page to
    2337             :      * consider writing.  Begin at the buffer containing the next unwritten
    2338             :      * page, or last partially written page.
    2339             :      */
    2340     4204164 :     curridx = XLogRecPtrToBufIdx(LogwrtResult.Write);
    2341             : 
    2342     9125348 :     while (LogwrtResult.Write < WriteRqst.Write)
    2343             :     {
    2344             :         /*
    2345             :          * Make sure we're not ahead of the insert process.  This could happen
    2346             :          * if we're passed a bogus WriteRqst.Write that is past the end of the
    2347             :          * last page that's been initialized by AdvanceXLInsertBuffer.
    2348             :          */
    2349     5168748 :         XLogRecPtr  EndPtr = pg_atomic_read_u64(&XLogCtl->xlblocks[curridx]);
    2350             : 
    2351     5168748 :         if (LogwrtResult.Write >= EndPtr)
    2352           0 :             elog(PANIC, "xlog write request %X/%08X is past end of log %X/%08X",
    2353             :                  LSN_FORMAT_ARGS(LogwrtResult.Write),
    2354             :                  LSN_FORMAT_ARGS(EndPtr));
    2355             : 
    2356             :         /* Advance LogwrtResult.Write to end of current buffer page */
    2357     5168748 :         LogwrtResult.Write = EndPtr;
    2358     5168748 :         ispartialpage = WriteRqst.Write < LogwrtResult.Write;
    2359             : 
    2360     5168748 :         if (!XLByteInPrevSeg(LogwrtResult.Write, openLogSegNo,
    2361             :                              wal_segment_size))
    2362             :         {
    2363             :             /*
    2364             :              * Switch to new logfile segment.  We cannot have any pending
    2365             :              * pages here (since we dump what we have at segment end).
    2366             :              */
    2367             :             Assert(npages == 0);
    2368       26290 :             if (openLogFile >= 0)
    2369       11840 :                 XLogFileClose();
    2370       26290 :             XLByteToPrevSeg(LogwrtResult.Write, openLogSegNo,
    2371             :                             wal_segment_size);
    2372       26290 :             openLogTLI = tli;
    2373             : 
    2374             :             /* create/use new log file */
    2375       26290 :             openLogFile = XLogFileInit(openLogSegNo, tli);
    2376       26290 :             ReserveExternalFD();
    2377             :         }
    2378             : 
    2379             :         /* Make sure we have the current logfile open */
    2380     5168748 :         if (openLogFile < 0)
    2381             :         {
    2382           0 :             XLByteToPrevSeg(LogwrtResult.Write, openLogSegNo,
    2383             :                             wal_segment_size);
    2384           0 :             openLogTLI = tli;
    2385           0 :             openLogFile = XLogFileOpen(openLogSegNo, tli);
    2386           0 :             ReserveExternalFD();
    2387             :         }
    2388             : 
    2389             :         /* Add current page to the set of pending pages-to-dump */
    2390     5168748 :         if (npages == 0)
    2391             :         {
    2392             :             /* first of group */
    2393     4231278 :             startidx = curridx;
    2394     4231278 :             startoffset = XLogSegmentOffset(LogwrtResult.Write - XLOG_BLCKSZ,
    2395             :                                             wal_segment_size);
    2396             :         }
    2397     5168748 :         npages++;
    2398             : 
    2399             :         /*
    2400             :          * Dump the set if this will be the last loop iteration, or if we are
    2401             :          * at the last page of the cache area (since the next page won't be
    2402             :          * contiguous in memory), or if we are at the end of the logfile
    2403             :          * segment.
    2404             :          */
    2405     5168748 :         last_iteration = WriteRqst.Write <= LogwrtResult.Write;
    2406             : 
    2407    10097178 :         finishing_seg = !ispartialpage &&
    2408     4928430 :             (startoffset + npages * XLOG_BLCKSZ) >= wal_segment_size;
    2409             : 
    2410     5168748 :         if (last_iteration ||
    2411      967866 :             curridx == XLogCtl->XLogCacheBlck ||
    2412             :             finishing_seg)
    2413             :         {
    2414             :             char       *from;
    2415             :             Size        nbytes;
    2416             :             Size        nleft;
    2417             :             ssize_t     written;
    2418             :             instr_time  start;
    2419             : 
    2420             :             /* OK to write the page(s) */
    2421     4231278 :             from = XLogCtl->pages + startidx * (Size) XLOG_BLCKSZ;
    2422     4231278 :             nbytes = npages * (Size) XLOG_BLCKSZ;
    2423     4231278 :             nleft = nbytes;
    2424             :             do
    2425             :             {
    2426     4231278 :                 errno = 0;
    2427             : 
    2428             :                 /*
    2429             :                  * Measure I/O timing to write WAL data, for pg_stat_io.
    2430             :                  */
    2431     4231278 :                 start = pgstat_prepare_io_time(track_wal_io_timing);
    2432             : 
    2433     4231278 :                 pgstat_report_wait_start(WAIT_EVENT_WAL_WRITE);
    2434     4231278 :                 written = pg_pwrite(openLogFile, from, nleft, startoffset);
    2435     4231278 :                 pgstat_report_wait_end();
    2436             : 
    2437     4231278 :                 pgstat_count_io_op_time(IOOBJECT_WAL, IOCONTEXT_NORMAL,
    2438             :                                         IOOP_WRITE, start, 1, written);
    2439             : 
    2440     4231278 :                 if (written <= 0)
    2441             :                 {
    2442             :                     char        xlogfname[MAXFNAMELEN];
    2443             :                     int         save_errno;
    2444             : 
    2445           0 :                     if (errno == EINTR)
    2446           0 :                         continue;
    2447             : 
    2448           0 :                     save_errno = errno;
    2449           0 :                     XLogFileName(xlogfname, tli, openLogSegNo,
    2450             :                                  wal_segment_size);
    2451           0 :                     errno = save_errno;
    2452           0 :                     ereport(PANIC,
    2453             :                             (errcode_for_file_access(),
    2454             :                              errmsg("could not write to log file \"%s\" at offset %u, length %zu: %m",
    2455             :                                     xlogfname, startoffset, nleft)));
    2456             :                 }
    2457     4231278 :                 nleft -= written;
    2458     4231278 :                 from += written;
    2459     4231278 :                 startoffset += written;
    2460     4231278 :             } while (nleft > 0);
    2461             : 
    2462     4231278 :             npages = 0;
    2463             : 
    2464             :             /*
    2465             :              * If we just wrote the whole last page of a logfile segment,
    2466             :              * fsync the segment immediately.  This avoids having to go back
    2467             :              * and re-open prior segments when an fsync request comes along
    2468             :              * later. Doing it here ensures that one and only one backend will
    2469             :              * perform this fsync.
    2470             :              *
    2471             :              * This is also the right place to notify the Archiver that the
    2472             :              * segment is ready to copy to archival storage, and to update the
    2473             :              * timer for archive_timeout, and to signal for a checkpoint if
    2474             :              * too many logfile segments have been used since the last
    2475             :              * checkpoint.
    2476             :              */
    2477     4231278 :             if (finishing_seg)
    2478             :             {
    2479        3824 :                 issue_xlog_fsync(openLogFile, openLogSegNo, tli);
    2480             : 
    2481             :                 /* signal that we need to wakeup walsenders later */
    2482        3824 :                 WalSndWakeupRequest();
    2483             : 
    2484        3824 :                 LogwrtResult.Flush = LogwrtResult.Write;    /* end of page */
    2485             : 
    2486        3824 :                 if (XLogArchivingActive())
    2487         812 :                     XLogArchiveNotifySeg(openLogSegNo, tli);
    2488             : 
    2489        3824 :                 XLogCtl->lastSegSwitchTime = (pg_time_t) time(NULL);
    2490        3824 :                 XLogCtl->lastSegSwitchLSN = LogwrtResult.Flush;
    2491             : 
    2492             :                 /*
    2493             :                  * Request a checkpoint if we've consumed too much xlog since
    2494             :                  * the last one.  For speed, we first check using the local
    2495             :                  * copy of RedoRecPtr, which might be out of date; if it looks
    2496             :                  * like a checkpoint is needed, forcibly update RedoRecPtr and
    2497             :                  * recheck.
    2498             :                  */
    2499        3824 :                 if (IsUnderPostmaster && XLogCheckpointNeeded(openLogSegNo))
    2500             :                 {
    2501         482 :                     (void) GetRedoRecPtr();
    2502         482 :                     if (XLogCheckpointNeeded(openLogSegNo))
    2503         390 :                         RequestCheckpoint(CHECKPOINT_CAUSE_XLOG);
    2504             :                 }
    2505             :             }
    2506             :         }
    2507             : 
    2508     5168748 :         if (ispartialpage)
    2509             :         {
    2510             :             /* Only asked to write a partial page */
    2511      240318 :             LogwrtResult.Write = WriteRqst.Write;
    2512      240318 :             break;
    2513             :         }
    2514     4928430 :         curridx = NextBufIdx(curridx);
    2515             : 
    2516             :         /* If flexible, break out of loop as soon as we wrote something */
    2517     4928430 :         if (flexible && npages == 0)
    2518        7246 :             break;
    2519             :     }
    2520             : 
    2521             :     Assert(npages == 0);
    2522             : 
    2523             :     /*
    2524             :      * If asked to flush, do so
    2525             :      */
    2526     4204164 :     if (LogwrtResult.Flush < WriteRqst.Flush &&
    2527      256860 :         LogwrtResult.Flush < LogwrtResult.Write)
    2528             :     {
    2529             :         /*
    2530             :          * Could get here without iterating above loop, in which case we might
    2531             :          * have no open file or the wrong one.  However, we do not need to
    2532             :          * fsync more than one file.
    2533             :          */
    2534      256736 :         if (wal_sync_method != WAL_SYNC_METHOD_OPEN &&
    2535      256736 :             wal_sync_method != WAL_SYNC_METHOD_OPEN_DSYNC)
    2536             :         {
    2537      256736 :             if (openLogFile >= 0 &&
    2538      256708 :                 !XLByteInPrevSeg(LogwrtResult.Write, openLogSegNo,
    2539             :                                  wal_segment_size))
    2540         310 :                 XLogFileClose();
    2541      256736 :             if (openLogFile < 0)
    2542             :             {
    2543         338 :                 XLByteToPrevSeg(LogwrtResult.Write, openLogSegNo,
    2544             :                                 wal_segment_size);
    2545         338 :                 openLogTLI = tli;
    2546         338 :                 openLogFile = XLogFileOpen(openLogSegNo, tli);
    2547         338 :                 ReserveExternalFD();
    2548             :             }
    2549             : 
    2550      256736 :             issue_xlog_fsync(openLogFile, openLogSegNo, tli);
    2551             :         }
    2552             : 
    2553             :         /* signal that we need to wakeup walsenders later */
    2554      256736 :         WalSndWakeupRequest();
    2555             : 
    2556      256736 :         LogwrtResult.Flush = LogwrtResult.Write;
    2557             :     }
    2558             : 
    2559             :     /*
    2560             :      * Update shared-memory status
    2561             :      *
    2562             :      * We make sure that the shared 'request' values do not fall behind the
    2563             :      * 'result' values.  This is not absolutely essential, but it saves some
    2564             :      * code in a couple of places.
    2565             :      */
    2566     4204164 :     SpinLockAcquire(&XLogCtl->info_lck);
    2567     4204164 :     if (XLogCtl->LogwrtRqst.Write < LogwrtResult.Write)
    2568      222260 :         XLogCtl->LogwrtRqst.Write = LogwrtResult.Write;
    2569     4204164 :     if (XLogCtl->LogwrtRqst.Flush < LogwrtResult.Flush)
    2570      259760 :         XLogCtl->LogwrtRqst.Flush = LogwrtResult.Flush;
    2571     4204164 :     SpinLockRelease(&XLogCtl->info_lck);
    2572             : 
    2573             :     /*
    2574             :      * We write Write first, bar, then Flush.  When reading, the opposite must
    2575             :      * be done (with a matching barrier in between), so that we always see a
    2576             :      * Flush value that trails behind the Write value seen.
    2577             :      */
    2578     4204164 :     pg_atomic_write_u64(&XLogCtl->logWriteResult, LogwrtResult.Write);
    2579     4204164 :     pg_write_barrier();
    2580     4204164 :     pg_atomic_write_u64(&XLogCtl->logFlushResult, LogwrtResult.Flush);
    2581             : 
    2582             : #ifdef USE_ASSERT_CHECKING
    2583             :     {
    2584             :         XLogRecPtr  Flush;
    2585             :         XLogRecPtr  Write;
    2586             :         XLogRecPtr  Insert;
    2587             : 
    2588             :         Flush = pg_atomic_read_u64(&XLogCtl->logFlushResult);
    2589             :         pg_read_barrier();
    2590             :         Write = pg_atomic_read_u64(&XLogCtl->logWriteResult);
    2591             :         pg_read_barrier();
    2592             :         Insert = pg_atomic_read_u64(&XLogCtl->logInsertResult);
    2593             : 
    2594             :         /* WAL written to disk is always ahead of WAL flushed */
    2595             :         Assert(Write >= Flush);
    2596             : 
    2597             :         /* WAL inserted to buffers is always ahead of WAL written */
    2598             :         Assert(Insert >= Write);
    2599             :     }
    2600             : #endif
    2601     4204164 : }
    2602             : 
    2603             : /*
    2604             :  * Record the LSN for an asynchronous transaction commit/abort
    2605             :  * and nudge the WALWriter if there is work for it to do.
    2606             :  * (This should not be called for synchronous commits.)
    2607             :  */
    2608             : void
    2609       94292 : XLogSetAsyncXactLSN(XLogRecPtr asyncXactLSN)
    2610             : {
    2611       94292 :     XLogRecPtr  WriteRqstPtr = asyncXactLSN;
    2612             :     bool        sleeping;
    2613       94292 :     bool        wakeup = false;
    2614             :     XLogRecPtr  prevAsyncXactLSN;
    2615             : 
    2616       94292 :     SpinLockAcquire(&XLogCtl->info_lck);
    2617       94292 :     sleeping = XLogCtl->WalWriterSleeping;
    2618       94292 :     prevAsyncXactLSN = XLogCtl->asyncXactLSN;
    2619       94292 :     if (XLogCtl->asyncXactLSN < asyncXactLSN)
    2620       93380 :         XLogCtl->asyncXactLSN = asyncXactLSN;
    2621       94292 :     SpinLockRelease(&XLogCtl->info_lck);
    2622             : 
    2623             :     /*
    2624             :      * If somebody else already called this function with a more aggressive
    2625             :      * LSN, they will have done what we needed (and perhaps more).
    2626             :      */
    2627       94292 :     if (asyncXactLSN <= prevAsyncXactLSN)
    2628         912 :         return;
    2629             : 
    2630             :     /*
    2631             :      * If the WALWriter is sleeping, kick it to make it come out of low-power
    2632             :      * mode, so that this async commit will reach disk within the expected
    2633             :      * amount of time.  Otherwise, determine whether it has enough WAL
    2634             :      * available to flush, the same way that XLogBackgroundFlush() does.
    2635             :      */
    2636       93380 :     if (sleeping)
    2637          48 :         wakeup = true;
    2638             :     else
    2639             :     {
    2640             :         int         flushblocks;
    2641             : 
    2642       93332 :         RefreshXLogWriteResult(LogwrtResult);
    2643             : 
    2644       93332 :         flushblocks =
    2645       93332 :             WriteRqstPtr / XLOG_BLCKSZ - LogwrtResult.Flush / XLOG_BLCKSZ;
    2646             : 
    2647       93332 :         if (WalWriterFlushAfter == 0 || flushblocks >= WalWriterFlushAfter)
    2648        7442 :             wakeup = true;
    2649             :     }
    2650             : 
    2651       93380 :     if (wakeup)
    2652             :     {
    2653        7490 :         volatile PROC_HDR *procglobal = ProcGlobal;
    2654        7490 :         ProcNumber  walwriterProc = procglobal->walwriterProc;
    2655             : 
    2656        7490 :         if (walwriterProc != INVALID_PROC_NUMBER)
    2657         434 :             SetLatch(&GetPGProcByNumber(walwriterProc)->procLatch);
    2658             :     }
    2659             : }
    2660             : 
    2661             : /*
    2662             :  * Record the LSN up to which we can remove WAL because it's not required by
    2663             :  * any replication slot.
    2664             :  */
    2665             : void
    2666       57244 : XLogSetReplicationSlotMinimumLSN(XLogRecPtr lsn)
    2667             : {
    2668       57244 :     SpinLockAcquire(&XLogCtl->info_lck);
    2669       57244 :     XLogCtl->replicationSlotMinLSN = lsn;
    2670       57244 :     SpinLockRelease(&XLogCtl->info_lck);
    2671       57244 : }
    2672             : 
    2673             : 
    2674             : /*
    2675             :  * Return the oldest LSN we must retain to satisfy the needs of some
    2676             :  * replication slot.
    2677             :  */
    2678             : static XLogRecPtr
    2679        4400 : XLogGetReplicationSlotMinimumLSN(void)
    2680             : {
    2681             :     XLogRecPtr  retval;
    2682             : 
    2683        4400 :     SpinLockAcquire(&XLogCtl->info_lck);
    2684        4400 :     retval = XLogCtl->replicationSlotMinLSN;
    2685        4400 :     SpinLockRelease(&XLogCtl->info_lck);
    2686             : 
    2687        4400 :     return retval;
    2688             : }
    2689             : 
    2690             : /*
    2691             :  * Advance minRecoveryPoint in control file.
    2692             :  *
    2693             :  * If we crash during recovery, we must reach this point again before the
    2694             :  * database is consistent.
    2695             :  *
    2696             :  * If 'force' is true, 'lsn' argument is ignored. Otherwise, minRecoveryPoint
    2697             :  * is only updated if it's not already greater than or equal to 'lsn'.
    2698             :  */
    2699             : static void
    2700      213532 : UpdateMinRecoveryPoint(XLogRecPtr lsn, bool force)
    2701             : {
    2702             :     /* Quick check using our local copy of the variable */
    2703      213532 :     if (!updateMinRecoveryPoint || (!force && lsn <= LocalMinRecoveryPoint))
    2704      200320 :         return;
    2705             : 
    2706             :     /*
    2707             :      * An invalid minRecoveryPoint means that we need to recover all the WAL,
    2708             :      * i.e., we're doing crash recovery.  We never modify the control file's
    2709             :      * value in that case, so we can short-circuit future checks here too. The
    2710             :      * local values of minRecoveryPoint and minRecoveryPointTLI should not be
    2711             :      * updated until crash recovery finishes.  We only do this for the startup
    2712             :      * process as it should not update its own reference of minRecoveryPoint
    2713             :      * until it has finished crash recovery to make sure that all WAL
    2714             :      * available is replayed in this case.  This also saves from extra locks
    2715             :      * taken on the control file from the startup process.
    2716             :      */
    2717       13212 :     if (XLogRecPtrIsInvalid(LocalMinRecoveryPoint) && InRecovery)
    2718             :     {
    2719          62 :         updateMinRecoveryPoint = false;
    2720          62 :         return;
    2721             :     }
    2722             : 
    2723       13150 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    2724             : 
    2725             :     /* update local copy */
    2726       13150 :     LocalMinRecoveryPoint = ControlFile->minRecoveryPoint;
    2727       13150 :     LocalMinRecoveryPointTLI = ControlFile->minRecoveryPointTLI;
    2728             : 
    2729       13150 :     if (XLogRecPtrIsInvalid(LocalMinRecoveryPoint))
    2730           4 :         updateMinRecoveryPoint = false;
    2731       13146 :     else if (force || LocalMinRecoveryPoint < lsn)
    2732             :     {
    2733             :         XLogRecPtr  newMinRecoveryPoint;
    2734             :         TimeLineID  newMinRecoveryPointTLI;
    2735             : 
    2736             :         /*
    2737             :          * To avoid having to update the control file too often, we update it
    2738             :          * all the way to the last record being replayed, even though 'lsn'
    2739             :          * would suffice for correctness.  This also allows the 'force' case
    2740             :          * to not need a valid 'lsn' value.
    2741             :          *
    2742             :          * Another important reason for doing it this way is that the passed
    2743             :          * 'lsn' value could be bogus, i.e., past the end of available WAL, if
    2744             :          * the caller got it from a corrupted heap page.  Accepting such a
    2745             :          * value as the min recovery point would prevent us from coming up at
    2746             :          * all.  Instead, we just log a warning and continue with recovery.
    2747             :          * (See also the comments about corrupt LSNs in XLogFlush.)
    2748             :          */
    2749       10628 :         newMinRecoveryPoint = GetCurrentReplayRecPtr(&newMinRecoveryPointTLI);
    2750       10628 :         if (!force && newMinRecoveryPoint < lsn)
    2751           0 :             elog(WARNING,
    2752             :                  "xlog min recovery request %X/%08X is past current point %X/%08X",
    2753             :                  LSN_FORMAT_ARGS(lsn), LSN_FORMAT_ARGS(newMinRecoveryPoint));
    2754             : 
    2755             :         /* update control file */
    2756       10628 :         if (ControlFile->minRecoveryPoint < newMinRecoveryPoint)
    2757             :         {
    2758        9926 :             ControlFile->minRecoveryPoint = newMinRecoveryPoint;
    2759        9926 :             ControlFile->minRecoveryPointTLI = newMinRecoveryPointTLI;
    2760        9926 :             UpdateControlFile();
    2761        9926 :             LocalMinRecoveryPoint = newMinRecoveryPoint;
    2762        9926 :             LocalMinRecoveryPointTLI = newMinRecoveryPointTLI;
    2763             : 
    2764        9926 :             ereport(DEBUG2,
    2765             :                     errmsg_internal("updated min recovery point to %X/%08X on timeline %u",
    2766             :                                     LSN_FORMAT_ARGS(newMinRecoveryPoint),
    2767             :                                     newMinRecoveryPointTLI));
    2768             :         }
    2769             :     }
    2770       13150 :     LWLockRelease(ControlFileLock);
    2771             : }
    2772             : 
    2773             : /*
    2774             :  * Ensure that all XLOG data through the given position is flushed to disk.
    2775             :  *
    2776             :  * NOTE: this differs from XLogWrite mainly in that the WALWriteLock is not
    2777             :  * already held, and we try to avoid acquiring it if possible.
    2778             :  */
    2779             : void
    2780     1365714 : XLogFlush(XLogRecPtr record)
    2781             : {
    2782             :     XLogRecPtr  WriteRqstPtr;
    2783             :     XLogwrtRqst WriteRqst;
    2784     1365714 :     TimeLineID  insertTLI = XLogCtl->InsertTimeLineID;
    2785             : 
    2786             :     /*
    2787             :      * During REDO, we are reading not writing WAL.  Therefore, instead of
    2788             :      * trying to flush the WAL, we should update minRecoveryPoint instead. We
    2789             :      * test XLogInsertAllowed(), not InRecovery, because we need checkpointer
    2790             :      * to act this way too, and because when it tries to write the
    2791             :      * end-of-recovery checkpoint, it should indeed flush.
    2792             :      */
    2793     1365714 :     if (!XLogInsertAllowed())
    2794             :     {
    2795      212644 :         UpdateMinRecoveryPoint(record, false);
    2796     1090224 :         return;
    2797             :     }
    2798             : 
    2799             :     /* Quick exit if already known flushed */
    2800     1153070 :     if (record <= LogwrtResult.Flush)
    2801      877580 :         return;
    2802             : 
    2803             : #ifdef WAL_DEBUG
    2804             :     if (XLOG_DEBUG)
    2805             :         elog(LOG, "xlog flush request %X/%08X; write %X/%08X; flush %X/%08X",
    2806             :              LSN_FORMAT_ARGS(record),
    2807             :              LSN_FORMAT_ARGS(LogwrtResult.Write),
    2808             :              LSN_FORMAT_ARGS(LogwrtResult.Flush));
    2809             : #endif
    2810             : 
    2811      275490 :     START_CRIT_SECTION();
    2812             : 
    2813             :     /*
    2814             :      * Since fsync is usually a horribly expensive operation, we try to
    2815             :      * piggyback as much data as we can on each fsync: if we see any more data
    2816             :      * entered into the xlog buffer, we'll write and fsync that too, so that
    2817             :      * the final value of LogwrtResult.Flush is as large as possible. This
    2818             :      * gives us some chance of avoiding another fsync immediately after.
    2819             :      */
    2820             : 
    2821             :     /* initialize to given target; may increase below */
    2822      275490 :     WriteRqstPtr = record;
    2823             : 
    2824             :     /*
    2825             :      * Now wait until we get the write lock, or someone else does the flush
    2826             :      * for us.
    2827             :      */
    2828             :     for (;;)
    2829       11850 :     {
    2830             :         XLogRecPtr  insertpos;
    2831             : 
    2832             :         /* done already? */
    2833      287340 :         RefreshXLogWriteResult(LogwrtResult);
    2834      287340 :         if (record <= LogwrtResult.Flush)
    2835       21634 :             break;
    2836             : 
    2837             :         /*
    2838             :          * Before actually performing the write, wait for all in-flight
    2839             :          * insertions to the pages we're about to write to finish.
    2840             :          */
    2841      265706 :         SpinLockAcquire(&XLogCtl->info_lck);
    2842      265706 :         if (WriteRqstPtr < XLogCtl->LogwrtRqst.Write)
    2843       20504 :             WriteRqstPtr = XLogCtl->LogwrtRqst.Write;
    2844      265706 :         SpinLockRelease(&XLogCtl->info_lck);
    2845      265706 :         insertpos = WaitXLogInsertionsToFinish(WriteRqstPtr);
    2846             : 
    2847             :         /*
    2848             :          * Try to get the write lock. If we can't get it immediately, wait
    2849             :          * until it's released, and recheck if we still need to do the flush
    2850             :          * or if the backend that held the lock did it for us already. This
    2851             :          * helps to maintain a good rate of group committing when the system
    2852             :          * is bottlenecked by the speed of fsyncing.
    2853             :          */
    2854      265706 :         if (!LWLockAcquireOrWait(WALWriteLock, LW_EXCLUSIVE))
    2855             :         {
    2856             :             /*
    2857             :              * The lock is now free, but we didn't acquire it yet. Before we
    2858             :              * do, loop back to check if someone else flushed the record for
    2859             :              * us already.
    2860             :              */
    2861       11850 :             continue;
    2862             :         }
    2863             : 
    2864             :         /* Got the lock; recheck whether request is satisfied */
    2865      253856 :         RefreshXLogWriteResult(LogwrtResult);
    2866      253856 :         if (record <= LogwrtResult.Flush)
    2867             :         {
    2868        4512 :             LWLockRelease(WALWriteLock);
    2869        4512 :             break;
    2870             :         }
    2871             : 
    2872             :         /*
    2873             :          * Sleep before flush! By adding a delay here, we may give further
    2874             :          * backends the opportunity to join the backlog of group commit
    2875             :          * followers; this can significantly improve transaction throughput,
    2876             :          * at the risk of increasing transaction latency.
    2877             :          *
    2878             :          * We do not sleep if enableFsync is not turned on, nor if there are
    2879             :          * fewer than CommitSiblings other backends with active transactions.
    2880             :          */
    2881      249344 :         if (CommitDelay > 0 && enableFsync &&
    2882           0 :             MinimumActiveBackends(CommitSiblings))
    2883             :         {
    2884           0 :             pg_usleep(CommitDelay);
    2885             : 
    2886             :             /*
    2887             :              * Re-check how far we can now flush the WAL. It's generally not
    2888             :              * safe to call WaitXLogInsertionsToFinish while holding
    2889             :              * WALWriteLock, because an in-progress insertion might need to
    2890             :              * also grab WALWriteLock to make progress. But we know that all
    2891             :              * the insertions up to insertpos have already finished, because
    2892             :              * that's what the earlier WaitXLogInsertionsToFinish() returned.
    2893             :              * We're only calling it again to allow insertpos to be moved
    2894             :              * further forward, not to actually wait for anyone.
    2895             :              */
    2896           0 :             insertpos = WaitXLogInsertionsToFinish(insertpos);
    2897             :         }
    2898             : 
    2899             :         /* try to write/flush later additions to XLOG as well */
    2900      249344 :         WriteRqst.Write = insertpos;
    2901      249344 :         WriteRqst.Flush = insertpos;
    2902             : 
    2903      249344 :         XLogWrite(WriteRqst, insertTLI, false);
    2904             : 
    2905      249344 :         LWLockRelease(WALWriteLock);
    2906             :         /* done */
    2907      249344 :         break;
    2908             :     }
    2909             : 
    2910      275490 :     END_CRIT_SECTION();
    2911             : 
    2912             :     /* wake up walsenders now that we've released heavily contended locks */
    2913      275490 :     WalSndWakeupProcessRequests(true, !RecoveryInProgress());
    2914             : 
    2915             :     /*
    2916             :      * If we still haven't flushed to the request point then we have a
    2917             :      * problem; most likely, the requested flush point is past end of XLOG.
    2918             :      * This has been seen to occur when a disk page has a corrupted LSN.
    2919             :      *
    2920             :      * Formerly we treated this as a PANIC condition, but that hurts the
    2921             :      * system's robustness rather than helping it: we do not want to take down
    2922             :      * the whole system due to corruption on one data page.  In particular, if
    2923             :      * the bad page is encountered again during recovery then we would be
    2924             :      * unable to restart the database at all!  (This scenario actually
    2925             :      * happened in the field several times with 7.1 releases.)  As of 8.4, bad
    2926             :      * LSNs encountered during recovery are UpdateMinRecoveryPoint's problem;
    2927             :      * the only time we can reach here during recovery is while flushing the
    2928             :      * end-of-recovery checkpoint record, and we don't expect that to have a
    2929             :      * bad LSN.
    2930             :      *
    2931             :      * Note that for calls from xact.c, the ERROR will be promoted to PANIC
    2932             :      * since xact.c calls this routine inside a critical section.  However,
    2933             :      * calls from bufmgr.c are not within critical sections and so we will not
    2934             :      * force a restart for a bad LSN on a data page.
    2935             :      */
    2936      275490 :     if (LogwrtResult.Flush < record)
    2937           0 :         elog(ERROR,
    2938             :              "xlog flush request %X/%08X is not satisfied --- flushed only to %X/%08X",
    2939             :              LSN_FORMAT_ARGS(record),
    2940             :              LSN_FORMAT_ARGS(LogwrtResult.Flush));
    2941             : }
    2942             : 
    2943             : /*
    2944             :  * Write & flush xlog, but without specifying exactly where to.
    2945             :  *
    2946             :  * We normally write only completed blocks; but if there is nothing to do on
    2947             :  * that basis, we check for unwritten async commits in the current incomplete
    2948             :  * block, and write through the latest one of those.  Thus, if async commits
    2949             :  * are not being used, we will write complete blocks only.
    2950             :  *
    2951             :  * If, based on the above, there's anything to write we do so immediately. But
    2952             :  * to avoid calling fsync, fdatasync et. al. at a rate that'd impact
    2953             :  * concurrent IO, we only flush WAL every wal_writer_delay ms, or if there's
    2954             :  * more than wal_writer_flush_after unflushed blocks.
    2955             :  *
    2956             :  * We can guarantee that async commits reach disk after at most three
    2957             :  * wal_writer_delay cycles. (When flushing complete blocks, we allow XLogWrite
    2958             :  * to write "flexibly", meaning it can stop at the end of the buffer ring;
    2959             :  * this makes a difference only with very high load or long wal_writer_delay,
    2960             :  * but imposes one extra cycle for the worst case for async commits.)
    2961             :  *
    2962             :  * This routine is invoked periodically by the background walwriter process.
    2963             :  *
    2964             :  * Returns true if there was any work to do, even if we skipped flushing due
    2965             :  * to wal_writer_delay/wal_writer_flush_after.
    2966             :  */
    2967             : bool
    2968       32626 : XLogBackgroundFlush(void)
    2969             : {
    2970             :     XLogwrtRqst WriteRqst;
    2971       32626 :     bool        flexible = true;
    2972             :     static TimestampTz lastflush;
    2973             :     TimestampTz now;
    2974             :     int         flushblocks;
    2975             :     TimeLineID  insertTLI;
    2976             : 
    2977             :     /* XLOG doesn't need flushing during recovery */
    2978       32626 :     if (RecoveryInProgress())
    2979         496 :         return false;
    2980             : 
    2981             :     /*
    2982             :      * Since we're not in recovery, InsertTimeLineID is set and can't change,
    2983             :      * so we can read it without a lock.
    2984             :      */
    2985       32130 :     insertTLI = XLogCtl->InsertTimeLineID;
    2986             : 
    2987             :     /* read updated LogwrtRqst */
    2988       32130 :     SpinLockAcquire(&XLogCtl->info_lck);
    2989       32130 :     WriteRqst = XLogCtl->LogwrtRqst;
    2990       32130 :     SpinLockRelease(&XLogCtl->info_lck);
    2991             : 
    2992             :     /* back off to last completed page boundary */
    2993       32130 :     WriteRqst.Write -= WriteRqst.Write % XLOG_BLCKSZ;
    2994             : 
    2995             :     /* if we have already flushed that far, consider async commit records */
    2996       32130 :     RefreshXLogWriteResult(LogwrtResult);
    2997       32130 :     if (WriteRqst.Write <= LogwrtResult.Flush)
    2998             :     {
    2999       24046 :         SpinLockAcquire(&XLogCtl->info_lck);
    3000       24046 :         WriteRqst.Write = XLogCtl->asyncXactLSN;
    3001       24046 :         SpinLockRelease(&XLogCtl->info_lck);
    3002       24046 :         flexible = false;       /* ensure it all gets written */
    3003             :     }
    3004             : 
    3005             :     /*
    3006             :      * If already known flushed, we're done. Just need to check if we are
    3007             :      * holding an open file handle to a logfile that's no longer in use,
    3008             :      * preventing the file from being deleted.
    3009             :      */
    3010       32130 :     if (WriteRqst.Write <= LogwrtResult.Flush)
    3011             :     {
    3012       22614 :         if (openLogFile >= 0)
    3013             :         {
    3014       16218 :             if (!XLByteInPrevSeg(LogwrtResult.Write, openLogSegNo,
    3015             :                                  wal_segment_size))
    3016             :             {
    3017         258 :                 XLogFileClose();
    3018             :             }
    3019             :         }
    3020       22614 :         return false;
    3021             :     }
    3022             : 
    3023             :     /*
    3024             :      * Determine how far to flush WAL, based on the wal_writer_delay and
    3025             :      * wal_writer_flush_after GUCs.
    3026             :      *
    3027             :      * Note that XLogSetAsyncXactLSN() performs similar calculation based on
    3028             :      * wal_writer_flush_after, to decide when to wake us up.  Make sure the
    3029             :      * logic is the same in both places if you change this.
    3030             :      */
    3031        9516 :     now = GetCurrentTimestamp();
    3032        9516 :     flushblocks =
    3033        9516 :         WriteRqst.Write / XLOG_BLCKSZ - LogwrtResult.Flush / XLOG_BLCKSZ;
    3034             : 
    3035        9516 :     if (WalWriterFlushAfter == 0 || lastflush == 0)
    3036             :     {
    3037             :         /* first call, or block based limits disabled */
    3038         500 :         WriteRqst.Flush = WriteRqst.Write;
    3039         500 :         lastflush = now;
    3040             :     }
    3041        9016 :     else if (TimestampDifferenceExceeds(lastflush, now, WalWriterDelay))
    3042             :     {
    3043             :         /*
    3044             :          * Flush the writes at least every WalWriterDelay ms. This is
    3045             :          * important to bound the amount of time it takes for an asynchronous
    3046             :          * commit to hit disk.
    3047             :          */
    3048        8726 :         WriteRqst.Flush = WriteRqst.Write;
    3049        8726 :         lastflush = now;
    3050             :     }
    3051         290 :     else if (flushblocks >= WalWriterFlushAfter)
    3052             :     {
    3053             :         /* exceeded wal_writer_flush_after blocks, flush */
    3054         254 :         WriteRqst.Flush = WriteRqst.Write;
    3055         254 :         lastflush = now;
    3056             :     }
    3057             :     else
    3058             :     {
    3059             :         /* no flushing, this time round */
    3060          36 :         WriteRqst.Flush = 0;
    3061             :     }
    3062             : 
    3063             : #ifdef WAL_DEBUG
    3064             :     if (XLOG_DEBUG)
    3065             :         elog(LOG, "xlog bg flush request write %X/%08X; flush: %X/%08X, current is write %X/%08X; flush %X/%08X",
    3066             :              LSN_FORMAT_ARGS(WriteRqst.Write),
    3067             :              LSN_FORMAT_ARGS(WriteRqst.Flush),
    3068             :              LSN_FORMAT_ARGS(LogwrtResult.Write),
    3069             :              LSN_FORMAT_ARGS(LogwrtResult.Flush));
    3070             : #endif
    3071             : 
    3072        9516 :     START_CRIT_SECTION();
    3073             : 
    3074             :     /* now wait for any in-progress insertions to finish and get write lock */
    3075        9516 :     WaitXLogInsertionsToFinish(WriteRqst.Write);
    3076        9516 :     LWLockAcquire(WALWriteLock, LW_EXCLUSIVE);
    3077        9516 :     RefreshXLogWriteResult(LogwrtResult);
    3078        9516 :     if (WriteRqst.Write > LogwrtResult.Write ||
    3079         924 :         WriteRqst.Flush > LogwrtResult.Flush)
    3080             :     {
    3081        8998 :         XLogWrite(WriteRqst, insertTLI, flexible);
    3082             :     }
    3083        9516 :     LWLockRelease(WALWriteLock);
    3084             : 
    3085        9516 :     END_CRIT_SECTION();
    3086             : 
    3087             :     /* wake up walsenders now that we've released heavily contended locks */
    3088        9516 :     WalSndWakeupProcessRequests(true, !RecoveryInProgress());
    3089             : 
    3090             :     /*
    3091             :      * Great, done. To take some work off the critical path, try to initialize
    3092             :      * as many of the no-longer-needed WAL buffers for future use as we can.
    3093             :      */
    3094        9516 :     AdvanceXLInsertBuffer(InvalidXLogRecPtr, insertTLI, true);
    3095             : 
    3096             :     /*
    3097             :      * If we determined that we need to write data, but somebody else
    3098             :      * wrote/flushed already, it should be considered as being active, to
    3099             :      * avoid hibernating too early.
    3100             :      */
    3101        9516 :     return true;
    3102             : }
    3103             : 
    3104             : /*
    3105             :  * Test whether XLOG data has been flushed up to (at least) the given position.
    3106             :  *
    3107             :  * Returns true if a flush is still needed.  (It may be that someone else
    3108             :  * is already in process of flushing that far, however.)
    3109             :  */
    3110             : bool
    3111    17295490 : XLogNeedsFlush(XLogRecPtr record)
    3112             : {
    3113             :     /*
    3114             :      * During recovery, we don't flush WAL but update minRecoveryPoint
    3115             :      * instead. So "needs flush" is taken to mean whether minRecoveryPoint
    3116             :      * would need to be updated.
    3117             :      */
    3118    17295490 :     if (RecoveryInProgress())
    3119             :     {
    3120             :         /*
    3121             :          * An invalid minRecoveryPoint means that we need to recover all the
    3122             :          * WAL, i.e., we're doing crash recovery.  We never modify the control
    3123             :          * file's value in that case, so we can short-circuit future checks
    3124             :          * here too.  This triggers a quick exit path for the startup process,
    3125             :          * which cannot update its local copy of minRecoveryPoint as long as
    3126             :          * it has not replayed all WAL available when doing crash recovery.
    3127             :          */
    3128     1121442 :         if (XLogRecPtrIsInvalid(LocalMinRecoveryPoint) && InRecovery)
    3129           0 :             updateMinRecoveryPoint = false;
    3130             : 
    3131             :         /* Quick exit if already known to be updated or cannot be updated */
    3132     1121442 :         if (record <= LocalMinRecoveryPoint || !updateMinRecoveryPoint)
    3133     1096882 :             return false;
    3134             : 
    3135             :         /*
    3136             :          * Update local copy of minRecoveryPoint. But if the lock is busy,
    3137             :          * just return a conservative guess.
    3138             :          */
    3139       24560 :         if (!LWLockConditionalAcquire(ControlFileLock, LW_SHARED))
    3140           0 :             return true;
    3141       24560 :         LocalMinRecoveryPoint = ControlFile->minRecoveryPoint;
    3142       24560 :         LocalMinRecoveryPointTLI = ControlFile->minRecoveryPointTLI;
    3143       24560 :         LWLockRelease(ControlFileLock);
    3144             : 
    3145             :         /*
    3146             :          * Check minRecoveryPoint for any other process than the startup
    3147             :          * process doing crash recovery, which should not update the control
    3148             :          * file value if crash recovery is still running.
    3149             :          */
    3150       24560 :         if (XLogRecPtrIsInvalid(LocalMinRecoveryPoint))
    3151           0 :             updateMinRecoveryPoint = false;
    3152             : 
    3153             :         /* check again */
    3154       24560 :         if (record <= LocalMinRecoveryPoint || !updateMinRecoveryPoint)
    3155         148 :             return false;
    3156             :         else
    3157       24412 :             return true;
    3158             :     }
    3159             : 
    3160             :     /* Quick exit if already known flushed */
    3161    16174048 :     if (record <= LogwrtResult.Flush)
    3162    15717298 :         return false;
    3163             : 
    3164             :     /* read LogwrtResult and update local state */
    3165      456750 :     RefreshXLogWriteResult(LogwrtResult);
    3166             : 
    3167             :     /* check again */
    3168      456750 :     if (record <= LogwrtResult.Flush)
    3169        6466 :         return false;
    3170             : 
    3171      450284 :     return true;
    3172             : }
    3173             : 
    3174             : /*
    3175             :  * Try to make a given XLOG file segment exist.
    3176             :  *
    3177             :  * logsegno: identify segment.
    3178             :  *
    3179             :  * *added: on return, true if this call raised the number of extant segments.
    3180             :  *
    3181             :  * path: on return, this char[MAXPGPATH] has the path to the logsegno file.
    3182             :  *
    3183             :  * Returns -1 or FD of opened file.  A -1 here is not an error; a caller
    3184             :  * wanting an open segment should attempt to open "path", which usually will
    3185             :  * succeed.  (This is weird, but it's efficient for the callers.)
    3186             :  */
    3187             : static int
    3188       28574 : XLogFileInitInternal(XLogSegNo logsegno, TimeLineID logtli,
    3189             :                      bool *added, char *path)
    3190             : {
    3191             :     char        tmppath[MAXPGPATH];
    3192             :     XLogSegNo   installed_segno;
    3193             :     XLogSegNo   max_segno;
    3194             :     int         fd;
    3195             :     int         save_errno;
    3196       28574 :     int         open_flags = O_RDWR | O_CREAT | O_EXCL | PG_BINARY;
    3197             :     instr_time  io_start;
    3198             : 
    3199             :     Assert(logtli != 0);
    3200             : 
    3201       28574 :     XLogFilePath(path, logtli, logsegno, wal_segment_size);
    3202             : 
    3203             :     /*
    3204             :      * Try to use existent file (checkpoint maker may have created it already)
    3205             :      */
    3206       28574 :     *added = false;
    3207       28574 :     fd = BasicOpenFile(path, O_RDWR | PG_BINARY | O_CLOEXEC |
    3208       28574 :                        get_sync_bit(wal_sync_method));
    3209       28574 :     if (fd < 0)
    3210             :     {
    3211        2894 :         if (errno != ENOENT)
    3212           0 :             ereport(ERROR,
    3213             :                     (errcode_for_file_access(),
    3214             :                      errmsg("could not open file \"%s\": %m", path)));
    3215             :     }
    3216             :     else
    3217       25680 :         return fd;
    3218             : 
    3219             :     /*
    3220             :      * Initialize an empty (all zeroes) segment.  NOTE: it is possible that
    3221             :      * another process is doing the same thing.  If so, we will end up
    3222             :      * pre-creating an extra log segment.  That seems OK, and better than
    3223             :      * holding the lock throughout this lengthy process.
    3224             :      */
    3225        2894 :     elog(DEBUG2, "creating and filling new WAL file");
    3226             : 
    3227        2894 :     snprintf(tmppath, MAXPGPATH, XLOGDIR "/xlogtemp.%d", (int) getpid());
    3228             : 
    3229        2894 :     unlink(tmppath);
    3230             : 
    3231        2894 :     if (io_direct_flags & IO_DIRECT_WAL_INIT)
    3232           0 :         open_flags |= PG_O_DIRECT;
    3233             : 
    3234             :     /* do not use get_sync_bit() here --- want to fsync only at end of fill */
    3235        2894 :     fd = BasicOpenFile(tmppath, open_flags);
    3236        2894 :     if (fd < 0)
    3237           0 :         ereport(ERROR,
    3238             :                 (errcode_for_file_access(),
    3239             :                  errmsg("could not create file \"%s\": %m", tmppath)));
    3240             : 
    3241             :     /* Measure I/O timing when initializing segment */
    3242        2894 :     io_start = pgstat_prepare_io_time(track_wal_io_timing);
    3243             : 
    3244        2894 :     pgstat_report_wait_start(WAIT_EVENT_WAL_INIT_WRITE);
    3245        2894 :     save_errno = 0;
    3246        2894 :     if (wal_init_zero)
    3247             :     {
    3248             :         ssize_t     rc;
    3249             : 
    3250             :         /*
    3251             :          * Zero-fill the file.  With this setting, we do this the hard way to
    3252             :          * ensure that all the file space has really been allocated.  On
    3253             :          * platforms that allow "holes" in files, just seeking to the end
    3254             :          * doesn't allocate intermediate space.  This way, we know that we
    3255             :          * have all the space and (after the fsync below) that all the
    3256             :          * indirect blocks are down on disk.  Therefore, fdatasync(2) or
    3257             :          * O_DSYNC will be sufficient to sync future writes to the log file.
    3258             :          */
    3259        2894 :         rc = pg_pwrite_zeros(fd, wal_segment_size, 0);
    3260             : 
    3261        2894 :         if (rc < 0)
    3262           0 :             save_errno = errno;
    3263             :     }
    3264             :     else
    3265             :     {
    3266             :         /*
    3267             :          * Otherwise, seeking to the end and writing a solitary byte is
    3268             :          * enough.
    3269             :          */
    3270           0 :         errno = 0;
    3271           0 :         if (pg_pwrite(fd, "\0", 1, wal_segment_size - 1) != 1)
    3272             :         {
    3273             :             /* if write didn't set errno, assume no disk space */
    3274           0 :             save_errno = errno ? errno : ENOSPC;
    3275             :         }
    3276             :     }
    3277        2894 :     pgstat_report_wait_end();
    3278             : 
    3279             :     /*
    3280             :      * A full segment worth of data is written when using wal_init_zero. One
    3281             :      * byte is written when not using it.
    3282             :      */
    3283        2894 :     pgstat_count_io_op_time(IOOBJECT_WAL, IOCONTEXT_INIT, IOOP_WRITE,
    3284             :                             io_start, 1,
    3285        2894 :                             wal_init_zero ? wal_segment_size : 1);
    3286             : 
    3287        2894 :     if (save_errno)
    3288             :     {
    3289             :         /*
    3290             :          * If we fail to make the file, delete it to release disk space
    3291             :          */
    3292           0 :         unlink(tmppath);
    3293             : 
    3294           0 :         close(fd);
    3295             : 
    3296           0 :         errno = save_errno;
    3297             : 
    3298           0 :         ereport(ERROR,
    3299             :                 (errcode_for_file_access(),
    3300             :                  errmsg("could not write to file \"%s\": %m", tmppath)));
    3301             :     }
    3302             : 
    3303             :     /* Measure I/O timing when flushing segment */
    3304        2894 :     io_start = pgstat_prepare_io_time(track_wal_io_timing);
    3305             : 
    3306        2894 :     pgstat_report_wait_start(WAIT_EVENT_WAL_INIT_SYNC);
    3307        2894 :     if (pg_fsync(fd) != 0)
    3308             :     {
    3309           0 :         save_errno = errno;
    3310           0 :         close(fd);
    3311           0 :         errno = save_errno;
    3312           0 :         ereport(ERROR,
    3313             :                 (errcode_for_file_access(),
    3314             :                  errmsg("could not fsync file \"%s\": %m", tmppath)));
    3315             :     }
    3316        2894 :     pgstat_report_wait_end();
    3317             : 
    3318        2894 :     pgstat_count_io_op_time(IOOBJECT_WAL, IOCONTEXT_INIT,
    3319             :                             IOOP_FSYNC, io_start, 1, 0);
    3320             : 
    3321        2894 :     if (close(fd) != 0)
    3322           0 :         ereport(ERROR,
    3323             :                 (errcode_for_file_access(),
    3324             :                  errmsg("could not close file \"%s\": %m", tmppath)));
    3325             : 
    3326             :     /*
    3327             :      * Now move the segment into place with its final name.  Cope with
    3328             :      * possibility that someone else has created the file while we were
    3329             :      * filling ours: if so, use ours to pre-create a future log segment.
    3330             :      */
    3331        2894 :     installed_segno = logsegno;
    3332             : 
    3333             :     /*
    3334             :      * XXX: What should we use as max_segno? We used to use XLOGfileslop when
    3335             :      * that was a constant, but that was always a bit dubious: normally, at a
    3336             :      * checkpoint, XLOGfileslop was the offset from the checkpoint record, but
    3337             :      * here, it was the offset from the insert location. We can't do the
    3338             :      * normal XLOGfileslop calculation here because we don't have access to
    3339             :      * the prior checkpoint's redo location. So somewhat arbitrarily, just use
    3340             :      * CheckPointSegments.
    3341             :      */
    3342        2894 :     max_segno = logsegno + CheckPointSegments;
    3343        2894 :     if (InstallXLogFileSegment(&installed_segno, tmppath, true, max_segno,
    3344             :                                logtli))
    3345             :     {
    3346        2894 :         *added = true;
    3347        2894 :         elog(DEBUG2, "done creating and filling new WAL file");
    3348             :     }
    3349             :     else
    3350             :     {
    3351             :         /*
    3352             :          * No need for any more future segments, or InstallXLogFileSegment()
    3353             :          * failed to rename the file into place. If the rename failed, a
    3354             :          * caller opening the file may fail.
    3355             :          */
    3356           0 :         unlink(tmppath);
    3357           0 :         elog(DEBUG2, "abandoned new WAL file");
    3358             :     }
    3359             : 
    3360        2894 :     return -1;
    3361             : }
    3362             : 
    3363             : /*
    3364             :  * Create a new XLOG file segment, or open a pre-existing one.
    3365             :  *
    3366             :  * logsegno: identify segment to be created/opened.
    3367             :  *
    3368             :  * Returns FD of opened file.
    3369             :  *
    3370             :  * Note: errors here are ERROR not PANIC because we might or might not be
    3371             :  * inside a critical section (eg, during checkpoint there is no reason to
    3372             :  * take down the system on failure).  They will promote to PANIC if we are
    3373             :  * in a critical section.
    3374             :  */
    3375             : int
    3376       28062 : XLogFileInit(XLogSegNo logsegno, TimeLineID logtli)
    3377             : {
    3378             :     bool        ignore_added;
    3379             :     char        path[MAXPGPATH];
    3380             :     int         fd;
    3381             : 
    3382             :     Assert(logtli != 0);
    3383             : 
    3384       28062 :     fd = XLogFileInitInternal(logsegno, logtli, &ignore_added, path);
    3385       28062 :     if (fd >= 0)
    3386       25450 :         return fd;
    3387             : 
    3388             :     /* Now open original target segment (might not be file I just made) */
    3389        2612 :     fd = BasicOpenFile(path, O_RDWR | PG_BINARY | O_CLOEXEC |
    3390        2612 :                        get_sync_bit(wal_sync_method));
    3391        2612 :     if (fd < 0)
    3392           0 :         ereport(ERROR,
    3393             :                 (errcode_for_file_access(),
    3394             :                  errmsg("could not open file \"%s\": %m", path)));
    3395        2612 :     return fd;
    3396             : }
    3397             : 
    3398             : /*
    3399             :  * Create a new XLOG file segment by copying a pre-existing one.
    3400             :  *
    3401             :  * destsegno: identify segment to be created.
    3402             :  *
    3403             :  * srcTLI, srcsegno: identify segment to be copied (could be from
    3404             :  *      a different timeline)
    3405             :  *
    3406             :  * upto: how much of the source file to copy (the rest is filled with
    3407             :  *      zeros)
    3408             :  *
    3409             :  * Currently this is only used during recovery, and so there are no locking
    3410             :  * considerations.  But we should be just as tense as XLogFileInit to avoid
    3411             :  * emplacing a bogus file.
    3412             :  */
    3413             : static void
    3414          76 : XLogFileCopy(TimeLineID destTLI, XLogSegNo destsegno,
    3415             :              TimeLineID srcTLI, XLogSegNo srcsegno,
    3416             :              int upto)
    3417             : {
    3418             :     char        path[MAXPGPATH];
    3419             :     char        tmppath[MAXPGPATH];
    3420             :     PGAlignedXLogBlock buffer;
    3421             :     int         srcfd;
    3422             :     int         fd;
    3423             :     int         nbytes;
    3424             : 
    3425             :     /*
    3426             :      * Open the source file
    3427             :      */
    3428          76 :     XLogFilePath(path, srcTLI, srcsegno, wal_segment_size);
    3429          76 :     srcfd = OpenTransientFile(path, O_RDONLY | PG_BINARY);
    3430          76 :     if (srcfd < 0)
    3431           0 :         ereport(ERROR,
    3432             :                 (errcode_for_file_access(),
    3433             :                  errmsg("could not open file \"%s\": %m", path)));
    3434             : 
    3435             :     /*
    3436             :      * Copy into a temp file name.
    3437             :      */
    3438          76 :     snprintf(tmppath, MAXPGPATH, XLOGDIR "/xlogtemp.%d", (int) getpid());
    3439             : 
    3440          76 :     unlink(tmppath);
    3441             : 
    3442             :     /* do not use get_sync_bit() here --- want to fsync only at end of fill */
    3443          76 :     fd = OpenTransientFile(tmppath, O_RDWR | O_CREAT | O_EXCL | PG_BINARY);
    3444          76 :     if (fd < 0)
    3445           0 :         ereport(ERROR,
    3446             :                 (errcode_for_file_access(),
    3447             :                  errmsg("could not create file \"%s\": %m", tmppath)));
    3448             : 
    3449             :     /*
    3450             :      * Do the data copying.
    3451             :      */
    3452      155724 :     for (nbytes = 0; nbytes < wal_segment_size; nbytes += sizeof(buffer))
    3453             :     {
    3454             :         int         nread;
    3455             : 
    3456      155648 :         nread = upto - nbytes;
    3457             : 
    3458             :         /*
    3459             :          * The part that is not read from the source file is filled with
    3460             :          * zeros.
    3461             :          */
    3462      155648 :         if (nread < sizeof(buffer))
    3463          76 :             memset(buffer.data, 0, sizeof(buffer));
    3464             : 
    3465      155648 :         if (nread > 0)
    3466             :         {
    3467             :             int         r;
    3468             : 
    3469        5362 :             if (nread > sizeof(buffer))
    3470        5286 :                 nread = sizeof(buffer);
    3471        5362 :             pgstat_report_wait_start(WAIT_EVENT_WAL_COPY_READ);
    3472        5362 :             r = read(srcfd, buffer.data, nread);
    3473        5362 :             if (r != nread)
    3474             :             {
    3475           0 :                 if (r < 0)
    3476           0 :                     ereport(ERROR,
    3477             :                             (errcode_for_file_access(),
    3478             :                              errmsg("could not read file \"%s\": %m",
    3479             :                                     path)));
    3480             :                 else
    3481           0 :                     ereport(ERROR,
    3482             :                             (errcode(ERRCODE_DATA_CORRUPTED),
    3483             :                              errmsg("could not read file \"%s\": read %d of %zu",
    3484             :                                     path, r, (Size) nread)));
    3485             :             }
    3486        5362 :             pgstat_report_wait_end();
    3487             :         }
    3488      155648 :         errno = 0;
    3489      155648 :         pgstat_report_wait_start(WAIT_EVENT_WAL_COPY_WRITE);
    3490      155648 :         if ((int) write(fd, buffer.data, sizeof(buffer)) != (int) sizeof(buffer))
    3491             :         {
    3492           0 :             int         save_errno = errno;
    3493             : 
    3494             :             /*
    3495             :              * If we fail to make the file, delete it to release disk space
    3496             :              */
    3497           0 :             unlink(tmppath);
    3498             :             /* if write didn't set errno, assume problem is no disk space */
    3499           0 :             errno = save_errno ? save_errno : ENOSPC;
    3500             : 
    3501           0 :             ereport(ERROR,
    3502             :                     (errcode_for_file_access(),
    3503             :                      errmsg("could not write to file \"%s\": %m", tmppath)));
    3504             :         }
    3505      155648 :         pgstat_report_wait_end();
    3506             :     }
    3507             : 
    3508          76 :     pgstat_report_wait_start(WAIT_EVENT_WAL_COPY_SYNC);
    3509          76 :     if (pg_fsync(fd) != 0)
    3510           0 :         ereport(data_sync_elevel(ERROR),
    3511             :                 (errcode_for_file_access(),
    3512             :                  errmsg("could not fsync file \"%s\": %m", tmppath)));
    3513          76 :     pgstat_report_wait_end();
    3514             : 
    3515          76 :     if (CloseTransientFile(fd) != 0)
    3516           0 :         ereport(ERROR,
    3517             :                 (errcode_for_file_access(),
    3518             :                  errmsg("could not close file \"%s\": %m", tmppath)));
    3519             : 
    3520          76 :     if (CloseTransientFile(srcfd) != 0)
    3521           0 :         ereport(ERROR,
    3522             :                 (errcode_for_file_access(),
    3523             :                  errmsg("could not close file \"%s\": %m", path)));
    3524             : 
    3525             :     /*
    3526             :      * Now move the segment into place with its final name.
    3527             :      */
    3528          76 :     if (!InstallXLogFileSegment(&destsegno, tmppath, false, 0, destTLI))
    3529           0 :         elog(ERROR, "InstallXLogFileSegment should not have failed");
    3530          76 : }
    3531             : 
    3532             : /*
    3533             :  * Install a new XLOG segment file as a current or future log segment.
    3534             :  *
    3535             :  * This is used both to install a newly-created segment (which has a temp
    3536             :  * filename while it's being created) and to recycle an old segment.
    3537             :  *
    3538             :  * *segno: identify segment to install as (or first possible target).
    3539             :  * When find_free is true, this is modified on return to indicate the
    3540             :  * actual installation location or last segment searched.
    3541             :  *
    3542             :  * tmppath: initial name of file to install.  It will be renamed into place.
    3543             :  *
    3544             :  * find_free: if true, install the new segment at the first empty segno
    3545             :  * number at or after the passed numbers.  If false, install the new segment
    3546             :  * exactly where specified, deleting any existing segment file there.
    3547             :  *
    3548             :  * max_segno: maximum segment number to install the new file as.  Fail if no
    3549             :  * free slot is found between *segno and max_segno. (Ignored when find_free
    3550             :  * is false.)
    3551             :  *
    3552             :  * tli: The timeline on which the new segment should be installed.
    3553             :  *
    3554             :  * Returns true if the file was installed successfully.  false indicates that
    3555             :  * max_segno limit was exceeded, the startup process has disabled this
    3556             :  * function for now, or an error occurred while renaming the file into place.
    3557             :  */
    3558             : static bool
    3559        5754 : InstallXLogFileSegment(XLogSegNo *segno, char *tmppath,
    3560             :                        bool find_free, XLogSegNo max_segno, TimeLineID tli)
    3561             : {
    3562             :     char        path[MAXPGPATH];
    3563             :     struct stat stat_buf;
    3564             : 
    3565             :     Assert(tli != 0);
    3566             : 
    3567        5754 :     XLogFilePath(path, tli, *segno, wal_segment_size);
    3568             : 
    3569        5754 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    3570        5754 :     if (!XLogCtl->InstallXLogFileSegmentActive)
    3571             :     {
    3572           0 :         LWLockRelease(ControlFileLock);
    3573           0 :         return false;
    3574             :     }
    3575             : 
    3576        5754 :     if (!find_free)
    3577             :     {
    3578             :         /* Force installation: get rid of any pre-existing segment file */
    3579          76 :         durable_unlink(path, DEBUG1);
    3580             :     }
    3581             :     else
    3582             :     {
    3583             :         /* Find a free slot to put it in */
    3584        8182 :         while (stat(path, &stat_buf) == 0)
    3585             :         {
    3586        2600 :             if ((*segno) >= max_segno)
    3587             :             {
    3588             :                 /* Failed to find a free slot within specified range */
    3589          96 :                 LWLockRelease(ControlFileLock);
    3590          96 :                 return false;
    3591             :             }
    3592        2504 :             (*segno)++;
    3593        2504 :             XLogFilePath(path, tli, *segno, wal_segment_size);
    3594             :         }
    3595             :     }
    3596             : 
    3597             :     Assert(access(path, F_OK) != 0 && errno == ENOENT);
    3598        5658 :     if (durable_rename(tmppath, path, LOG) != 0)
    3599             :     {
    3600           0 :         LWLockRelease(ControlFileLock);
    3601             :         /* durable_rename already emitted log message */
    3602           0 :         return false;
    3603             :     }
    3604             : 
    3605        5658 :     LWLockRelease(ControlFileLock);
    3606             : 
    3607        5658 :     return true;
    3608             : }
    3609             : 
    3610             : /*
    3611             :  * Open a pre-existing logfile segment for writing.
    3612             :  */
    3613             : int
    3614         338 : XLogFileOpen(XLogSegNo segno, TimeLineID tli)
    3615             : {
    3616             :     char        path[MAXPGPATH];
    3617             :     int         fd;
    3618             : 
    3619         338 :     XLogFilePath(path, tli, segno, wal_segment_size);
    3620             : 
    3621         338 :     fd = BasicOpenFile(path, O_RDWR | PG_BINARY | O_CLOEXEC |
    3622         338 :                        get_sync_bit(wal_sync_method));
    3623         338 :     if (fd < 0)
    3624           0 :         ereport(PANIC,
    3625             :                 (errcode_for_file_access(),
    3626             :                  errmsg("could not open file \"%s\": %m", path)));
    3627             : 
    3628         338 :     return fd;
    3629             : }
    3630             : 
    3631             : /*
    3632             :  * Close the current logfile segment for writing.
    3633             :  */
    3634             : static void
    3635       12408 : XLogFileClose(void)
    3636             : {
    3637             :     Assert(openLogFile >= 0);
    3638             : 
    3639             :     /*
    3640             :      * WAL segment files will not be re-read in normal operation, so we advise
    3641             :      * the OS to release any cached pages.  But do not do so if WAL archiving
    3642             :      * or streaming is active, because archiver and walsender process could
    3643             :      * use the cache to read the WAL segment.
    3644             :      */
    3645             : #if defined(USE_POSIX_FADVISE) && defined(POSIX_FADV_DONTNEED)
    3646       12408 :     if (!XLogIsNeeded() && (io_direct_flags & IO_DIRECT_WAL) == 0)
    3647        2786 :         (void) posix_fadvise(openLogFile, 0, 0, POSIX_FADV_DONTNEED);
    3648             : #endif
    3649             : 
    3650       12408 :     if (close(openLogFile) != 0)
    3651             :     {
    3652             :         char        xlogfname[MAXFNAMELEN];
    3653           0 :         int         save_errno = errno;
    3654             : 
    3655           0 :         XLogFileName(xlogfname, openLogTLI, openLogSegNo, wal_segment_size);
    3656           0 :         errno = save_errno;
    3657           0 :         ereport(PANIC,
    3658             :                 (errcode_for_file_access(),
    3659             :                  errmsg("could not close file \"%s\": %m", xlogfname)));
    3660             :     }
    3661             : 
    3662       12408 :     openLogFile = -1;
    3663       12408 :     ReleaseExternalFD();
    3664       12408 : }
    3665             : 
    3666             : /*
    3667             :  * Preallocate log files beyond the specified log endpoint.
    3668             :  *
    3669             :  * XXX this is currently extremely conservative, since it forces only one
    3670             :  * future log segment to exist, and even that only if we are 75% done with
    3671             :  * the current one.  This is only appropriate for very low-WAL-volume systems.
    3672             :  * High-volume systems will be OK once they've built up a sufficient set of
    3673             :  * recycled log segments, but the startup transient is likely to include
    3674             :  * a lot of segment creations by foreground processes, which is not so good.
    3675             :  *
    3676             :  * XLogFileInitInternal() can ereport(ERROR).  All known causes indicate big
    3677             :  * trouble; for example, a full filesystem is one cause.  The checkpoint WAL
    3678             :  * and/or ControlFile updates already completed.  If a RequestCheckpoint()
    3679             :  * initiated the present checkpoint and an ERROR ends this function, the
    3680             :  * command that called RequestCheckpoint() fails.  That's not ideal, but it's
    3681             :  * not worth contorting more functions to use caller-specified elevel values.
    3682             :  * (With or without RequestCheckpoint(), an ERROR forestalls some inessential
    3683             :  * reporting and resource reclamation.)
    3684             :  */
    3685             : static void
    3686        3952 : PreallocXlogFiles(XLogRecPtr endptr, TimeLineID tli)
    3687             : {
    3688             :     XLogSegNo   _logSegNo;
    3689             :     int         lf;
    3690             :     bool        added;
    3691             :     char        path[MAXPGPATH];
    3692             :     uint64      offset;
    3693             : 
    3694        3952 :     if (!XLogCtl->InstallXLogFileSegmentActive)
    3695          18 :         return;                 /* unlocked check says no */
    3696             : 
    3697        3934 :     XLByteToPrevSeg(endptr, _logSegNo, wal_segment_size);
    3698        3934 :     offset = XLogSegmentOffset(endptr - 1, wal_segment_size);
    3699        3934 :     if (offset >= (uint32) (0.75 * wal_segment_size))
    3700             :     {
    3701         512 :         _logSegNo++;
    3702         512 :         lf = XLogFileInitInternal(_logSegNo, tli, &added, path);
    3703         512 :         if (lf >= 0)
    3704         230 :             close(lf);
    3705         512 :         if (added)
    3706         282 :             CheckpointStats.ckpt_segs_added++;
    3707             :     }
    3708             : }
    3709             : 
    3710             : /*
    3711             :  * Throws an error if the given log segment has already been removed or
    3712             :  * recycled. The caller should only pass a segment that it knows to have
    3713             :  * existed while the server has been running, as this function always
    3714             :  * succeeds if no WAL segments have been removed since startup.
    3715             :  * 'tli' is only used in the error message.
    3716             :  *
    3717             :  * Note: this function guarantees to keep errno unchanged on return.
    3718             :  * This supports callers that use this to possibly deliver a better
    3719             :  * error message about a missing file, while still being able to throw
    3720             :  * a normal file-access error afterwards, if this does return.
    3721             :  */
    3722             : void
    3723      236306 : CheckXLogRemoved(XLogSegNo segno, TimeLineID tli)
    3724             : {
    3725      236306 :     int         save_errno = errno;
    3726             :     XLogSegNo   lastRemovedSegNo;
    3727             : 
    3728      236306 :     SpinLockAcquire(&XLogCtl->info_lck);
    3729      236306 :     lastRemovedSegNo = XLogCtl->lastRemovedSegNo;
    3730      236306 :     SpinLockRelease(&XLogCtl->info_lck);
    3731             : 
    3732      236306 :     if (segno <= lastRemovedSegNo)
    3733             :     {
    3734             :         char        filename[MAXFNAMELEN];
    3735             : 
    3736           0 :         XLogFileName(filename, tli, segno, wal_segment_size);
    3737           0 :         errno = save_errno;
    3738           0 :         ereport(ERROR,
    3739             :                 (errcode_for_file_access(),
    3740             :                  errmsg("requested WAL segment %s has already been removed",
    3741             :                         filename)));
    3742             :     }
    3743      236306 :     errno = save_errno;
    3744      236306 : }
    3745             : 
    3746             : /*
    3747             :  * Return the last WAL segment removed, or 0 if no segment has been removed
    3748             :  * since startup.
    3749             :  *
    3750             :  * NB: the result can be out of date arbitrarily fast, the caller has to deal
    3751             :  * with that.
    3752             :  */
    3753             : XLogSegNo
    3754        2176 : XLogGetLastRemovedSegno(void)
    3755             : {
    3756             :     XLogSegNo   lastRemovedSegNo;
    3757             : 
    3758        2176 :     SpinLockAcquire(&XLogCtl->info_lck);
    3759        2176 :     lastRemovedSegNo = XLogCtl->lastRemovedSegNo;
    3760        2176 :     SpinLockRelease(&XLogCtl->info_lck);
    3761             : 
    3762        2176 :     return lastRemovedSegNo;
    3763             : }
    3764             : 
    3765             : /*
    3766             :  * Return the oldest WAL segment on the given TLI that still exists in
    3767             :  * XLOGDIR, or 0 if none.
    3768             :  */
    3769             : XLogSegNo
    3770          10 : XLogGetOldestSegno(TimeLineID tli)
    3771             : {
    3772             :     DIR        *xldir;
    3773             :     struct dirent *xlde;
    3774          10 :     XLogSegNo   oldest_segno = 0;
    3775             : 
    3776          10 :     xldir = AllocateDir(XLOGDIR);
    3777          66 :     while ((xlde = ReadDir(xldir, XLOGDIR)) != NULL)
    3778             :     {
    3779             :         TimeLineID  file_tli;
    3780             :         XLogSegNo   file_segno;
    3781             : 
    3782             :         /* Ignore files that are not XLOG segments. */
    3783          56 :         if (!IsXLogFileName(xlde->d_name))
    3784          40 :             continue;
    3785             : 
    3786             :         /* Parse filename to get TLI and segno. */
    3787          16 :         XLogFromFileName(xlde->d_name, &file_tli, &file_segno,
    3788             :                          wal_segment_size);
    3789             : 
    3790             :         /* Ignore anything that's not from the TLI of interest. */
    3791          16 :         if (tli != file_tli)
    3792           0 :             continue;
    3793             : 
    3794             :         /* If it's the oldest so far, update oldest_segno. */
    3795          16 :         if (oldest_segno == 0 || file_segno < oldest_segno)
    3796          14 :             oldest_segno = file_segno;
    3797             :     }
    3798             : 
    3799          10 :     FreeDir(xldir);
    3800          10 :     return oldest_segno;
    3801             : }
    3802             : 
    3803             : /*
    3804             :  * Update the last removed segno pointer in shared memory, to reflect that the
    3805             :  * given XLOG file has been removed.
    3806             :  */
    3807             : static void
    3808        5036 : UpdateLastRemovedPtr(char *filename)
    3809             : {
    3810             :     uint32      tli;
    3811             :     XLogSegNo   segno;
    3812             : 
    3813        5036 :     XLogFromFileName(filename, &tli, &segno, wal_segment_size);
    3814             : 
    3815        5036 :     SpinLockAcquire(&XLogCtl->info_lck);
    3816        5036 :     if (segno > XLogCtl->lastRemovedSegNo)
    3817        2136 :         XLogCtl->lastRemovedSegNo = segno;
    3818        5036 :     SpinLockRelease(&XLogCtl->info_lck);
    3819        5036 : }
    3820             : 
    3821             : /*
    3822             :  * Remove all temporary log files in pg_wal
    3823             :  *
    3824             :  * This is called at the beginning of recovery after a previous crash,
    3825             :  * at a point where no other processes write fresh WAL data.
    3826             :  */
    3827             : static void
    3828         352 : RemoveTempXlogFiles(void)
    3829             : {
    3830             :     DIR        *xldir;
    3831             :     struct dirent *xlde;
    3832             : 
    3833         352 :     elog(DEBUG2, "removing all temporary WAL segments");
    3834             : 
    3835         352 :     xldir = AllocateDir(XLOGDIR);
    3836        2392 :     while ((xlde = ReadDir(xldir, XLOGDIR)) != NULL)
    3837             :     {
    3838             :         char        path[MAXPGPATH];
    3839             : 
    3840        2040 :         if (strncmp(xlde->d_name, "xlogtemp.", 9) != 0)
    3841        2038 :             continue;
    3842             : 
    3843           2 :         snprintf(path, MAXPGPATH, XLOGDIR "/%s", xlde->d_name);
    3844           2 :         unlink(path);
    3845           2 :         elog(DEBUG2, "removed temporary WAL segment \"%s\"", path);
    3846             :     }
    3847         352 :     FreeDir(xldir);
    3848         352 : }
    3849             : 
    3850             : /*
    3851             :  * Recycle or remove all log files older or equal to passed segno.
    3852             :  *
    3853             :  * endptr is current (or recent) end of xlog, and lastredoptr is the
    3854             :  * redo pointer of the last checkpoint. These are used to determine
    3855             :  * whether we want to recycle rather than delete no-longer-wanted log files.
    3856             :  *
    3857             :  * insertTLI is the current timeline for XLOG insertion. Any recycled
    3858             :  * segments should be reused for this timeline.
    3859             :  */
    3860             : static void
    3861        3422 : RemoveOldXlogFiles(XLogSegNo segno, XLogRecPtr lastredoptr, XLogRecPtr endptr,
    3862             :                    TimeLineID insertTLI)
    3863             : {
    3864             :     DIR        *xldir;
    3865             :     struct dirent *xlde;
    3866             :     char        lastoff[MAXFNAMELEN];
    3867             :     XLogSegNo   endlogSegNo;
    3868             :     XLogSegNo   recycleSegNo;
    3869             : 
    3870             :     /* Initialize info about where to try to recycle to */
    3871        3422 :     XLByteToSeg(endptr, endlogSegNo, wal_segment_size);
    3872        3422 :     recycleSegNo = XLOGfileslop(lastredoptr);
    3873             : 
    3874             :     /*
    3875             :      * Construct a filename of the last segment to be kept. The timeline ID
    3876             :      * doesn't matter, we ignore that in the comparison. (During recovery,
    3877             :      * InsertTimeLineID isn't set, so we can't use that.)
    3878             :      */
    3879        3422 :     XLogFileName(lastoff, 0, segno, wal_segment_size);
    3880             : 
    3881        3422 :     elog(DEBUG2, "attempting to remove WAL segments older than log file %s",
    3882             :          lastoff);
    3883             : 
    3884        3422 :     xldir = AllocateDir(XLOGDIR);
    3885             : 
    3886       83554 :     while ((xlde = ReadDir(xldir, XLOGDIR)) != NULL)
    3887             :     {
    3888             :         /* Ignore files that are not XLOG segments */
    3889       80132 :         if (!IsXLogFileName(xlde->d_name) &&
    3890       14784 :             !IsPartialXLogFileName(xlde->d_name))
    3891       14780 :             continue;
    3892             : 
    3893             :         /*
    3894             :          * We ignore the timeline part of the XLOG segment identifiers in
    3895             :          * deciding whether a segment is still needed.  This ensures that we
    3896             :          * won't prematurely remove a segment from a parent timeline. We could
    3897             :          * probably be a little more proactive about removing segments of
    3898             :          * non-parent timelines, but that would be a whole lot more
    3899             :          * complicated.
    3900             :          *
    3901             :          * We use the alphanumeric sorting property of the filenames to decide
    3902             :          * which ones are earlier than the lastoff segment.
    3903             :          */
    3904       65352 :         if (strcmp(xlde->d_name + 8, lastoff + 8) <= 0)
    3905             :         {
    3906       41526 :             if (XLogArchiveCheckDone(xlde->d_name))
    3907             :             {
    3908             :                 /* Update the last removed location in shared memory first */
    3909        5036 :                 UpdateLastRemovedPtr(xlde->d_name);
    3910             : 
    3911        5036 :                 RemoveXlogFile(xlde, recycleSegNo, &endlogSegNo, insertTLI);
    3912             :             }
    3913             :         }
    3914             :     }
    3915             : 
    3916        3422 :     FreeDir(xldir);
    3917        3422 : }
    3918             : 
    3919             : /*
    3920             :  * Recycle or remove WAL files that are not part of the given timeline's
    3921             :  * history.
    3922             :  *
    3923             :  * This is called during recovery, whenever we switch to follow a new
    3924             :  * timeline, and at the end of recovery when we create a new timeline. We
    3925             :  * wouldn't otherwise care about extra WAL files lying in pg_wal, but they
    3926             :  * might be leftover pre-allocated or recycled WAL segments on the old timeline
    3927             :  * that we haven't used yet, and contain garbage. If we just leave them in
    3928             :  * pg_wal, they will eventually be archived, and we can't let that happen.
    3929             :  * Files that belong to our timeline history are valid, because we have
    3930             :  * successfully replayed them, but from others we can't be sure.
    3931             :  *
    3932             :  * 'switchpoint' is the current point in WAL where we switch to new timeline,
    3933             :  * and 'newTLI' is the new timeline we switch to.
    3934             :  */
    3935             : void
    3936         122 : RemoveNonParentXlogFiles(XLogRecPtr switchpoint, TimeLineID newTLI)
    3937             : {
    3938             :     DIR        *xldir;
    3939             :     struct dirent *xlde;
    3940             :     char        switchseg[MAXFNAMELEN];
    3941             :     XLogSegNo   endLogSegNo;
    3942             :     XLogSegNo   switchLogSegNo;
    3943             :     XLogSegNo   recycleSegNo;
    3944             : 
    3945             :     /*
    3946             :      * Initialize info about where to begin the work.  This will recycle,
    3947             :      * somewhat arbitrarily, 10 future segments.
    3948             :      */
    3949         122 :     XLByteToPrevSeg(switchpoint, switchLogSegNo, wal_segment_size);
    3950         122 :     XLByteToSeg(switchpoint, endLogSegNo, wal_segment_size);
    3951         122 :     recycleSegNo = endLogSegNo + 10;
    3952             : 
    3953             :     /*
    3954             :      * Construct a filename of the last segment to be kept.
    3955             :      */
    3956         122 :     XLogFileName(switchseg, newTLI, switchLogSegNo, wal_segment_size);
    3957             : 
    3958         122 :     elog(DEBUG2, "attempting to remove WAL segments newer than log file %s",
    3959             :          switchseg);
    3960             : 
    3961         122 :     xldir = AllocateDir(XLOGDIR);
    3962             : 
    3963        1156 :     while ((xlde = ReadDir(xldir, XLOGDIR)) != NULL)
    3964             :     {
    3965             :         /* Ignore files that are not XLOG segments */
    3966        1034 :         if (!IsXLogFileName(xlde->d_name))
    3967         646 :             continue;
    3968             : 
    3969             :         /*
    3970             :          * Remove files that are on a timeline older than the new one we're
    3971             :          * switching to, but with a segment number >= the first segment on the
    3972             :          * new timeline.
    3973             :          */
    3974         388 :         if (strncmp(xlde->d_name, switchseg, 8) < 0 &&
    3975         250 :             strcmp(xlde->d_name + 8, switchseg + 8) > 0)
    3976             :         {
    3977             :             /*
    3978             :              * If the file has already been marked as .ready, however, don't
    3979             :              * remove it yet. It should be OK to remove it - files that are
    3980             :              * not part of our timeline history are not required for recovery
    3981             :              * - but seems safer to let them be archived and removed later.
    3982             :              */
    3983          32 :             if (!XLogArchiveIsReady(xlde->d_name))
    3984          32 :                 RemoveXlogFile(xlde, recycleSegNo, &endLogSegNo, newTLI);
    3985             :         }
    3986             :     }
    3987             : 
    3988         122 :     FreeDir(xldir);
    3989         122 : }
    3990             : 
    3991             : /*
    3992             :  * Recycle or remove a log file that's no longer needed.
    3993             :  *
    3994             :  * segment_de is the dirent structure of the segment to recycle or remove.
    3995             :  * recycleSegNo is the segment number to recycle up to.  endlogSegNo is
    3996             :  * the segment number of the current (or recent) end of WAL.
    3997             :  *
    3998             :  * endlogSegNo gets incremented if the segment is recycled so as it is not
    3999             :  * checked again with future callers of this function.
    4000             :  *
    4001             :  * insertTLI is the current timeline for XLOG insertion. Any recycled segments
    4002             :  * should be used for this timeline.
    4003             :  */
    4004             : static void
    4005        5068 : RemoveXlogFile(const struct dirent *segment_de,
    4006             :                XLogSegNo recycleSegNo, XLogSegNo *endlogSegNo,
    4007             :                TimeLineID insertTLI)
    4008             : {
    4009             :     char        path[MAXPGPATH];
    4010             : #ifdef WIN32
    4011             :     char        newpath[MAXPGPATH];
    4012             : #endif
    4013        5068 :     const char *segname = segment_de->d_name;
    4014             : 
    4015        5068 :     snprintf(path, MAXPGPATH, XLOGDIR "/%s", segname);
    4016             : 
    4017             :     /*
    4018             :      * Before deleting the file, see if it can be recycled as a future log
    4019             :      * segment. Only recycle normal files, because we don't want to recycle
    4020             :      * symbolic links pointing to a separate archive directory.
    4021             :      */
    4022        5068 :     if (wal_recycle &&
    4023        5068 :         *endlogSegNo <= recycleSegNo &&
    4024        6218 :         XLogCtl->InstallXLogFileSegmentActive && /* callee rechecks this */
    4025        5568 :         get_dirent_type(path, segment_de, false, DEBUG2) == PGFILETYPE_REG &&
    4026        2784 :         InstallXLogFileSegment(endlogSegNo, path,
    4027             :                                true, recycleSegNo, insertTLI))
    4028             :     {
    4029        2688 :         ereport(DEBUG2,
    4030             :                 (errmsg_internal("recycled write-ahead log file \"%s\"",
    4031             :                                  segname)));
    4032        2688 :         CheckpointStats.ckpt_segs_recycled++;
    4033             :         /* Needn't recheck that slot on future iterations */
    4034        2688 :         (*endlogSegNo)++;
    4035             :     }
    4036             :     else
    4037             :     {
    4038             :         /* No need for any more future segments, or recycling failed ... */
    4039             :         int         rc;
    4040             : 
    4041        2380 :         ereport(DEBUG2,
    4042             :                 (errmsg_internal("removing write-ahead log file \"%s\"",
    4043             :                                  segname)));
    4044             : 
    4045             : #ifdef WIN32
    4046             : 
    4047             :         /*
    4048             :          * On Windows, if another process (e.g another backend) holds the file
    4049             :          * open in FILE_SHARE_DELETE mode, unlink will succeed, but the file
    4050             :          * will still show up in directory listing until the last handle is
    4051             :          * closed. To avoid confusing the lingering deleted file for a live
    4052             :          * WAL file that needs to be archived, rename it before deleting it.
    4053             :          *
    4054             :          * If another process holds the file open without FILE_SHARE_DELETE
    4055             :          * flag, rename will fail. We'll try again at the next checkpoint.
    4056             :          */
    4057             :         snprintf(newpath, MAXPGPATH, "%s.deleted", path);
    4058             :         if (rename(path, newpath) != 0)
    4059             :         {
    4060             :             ereport(LOG,
    4061             :                     (errcode_for_file_access(),
    4062             :                      errmsg("could not rename file \"%s\": %m",
    4063             :                             path)));
    4064             :             return;
    4065             :         }
    4066             :         rc = durable_unlink(newpath, LOG);
    4067             : #else
    4068        2380 :         rc = durable_unlink(path, LOG);
    4069             : #endif
    4070        2380 :         if (rc != 0)
    4071             :         {
    4072             :             /* Message already logged by durable_unlink() */
    4073           0 :             return;
    4074             :         }
    4075        2380 :         CheckpointStats.ckpt_segs_removed++;
    4076             :     }
    4077             : 
    4078        5068 :     XLogArchiveCleanup(segname);
    4079             : }
    4080             : 
    4081             : /*
    4082             :  * Verify whether pg_wal, pg_wal/archive_status, and pg_wal/summaries exist.
    4083             :  * If the latter do not exist, recreate them.
    4084             :  *
    4085             :  * It is not the goal of this function to verify the contents of these
    4086             :  * directories, but to help in cases where someone has performed a cluster
    4087             :  * copy for PITR purposes but omitted pg_wal from the copy.
    4088             :  *
    4089             :  * We could also recreate pg_wal if it doesn't exist, but a deliberate
    4090             :  * policy decision was made not to.  It is fairly common for pg_wal to be
    4091             :  * a symlink, and if that was the DBA's intent then automatically making a
    4092             :  * plain directory would result in degraded performance with no notice.
    4093             :  */
    4094             : static void
    4095        1892 : ValidateXLOGDirectoryStructure(void)
    4096             : {
    4097             :     char        path[MAXPGPATH];
    4098             :     struct stat stat_buf;
    4099             : 
    4100             :     /* Check for pg_wal; if it doesn't exist, error out */
    4101        1892 :     if (stat(XLOGDIR, &stat_buf) != 0 ||
    4102        1892 :         !S_ISDIR(stat_buf.st_mode))
    4103           0 :         ereport(FATAL,
    4104             :                 (errcode_for_file_access(),
    4105             :                  errmsg("required WAL directory \"%s\" does not exist",
    4106             :                         XLOGDIR)));
    4107             : 
    4108             :     /* Check for archive_status */
    4109        1892 :     snprintf(path, MAXPGPATH, XLOGDIR "/archive_status");
    4110        1892 :     if (stat(path, &stat_buf) == 0)
    4111             :     {
    4112             :         /* Check for weird cases where it exists but isn't a directory */
    4113        1890 :         if (!S_ISDIR(stat_buf.st_mode))
    4114           0 :             ereport(FATAL,
    4115             :                     (errcode_for_file_access(),
    4116             :                      errmsg("required WAL directory \"%s\" does not exist",
    4117             :                             path)));
    4118             :     }
    4119             :     else
    4120             :     {
    4121           2 :         ereport(LOG,
    4122             :                 (errmsg("creating missing WAL directory \"%s\"", path)));
    4123           2 :         if (MakePGDirectory(path) < 0)
    4124           0 :             ereport(FATAL,
    4125             :                     (errcode_for_file_access(),
    4126             :                      errmsg("could not create missing directory \"%s\": %m",
    4127             :                             path)));
    4128             :     }
    4129             : 
    4130             :     /* Check for summaries */
    4131        1892 :     snprintf(path, MAXPGPATH, XLOGDIR "/summaries");
    4132        1892 :     if (stat(path, &stat_buf) == 0)
    4133             :     {
    4134             :         /* Check for weird cases where it exists but isn't a directory */
    4135        1890 :         if (!S_ISDIR(stat_buf.st_mode))
    4136           0 :             ereport(FATAL,
    4137             :                     (errmsg("required WAL directory \"%s\" does not exist",
    4138             :                             path)));
    4139             :     }
    4140             :     else
    4141             :     {
    4142           2 :         ereport(LOG,
    4143             :                 (errmsg("creating missing WAL directory \"%s\"", path)));
    4144           2 :         if (MakePGDirectory(path) < 0)
    4145           0 :             ereport(FATAL,
    4146             :                     (errmsg("could not create missing directory \"%s\": %m",
    4147             :                             path)));
    4148             :     }
    4149        1892 : }
    4150             : 
    4151             : /*
    4152             :  * Remove previous backup history files.  This also retries creation of
    4153             :  * .ready files for any backup history files for which XLogArchiveNotify
    4154             :  * failed earlier.
    4155             :  */
    4156             : static void
    4157         298 : CleanupBackupHistory(void)
    4158             : {
    4159             :     DIR        *xldir;
    4160             :     struct dirent *xlde;
    4161             :     char        path[MAXPGPATH + sizeof(XLOGDIR)];
    4162             : 
    4163         298 :     xldir = AllocateDir(XLOGDIR);
    4164             : 
    4165        3010 :     while ((xlde = ReadDir(xldir, XLOGDIR)) != NULL)
    4166             :     {
    4167        2414 :         if (IsBackupHistoryFileName(xlde->d_name))
    4168             :         {
    4169         314 :             if (XLogArchiveCheckDone(xlde->d_name))
    4170             :             {
    4171         248 :                 elog(DEBUG2, "removing WAL backup history file \"%s\"",
    4172             :                      xlde->d_name);
    4173         248 :                 snprintf(path, sizeof(path), XLOGDIR "/%s", xlde->d_name);
    4174         248 :                 unlink(path);
    4175         248 :                 XLogArchiveCleanup(xlde->d_name);
    4176             :             }
    4177             :         }
    4178             :     }
    4179             : 
    4180         298 :     FreeDir(xldir);
    4181         298 : }
    4182             : 
    4183             : /*
    4184             :  * I/O routines for pg_control
    4185             :  *
    4186             :  * *ControlFile is a buffer in shared memory that holds an image of the
    4187             :  * contents of pg_control.  WriteControlFile() initializes pg_control
    4188             :  * given a preloaded buffer, ReadControlFile() loads the buffer from
    4189             :  * the pg_control file (during postmaster or standalone-backend startup),
    4190             :  * and UpdateControlFile() rewrites pg_control after we modify xlog state.
    4191             :  * InitControlFile() fills the buffer with initial values.
    4192             :  *
    4193             :  * For simplicity, WriteControlFile() initializes the fields of pg_control
    4194             :  * that are related to checking backend/database compatibility, and
    4195             :  * ReadControlFile() verifies they are correct.  We could split out the
    4196             :  * I/O and compatibility-check functions, but there seems no need currently.
    4197             :  */
    4198             : 
    4199             : static void
    4200         100 : InitControlFile(uint64 sysidentifier, uint32 data_checksum_version)
    4201             : {
    4202             :     char        mock_auth_nonce[MOCK_AUTH_NONCE_LEN];
    4203             : 
    4204             :     /*
    4205             :      * Generate a random nonce. This is used for authentication requests that
    4206             :      * will fail because the user does not exist. The nonce is used to create
    4207             :      * a genuine-looking password challenge for the non-existent user, in lieu
    4208             :      * of an actual stored password.
    4209             :      */
    4210         100 :     if (!pg_strong_random(mock_auth_nonce, MOCK_AUTH_NONCE_LEN))
    4211           0 :         ereport(PANIC,
    4212             :                 (errcode(ERRCODE_INTERNAL_ERROR),
    4213             :                  errmsg("could not generate secret authorization token")));
    4214             : 
    4215         100 :     memset(ControlFile, 0, sizeof(ControlFileData));
    4216             :     /* Initialize pg_control status fields */
    4217         100 :     ControlFile->system_identifier = sysidentifier;
    4218         100 :     memcpy(ControlFile->mock_authentication_nonce, mock_auth_nonce, MOCK_AUTH_NONCE_LEN);
    4219         100 :     ControlFile->state = DB_SHUTDOWNED;
    4220         100 :     ControlFile->unloggedLSN = FirstNormalUnloggedLSN;
    4221             : 
    4222             :     /* Set important parameter values for use when replaying WAL */
    4223         100 :     ControlFile->MaxConnections = MaxConnections;
    4224         100 :     ControlFile->max_worker_processes = max_worker_processes;
    4225         100 :     ControlFile->max_wal_senders = max_wal_senders;
    4226         100 :     ControlFile->max_prepared_xacts = max_prepared_xacts;
    4227         100 :     ControlFile->max_locks_per_xact = max_locks_per_xact;
    4228         100 :     ControlFile->wal_level = wal_level;
    4229         100 :     ControlFile->wal_log_hints = wal_log_hints;
    4230         100 :     ControlFile->track_commit_timestamp = track_commit_timestamp;
    4231         100 :     ControlFile->data_checksum_version = data_checksum_version;
    4232         100 : }
    4233             : 
    4234             : static void
    4235         100 : WriteControlFile(void)
    4236             : {
    4237             :     int         fd;
    4238             :     char        buffer[PG_CONTROL_FILE_SIZE];   /* need not be aligned */
    4239             : 
    4240             :     /*
    4241             :      * Initialize version and compatibility-check fields
    4242             :      */
    4243         100 :     ControlFile->pg_control_version = PG_CONTROL_VERSION;
    4244         100 :     ControlFile->catalog_version_no = CATALOG_VERSION_NO;
    4245             : 
    4246         100 :     ControlFile->maxAlign = MAXIMUM_ALIGNOF;
    4247         100 :     ControlFile->floatFormat = FLOATFORMAT_VALUE;
    4248             : 
    4249         100 :     ControlFile->blcksz = BLCKSZ;
    4250         100 :     ControlFile->relseg_size = RELSEG_SIZE;
    4251         100 :     ControlFile->xlog_blcksz = XLOG_BLCKSZ;
    4252         100 :     ControlFile->xlog_seg_size = wal_segment_size;
    4253             : 
    4254         100 :     ControlFile->nameDataLen = NAMEDATALEN;
    4255         100 :     ControlFile->indexMaxKeys = INDEX_MAX_KEYS;
    4256             : 
    4257         100 :     ControlFile->toast_max_chunk_size = TOAST_MAX_CHUNK_SIZE;
    4258         100 :     ControlFile->loblksize = LOBLKSIZE;
    4259             : 
    4260         100 :     ControlFile->float8ByVal = true; /* vestigial */
    4261             : 
    4262             :     /*
    4263             :      * Initialize the default 'char' signedness.
    4264             :      *
    4265             :      * The signedness of the char type is implementation-defined. For instance
    4266             :      * on x86 architecture CPUs, the char data type is typically treated as
    4267             :      * signed by default, whereas on aarch architecture CPUs, it is typically
    4268             :      * treated as unsigned by default. In v17 or earlier, we accidentally let
    4269             :      * C implementation signedness affect persistent data. This led to
    4270             :      * inconsistent results when comparing char data across different
    4271             :      * platforms.
    4272             :      *
    4273             :      * This flag can be used as a hint to ensure consistent behavior for
    4274             :      * pre-v18 data files that store data sorted by the 'char' type on disk,
    4275             :      * especially in cross-platform replication scenarios.
    4276             :      *
    4277             :      * Newly created database clusters unconditionally set the default char
    4278             :      * signedness to true. pg_upgrade changes this flag for clusters that were
    4279             :      * initialized on signedness=false platforms. As a result,
    4280             :      * signedness=false setting will become rare over time. If we had known
    4281             :      * about this problem during the last development cycle that forced initdb
    4282             :      * (v8.3), we would have made all clusters signed or all clusters
    4283             :      * unsigned. Making pg_upgrade the only source of signedness=false will
    4284             :      * cause the population of database clusters to converge toward that
    4285             :      * retrospective ideal.
    4286             :      */
    4287         100 :     ControlFile->default_char_signedness = true;
    4288             : 
    4289             :     /* Contents are protected with a CRC */
    4290         100 :     INIT_CRC32C(ControlFile->crc);
    4291         100 :     COMP_CRC32C(ControlFile->crc,
    4292             :                 ControlFile,
    4293             :                 offsetof(ControlFileData, crc));
    4294         100 :     FIN_CRC32C(ControlFile->crc);
    4295             : 
    4296             :     /*
    4297             :      * We write out PG_CONTROL_FILE_SIZE bytes into pg_control, zero-padding
    4298             :      * the excess over sizeof(ControlFileData).  This reduces the odds of
    4299             :      * premature-EOF errors when reading pg_control.  We'll still fail when we
    4300             :      * check the contents of the file, but hopefully with a more specific
    4301             :      * error than "couldn't read pg_control".
    4302             :      */
    4303         100 :     memset(buffer, 0, PG_CONTROL_FILE_SIZE);
    4304         100 :     memcpy(buffer, ControlFile, sizeof(ControlFileData));
    4305             : 
    4306         100 :     fd = BasicOpenFile(XLOG_CONTROL_FILE,
    4307             :                        O_RDWR | O_CREAT | O_EXCL | PG_BINARY);
    4308         100 :     if (fd < 0)
    4309           0 :         ereport(PANIC,
    4310             :                 (errcode_for_file_access(),
    4311             :                  errmsg("could not create file \"%s\": %m",
    4312             :                         XLOG_CONTROL_FILE)));
    4313             : 
    4314         100 :     errno = 0;
    4315         100 :     pgstat_report_wait_start(WAIT_EVENT_CONTROL_FILE_WRITE);
    4316         100 :     if (write(fd, buffer, PG_CONTROL_FILE_SIZE) != PG_CONTROL_FILE_SIZE)
    4317             :     {
    4318             :         /* if write didn't set errno, assume problem is no disk space */
    4319           0 :         if (errno == 0)
    4320           0 :             errno = ENOSPC;
    4321           0 :         ereport(PANIC,
    4322             :                 (errcode_for_file_access(),
    4323             :                  errmsg("could not write to file \"%s\": %m",
    4324             :                         XLOG_CONTROL_FILE)));
    4325             :     }
    4326         100 :     pgstat_report_wait_end();
    4327             : 
    4328         100 :     pgstat_report_wait_start(WAIT_EVENT_CONTROL_FILE_SYNC);
    4329         100 :     if (pg_fsync(fd) != 0)
    4330           0 :         ereport(PANIC,
    4331             :                 (errcode_for_file_access(),
    4332             :                  errmsg("could not fsync file \"%s\": %m",
    4333             :                         XLOG_CONTROL_FILE)));
    4334         100 :     pgstat_report_wait_end();
    4335             : 
    4336         100 :     if (close(fd) != 0)
    4337           0 :         ereport(PANIC,
    4338             :                 (errcode_for_file_access(),
    4339             :                  errmsg("could not close file \"%s\": %m",
    4340             :                         XLOG_CONTROL_FILE)));
    4341         100 : }
    4342             : 
    4343             : static void
    4344        1990 : ReadControlFile(void)
    4345             : {
    4346             :     pg_crc32c   crc;
    4347             :     int         fd;
    4348             :     char        wal_segsz_str[20];
    4349             :     int         r;
    4350             : 
    4351             :     /*
    4352             :      * Read data...
    4353             :      */
    4354        1990 :     fd = BasicOpenFile(XLOG_CONTROL_FILE,
    4355             :                        O_RDWR | PG_BINARY);
    4356        1990 :     if (fd < 0)
    4357           0 :         ereport(PANIC,
    4358             :                 (errcode_for_file_access(),
    4359             :                  errmsg("could not open file \"%s\": %m",
    4360             :                         XLOG_CONTROL_FILE)));
    4361             : 
    4362        1990 :     pgstat_report_wait_start(WAIT_EVENT_CONTROL_FILE_READ);
    4363        1990 :     r = read(fd, ControlFile, sizeof(ControlFileData));
    4364        1990 :     if (r != sizeof(ControlFileData))
    4365             :     {
    4366           0 :         if (r < 0)
    4367           0 :             ereport(PANIC,
    4368             :                     (errcode_for_file_access(),
    4369             :                      errmsg("could not read file \"%s\": %m",
    4370             :                             XLOG_CONTROL_FILE)));
    4371             :         else
    4372           0 :             ereport(PANIC,
    4373             :                     (errcode(ERRCODE_DATA_CORRUPTED),
    4374             :                      errmsg("could not read file \"%s\": read %d of %zu",
    4375             :                             XLOG_CONTROL_FILE, r, sizeof(ControlFileData))));
    4376             :     }
    4377        1990 :     pgstat_report_wait_end();
    4378             : 
    4379        1990 :     close(fd);
    4380             : 
    4381             :     /*
    4382             :      * Check for expected pg_control format version.  If this is wrong, the
    4383             :      * CRC check will likely fail because we'll be checking the wrong number
    4384             :      * of bytes.  Complaining about wrong version will probably be more
    4385             :      * enlightening than complaining about wrong CRC.
    4386             :      */
    4387             : 
    4388        1990 :     if (ControlFile->pg_control_version != PG_CONTROL_VERSION && ControlFile->pg_control_version % 65536 == 0 && ControlFile->pg_control_version / 65536 != 0)
    4389           0 :         ereport(FATAL,
    4390             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4391             :                  errmsg("database files are incompatible with server"),
    4392             :                  errdetail("The database cluster was initialized with PG_CONTROL_VERSION %d (0x%08x),"
    4393             :                            " but the server was compiled with PG_CONTROL_VERSION %d (0x%08x).",
    4394             :                            ControlFile->pg_control_version, ControlFile->pg_control_version,
    4395             :                            PG_CONTROL_VERSION, PG_CONTROL_VERSION),
    4396             :                  errhint("This could be a problem of mismatched byte ordering.  It looks like you need to initdb.")));
    4397             : 
    4398        1990 :     if (ControlFile->pg_control_version != PG_CONTROL_VERSION)
    4399           0 :         ereport(FATAL,
    4400             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4401             :                  errmsg("database files are incompatible with server"),
    4402             :                  errdetail("The database cluster was initialized with PG_CONTROL_VERSION %d,"
    4403             :                            " but the server was compiled with PG_CONTROL_VERSION %d.",
    4404             :                            ControlFile->pg_control_version, PG_CONTROL_VERSION),
    4405             :                  errhint("It looks like you need to initdb.")));
    4406             : 
    4407             :     /* Now check the CRC. */
    4408        1990 :     INIT_CRC32C(crc);
    4409        1990 :     COMP_CRC32C(crc,
    4410             :                 ControlFile,
    4411             :                 offsetof(ControlFileData, crc));
    4412        1990 :     FIN_CRC32C(crc);
    4413             : 
    4414        1990 :     if (!EQ_CRC32C(crc, ControlFile->crc))
    4415           0 :         ereport(FATAL,
    4416             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4417             :                  errmsg("incorrect checksum in control file")));
    4418             : 
    4419             :     /*
    4420             :      * Do compatibility checking immediately.  If the database isn't
    4421             :      * compatible with the backend executable, we want to abort before we can
    4422             :      * possibly do any damage.
    4423             :      */
    4424        1990 :     if (ControlFile->catalog_version_no != CATALOG_VERSION_NO)
    4425           0 :         ereport(FATAL,
    4426             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4427             :                  errmsg("database files are incompatible with server"),
    4428             :         /* translator: %s is a variable name and %d is its value */
    4429             :                  errdetail("The database cluster was initialized with %s %d,"
    4430             :                            " but the server was compiled with %s %d.",
    4431             :                            "CATALOG_VERSION_NO", ControlFile->catalog_version_no,
    4432             :                            "CATALOG_VERSION_NO", CATALOG_VERSION_NO),
    4433             :                  errhint("It looks like you need to initdb.")));
    4434        1990 :     if (ControlFile->maxAlign != MAXIMUM_ALIGNOF)
    4435           0 :         ereport(FATAL,
    4436             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4437             :                  errmsg("database files are incompatible with server"),
    4438             :         /* translator: %s is a variable name and %d is its value */
    4439             :                  errdetail("The database cluster was initialized with %s %d,"
    4440             :                            " but the server was compiled with %s %d.",
    4441             :                            "MAXALIGN", ControlFile->maxAlign,
    4442             :                            "MAXALIGN", MAXIMUM_ALIGNOF),
    4443             :                  errhint("It looks like you need to initdb.")));
    4444        1990 :     if (ControlFile->floatFormat != FLOATFORMAT_VALUE)
    4445           0 :         ereport(FATAL,
    4446             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4447             :                  errmsg("database files are incompatible with server"),
    4448             :                  errdetail("The database cluster appears to use a different floating-point number format than the server executable."),
    4449             :                  errhint("It looks like you need to initdb.")));
    4450        1990 :     if (ControlFile->blcksz != BLCKSZ)
    4451           0 :         ereport(FATAL,
    4452             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4453             :                  errmsg("database files are incompatible with server"),
    4454             :         /* translator: %s is a variable name and %d is its value */
    4455             :                  errdetail("The database cluster was initialized with %s %d,"
    4456             :                            " but the server was compiled with %s %d.",
    4457             :                            "BLCKSZ", ControlFile->blcksz,
    4458             :                            "BLCKSZ", BLCKSZ),
    4459             :                  errhint("It looks like you need to recompile or initdb.")));
    4460        1990 :     if (ControlFile->relseg_size != RELSEG_SIZE)
    4461           0 :         ereport(FATAL,
    4462             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4463             :                  errmsg("database files are incompatible with server"),
    4464             :         /* translator: %s is a variable name and %d is its value */
    4465             :                  errdetail("The database cluster was initialized with %s %d,"
    4466             :                            " but the server was compiled with %s %d.",
    4467             :                            "RELSEG_SIZE", ControlFile->relseg_size,
    4468             :                            "RELSEG_SIZE", RELSEG_SIZE),
    4469             :                  errhint("It looks like you need to recompile or initdb.")));
    4470        1990 :     if (ControlFile->xlog_blcksz != XLOG_BLCKSZ)
    4471           0 :         ereport(FATAL,
    4472             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4473             :                  errmsg("database files are incompatible with server"),
    4474             :         /* translator: %s is a variable name and %d is its value */
    4475             :                  errdetail("The database cluster was initialized with %s %d,"
    4476             :                            " but the server was compiled with %s %d.",
    4477             :                            "XLOG_BLCKSZ", ControlFile->xlog_blcksz,
    4478             :                            "XLOG_BLCKSZ", XLOG_BLCKSZ),
    4479             :                  errhint("It looks like you need to recompile or initdb.")));
    4480        1990 :     if (ControlFile->nameDataLen != NAMEDATALEN)
    4481           0 :         ereport(FATAL,
    4482             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4483             :                  errmsg("database files are incompatible with server"),
    4484             :         /* translator: %s is a variable name and %d is its value */
    4485             :                  errdetail("The database cluster was initialized with %s %d,"
    4486             :                            " but the server was compiled with %s %d.",
    4487             :                            "NAMEDATALEN", ControlFile->nameDataLen,
    4488             :                            "NAMEDATALEN", NAMEDATALEN),
    4489             :                  errhint("It looks like you need to recompile or initdb.")));
    4490        1990 :     if (ControlFile->indexMaxKeys != INDEX_MAX_KEYS)
    4491           0 :         ereport(FATAL,
    4492             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4493             :                  errmsg("database files are incompatible with server"),
    4494             :         /* translator: %s is a variable name and %d is its value */
    4495             :                  errdetail("The database cluster was initialized with %s %d,"
    4496             :                            " but the server was compiled with %s %d.",
    4497             :                            "INDEX_MAX_KEYS", ControlFile->indexMaxKeys,
    4498             :                            "INDEX_MAX_KEYS", INDEX_MAX_KEYS),
    4499             :                  errhint("It looks like you need to recompile or initdb.")));
    4500        1990 :     if (ControlFile->toast_max_chunk_size != TOAST_MAX_CHUNK_SIZE)
    4501           0 :         ereport(FATAL,
    4502             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4503             :                  errmsg("database files are incompatible with server"),
    4504             :         /* translator: %s is a variable name and %d is its value */
    4505             :                  errdetail("The database cluster was initialized with %s %d,"
    4506             :                            " but the server was compiled with %s %d.",
    4507             :                            "TOAST_MAX_CHUNK_SIZE", ControlFile->toast_max_chunk_size,
    4508             :                            "TOAST_MAX_CHUNK_SIZE", (int) TOAST_MAX_CHUNK_SIZE),
    4509             :                  errhint("It looks like you need to recompile or initdb.")));
    4510        1990 :     if (ControlFile->loblksize != LOBLKSIZE)
    4511           0 :         ereport(FATAL,
    4512             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    4513             :                  errmsg("database files are incompatible with server"),
    4514             :         /* translator: %s is a variable name and %d is its value */
    4515             :                  errdetail("The database cluster was initialized with %s %d,"
    4516             :                            " but the server was compiled with %s %d.",
    4517             :                            "LOBLKSIZE", ControlFile->loblksize,
    4518             :                            "LOBLKSIZE", (int) LOBLKSIZE),
    4519             :                  errhint("It looks like you need to recompile or initdb.")));
    4520             : 
    4521             :     Assert(ControlFile->float8ByVal);    /* vestigial, not worth an error msg */
    4522             : 
    4523        1990 :     wal_segment_size = ControlFile->xlog_seg_size;
    4524             : 
    4525        1990 :     if (!IsValidWalSegSize(wal_segment_size))
    4526           0 :         ereport(ERROR, (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    4527             :                         errmsg_plural("invalid WAL segment size in control file (%d byte)",
    4528             :                                       "invalid WAL segment size in control file (%d bytes)",
    4529             :                                       wal_segment_size,
    4530             :                                       wal_segment_size),
    4531             :                         errdetail("The WAL segment size must be a power of two between 1 MB and 1 GB.")));
    4532             : 
    4533        1990 :     snprintf(wal_segsz_str, sizeof(wal_segsz_str), "%d", wal_segment_size);
    4534        1990 :     SetConfigOption("wal_segment_size", wal_segsz_str, PGC_INTERNAL,
    4535             :                     PGC_S_DYNAMIC_DEFAULT);
    4536             : 
    4537             :     /* check and update variables dependent on wal_segment_size */
    4538        1990 :     if (ConvertToXSegs(min_wal_size_mb, wal_segment_size) < 2)
    4539           0 :         ereport(ERROR, (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    4540             :         /* translator: both %s are GUC names */
    4541             :                         errmsg("\"%s\" must be at least twice \"%s\"",
    4542             :                                "min_wal_size", "wal_segment_size")));
    4543             : 
    4544        1990 :     if (ConvertToXSegs(max_wal_size_mb, wal_segment_size) < 2)
    4545           0 :         ereport(ERROR, (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    4546             :         /* translator: both %s are GUC names */
    4547             :                         errmsg("\"%s\" must be at least twice \"%s\"",
    4548             :                                "max_wal_size", "wal_segment_size")));
    4549             : 
    4550        1990 :     UsableBytesInSegment =
    4551        1990 :         (wal_segment_size / XLOG_BLCKSZ * UsableBytesInPage) -
    4552             :         (SizeOfXLogLongPHD - SizeOfXLogShortPHD);
    4553             : 
    4554        1990 :     CalculateCheckpointSegments();
    4555             : 
    4556             :     /* Make the initdb settings visible as GUC variables, too */
    4557        1990 :     SetConfigOption("data_checksums", DataChecksumsEnabled() ? "yes" : "no",
    4558             :                     PGC_INTERNAL, PGC_S_DYNAMIC_DEFAULT);
    4559        1990 : }
    4560             : 
    4561             : /*
    4562             :  * Utility wrapper to update the control file.  Note that the control
    4563             :  * file gets flushed.
    4564             :  */
    4565             : static void
    4566       18038 : UpdateControlFile(void)
    4567             : {
    4568       18038 :     update_controlfile(DataDir, ControlFile, true);
    4569       18038 : }
    4570             : 
    4571             : /*
    4572             :  * Returns the unique system identifier from control file.
    4573             :  */
    4574             : uint64
    4575        2796 : GetSystemIdentifier(void)
    4576             : {
    4577             :     Assert(ControlFile != NULL);
    4578        2796 :     return ControlFile->system_identifier;
    4579             : }
    4580             : 
    4581             : /*
    4582             :  * Returns the random nonce from control file.
    4583             :  */
    4584             : char *
    4585           2 : GetMockAuthenticationNonce(void)
    4586             : {
    4587             :     Assert(ControlFile != NULL);
    4588           2 :     return ControlFile->mock_authentication_nonce;
    4589             : }
    4590             : 
    4591             : /*
    4592             :  * Are checksums enabled for data pages?
    4593             :  */
    4594             : bool
    4595    19631476 : DataChecksumsEnabled(void)
    4596             : {
    4597             :     Assert(ControlFile != NULL);
    4598    19631476 :     return (ControlFile->data_checksum_version > 0);
    4599             : }
    4600             : 
    4601             : /*
    4602             :  * Return true if the cluster was initialized on a platform where the
    4603             :  * default signedness of char is "signed". This function exists for code
    4604             :  * that deals with pre-v18 data files that store data sorted by the 'char'
    4605             :  * type on disk (e.g., GIN and GiST indexes). See the comments in
    4606             :  * WriteControlFile() for details.
    4607             :  */
    4608             : bool
    4609           6 : GetDefaultCharSignedness(void)
    4610             : {
    4611           6 :     return ControlFile->default_char_signedness;
    4612             : }
    4613             : 
    4614             : /*
    4615             :  * Returns a fake LSN for unlogged relations.
    4616             :  *
    4617             :  * Each call generates an LSN that is greater than any previous value
    4618             :  * returned. The current counter value is saved and restored across clean
    4619             :  * shutdowns, but like unlogged relations, does not survive a crash. This can
    4620             :  * be used in lieu of real LSN values returned by XLogInsert, if you need an
    4621             :  * LSN-like increasing sequence of numbers without writing any WAL.
    4622             :  */
    4623             : XLogRecPtr
    4624          66 : GetFakeLSNForUnloggedRel(void)
    4625             : {
    4626          66 :     return pg_atomic_fetch_add_u64(&XLogCtl->unloggedLSN, 1);
    4627             : }
    4628             : 
    4629             : /*
    4630             :  * Auto-tune the number of XLOG buffers.
    4631             :  *
    4632             :  * The preferred setting for wal_buffers is about 3% of shared_buffers, with
    4633             :  * a maximum of one XLOG segment (there is little reason to think that more
    4634             :  * is helpful, at least so long as we force an fsync when switching log files)
    4635             :  * and a minimum of 8 blocks (which was the default value prior to PostgreSQL
    4636             :  * 9.1, when auto-tuning was added).
    4637             :  *
    4638             :  * This should not be called until NBuffers has received its final value.
    4639             :  */
    4640             : static int
    4641        2170 : XLOGChooseNumBuffers(void)
    4642             : {
    4643             :     int         xbuffers;
    4644             : 
    4645        2170 :     xbuffers = NBuffers / 32;
    4646        2170 :     if (xbuffers > (wal_segment_size / XLOG_BLCKSZ))
    4647          48 :         xbuffers = (wal_segment_size / XLOG_BLCKSZ);
    4648        2170 :     if (xbuffers < 8)
    4649         844 :         xbuffers = 8;
    4650        2170 :     return xbuffers;
    4651             : }
    4652             : 
    4653             : /*
    4654             :  * GUC check_hook for wal_buffers
    4655             :  */
    4656             : bool
    4657        4420 : check_wal_buffers(int *newval, void **extra, GucSource source)
    4658             : {
    4659             :     /*
    4660             :      * -1 indicates a request for auto-tune.
    4661             :      */
    4662        4420 :     if (*newval == -1)
    4663             :     {
    4664             :         /*
    4665             :          * If we haven't yet changed the boot_val default of -1, just let it
    4666             :          * be.  We'll fix it when XLOGShmemSize is called.
    4667             :          */
    4668        2250 :         if (XLOGbuffers == -1)
    4669        2250 :             return true;
    4670             : 
    4671             :         /* Otherwise, substitute the auto-tune value */
    4672           0 :         *newval = XLOGChooseNumBuffers();
    4673             :     }
    4674             : 
    4675             :     /*
    4676             :      * We clamp manually-set values to at least 4 blocks.  Prior to PostgreSQL
    4677             :      * 9.1, a minimum of 4 was enforced by guc.c, but since that is no longer
    4678             :      * the case, we just silently treat such values as a request for the
    4679             :      * minimum.  (We could throw an error instead, but that doesn't seem very
    4680             :      * helpful.)
    4681             :      */
    4682        2170 :     if (*newval < 4)
    4683           0 :         *newval = 4;
    4684             : 
    4685        2170 :     return true;
    4686             : }
    4687             : 
    4688             : /*
    4689             :  * GUC check_hook for wal_consistency_checking
    4690             :  */
    4691             : bool
    4692        4046 : check_wal_consistency_checking(char **newval, void **extra, GucSource source)
    4693             : {
    4694             :     char       *rawstring;
    4695             :     List       *elemlist;
    4696             :     ListCell   *l;
    4697             :     bool        newwalconsistency[RM_MAX_ID + 1];
    4698             : 
    4699             :     /* Initialize the array */
    4700      133518 :     MemSet(newwalconsistency, 0, (RM_MAX_ID + 1) * sizeof(bool));
    4701             : 
    4702             :     /* Need a modifiable copy of string */
    4703        4046 :     rawstring = pstrdup(*newval);
    4704             : 
    4705             :     /* Parse string into list of identifiers */
    4706        4046 :     if (!SplitIdentifierString(rawstring, ',', &elemlist))
    4707             :     {
    4708             :         /* syntax error in list */
    4709           0 :         GUC_check_errdetail("List syntax is invalid.");
    4710           0 :         pfree(rawstring);
    4711           0 :         list_free(elemlist);
    4712           0 :         return false;
    4713             :     }
    4714             : 
    4715        4950 :     foreach(l, elemlist)
    4716             :     {
    4717         904 :         char       *tok = (char *) lfirst(l);
    4718             :         int         rmid;
    4719             : 
    4720             :         /* Check for 'all'. */
    4721         904 :         if (pg_strcasecmp(tok, "all") == 0)
    4722             :         {
    4723      231300 :             for (rmid = 0; rmid <= RM_MAX_ID; rmid++)
    4724      230400 :                 if (RmgrIdExists(rmid) && GetRmgr(rmid).rm_mask != NULL)
    4725        9000 :                     newwalconsistency[rmid] = true;
    4726             :         }
    4727             :         else
    4728             :         {
    4729             :             /* Check if the token matches any known resource manager. */
    4730           4 :             bool        found = false;
    4731             : 
    4732          72 :             for (rmid = 0; rmid <= RM_MAX_ID; rmid++)
    4733             :             {
    4734         108 :                 if (RmgrIdExists(rmid) && GetRmgr(rmid).rm_mask != NULL &&
    4735          36 :                     pg_strcasecmp(tok, GetRmgr(rmid).rm_name) == 0)
    4736             :                 {
    4737           4 :                     newwalconsistency[rmid] = true;
    4738           4 :                     found = true;
    4739           4 :                     break;
    4740             :                 }
    4741             :             }
    4742           4 :             if (!found)
    4743             :             {
    4744             :                 /*
    4745             :                  * During startup, it might be a not-yet-loaded custom
    4746             :                  * resource manager.  Defer checking until
    4747             :                  * InitializeWalConsistencyChecking().
    4748             :                  */
    4749           0 :                 if (!process_shared_preload_libraries_done)
    4750             :                 {
    4751           0 :                     check_wal_consistency_checking_deferred = true;
    4752             :                 }
    4753             :                 else
    4754             :                 {
    4755           0 :                     GUC_check_errdetail("Unrecognized key word: \"%s\".", tok);
    4756           0 :                     pfree(rawstring);
    4757           0 :                     list_free(elemlist);
    4758           0 :                     return false;
    4759             :                 }
    4760             :             }
    4761             :         }
    4762             :     }
    4763             : 
    4764        4046 :     pfree(rawstring);
    4765        4046 :     list_free(elemlist);
    4766             : 
    4767             :     /* assign new value */
    4768        4046 :     *extra = guc_malloc(LOG, (RM_MAX_ID + 1) * sizeof(bool));
    4769        4046 :     if (!*extra)
    4770           0 :         return false;
    4771        4046 :     memcpy(*extra, newwalconsistency, (RM_MAX_ID + 1) * sizeof(bool));
    4772        4046 :     return true;
    4773             : }
    4774             : 
    4775             : /*
    4776             :  * GUC assign_hook for wal_consistency_checking
    4777             :  */
    4778             : void
    4779        4044 : assign_wal_consistency_checking(const char *newval, void *extra)
    4780             : {
    4781             :     /*
    4782             :      * If some checks were deferred, it's possible that the checks will fail
    4783             :      * later during InitializeWalConsistencyChecking(). But in that case, the
    4784             :      * postmaster will exit anyway, so it's safe to proceed with the
    4785             :      * assignment.
    4786             :      *
    4787             :      * Any built-in resource managers specified are assigned immediately,
    4788             :      * which affects WAL created before shared_preload_libraries are
    4789             :      * processed. Any custom resource managers specified won't be assigned
    4790             :      * until after shared_preload_libraries are processed, but that's OK
    4791             :      * because WAL for a custom resource manager can't be written before the
    4792             :      * module is loaded anyway.
    4793             :      */
    4794        4044 :     wal_consistency_checking = extra;
    4795        4044 : }
    4796             : 
    4797             : /*
    4798             :  * InitializeWalConsistencyChecking: run after loading custom resource managers
    4799             :  *
    4800             :  * If any unknown resource managers were specified in the
    4801             :  * wal_consistency_checking GUC, processing was deferred.  Now that
    4802             :  * shared_preload_libraries have been loaded, process wal_consistency_checking
    4803             :  * again.
    4804             :  */
    4805             : void
    4806        1870 : InitializeWalConsistencyChecking(void)
    4807             : {
    4808             :     Assert(process_shared_preload_libraries_done);
    4809             : 
    4810        1870 :     if (check_wal_consistency_checking_deferred)
    4811             :     {
    4812             :         struct config_generic *guc;
    4813             : 
    4814           0 :         guc = find_option("wal_consistency_checking", false, false, ERROR);
    4815             : 
    4816           0 :         check_wal_consistency_checking_deferred = false;
    4817             : 
    4818           0 :         set_config_option_ext("wal_consistency_checking",
    4819             :                               wal_consistency_checking_string,
    4820             :                               guc->scontext, guc->source, guc->srole,
    4821             :                               GUC_ACTION_SET, true, ERROR, false);
    4822             : 
    4823             :         /* checking should not be deferred again */
    4824             :         Assert(!check_wal_consistency_checking_deferred);
    4825             :     }
    4826        1870 : }
    4827             : 
    4828             : /*
    4829             :  * GUC show_hook for archive_command
    4830             :  */
    4831             : const char *
    4832        3452 : show_archive_command(void)
    4833             : {
    4834        3452 :     if (XLogArchivingActive())
    4835           4 :         return XLogArchiveCommand;
    4836             :     else
    4837        3448 :         return "(disabled)";
    4838             : }
    4839             : 
    4840             : /*
    4841             :  * GUC show_hook for in_hot_standby
    4842             :  */
    4843             : const char *
    4844       30100 : show_in_hot_standby(void)
    4845             : {
    4846             :     /*
    4847             :      * We display the actual state based on shared memory, so that this GUC
    4848             :      * reports up-to-date state if examined intra-query.  The underlying
    4849             :      * variable (in_hot_standby_guc) changes only when we transmit a new value
    4850             :      * to the client.
    4851             :      */
    4852       30100 :     return RecoveryInProgress() ? "on" : "off";
    4853             : }
    4854             : 
    4855             : /*
    4856             :  * Read the control file, set respective GUCs.
    4857             :  *
    4858             :  * This is to be called during startup, including a crash recovery cycle,
    4859             :  * unless in bootstrap mode, where no control file yet exists.  As there's no
    4860             :  * usable shared memory yet (its sizing can depend on the contents of the
    4861             :  * control file!), first store the contents in local memory. XLOGShmemInit()
    4862             :  * will then copy it to shared memory later.
    4863             :  *
    4864             :  * reset just controls whether previous contents are to be expected (in the
    4865             :  * reset case, there's a dangling pointer into old shared memory), or not.
    4866             :  */
    4867             : void
    4868        1890 : LocalProcessControlFile(bool reset)
    4869             : {
    4870             :     Assert(reset || ControlFile == NULL);
    4871        1890 :     ControlFile = palloc(sizeof(ControlFileData));
    4872        1890 :     ReadControlFile();
    4873        1890 : }
    4874             : 
    4875             : /*
    4876             :  * Get the wal_level from the control file. For a standby, this value should be
    4877             :  * considered as its active wal_level, because it may be different from what
    4878             :  * was originally configured on standby.
    4879             :  */
    4880             : WalLevel
    4881         138 : GetActiveWalLevelOnStandby(void)
    4882             : {
    4883         138 :     return ControlFile->wal_level;
    4884             : }
    4885             : 
    4886             : /*
    4887             :  * Initialization of shared memory for XLOG
    4888             :  */
    4889             : Size
    4890        6222 : XLOGShmemSize(void)
    4891             : {
    4892             :     Size        size;
    4893             : 
    4894             :     /*
    4895             :      * If the value of wal_buffers is -1, use the preferred auto-tune value.
    4896             :      * This isn't an amazingly clean place to do this, but we must wait till
    4897             :      * NBuffers has received its final value, and must do it before using the
    4898             :      * value of XLOGbuffers to do anything important.
    4899             :      *
    4900             :      * We prefer to report this value's source as PGC_S_DYNAMIC_DEFAULT.
    4901             :      * However, if the DBA explicitly set wal_buffers = -1 in the config file,
    4902             :      * then PGC_S_DYNAMIC_DEFAULT will fail to override that and we must force
    4903             :      * the matter with PGC_S_OVERRIDE.
    4904             :      */
    4905        6222 :     if (XLOGbuffers == -1)
    4906             :     {
    4907             :         char        buf[32];
    4908             : 
    4909        2170 :         snprintf(buf, sizeof(buf), "%d", XLOGChooseNumBuffers());
    4910        2170 :         SetConfigOption("wal_buffers", buf, PGC_POSTMASTER,
    4911             :                         PGC_S_DYNAMIC_DEFAULT);
    4912        2170 :         if (XLOGbuffers == -1)  /* failed to apply it? */
    4913           0 :             SetConfigOption("wal_buffers", buf, PGC_POSTMASTER,
    4914             :                             PGC_S_OVERRIDE);
    4915             :     }
    4916             :     Assert(XLOGbuffers > 0);
    4917             : 
    4918             :     /* XLogCtl */
    4919        6222 :     size = sizeof(XLogCtlData);
    4920             : 
    4921             :     /* WAL insertion locks, plus alignment */
    4922        6222 :     size = add_size(size, mul_size(sizeof(WALInsertLockPadded), NUM_XLOGINSERT_LOCKS + 1));
    4923             :     /* xlblocks array */
    4924        6222 :     size = add_size(size, mul_size(sizeof(pg_atomic_uint64), XLOGbuffers));
    4925             :     /* extra alignment padding for XLOG I/O buffers */
    4926        6222 :     size = add_size(size, Max(XLOG_BLCKSZ, PG_IO_ALIGN_SIZE));
    4927             :     /* and the buffers themselves */
    4928        6222 :     size = add_size(size, mul_size(XLOG_BLCKSZ, XLOGbuffers));
    4929             : 
    4930             :     /*
    4931             :      * Note: we don't count ControlFileData, it comes out of the "slop factor"
    4932             :      * added by CreateSharedMemoryAndSemaphores.  This lets us use this
    4933             :      * routine again below to compute the actual allocation size.
    4934             :      */
    4935             : 
    4936        6222 :     return size;
    4937             : }
    4938             : 
    4939             : void
    4940        2174 : XLOGShmemInit(void)
    4941             : {
    4942             :     bool        foundCFile,
    4943             :                 foundXLog;
    4944             :     char       *allocptr;
    4945             :     int         i;
    4946             :     ControlFileData *localControlFile;
    4947             : 
    4948             : #ifdef WAL_DEBUG
    4949             : 
    4950             :     /*
    4951             :      * Create a memory context for WAL debugging that's exempt from the normal
    4952             :      * "no pallocs in critical section" rule. Yes, that can lead to a PANIC if
    4953             :      * an allocation fails, but wal_debug is not for production use anyway.
    4954             :      */
    4955             :     if (walDebugCxt == NULL)
    4956             :     {
    4957             :         walDebugCxt = AllocSetContextCreate(TopMemoryContext,
    4958             :                                             "WAL Debug",
    4959             :                                             ALLOCSET_DEFAULT_SIZES);
    4960             :         MemoryContextAllowInCriticalSection(walDebugCxt, true);
    4961             :     }
    4962             : #endif
    4963             : 
    4964             : 
    4965        2174 :     XLogCtl = (XLogCtlData *)
    4966        2174 :         ShmemInitStruct("XLOG Ctl", XLOGShmemSize(), &foundXLog);
    4967             : 
    4968        2174 :     localControlFile = ControlFile;
    4969        2174 :     ControlFile = (ControlFileData *)
    4970        2174 :         ShmemInitStruct("Control File", sizeof(ControlFileData), &foundCFile);
    4971             : 
    4972        2174 :     if (foundCFile || foundXLog)
    4973             :     {
    4974             :         /* both should be present or neither */
    4975             :         Assert(foundCFile && foundXLog);
    4976             : 
    4977             :         /* Initialize local copy of WALInsertLocks */
    4978           0 :         WALInsertLocks = XLogCtl->Insert.WALInsertLocks;
    4979             : 
    4980           0 :         if (localControlFile)
    4981           0 :             pfree(localControlFile);
    4982           0 :         return;
    4983             :     }
    4984        2174 :     memset(XLogCtl, 0, sizeof(XLogCtlData));
    4985             : 
    4986             :     /*
    4987             :      * Already have read control file locally, unless in bootstrap mode. Move
    4988             :      * contents into shared memory.
    4989             :      */
    4990        2174 :     if (localControlFile)
    4991             :     {
    4992        1874 :         memcpy(ControlFile, localControlFile, sizeof(ControlFileData));
    4993        1874 :         pfree(localControlFile);
    4994             :     }
    4995             : 
    4996             :     /*
    4997             :      * Since XLogCtlData contains XLogRecPtr fields, its sizeof should be a
    4998             :      * multiple of the alignment for same, so no extra alignment padding is
    4999             :      * needed here.
    5000             :      */
    5001        2174 :     allocptr = ((char *) XLogCtl) + sizeof(XLogCtlData);
    5002        2174 :     XLogCtl->xlblocks = (pg_atomic_uint64 *) allocptr;
    5003        2174 :     allocptr += sizeof(pg_atomic_uint64) * XLOGbuffers;
    5004             : 
    5005      620330 :     for (i = 0; i < XLOGbuffers; i++)
    5006             :     {
    5007      618156 :         pg_atomic_init_u64(&XLogCtl->xlblocks[i], InvalidXLogRecPtr);
    5008             :     }
    5009             : 
    5010             :     /* WAL insertion locks. Ensure they're aligned to the full padded size */
    5011        2174 :     allocptr += sizeof(WALInsertLockPadded) -
    5012        2174 :         ((uintptr_t) allocptr) % sizeof(WALInsertLockPadded);
    5013        2174 :     WALInsertLocks = XLogCtl->Insert.WALInsertLocks =
    5014             :         (WALInsertLockPadded *) allocptr;
    5015        2174 :     allocptr += sizeof(WALInsertLockPadded) * NUM_XLOGINSERT_LOCKS;
    5016             : 
    5017       19566 :     for (i = 0; i < NUM_XLOGINSERT_LOCKS; i++)
    5018             :     {
    5019       17392 :         LWLockInitialize(&WALInsertLocks[i].l.lock, LWTRANCHE_WAL_INSERT);
    5020       17392 :         pg_atomic_init_u64(&WALInsertLocks[i].l.insertingAt, InvalidXLogRecPtr);
    5021       17392 :         WALInsertLocks[i].l.lastImportantAt = InvalidXLogRecPtr;
    5022             :     }
    5023             : 
    5024             :     /*
    5025             :      * Align the start of the page buffers to a full xlog block size boundary.
    5026             :      * This simplifies some calculations in XLOG insertion. It is also
    5027             :      * required for O_DIRECT.
    5028             :      */
    5029        2174 :     allocptr = (char *) TYPEALIGN(XLOG_BLCKSZ, allocptr);
    5030        2174 :     XLogCtl->pages = allocptr;
    5031        2174 :     memset(XLogCtl->pages, 0, (Size) XLOG_BLCKSZ * XLOGbuffers);
    5032             : 
    5033             :     /*
    5034             :      * Do basic initialization of XLogCtl shared data. (StartupXLOG will fill
    5035             :      * in additional info.)
    5036             :      */
    5037        2174 :     XLogCtl->XLogCacheBlck = XLOGbuffers - 1;
    5038        2174 :     XLogCtl->SharedRecoveryState = RECOVERY_STATE_CRASH;
    5039        2174 :     XLogCtl->InstallXLogFileSegmentActive = false;
    5040        2174 :     XLogCtl->WalWriterSleeping = false;
    5041             : 
    5042        2174 :     SpinLockInit(&XLogCtl->Insert.insertpos_lck);
    5043        2174 :     SpinLockInit(&XLogCtl->info_lck);
    5044        2174 :     pg_atomic_init_u64(&XLogCtl->logInsertResult, InvalidXLogRecPtr);
    5045        2174 :     pg_atomic_init_u64(&XLogCtl->logWriteResult, InvalidXLogRecPtr);
    5046        2174 :     pg_atomic_init_u64(&XLogCtl->logFlushResult, InvalidXLogRecPtr);
    5047        2174 :     pg_atomic_init_u64(&XLogCtl->unloggedLSN, InvalidXLogRecPtr);
    5048             : }
    5049             : 
    5050             : /*
    5051             :  * This func must be called ONCE on system install.  It creates pg_control
    5052             :  * and the initial XLOG segment.
    5053             :  */
    5054             : void
    5055         100 : BootStrapXLOG(uint32 data_checksum_version)
    5056             : {
    5057             :     CheckPoint  checkPoint;
    5058             :     char       *buffer;
    5059             :     XLogPageHeader page;
    5060             :     XLogLongPageHeader longpage;
    5061             :     XLogRecord *record;
    5062             :     char       *recptr;
    5063             :     uint64      sysidentifier;
    5064             :     struct timeval tv;
    5065             :     pg_crc32c   crc;
    5066             : 
    5067             :     /* allow ordinary WAL segment creation, like StartupXLOG() would */
    5068         100 :     SetInstallXLogFileSegmentActive();
    5069             : 
    5070             :     /*
    5071             :      * Select a hopefully-unique system identifier code for this installation.
    5072             :      * We use the result of gettimeofday(), including the fractional seconds
    5073             :      * field, as being about as unique as we can easily get.  (Think not to
    5074             :      * use random(), since it hasn't been seeded and there's no portable way
    5075             :      * to seed it other than the system clock value...)  The upper half of the
    5076             :      * uint64 value is just the tv_sec part, while the lower half contains the
    5077             :      * tv_usec part (which must fit in 20 bits), plus 12 bits from our current
    5078             :      * PID for a little extra uniqueness.  A person knowing this encoding can
    5079             :      * determine the initialization time of the installation, which could
    5080             :      * perhaps be useful sometimes.
    5081             :      */
    5082         100 :     gettimeofday(&tv, NULL);
    5083         100 :     sysidentifier = ((uint64) tv.tv_sec) << 32;
    5084         100 :     sysidentifier |= ((uint64) tv.tv_usec) << 12;
    5085         100 :     sysidentifier |= getpid() & 0xFFF;
    5086             : 
    5087             :     /* page buffer must be aligned suitably for O_DIRECT */
    5088         100 :     buffer = (char *) palloc(XLOG_BLCKSZ + XLOG_BLCKSZ);
    5089         100 :     page = (XLogPageHeader) TYPEALIGN(XLOG_BLCKSZ, buffer);
    5090         100 :     memset(page, 0, XLOG_BLCKSZ);
    5091             : 
    5092             :     /*
    5093             :      * Set up information for the initial checkpoint record
    5094             :      *
    5095             :      * The initial checkpoint record is written to the beginning of the WAL
    5096             :      * segment with logid=0 logseg=1. The very first WAL segment, 0/0, is not
    5097             :      * used, so that we can use 0/0 to mean "before any valid WAL segment".
    5098             :      */
    5099         100 :     checkPoint.redo = wal_segment_size + SizeOfXLogLongPHD;
    5100         100 :     checkPoint.ThisTimeLineID = BootstrapTimeLineID;
    5101         100 :     checkPoint.PrevTimeLineID = BootstrapTimeLineID;
    5102         100 :     checkPoint.fullPageWrites = fullPageWrites;
    5103         100 :     checkPoint.wal_level = wal_level;
    5104             :     checkPoint.nextXid =
    5105         100 :         FullTransactionIdFromEpochAndXid(0, FirstNormalTransactionId);
    5106         100 :     checkPoint.nextOid = FirstGenbkiObjectId;
    5107         100 :     checkPoint.nextMulti = FirstMultiXactId;
    5108         100 :     checkPoint.nextMultiOffset = 0;
    5109         100 :     checkPoint.oldestXid = FirstNormalTransactionId;
    5110         100 :     checkPoint.oldestXidDB = Template1DbOid;
    5111         100 :     checkPoint.oldestMulti = FirstMultiXactId;
    5112         100 :     checkPoint.oldestMultiDB = Template1DbOid;
    5113         100 :     checkPoint.oldestCommitTsXid = InvalidTransactionId;
    5114         100 :     checkPoint.newestCommitTsXid = InvalidTransactionId;
    5115         100 :     checkPoint.time = (pg_time_t) time(NULL);
    5116         100 :     checkPoint.oldestActiveXid = InvalidTransactionId;
    5117             : 
    5118         100 :     TransamVariables->nextXid = checkPoint.nextXid;
    5119         100 :     TransamVariables->nextOid = checkPoint.nextOid;
    5120         100 :     TransamVariables->oidCount = 0;
    5121         100 :     MultiXactSetNextMXact(checkPoint.nextMulti, checkPoint.nextMultiOffset);
    5122         100 :     AdvanceOldestClogXid(checkPoint.oldestXid);
    5123         100 :     SetTransactionIdLimit(checkPoint.oldestXid, checkPoint.oldestXidDB);
    5124         100 :     SetMultiXactIdLimit(checkPoint.oldestMulti, checkPoint.oldestMultiDB, true);
    5125         100 :     SetCommitTsLimit(InvalidTransactionId, InvalidTransactionId);
    5126             : 
    5127             :     /* Set up the XLOG page header */
    5128         100 :     page->xlp_magic = XLOG_PAGE_MAGIC;
    5129         100 :     page->xlp_info = XLP_LONG_HEADER;
    5130         100 :     page->xlp_tli = BootstrapTimeLineID;
    5131         100 :     page->xlp_pageaddr = wal_segment_size;
    5132         100 :     longpage = (XLogLongPageHeader) page;
    5133         100 :     longpage->xlp_sysid = sysidentifier;
    5134         100 :     longpage->xlp_seg_size = wal_segment_size;
    5135         100 :     longpage->xlp_xlog_blcksz = XLOG_BLCKSZ;
    5136             : 
    5137             :     /* Insert the initial checkpoint record */
    5138         100 :     recptr = ((char *) page + SizeOfXLogLongPHD);
    5139         100 :     record = (XLogRecord *) recptr;
    5140         100 :     record->xl_prev = 0;
    5141         100 :     record->xl_xid = InvalidTransactionId;
    5142         100 :     record->xl_tot_len = SizeOfXLogRecord + SizeOfXLogRecordDataHeaderShort + sizeof(checkPoint);
    5143         100 :     record->xl_info = XLOG_CHECKPOINT_SHUTDOWN;
    5144         100 :     record->xl_rmid = RM_XLOG_ID;
    5145         100 :     recptr += SizeOfXLogRecord;
    5146             :     /* fill the XLogRecordDataHeaderShort struct */
    5147         100 :     *(recptr++) = (char) XLR_BLOCK_ID_DATA_SHORT;
    5148         100 :     *(recptr++) = sizeof(checkPoint);
    5149         100 :     memcpy(recptr, &checkPoint, sizeof(checkPoint));
    5150         100 :     recptr += sizeof(checkPoint);
    5151             :     Assert(recptr - (char *) record == record->xl_tot_len);
    5152             : 
    5153         100 :     INIT_CRC32C(crc);
    5154         100 :     COMP_CRC32C(crc, ((char *) record) + SizeOfXLogRecord, record->xl_tot_len - SizeOfXLogRecord);
    5155         100 :     COMP_CRC32C(crc, (char *) record, offsetof(XLogRecord, xl_crc));
    5156         100 :     FIN_CRC32C(crc);
    5157         100 :     record->xl_crc = crc;
    5158             : 
    5159             :     /* Create first XLOG segment file */
    5160         100 :     openLogTLI = BootstrapTimeLineID;
    5161         100 :     openLogFile = XLogFileInit(1, BootstrapTimeLineID);
    5162             : 
    5163             :     /*
    5164             :      * We needn't bother with Reserve/ReleaseExternalFD here, since we'll
    5165             :      * close the file again in a moment.
    5166             :      */
    5167             : 
    5168             :     /* Write the first page with the initial record */
    5169         100 :     errno = 0;
    5170         100 :     pgstat_report_wait_start(WAIT_EVENT_WAL_BOOTSTRAP_WRITE);
    5171         100 :     if (write(openLogFile, page, XLOG_BLCKSZ) != XLOG_BLCKSZ)
    5172             :     {
    5173             :         /* if write didn't set errno, assume problem is no disk space */
    5174           0 :         if (errno == 0)
    5175           0 :             errno = ENOSPC;
    5176           0 :         ereport(PANIC,
    5177             :                 (errcode_for_file_access(),
    5178             :                  errmsg("could not write bootstrap write-ahead log file: %m")));
    5179             :     }
    5180         100 :     pgstat_report_wait_end();
    5181             : 
    5182         100 :     pgstat_report_wait_start(WAIT_EVENT_WAL_BOOTSTRAP_SYNC);
    5183         100 :     if (pg_fsync(openLogFile) != 0)
    5184           0 :         ereport(PANIC,
    5185             :                 (errcode_for_file_access(),
    5186             :                  errmsg("could not fsync bootstrap write-ahead log file: %m")));
    5187         100 :     pgstat_report_wait_end();
    5188             : 
    5189         100 :     if (close(openLogFile) != 0)
    5190           0 :         ereport(PANIC,
    5191             :                 (errcode_for_file_access(),
    5192             :                  errmsg("could not close bootstrap write-ahead log file: %m")));
    5193             : 
    5194         100 :     openLogFile = -1;
    5195             : 
    5196             :     /* Now create pg_control */
    5197         100 :     InitControlFile(sysidentifier, data_checksum_version);
    5198         100 :     ControlFile->time = checkPoint.time;
    5199         100 :     ControlFile->checkPoint = checkPoint.redo;
    5200         100 :     ControlFile->checkPointCopy = checkPoint;
    5201             : 
    5202             :     /* some additional ControlFile fields are set in WriteControlFile() */
    5203         100 :     WriteControlFile();
    5204             : 
    5205             :     /* Bootstrap the commit log, too */
    5206         100 :     BootStrapCLOG();
    5207         100 :     BootStrapCommitTs();
    5208         100 :     BootStrapSUBTRANS();
    5209         100 :     BootStrapMultiXact();
    5210             : 
    5211         100 :     pfree(buffer);
    5212             : 
    5213             :     /*
    5214             :      * Force control file to be read - in contrast to normal processing we'd
    5215             :      * otherwise never run the checks and GUC related initializations therein.
    5216             :      */
    5217         100 :     ReadControlFile();
    5218         100 : }
    5219             : 
    5220             : static char *
    5221        1672 : str_time(pg_time_t tnow, char *buf, size_t bufsize)
    5222             : {
    5223        1672 :     pg_strftime(buf, bufsize,
    5224             :                 "%Y-%m-%d %H:%M:%S %Z",
    5225        1672 :                 pg_localtime(&tnow, log_timezone));
    5226             : 
    5227        1672 :     return buf;
    5228             : }
    5229             : 
    5230             : /*
    5231             :  * Initialize the first WAL segment on new timeline.
    5232             :  */
    5233             : static void
    5234          98 : XLogInitNewTimeline(TimeLineID endTLI, XLogRecPtr endOfLog, TimeLineID newTLI)
    5235             : {
    5236             :     char        xlogfname[MAXFNAMELEN];
    5237             :     XLogSegNo   endLogSegNo;
    5238             :     XLogSegNo   startLogSegNo;
    5239             : 
    5240             :     /* we always switch to a new timeline after archive recovery */
    5241             :     Assert(endTLI != newTLI);
    5242             : 
    5243             :     /*
    5244             :      * Update min recovery point one last time.
    5245             :      */
    5246          98 :     UpdateMinRecoveryPoint(InvalidXLogRecPtr, true);
    5247             : 
    5248             :     /*
    5249             :      * Calculate the last segment on the old timeline, and the first segment
    5250             :      * on the new timeline. If the switch happens in the middle of a segment,
    5251             :      * they are the same, but if the switch happens exactly at a segment
    5252             :      * boundary, startLogSegNo will be endLogSegNo + 1.
    5253             :      */
    5254          98 :     XLByteToPrevSeg(endOfLog, endLogSegNo, wal_segment_size);
    5255          98 :     XLByteToSeg(endOfLog, startLogSegNo, wal_segment_size);
    5256             : 
    5257             :     /*
    5258             :      * Initialize the starting WAL segment for the new timeline. If the switch
    5259             :      * happens in the middle of a segment, copy data from the last WAL segment
    5260             :      * of the old timeline up to the switch point, to the starting WAL segment
    5261             :      * on the new timeline.
    5262             :      */
    5263          98 :     if (endLogSegNo == startLogSegNo)
    5264             :     {
    5265             :         /*
    5266             :          * Make a copy of the file on the new timeline.
    5267             :          *
    5268             :          * Writing WAL isn't allowed yet, so there are no locking
    5269             :          * considerations. But we should be just as tense as XLogFileInit to
    5270             :          * avoid emplacing a bogus file.
    5271             :          */
    5272          76 :         XLogFileCopy(newTLI, endLogSegNo, endTLI, endLogSegNo,
    5273          76 :                      XLogSegmentOffset(endOfLog, wal_segment_size));
    5274             :     }
    5275             :     else
    5276             :     {
    5277             :         /*
    5278             :          * The switch happened at a segment boundary, so just create the next
    5279             :          * segment on the new timeline.
    5280             :          */
    5281             :         int         fd;
    5282             : 
    5283          22 :         fd = XLogFileInit(startLogSegNo, newTLI);
    5284             : 
    5285          22 :         if (close(fd) != 0)
    5286             :         {
    5287           0 :             int         save_errno = errno;
    5288             : 
    5289           0 :             XLogFileName(xlogfname, newTLI, startLogSegNo, wal_segment_size);
    5290           0 :             errno = save_errno;
    5291           0 :             ereport(ERROR,
    5292             :                     (errcode_for_file_access(),
    5293             :                      errmsg("could not close file \"%s\": %m", xlogfname)));
    5294             :         }
    5295             :     }
    5296             : 
    5297             :     /*
    5298             :      * Let's just make real sure there are not .ready or .done flags posted
    5299             :      * for the new segment.
    5300             :      */
    5301          98 :     XLogFileName(xlogfname, newTLI, startLogSegNo, wal_segment_size);
    5302          98 :     XLogArchiveCleanup(xlogfname);
    5303          98 : }
    5304             : 
    5305             : /*
    5306             :  * Perform cleanup actions at the conclusion of archive recovery.
    5307             :  */
    5308             : static void
    5309          98 : CleanupAfterArchiveRecovery(TimeLineID EndOfLogTLI, XLogRecPtr EndOfLog,
    5310             :                             TimeLineID newTLI)
    5311             : {
    5312             :     /*
    5313             :      * Execute the recovery_end_command, if any.
    5314             :      */
    5315          98 :     if (recoveryEndCommand && strcmp(recoveryEndCommand, "") != 0)
    5316           4 :         ExecuteRecoveryCommand(recoveryEndCommand,
    5317             :                                "recovery_end_command",
    5318             :                                true,
    5319             :                                WAIT_EVENT_RECOVERY_END_COMMAND);
    5320             : 
    5321             :     /*
    5322             :      * We switched to a new timeline. Clean up segments on the old timeline.
    5323             :      *
    5324             :      * If there are any higher-numbered segments on the old timeline, remove
    5325             :      * them. They might contain valid WAL, but they might also be
    5326             :      * pre-allocated files containing garbage. In any case, they are not part
    5327             :      * of the new timeline's history so we don't need them.
    5328             :      */
    5329          98 :     RemoveNonParentXlogFiles(EndOfLog, newTLI);
    5330             : 
    5331             :     /*
    5332             :      * If the switch happened in the middle of a segment, what to do with the
    5333             :      * last, partial segment on the old timeline? If we don't archive it, and
    5334             :      * the server that created the WAL never archives it either (e.g. because
    5335             :      * it was hit by a meteor), it will never make it to the archive. That's
    5336             :      * OK from our point of view, because the new segment that we created with
    5337             :      * the new TLI contains all the WAL from the old timeline up to the switch
    5338             :      * point. But if you later try to do PITR to the "missing" WAL on the old
    5339             :      * timeline, recovery won't find it in the archive. It's physically
    5340             :      * present in the new file with new TLI, but recovery won't look there
    5341             :      * when it's recovering to the older timeline. On the other hand, if we
    5342             :      * archive the partial segment, and the original server on that timeline
    5343             :      * is still running and archives the completed version of the same segment
    5344             :      * later, it will fail. (We used to do that in 9.4 and below, and it
    5345             :      * caused such problems).
    5346             :      *
    5347             :      * As a compromise, we rename the last segment with the .partial suffix,
    5348             :      * and archive it. Archive recovery will never try to read .partial
    5349             :      * segments, so they will normally go unused. But in the odd PITR case,
    5350             :      * the administrator can copy them manually to the pg_wal directory
    5351             :      * (removing the suffix). They can be useful in debugging, too.
    5352             :      *
    5353             :      * If a .done or .ready file already exists for the old timeline, however,
    5354             :      * we had already determined that the segment is complete, so we can let
    5355             :      * it be archived normally. (In particular, if it was restored from the
    5356             :      * archive to begin with, it's expected to have a .done file).
    5357             :      */
    5358          98 :     if (XLogSegmentOffset(EndOfLog, wal_segment_size) != 0 &&
    5359             :         XLogArchivingActive())
    5360             :     {
    5361             :         char        origfname[MAXFNAMELEN];
    5362             :         XLogSegNo   endLogSegNo;
    5363             : 
    5364          18 :         XLByteToPrevSeg(EndOfLog, endLogSegNo, wal_segment_size);
    5365          18 :         XLogFileName(origfname, EndOfLogTLI, endLogSegNo, wal_segment_size);
    5366             : 
    5367          18 :         if (!XLogArchiveIsReadyOrDone(origfname))
    5368             :         {
    5369             :             char        origpath[MAXPGPATH];
    5370             :             char        partialfname[MAXFNAMELEN];
    5371             :             char        partialpath[MAXPGPATH];
    5372             : 
    5373             :             /*
    5374             :              * If we're summarizing WAL, we can't rename the partial file
    5375             :              * until the summarizer finishes with it, else it will fail.
    5376             :              */
    5377          10 :             if (summarize_wal)
    5378           2 :                 WaitForWalSummarization(EndOfLog);
    5379             : 
    5380          10 :             XLogFilePath(origpath, EndOfLogTLI, endLogSegNo, wal_segment_size);
    5381          10 :             snprintf(partialfname, MAXFNAMELEN, "%s.partial", origfname);
    5382          10 :             snprintf(partialpath, MAXPGPATH, "%s.partial", origpath);
    5383             : 
    5384             :             /*
    5385             :              * Make sure there's no .done or .ready file for the .partial
    5386             :              * file.
    5387             :              */
    5388          10 :             XLogArchiveCleanup(partialfname);
    5389             : 
    5390          10 :             durable_rename(origpath, partialpath, ERROR);
    5391          10 :             XLogArchiveNotify(partialfname);
    5392             :         }
    5393             :     }
    5394          98 : }
    5395             : 
    5396             : /*
    5397             :  * Check to see if required parameters are set high enough on this server
    5398             :  * for various aspects of recovery operation.
    5399             :  *
    5400             :  * Note that all the parameters which this function tests need to be
    5401             :  * listed in Administrator's Overview section in high-availability.sgml.
    5402             :  * If you change them, don't forget to update the list.
    5403             :  */
    5404             : static void
    5405         492 : CheckRequiredParameterValues(void)
    5406             : {
    5407             :     /*
    5408             :      * For archive recovery, the WAL must be generated with at least 'replica'
    5409             :      * wal_level.
    5410             :      */
    5411         492 :     if (ArchiveRecoveryRequested && ControlFile->wal_level == WAL_LEVEL_MINIMAL)
    5412             :     {
    5413           4 :         ereport(FATAL,
    5414             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    5415             :                  errmsg("WAL was generated with \"wal_level=minimal\", cannot continue recovering"),
    5416             :                  errdetail("This happens if you temporarily set \"wal_level=minimal\" on the server."),
    5417             :                  errhint("Use a backup taken after setting \"wal_level\" to higher than \"minimal\".")));
    5418             :     }
    5419             : 
    5420             :     /*
    5421             :      * For Hot Standby, the WAL must be generated with 'replica' mode, and we
    5422             :      * must have at least as many backend slots as the primary.
    5423             :      */
    5424         488 :     if (ArchiveRecoveryRequested && EnableHotStandby)
    5425             :     {
    5426             :         /* We ignore autovacuum_worker_slots when we make this test. */
    5427         246 :         RecoveryRequiresIntParameter("max_connections",
    5428             :                                      MaxConnections,
    5429         246 :                                      ControlFile->MaxConnections);
    5430         246 :         RecoveryRequiresIntParameter("max_worker_processes",
    5431             :                                      max_worker_processes,
    5432         246 :                                      ControlFile->max_worker_processes);
    5433         246 :         RecoveryRequiresIntParameter("max_wal_senders",
    5434             :                                      max_wal_senders,
    5435         246 :                                      ControlFile->max_wal_senders);
    5436         246 :         RecoveryRequiresIntParameter("max_prepared_transactions",
    5437             :                                      max_prepared_xacts,
    5438         246 :                                      ControlFile->max_prepared_xacts);
    5439         246 :         RecoveryRequiresIntParameter("max_locks_per_transaction",
    5440             :                                      max_locks_per_xact,
    5441         246 :                                      ControlFile->max_locks_per_xact);
    5442             :     }
    5443         488 : }
    5444             : 
    5445             : /*
    5446             :  * This must be called ONCE during postmaster or standalone-backend startup
    5447             :  */
    5448             : void
    5449        1892 : StartupXLOG(void)
    5450             : {
    5451             :     XLogCtlInsert *Insert;
    5452             :     CheckPoint  checkPoint;
    5453             :     bool        wasShutdown;
    5454             :     bool        didCrash;
    5455             :     bool        haveTblspcMap;
    5456             :     bool        haveBackupLabel;
    5457             :     XLogRecPtr  EndOfLog;
    5458             :     TimeLineID  EndOfLogTLI;
    5459             :     TimeLineID  newTLI;
    5460             :     bool        performedWalRecovery;
    5461             :     EndOfWalRecoveryInfo *endOfRecoveryInfo;
    5462             :     XLogRecPtr  abortedRecPtr;
    5463             :     XLogRecPtr  missingContrecPtr;
    5464             :     TransactionId oldestActiveXID;
    5465        1892 :     bool        promoted = false;
    5466             :     char        timebuf[128];
    5467             : 
    5468             :     /*
    5469             :      * We should have an aux process resource owner to use, and we should not
    5470             :      * be in a transaction that's installed some other resowner.
    5471             :      */
    5472             :     Assert(AuxProcessResourceOwner != NULL);
    5473             :     Assert(CurrentResourceOwner == NULL ||
    5474             :            CurrentResourceOwner == AuxProcessResourceOwner);
    5475        1892 :     CurrentResourceOwner = AuxProcessResourceOwner;
    5476             : 
    5477             :     /*
    5478             :      * Check that contents look valid.
    5479             :      */
    5480        1892 :     if (!XRecOffIsValid(ControlFile->checkPoint))
    5481           0 :         ereport(FATAL,
    5482             :                 (errcode(ERRCODE_DATA_CORRUPTED),
    5483             :                  errmsg("control file contains invalid checkpoint location")));
    5484             : 
    5485        1892 :     switch (ControlFile->state)
    5486             :     {
    5487        1476 :         case DB_SHUTDOWNED:
    5488             : 
    5489             :             /*
    5490             :              * This is the expected case, so don't be chatty in standalone
    5491             :              * mode
    5492             :              */
    5493        1476 :             ereport(IsPostmasterEnvironment ? LOG : NOTICE,
    5494             :                     (errmsg("database system was shut down at %s",
    5495             :                             str_time(ControlFile->time,
    5496             :                                      timebuf, sizeof(timebuf)))));
    5497        1476 :             break;
    5498             : 
    5499          64 :         case DB_SHUTDOWNED_IN_RECOVERY:
    5500          64 :             ereport(LOG,
    5501             :                     (errmsg("database system was shut down in recovery at %s",
    5502             :                             str_time(ControlFile->time,
    5503             :                                      timebuf, sizeof(timebuf)))));
    5504          64 :             break;
    5505             : 
    5506           0 :         case DB_SHUTDOWNING:
    5507           0 :             ereport(LOG,
    5508             :                     (errmsg("database system shutdown was interrupted; last known up at %s",
    5509             :                             str_time(ControlFile->time,
    5510             :                                      timebuf, sizeof(timebuf)))));
    5511           0 :             break;
    5512             : 
    5513           0 :         case DB_IN_CRASH_RECOVERY:
    5514           0 :             ereport(LOG,
    5515             :                     (errmsg("database system was interrupted while in recovery at %s",
    5516             :                             str_time(ControlFile->time,
    5517             :                                      timebuf, sizeof(timebuf))),
    5518             :                      errhint("This probably means that some data is corrupted and"
    5519             :                              " you will have to use the last backup for recovery.")));
    5520           0 :             break;
    5521             : 
    5522          14 :         case DB_IN_ARCHIVE_RECOVERY:
    5523          14 :             ereport(LOG,
    5524             :                     (errmsg("database system was interrupted while in recovery at log time %s",
    5525             :                             str_time(ControlFile->checkPointCopy.time,
    5526             :                                      timebuf, sizeof(timebuf))),
    5527             :                      errhint("If this has occurred more than once some data might be corrupted"
    5528             :                              " and you might need to choose an earlier recovery target.")));
    5529          14 :             break;
    5530             : 
    5531         338 :         case DB_IN_PRODUCTION:
    5532         338 :             ereport(LOG,
    5533             :                     (errmsg("database system was interrupted; last known up at %s",
    5534             :                             str_time(ControlFile->time,
    5535             :                                      timebuf, sizeof(timebuf)))));
    5536         338 :             break;
    5537             : 
    5538           0 :         default:
    5539           0 :             ereport(FATAL,
    5540             :                     (errcode(ERRCODE_DATA_CORRUPTED),
    5541             :                      errmsg("control file contains invalid database cluster state")));
    5542             :     }
    5543             : 
    5544             :     /* This is just to allow attaching to startup process with a debugger */
    5545             : #ifdef XLOG_REPLAY_DELAY
    5546             :     if (ControlFile->state != DB_SHUTDOWNED)
    5547             :         pg_usleep(60000000L);
    5548             : #endif
    5549             : 
    5550             :     /*
    5551             :      * Verify that pg_wal, pg_wal/archive_status, and pg_wal/summaries exist.
    5552             :      * In cases where someone has performed a copy for PITR, these directories
    5553             :      * may have been excluded and need to be re-created.
    5554             :      */
    5555        1892 :     ValidateXLOGDirectoryStructure();
    5556             : 
    5557             :     /* Set up timeout handler needed to report startup progress. */
    5558        1892 :     if (!IsBootstrapProcessingMode())
    5559        1792 :         RegisterTimeout(STARTUP_PROGRESS_TIMEOUT,
    5560             :                         startup_progress_timeout_handler);
    5561             : 
    5562             :     /*----------
    5563             :      * If we previously crashed, perform a couple of actions:
    5564             :      *
    5565             :      * - The pg_wal directory may still include some temporary WAL segments
    5566             :      *   used when creating a new segment, so perform some clean up to not
    5567             :      *   bloat this path.  This is done first as there is no point to sync
    5568             :      *   this temporary data.
    5569             :      *
    5570             :      * - There might be data which we had written, intending to fsync it, but
    5571             :      *   which we had not actually fsync'd yet.  Therefore, a power failure in
    5572             :      *   the near future might cause earlier unflushed writes to be lost, even
    5573             :      *   though more recent data written to disk from here on would be
    5574             :      *   persisted.  To avoid that, fsync the entire data directory.
    5575             :      */
    5576        1892 :     if (ControlFile->state != DB_SHUTDOWNED &&
    5577         416 :         ControlFile->state != DB_SHUTDOWNED_IN_RECOVERY)
    5578             :     {
    5579         352 :         RemoveTempXlogFiles();
    5580         352 :         SyncDataDirectory();
    5581         352 :         didCrash = true;
    5582             :     }
    5583             :     else
    5584        1540 :         didCrash = false;
    5585             : 
    5586             :     /*
    5587             :      * Prepare for WAL recovery if needed.
    5588             :      *
    5589             :      * InitWalRecovery analyzes the control file and the backup label file, if
    5590             :      * any.  It updates the in-memory ControlFile buffer according to the
    5591             :      * starting checkpoint, and sets InRecovery and ArchiveRecoveryRequested.
    5592             :      * It also applies the tablespace map file, if any.
    5593             :      */
    5594        1892 :     InitWalRecovery(ControlFile, &wasShutdown,
    5595             :                     &haveBackupLabel, &haveTblspcMap);
    5596        1892 :     checkPoint = ControlFile->checkPointCopy;
    5597             : 
    5598             :     /* initialize shared memory variables from the checkpoint record */
    5599        1892 :     TransamVariables->nextXid = checkPoint.nextXid;
    5600        1892 :     TransamVariables->nextOid = checkPoint.nextOid;
    5601        1892 :     TransamVariables->oidCount = 0;
    5602        1892 :     MultiXactSetNextMXact(checkPoint.nextMulti, checkPoint.nextMultiOffset);
    5603        1892 :     AdvanceOldestClogXid(checkPoint.oldestXid);
    5604        1892 :     SetTransactionIdLimit(checkPoint.oldestXid, checkPoint.oldestXidDB);
    5605        1892 :     SetMultiXactIdLimit(checkPoint.oldestMulti, checkPoint.oldestMultiDB, true);
    5606        1892 :     SetCommitTsLimit(checkPoint.oldestCommitTsXid,
    5607             :                      checkPoint.newestCommitTsXid);
    5608             : 
    5609             :     /*
    5610             :      * Clear out any old relcache cache files.  This is *necessary* if we do
    5611             :      * any WAL replay, since that would probably result in the cache files
    5612             :      * being out of sync with database reality.  In theory we could leave them
    5613             :      * in place if the database had been cleanly shut down, but it seems
    5614             :      * safest to just remove them always and let them be rebuilt during the
    5615             :      * first backend startup.  These files needs to be removed from all
    5616             :      * directories including pg_tblspc, however the symlinks are created only
    5617             :      * after reading tablespace_map file in case of archive recovery from
    5618             :      * backup, so needs to clear old relcache files here after creating
    5619             :      * symlinks.
    5620             :      */
    5621        1892 :     RelationCacheInitFileRemove();
    5622             : 
    5623             :     /*
    5624             :      * Initialize replication slots, before there's a chance to remove
    5625             :      * required resources.
    5626             :      */
    5627        1892 :     StartupReplicationSlots();
    5628             : 
    5629             :     /*
    5630             :      * Startup logical state, needs to be setup now so we have proper data
    5631             :      * during crash recovery.
    5632             :      */
    5633        1890 :     StartupReorderBuffer();
    5634             : 
    5635             :     /*
    5636             :      * Startup CLOG. This must be done after TransamVariables->nextXid has
    5637             :      * been initialized and before we accept connections or begin WAL replay.
    5638             :      */
    5639        1890 :     StartupCLOG();
    5640             : 
    5641             :     /*
    5642             :      * Startup MultiXact. We need to do this early to be able to replay
    5643             :      * truncations.
    5644             :      */
    5645        1890 :     StartupMultiXact();
    5646             : 
    5647             :     /*
    5648             :      * Ditto for commit timestamps.  Activate the facility if the setting is
    5649             :      * enabled in the control file, as there should be no tracking of commit
    5650             :      * timestamps done when the setting was disabled.  This facility can be
    5651             :      * started or stopped when replaying a XLOG_PARAMETER_CHANGE record.
    5652             :      */
    5653        1890 :     if (ControlFile->track_commit_timestamp)
    5654          28 :         StartupCommitTs();
    5655             : 
    5656             :     /*
    5657             :      * Recover knowledge about replay progress of known replication partners.
    5658             :      */
    5659        1890 :     StartupReplicationOrigin();
    5660             : 
    5661             :     /*
    5662             :      * Initialize unlogged LSN. On a clean shutdown, it's restored from the
    5663             :      * control file. On recovery, all unlogged relations are blown away, so
    5664             :      * the unlogged LSN counter can be reset too.
    5665             :      */
    5666        1890 :     if (ControlFile->state == DB_SHUTDOWNED)
    5667        1462 :         pg_atomic_write_membarrier_u64(&XLogCtl->unloggedLSN,
    5668        1462 :                                        ControlFile->unloggedLSN);
    5669             :     else
    5670         428 :         pg_atomic_write_membarrier_u64(&XLogCtl->unloggedLSN,
    5671             :                                        FirstNormalUnloggedLSN);
    5672             : 
    5673             :     /*
    5674             :      * Copy any missing timeline history files between 'now' and the recovery
    5675             :      * target timeline from archive to pg_wal. While we don't need those files
    5676             :      * ourselves - the history file of the recovery target timeline covers all
    5677             :      * the previous timelines in the history too - a cascading standby server
    5678             :      * might be interested in them. Or, if you archive the WAL from this
    5679             :      * server to a different archive than the primary, it'd be good for all
    5680             :      * the history files to get archived there after failover, so that you can
    5681             :      * use one of the old timelines as a PITR target. Timeline history files
    5682             :      * are small, so it's better to copy them unnecessarily than not copy them
    5683             :      * and regret later.
    5684             :      */
    5685        1890 :     restoreTimeLineHistoryFiles(checkPoint.ThisTimeLineID, recoveryTargetTLI);
    5686             : 
    5687             :     /*
    5688             :      * Before running in recovery, scan pg_twophase and fill in its status to
    5689             :      * be able to work on entries generated by redo.  Doing a scan before
    5690             :      * taking any recovery action has the merit to discard any 2PC files that
    5691             :      * are newer than the first record to replay, saving from any conflicts at
    5692             :      * replay.  This avoids as well any subsequent scans when doing recovery
    5693             :      * of the on-disk two-phase data.
    5694             :      */
    5695        1890 :     restoreTwoPhaseData();
    5696             : 
    5697             :     /*
    5698             :      * When starting with crash recovery, reset pgstat data - it might not be
    5699             :      * valid. Otherwise restore pgstat data. It's safe to do this here,
    5700             :      * because postmaster will not yet have started any other processes.
    5701             :      *
    5702             :      * NB: Restoring replication slot stats relies on slot state to have
    5703             :      * already been restored from disk.
    5704             :      *
    5705             :      * TODO: With a bit of extra work we could just start with a pgstat file
    5706             :      * associated with the checkpoint redo location we're starting from.
    5707             :      */
    5708        1890 :     if (didCrash)
    5709         352 :         pgstat_discard_stats();
    5710             :     else
    5711        1538 :         pgstat_restore_stats();
    5712             : 
    5713        1890 :     lastFullPageWrites = checkPoint.fullPageWrites;
    5714             : 
    5715        1890 :     RedoRecPtr = XLogCtl->RedoRecPtr = XLogCtl->Insert.RedoRecPtr = checkPoint.redo;
    5716        1890 :     doPageWrites = lastFullPageWrites;
    5717             : 
    5718             :     /* REDO */
    5719        1890 :     if (InRecovery)
    5720             :     {
    5721             :         /* Initialize state for RecoveryInProgress() */
    5722         428 :         SpinLockAcquire(&XLogCtl->info_lck);
    5723         428 :         if (InArchiveRecovery)
    5724         224 :             XLogCtl->SharedRecoveryState = RECOVERY_STATE_ARCHIVE;
    5725             :         else
    5726         204 :             XLogCtl->SharedRecoveryState = RECOVERY_STATE_CRASH;
    5727         428 :         SpinLockRelease(&XLogCtl->info_lck);
    5728             : 
    5729             :         /*
    5730             :          * Update pg_control to show that we are recovering and to show the
    5731             :          * selected checkpoint as the place we are starting from. We also mark
    5732             :          * pg_control with any minimum recovery stop point obtained from a
    5733             :          * backup history file.
    5734             :          *
    5735             :          * No need to hold ControlFileLock yet, we aren't up far enough.
    5736             :          */
    5737         428 :         UpdateControlFile();
    5738             : 
    5739             :         /*
    5740             :          * If there was a backup label file, it's done its job and the info
    5741             :          * has now been propagated into pg_control.  We must get rid of the
    5742             :          * label file so that if we crash during recovery, we'll pick up at
    5743             :          * the latest recovery restartpoint instead of going all the way back
    5744             :          * to the backup start point.  It seems prudent though to just rename
    5745             :          * the file out of the way rather than delete it completely.
    5746             :          */
    5747         428 :         if (haveBackupLabel)
    5748             :         {
    5749         144 :             unlink(BACKUP_LABEL_OLD);
    5750         144 :             durable_rename(BACKUP_LABEL_FILE, BACKUP_LABEL_OLD, FATAL);
    5751             :         }
    5752             : 
    5753             :         /*
    5754             :          * If there was a tablespace_map file, it's done its job and the
    5755             :          * symlinks have been created.  We must get rid of the map file so
    5756             :          * that if we crash during recovery, we don't create symlinks again.
    5757             :          * It seems prudent though to just rename the file out of the way
    5758             :          * rather than delete it completely.
    5759             :          */
    5760         428 :         if (haveTblspcMap)
    5761             :         {
    5762           4 :             unlink(TABLESPACE_MAP_OLD);
    5763           4 :             durable_rename(TABLESPACE_MAP, TABLESPACE_MAP_OLD, FATAL);
    5764             :         }
    5765             : 
    5766             :         /*
    5767             :          * Initialize our local copy of minRecoveryPoint.  When doing crash
    5768             :          * recovery we want to replay up to the end of WAL.  Particularly, in
    5769             :          * the case of a promoted standby minRecoveryPoint value in the
    5770             :          * control file is only updated after the first checkpoint.  However,
    5771             :          * if the instance crashes before the first post-recovery checkpoint
    5772             :          * is completed then recovery will use a stale location causing the
    5773             :          * startup process to think that there are still invalid page
    5774             :          * references when checking for data consistency.
    5775             :          */
    5776         428 :         if (InArchiveRecovery)
    5777             :         {
    5778         224 :             LocalMinRecoveryPoint = ControlFile->minRecoveryPoint;
    5779         224 :             LocalMinRecoveryPointTLI = ControlFile->minRecoveryPointTLI;
    5780             :         }
    5781             :         else
    5782             :         {
    5783         204 :             LocalMinRecoveryPoint = InvalidXLogRecPtr;
    5784         204 :             LocalMinRecoveryPointTLI = 0;
    5785             :         }
    5786             : 
    5787             :         /* Check that the GUCs used to generate the WAL allow recovery */
    5788         428 :         CheckRequiredParameterValues();
    5789             : 
    5790             :         /*
    5791             :          * We're in recovery, so unlogged relations may be trashed and must be
    5792             :          * reset.  This should be done BEFORE allowing Hot Standby
    5793             :          * connections, so that read-only backends don't try to read whatever
    5794             :          * garbage is left over from before.
    5795             :          */
    5796         428 :         ResetUnloggedRelations(UNLOGGED_RELATION_CLEANUP);
    5797             : 
    5798             :         /*
    5799             :          * Likewise, delete any saved transaction snapshot files that got left
    5800             :          * behind by crashed backends.
    5801             :          */
    5802         428 :         DeleteAllExportedSnapshotFiles();
    5803             : 
    5804             :         /*
    5805             :          * Initialize for Hot Standby, if enabled. We won't let backends in
    5806             :          * yet, not until we've reached the min recovery point specified in
    5807             :          * control file and we've established a recovery snapshot from a
    5808             :          * running-xacts WAL record.
    5809             :          */
    5810         428 :         if (ArchiveRecoveryRequested && EnableHotStandby)
    5811             :         {
    5812             :             TransactionId *xids;
    5813             :             int         nxids;
    5814             : 
    5815         212 :             ereport(DEBUG1,
    5816             :                     (errmsg_internal("initializing for hot standby")));
    5817             : 
    5818         212 :             InitRecoveryTransactionEnvironment();
    5819             : 
    5820         212 :             if (wasShutdown)
    5821          52 :                 oldestActiveXID = PrescanPreparedTransactions(&xids, &nxids);
    5822             :             else
    5823         160 :                 oldestActiveXID = checkPoint.oldestActiveXid;
    5824             :             Assert(TransactionIdIsValid(oldestActiveXID));
    5825             : 
    5826             :             /* Tell procarray about the range of xids it has to deal with */
    5827         212 :             ProcArrayInitRecovery(XidFromFullTransactionId(TransamVariables->nextXid));
    5828             : 
    5829             :             /*
    5830             :              * Startup subtrans only.  CLOG, MultiXact and commit timestamp
    5831             :              * have already been started up and other SLRUs are not maintained
    5832             :              * during recovery and need not be started yet.
    5833             :              */
    5834         212 :             StartupSUBTRANS(oldestActiveXID);
    5835             : 
    5836             :             /*
    5837             :              * If we're beginning at a shutdown checkpoint, we know that
    5838             :              * nothing was running on the primary at this point. So fake-up an
    5839             :              * empty running-xacts record and use that here and now. Recover
    5840             :              * additional standby state for prepared transactions.
    5841             :              */
    5842         212 :             if (wasShutdown)
    5843             :             {
    5844             :                 RunningTransactionsData running;
    5845             :                 TransactionId latestCompletedXid;
    5846             : 
    5847             :                 /* Update pg_subtrans entries for any prepared transactions */
    5848          52 :                 StandbyRecoverPreparedTransactions();
    5849             : 
    5850             :                 /*
    5851             :                  * Construct a RunningTransactions snapshot representing a
    5852             :                  * shut down server, with only prepared transactions still
    5853             :                  * alive. We're never overflowed at this point because all
    5854             :                  * subxids are listed with their parent prepared transactions.
    5855             :                  */
    5856          52 :                 running.xcnt = nxids;
    5857          52 :                 running.subxcnt = 0;
    5858          52 :                 running.subxid_status = SUBXIDS_IN_SUBTRANS;
    5859          52 :                 running.nextXid = XidFromFullTransactionId(checkPoint.nextXid);
    5860          52 :                 running.oldestRunningXid = oldestActiveXID;
    5861          52 :                 latestCompletedXid = XidFromFullTransactionId(checkPoint.nextXid);
    5862          52 :                 TransactionIdRetreat(latestCompletedXid);
    5863             :                 Assert(TransactionIdIsNormal(latestCompletedXid));
    5864          52 :                 running.latestCompletedXid = latestCompletedXid;
    5865          52 :                 running.xids = xids;
    5866             : 
    5867          52 :                 ProcArrayApplyRecoveryInfo(&running);
    5868             :             }
    5869             :         }
    5870             : 
    5871             :         /*
    5872             :          * We're all set for replaying the WAL now. Do it.
    5873             :          */
    5874         428 :         PerformWalRecovery();
    5875         310 :         performedWalRecovery = true;
    5876             :     }
    5877             :     else
    5878        1462 :         performedWalRecovery = false;
    5879             : 
    5880             :     /*
    5881             :      * Finish WAL recovery.
    5882             :      */
    5883        1772 :     endOfRecoveryInfo = FinishWalRecovery();
    5884        1772 :     EndOfLog = endOfRecoveryInfo->endOfLog;
    5885        1772 :     EndOfLogTLI = endOfRecoveryInfo->endOfLogTLI;
    5886        1772 :     abortedRecPtr = endOfRecoveryInfo->abortedRecPtr;
    5887        1772 :     missingContrecPtr = endOfRecoveryInfo->missingContrecPtr;
    5888             : 
    5889             :     /*
    5890             :      * Reset ps status display, so as no information related to recovery shows
    5891             :      * up.
    5892             :      */
    5893        1772 :     set_ps_display("");
    5894             : 
    5895             :     /*
    5896             :      * When recovering from a backup (we are in recovery, and archive recovery
    5897             :      * was requested), complain if we did not roll forward far enough to reach
    5898             :      * the point where the database is consistent.  For regular online
    5899             :      * backup-from-primary, that means reaching the end-of-backup WAL record
    5900             :      * (at which point we reset backupStartPoint to be Invalid), for
    5901             :      * backup-from-replica (which can't inject records into the WAL stream),
    5902             :      * that point is when we reach the minRecoveryPoint in pg_control (which
    5903             :      * we purposefully copy last when backing up from a replica).  For
    5904             :      * pg_rewind (which creates a backup_label with a method of "pg_rewind")
    5905             :      * or snapshot-style backups (which don't), backupEndRequired will be set
    5906             :      * to false.
    5907             :      *
    5908             :      * Note: it is indeed okay to look at the local variable
    5909             :      * LocalMinRecoveryPoint here, even though ControlFile->minRecoveryPoint
    5910             :      * might be further ahead --- ControlFile->minRecoveryPoint cannot have
    5911             :      * been advanced beyond the WAL we processed.
    5912             :      */
    5913        1772 :     if (InRecovery &&
    5914         310 :         (EndOfLog < LocalMinRecoveryPoint ||
    5915         310 :          !XLogRecPtrIsInvalid(ControlFile->backupStartPoint)))
    5916             :     {
    5917             :         /*
    5918             :          * Ran off end of WAL before reaching end-of-backup WAL record, or
    5919             :          * minRecoveryPoint. That's a bad sign, indicating that you tried to
    5920             :          * recover from an online backup but never called pg_backup_stop(), or
    5921             :          * you didn't archive all the WAL needed.
    5922             :          */
    5923           0 :         if (ArchiveRecoveryRequested || ControlFile->backupEndRequired)
    5924             :         {
    5925           0 :             if (!XLogRecPtrIsInvalid(ControlFile->backupStartPoint) || ControlFile->backupEndRequired)
    5926           0 :                 ereport(FATAL,
    5927             :                         (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    5928             :                          errmsg("WAL ends before end of online backup"),
    5929             :                          errhint("All WAL generated while online backup was taken must be available at recovery.")));
    5930             :             else
    5931           0 :                 ereport(FATAL,
    5932             :                         (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    5933             :                          errmsg("WAL ends before consistent recovery point")));
    5934             :         }
    5935             :     }
    5936             : 
    5937             :     /*
    5938             :      * Reset unlogged relations to the contents of their INIT fork. This is
    5939             :      * done AFTER recovery is complete so as to include any unlogged relations
    5940             :      * created during recovery, but BEFORE recovery is marked as having
    5941             :      * completed successfully. Otherwise we'd not retry if any of the post
    5942             :      * end-of-recovery steps fail.
    5943             :      */
    5944        1772 :     if (InRecovery)
    5945         310 :         ResetUnloggedRelations(UNLOGGED_RELATION_INIT);
    5946             : 
    5947             :     /*
    5948             :      * Pre-scan prepared transactions to find out the range of XIDs present.
    5949             :      * This information is not quite needed yet, but it is positioned here so
    5950             :      * as potential problems are detected before any on-disk change is done.
    5951             :      */
    5952        1772 :     oldestActiveXID = PrescanPreparedTransactions(NULL, NULL);
    5953             : 
    5954             :     /*
    5955             :      * Allow ordinary WAL segment creation before possibly switching to a new
    5956             :      * timeline, which creates a new segment, and after the last ReadRecord().
    5957             :      */
    5958        1772 :     SetInstallXLogFileSegmentActive();
    5959             : 
    5960             :     /*
    5961             :      * Consider whether we need to assign a new timeline ID.
    5962             :      *
    5963             :      * If we did archive recovery, we always assign a new ID.  This handles a
    5964             :      * couple of issues.  If we stopped short of the end of WAL during
    5965             :      * recovery, then we are clearly generating a new timeline and must assign
    5966             :      * it a unique new ID.  Even if we ran to the end, modifying the current
    5967             :      * last segment is problematic because it may result in trying to
    5968             :      * overwrite an already-archived copy of that segment, and we encourage
    5969             :      * DBAs to make their archive_commands reject that.  We can dodge the
    5970             :      * problem by making the new active segment have a new timeline ID.
    5971             :      *
    5972             :      * In a normal crash recovery, we can just extend the timeline we were in.
    5973             :      */
    5974        1772 :     newTLI = endOfRecoveryInfo->lastRecTLI;
    5975        1772 :     if (ArchiveRecoveryRequested)
    5976             :     {
    5977          98 :         newTLI = findNewestTimeLine(recoveryTargetTLI) + 1;
    5978          98 :         ereport(LOG,
    5979             :                 (errmsg("selected new timeline ID: %u", newTLI)));
    5980             : 
    5981             :         /*
    5982             :          * Make a writable copy of the last WAL segment.  (Note that we also
    5983             :          * have a copy of the last block of the old WAL in
    5984             :          * endOfRecovery->lastPage; we will use that below.)
    5985             :          */
    5986          98 :         XLogInitNewTimeline(EndOfLogTLI, EndOfLog, newTLI);
    5987             : 
    5988             :         /*
    5989             :          * Remove the signal files out of the way, so that we don't
    5990             :          * accidentally re-enter archive recovery mode in a subsequent crash.
    5991             :          */
    5992          98 :         if (endOfRecoveryInfo->standby_signal_file_found)
    5993          92 :             durable_unlink(STANDBY_SIGNAL_FILE, FATAL);
    5994             : 
    5995          98 :         if (endOfRecoveryInfo->recovery_signal_file_found)
    5996           6 :             durable_unlink(RECOVERY_SIGNAL_FILE, FATAL);
    5997             : 
    5998             :         /*
    5999             :          * Write the timeline history file, and have it archived. After this
    6000             :          * point (or rather, as soon as the file is archived), the timeline
    6001             :          * will appear as "taken" in the WAL archive and to any standby
    6002             :          * servers.  If we crash before actually switching to the new
    6003             :          * timeline, standby servers will nevertheless think that we switched
    6004             :          * to the new timeline, and will try to connect to the new timeline.
    6005             :          * To minimize the window for that, try to do as little as possible
    6006             :          * between here and writing the end-of-recovery record.
    6007             :          */
    6008          98 :         writeTimeLineHistory(newTLI, recoveryTargetTLI,
    6009             :                              EndOfLog, endOfRecoveryInfo->recoveryStopReason);
    6010             : 
    6011          98 :         ereport(LOG,
    6012             :                 (errmsg("archive recovery complete")));
    6013             :     }
    6014             : 
    6015             :     /* Save the selected TimeLineID in shared memory, too */
    6016        1772 :     SpinLockAcquire(&XLogCtl->info_lck);
    6017        1772 :     XLogCtl->InsertTimeLineID = newTLI;
    6018        1772 :     XLogCtl->PrevTimeLineID = endOfRecoveryInfo->lastRecTLI;
    6019        1772 :     SpinLockRelease(&XLogCtl->info_lck);
    6020             : 
    6021             :     /*
    6022             :      * Actually, if WAL ended in an incomplete record, skip the parts that
    6023             :      * made it through and start writing after the portion that persisted.
    6024             :      * (It's critical to first write an OVERWRITE_CONTRECORD message, which
    6025             :      * we'll do as soon as we're open for writing new WAL.)
    6026             :      */
    6027        1772 :     if (!XLogRecPtrIsInvalid(missingContrecPtr))
    6028             :     {
    6029             :         /*
    6030             :          * We should only have a missingContrecPtr if we're not switching to a
    6031             :          * new timeline. When a timeline switch occurs, WAL is copied from the
    6032             :          * old timeline to the new only up to the end of the last complete
    6033             :          * record, so there can't be an incomplete WAL record that we need to
    6034             :          * disregard.
    6035             :          */
    6036             :         Assert(newTLI == endOfRecoveryInfo->lastRecTLI);
    6037             :         Assert(!XLogRecPtrIsInvalid(abortedRecPtr));
    6038          22 :         EndOfLog = missingContrecPtr;
    6039             :     }
    6040             : 
    6041             :     /*
    6042             :      * Prepare to write WAL starting at EndOfLog location, and init xlog
    6043             :      * buffer cache using the block containing the last record from the
    6044             :      * previous incarnation.
    6045             :      */
    6046        1772 :     Insert = &XLogCtl->Insert;
    6047        1772 :     Insert->PrevBytePos = XLogRecPtrToBytePos(endOfRecoveryInfo->lastRec);
    6048        1772 :     Insert->CurrBytePos = XLogRecPtrToBytePos(EndOfLog);
    6049             : 
    6050             :     /*
    6051             :      * Tricky point here: lastPage contains the *last* block that the LastRec
    6052             :      * record spans, not the one it starts in.  The last block is indeed the
    6053             :      * one we want to use.
    6054             :      */
    6055        1772 :     if (EndOfLog % XLOG_BLCKSZ != 0)
    6056             :     {
    6057             :         char       *page;
    6058             :         int         len;
    6059             :         int         firstIdx;
    6060             : 
    6061        1712 :         firstIdx = XLogRecPtrToBufIdx(EndOfLog);
    6062        1712 :         len = EndOfLog - endOfRecoveryInfo->lastPageBeginPtr;
    6063             :         Assert(len < XLOG_BLCKSZ);
    6064             : 
    6065             :         /* Copy the valid part of the last block, and zero the rest */
    6066        1712 :         page = &XLogCtl->pages[firstIdx * XLOG_BLCKSZ];
    6067        1712 :         memcpy(page, endOfRecoveryInfo->lastPage, len);
    6068        1712 :         memset(page + len, 0, XLOG_BLCKSZ - len);
    6069             : 
    6070        1712 :         pg_atomic_write_u64(&XLogCtl->xlblocks[firstIdx], endOfRecoveryInfo->lastPageBeginPtr + XLOG_BLCKSZ);
    6071        1712 :         XLogCtl->InitializedUpTo = endOfRecoveryInfo->lastPageBeginPtr + XLOG_BLCKSZ;
    6072             :     }
    6073             :     else
    6074             :     {
    6075             :         /*
    6076             :          * There is no partial block to copy. Just set InitializedUpTo, and
    6077             :          * let the first attempt to insert a log record to initialize the next
    6078             :          * buffer.
    6079             :          */
    6080          60 :         XLogCtl->InitializedUpTo = EndOfLog;
    6081             :     }
    6082             : 
    6083             :     /*
    6084             :      * Update local and shared status.  This is OK to do without any locks
    6085             :      * because no other process can be reading or writing WAL yet.
    6086             :      */
    6087        1772 :     LogwrtResult.Write = LogwrtResult.Flush = EndOfLog;
    6088        1772 :     pg_atomic_write_u64(&XLogCtl->logInsertResult, EndOfLog);
    6089        1772 :     pg_atomic_write_u64(&XLogCtl->logWriteResult, EndOfLog);
    6090        1772 :     pg_atomic_write_u64(&XLogCtl->logFlushResult, EndOfLog);
    6091        1772 :     XLogCtl->LogwrtRqst.Write = EndOfLog;
    6092        1772 :     XLogCtl->LogwrtRqst.Flush = EndOfLog;
    6093             : 
    6094             :     /*
    6095             :      * Preallocate additional log files, if wanted.
    6096             :      */
    6097        1772 :     PreallocXlogFiles(EndOfLog, newTLI);
    6098             : 
    6099             :     /*
    6100             :      * Okay, we're officially UP.
    6101             :      */
    6102        1772 :     InRecovery = false;
    6103             : 
    6104             :     /* start the archive_timeout timer and LSN running */
    6105        1772 :     XLogCtl->lastSegSwitchTime = (pg_time_t) time(NULL);
    6106        1772 :     XLogCtl->lastSegSwitchLSN = EndOfLog;
    6107             : 
    6108             :     /* also initialize latestCompletedXid, to nextXid - 1 */
    6109        1772 :     LWLockAcquire(ProcArrayLock, LW_EXCLUSIVE);
    6110        1772 :     TransamVariables->latestCompletedXid = TransamVariables->nextXid;
    6111        1772 :     FullTransactionIdRetreat(&TransamVariables->latestCompletedXid);
    6112        1772 :     LWLockRelease(ProcArrayLock);
    6113             : 
    6114             :     /*
    6115             :      * Start up subtrans, if not already done for hot standby.  (commit
    6116             :      * timestamps are started below, if necessary.)
    6117             :      */
    6118        1772 :     if (standbyState == STANDBY_DISABLED)
    6119        1674 :         StartupSUBTRANS(oldestActiveXID);
    6120             : 
    6121             :     /*
    6122             :      * Perform end of recovery actions for any SLRUs that need it.
    6123             :      */
    6124        1772 :     TrimCLOG();
    6125        1772 :     TrimMultiXact();
    6126             : 
    6127             :     /*
    6128             :      * Reload shared-memory state for prepared transactions.  This needs to
    6129             :      * happen before renaming the last partial segment of the old timeline as
    6130             :      * it may be possible that we have to recover some transactions from it.
    6131             :      */
    6132        1772 :     RecoverPreparedTransactions();
    6133             : 
    6134             :     /* Shut down xlogreader */
    6135        1772 :     ShutdownWalRecovery();
    6136             : 
    6137             :     /* Enable WAL writes for this backend only. */
    6138        1772 :     LocalSetXLogInsertAllowed();
    6139             : 
    6140             :     /* If necessary, write overwrite-contrecord before doing anything else */
    6141        1772 :     if (!XLogRecPtrIsInvalid(abortedRecPtr))
    6142             :     {
    6143             :         Assert(!XLogRecPtrIsInvalid(missingContrecPtr));
    6144          22 :         CreateOverwriteContrecordRecord(abortedRecPtr, missingContrecPtr, newTLI);
    6145             :     }
    6146             : 
    6147             :     /*
    6148             :      * Update full_page_writes in shared memory and write an XLOG_FPW_CHANGE
    6149             :      * record before resource manager writes cleanup WAL records or checkpoint
    6150             :      * record is written.
    6151             :      */
    6152        1772 :     Insert->fullPageWrites = lastFullPageWrites;
    6153        1772 :     UpdateFullPageWrites();
    6154             : 
    6155             :     /*
    6156             :      * Emit checkpoint or end-of-recovery record in XLOG, if required.
    6157             :      */
    6158        1772 :     if (performedWalRecovery)
    6159         310 :         promoted = PerformRecoveryXLogAction();
    6160             : 
    6161             :     /*
    6162             :      * If any of the critical GUCs have changed, log them before we allow
    6163             :      * backends to write WAL.
    6164             :      */
    6165        1772 :     XLogReportParameters();
    6166             : 
    6167             :     /* If this is archive recovery, perform post-recovery cleanup actions. */
    6168        1772 :     if (ArchiveRecoveryRequested)
    6169          98 :         CleanupAfterArchiveRecovery(EndOfLogTLI, EndOfLog, newTLI);
    6170             : 
    6171             :     /*
    6172             :      * Local WAL inserts enabled, so it's time to finish initialization of
    6173             :      * commit timestamp.
    6174             :      */
    6175        1772 :     CompleteCommitTsInitialization();
    6176             : 
    6177             :     /* Clean up EndOfWalRecoveryInfo data to appease Valgrind leak checking */
    6178        1772 :     if (endOfRecoveryInfo->lastPage)
    6179        1734 :         pfree(endOfRecoveryInfo->lastPage);
    6180        1772 :     pfree(endOfRecoveryInfo->recoveryStopReason);
    6181        1772 :     pfree(endOfRecoveryInfo);
    6182             : 
    6183             :     /*
    6184             :      * All done with end-of-recovery actions.
    6185             :      *
    6186             :      * Now allow backends to write WAL and update the control file status in
    6187             :      * consequence.  SharedRecoveryState, that controls if backends can write
    6188             :      * WAL, is updated while holding ControlFileLock to prevent other backends
    6189             :      * to look at an inconsistent state of the control file in shared memory.
    6190             :      * There is still a small window during which backends can write WAL and
    6191             :      * the control file is still referring to a system not in DB_IN_PRODUCTION
    6192             :      * state while looking at the on-disk control file.
    6193             :      *
    6194             :      * Also, we use info_lck to update SharedRecoveryState to ensure that
    6195             :      * there are no race conditions concerning visibility of other recent
    6196             :      * updates to shared memory.
    6197             :      */
    6198        1772 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    6199        1772 :     ControlFile->state = DB_IN_PRODUCTION;
    6200             : 
    6201        1772 :     SpinLockAcquire(&XLogCtl->info_lck);
    6202        1772 :     XLogCtl->SharedRecoveryState = RECOVERY_STATE_DONE;
    6203        1772 :     SpinLockRelease(&XLogCtl->info_lck);
    6204             : 
    6205        1772 :     UpdateControlFile();
    6206        1772 :     LWLockRelease(ControlFileLock);
    6207             : 
    6208             :     /*
    6209             :      * Shutdown the recovery environment.  This must occur after
    6210             :      * RecoverPreparedTransactions() (see notes in lock_twophase_recover())
    6211             :      * and after switching SharedRecoveryState to RECOVERY_STATE_DONE so as
    6212             :      * any session building a snapshot will not rely on KnownAssignedXids as
    6213             :      * RecoveryInProgress() would return false at this stage.  This is
    6214             :      * particularly critical for prepared 2PC transactions, that would still
    6215             :      * need to be included in snapshots once recovery has ended.
    6216             :      */
    6217        1772 :     if (standbyState != STANDBY_DISABLED)
    6218          98 :         ShutdownRecoveryTransactionEnvironment();
    6219             : 
    6220             :     /*
    6221             :      * If there were cascading standby servers connected to us, nudge any wal
    6222             :      * sender processes to notice that we've been promoted.
    6223             :      */
    6224        1772 :     WalSndWakeup(true, true);
    6225             : 
    6226             :     /*
    6227             :      * If this was a promotion, request an (online) checkpoint now. This isn't
    6228             :      * required for consistency, but the last restartpoint might be far back,
    6229             :      * and in case of a crash, recovering from it might take a longer than is
    6230             :      * appropriate now that we're not in standby mode anymore.
    6231             :      */
    6232        1772 :     if (promoted)
    6233          84 :         RequestCheckpoint(CHECKPOINT_FORCE);
    6234        1772 : }
    6235             : 
    6236             : /*
    6237             :  * Callback from PerformWalRecovery(), called when we switch from crash
    6238             :  * recovery to archive recovery mode.  Updates the control file accordingly.
    6239             :  */
    6240             : void
    6241           4 : SwitchIntoArchiveRecovery(XLogRecPtr EndRecPtr, TimeLineID replayTLI)
    6242             : {
    6243             :     /* initialize minRecoveryPoint to this record */
    6244           4 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    6245           4 :     ControlFile->state = DB_IN_ARCHIVE_RECOVERY;
    6246           4 :     if (ControlFile->minRecoveryPoint < EndRecPtr)
    6247             :     {
    6248           4 :         ControlFile->minRecoveryPoint = EndRecPtr;
    6249           4 :         ControlFile->minRecoveryPointTLI = replayTLI;
    6250             :     }
    6251             :     /* update local copy */
    6252           4 :     LocalMinRecoveryPoint = ControlFile->minRecoveryPoint;
    6253           4 :     LocalMinRecoveryPointTLI = ControlFile->minRecoveryPointTLI;
    6254             : 
    6255             :     /*
    6256             :      * The startup process can update its local copy of minRecoveryPoint from
    6257             :      * this point.
    6258             :      */
    6259           4 :     updateMinRecoveryPoint = true;
    6260             : 
    6261           4 :     UpdateControlFile();
    6262             : 
    6263             :     /*
    6264             :      * We update SharedRecoveryState while holding the lock on ControlFileLock
    6265             :      * so both states are consistent in shared memory.
    6266             :      */
    6267           4 :     SpinLockAcquire(&XLogCtl->info_lck);
    6268           4 :     XLogCtl->SharedRecoveryState = RECOVERY_STATE_ARCHIVE;
    6269           4 :     SpinLockRelease(&XLogCtl->info_lck);
    6270             : 
    6271           4 :     LWLockRelease(ControlFileLock);
    6272           4 : }
    6273             : 
    6274             : /*
    6275             :  * Callback from PerformWalRecovery(), called when we reach the end of backup.
    6276             :  * Updates the control file accordingly.
    6277             :  */
    6278             : void
    6279         144 : ReachedEndOfBackup(XLogRecPtr EndRecPtr, TimeLineID tli)
    6280             : {
    6281             :     /*
    6282             :      * We have reached the end of base backup, as indicated by pg_control. The
    6283             :      * data on disk is now consistent (unless minRecoveryPoint is further
    6284             :      * ahead, which can happen if we crashed during previous recovery).  Reset
    6285             :      * backupStartPoint and backupEndPoint, and update minRecoveryPoint to
    6286             :      * make sure we don't allow starting up at an earlier point even if
    6287             :      * recovery is stopped and restarted soon after this.
    6288             :      */
    6289         144 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    6290             : 
    6291         144 :     if (ControlFile->minRecoveryPoint < EndRecPtr)
    6292             :     {
    6293         134 :         ControlFile->minRecoveryPoint = EndRecPtr;
    6294         134 :         ControlFile->minRecoveryPointTLI = tli;
    6295             :     }
    6296             : 
    6297         144 :     ControlFile->backupStartPoint = InvalidXLogRecPtr;
    6298         144 :     ControlFile->backupEndPoint = InvalidXLogRecPtr;
    6299         144 :     ControlFile->backupEndRequired = false;
    6300         144 :     UpdateControlFile();
    6301             : 
    6302         144 :     LWLockRelease(ControlFileLock);
    6303         144 : }
    6304             : 
    6305             : /*
    6306             :  * Perform whatever XLOG actions are necessary at end of REDO.
    6307             :  *
    6308             :  * The goal here is to make sure that we'll be able to recover properly if
    6309             :  * we crash again. If we choose to write a checkpoint, we'll write a shutdown
    6310             :  * checkpoint rather than an on-line one. This is not particularly critical,
    6311             :  * but since we may be assigning a new TLI, using a shutdown checkpoint allows
    6312             :  * us to have the rule that TLI only changes in shutdown checkpoints, which
    6313             :  * allows some extra error checking in xlog_redo.
    6314             :  */
    6315             : static bool
    6316         310 : PerformRecoveryXLogAction(void)
    6317             : {
    6318         310 :     bool        promoted = false;
    6319             : 
    6320             :     /*
    6321             :      * Perform a checkpoint to update all our recovery activity to disk.
    6322             :      *
    6323             :      * Note that we write a shutdown checkpoint rather than an on-line one.
    6324             :      * This is not particularly critical, but since we may be assigning a new
    6325             :      * TLI, using a shutdown checkpoint allows us to have the rule that TLI
    6326             :      * only changes in shutdown checkpoints, which allows some extra error
    6327             :      * checking in xlog_redo.
    6328             :      *
    6329             :      * In promotion, only create a lightweight end-of-recovery record instead
    6330             :      * of a full checkpoint. A checkpoint is requested later, after we're
    6331             :      * fully out of recovery mode and already accepting queries.
    6332             :      */
    6333         408 :     if (ArchiveRecoveryRequested && IsUnderPostmaster &&
    6334          98 :         PromoteIsTriggered())
    6335             :     {
    6336          84 :         promoted = true;
    6337             : 
    6338             :         /*
    6339             :          * Insert a special WAL record to mark the end of recovery, since we
    6340             :          * aren't doing a checkpoint. That means that the checkpointer process
    6341             :          * may likely be in the middle of a time-smoothed restartpoint and
    6342             :          * could continue to be for minutes after this.  That sounds strange,
    6343             :          * but the effect is roughly the same and it would be stranger to try
    6344             :          * to come out of the restartpoint and then checkpoint. We request a
    6345             :          * checkpoint later anyway, just for safety.
    6346             :          */
    6347          84 :         CreateEndOfRecoveryRecord();
    6348             :     }
    6349             :     else
    6350             :     {
    6351         226 :         RequestCheckpoint(CHECKPOINT_END_OF_RECOVERY |
    6352             :                           CHECKPOINT_FAST |
    6353             :                           CHECKPOINT_WAIT);
    6354             :     }
    6355             : 
    6356         310 :     return promoted;
    6357             : }
    6358             : 
    6359             : /*
    6360             :  * Is the system still in recovery?
    6361             :  *
    6362             :  * Unlike testing InRecovery, this works in any process that's connected to
    6363             :  * shared memory.
    6364             :  */
    6365             : bool
    6366   175331026 : RecoveryInProgress(void)
    6367             : {
    6368             :     /*
    6369             :      * We check shared state each time only until we leave recovery mode. We
    6370             :      * can't re-enter recovery, so there's no need to keep checking after the
    6371             :      * shared variable has once been seen false.
    6372             :      */
    6373   175331026 :     if (!LocalRecoveryInProgress)
    6374   171134346 :         return false;
    6375             :     else
    6376             :     {
    6377             :         /*
    6378             :          * use volatile pointer to make sure we make a fresh read of the
    6379             :          * shared variable.
    6380             :          */
    6381     4196680 :         volatile XLogCtlData *xlogctl = XLogCtl;
    6382             : 
    6383     4196680 :         LocalRecoveryInProgress = (xlogctl->SharedRecoveryState != RECOVERY_STATE_DONE);
    6384             : 
    6385             :         /*
    6386             :          * Note: We don't need a memory barrier when we're still in recovery.
    6387             :          * We might exit recovery immediately after return, so the caller
    6388             :          * can't rely on 'true' meaning that we're still in recovery anyway.
    6389             :          */
    6390             : 
    6391     4196680 :         return LocalRecoveryInProgress;
    6392             :     }
    6393             : }
    6394             : 
    6395             : /*
    6396             :  * Returns current recovery state from shared memory.
    6397             :  *
    6398             :  * This returned state is kept consistent with the contents of the control
    6399             :  * file.  See details about the possible values of RecoveryState in xlog.h.
    6400             :  */
    6401             : RecoveryState
    6402       37660 : GetRecoveryState(void)
    6403             : {
    6404             :     RecoveryState retval;
    6405             : 
    6406       37660 :     SpinLockAcquire(&XLogCtl->info_lck);
    6407       37660 :     retval = XLogCtl->SharedRecoveryState;
    6408       37660 :     SpinLockRelease(&XLogCtl->info_lck);
    6409             : 
    6410       37660 :     return retval;
    6411             : }
    6412             : 
    6413             : /*
    6414             :  * Is this process allowed to insert new WAL records?
    6415             :  *
    6416             :  * Ordinarily this is essentially equivalent to !RecoveryInProgress().
    6417             :  * But we also have provisions for forcing the result "true" or "false"
    6418             :  * within specific processes regardless of the global state.
    6419             :  */
    6420             : bool
    6421    60827798 : XLogInsertAllowed(void)
    6422             : {
    6423             :     /*
    6424             :      * If value is "unconditionally true" or "unconditionally false", just
    6425             :      * return it.  This provides the normal fast path once recovery is known
    6426             :      * done.
    6427             :      */
    6428    60827798 :     if (LocalXLogInsertAllowed >= 0)
    6429    60598460 :         return (bool) LocalXLogInsertAllowed;
    6430             : 
    6431             :     /*
    6432             :      * Else, must check to see if we're still in recovery.
    6433             :      */
    6434      229338 :     if (RecoveryInProgress())
    6435      212644 :         return false;
    6436             : 
    6437             :     /*
    6438             :      * On exit from recovery, reset to "unconditionally true", since there is
    6439             :      * no need to keep checking.
    6440             :      */
    6441       16694 :     LocalXLogInsertAllowed = 1;
    6442       16694 :     return true;
    6443             : }
    6444             : 
    6445             : /*
    6446             :  * Make XLogInsertAllowed() return true in the current process only.
    6447             :  *
    6448             :  * Note: it is allowed to switch LocalXLogInsertAllowed back to -1 later,
    6449             :  * and even call LocalSetXLogInsertAllowed() again after that.
    6450             :  *
    6451             :  * Returns the previous value of LocalXLogInsertAllowed.
    6452             :  */
    6453             : static int
    6454        1830 : LocalSetXLogInsertAllowed(void)
    6455             : {
    6456        1830 :     int         oldXLogAllowed = LocalXLogInsertAllowed;
    6457             : 
    6458        1830 :     LocalXLogInsertAllowed = 1;
    6459             : 
    6460        1830 :     return oldXLogAllowed;
    6461             : }
    6462             : 
    6463             : /*
    6464             :  * Return the current Redo pointer from shared memory.
    6465             :  *
    6466             :  * As a side-effect, the local RedoRecPtr copy is updated.
    6467             :  */
    6468             : XLogRecPtr
    6469      589948 : GetRedoRecPtr(void)
    6470             : {
    6471             :     XLogRecPtr  ptr;
    6472             : 
    6473             :     /*
    6474             :      * The possibly not up-to-date copy in XlogCtl is enough. Even if we
    6475             :      * grabbed a WAL insertion lock to read the authoritative value in
    6476             :      * Insert->RedoRecPtr, someone might update it just after we've released
    6477             :      * the lock.
    6478             :      */
    6479      589948 :     SpinLockAcquire(&XLogCtl->info_lck);
    6480      589948 :     ptr = XLogCtl->RedoRecPtr;
    6481      589948 :     SpinLockRelease(&XLogCtl->info_lck);
    6482             : 
    6483      589948 :     if (RedoRecPtr < ptr)
    6484        3010 :         RedoRecPtr = ptr;
    6485             : 
    6486      589948 :     return RedoRecPtr;
    6487             : }
    6488             : 
    6489             : /*
    6490             :  * Return information needed to decide whether a modified block needs a
    6491             :  * full-page image to be included in the WAL record.
    6492             :  *
    6493             :  * The returned values are cached copies from backend-private memory, and
    6494             :  * possibly out-of-date or, indeed, uninitialized, in which case they will
    6495             :  * be InvalidXLogRecPtr and false, respectively.  XLogInsertRecord will
    6496             :  * re-check them against up-to-date values, while holding the WAL insert lock.
    6497             :  */
    6498             : void
    6499    29396444 : GetFullPageWriteInfo(XLogRecPtr *RedoRecPtr_p, bool *doPageWrites_p)
    6500             : {
    6501    29396444 :     *RedoRecPtr_p = RedoRecPtr;
    6502    29396444 :     *doPageWrites_p = doPageWrites;
    6503    29396444 : }
    6504             : 
    6505             : /*
    6506             :  * GetInsertRecPtr -- Returns the current insert position.
    6507             :  *
    6508             :  * NOTE: The value *actually* returned is the position of the last full
    6509             :  * xlog page. It lags behind the real insert position by at most 1 page.
    6510             :  * For that, we don't need to scan through WAL insertion locks, and an
    6511             :  * approximation is enough for the current usage of this function.
    6512             :  */
    6513             : XLogRecPtr
    6514       16358 : GetInsertRecPtr(void)
    6515             : {
    6516             :     XLogRecPtr  recptr;
    6517             : 
    6518       16358 :     SpinLockAcquire(&XLogCtl->info_lck);
    6519       16358 :     recptr = XLogCtl->LogwrtRqst.Write;
    6520       16358 :     SpinLockRelease(&XLogCtl->info_lck);
    6521             : 
    6522       16358 :     return recptr;
    6523             : }
    6524             : 
    6525             : /*
    6526             :  * GetFlushRecPtr -- Returns the current flush position, ie, the last WAL
    6527             :  * position known to be fsync'd to disk. This should only be used on a
    6528             :  * system that is known not to be in recovery.
    6529             :  */
    6530             : XLogRecPtr
    6531      455910 : GetFlushRecPtr(TimeLineID *insertTLI)
    6532             : {
    6533             :     Assert(XLogCtl->SharedRecoveryState == RECOVERY_STATE_DONE);
    6534             : 
    6535      455910 :     RefreshXLogWriteResult(LogwrtResult);
    6536             : 
    6537             :     /*
    6538             :      * If we're writing and flushing WAL, the time line can't be changing, so
    6539             :      * no lock is required.
    6540             :      */
    6541      455910 :     if (insertTLI)
    6542       52000 :         *insertTLI = XLogCtl->InsertTimeLineID;
    6543             : 
    6544      455910 :     return LogwrtResult.Flush;
    6545             : }
    6546             : 
    6547             : /*
    6548             :  * GetWALInsertionTimeLine -- Returns the current timeline of a system that
    6549             :  * is not in recovery.
    6550             :  */
    6551             : TimeLineID
    6552      220158 : GetWALInsertionTimeLine(void)
    6553             : {
    6554             :     Assert(XLogCtl->SharedRecoveryState == RECOVERY_STATE_DONE);
    6555             : 
    6556             :     /* Since the value can't be changing, no lock is required. */
    6557      220158 :     return XLogCtl->InsertTimeLineID;
    6558             : }
    6559             : 
    6560             : /*
    6561             :  * GetWALInsertionTimeLineIfSet -- If the system is not in recovery, returns
    6562             :  * the WAL insertion timeline; else, returns 0. Wherever possible, use
    6563             :  * GetWALInsertionTimeLine() instead, since it's cheaper. Note that this
    6564             :  * function decides recovery has ended as soon as the insert TLI is set, which
    6565             :  * happens before we set XLogCtl->SharedRecoveryState to RECOVERY_STATE_DONE.
    6566             :  */
    6567             : TimeLineID
    6568           0 : GetWALInsertionTimeLineIfSet(void)
    6569             : {
    6570             :     TimeLineID  insertTLI;
    6571             : 
    6572           0 :     SpinLockAcquire(&XLogCtl->info_lck);
    6573           0 :     insertTLI = XLogCtl->InsertTimeLineID;
    6574           0 :     SpinLockRelease(&XLogCtl->info_lck);
    6575             : 
    6576           0 :     return insertTLI;
    6577             : }
    6578             : 
    6579             : /*
    6580             :  * GetLastImportantRecPtr -- Returns the LSN of the last important record
    6581             :  * inserted. All records not explicitly marked as unimportant are considered
    6582             :  * important.
    6583             :  *
    6584             :  * The LSN is determined by computing the maximum of
    6585             :  * WALInsertLocks[i].lastImportantAt.
    6586             :  */
    6587             : XLogRecPtr
    6588        3128 : GetLastImportantRecPtr(void)
    6589             : {
    6590        3128 :     XLogRecPtr  res = InvalidXLogRecPtr;
    6591             :     int         i;
    6592             : 
    6593       28152 :     for (i = 0; i < NUM_XLOGINSERT_LOCKS; i++)
    6594             :     {
    6595             :         XLogRecPtr  last_important;
    6596             : 
    6597             :         /*
    6598             :          * Need to take a lock to prevent torn reads of the LSN, which are
    6599             :          * possible on some of the supported platforms. WAL insert locks only
    6600             :          * support exclusive mode, so we have to use that.
    6601             :          */
    6602       25024 :         LWLockAcquire(&WALInsertLocks[i].l.lock, LW_EXCLUSIVE);
    6603       25024 :         last_important = WALInsertLocks[i].l.lastImportantAt;
    6604       25024 :         LWLockRelease(&WALInsertLocks[i].l.lock);
    6605             : 
    6606       25024 :         if (res < last_important)
    6607        5448 :             res = last_important;
    6608             :     }
    6609             : 
    6610        3128 :     return res;
    6611             : }
    6612             : 
    6613             : /*
    6614             :  * Get the time and LSN of the last xlog segment switch
    6615             :  */
    6616             : pg_time_t
    6617           0 : GetLastSegSwitchData(XLogRecPtr *lastSwitchLSN)
    6618             : {
    6619             :     pg_time_t   result;
    6620             : 
    6621             :     /* Need WALWriteLock, but shared lock is sufficient */
    6622           0 :     LWLockAcquire(WALWriteLock, LW_SHARED);
    6623           0 :     result = XLogCtl->lastSegSwitchTime;
    6624           0 :     *lastSwitchLSN = XLogCtl->lastSegSwitchLSN;
    6625           0 :     LWLockRelease(WALWriteLock);
    6626             : 
    6627           0 :     return result;
    6628             : }
    6629             : 
    6630             : /*
    6631             :  * This must be called ONCE during postmaster or standalone-backend shutdown
    6632             :  */
    6633             : void
    6634        1294 : ShutdownXLOG(int code, Datum arg)
    6635             : {
    6636             :     /*
    6637             :      * We should have an aux process resource owner to use, and we should not
    6638             :      * be in a transaction that's installed some other resowner.
    6639             :      */
    6640             :     Assert(AuxProcessResourceOwner != NULL);
    6641             :     Assert(CurrentResourceOwner == NULL ||
    6642             :            CurrentResourceOwner == AuxProcessResourceOwner);
    6643        1294 :     CurrentResourceOwner = AuxProcessResourceOwner;
    6644             : 
    6645             :     /* Don't be chatty in standalone mode */
    6646        1294 :     ereport(IsPostmasterEnvironment ? LOG : NOTICE,
    6647             :             (errmsg("shutting down")));
    6648             : 
    6649             :     /*
    6650             :      * Signal walsenders to move to stopping state.
    6651             :      */
    6652        1294 :     WalSndInitStopping();
    6653             : 
    6654             :     /*
    6655             :      * Wait for WAL senders to be in stopping state.  This prevents commands
    6656             :      * from writing new WAL.
    6657             :      */
    6658        1294 :     WalSndWaitStopping();
    6659             : 
    6660        1294 :     if (RecoveryInProgress())
    6661         110 :         CreateRestartPoint(CHECKPOINT_IS_SHUTDOWN | CHECKPOINT_FAST);
    6662             :     else
    6663             :     {
    6664             :         /*
    6665             :          * If archiving is enabled, rotate the last XLOG file so that all the
    6666             :          * remaining records are archived (postmaster wakes up the archiver
    6667             :          * process one more time at the end of shutdown). The checkpoint
    6668             :          * record will go to the next XLOG file and won't be archived (yet).
    6669             :          */
    6670        1184 :         if (XLogArchivingActive())
    6671          28 :             RequestXLogSwitch(false);
    6672             : 
    6673        1184 :         CreateCheckPoint(CHECKPOINT_IS_SHUTDOWN | CHECKPOINT_FAST);
    6674             :     }
    6675        1294 : }
    6676             : 
    6677             : /*
    6678             :  * Log start of a checkpoint.
    6679             :  */
    6680             : static void
    6681        2838 : LogCheckpointStart(int flags, bool restartpoint)
    6682             : {
    6683        2838 :     if (restartpoint)
    6684         376 :         ereport(LOG,
    6685             :         /* translator: the placeholders show checkpoint options */
    6686             :                 (errmsg("restartpoint starting:%s%s%s%s%s%s%s%s",
    6687             :                         (flags & CHECKPOINT_IS_SHUTDOWN) ? " shutdown" : "",
    6688             :                         (flags & CHECKPOINT_END_OF_RECOVERY) ? " end-of-recovery" : "",
    6689             :                         (flags & CHECKPOINT_FAST) ? " fast" : "",
    6690             :                         (flags & CHECKPOINT_FORCE) ? " force" : "",
    6691             :                         (flags & CHECKPOINT_WAIT) ? " wait" : "",
    6692             :                         (flags & CHECKPOINT_CAUSE_XLOG) ? " wal" : "",
    6693             :                         (flags & CHECKPOINT_CAUSE_TIME) ? " time" : "",
    6694             :                         (flags & CHECKPOINT_FLUSH_UNLOGGED) ? " flush-unlogged" : "")));
    6695             :     else
    6696        2462 :         ereport(LOG,
    6697             :         /* translator: the placeholders show checkpoint options */
    6698             :                 (errmsg("checkpoint starting:%s%s%s%s%s%s%s%s",
    6699             :                         (flags & CHECKPOINT_IS_SHUTDOWN) ? " shutdown" : "",
    6700             :                         (flags & CHECKPOINT_END_OF_RECOVERY) ? " end-of-recovery" : "",
    6701             :                         (flags & CHECKPOINT_FAST) ? " fast" : "",
    6702             :                         (flags & CHECKPOINT_FORCE) ? " force" : "",
    6703             :                         (flags & CHECKPOINT_WAIT) ? " wait" : "",
    6704             :                         (flags & CHECKPOINT_CAUSE_XLOG) ? " wal" : "",
    6705             :                         (flags & CHECKPOINT_CAUSE_TIME) ? " time" : "",
    6706             :                         (flags & CHECKPOINT_FLUSH_UNLOGGED) ? " flush-unlogged" : "")));
    6707        2838 : }
    6708             : 
    6709             : /*
    6710             :  * Log end of a checkpoint.
    6711             :  */
    6712             : static void
    6713        3422 : LogCheckpointEnd(bool restartpoint)
    6714             : {
    6715             :     long        write_msecs,
    6716             :                 sync_msecs,
    6717             :                 total_msecs,
    6718             :                 longest_msecs,
    6719             :                 average_msecs;
    6720             :     uint64      average_sync_time;
    6721             : 
    6722        3422 :     CheckpointStats.ckpt_end_t = GetCurrentTimestamp();
    6723             : 
    6724        3422 :     write_msecs = TimestampDifferenceMilliseconds(CheckpointStats.ckpt_write_t,
    6725             :                                                   CheckpointStats.ckpt_sync_t);
    6726             : 
    6727        3422 :     sync_msecs = TimestampDifferenceMilliseconds(CheckpointStats.ckpt_sync_t,
    6728             :                                                  CheckpointStats.ckpt_sync_end_t);
    6729             : 
    6730             :     /* Accumulate checkpoint timing summary data, in milliseconds. */
    6731        3422 :     PendingCheckpointerStats.write_time += write_msecs;
    6732        3422 :     PendingCheckpointerStats.sync_time += sync_msecs;
    6733             : 
    6734             :     /*
    6735             :      * All of the published timing statistics are accounted for.  Only
    6736             :      * continue if a log message is to be written.
    6737             :      */
    6738        3422 :     if (!log_checkpoints)
    6739         584 :         return;
    6740             : 
    6741        2838 :     total_msecs = TimestampDifferenceMilliseconds(CheckpointStats.ckpt_start_t,
    6742             :                                                   CheckpointStats.ckpt_end_t);
    6743             : 
    6744             :     /*
    6745             :      * Timing values returned from CheckpointStats are in microseconds.
    6746             :      * Convert to milliseconds for consistent printing.
    6747             :      */
    6748        2838 :     longest_msecs = (long) ((CheckpointStats.ckpt_longest_sync + 999) / 1000);
    6749             : 
    6750        2838 :     average_sync_time = 0;
    6751        2838 :     if (CheckpointStats.ckpt_sync_rels > 0)
    6752           0 :         average_sync_time = CheckpointStats.ckpt_agg_sync_time /
    6753           0 :             CheckpointStats.ckpt_sync_rels;
    6754        2838 :     average_msecs = (long) ((average_sync_time + 999) / 1000);
    6755             : 
    6756             :     /*
    6757             :      * ControlFileLock is not required to see ControlFile->checkPoint and
    6758             :      * ->checkPointCopy here as we are the only updator of those variables at
    6759             :      * this moment.
    6760             :      */
    6761        2838 :     if (restartpoint)
    6762         376 :         ereport(LOG,
    6763             :                 (errmsg("restartpoint complete: wrote %d buffers (%.1f%%), "
    6764             :                         "wrote %d SLRU buffers; %d WAL file(s) added, "
    6765             :                         "%d removed, %d recycled; write=%ld.%03d s, "
    6766             :                         "sync=%ld.%03d s, total=%ld.%03d s; sync files=%d, "
    6767             :                         "longest=%ld.%03d s, average=%ld.%03d s; distance=%d kB, "
    6768             :                         "estimate=%d kB; lsn=%X/%08X, redo lsn=%X/%08X",
    6769             :                         CheckpointStats.ckpt_bufs_written,
    6770             :                         (double) CheckpointStats.ckpt_bufs_written * 100 / NBuffers,
    6771             :                         CheckpointStats.ckpt_slru_written,
    6772             :                         CheckpointStats.ckpt_segs_added,
    6773             :                         CheckpointStats.ckpt_segs_removed,
    6774             :                         CheckpointStats.ckpt_segs_recycled,
    6775             :                         write_msecs / 1000, (int) (write_msecs % 1000),
    6776             :                         sync_msecs / 1000, (int) (sync_msecs % 1000),
    6777             :                         total_msecs / 1000, (int) (total_msecs % 1000),
    6778             :                         CheckpointStats.ckpt_sync_rels,
    6779             :                         longest_msecs / 1000, (int) (longest_msecs % 1000),
    6780             :                         average_msecs / 1000, (int) (average_msecs % 1000),
    6781             :                         (int) (PrevCheckPointDistance / 1024.0),
    6782             :                         (int) (CheckPointDistanceEstimate / 1024.0),
    6783             :                         LSN_FORMAT_ARGS(ControlFile->checkPoint),
    6784             :                         LSN_FORMAT_ARGS(ControlFile->checkPointCopy.redo))));
    6785             :     else
    6786        2462 :         ereport(LOG,
    6787             :                 (errmsg("checkpoint complete: wrote %d buffers (%.1f%%), "
    6788             :                         "wrote %d SLRU buffers; %d WAL file(s) added, "
    6789             :                         "%d removed, %d recycled; write=%ld.%03d s, "
    6790             :                         "sync=%ld.%03d s, total=%ld.%03d s; sync files=%d, "
    6791             :                         "longest=%ld.%03d s, average=%ld.%03d s; distance=%d kB, "
    6792             :                         "estimate=%d kB; lsn=%X/%08X, redo lsn=%X/%08X",
    6793             :                         CheckpointStats.ckpt_bufs_written,
    6794             :                         (double) CheckpointStats.ckpt_bufs_written * 100 / NBuffers,
    6795             :                         CheckpointStats.ckpt_slru_written,
    6796             :                         CheckpointStats.ckpt_segs_added,
    6797             :                         CheckpointStats.ckpt_segs_removed,
    6798             :                         CheckpointStats.ckpt_segs_recycled,
    6799             :                         write_msecs / 1000, (int) (write_msecs % 1000),
    6800             :                         sync_msecs / 1000, (int) (sync_msecs % 1000),
    6801             :                         total_msecs / 1000, (int) (total_msecs % 1000),
    6802             :                         CheckpointStats.ckpt_sync_rels,
    6803             :                         longest_msecs / 1000, (int) (longest_msecs % 1000),
    6804             :                         average_msecs / 1000, (int) (average_msecs % 1000),
    6805             :                         (int) (PrevCheckPointDistance / 1024.0),
    6806             :                         (int) (CheckPointDistanceEstimate / 1024.0),
    6807             :                         LSN_FORMAT_ARGS(ControlFile->checkPoint),
    6808             :                         LSN_FORMAT_ARGS(ControlFile->checkPointCopy.redo))));
    6809             : }
    6810             : 
    6811             : /*
    6812             :  * Update the estimate of distance between checkpoints.
    6813             :  *
    6814             :  * The estimate is used to calculate the number of WAL segments to keep
    6815             :  * preallocated, see XLOGfileslop().
    6816             :  */
    6817             : static void
    6818        3422 : UpdateCheckPointDistanceEstimate(uint64 nbytes)
    6819             : {
    6820             :     /*
    6821             :      * To estimate the number of segments consumed between checkpoints, keep a
    6822             :      * moving average of the amount of WAL generated in previous checkpoint
    6823             :      * cycles. However, if the load is bursty, with quiet periods and busy
    6824             :      * periods, we want to cater for the peak load. So instead of a plain
    6825             :      * moving average, let the average decline slowly if the previous cycle
    6826             :      * used less WAL than estimated, but bump it up immediately if it used
    6827             :      * more.
    6828             :      *
    6829             :      * When checkpoints are triggered by max_wal_size, this should converge to
    6830             :      * CheckpointSegments * wal_segment_size,
    6831             :      *
    6832             :      * Note: This doesn't pay any attention to what caused the checkpoint.
    6833             :      * Checkpoints triggered manually with CHECKPOINT command, or by e.g.
    6834             :      * starting a base backup, are counted the same as those created
    6835             :      * automatically. The slow-decline will largely mask them out, if they are
    6836             :      * not frequent. If they are frequent, it seems reasonable to count them
    6837             :      * in as any others; if you issue a manual checkpoint every 5 minutes and
    6838             :      * never let a timed checkpoint happen, it makes sense to base the
    6839             :      * preallocation on that 5 minute interval rather than whatever
    6840             :      * checkpoint_timeout is set to.
    6841             :      */
    6842        3422 :     PrevCheckPointDistance = nbytes;
    6843        3422 :     if (CheckPointDistanceEstimate < nbytes)
    6844        1470 :         CheckPointDistanceEstimate = nbytes;
    6845             :     else
    6846        1952 :         CheckPointDistanceEstimate =
    6847        1952 :             (0.90 * CheckPointDistanceEstimate + 0.10 * (double) nbytes);
    6848        3422 : }
    6849             : 
    6850             : /*
    6851             :  * Update the ps display for a process running a checkpoint.  Note that
    6852             :  * this routine should not do any allocations so as it can be called
    6853             :  * from a critical section.
    6854             :  */
    6855             : static void
    6856        6844 : update_checkpoint_display(int flags, bool restartpoint, bool reset)
    6857             : {
    6858             :     /*
    6859             :      * The status is reported only for end-of-recovery and shutdown
    6860             :      * checkpoints or shutdown restartpoints.  Updating the ps display is
    6861             :      * useful in those situations as it may not be possible to rely on
    6862             :      * pg_stat_activity to see the status of the checkpointer or the startup
    6863             :      * process.
    6864             :      */
    6865        6844 :     if ((flags & (CHECKPOINT_END_OF_RECOVERY | CHECKPOINT_IS_SHUTDOWN)) == 0)
    6866        4276 :         return;
    6867             : 
    6868        2568 :     if (reset)
    6869        1284 :         set_ps_display("");
    6870             :     else
    6871             :     {
    6872             :         char        activitymsg[128];
    6873             : 
    6874        3852 :         snprintf(activitymsg, sizeof(activitymsg), "performing %s%s%s",
    6875        1284 :                  (flags & CHECKPOINT_END_OF_RECOVERY) ? "end-of-recovery " : "",
    6876        1284 :                  (flags & CHECKPOINT_IS_SHUTDOWN) ? "shutdown " : "",
    6877             :                  restartpoint ? "restartpoint" : "checkpoint");
    6878        1284 :         set_ps_display(activitymsg);
    6879             :     }
    6880             : }
    6881             : 
    6882             : 
    6883             : /*
    6884             :  * Perform a checkpoint --- either during shutdown, or on-the-fly
    6885             :  *
    6886             :  * flags is a bitwise OR of the following:
    6887             :  *  CHECKPOINT_IS_SHUTDOWN: checkpoint is for database shutdown.
    6888             :  *  CHECKPOINT_END_OF_RECOVERY: checkpoint is for end of WAL recovery.
    6889             :  *  CHECKPOINT_FAST: finish the checkpoint ASAP, ignoring
    6890             :  *      checkpoint_completion_target parameter.
    6891             :  *  CHECKPOINT_FORCE: force a checkpoint even if no XLOG activity has occurred
    6892             :  *      since the last one (implied by CHECKPOINT_IS_SHUTDOWN or
    6893             :  *      CHECKPOINT_END_OF_RECOVERY).
    6894             :  *  CHECKPOINT_FLUSH_UNLOGGED: also flush buffers of unlogged tables.
    6895             :  *
    6896             :  * Note: flags contains other bits, of interest here only for logging purposes.
    6897             :  * In particular note that this routine is synchronous and does not pay
    6898             :  * attention to CHECKPOINT_WAIT.
    6899             :  *
    6900             :  * If !shutdown then we are writing an online checkpoint. An XLOG_CHECKPOINT_REDO
    6901             :  * record is inserted into WAL at the logical location of the checkpoint, before
    6902             :  * flushing anything to disk, and when the checkpoint is eventually completed,
    6903             :  * and it is from this point that WAL replay will begin in the case of a recovery
    6904             :  * from this checkpoint. Once everything is written to disk, an
    6905             :  * XLOG_CHECKPOINT_ONLINE record is written to complete the checkpoint, and
    6906             :  * points back to the earlier XLOG_CHECKPOINT_REDO record. This mechanism allows
    6907             :  * other write-ahead log records to be written while the checkpoint is in
    6908             :  * progress, but we must be very careful about order of operations. This function
    6909             :  * may take many minutes to execute on a busy system.
    6910             :  *
    6911             :  * On the other hand, when shutdown is true, concurrent insertion into the
    6912             :  * write-ahead log is impossible, so there is no need for two separate records.
    6913             :  * In this case, we only insert an XLOG_CHECKPOINT_SHUTDOWN record, and it's
    6914             :  * both the record marking the completion of the checkpoint and the location
    6915             :  * from which WAL replay would begin if needed.
    6916             :  *
    6917             :  * Returns true if a new checkpoint was performed, or false if it was skipped
    6918             :  * because the system was idle.
    6919             :  */
    6920             : bool
    6921        3048 : CreateCheckPoint(int flags)
    6922             : {
    6923             :     bool        shutdown;
    6924             :     CheckPoint  checkPoint;
    6925             :     XLogRecPtr  recptr;
    6926             :     XLogSegNo   _logSegNo;
    6927        3048 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    6928             :     uint32      freespace;
    6929             :     XLogRecPtr  PriorRedoPtr;
    6930             :     XLogRecPtr  last_important_lsn;
    6931             :     VirtualTransactionId *vxids;
    6932             :     int         nvxids;
    6933        3048 :     int         oldXLogAllowed = 0;
    6934             : 
    6935             :     /*
    6936             :      * An end-of-recovery checkpoint is really a shutdown checkpoint, just
    6937             :      * issued at a different time.
    6938             :      */
    6939        3048 :     if (flags & (CHECKPOINT_IS_SHUTDOWN | CHECKPOINT_END_OF_RECOVERY))
    6940        1242 :         shutdown = true;
    6941             :     else
    6942        1806 :         shutdown = false;
    6943             : 
    6944             :     /* sanity check */
    6945        3048 :     if (RecoveryInProgress() && (flags & CHECKPOINT_END_OF_RECOVERY) == 0)
    6946           0 :         elog(ERROR, "can't create a checkpoint during recovery");
    6947             : 
    6948             :     /*
    6949             :      * Prepare to accumulate statistics.
    6950             :      *
    6951             :      * Note: because it is possible for log_checkpoints to change while a
    6952             :      * checkpoint proceeds, we always accumulate stats, even if
    6953             :      * log_checkpoints is currently off.
    6954             :      */
    6955       33528 :     MemSet(&CheckpointStats, 0, sizeof(CheckpointStats));
    6956        3048 :     CheckpointStats.ckpt_start_t = GetCurrentTimestamp();
    6957             : 
    6958             :     /*
    6959             :      * Let smgr prepare for checkpoint; this has to happen outside the
    6960             :      * critical section and before we determine the REDO pointer.  Note that
    6961             :      * smgr must not do anything that'd have to be undone if we decide no
    6962             :      * checkpoint is needed.
    6963             :      */
    6964        3048 :     SyncPreCheckpoint();
    6965             : 
    6966             :     /*
    6967             :      * Use a critical section to force system panic if we have trouble.
    6968             :      */
    6969        3048 :     START_CRIT_SECTION();
    6970             : 
    6971        3048 :     if (shutdown)
    6972             :     {
    6973        1242 :         LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    6974        1242 :         ControlFile->state = DB_SHUTDOWNING;
    6975        1242 :         UpdateControlFile();
    6976        1242 :         LWLockRelease(ControlFileLock);
    6977             :     }
    6978             : 
    6979             :     /* Begin filling in the checkpoint WAL record */
    6980       36576 :     MemSet(&checkPoint, 0, sizeof(checkPoint));
    6981        3048 :     checkPoint.time = (pg_time_t) time(NULL);
    6982             : 
    6983             :     /*
    6984             :      * For Hot Standby, derive the oldestActiveXid before we fix the redo
    6985             :      * pointer. This allows us to begin accumulating changes to assemble our
    6986             :      * starting snapshot of locks and transactions.
    6987             :      */
    6988        3048 :     if (!shutdown && XLogStandbyInfoActive())
    6989        1710 :         checkPoint.oldestActiveXid = GetOldestActiveTransactionId(false, true);
    6990             :     else
    6991        1338 :         checkPoint.oldestActiveXid = InvalidTransactionId;
    6992             : 
    6993             :     /*
    6994             :      * Get location of last important record before acquiring insert locks (as
    6995             :      * GetLastImportantRecPtr() also locks WAL locks).
    6996             :      */
    6997        3048 :     last_important_lsn = GetLastImportantRecPtr();
    6998             : 
    6999             :     /*
    7000             :      * If this isn't a shutdown or forced checkpoint, and if there has been no
    7001             :      * WAL activity requiring a checkpoint, skip it.  The idea here is to
    7002             :      * avoid inserting duplicate checkpoints when the system is idle.
    7003             :      */
    7004        3048 :     if ((flags & (CHECKPOINT_IS_SHUTDOWN | CHECKPOINT_END_OF_RECOVERY |
    7005             :                   CHECKPOINT_FORCE)) == 0)
    7006             :     {
    7007         386 :         if (last_important_lsn == ControlFile->checkPoint)
    7008             :         {
    7009           2 :             END_CRIT_SECTION();
    7010           2 :             ereport(DEBUG1,
    7011             :                     (errmsg_internal("checkpoint skipped because system is idle")));
    7012           2 :             return false;
    7013             :         }
    7014             :     }
    7015             : 
    7016             :     /*
    7017             :      * An end-of-recovery checkpoint is created before anyone is allowed to
    7018             :      * write WAL. To allow us to write the checkpoint record, temporarily
    7019             :      * enable XLogInsertAllowed.
    7020             :      */
    7021        3046 :     if (flags & CHECKPOINT_END_OF_RECOVERY)
    7022          58 :         oldXLogAllowed = LocalSetXLogInsertAllowed();
    7023             : 
    7024        3046 :     checkPoint.ThisTimeLineID = XLogCtl->InsertTimeLineID;
    7025        3046 :     if (flags & CHECKPOINT_END_OF_RECOVERY)
    7026          58 :         checkPoint.PrevTimeLineID = XLogCtl->PrevTimeLineID;
    7027             :     else
    7028        2988 :         checkPoint.PrevTimeLineID = checkPoint.ThisTimeLineID;
    7029             : 
    7030             :     /*
    7031             :      * We must block concurrent insertions while examining insert state.
    7032             :      */
    7033        3046 :     WALInsertLockAcquireExclusive();
    7034             : 
    7035        3046 :     checkPoint.fullPageWrites = Insert->fullPageWrites;
    7036        3046 :     checkPoint.wal_level = wal_level;
    7037             : 
    7038        3046 :     if (shutdown)
    7039             :     {
    7040        1242 :         XLogRecPtr  curInsert = XLogBytePosToRecPtr(Insert->CurrBytePos);
    7041             : 
    7042             :         /*
    7043             :          * Compute new REDO record ptr = location of next XLOG record.
    7044             :          *
    7045             :          * Since this is a shutdown checkpoint, there can't be any concurrent
    7046             :          * WAL insertion.
    7047             :          */
    7048        1242 :         freespace = INSERT_FREESPACE(curInsert);
    7049        1242 :         if (freespace == 0)
    7050             :         {
    7051           0 :             if (XLogSegmentOffset(curInsert, wal_segment_size) == 0)
    7052           0 :                 curInsert += SizeOfXLogLongPHD;
    7053             :             else
    7054           0 :                 curInsert += SizeOfXLogShortPHD;
    7055             :         }
    7056        1242 :         checkPoint.redo = curInsert;
    7057             : 
    7058             :         /*
    7059             :          * Here we update the shared RedoRecPtr for future XLogInsert calls;
    7060             :          * this must be done while holding all the insertion locks.
    7061             :          *
    7062             :          * Note: if we fail to complete the checkpoint, RedoRecPtr will be
    7063             :          * left pointing past where it really needs to point.  This is okay;
    7064             :          * the only consequence is that XLogInsert might back up whole buffers
    7065             :          * that it didn't really need to.  We can't postpone advancing
    7066             :          * RedoRecPtr because XLogInserts that happen while we are dumping
    7067             :          * buffers must assume that their buffer changes are not included in
    7068             :          * the checkpoint.
    7069             :          */
    7070        1242 :         RedoRecPtr = XLogCtl->Insert.RedoRecPtr = checkPoint.redo;
    7071             :     }
    7072             : 
    7073             :     /*
    7074             :      * Now we can release the WAL insertion locks, allowing other xacts to
    7075             :      * proceed while we are flushing disk buffers.
    7076             :      */
    7077        3046 :     WALInsertLockRelease();
    7078             : 
    7079             :     /*
    7080             :      * If this is an online checkpoint, we have not yet determined the redo
    7081             :      * point. We do so now by inserting the special XLOG_CHECKPOINT_REDO
    7082             :      * record; the LSN at which it starts becomes the new redo pointer. We
    7083             :      * don't do this for a shutdown checkpoint, because in that case no WAL
    7084             :      * can be written between the redo point and the insertion of the
    7085             :      * checkpoint record itself, so the checkpoint record itself serves to
    7086             :      * mark the redo point.
    7087             :      */
    7088        3046 :     if (!shutdown)
    7089             :     {
    7090             :         /* Include WAL level in record for WAL summarizer's benefit. */
    7091        1804 :         XLogBeginInsert();
    7092        1804 :         XLogRegisterData(&wal_level, sizeof(wal_level));
    7093        1804 :         (void) XLogInsert(RM_XLOG_ID, XLOG_CHECKPOINT_REDO);
    7094             : 
    7095             :         /*
    7096             :          * XLogInsertRecord will have updated XLogCtl->Insert.RedoRecPtr in
    7097             :          * shared memory and RedoRecPtr in backend-local memory, but we need
    7098             :          * to copy that into the record that will be inserted when the
    7099             :          * checkpoint is complete.
    7100             :          */
    7101        1804 :         checkPoint.redo = RedoRecPtr;
    7102             :     }
    7103             : 
    7104             :     /* Update the info_lck-protected copy of RedoRecPtr as well */
    7105        3046 :     SpinLockAcquire(&XLogCtl->info_lck);
    7106        3046 :     XLogCtl->RedoRecPtr = checkPoint.redo;
    7107        3046 :     SpinLockRelease(&XLogCtl->info_lck);
    7108             : 
    7109             :     /*
    7110             :      * If enabled, log checkpoint start.  We postpone this until now so as not
    7111             :      * to log anything if we decided to skip the checkpoint.
    7112             :      */
    7113        3046 :     if (log_checkpoints)
    7114        2462 :         LogCheckpointStart(flags, false);
    7115             : 
    7116             :     /* Update the process title */
    7117        3046 :     update_checkpoint_display(flags, false, false);
    7118             : 
    7119             :     TRACE_POSTGRESQL_CHECKPOINT_START(flags);
    7120             : 
    7121             :     /*
    7122             :      * Get the other info we need for the checkpoint record.
    7123             :      *
    7124             :      * We don't need to save oldestClogXid in the checkpoint, it only matters
    7125             :      * for the short period in which clog is being truncated, and if we crash
    7126             :      * during that we'll redo the clog truncation and fix up oldestClogXid
    7127             :      * there.
    7128             :      */
    7129        3046 :     LWLockAcquire(XidGenLock, LW_SHARED);
    7130        3046 :     checkPoint.nextXid = TransamVariables->nextXid;
    7131        3046 :     checkPoint.oldestXid = TransamVariables->oldestXid;
    7132        3046 :     checkPoint.oldestXidDB = TransamVariables->oldestXidDB;
    7133        3046 :     LWLockRelease(XidGenLock);
    7134             : 
    7135        3046 :     LWLockAcquire(CommitTsLock, LW_SHARED);
    7136        3046 :     checkPoint.oldestCommitTsXid = TransamVariables->oldestCommitTsXid;
    7137        3046 :     checkPoint.newestCommitTsXid = TransamVariables->newestCommitTsXid;
    7138        3046 :     LWLockRelease(CommitTsLock);
    7139             : 
    7140        3046 :     LWLockAcquire(OidGenLock, LW_SHARED);
    7141        3046 :     checkPoint.nextOid = TransamVariables->nextOid;
    7142        3046 :     if (!shutdown)
    7143        1804 :         checkPoint.nextOid += TransamVariables->oidCount;
    7144        3046 :     LWLockRelease(OidGenLock);
    7145             : 
    7146        3046 :     MultiXactGetCheckptMulti(shutdown,
    7147             :                              &checkPoint.nextMulti,
    7148             :                              &checkPoint.nextMultiOffset,
    7149             :                              &checkPoint.oldestMulti,
    7150             :                              &checkPoint.oldestMultiDB);
    7151             : 
    7152             :     /*
    7153             :      * Having constructed the checkpoint record, ensure all shmem disk buffers
    7154             :      * and commit-log buffers are flushed to disk.
    7155             :      *
    7156             :      * This I/O could fail for various reasons.  If so, we will fail to
    7157             :      * complete the checkpoint, but there is no reason to force a system
    7158             :      * panic. Accordingly, exit critical section while doing it.
    7159             :      */
    7160        3046 :     END_CRIT_SECTION();
    7161             : 
    7162             :     /*
    7163             :      * In some cases there are groups of actions that must all occur on one
    7164             :      * side or the other of a checkpoint record. Before flushing the
    7165             :      * checkpoint record we must explicitly wait for any backend currently
    7166             :      * performing those groups of actions.
    7167             :      *
    7168             :      * One example is end of transaction, so we must wait for any transactions
    7169             :      * that are currently in commit critical sections.  If an xact inserted
    7170             :      * its commit record into XLOG just before the REDO point, then a crash
    7171             :      * restart from the REDO point would not replay that record, which means
    7172             :      * that our flushing had better include the xact's update of pg_xact.  So
    7173             :      * we wait till he's out of his commit critical section before proceeding.
    7174             :      * See notes in RecordTransactionCommit().
    7175             :      *
    7176             :      * Because we've already released the insertion locks, this test is a bit
    7177             :      * fuzzy: it is possible that we will wait for xacts we didn't really need
    7178             :      * to wait for.  But the delay should be short and it seems better to make
    7179             :      * checkpoint take a bit longer than to hold off insertions longer than
    7180             :      * necessary. (In fact, the whole reason we have this issue is that xact.c
    7181             :      * does commit record XLOG insertion and clog update as two separate steps
    7182             :      * protected by different locks, but again that seems best on grounds of
    7183             :      * minimizing lock contention.)
    7184             :      *
    7185             :      * A transaction that has not yet set delayChkptFlags when we look cannot
    7186             :      * be at risk, since it has not inserted its commit record yet; and one
    7187             :      * that's already cleared it is not at risk either, since it's done fixing
    7188             :      * clog and we will correctly flush the update below.  So we cannot miss
    7189             :      * any xacts we need to wait for.
    7190             :      */
    7191        3046 :     vxids = GetVirtualXIDsDelayingChkpt(&nvxids, DELAY_CHKPT_START);
    7192        3046 :     if (nvxids > 0)
    7193             :     {
    7194             :         do
    7195             :         {
    7196             :             /*
    7197             :              * Keep absorbing fsync requests while we wait. There could even
    7198             :              * be a deadlock if we don't, if the process that prevents the
    7199             :              * checkpoint is trying to add a request to the queue.
    7200             :              */
    7201         110 :             AbsorbSyncRequests();
    7202             : 
    7203         110 :             pgstat_report_wait_start(WAIT_EVENT_CHECKPOINT_DELAY_START);
    7204         110 :             pg_usleep(10000L);  /* wait for 10 msec */
    7205         110 :             pgstat_report_wait_end();
    7206         110 :         } while (HaveVirtualXIDsDelayingChkpt(vxids, nvxids,
    7207             :                                               DELAY_CHKPT_START));
    7208             :     }
    7209        3046 :     pfree(vxids);
    7210             : 
    7211        3046 :     CheckPointGuts(checkPoint.redo, flags);
    7212             : 
    7213        3046 :     vxids = GetVirtualXIDsDelayingChkpt(&nvxids, DELAY_CHKPT_COMPLETE);
    7214        3046 :     if (nvxids > 0)
    7215             :     {
    7216             :         do
    7217             :         {
    7218           0 :             AbsorbSyncRequests();
    7219             : 
    7220           0 :             pgstat_report_wait_start(WAIT_EVENT_CHECKPOINT_DELAY_COMPLETE);
    7221           0 :             pg_usleep(10000L);  /* wait for 10 msec */
    7222           0 :             pgstat_report_wait_end();
    7223           0 :         } while (HaveVirtualXIDsDelayingChkpt(vxids, nvxids,
    7224             :                                               DELAY_CHKPT_COMPLETE));
    7225             :     }
    7226        3046 :     pfree(vxids);
    7227             : 
    7228             :     /*
    7229             :      * Take a snapshot of running transactions and write this to WAL. This
    7230             :      * allows us to reconstruct the state of running transactions during
    7231             :      * archive recovery, if required. Skip, if this info disabled.
    7232             :      *
    7233             :      * If we are shutting down, or Startup process is completing crash
    7234             :      * recovery we don't need to write running xact data.
    7235             :      */
    7236        3046 :     if (!shutdown && XLogStandbyInfoActive())
    7237        1708 :         LogStandbySnapshot();
    7238             : 
    7239        3046 :     START_CRIT_SECTION();
    7240             : 
    7241             :     /*
    7242             :      * Now insert the checkpoint record into XLOG.
    7243             :      */
    7244        3046 :     XLogBeginInsert();
    7245        3046 :     XLogRegisterData(&checkPoint, sizeof(checkPoint));
    7246        3046 :     recptr = XLogInsert(RM_XLOG_ID,
    7247             :                         shutdown ? XLOG_CHECKPOINT_SHUTDOWN :
    7248             :                         XLOG_CHECKPOINT_ONLINE);
    7249             : 
    7250        3046 :     XLogFlush(recptr);
    7251             : 
    7252             :     /*
    7253             :      * We mustn't write any new WAL after a shutdown checkpoint, or it will be
    7254             :      * overwritten at next startup.  No-one should even try, this just allows
    7255             :      * sanity-checking.  In the case of an end-of-recovery checkpoint, we want
    7256             :      * to just temporarily disable writing until the system has exited
    7257             :      * recovery.
    7258             :      */
    7259        3046 :     if (shutdown)
    7260             :     {
    7261        1242 :         if (flags & CHECKPOINT_END_OF_RECOVERY)
    7262          58 :             LocalXLogInsertAllowed = oldXLogAllowed;
    7263             :         else
    7264        1184 :             LocalXLogInsertAllowed = 0; /* never again write WAL */
    7265             :     }
    7266             : 
    7267             :     /*
    7268             :      * We now have ProcLastRecPtr = start of actual checkpoint record, recptr
    7269             :      * = end of actual checkpoint record.
    7270             :      */
    7271        3046 :     if (shutdown && checkPoint.redo != ProcLastRecPtr)
    7272           0 :         ereport(PANIC,
    7273             :                 (errmsg("concurrent write-ahead log activity while database system is shutting down")));
    7274             : 
    7275             :     /*
    7276             :      * Remember the prior checkpoint's redo ptr for
    7277             :      * UpdateCheckPointDistanceEstimate()
    7278             :      */
    7279        3046 :     PriorRedoPtr = ControlFile->checkPointCopy.redo;
    7280             : 
    7281             :     /*
    7282             :      * Update the control file.
    7283             :      */
    7284        3046 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    7285        3046 :     if (shutdown)
    7286        1242 :         ControlFile->state = DB_SHUTDOWNED;
    7287        3046 :     ControlFile->checkPoint = ProcLastRecPtr;
    7288        3046 :     ControlFile->checkPointCopy = checkPoint;
    7289             :     /* crash recovery should always recover to the end of WAL */
    7290        3046 :     ControlFile->minRecoveryPoint = InvalidXLogRecPtr;
    7291        3046 :     ControlFile->minRecoveryPointTLI = 0;
    7292             : 
    7293             :     /*
    7294             :      * Persist unloggedLSN value. It's reset on crash recovery, so this goes
    7295             :      * unused on non-shutdown checkpoints, but seems useful to store it always
    7296             :      * for debugging purposes.
    7297             :      */
    7298        3046 :     ControlFile->unloggedLSN = pg_atomic_read_membarrier_u64(&XLogCtl->unloggedLSN);
    7299             : 
    7300        3046 :     UpdateControlFile();
    7301        3046 :     LWLockRelease(ControlFileLock);
    7302             : 
    7303             :     /*
    7304             :      * We are now done with critical updates; no need for system panic if we
    7305             :      * have trouble while fooling with old log segments.
    7306             :      */
    7307        3046 :     END_CRIT_SECTION();
    7308             : 
    7309             :     /*
    7310             :      * WAL summaries end when the next XLOG_CHECKPOINT_REDO or
    7311             :      * XLOG_CHECKPOINT_SHUTDOWN record is reached. This is the first point
    7312             :      * where (a) we're not inside of a critical section and (b) we can be
    7313             :      * certain that the relevant record has been flushed to disk, which must
    7314             :      * happen before it can be summarized.
    7315             :      *
    7316             :      * If this is a shutdown checkpoint, then this happens reasonably
    7317             :      * promptly: we've only just inserted and flushed the
    7318             :      * XLOG_CHECKPOINT_SHUTDOWN record. If this is not a shutdown checkpoint,
    7319             :      * then this might not be very prompt at all: the XLOG_CHECKPOINT_REDO
    7320             :      * record was written before we began flushing data to disk, and that
    7321             :      * could be many minutes ago at this point. However, we don't XLogFlush()
    7322             :      * after inserting that record, so we're not guaranteed that it's on disk
    7323             :      * until after the above call that flushes the XLOG_CHECKPOINT_ONLINE
    7324             :      * record.
    7325             :      */
    7326        3046 :     WakeupWalSummarizer();
    7327             : 
    7328             :     /*
    7329             :      * Let smgr do post-checkpoint cleanup (eg, deleting old files).
    7330             :      */
    7331        3046 :     SyncPostCheckpoint();
    7332             : 
    7333             :     /*
    7334             :      * Update the average distance between checkpoints if the prior checkpoint
    7335             :      * exists.
    7336             :      */
    7337        3046 :     if (PriorRedoPtr != InvalidXLogRecPtr)
    7338        3046 :         UpdateCheckPointDistanceEstimate(RedoRecPtr - PriorRedoPtr);
    7339             : 
    7340             : #ifdef USE_INJECTION_POINTS
    7341        3046 :     INJECTION_POINT("checkpoint-before-old-wal-removal", NULL);
    7342             : #endif
    7343             : 
    7344             :     /*
    7345             :      * Delete old log files, those no longer needed for last checkpoint to
    7346             :      * prevent the disk holding the xlog from growing full.
    7347             :      */
    7348        3046 :     XLByteToSeg(RedoRecPtr, _logSegNo, wal_segment_size);
    7349        3046 :     KeepLogSeg(recptr, &_logSegNo);
    7350        3046 :     if (InvalidateObsoleteReplicationSlots(RS_INVAL_WAL_REMOVED | RS_INVAL_IDLE_TIMEOUT,
    7351             :                                            _logSegNo, InvalidOid,
    7352             :                                            InvalidTransactionId))
    7353             :     {
    7354             :         /*
    7355             :          * Some slots have been invalidated; recalculate the old-segment
    7356             :          * horizon, starting again from RedoRecPtr.
    7357             :          */
    7358           6 :         XLByteToSeg(RedoRecPtr, _logSegNo, wal_segment_size);
    7359           6 :         KeepLogSeg(recptr, &_logSegNo);
    7360             :     }
    7361        3046 :     _logSegNo--;
    7362        3046 :     RemoveOldXlogFiles(_logSegNo, RedoRecPtr, recptr,
    7363             :                        checkPoint.ThisTimeLineID);
    7364             : 
    7365             :     /*
    7366             :      * Make more log segments if needed.  (Do this after recycling old log
    7367             :      * segments, since that may supply some of the needed files.)
    7368             :      */
    7369        3046 :     if (!shutdown)
    7370        1804 :         PreallocXlogFiles(recptr, checkPoint.ThisTimeLineID);
    7371             : 
    7372             :     /*
    7373             :      * Truncate pg_subtrans if possible.  We can throw away all data before
    7374             :      * the oldest XMIN of any running transaction.  No future transaction will
    7375             :      * attempt to reference any pg_subtrans entry older than that (see Asserts
    7376             :      * in subtrans.c).  During recovery, though, we mustn't do this because
    7377             :      * StartupSUBTRANS hasn't been called yet.
    7378             :      */
    7379        3046 :     if (!RecoveryInProgress())
    7380        2988 :         TruncateSUBTRANS(GetOldestTransactionIdConsideredRunning());
    7381             : 
    7382             :     /* Real work is done; log and update stats. */
    7383        3046 :     LogCheckpointEnd(false);
    7384             : 
    7385             :     /* Reset the process title */
    7386        3046 :     update_checkpoint_display(flags, false, true);
    7387             : 
    7388             :     TRACE_POSTGRESQL_CHECKPOINT_DONE(CheckpointStats.ckpt_bufs_written,
    7389             :                                      NBuffers,
    7390             :                                      CheckpointStats.ckpt_segs_added,
    7391             :                                      CheckpointStats.ckpt_segs_removed,
    7392             :                                      CheckpointStats.ckpt_segs_recycled);
    7393             : 
    7394        3046 :     return true;
    7395             : }
    7396             : 
    7397             : /*
    7398             :  * Mark the end of recovery in WAL though without running a full checkpoint.
    7399             :  * We can expect that a restartpoint is likely to be in progress as we
    7400             :  * do this, though we are unwilling to wait for it to complete.
    7401             :  *
    7402             :  * CreateRestartPoint() allows for the case where recovery may end before
    7403             :  * the restartpoint completes so there is no concern of concurrent behaviour.
    7404             :  */
    7405             : static void
    7406          84 : CreateEndOfRecoveryRecord(void)
    7407             : {
    7408             :     xl_end_of_recovery xlrec;
    7409             :     XLogRecPtr  recptr;
    7410             : 
    7411             :     /* sanity check */
    7412          84 :     if (!RecoveryInProgress())
    7413           0 :         elog(ERROR, "can only be used to end recovery");
    7414             : 
    7415          84 :     xlrec.end_time = GetCurrentTimestamp();
    7416          84 :     xlrec.wal_level = wal_level;
    7417             : 
    7418          84 :     WALInsertLockAcquireExclusive();
    7419          84 :     xlrec.ThisTimeLineID = XLogCtl->InsertTimeLineID;
    7420          84 :     xlrec.PrevTimeLineID = XLogCtl->PrevTimeLineID;
    7421          84 :     WALInsertLockRelease();
    7422             : 
    7423          84 :     START_CRIT_SECTION();
    7424             : 
    7425          84 :     XLogBeginInsert();
    7426          84 :     XLogRegisterData(&xlrec, sizeof(xl_end_of_recovery));
    7427          84 :     recptr = XLogInsert(RM_XLOG_ID, XLOG_END_OF_RECOVERY);
    7428             : 
    7429          84 :     XLogFlush(recptr);
    7430             : 
    7431             :     /*
    7432             :      * Update the control file so that crash recovery can follow the timeline
    7433             :      * changes to this point.
    7434             :      */
    7435          84 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    7436          84 :     ControlFile->minRecoveryPoint = recptr;
    7437          84 :     ControlFile->minRecoveryPointTLI = xlrec.ThisTimeLineID;
    7438          84 :     UpdateControlFile();
    7439          84 :     LWLockRelease(ControlFileLock);
    7440             : 
    7441          84 :     END_CRIT_SECTION();
    7442          84 : }
    7443             : 
    7444             : /*
    7445             :  * Write an OVERWRITE_CONTRECORD message.
    7446             :  *
    7447             :  * When on WAL replay we expect a continuation record at the start of a page
    7448             :  * that is not there, recovery ends and WAL writing resumes at that point.
    7449             :  * But it's wrong to resume writing new WAL back at the start of the record
    7450             :  * that was broken, because downstream consumers of that WAL (physical
    7451             :  * replicas) are not prepared to "rewind".  So the first action after
    7452             :  * finishing replay of all valid WAL must be to write a record of this type
    7453             :  * at the point where the contrecord was missing; to support xlogreader
    7454             :  * detecting the special case, XLP_FIRST_IS_OVERWRITE_CONTRECORD is also added
    7455             :  * to the page header where the record occurs.  xlogreader has an ad-hoc
    7456             :  * mechanism to report metadata about the broken record, which is what we
    7457             :  * use here.
    7458             :  *
    7459             :  * At replay time, XLP_FIRST_IS_OVERWRITE_CONTRECORD instructs xlogreader to
    7460             :  * skip the record it was reading, and pass back the LSN of the skipped
    7461             :  * record, so that its caller can verify (on "replay" of that record) that the
    7462             :  * XLOG_OVERWRITE_CONTRECORD matches what was effectively overwritten.
    7463             :  *
    7464             :  * 'aborted_lsn' is the beginning position of the record that was incomplete.
    7465             :  * It is included in the WAL record.  'pagePtr' and 'newTLI' point to the
    7466             :  * beginning of the XLOG page where the record is to be inserted.  They must
    7467             :  * match the current WAL insert position, they're passed here just so that we
    7468             :  * can verify that.
    7469             :  */
    7470             : static XLogRecPtr
    7471          22 : CreateOverwriteContrecordRecord(XLogRecPtr aborted_lsn, XLogRecPtr pagePtr,
    7472             :                                 TimeLineID newTLI)
    7473             : {
    7474             :     xl_overwrite_contrecord xlrec;
    7475             :     XLogRecPtr  recptr;
    7476             :     XLogPageHeader pagehdr;
    7477             :     XLogRecPtr  startPos;
    7478             : 
    7479             :     /* sanity checks */
    7480          22 :     if (!RecoveryInProgress())
    7481           0 :         elog(ERROR, "can only be used at end of recovery");
    7482          22 :     if (pagePtr % XLOG_BLCKSZ != 0)
    7483           0 :         elog(ERROR, "invalid position for missing continuation record %X/%08X",
    7484             :              LSN_FORMAT_ARGS(pagePtr));
    7485             : 
    7486             :     /* The current WAL insert position should be right after the page header */
    7487          22 :     startPos = pagePtr;
    7488          22 :     if (XLogSegmentOffset(startPos, wal_segment_size) == 0)
    7489           2 :         startPos += SizeOfXLogLongPHD;
    7490             :     else
    7491          20 :         startPos += SizeOfXLogShortPHD;
    7492          22 :     recptr = GetXLogInsertRecPtr();
    7493          22 :     if (recptr != startPos)
    7494           0 :         elog(ERROR, "invalid WAL insert position %X/%08X for OVERWRITE_CONTRECORD",
    7495             :              LSN_FORMAT_ARGS(recptr));
    7496             : 
    7497          22 :     START_CRIT_SECTION();
    7498             : 
    7499             :     /*
    7500             :      * Initialize the XLOG page header (by GetXLogBuffer), and set the
    7501             :      * XLP_FIRST_IS_OVERWRITE_CONTRECORD flag.
    7502             :      *
    7503             :      * No other backend is allowed to write WAL yet, so acquiring the WAL
    7504             :      * insertion lock is just pro forma.
    7505             :      */
    7506          22 :     WALInsertLockAcquire();
    7507          22 :     pagehdr = (XLogPageHeader) GetXLogBuffer(pagePtr, newTLI);
    7508          22 :     pagehdr->xlp_info |= XLP_FIRST_IS_OVERWRITE_CONTRECORD;
    7509          22 :     WALInsertLockRelease();
    7510             : 
    7511             :     /*
    7512             :      * Insert the XLOG_OVERWRITE_CONTRECORD record as the first record on the
    7513             :      * page.  We know it becomes the first record, because no other backend is
    7514             :      * allowed to write WAL yet.
    7515             :      */
    7516          22 :     XLogBeginInsert();
    7517          22 :     xlrec.overwritten_lsn = aborted_lsn;
    7518          22 :     xlrec.overwrite_time = GetCurrentTimestamp();
    7519          22 :     XLogRegisterData(&xlrec, sizeof(xl_overwrite_contrecord));
    7520          22 :     recptr = XLogInsert(RM_XLOG_ID, XLOG_OVERWRITE_CONTRECORD);
    7521             : 
    7522             :     /* check that the record was inserted to the right place */
    7523          22 :     if (ProcLastRecPtr != startPos)
    7524           0 :         elog(ERROR, "OVERWRITE_CONTRECORD was inserted to unexpected position %X/%08X",
    7525             :              LSN_FORMAT_ARGS(ProcLastRecPtr));
    7526             : 
    7527          22 :     XLogFlush(recptr);
    7528             : 
    7529          22 :     END_CRIT_SECTION();
    7530             : 
    7531          22 :     return recptr;
    7532             : }
    7533             : 
    7534             : /*
    7535             :  * Flush all data in shared memory to disk, and fsync
    7536             :  *
    7537             :  * This is the common code shared between regular checkpoints and
    7538             :  * recovery restartpoints.
    7539             :  */
    7540             : static void
    7541        3422 : CheckPointGuts(XLogRecPtr checkPointRedo, int flags)
    7542             : {
    7543        3422 :     CheckPointRelationMap();
    7544        3422 :     CheckPointReplicationSlots(flags & CHECKPOINT_IS_SHUTDOWN);
    7545        3422 :     CheckPointSnapBuild();
    7546        3422 :     CheckPointLogicalRewriteHeap();
    7547        3422 :     CheckPointReplicationOrigin();
    7548             : 
    7549             :     /* Write out all dirty data in SLRUs and the main buffer pool */
    7550             :     TRACE_POSTGRESQL_BUFFER_CHECKPOINT_START(flags);
    7551        3422 :     CheckpointStats.ckpt_write_t = GetCurrentTimestamp();
    7552        3422 :     CheckPointCLOG();
    7553        3422 :     CheckPointCommitTs();
    7554        3422 :     CheckPointSUBTRANS();
    7555        3422 :     CheckPointMultiXact();
    7556        3422 :     CheckPointPredicate();
    7557        3422 :     CheckPointBuffers(flags);
    7558             : 
    7559             :     /* Perform all queued up fsyncs */
    7560             :     TRACE_POSTGRESQL_BUFFER_CHECKPOINT_SYNC_START();
    7561        3422 :     CheckpointStats.ckpt_sync_t = GetCurrentTimestamp();
    7562        3422 :     ProcessSyncRequests();
    7563        3422 :     CheckpointStats.ckpt_sync_end_t = GetCurrentTimestamp();
    7564             :     TRACE_POSTGRESQL_BUFFER_CHECKPOINT_DONE();
    7565             : 
    7566             :     /* We deliberately delay 2PC checkpointing as long as possible */
    7567        3422 :     CheckPointTwoPhase(checkPointRedo);
    7568        3422 : }
    7569             : 
    7570             : /*
    7571             :  * Save a checkpoint for recovery restart if appropriate
    7572             :  *
    7573             :  * This function is called each time a checkpoint record is read from XLOG.
    7574             :  * It must determine whether the checkpoint represents a safe restartpoint or
    7575             :  * not.  If so, the checkpoint record is stashed in shared memory so that
    7576             :  * CreateRestartPoint can consult it.  (Note that the latter function is
    7577             :  * executed by the checkpointer, while this one will be executed by the
    7578             :  * startup process.)
    7579             :  */
    7580             : static void
    7581        1420 : RecoveryRestartPoint(const CheckPoint *checkPoint, XLogReaderState *record)
    7582             : {
    7583             :     /*
    7584             :      * Also refrain from creating a restartpoint if we have seen any
    7585             :      * references to non-existent pages. Restarting recovery from the
    7586             :      * restartpoint would not see the references, so we would lose the
    7587             :      * cross-check that the pages belonged to a relation that was dropped
    7588             :      * later.
    7589             :      */
    7590        1420 :     if (XLogHaveInvalidPages())
    7591             :     {
    7592           0 :         elog(DEBUG2,
    7593             :              "could not record restart point at %X/%08X because there are unresolved references to invalid pages",
    7594             :              LSN_FORMAT_ARGS(checkPoint->redo));
    7595           0 :         return;
    7596             :     }
    7597             : 
    7598             :     /*
    7599             :      * Copy the checkpoint record to shared memory, so that checkpointer can
    7600             :      * work out the next time it wants to perform a restartpoint.
    7601             :      */
    7602        1420 :     SpinLockAcquire(&XLogCtl->info_lck);
    7603        1420 :     XLogCtl->lastCheckPointRecPtr = record->ReadRecPtr;
    7604        1420 :     XLogCtl->lastCheckPointEndPtr = record->EndRecPtr;
    7605        1420 :     XLogCtl->lastCheckPoint = *checkPoint;
    7606        1420 :     SpinLockRelease(&XLogCtl->info_lck);
    7607             : }
    7608             : 
    7609             : /*
    7610             :  * Establish a restartpoint if possible.
    7611             :  *
    7612             :  * This is similar to CreateCheckPoint, but is used during WAL recovery
    7613             :  * to establish a point from which recovery can roll forward without
    7614             :  * replaying the entire recovery log.
    7615             :  *
    7616             :  * Returns true if a new restartpoint was established. We can only establish
    7617             :  * a restartpoint if we have replayed a safe checkpoint record since last
    7618             :  * restartpoint.
    7619             :  */
    7620             : bool
    7621        1166 : CreateRestartPoint(int flags)
    7622             : {
    7623             :     XLogRecPtr  lastCheckPointRecPtr;
    7624             :     XLogRecPtr  lastCheckPointEndPtr;
    7625             :     CheckPoint  lastCheckPoint;
    7626             :     XLogRecPtr  PriorRedoPtr;
    7627             :     XLogRecPtr  receivePtr;
    7628             :     XLogRecPtr  replayPtr;
    7629             :     TimeLineID  replayTLI;
    7630             :     XLogRecPtr  endptr;
    7631             :     XLogSegNo   _logSegNo;
    7632             :     TimestampTz xtime;
    7633             : 
    7634             :     /* Concurrent checkpoint/restartpoint cannot happen */
    7635             :     Assert(!IsUnderPostmaster || MyBackendType == B_CHECKPOINTER);
    7636             : 
    7637             :     /* Get a local copy of the last safe checkpoint record. */
    7638        1166 :     SpinLockAcquire(&XLogCtl->info_lck);
    7639        1166 :     lastCheckPointRecPtr = XLogCtl->lastCheckPointRecPtr;
    7640        1166 :     lastCheckPointEndPtr = XLogCtl->lastCheckPointEndPtr;
    7641        1166 :     lastCheckPoint = XLogCtl->lastCheckPoint;
    7642        1166 :     SpinLockRelease(&XLogCtl->info_lck);
    7643             : 
    7644             :     /*
    7645             :      * Check that we're still in recovery mode. It's ok if we exit recovery
    7646             :      * mode after this check, the restart point is valid anyway.
    7647             :      */
    7648        1166 :     if (!RecoveryInProgress())
    7649             :     {
    7650           0 :         ereport(DEBUG2,
    7651             :                 (errmsg_internal("skipping restartpoint, recovery has already ended")));
    7652           0 :         return false;
    7653             :     }
    7654             : 
    7655             :     /*
    7656             :      * If the last checkpoint record we've replayed is already our last
    7657             :      * restartpoint, we can't perform a new restart point. We still update
    7658             :      * minRecoveryPoint in that case, so that if this is a shutdown restart
    7659             :      * point, we won't start up earlier than before. That's not strictly
    7660             :      * necessary, but when hot standby is enabled, it would be rather weird if
    7661             :      * the database opened up for read-only connections at a point-in-time
    7662             :      * before the last shutdown. Such time travel is still possible in case of
    7663             :      * immediate shutdown, though.
    7664             :      *
    7665             :      * We don't explicitly advance minRecoveryPoint when we do create a
    7666             :      * restartpoint. It's assumed that flushing the buffers will do that as a
    7667             :      * side-effect.
    7668             :      */
    7669        1166 :     if (XLogRecPtrIsInvalid(lastCheckPointRecPtr) ||
    7670         504 :         lastCheckPoint.redo <= ControlFile->checkPointCopy.redo)
    7671             :     {
    7672         790 :         ereport(DEBUG2,
    7673             :                 errmsg_internal("skipping restartpoint, already performed at %X/%08X",
    7674             :                                 LSN_FORMAT_ARGS(lastCheckPoint.redo)));
    7675             : 
    7676         790 :         UpdateMinRecoveryPoint(InvalidXLogRecPtr, true);
    7677         790 :         if (flags & CHECKPOINT_IS_SHUTDOWN)
    7678             :         {
    7679          68 :             LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    7680          68 :             ControlFile->state = DB_SHUTDOWNED_IN_RECOVERY;
    7681          68 :             UpdateControlFile();
    7682          68 :             LWLockRelease(ControlFileLock);
    7683             :         }
    7684         790 :         return false;
    7685             :     }
    7686             : 
    7687             :     /*
    7688             :      * Update the shared RedoRecPtr so that the startup process can calculate
    7689             :      * the number of segments replayed since last restartpoint, and request a
    7690             :      * restartpoint if it exceeds CheckPointSegments.
    7691             :      *
    7692             :      * Like in CreateCheckPoint(), hold off insertions to update it, although
    7693             :      * during recovery this is just pro forma, because no WAL insertions are
    7694             :      * happening.
    7695             :      */
    7696         376 :     WALInsertLockAcquireExclusive();
    7697         376 :     RedoRecPtr = XLogCtl->Insert.RedoRecPtr = lastCheckPoint.redo;
    7698         376 :     WALInsertLockRelease();
    7699             : 
    7700             :     /* Also update the info_lck-protected copy */
    7701         376 :     SpinLockAcquire(&XLogCtl->info_lck);
    7702         376 :     XLogCtl->RedoRecPtr = lastCheckPoint.redo;
    7703         376 :     SpinLockRelease(&XLogCtl->info_lck);
    7704             : 
    7705             :     /*
    7706             :      * Prepare to accumulate statistics.
    7707             :      *
    7708             :      * Note: because it is possible for log_checkpoints to change while a
    7709             :      * checkpoint proceeds, we always accumulate stats, even if
    7710             :      * log_checkpoints is currently off.
    7711             :      */
    7712        4136 :     MemSet(&CheckpointStats, 0, sizeof(CheckpointStats));
    7713         376 :     CheckpointStats.ckpt_start_t = GetCurrentTimestamp();
    7714             : 
    7715         376 :     if (log_checkpoints)
    7716         376 :         LogCheckpointStart(flags, true);
    7717             : 
    7718             :     /* Update the process title */
    7719         376 :     update_checkpoint_display(flags, true, false);
    7720             : 
    7721         376 :     CheckPointGuts(lastCheckPoint.redo, flags);
    7722             : 
    7723             :     /*
    7724             :      * This location needs to be after CheckPointGuts() to ensure that some
    7725             :      * work has already happened during this checkpoint.
    7726             :      */
    7727         376 :     INJECTION_POINT("create-restart-point", NULL);
    7728             : 
    7729             :     /*
    7730             :      * Remember the prior checkpoint's redo ptr for
    7731             :      * UpdateCheckPointDistanceEstimate()
    7732             :      */
    7733         376 :     PriorRedoPtr = ControlFile->checkPointCopy.redo;
    7734             : 
    7735             :     /*
    7736             :      * Update pg_control, using current time.  Check that it still shows an
    7737             :      * older checkpoint, else do nothing; this is a quick hack to make sure
    7738             :      * nothing really bad happens if somehow we get here after the
    7739             :      * end-of-recovery checkpoint.
    7740             :      */
    7741         376 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    7742         376 :     if (ControlFile->checkPointCopy.redo < lastCheckPoint.redo)
    7743             :     {
    7744             :         /*
    7745             :          * Update the checkpoint information.  We do this even if the cluster
    7746             :          * does not show DB_IN_ARCHIVE_RECOVERY to match with the set of WAL
    7747             :          * segments recycled below.
    7748             :          */
    7749         376 :         ControlFile->checkPoint = lastCheckPointRecPtr;
    7750         376 :         ControlFile->checkPointCopy = lastCheckPoint;
    7751             : 
    7752             :         /*
    7753             :          * Ensure minRecoveryPoint is past the checkpoint record and update it
    7754             :          * if the control file still shows DB_IN_ARCHIVE_RECOVERY.  Normally,
    7755             :          * this will have happened already while writing out dirty buffers,
    7756             :          * but not necessarily - e.g. because no buffers were dirtied.  We do
    7757             :          * this because a backup performed in recovery uses minRecoveryPoint
    7758             :          * to determine which WAL files must be included in the backup, and
    7759             :          * the file (or files) containing the checkpoint record must be
    7760             :          * included, at a minimum.  Note that for an ordinary restart of
    7761             :          * recovery there's no value in having the minimum recovery point any
    7762             :          * earlier than this anyway, because redo will begin just after the
    7763             :          * checkpoint record.
    7764             :          */
    7765         376 :         if (ControlFile->state == DB_IN_ARCHIVE_RECOVERY)
    7766             :         {
    7767         376 :             if (ControlFile->minRecoveryPoint < lastCheckPointEndPtr)
    7768             :             {
    7769          40 :                 ControlFile->minRecoveryPoint = lastCheckPointEndPtr;
    7770          40 :                 ControlFile->minRecoveryPointTLI = lastCheckPoint.ThisTimeLineID;
    7771             : 
    7772             :                 /* update local copy */
    7773          40 :                 LocalMinRecoveryPoint = ControlFile->minRecoveryPoint;
    7774          40 :                 LocalMinRecoveryPointTLI = ControlFile->minRecoveryPointTLI;
    7775             :             }
    7776         376 :             if (flags & CHECKPOINT_IS_SHUTDOWN)
    7777          42 :                 ControlFile->state = DB_SHUTDOWNED_IN_RECOVERY;
    7778             :         }
    7779         376 :         UpdateControlFile();
    7780             :     }
    7781         376 :     LWLockRelease(ControlFileLock);
    7782             : 
    7783             :     /*
    7784             :      * Update the average distance between checkpoints/restartpoints if the
    7785             :      * prior checkpoint exists.
    7786             :      */
    7787         376 :     if (PriorRedoPtr != InvalidXLogRecPtr)
    7788         376 :         UpdateCheckPointDistanceEstimate(RedoRecPtr - PriorRedoPtr);
    7789             : 
    7790             :     /*
    7791             :      * Delete old log files, those no longer needed for last restartpoint to
    7792             :      * prevent the disk holding the xlog from growing full.
    7793             :      */
    7794         376 :     XLByteToSeg(RedoRecPtr, _logSegNo, wal_segment_size);
    7795             : 
    7796             :     /*
    7797             :      * Retreat _logSegNo using the current end of xlog replayed or received,
    7798             :      * whichever is later.
    7799             :      */
    7800         376 :     receivePtr = GetWalRcvFlushRecPtr(NULL, NULL);
    7801         376 :     replayPtr = GetXLogReplayRecPtr(&replayTLI);
    7802         376 :     endptr = (receivePtr < replayPtr) ? replayPtr : receivePtr;
    7803         376 :     KeepLogSeg(endptr, &_logSegNo);
    7804         376 :     if (InvalidateObsoleteReplicationSlots(RS_INVAL_WAL_REMOVED | RS_INVAL_IDLE_TIMEOUT,
    7805             :                                            _logSegNo, InvalidOid,
    7806             :                                            InvalidTransactionId))
    7807             :     {
    7808             :         /*
    7809             :          * Some slots have been invalidated; recalculate the old-segment
    7810             :          * horizon, starting again from RedoRecPtr.
    7811             :          */
    7812           2 :         XLByteToSeg(RedoRecPtr, _logSegNo, wal_segment_size);
    7813           2 :         KeepLogSeg(endptr, &_logSegNo);
    7814             :     }
    7815         376 :     _logSegNo--;
    7816             : 
    7817             :     /*
    7818             :      * Try to recycle segments on a useful timeline. If we've been promoted
    7819             :      * since the beginning of this restartpoint, use the new timeline chosen
    7820             :      * at end of recovery.  If we're still in recovery, use the timeline we're
    7821             :      * currently replaying.
    7822             :      *
    7823             :      * There is no guarantee that the WAL segments will be useful on the
    7824             :      * current timeline; if recovery proceeds to a new timeline right after
    7825             :      * this, the pre-allocated WAL segments on this timeline will not be used,
    7826             :      * and will go wasted until recycled on the next restartpoint. We'll live
    7827             :      * with that.
    7828             :      */
    7829         376 :     if (!RecoveryInProgress())
    7830           0 :         replayTLI = XLogCtl->InsertTimeLineID;
    7831             : 
    7832         376 :     RemoveOldXlogFiles(_logSegNo, RedoRecPtr, endptr, replayTLI);
    7833             : 
    7834             :     /*
    7835             :      * Make more log segments if needed.  (Do this after recycling old log
    7836             :      * segments, since that may supply some of the needed files.)
    7837             :      */
    7838         376 :     PreallocXlogFiles(endptr, replayTLI);
    7839             : 
    7840             :     /*
    7841             :      * Truncate pg_subtrans if possible.  We can throw away all data before
    7842             :      * the oldest XMIN of any running transaction.  No future transaction will
    7843             :      * attempt to reference any pg_subtrans entry older than that (see Asserts
    7844             :      * in subtrans.c).  When hot standby is disabled, though, we mustn't do
    7845             :      * this because StartupSUBTRANS hasn't been called yet.
    7846             :      */
    7847         376 :     if (EnableHotStandby)
    7848         376 :         TruncateSUBTRANS(GetOldestTransactionIdConsideredRunning());
    7849             : 
    7850             :     /* Real work is done; log and update stats. */
    7851         376 :     LogCheckpointEnd(true);
    7852             : 
    7853             :     /* Reset the process title */
    7854         376 :     update_checkpoint_display(flags, true, true);
    7855             : 
    7856         376 :     xtime = GetLatestXTime();
    7857         376 :     ereport((log_checkpoints ? LOG : DEBUG2),
    7858             :             errmsg("recovery restart point at %X/%08X",
    7859             :                    LSN_FORMAT_ARGS(lastCheckPoint.redo)),
    7860             :             xtime ? errdetail("Last completed transaction was at log time %s.",
    7861             :                               timestamptz_to_str(xtime)) : 0);
    7862             : 
    7863             :     /*
    7864             :      * Finally, execute archive_cleanup_command, if any.
    7865             :      */
    7866         376 :     if (archiveCleanupCommand && strcmp(archiveCleanupCommand, "") != 0)
    7867           0 :         ExecuteRecoveryCommand(archiveCleanupCommand,
    7868             :                                "archive_cleanup_command",
    7869             :                                false,
    7870             :                                WAIT_EVENT_ARCHIVE_CLEANUP_COMMAND);
    7871             : 
    7872         376 :     return true;
    7873             : }
    7874             : 
    7875             : /*
    7876             :  * Report availability of WAL for the given target LSN
    7877             :  *      (typically a slot's restart_lsn)
    7878             :  *
    7879             :  * Returns one of the following enum values:
    7880             :  *
    7881             :  * * WALAVAIL_RESERVED means targetLSN is available and it is in the range of
    7882             :  *   max_wal_size.
    7883             :  *
    7884             :  * * WALAVAIL_EXTENDED means it is still available by preserving extra
    7885             :  *   segments beyond max_wal_size. If max_slot_wal_keep_size is smaller
    7886             :  *   than max_wal_size, this state is not returned.
    7887             :  *
    7888             :  * * WALAVAIL_UNRESERVED means it is being lost and the next checkpoint will
    7889             :  *   remove reserved segments. The walsender using this slot may return to the
    7890             :  *   above.
    7891             :  *
    7892             :  * * WALAVAIL_REMOVED means it has been removed. A replication stream on
    7893             :  *   a slot with this LSN cannot continue.  (Any associated walsender
    7894             :  *   processes should have been terminated already.)
    7895             :  *
    7896             :  * * WALAVAIL_INVALID_LSN means the slot hasn't been set to reserve WAL.
    7897             :  */
    7898             : WALAvailability
    7899        1034 : GetWALAvailability(XLogRecPtr targetLSN)
    7900             : {
    7901             :     XLogRecPtr  currpos;        /* current write LSN */
    7902             :     XLogSegNo   currSeg;        /* segid of currpos */
    7903             :     XLogSegNo   targetSeg;      /* segid of targetLSN */
    7904             :     XLogSegNo   oldestSeg;      /* actual oldest segid */
    7905             :     XLogSegNo   oldestSegMaxWalSize;    /* oldest segid kept by max_wal_size */
    7906             :     XLogSegNo   oldestSlotSeg;  /* oldest segid kept by slot */
    7907             :     uint64      keepSegs;
    7908             : 
    7909             :     /*
    7910             :      * slot does not reserve WAL. Either deactivated, or has never been active
    7911             :      */
    7912        1034 :     if (XLogRecPtrIsInvalid(targetLSN))
    7913          64 :         return WALAVAIL_INVALID_LSN;
    7914             : 
    7915             :     /*
    7916             :      * Calculate the oldest segment currently reserved by all slots,
    7917             :      * considering wal_keep_size and max_slot_wal_keep_size.  Initialize
    7918             :      * oldestSlotSeg to the current segment.
    7919             :      */
    7920         970 :     currpos = GetXLogWriteRecPtr();
    7921         970 :     XLByteToSeg(currpos, oldestSlotSeg, wal_segment_size);
    7922         970 :     KeepLogSeg(currpos, &oldestSlotSeg);
    7923             : 
    7924             :     /*
    7925             :      * Find the oldest extant segment file. We get 1 until checkpoint removes
    7926             :      * the first WAL segment file since startup, which causes the status being
    7927             :      * wrong under certain abnormal conditions but that doesn't actually harm.
    7928             :      */
    7929         970 :     oldestSeg = XLogGetLastRemovedSegno() + 1;
    7930             : 
    7931             :     /* calculate oldest segment by max_wal_size */
    7932         970 :     XLByteToSeg(currpos, currSeg, wal_segment_size);
    7933         970 :     keepSegs = ConvertToXSegs(max_wal_size_mb, wal_segment_size) + 1;
    7934             : 
    7935         970 :     if (currSeg > keepSegs)
    7936          16 :         oldestSegMaxWalSize = currSeg - keepSegs;
    7937             :     else
    7938         954 :         oldestSegMaxWalSize = 1;
    7939             : 
    7940             :     /* the segment we care about */
    7941         970 :     XLByteToSeg(targetLSN, targetSeg, wal_segment_size);
    7942             : 
    7943             :     /*
    7944             :      * No point in returning reserved or extended status values if the
    7945             :      * targetSeg is known to be lost.
    7946             :      */
    7947         970 :     if (targetSeg >= oldestSlotSeg)
    7948             :     {
    7949             :         /* show "reserved" when targetSeg is within max_wal_size */
    7950         968 :         if (targetSeg >= oldestSegMaxWalSize)
    7951         964 :             return WALAVAIL_RESERVED;
    7952             : 
    7953             :         /* being retained by slots exceeding max_wal_size */
    7954           4 :         return WALAVAIL_EXTENDED;
    7955             :     }
    7956             : 
    7957             :     /* WAL segments are no longer retained but haven't been removed yet */
    7958           2 :     if (targetSeg >= oldestSeg)
    7959           2 :         return WALAVAIL_UNRESERVED;
    7960             : 
    7961             :     /* Definitely lost */
    7962           0 :     return WALAVAIL_REMOVED;
    7963             : }
    7964             : 
    7965             : 
    7966             : /*
    7967             :  * Retreat *logSegNo to the last segment that we need to retain because of
    7968             :  * either wal_keep_size or replication slots.
    7969             :  *
    7970             :  * This is calculated by subtracting wal_keep_size from the given xlog
    7971             :  * location, recptr and by making sure that that result is below the
    7972             :  * requirement of replication slots.  For the latter criterion we do consider
    7973             :  * the effects of max_slot_wal_keep_size: reserve at most that much space back
    7974             :  * from recptr.
    7975             :  *
    7976             :  * Note about replication slots: if this function calculates a value
    7977             :  * that's further ahead than what slots need reserved, then affected
    7978             :  * slots need to be invalidated and this function invoked again.
    7979             :  * XXX it might be a good idea to rewrite this function so that
    7980             :  * invalidation is optionally done here, instead.
    7981             :  */
    7982             : static void
    7983        4400 : KeepLogSeg(XLogRecPtr recptr, XLogSegNo *logSegNo)
    7984             : {
    7985             :     XLogSegNo   currSegNo;
    7986             :     XLogSegNo   segno;
    7987             :     XLogRecPtr  keep;
    7988             : 
    7989        4400 :     XLByteToSeg(recptr, currSegNo, wal_segment_size);
    7990        4400 :     segno = currSegNo;
    7991             : 
    7992             :     /* Calculate how many segments are kept by slots. */
    7993        4400 :     keep = XLogGetReplicationSlotMinimumLSN();
    7994        4400 :     if (keep != InvalidXLogRecPtr && keep < recptr)
    7995             :     {
    7996        1260 :         XLByteToSeg(keep, segno, wal_segment_size);
    7997             : 
    7998             :         /*
    7999             :          * Account for max_slot_wal_keep_size to avoid keeping more than
    8000             :          * configured.  However, don't do that during a binary upgrade: if
    8001             :          * slots were to be invalidated because of this, it would not be
    8002             :          * possible to preserve logical ones during the upgrade.
    8003             :          */
    8004        1260 :         if (max_slot_wal_keep_size_mb >= 0 && !IsBinaryUpgrade)
    8005             :         {
    8006             :             uint64      slot_keep_segs;
    8007             : 
    8008          40 :             slot_keep_segs =
    8009          40 :                 ConvertToXSegs(max_slot_wal_keep_size_mb, wal_segment_size);
    8010             : 
    8011          40 :             if (currSegNo - segno > slot_keep_segs)
    8012          10 :                 segno = currSegNo - slot_keep_segs;
    8013             :         }
    8014             :     }
    8015             : 
    8016             :     /*
    8017             :      * If WAL summarization is in use, don't remove WAL that has yet to be
    8018             :      * summarized.
    8019             :      */
    8020        4400 :     keep = GetOldestUnsummarizedLSN(NULL, NULL);
    8021        4400 :     if (keep != InvalidXLogRecPtr)
    8022             :     {
    8023             :         XLogSegNo   unsummarized_segno;
    8024             : 
    8025           4 :         XLByteToSeg(keep, unsummarized_segno, wal_segment_size);
    8026           4 :         if (unsummarized_segno < segno)
    8027           4 :             segno = unsummarized_segno;
    8028             :     }
    8029             : 
    8030             :     /* but, keep at least wal_keep_size if that's set */
    8031        4400 :     if (wal_keep_size_mb > 0)
    8032             :     {
    8033             :         uint64      keep_segs;
    8034             : 
    8035         138 :         keep_segs = ConvertToXSegs(wal_keep_size_mb, wal_segment_size);
    8036         138 :         if (currSegNo - segno < keep_segs)
    8037             :         {
    8038             :             /* avoid underflow, don't go below 1 */
    8039         138 :             if (currSegNo <= keep_segs)
    8040         130 :                 segno = 1;
    8041             :             else
    8042           8 :                 segno = currSegNo - keep_segs;
    8043             :         }
    8044             :     }
    8045             : 
    8046             :     /* don't delete WAL segments newer than the calculated segment */
    8047        4400 :     if (segno < *logSegNo)
    8048         800 :         *logSegNo = segno;
    8049        4400 : }
    8050             : 
    8051             : /*
    8052             :  * Write a NEXTOID log record
    8053             :  */
    8054             : void
    8055        1214 : XLogPutNextOid(Oid nextOid)
    8056             : {
    8057        1214 :     XLogBeginInsert();
    8058        1214 :     XLogRegisterData(&nextOid, sizeof(Oid));
    8059        1214 :     (void) XLogInsert(RM_XLOG_ID, XLOG_NEXTOID);
    8060             : 
    8061             :     /*
    8062             :      * We need not flush the NEXTOID record immediately, because any of the
    8063             :      * just-allocated OIDs could only reach disk as part of a tuple insert or
    8064             :      * update that would have its own XLOG record that must follow the NEXTOID
    8065             :      * record.  Therefore, the standard buffer LSN interlock applied to those
    8066             :      * records will ensure no such OID reaches disk before the NEXTOID record
    8067             :      * does.
    8068             :      *
    8069             :      * Note, however, that the above statement only covers state "within" the
    8070             :      * database.  When we use a generated OID as a file or directory name, we
    8071             :      * are in a sense violating the basic WAL rule, because that filesystem
    8072             :      * change may reach disk before the NEXTOID WAL record does.  The impact
    8073             :      * of this is that if a database crash occurs immediately afterward, we
    8074             :      * might after restart re-generate the same OID and find that it conflicts
    8075             :      * with the leftover file or directory.  But since for safety's sake we
    8076             :      * always loop until finding a nonconflicting filename, this poses no real
    8077             :      * problem in practice. See pgsql-hackers discussion 27-Sep-2006.
    8078             :      */
    8079        1214 : }
    8080             : 
    8081             : /*
    8082             :  * Write an XLOG SWITCH record.
    8083             :  *
    8084             :  * Here we just blindly issue an XLogInsert request for the record.
    8085             :  * All the magic happens inside XLogInsert.
    8086             :  *
    8087             :  * The return value is either the end+1 address of the switch record,
    8088             :  * or the end+1 address of the prior segment if we did not need to
    8089             :  * write a switch record because we are already at segment start.
    8090             :  */
    8091             : XLogRecPtr
    8092        1556 : RequestXLogSwitch(bool mark_unimportant)
    8093             : {
    8094             :     XLogRecPtr  RecPtr;
    8095             : 
    8096             :     /* XLOG SWITCH has no data */
    8097        1556 :     XLogBeginInsert();
    8098             : 
    8099        1556 :     if (mark_unimportant)
    8100           0 :         XLogSetRecordFlags(XLOG_MARK_UNIMPORTANT);
    8101        1556 :     RecPtr = XLogInsert(RM_XLOG_ID, XLOG_SWITCH);
    8102             : 
    8103        1556 :     return RecPtr;
    8104             : }
    8105             : 
    8106             : /*
    8107             :  * Write a RESTORE POINT record
    8108             :  */
    8109             : XLogRecPtr
    8110           6 : XLogRestorePoint(const char *rpName)
    8111             : {
    8112             :     XLogRecPtr  RecPtr;
    8113             :     xl_restore_point xlrec;
    8114             : 
    8115           6 :     xlrec.rp_time = GetCurrentTimestamp();
    8116           6 :     strlcpy(xlrec.rp_name, rpName, MAXFNAMELEN);
    8117             : 
    8118           6 :     XLogBeginInsert();
    8119           6 :     XLogRegisterData(&xlrec, sizeof(xl_restore_point));
    8120             : 
    8121           6 :     RecPtr = XLogInsert(RM_XLOG_ID, XLOG_RESTORE_POINT);
    8122             : 
    8123           6 :     ereport(LOG,
    8124             :             errmsg("restore point \"%s\" created at %X/%08X",
    8125             :                    rpName, LSN_FORMAT_ARGS(RecPtr)));
    8126             : 
    8127           6 :     return RecPtr;
    8128             : }
    8129             : 
    8130             : /*
    8131             :  * Check if any of the GUC parameters that are critical for hot standby
    8132             :  * have changed, and update the value in pg_control file if necessary.
    8133             :  */
    8134             : static void
    8135        1772 : XLogReportParameters(void)
    8136             : {
    8137        1772 :     if (wal_level != ControlFile->wal_level ||
    8138        1310 :         wal_log_hints != ControlFile->wal_log_hints ||
    8139        1144 :         MaxConnections != ControlFile->MaxConnections ||
    8140        1142 :         max_worker_processes != ControlFile->max_worker_processes ||
    8141        1140 :         max_wal_senders != ControlFile->max_wal_senders ||
    8142        1098 :         max_prepared_xacts != ControlFile->max_prepared_xacts ||
    8143         912 :         max_locks_per_xact != ControlFile->max_locks_per_xact ||
    8144         912 :         track_commit_timestamp != ControlFile->track_commit_timestamp)
    8145             :     {
    8146             :         /*
    8147             :          * The change in number of backend slots doesn't need to be WAL-logged
    8148             :          * if archiving is not enabled, as you can't start archive recovery
    8149             :          * with wal_level=minimal anyway. We don't really care about the
    8150             :          * values in pg_control either if wal_level=minimal, but seems better
    8151             :          * to keep them up-to-date to avoid confusion.
    8152             :          */
    8153         884 :         if (wal_level != ControlFile->wal_level || XLogIsNeeded())
    8154             :         {
    8155             :             xl_parameter_change xlrec;
    8156             :             XLogRecPtr  recptr;
    8157             : 
    8158         844 :             xlrec.MaxConnections = MaxConnections;
    8159         844 :             xlrec.max_worker_processes = max_worker_processes;
    8160         844 :             xlrec.max_wal_senders = max_wal_senders;
    8161         844 :             xlrec.max_prepared_xacts = max_prepared_xacts;
    8162         844 :             xlrec.max_locks_per_xact = max_locks_per_xact;
    8163         844 :             xlrec.wal_level = wal_level;
    8164         844 :             xlrec.wal_log_hints = wal_log_hints;
    8165         844 :             xlrec.track_commit_timestamp = track_commit_timestamp;
    8166             : 
    8167         844 :             XLogBeginInsert();
    8168         844 :             XLogRegisterData(&xlrec, sizeof(xlrec));
    8169             : 
    8170         844 :             recptr = XLogInsert(RM_XLOG_ID, XLOG_PARAMETER_CHANGE);
    8171         844 :             XLogFlush(recptr);
    8172             :         }
    8173             : 
    8174         884 :         LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    8175             : 
    8176         884 :         ControlFile->MaxConnections = MaxConnections;
    8177         884 :         ControlFile->max_worker_processes = max_worker_processes;
    8178         884 :         ControlFile->max_wal_senders = max_wal_senders;
    8179         884 :         ControlFile->max_prepared_xacts = max_prepared_xacts;
    8180         884 :         ControlFile->max_locks_per_xact = max_locks_per_xact;
    8181         884 :         ControlFile->wal_level = wal_level;
    8182         884 :         ControlFile->wal_log_hints = wal_log_hints;
    8183         884 :         ControlFile->track_commit_timestamp = track_commit_timestamp;
    8184         884 :         UpdateControlFile();
    8185             : 
    8186         884 :         LWLockRelease(ControlFileLock);
    8187             :     }
    8188        1772 : }
    8189             : 
    8190             : /*
    8191             :  * Update full_page_writes in shared memory, and write an
    8192             :  * XLOG_FPW_CHANGE record if necessary.
    8193             :  *
    8194             :  * Note: this function assumes there is no other process running
    8195             :  * concurrently that could update it.
    8196             :  */
    8197             : void
    8198        2954 : UpdateFullPageWrites(void)
    8199             : {
    8200        2954 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    8201             :     bool        recoveryInProgress;
    8202             : 
    8203             :     /*
    8204             :      * Do nothing if full_page_writes has not been changed.
    8205             :      *
    8206             :      * It's safe to check the shared full_page_writes without the lock,
    8207             :      * because we assume that there is no concurrently running process which
    8208             :      * can update it.
    8209             :      */
    8210        2954 :     if (fullPageWrites == Insert->fullPageWrites)
    8211        2228 :         return;
    8212             : 
    8213             :     /*
    8214             :      * Perform this outside critical section so that the WAL insert
    8215             :      * initialization done by RecoveryInProgress() doesn't trigger an
    8216             :      * assertion failure.
    8217             :      */
    8218         726 :     recoveryInProgress = RecoveryInProgress();
    8219             : 
    8220         726 :     START_CRIT_SECTION();
    8221             : 
    8222             :     /*
    8223             :      * It's always safe to take full page images, even when not strictly
    8224             :      * required, but not the other round. So if we're setting full_page_writes
    8225             :      * to true, first set it true and then write the WAL record. If we're
    8226             :      * setting it to false, first write the WAL record and then set the global
    8227             :      * flag.
    8228             :      */
    8229         726 :     if (fullPageWrites)
    8230             :     {
    8231         706 :         WALInsertLockAcquireExclusive();
    8232         706 :         Insert->fullPageWrites = true;
    8233         706 :         WALInsertLockRelease();
    8234             :     }
    8235             : 
    8236             :     /*
    8237             :      * Write an XLOG_FPW_CHANGE record. This allows us to keep track of
    8238             :      * full_page_writes during archive recovery, if required.
    8239             :      */
    8240         726 :     if (XLogStandbyInfoActive() && !recoveryInProgress)
    8241             :     {
    8242           0 :         XLogBeginInsert();
    8243           0 :         XLogRegisterData(&fullPageWrites, sizeof(bool));
    8244             : 
    8245           0 :         XLogInsert(RM_XLOG_ID, XLOG_FPW_CHANGE);
    8246             :     }
    8247             : 
    8248         726 :     if (!fullPageWrites)
    8249             :     {
    8250          20 :         WALInsertLockAcquireExclusive();
    8251          20 :         Insert->fullPageWrites = false;
    8252          20 :         WALInsertLockRelease();
    8253             :     }
    8254         726 :     END_CRIT_SECTION();
    8255             : }
    8256             : 
    8257             : /*
    8258             :  * XLOG resource manager's routines
    8259             :  *
    8260             :  * Definitions of info values are in include/catalog/pg_control.h, though
    8261             :  * not all record types are related to control file updates.
    8262             :  *
    8263             :  * NOTE: Some XLOG record types that are directly related to WAL recovery
    8264             :  * are handled in xlogrecovery_redo().
    8265             :  */
    8266             : void
    8267       87066 : xlog_redo(XLogReaderState *record)
    8268             : {
    8269       87066 :     uint8       info = XLogRecGetInfo(record) & ~XLR_INFO_MASK;
    8270       87066 :     XLogRecPtr  lsn = record->EndRecPtr;
    8271             : 
    8272             :     /*
    8273             :      * In XLOG rmgr, backup blocks are only used by XLOG_FPI and
    8274             :      * XLOG_FPI_FOR_HINT records.
    8275             :      */
    8276             :     Assert(info == XLOG_FPI || info == XLOG_FPI_FOR_HINT ||
    8277             :            !XLogRecHasAnyBlockRefs(record));
    8278             : 
    8279       87066 :     if (info == XLOG_NEXTOID)
    8280             :     {
    8281             :         Oid         nextOid;
    8282             : 
    8283             :         /*
    8284             :          * We used to try to take the maximum of TransamVariables->nextOid and
    8285             :          * the recorded nextOid, but that fails if the OID counter wraps
    8286             :          * around.  Since no OID allocation should be happening during replay
    8287             :          * anyway, better to just believe the record exactly.  We still take
    8288             :          * OidGenLock while setting the variable, just in case.
    8289             :          */
    8290         188 :         memcpy(&nextOid, XLogRecGetData(record), sizeof(Oid));
    8291         188 :         LWLockAcquire(OidGenLock, LW_EXCLUSIVE);
    8292         188 :         TransamVariables->nextOid = nextOid;
    8293         188 :         TransamVariables->oidCount = 0;
    8294         188 :         LWLockRelease(OidGenLock);
    8295             :     }
    8296       86878 :     else if (info == XLOG_CHECKPOINT_SHUTDOWN)
    8297             :     {
    8298             :         CheckPoint  checkPoint;
    8299             :         TimeLineID  replayTLI;
    8300             : 
    8301          68 :         memcpy(&checkPoint, XLogRecGetData(record), sizeof(CheckPoint));
    8302             :         /* In a SHUTDOWN checkpoint, believe the counters exactly */
    8303          68 :         LWLockAcquire(XidGenLock, LW_EXCLUSIVE);
    8304          68 :         TransamVariables->nextXid = checkPoint.nextXid;
    8305          68 :         LWLockRelease(XidGenLock);
    8306          68 :         LWLockAcquire(OidGenLock, LW_EXCLUSIVE);
    8307          68 :         TransamVariables->nextOid = checkPoint.nextOid;
    8308          68 :         TransamVariables->oidCount = 0;
    8309          68 :         LWLockRelease(OidGenLock);
    8310          68 :         MultiXactSetNextMXact(checkPoint.nextMulti,
    8311             :                               checkPoint.nextMultiOffset);
    8312             : 
    8313          68 :         MultiXactAdvanceOldest(checkPoint.oldestMulti,
    8314             :                                checkPoint.oldestMultiDB);
    8315             : 
    8316             :         /*
    8317             :          * No need to set oldestClogXid here as well; it'll be set when we
    8318             :          * redo an xl_clog_truncate if it changed since initialization.
    8319             :          */
    8320          68 :         SetTransactionIdLimit(checkPoint.oldestXid, checkPoint.oldestXidDB);
    8321             : 
    8322             :         /*
    8323             :          * If we see a shutdown checkpoint while waiting for an end-of-backup
    8324             :          * record, the backup was canceled and the end-of-backup record will
    8325             :          * never arrive.
    8326             :          */
    8327          68 :         if (ArchiveRecoveryRequested &&
    8328          66 :             !XLogRecPtrIsInvalid(ControlFile->backupStartPoint) &&
    8329           0 :             XLogRecPtrIsInvalid(ControlFile->backupEndPoint))
    8330           0 :             ereport(PANIC,
    8331             :                     (errmsg("online backup was canceled, recovery cannot continue")));
    8332             : 
    8333             :         /*
    8334             :          * If we see a shutdown checkpoint, we know that nothing was running
    8335             :          * on the primary at this point. So fake-up an empty running-xacts
    8336             :          * record and use that here and now. Recover additional standby state
    8337             :          * for prepared transactions.
    8338             :          */
    8339          68 :         if (standbyState >= STANDBY_INITIALIZED)
    8340             :         {
    8341             :             TransactionId *xids;
    8342             :             int         nxids;
    8343             :             TransactionId oldestActiveXID;
    8344             :             TransactionId latestCompletedXid;
    8345             :             RunningTransactionsData running;
    8346             : 
    8347          62 :             oldestActiveXID = PrescanPreparedTransactions(&xids, &nxids);
    8348             : 
    8349             :             /* Update pg_subtrans entries for any prepared transactions */
    8350          62 :             StandbyRecoverPreparedTransactions();
    8351             : 
    8352             :             /*
    8353             :              * Construct a RunningTransactions snapshot representing a shut
    8354             :              * down server, with only prepared transactions still alive. We're
    8355             :              * never overflowed at this point because all subxids are listed
    8356             :              * with their parent prepared transactions.
    8357             :              */
    8358          62 :             running.xcnt = nxids;
    8359          62 :             running.subxcnt = 0;
    8360          62 :             running.subxid_status = SUBXIDS_IN_SUBTRANS;
    8361          62 :             running.nextXid = XidFromFullTransactionId(checkPoint.nextXid);
    8362          62 :             running.oldestRunningXid = oldestActiveXID;
    8363          62 :             latestCompletedXid = XidFromFullTransactionId(checkPoint.nextXid);
    8364          62 :             TransactionIdRetreat(latestCompletedXid);
    8365             :             Assert(TransactionIdIsNormal(latestCompletedXid));
    8366          62 :             running.latestCompletedXid = latestCompletedXid;
    8367          62 :             running.xids = xids;
    8368             : 
    8369          62 :             ProcArrayApplyRecoveryInfo(&running);
    8370             :         }
    8371             : 
    8372             :         /* ControlFile->checkPointCopy always tracks the latest ckpt XID */
    8373          68 :         LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    8374          68 :         ControlFile->checkPointCopy.nextXid = checkPoint.nextXid;
    8375          68 :         LWLockRelease(ControlFileLock);
    8376             : 
    8377             :         /*
    8378             :          * We should've already switched to the new TLI before replaying this
    8379             :          * record.
    8380             :          */
    8381          68 :         (void) GetCurrentReplayRecPtr(&replayTLI);
    8382          68 :         if (checkPoint.ThisTimeLineID != replayTLI)
    8383           0 :             ereport(PANIC,
    8384             :                     (errmsg("unexpected timeline ID %u (should be %u) in shutdown checkpoint record",
    8385             :                             checkPoint.ThisTimeLineID, replayTLI)));
    8386             : 
    8387          68 :         RecoveryRestartPoint(&checkPoint, record);
    8388             : 
    8389             :         /*
    8390             :          * After replaying a checkpoint record, free all smgr objects.
    8391             :          * Otherwise we would never do so for dropped relations, as the
    8392             :          * startup does not process shared invalidation messages or call
    8393             :          * AtEOXact_SMgr().
    8394             :          */
    8395          68 :         smgrdestroyall();
    8396             :     }
    8397       86810 :     else if (info == XLOG_CHECKPOINT_ONLINE)
    8398             :     {
    8399             :         CheckPoint  checkPoint;
    8400             :         TimeLineID  replayTLI;
    8401             : 
    8402        1352 :         memcpy(&checkPoint, XLogRecGetData(record), sizeof(CheckPoint));
    8403             :         /* In an ONLINE checkpoint, treat the XID counter as a minimum */
    8404        1352 :         LWLockAcquire(XidGenLock, LW_EXCLUSIVE);
    8405        1352 :         if (FullTransactionIdPrecedes(TransamVariables->nextXid,
    8406             :                                       checkPoint.nextXid))
    8407           0 :             TransamVariables->nextXid = checkPoint.nextXid;
    8408        1352 :         LWLockRelease(XidGenLock);
    8409             : 
    8410             :         /*
    8411             :          * We ignore the nextOid counter in an ONLINE checkpoint, preferring
    8412             :          * to track OID assignment through XLOG_NEXTOID records.  The nextOid
    8413             :          * counter is from the start of the checkpoint and might well be stale
    8414             :          * compared to later XLOG_NEXTOID records.  We could try to take the
    8415             :          * maximum of the nextOid counter and our latest value, but since
    8416             :          * there's no particular guarantee about the speed with which the OID
    8417             :          * counter wraps around, that's a risky thing to do.  In any case,
    8418             :          * users of the nextOid counter are required to avoid assignment of
    8419             :          * duplicates, so that a somewhat out-of-date value should be safe.
    8420             :          */
    8421             : 
    8422             :         /* Handle multixact */
    8423        1352 :         MultiXactAdvanceNextMXact(checkPoint.nextMulti,
    8424             :                                   checkPoint.nextMultiOffset);
    8425             : 
    8426             :         /*
    8427             :          * NB: This may perform multixact truncation when replaying WAL
    8428             :          * generated by an older primary.
    8429             :          */
    8430        1352 :         MultiXactAdvanceOldest(checkPoint.oldestMulti,
    8431             :                                checkPoint.oldestMultiDB);
    8432        1352 :         if (TransactionIdPrecedes(TransamVariables->oldestXid,
    8433             :                                   checkPoint.oldestXid))
    8434           0 :             SetTransactionIdLimit(checkPoint.oldestXid,
    8435             :                                   checkPoint.oldestXidDB);
    8436             :         /* ControlFile->checkPointCopy always tracks the latest ckpt XID */
    8437        1352 :         LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    8438        1352 :         ControlFile->checkPointCopy.nextXid = checkPoint.nextXid;
    8439        1352 :         LWLockRelease(ControlFileLock);
    8440             : 
    8441             :         /* TLI should not change in an on-line checkpoint */
    8442        1352 :         (void) GetCurrentReplayRecPtr(&replayTLI);
    8443        1352 :         if (checkPoint.ThisTimeLineID != replayTLI)
    8444           0 :             ereport(PANIC,
    8445             :                     (errmsg("unexpected timeline ID %u (should be %u) in online checkpoint record",
    8446             :                             checkPoint.ThisTimeLineID, replayTLI)));
    8447             : 
    8448        1352 :         RecoveryRestartPoint(&checkPoint, record);
    8449             : 
    8450             :         /*
    8451             :          * After replaying a checkpoint record, free all smgr objects.
    8452             :          * Otherwise we would never do so for dropped relations, as the
    8453             :          * startup does not process shared invalidation messages or call
    8454             :          * AtEOXact_SMgr().
    8455             :          */
    8456        1352 :         smgrdestroyall();
    8457             :     }
    8458       85458 :     else if (info == XLOG_OVERWRITE_CONTRECORD)
    8459             :     {
    8460             :         /* nothing to do here, handled in xlogrecovery_redo() */
    8461             :     }
    8462       85456 :     else if (info == XLOG_END_OF_RECOVERY)
    8463             :     {
    8464             :         xl_end_of_recovery xlrec;
    8465             :         TimeLineID  replayTLI;
    8466             : 
    8467          22 :         memcpy(&xlrec, XLogRecGetData(record), sizeof(xl_end_of_recovery));
    8468             : 
    8469             :         /*
    8470             :          * For Hot Standby, we could treat this like a Shutdown Checkpoint,
    8471             :          * but this case is rarer and harder to test, so the benefit doesn't
    8472             :          * outweigh the potential extra cost of maintenance.
    8473             :          */
    8474             : 
    8475             :         /*
    8476             :          * We should've already switched to the new TLI before replaying this
    8477             :          * record.
    8478             :          */
    8479          22 :         (void) GetCurrentReplayRecPtr(&replayTLI);
    8480          22 :         if (xlrec.ThisTimeLineID != replayTLI)
    8481           0 :             ereport(PANIC,
    8482             :                     (errmsg("unexpected timeline ID %u (should be %u) in end-of-recovery record",
    8483             :                             xlrec.ThisTimeLineID, replayTLI)));
    8484             :     }
    8485       85434 :     else if (info == XLOG_NOOP)
    8486             :     {
    8487             :         /* nothing to do here */
    8488             :     }
    8489       85434 :     else if (info == XLOG_SWITCH)
    8490             :     {
    8491             :         /* nothing to do here */
    8492             :     }
    8493       84546 :     else if (info == XLOG_RESTORE_POINT)
    8494             :     {
    8495             :         /* nothing to do here, handled in xlogrecovery.c */
    8496             :     }
    8497       84536 :     else if (info == XLOG_FPI || info == XLOG_FPI_FOR_HINT)
    8498             :     {
    8499             :         /*
    8500             :          * XLOG_FPI records contain nothing else but one or more block
    8501             :          * references. Every block reference must include a full-page image
    8502             :          * even if full_page_writes was disabled when the record was generated
    8503             :          * - otherwise there would be no point in this record.
    8504             :          *
    8505             :          * XLOG_FPI_FOR_HINT records are generated when a page needs to be
    8506             :          * WAL-logged because of a hint bit update. They are only generated
    8507             :          * when checksums and/or wal_log_hints are enabled. They may include
    8508             :          * no full-page images if full_page_writes was disabled when they were
    8509             :          * generated. In this case there is nothing to do here.
    8510             :          *
    8511             :          * No recovery conflicts are generated by these generic records - if a
    8512             :          * resource manager needs to generate conflicts, it has to define a
    8513             :          * separate WAL record type and redo routine.
    8514             :          */
    8515      175336 :         for (uint8 block_id = 0; block_id <= XLogRecMaxBlockId(record); block_id++)
    8516             :         {
    8517             :             Buffer      buffer;
    8518             : 
    8519       92390 :             if (!XLogRecHasBlockImage(record, block_id))
    8520             :             {
    8521         132 :                 if (info == XLOG_FPI)
    8522           0 :                     elog(ERROR, "XLOG_FPI record did not contain a full-page image");
    8523         132 :                 continue;
    8524             :             }
    8525             : 
    8526       92258 :             if (XLogReadBufferForRedo(record, block_id, &buffer) != BLK_RESTORED)
    8527           0 :                 elog(ERROR, "unexpected XLogReadBufferForRedo result when restoring backup block");
    8528       92258 :             UnlockReleaseBuffer(buffer);
    8529             :         }
    8530             :     }
    8531        1590 :     else if (info == XLOG_BACKUP_END)
    8532             :     {
    8533             :         /* nothing to do here, handled in xlogrecovery_redo() */
    8534             :     }
    8535        1418 :     else if (info == XLOG_PARAMETER_CHANGE)
    8536             :     {
    8537             :         xl_parameter_change xlrec;
    8538             : 
    8539             :         /* Update our copy of the parameters in pg_control */
    8540          64 :         memcpy(&xlrec, XLogRecGetData(record), sizeof(xl_parameter_change));
    8541             : 
    8542             :         /*
    8543             :          * Invalidate logical slots if we are in hot standby and the primary
    8544             :          * does not have a WAL level sufficient for logical decoding. No need
    8545             :          * to search for potentially conflicting logically slots if standby is
    8546             :          * running with wal_level lower than logical, because in that case, we
    8547             :          * would have either disallowed creation of logical slots or
    8548             :          * invalidated existing ones.
    8549             :          */
    8550          64 :         if (InRecovery && InHotStandby &&
    8551          34 :             xlrec.wal_level < WAL_LEVEL_LOGICAL &&
    8552          12 :             wal_level >= WAL_LEVEL_LOGICAL)
    8553           8 :             InvalidateObsoleteReplicationSlots(RS_INVAL_WAL_LEVEL,
    8554             :                                                0, InvalidOid,
    8555             :                                                InvalidTransactionId);
    8556             : 
    8557          64 :         LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    8558          64 :         ControlFile->MaxConnections = xlrec.MaxConnections;
    8559          64 :         ControlFile->max_worker_processes = xlrec.max_worker_processes;
    8560          64 :         ControlFile->max_wal_senders = xlrec.max_wal_senders;
    8561          64 :         ControlFile->max_prepared_xacts = xlrec.max_prepared_xacts;
    8562          64 :         ControlFile->max_locks_per_xact = xlrec.max_locks_per_xact;
    8563          64 :         ControlFile->wal_level = xlrec.wal_level;
    8564          64 :         ControlFile->wal_log_hints = xlrec.wal_log_hints;
    8565             : 
    8566             :         /*
    8567             :          * Update minRecoveryPoint to ensure that if recovery is aborted, we
    8568             :          * recover back up to this point before allowing hot standby again.
    8569             :          * This is important if the max_* settings are decreased, to ensure
    8570             :          * you don't run queries against the WAL preceding the change. The
    8571             :          * local copies cannot be updated as long as crash recovery is
    8572             :          * happening and we expect all the WAL to be replayed.
    8573             :          */
    8574          64 :         if (InArchiveRecovery)
    8575             :         {
    8576          36 :             LocalMinRecoveryPoint = ControlFile->minRecoveryPoint;
    8577          36 :             LocalMinRecoveryPointTLI = ControlFile->minRecoveryPointTLI;
    8578             :         }
    8579          64 :         if (LocalMinRecoveryPoint != InvalidXLogRecPtr && LocalMinRecoveryPoint < lsn)
    8580             :         {
    8581             :             TimeLineID  replayTLI;
    8582             : 
    8583          14 :             (void) GetCurrentReplayRecPtr(&replayTLI);
    8584          14 :             ControlFile->minRecoveryPoint = lsn;
    8585          14 :             ControlFile->minRecoveryPointTLI = replayTLI;
    8586             :         }
    8587             : 
    8588          64 :         CommitTsParameterChange(xlrec.track_commit_timestamp,
    8589          64 :                                 ControlFile->track_commit_timestamp);
    8590          64 :         ControlFile->track_commit_timestamp = xlrec.track_commit_timestamp;
    8591             : 
    8592          64 :         UpdateControlFile();
    8593          64 :         LWLockRelease(ControlFileLock);
    8594             : 
    8595             :         /* Check to see if any parameter change gives a problem on recovery */
    8596          64 :         CheckRequiredParameterValues();
    8597             :     }
    8598        1354 :     else if (info == XLOG_FPW_CHANGE)
    8599             :     {
    8600             :         bool        fpw;
    8601             : 
    8602           0 :         memcpy(&fpw, XLogRecGetData(record), sizeof(bool));
    8603             : 
    8604             :         /*
    8605             :          * Update the LSN of the last replayed XLOG_FPW_CHANGE record so that
    8606             :          * do_pg_backup_start() and do_pg_backup_stop() can check whether
    8607             :          * full_page_writes has been disabled during online backup.
    8608             :          */
    8609           0 :         if (!fpw)
    8610             :         {
    8611           0 :             SpinLockAcquire(&XLogCtl->info_lck);
    8612           0 :             if (XLogCtl->lastFpwDisableRecPtr < record->ReadRecPtr)
    8613           0 :                 XLogCtl->lastFpwDisableRecPtr = record->ReadRecPtr;
    8614           0 :             SpinLockRelease(&XLogCtl->info_lck);
    8615             :         }
    8616             : 
    8617             :         /* Keep track of full_page_writes */
    8618           0 :         lastFullPageWrites = fpw;
    8619             :     }
    8620             :     else if (info == XLOG_CHECKPOINT_REDO)
    8621             :     {
    8622             :         /* nothing to do here, just for informational purposes */
    8623             :     }
    8624       87062 : }
    8625             : 
    8626             : /*
    8627             :  * Return the extra open flags used for opening a file, depending on the
    8628             :  * value of the GUCs wal_sync_method, fsync and debug_io_direct.
    8629             :  */
    8630             : static int
    8631       31524 : get_sync_bit(int method)
    8632             : {
    8633       31524 :     int         o_direct_flag = 0;
    8634             : 
    8635             :     /*
    8636             :      * Use O_DIRECT if requested, except in walreceiver process.  The WAL
    8637             :      * written by walreceiver is normally read by the startup process soon
    8638             :      * after it's written.  Also, walreceiver performs unaligned writes, which
    8639             :      * don't work with O_DIRECT, so it is required for correctness too.
    8640             :      */
    8641       31524 :     if ((io_direct_flags & IO_DIRECT_WAL) && !AmWalReceiverProcess())
    8642          16 :         o_direct_flag = PG_O_DIRECT;
    8643             : 
    8644             :     /* If fsync is disabled, never open in sync mode */
    8645       31524 :     if (!enableFsync)
    8646       31524 :         return o_direct_flag;
    8647             : 
    8648           0 :     switch (method)
    8649             :     {
    8650             :             /*
    8651             :              * enum values for all sync options are defined even if they are
    8652             :              * not supported on the current platform.  But if not, they are
    8653             :              * not included in the enum option array, and therefore will never
    8654             :              * be seen here.
    8655             :              */
    8656           0 :         case WAL_SYNC_METHOD_FSYNC:
    8657             :         case WAL_SYNC_METHOD_FSYNC_WRITETHROUGH:
    8658             :         case WAL_SYNC_METHOD_FDATASYNC:
    8659           0 :             return o_direct_flag;
    8660             : #ifdef O_SYNC
    8661           0 :         case WAL_SYNC_METHOD_OPEN:
    8662           0 :             return O_SYNC | o_direct_flag;
    8663             : #endif
    8664             : #ifdef O_DSYNC
    8665           0 :         case WAL_SYNC_METHOD_OPEN_DSYNC:
    8666           0 :             return O_DSYNC | o_direct_flag;
    8667             : #endif
    8668           0 :         default:
    8669             :             /* can't happen (unless we are out of sync with option array) */
    8670           0 :             elog(ERROR, "unrecognized \"wal_sync_method\": %d", method);
    8671             :             return 0;           /* silence warning */
    8672             :     }
    8673             : }
    8674             : 
    8675             : /*
    8676             :  * GUC support
    8677             :  */
    8678             : void
    8679        2250 : assign_wal_sync_method(int new_wal_sync_method, void *extra)
    8680             : {
    8681        2250 :     if (wal_sync_method != new_wal_sync_method)
    8682             :     {
    8683             :         /*
    8684             :          * To ensure that no blocks escape unsynced, force an fsync on the
    8685             :          * currently open log segment (if any).  Also, if the open flag is
    8686             :          * changing, close the log file so it will be reopened (with new flag
    8687             :          * bit) at next use.
    8688             :          */
    8689           0 :         if (openLogFile >= 0)
    8690             :         {
    8691           0 :             pgstat_report_wait_start(WAIT_EVENT_WAL_SYNC_METHOD_ASSIGN);
    8692           0 :             if (pg_fsync(openLogFile) != 0)
    8693             :             {
    8694             :                 char        xlogfname[MAXFNAMELEN];
    8695             :                 int         save_errno;
    8696             : 
    8697           0 :                 save_errno = errno;
    8698           0 :                 XLogFileName(xlogfname, openLogTLI, openLogSegNo,
    8699             :                              wal_segment_size);
    8700           0 :                 errno = save_errno;
    8701           0 :                 ereport(PANIC,
    8702             :                         (errcode_for_file_access(),
    8703             :                          errmsg("could not fsync file \"%s\": %m", xlogfname)));
    8704             :             }
    8705             : 
    8706           0 :             pgstat_report_wait_end();
    8707           0 :             if (get_sync_bit(wal_sync_method) != get_sync_bit(new_wal_sync_method))
    8708           0 :                 XLogFileClose();
    8709             :         }
    8710             :     }
    8711        2250 : }
    8712             : 
    8713             : 
    8714             : /*
    8715             :  * Issue appropriate kind of fsync (if any) for an XLOG output file.
    8716             :  *
    8717             :  * 'fd' is a file descriptor for the XLOG file to be fsync'd.
    8718             :  * 'segno' is for error reporting purposes.
    8719             :  */
    8720             : void
    8721      315536 : issue_xlog_fsync(int fd, XLogSegNo segno, TimeLineID tli)
    8722             : {
    8723      315536 :     char       *msg = NULL;
    8724             :     instr_time  start;
    8725             : 
    8726             :     Assert(tli != 0);
    8727             : 
    8728             :     /*
    8729             :      * Quick exit if fsync is disabled or write() has already synced the WAL
    8730             :      * file.
    8731             :      */
    8732      315536 :     if (!enableFsync ||
    8733           0 :         wal_sync_method == WAL_SYNC_METHOD_OPEN ||
    8734           0 :         wal_sync_method == WAL_SYNC_METHOD_OPEN_DSYNC)
    8735      315536 :         return;
    8736             : 
    8737             :     /*
    8738             :      * Measure I/O timing to sync the WAL file for pg_stat_io.
    8739             :      */
    8740           0 :     start = pgstat_prepare_io_time(track_wal_io_timing);
    8741             : 
    8742           0 :     pgstat_report_wait_start(WAIT_EVENT_WAL_SYNC);
    8743           0 :     switch (wal_sync_method)
    8744             :     {
    8745           0 :         case WAL_SYNC_METHOD_FSYNC:
    8746           0 :             if (pg_fsync_no_writethrough(fd) != 0)
    8747           0 :                 msg = _("could not fsync file \"%s\": %m");
    8748           0 :             break;
    8749             : #ifdef HAVE_FSYNC_WRITETHROUGH
    8750             :         case WAL_SYNC_METHOD_FSYNC_WRITETHROUGH:
    8751             :             if (pg_fsync_writethrough(fd) != 0)
    8752             :                 msg = _("could not fsync write-through file \"%s\": %m");
    8753             :             break;
    8754             : #endif
    8755           0 :         case WAL_SYNC_METHOD_FDATASYNC:
    8756           0 :             if (pg_fdatasync(fd) != 0)
    8757           0 :                 msg = _("could not fdatasync file \"%s\": %m");
    8758           0 :             break;
    8759           0 :         case WAL_SYNC_METHOD_OPEN:
    8760             :         case WAL_SYNC_METHOD_OPEN_DSYNC:
    8761             :             /* not reachable */
    8762             :             Assert(false);
    8763           0 :             break;
    8764           0 :         default:
    8765           0 :             ereport(PANIC,
    8766             :                     errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    8767             :                     errmsg_internal("unrecognized \"wal_sync_method\": %d", wal_sync_method));
    8768             :             break;
    8769             :     }
    8770             : 
    8771             :     /* PANIC if failed to fsync */
    8772           0 :     if (msg)
    8773             :     {
    8774             :         char        xlogfname[MAXFNAMELEN];
    8775           0 :         int         save_errno = errno;
    8776             : 
    8777           0 :         XLogFileName(xlogfname, tli, segno, wal_segment_size);
    8778           0 :         errno = save_errno;
    8779           0 :         ereport(PANIC,
    8780             :                 (errcode_for_file_access(),
    8781             :                  errmsg(msg, xlogfname)));
    8782             :     }
    8783             : 
    8784           0 :     pgstat_report_wait_end();
    8785             : 
    8786           0 :     pgstat_count_io_op_time(IOOBJECT_WAL, IOCONTEXT_NORMAL, IOOP_FSYNC,
    8787             :                             start, 1, 0);
    8788             : }
    8789             : 
    8790             : /*
    8791             :  * do_pg_backup_start is the workhorse of the user-visible pg_backup_start()
    8792             :  * function. It creates the necessary starting checkpoint and constructs the
    8793             :  * backup state and tablespace map.
    8794             :  *
    8795             :  * Input parameters are "state" (the backup state), "fast" (if true, we do
    8796             :  * the checkpoint in fast mode), and "tablespaces" (if non-NULL, indicates a
    8797             :  * list of tablespaceinfo structs describing the cluster's tablespaces.).
    8798             :  *
    8799             :  * The tablespace map contents are appended to passed-in parameter
    8800             :  * tablespace_map and the caller is responsible for including it in the backup
    8801             :  * archive as 'tablespace_map'. The tablespace_map file is required mainly for
    8802             :  * tar format in windows as native windows utilities are not able to create
    8803             :  * symlinks while extracting files from tar. However for consistency and
    8804             :  * platform-independence, we do it the same way everywhere.
    8805             :  *
    8806             :  * It fills in "state" with the information required for the backup, such
    8807             :  * as the minimum WAL location that must be present to restore from this
    8808             :  * backup (starttli) and the corresponding timeline ID (starttli).
    8809             :  *
    8810             :  * Every successfully started backup must be stopped by calling
    8811             :  * do_pg_backup_stop() or do_pg_abort_backup(). There can be many
    8812             :  * backups active at the same time.
    8813             :  *
    8814             :  * It is the responsibility of the caller of this function to verify the
    8815             :  * permissions of the calling user!
    8816             :  */
    8817             : void
    8818         324 : do_pg_backup_start(const char *backupidstr, bool fast, List **tablespaces,
    8819             :                    BackupState *state, StringInfo tblspcmapfile)
    8820             : {
    8821             :     bool        backup_started_in_recovery;
    8822             : 
    8823             :     Assert(state != NULL);
    8824         324 :     backup_started_in_recovery = RecoveryInProgress();
    8825             : 
    8826             :     /*
    8827             :      * During recovery, we don't need to check WAL level. Because, if WAL
    8828             :      * level is not sufficient, it's impossible to get here during recovery.
    8829             :      */
    8830         324 :     if (!backup_started_in_recovery && !XLogIsNeeded())
    8831           0 :         ereport(ERROR,
    8832             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    8833             :                  errmsg("WAL level not sufficient for making an online backup"),
    8834             :                  errhint("\"wal_level\" must be set to \"replica\" or \"logical\" at server start.")));
    8835             : 
    8836         324 :     if (strlen(backupidstr) > MAXPGPATH)
    8837           2 :         ereport(ERROR,
    8838             :                 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
    8839             :                  errmsg("backup label too long (max %d bytes)",
    8840             :                         MAXPGPATH)));
    8841             : 
    8842         322 :     strlcpy(state->name, backupidstr, sizeof(state->name));
    8843             : 
    8844             :     /*
    8845             :      * Mark backup active in shared memory.  We must do full-page WAL writes
    8846             :      * during an on-line backup even if not doing so at other times, because
    8847             :      * it's quite possible for the backup dump to obtain a "torn" (partially
    8848             :      * written) copy of a database page if it reads the page concurrently with
    8849             :      * our write to the same page.  This can be fixed as long as the first
    8850             :      * write to the page in the WAL sequence is a full-page write. Hence, we
    8851             :      * increment runningBackups then force a CHECKPOINT, to ensure there are
    8852             :      * no dirty pages in shared memory that might get dumped while the backup
    8853             :      * is in progress without having a corresponding WAL record.  (Once the
    8854             :      * backup is complete, we need not force full-page writes anymore, since
    8855             :      * we expect that any pages not modified during the backup interval must
    8856             :      * have been correctly captured by the backup.)
    8857             :      *
    8858             :      * Note that forcing full-page writes has no effect during an online
    8859             :      * backup from the standby.
    8860             :      *
    8861             :      * We must hold all the insertion locks to change the value of
    8862             :      * runningBackups, to ensure adequate interlocking against
    8863             :      * XLogInsertRecord().
    8864             :      */
    8865         322 :     WALInsertLockAcquireExclusive();
    8866         322 :     XLogCtl->Insert.runningBackups++;
    8867         322 :     WALInsertLockRelease();
    8868             : 
    8869             :     /*
    8870             :      * Ensure we decrement runningBackups if we fail below. NB -- for this to
    8871             :      * work correctly, it is critical that sessionBackupState is only updated
    8872             :      * after this block is over.
    8873             :      */
    8874         322 :     PG_ENSURE_ERROR_CLEANUP(do_pg_abort_backup, BoolGetDatum(true));
    8875             :     {
    8876         322 :         bool        gotUniqueStartpoint = false;
    8877             :         DIR        *tblspcdir;
    8878             :         struct dirent *de;
    8879             :         tablespaceinfo *ti;
    8880             :         int         datadirpathlen;
    8881             : 
    8882             :         /*
    8883             :          * Force an XLOG file switch before the checkpoint, to ensure that the
    8884             :          * WAL segment the checkpoint is written to doesn't contain pages with
    8885             :          * old timeline IDs.  That would otherwise happen if you called
    8886             :          * pg_backup_start() right after restoring from a PITR archive: the
    8887             :          * first WAL segment containing the startup checkpoint has pages in
    8888             :          * the beginning with the old timeline ID.  That can cause trouble at
    8889             :          * recovery: we won't have a history file covering the old timeline if
    8890             :          * pg_wal directory was not included in the base backup and the WAL
    8891             :          * archive was cleared too before starting the backup.
    8892             :          *
    8893             :          * This also ensures that we have emitted a WAL page header that has
    8894             :          * XLP_BKP_REMOVABLE off before we emit the checkpoint record.
    8895             :          * Therefore, if a WAL archiver (such as pglesslog) is trying to
    8896             :          * compress out removable backup blocks, it won't remove any that
    8897             :          * occur after this point.
    8898             :          *
    8899             :          * During recovery, we skip forcing XLOG file switch, which means that
    8900             :          * the backup taken during recovery is not available for the special
    8901             :          * recovery case described above.
    8902             :          */
    8903         322 :         if (!backup_started_in_recovery)
    8904         308 :             RequestXLogSwitch(false);
    8905             : 
    8906             :         do
    8907             :         {
    8908             :             bool        checkpointfpw;
    8909             : 
    8910             :             /*
    8911             :              * Force a CHECKPOINT.  Aside from being necessary to prevent torn
    8912             :              * page problems, this guarantees that two successive backup runs
    8913             :              * will have different checkpoint positions and hence different
    8914             :              * history file names, even if nothing happened in between.
    8915             :              *
    8916             :              * During recovery, establish a restartpoint if possible. We use
    8917             :              * the last restartpoint as the backup starting checkpoint. This
    8918             :              * means that two successive backup runs can have same checkpoint
    8919             :              * positions.
    8920             :              *
    8921             :              * Since the fact that we are executing do_pg_backup_start()
    8922             :              * during recovery means that checkpointer is running, we can use
    8923             :              * RequestCheckpoint() to establish a restartpoint.
    8924             :              *
    8925             :              * We use CHECKPOINT_FAST only if requested by user (via passing
    8926             :              * fast = true).  Otherwise this can take awhile.
    8927             :              */
    8928         322 :             RequestCheckpoint(CHECKPOINT_FORCE | CHECKPOINT_WAIT |
    8929             :                               (fast ? CHECKPOINT_FAST : 0));
    8930             : 
    8931             :             /*
    8932             :              * Now we need to fetch the checkpoint record location, and also
    8933             :              * its REDO pointer.  The oldest point in WAL that would be needed
    8934             :              * to restore starting from the checkpoint is precisely the REDO
    8935             :              * pointer.
    8936             :              */
    8937         322 :             LWLockAcquire(ControlFileLock, LW_SHARED);
    8938         322 :             state->checkpointloc = ControlFile->checkPoint;
    8939         322 :             state->startpoint = ControlFile->checkPointCopy.redo;
    8940         322 :             state->starttli = ControlFile->checkPointCopy.ThisTimeLineID;
    8941         322 :             checkpointfpw = ControlFile->checkPointCopy.fullPageWrites;
    8942         322 :             LWLockRelease(ControlFileLock);
    8943             : 
    8944         322 :             if (backup_started_in_recovery)
    8945             :             {
    8946             :                 XLogRecPtr  recptr;
    8947             : 
    8948             :                 /*
    8949             :                  * Check to see if all WAL replayed during online backup
    8950             :                  * (i.e., since last restartpoint used as backup starting
    8951             :                  * checkpoint) contain full-page writes.
    8952             :                  */
    8953          14 :                 SpinLockAcquire(&XLogCtl->info_lck);
    8954          14 :                 recptr = XLogCtl->lastFpwDisableRecPtr;
    8955          14 :                 SpinLockRelease(&XLogCtl->info_lck);
    8956             : 
    8957          14 :                 if (!checkpointfpw || state->startpoint <= recptr)
    8958           0 :                     ereport(ERROR,
    8959             :                             (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    8960             :                              errmsg("WAL generated with \"full_page_writes=off\" was replayed "
    8961             :                                     "since last restartpoint"),
    8962             :                              errhint("This means that the backup being taken on the standby "
    8963             :                                      "is corrupt and should not be used. "
    8964             :                                      "Enable \"full_page_writes\" and run CHECKPOINT on the primary, "
    8965             :                                      "and then try an online backup again.")));
    8966             : 
    8967             :                 /*
    8968             :                  * During recovery, since we don't use the end-of-backup WAL
    8969             :                  * record and don't write the backup history file, the
    8970             :                  * starting WAL location doesn't need to be unique. This means
    8971             :                  * that two base backups started at the same time might use
    8972             :                  * the same checkpoint as starting locations.
    8973             :                  */
    8974          14 :                 gotUniqueStartpoint = true;
    8975             :             }
    8976             : 
    8977             :             /*
    8978             :              * If two base backups are started at the same time (in WAL sender
    8979             :              * processes), we need to make sure that they use different
    8980             :              * checkpoints as starting locations, because we use the starting
    8981             :              * WAL location as a unique identifier for the base backup in the
    8982             :              * end-of-backup WAL record and when we write the backup history
    8983             :              * file. Perhaps it would be better generate a separate unique ID
    8984             :              * for each backup instead of forcing another checkpoint, but
    8985             :              * taking a checkpoint right after another is not that expensive
    8986             :              * either because only few buffers have been dirtied yet.
    8987             :              */
    8988         322 :             WALInsertLockAcquireExclusive();
    8989         322 :             if (XLogCtl->Insert.lastBackupStart < state->startpoint)
    8990             :             {
    8991         322 :                 XLogCtl->Insert.lastBackupStart = state->startpoint;
    8992         322 :                 gotUniqueStartpoint = true;
    8993             :             }
    8994         322 :             WALInsertLockRelease();
    8995         322 :         } while (!gotUniqueStartpoint);
    8996             : 
    8997             :         /*
    8998             :          * Construct tablespace_map file.
    8999             :          */
    9000         322 :         datadirpathlen = strlen(DataDir);
    9001             : 
    9002             :         /* Collect information about all tablespaces */
    9003         322 :         tblspcdir = AllocateDir(PG_TBLSPC_DIR);
    9004        1038 :         while ((de = ReadDir(tblspcdir, PG_TBLSPC_DIR)) != NULL)
    9005             :         {
    9006             :             char        fullpath[MAXPGPATH + sizeof(PG_TBLSPC_DIR)];
    9007             :             char        linkpath[MAXPGPATH];
    9008         716 :             char       *relpath = NULL;
    9009             :             char       *s;
    9010             :             PGFileType  de_type;
    9011             :             char       *badp;
    9012             :             Oid         tsoid;
    9013             : 
    9014             :             /*
    9015             :              * Try to parse the directory name as an unsigned integer.
    9016             :              *
    9017             :              * Tablespace directories should be positive integers that can be
    9018             :              * represented in 32 bits, with no leading zeroes or trailing
    9019             :              * garbage. If we come across a name that doesn't meet those
    9020             :              * criteria, skip it.
    9021             :              */
    9022         716 :             if (de->d_name[0] < '1' || de->d_name[1] > '9')
    9023         644 :                 continue;
    9024          72 :             errno = 0;
    9025          72 :             tsoid = strtoul(de->d_name, &badp, 10);
    9026          72 :             if (*badp != '\0' || errno == EINVAL || errno == ERANGE)
    9027           0 :                 continue;
    9028             : 
    9029          72 :             snprintf(fullpath, sizeof(fullpath), "%s/%s", PG_TBLSPC_DIR, de->d_name);
    9030             : 
    9031          72 :             de_type = get_dirent_type(fullpath, de, false, ERROR);
    9032             : 
    9033          72 :             if (de_type == PGFILETYPE_LNK)
    9034             :             {
    9035             :                 StringInfoData escapedpath;
    9036             :                 int         rllen;
    9037             : 
    9038          44 :                 rllen = readlink(fullpath, linkpath, sizeof(linkpath));
    9039          44 :                 if (rllen < 0)
    9040             :                 {
    9041           0 :                     ereport(WARNING,
    9042             :                             (errmsg("could not read symbolic link \"%s\": %m",
    9043             :                                     fullpath)));
    9044           0 :                     continue;
    9045             :                 }
    9046          44 :                 else if (rllen >= sizeof(linkpath))
    9047             :                 {
    9048           0 :                     ereport(WARNING,
    9049             :                             (errmsg("symbolic link \"%s\" target is too long",
    9050             :                                     fullpath)));
    9051           0 :                     continue;
    9052             :                 }
    9053          44 :                 linkpath[rllen] = '\0';
    9054             : 
    9055             :                 /*
    9056             :                  * Relpath holds the relative path of the tablespace directory
    9057             :                  * when it's located within PGDATA, or NULL if it's located
    9058             :                  * elsewhere.
    9059             :                  */
    9060          44 :                 if (rllen > datadirpathlen &&
    9061           2 :                     strncmp(linkpath, DataDir, datadirpathlen) == 0 &&
    9062           0 :                     IS_DIR_SEP(linkpath[datadirpathlen]))
    9063           0 :                     relpath = pstrdup(linkpath + datadirpathlen + 1);
    9064             : 
    9065             :                 /*
    9066             :                  * Add a backslash-escaped version of the link path to the
    9067             :                  * tablespace map file.
    9068             :                  */
    9069          44 :                 initStringInfo(&escapedpath);
    9070        1092 :                 for (s = linkpath; *s; s++)
    9071             :                 {
    9072        1048 :                     if (*s == '\n' || *s == '\r' || *s == '\\')
    9073           0 :                         appendStringInfoChar(&escapedpath, '\\');
    9074        1048 :                     appendStringInfoChar(&escapedpath, *s);
    9075             :                 }
    9076          44 :                 appendStringInfo(tblspcmapfile, "%s %s\n",
    9077          44 :                                  de->d_name, escapedpath.data);
    9078          44 :                 pfree(escapedpath.data);
    9079             :             }
    9080          28 :             else if (de_type == PGFILETYPE_DIR)
    9081             :             {
    9082             :                 /*
    9083             :                  * It's possible to use allow_in_place_tablespaces to create
    9084             :                  * directories directly under pg_tblspc, for testing purposes
    9085             :                  * only.
    9086             :                  *
    9087             :                  * In this case, we store a relative path rather than an
    9088             :                  * absolute path into the tablespaceinfo.
    9089             :                  */
    9090          28 :                 snprintf(linkpath, sizeof(linkpath), "%s/%s",
    9091          28 :                          PG_TBLSPC_DIR, de->d_name);
    9092          28 :                 relpath = pstrdup(linkpath);
    9093             :             }
    9094             :             else
    9095             :             {
    9096             :                 /* Skip any other file type that appears here. */
    9097           0 :                 continue;
    9098             :             }
    9099             : 
    9100          72 :             ti = palloc(sizeof(tablespaceinfo));
    9101          72 :             ti->oid = tsoid;
    9102          72 :             ti->path = pstrdup(linkpath);
    9103          72 :             ti->rpath = relpath;
    9104          72 :             ti->size = -1;
    9105             : 
    9106          72 :             if (tablespaces)
    9107          72 :                 *tablespaces = lappend(*tablespaces, ti);
    9108             :         }
    9109         322 :         FreeDir(tblspcdir);
    9110             : 
    9111         322 :         state->starttime = (pg_time_t) time(NULL);
    9112             :     }
    9113         322 :     PG_END_ENSURE_ERROR_CLEANUP(do_pg_abort_backup, BoolGetDatum(true));
    9114             : 
    9115         322 :     state->started_in_recovery = backup_started_in_recovery;
    9116             : 
    9117             :     /*
    9118             :      * Mark that the start phase has correctly finished for the backup.
    9119             :      */
    9120         322 :     sessionBackupState = SESSION_BACKUP_RUNNING;
    9121         322 : }
    9122             : 
    9123             : /*
    9124             :  * Utility routine to fetch the session-level status of a backup running.
    9125             :  */
    9126             : SessionBackupState
    9127         362 : get_backup_status(void)
    9128             : {
    9129         362 :     return sessionBackupState;
    9130             : }
    9131             : 
    9132             : /*
    9133             :  * do_pg_backup_stop
    9134             :  *
    9135             :  * Utility function called at the end of an online backup.  It creates history
    9136             :  * file (if required), resets sessionBackupState and so on.  It can optionally
    9137             :  * wait for WAL segments to be archived.
    9138             :  *
    9139             :  * "state" is filled with the information necessary to restore from this
    9140             :  * backup with its stop LSN (stoppoint), its timeline ID (stoptli), etc.
    9141             :  *
    9142             :  * It is the responsibility of the caller of this function to verify the
    9143             :  * permissions of the calling user!
    9144             :  */
    9145             : void
    9146         312 : do_pg_backup_stop(BackupState *state, bool waitforarchive)
    9147             : {
    9148         312 :     bool        backup_stopped_in_recovery = false;
    9149             :     char        histfilepath[MAXPGPATH];
    9150             :     char        lastxlogfilename[MAXFNAMELEN];
    9151             :     char        histfilename[MAXFNAMELEN];
    9152             :     XLogSegNo   _logSegNo;
    9153             :     FILE       *fp;
    9154             :     int         seconds_before_warning;
    9155         312 :     int         waits = 0;
    9156         312 :     bool        reported_waiting = false;
    9157             : 
    9158             :     Assert(state != NULL);
    9159             : 
    9160         312 :     backup_stopped_in_recovery = RecoveryInProgress();
    9161             : 
    9162             :     /*
    9163             :      * During recovery, we don't need to check WAL level. Because, if WAL
    9164             :      * level is not sufficient, it's impossible to get here during recovery.
    9165             :      */
    9166         312 :     if (!backup_stopped_in_recovery && !XLogIsNeeded())
    9167           0 :         ereport(ERROR,
    9168             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    9169             :                  errmsg("WAL level not sufficient for making an online backup"),
    9170             :                  errhint("\"wal_level\" must be set to \"replica\" or \"logical\" at server start.")));
    9171             : 
    9172             :     /*
    9173             :      * OK to update backup counter and session-level lock.
    9174             :      *
    9175             :      * Note that CHECK_FOR_INTERRUPTS() must not occur while updating them,
    9176             :      * otherwise they can be updated inconsistently, which might cause
    9177             :      * do_pg_abort_backup() to fail.
    9178             :      */
    9179         312 :     WALInsertLockAcquireExclusive();
    9180             : 
    9181             :     /*
    9182             :      * It is expected that each do_pg_backup_start() call is matched by
    9183             :      * exactly one do_pg_backup_stop() call.
    9184             :      */
    9185             :     Assert(XLogCtl->Insert.runningBackups > 0);
    9186         312 :     XLogCtl->Insert.runningBackups--;
    9187             : 
    9188             :     /*
    9189             :      * Clean up session-level lock.
    9190             :      *
    9191             :      * You might think that WALInsertLockRelease() can be called before
    9192             :      * cleaning up session-level lock because session-level lock doesn't need
    9193             :      * to be protected with WAL insertion lock. But since
    9194             :      * CHECK_FOR_INTERRUPTS() can occur in it, session-level lock must be
    9195             :      * cleaned up before it.
    9196             :      */
    9197         312 :     sessionBackupState = SESSION_BACKUP_NONE;
    9198             : 
    9199         312 :     WALInsertLockRelease();
    9200             : 
    9201             :     /*
    9202             :      * If we are taking an online backup from the standby, we confirm that the
    9203             :      * standby has not been promoted during the backup.
    9204             :      */
    9205         312 :     if (state->started_in_recovery && !backup_stopped_in_recovery)
    9206           0 :         ereport(ERROR,
    9207             :                 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    9208             :                  errmsg("the standby was promoted during online backup"),
    9209             :                  errhint("This means that the backup being taken is corrupt "
    9210             :                          "and should not be used. "
    9211             :                          "Try taking another online backup.")));
    9212             : 
    9213             :     /*
    9214             :      * During recovery, we don't write an end-of-backup record. We assume that
    9215             :      * pg_control was backed up last and its minimum recovery point can be
    9216             :      * available as the backup end location. Since we don't have an
    9217             :      * end-of-backup record, we use the pg_control value to check whether
    9218             :      * we've reached the end of backup when starting recovery from this
    9219             :      * backup. We have no way of checking if pg_control wasn't backed up last
    9220             :      * however.
    9221             :      *
    9222             :      * We don't force a switch to new WAL file but it is still possible to
    9223             :      * wait for all the required files to be archived if waitforarchive is
    9224             :      * true. This is okay if we use the backup to start a standby and fetch
    9225             :      * the missing WAL using streaming replication. But in the case of an
    9226             :      * archive recovery, a user should set waitforarchive to true and wait for
    9227             :      * them to be archived to ensure that all the required files are
    9228             :      * available.
    9229             :      *
    9230             :      * We return the current minimum recovery point as the backup end
    9231             :      * location. Note that it can be greater than the exact backup end
    9232             :      * location if the minimum recovery point is updated after the backup of
    9233             :      * pg_control. This is harmless for current uses.
    9234             :      *
    9235             :      * XXX currently a backup history file is for informational and debug
    9236             :      * purposes only. It's not essential for an online backup. Furthermore,
    9237             :      * even if it's created, it will not be archived during recovery because
    9238             :      * an archiver is not invoked. So it doesn't seem worthwhile to write a
    9239             :      * backup history file during recovery.
    9240             :      */
    9241         312 :     if (backup_stopped_in_recovery)
    9242             :     {
    9243             :         XLogRecPtr  recptr;
    9244             : 
    9245             :         /*
    9246             :          * Check to see if all WAL replayed during online backup contain
    9247             :          * full-page writes.
    9248             :          */
    9249          14 :         SpinLockAcquire(&XLogCtl->info_lck);
    9250          14 :         recptr = XLogCtl->lastFpwDisableRecPtr;
    9251          14 :         SpinLockRelease(&XLogCtl->info_lck);
    9252             : 
    9253          14 :         if (state->startpoint <= recptr)
    9254           0 :             ereport(ERROR,
    9255             :                     (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
    9256             :                      errmsg("WAL generated with \"full_page_writes=off\" was replayed "
    9257             :                             "during online backup"),
    9258             :                      errhint("This means that the backup being taken on the standby "
    9259             :                              "is corrupt and should not be used. "
    9260             :                              "Enable \"full_page_writes\" and run CHECKPOINT on the primary, "
    9261             :                              "and then try an online backup again.")));
    9262             : 
    9263             : 
    9264          14 :         LWLockAcquire(ControlFileLock, LW_SHARED);
    9265          14 :         state->stoppoint = ControlFile->minRecoveryPoint;
    9266          14 :         state->stoptli = ControlFile->minRecoveryPointTLI;
    9267          14 :         LWLockRelease(ControlFileLock);
    9268             :     }
    9269             :     else
    9270             :     {
    9271             :         char       *history_file;
    9272             : 
    9273             :         /*
    9274             :          * Write the backup-end xlog record
    9275             :          */
    9276         298 :         XLogBeginInsert();
    9277         298 :         XLogRegisterData(&state->startpoint,
    9278             :                          sizeof(state->startpoint));
    9279         298 :         state->stoppoint = XLogInsert(RM_XLOG_ID, XLOG_BACKUP_END);
    9280             : 
    9281             :         /*
    9282             :          * Given that we're not in recovery, InsertTimeLineID is set and can't
    9283             :          * change, so we can read it without a lock.
    9284             :          */
    9285         298 :         state->stoptli = XLogCtl->InsertTimeLineID;
    9286             : 
    9287             :         /*
    9288             :          * Force a switch to a new xlog segment file, so that the backup is
    9289             :          * valid as soon as archiver moves out the current segment file.
    9290             :          */
    9291         298 :         RequestXLogSwitch(false);
    9292             : 
    9293         298 :         state->stoptime = (pg_time_t) time(NULL);
    9294             : 
    9295             :         /*
    9296             :          * Write the backup history file
    9297             :          */
    9298         298 :         XLByteToSeg(state->startpoint, _logSegNo, wal_segment_size);
    9299         298 :         BackupHistoryFilePath(histfilepath, state->stoptli, _logSegNo,
    9300             :                               state->startpoint, wal_segment_size);
    9301         298 :         fp = AllocateFile(histfilepath, "w");
    9302         298 :         if (!fp)
    9303           0 :             ereport(ERROR,
    9304             :                     (errcode_for_file_access(),
    9305             :                      errmsg("could not create file \"%s\": %m",
    9306             :                             histfilepath)));
    9307             : 
    9308             :         /* Build and save the contents of the backup history file */
    9309         298 :         history_file = build_backup_content(state, true);
    9310         298 :         fprintf(fp, "%s", history_file);
    9311         298 :         pfree(history_file);
    9312             : 
    9313         298 :         if (fflush(fp) || ferror(fp) || FreeFile(fp))
    9314           0 :             ereport(ERROR,
    9315             :                     (errcode_for_file_access(),
    9316             :                      errmsg("could not write file \"%s\": %m",
    9317             :                             histfilepath)));
    9318             : 
    9319             :         /*
    9320             :          * Clean out any no-longer-needed history files.  As a side effect,
    9321             :          * this will post a .ready file for the newly created history file,
    9322             :          * notifying the archiver that history file may be archived
    9323             :          * immediately.
    9324             :          */
    9325         298 :         CleanupBackupHistory();
    9326             :     }
    9327             : 
    9328             :     /*
    9329             :      * If archiving is enabled, wait for all the required WAL files to be
    9330             :      * archived before returning. If archiving isn't enabled, the required WAL
    9331             :      * needs to be transported via streaming replication (hopefully with
    9332             :      * wal_keep_size set high enough), or some more exotic mechanism like
    9333             :      * polling and copying files from pg_wal with script. We have no knowledge
    9334             :      * of those mechanisms, so it's up to the user to ensure that he gets all
    9335             :      * the required WAL.
    9336             :      *
    9337             :      * We wait until both the last WAL file filled during backup and the
    9338             :      * history file have been archived, and assume that the alphabetic sorting
    9339             :      * property of the WAL files ensures any earlier WAL files are safely
    9340             :      * archived as well.
    9341             :      *
    9342             :      * We wait forever, since archive_command is supposed to work and we
    9343             :      * assume the admin wanted his backup to work completely. If you don't
    9344             :      * wish to wait, then either waitforarchive should be passed in as false,
    9345             :      * or you can set statement_timeout.  Also, some notices are issued to
    9346             :      * clue in anyone who might be doing this interactively.
    9347             :      */
    9348             : 
    9349         312 :     if (waitforarchive &&
    9350          20 :         ((!backup_stopped_in_recovery && XLogArchivingActive()) ||
    9351           2 :          (backup_stopped_in_recovery && XLogArchivingAlways())))
    9352             :     {
    9353           8 :         XLByteToPrevSeg(state->stoppoint, _logSegNo, wal_segment_size);
    9354           8 :         XLogFileName(lastxlogfilename, state->stoptli, _logSegNo,
    9355             :                      wal_segment_size);
    9356             : 
    9357           8 :         XLByteToSeg(state->startpoint, _logSegNo, wal_segment_size);
    9358           8 :         BackupHistoryFileName(histfilename, state->stoptli, _logSegNo,
    9359             :                               state->startpoint, wal_segment_size);
    9360             : 
    9361           8 :         seconds_before_warning = 60;
    9362           8 :         waits = 0;
    9363             : 
    9364          26 :         while (XLogArchiveIsBusy(lastxlogfilename) ||
    9365           8 :                XLogArchiveIsBusy(histfilename))
    9366             :         {
    9367          10 :             CHECK_FOR_INTERRUPTS();
    9368             : 
    9369          10 :             if (!reported_waiting && waits > 5)
    9370             :             {
    9371           0 :                 ereport(NOTICE,
    9372             :                         (errmsg("base backup done, waiting for required WAL segments to be archived")));
    9373           0 :                 reported_waiting = true;
    9374             :             }
    9375             : 
    9376          10 :             (void) WaitLatch(MyLatch,
    9377             :                              WL_LATCH_SET | WL_TIMEOUT | WL_EXIT_ON_PM_DEATH,
    9378             :                              1000L,
    9379             :                              WAIT_EVENT_BACKUP_WAIT_WAL_ARCHIVE);
    9380          10 :             ResetLatch(MyLatch);
    9381             : 
    9382          10 :             if (++waits >= seconds_before_warning)
    9383             :             {
    9384           0 :                 seconds_before_warning *= 2;    /* This wraps in >10 years... */
    9385           0 :                 ereport(WARNING,
    9386             :                         (errmsg("still waiting for all required WAL segments to be archived (%d seconds elapsed)",
    9387             :                                 waits),
    9388             :                          errhint("Check that your \"archive_command\" is executing properly.  "
    9389             :                                  "You can safely cancel this backup, "
    9390             :                                  "but the database backup will not be usable without all the WAL segments.")));
    9391             :             }
    9392             :         }
    9393             : 
    9394           8 :         ereport(NOTICE,
    9395             :                 (errmsg("all required WAL segments have been archived")));
    9396             :     }
    9397         304 :     else if (waitforarchive)
    9398          12 :         ereport(NOTICE,
    9399             :                 (errmsg("WAL archiving is not enabled; you must ensure that all required WAL segments are copied through other means to complete the backup")));
    9400         312 : }
    9401             : 
    9402             : 
    9403             : /*
    9404             :  * do_pg_abort_backup: abort a running backup
    9405             :  *
    9406             :  * This does just the most basic steps of do_pg_backup_stop(), by taking the
    9407             :  * system out of backup mode, thus making it a lot more safe to call from
    9408             :  * an error handler.
    9409             :  *
    9410             :  * 'arg' indicates that it's being called during backup setup; so
    9411             :  * sessionBackupState has not been modified yet, but runningBackups has
    9412             :  * already been incremented.  When it's false, then it's invoked as a
    9413             :  * before_shmem_exit handler, and therefore we must not change state
    9414             :  * unless sessionBackupState indicates that a backup is actually running.
    9415             :  *
    9416             :  * NB: This gets used as a PG_ENSURE_ERROR_CLEANUP callback and
    9417             :  * before_shmem_exit handler, hence the odd-looking signature.
    9418             :  */
    9419             : void
    9420          14 : do_pg_abort_backup(int code, Datum arg)
    9421             : {
    9422          14 :     bool        during_backup_start = DatumGetBool(arg);
    9423             : 
    9424             :     /* If called during backup start, there shouldn't be one already running */
    9425             :     Assert(!during_backup_start || sessionBackupState == SESSION_BACKUP_NONE);
    9426             : 
    9427          14 :     if (during_backup_start || sessionBackupState != SESSION_BACKUP_NONE)
    9428             :     {
    9429          10 :         WALInsertLockAcquireExclusive();
    9430             :         Assert(XLogCtl->Insert.runningBackups > 0);
    9431          10 :         XLogCtl->Insert.runningBackups--;
    9432             : 
    9433          10 :         sessionBackupState = SESSION_BACKUP_NONE;
    9434          10 :         WALInsertLockRelease();
    9435             : 
    9436          10 :         if (!during_backup_start)
    9437          10 :             ereport(WARNING,
    9438             :                     errmsg("aborting backup due to backend exiting before pg_backup_stop was called"));
    9439             :     }
    9440          14 : }
    9441             : 
    9442             : /*
    9443             :  * Register a handler that will warn about unterminated backups at end of
    9444             :  * session, unless this has already been done.
    9445             :  */
    9446             : void
    9447           6 : register_persistent_abort_backup_handler(void)
    9448             : {
    9449             :     static bool already_done = false;
    9450             : 
    9451           6 :     if (already_done)
    9452           2 :         return;
    9453           4 :     before_shmem_exit(do_pg_abort_backup, BoolGetDatum(false));
    9454           4 :     already_done = true;
    9455             : }
    9456             : 
    9457             : /*
    9458             :  * Get latest WAL insert pointer
    9459             :  */
    9460             : XLogRecPtr
    9461        3962 : GetXLogInsertRecPtr(void)
    9462             : {
    9463        3962 :     XLogCtlInsert *Insert = &XLogCtl->Insert;
    9464             :     uint64      current_bytepos;
    9465             : 
    9466        3962 :     SpinLockAcquire(&Insert->insertpos_lck);
    9467        3962 :     current_bytepos = Insert->CurrBytePos;
    9468        3962 :     SpinLockRelease(&Insert->insertpos_lck);
    9469             : 
    9470        3962 :     return XLogBytePosToRecPtr(current_bytepos);
    9471             : }
    9472             : 
    9473             : /*
    9474             :  * Get latest WAL write pointer
    9475             :  */
    9476             : XLogRecPtr
    9477       17964 : GetXLogWriteRecPtr(void)
    9478             : {
    9479       17964 :     RefreshXLogWriteResult(LogwrtResult);
    9480             : 
    9481       17964 :     return LogwrtResult.Write;
    9482             : }
    9483             : 
    9484             : /*
    9485             :  * Returns the redo pointer of the last checkpoint or restartpoint. This is
    9486             :  * the oldest point in WAL that we still need, if we have to restart recovery.
    9487             :  */
    9488             : void
    9489         788 : GetOldestRestartPoint(XLogRecPtr *oldrecptr, TimeLineID *oldtli)
    9490             : {
    9491         788 :     LWLockAcquire(ControlFileLock, LW_SHARED);
    9492         788 :     *oldrecptr = ControlFile->checkPointCopy.redo;
    9493         788 :     *oldtli = ControlFile->checkPointCopy.ThisTimeLineID;
    9494         788 :     LWLockRelease(ControlFileLock);
    9495         788 : }
    9496             : 
    9497             : /* Thin wrapper around ShutdownWalRcv(). */
    9498             : void
    9499        2160 : XLogShutdownWalRcv(void)
    9500             : {
    9501        2160 :     ShutdownWalRcv();
    9502             : 
    9503        2160 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    9504        2160 :     XLogCtl->InstallXLogFileSegmentActive = false;
    9505        2160 :     LWLockRelease(ControlFileLock);
    9506        2160 : }
    9507             : 
    9508             : /* Enable WAL file recycling and preallocation. */
    9509             : void
    9510        2254 : SetInstallXLogFileSegmentActive(void)
    9511             : {
    9512        2254 :     LWLockAcquire(ControlFileLock, LW_EXCLUSIVE);
    9513        2254 :     XLogCtl->InstallXLogFileSegmentActive = true;
    9514        2254 :     LWLockRelease(ControlFileLock);
    9515        2254 : }
    9516             : 
    9517             : bool
    9518           0 : IsInstallXLogFileSegmentActive(void)
    9519             : {
    9520             :     bool        result;
    9521             : 
    9522           0 :     LWLockAcquire(ControlFileLock, LW_SHARED);
    9523           0 :     result = XLogCtl->InstallXLogFileSegmentActive;
    9524           0 :     LWLockRelease(ControlFileLock);
    9525             : 
    9526           0 :     return result;
    9527             : }
    9528             : 
    9529             : /*
    9530             :  * Update the WalWriterSleeping flag.
    9531             :  */
    9532             : void
    9533         982 : SetWalWriterSleeping(bool sleeping)
    9534             : {
    9535         982 :     SpinLockAcquire(&XLogCtl->info_lck);
    9536         982 :     XLogCtl->WalWriterSleeping = sleeping;
    9537         982 :     SpinLockRelease(&XLogCtl->info_lck);
    9538         982 : }

Generated by: LCOV version 1.16