| blob | 068e59bec005b8aaece896673f345b7fea7195e2 |
1 /*-------------------------------------------------------------------------
2 *
3 * twophase.c
4 * Two-phase commit support functions.
5 *
6 * Portions Copyright (c) 1996-2023, PostgreSQL Global Development Group
7 * Portions Copyright (c) 1994, Regents of the University of California
8 *
9 * IDENTIFICATION
10 * src/backend/access/transam/twophase.c
11 *
12 * NOTES
13 * Each global transaction is associated with a global transaction
14 * identifier (GID). The client assigns a GID to a postgres
15 * transaction with the PREPARE TRANSACTION command.
16 *
17 * We keep all active global transactions in a shared memory array.
18 * When the PREPARE TRANSACTION command is issued, the GID is
19 * reserved for the transaction in the array. This is done before
20 * a WAL entry is made, because the reservation checks for duplicate
21 * GIDs and aborts the transaction if there already is a global
22 * transaction in prepared state with the same GID.
23 *
24 * A global transaction (gxact) also has dummy PGPROC; this is what keeps
25 * the XID considered running by TransactionIdIsInProgress. It is also
26 * convenient as a PGPROC to hook the gxact's locks to.
27 *
28 * Information to recover prepared transactions in case of crash is
29 * now stored in WAL for the common case. In some cases there will be
30 * an extended period between preparing a GXACT and commit/abort, in
31 * which case we need to separately record prepared transaction data
32 * in permanent storage. This includes locking information, pending
33 * notifications etc. All that state information is written to the
34 * per-transaction state file in the pg_twophase directory.
35 * All prepared transactions will be written prior to shutdown.
36 *
37 * Life track of state data is following:
38 *
39 * * On PREPARE TRANSACTION backend writes state data only to the WAL and
40 * stores pointer to the start of the WAL record in
41 * gxact->prepare_start_lsn.
42 * * If COMMIT occurs before checkpoint then backend reads data from WAL
43 * using prepare_start_lsn.
44 * * On checkpoint state data copied to files in pg_twophase directory and
45 * fsynced
46 * * If COMMIT happens after checkpoint then backend reads state data from
47 * files
48 *
49 * During replay and replication, TwoPhaseState also holds information
50 * about active prepared transactions that haven't been moved to disk yet.
51 *
52 * Replay of twophase records happens by the following rules:
53 *
54 * * At the beginning of recovery, pg_twophase is scanned once, filling
55 * TwoPhaseState with entries marked with gxact->inredo and
56 * gxact->ondisk. Two-phase file data older than the XID horizon of
57 * the redo position are discarded.
58 * * On PREPARE redo, the transaction is added to TwoPhaseState->prepXacts.
59 * gxact->inredo is set to true for such entries.
60 * * On Checkpoint we iterate through TwoPhaseState->prepXacts entries
61 * that have gxact->inredo set and are behind the redo_horizon. We
62 * save them to disk and then switch gxact->ondisk to true.
63 * * On COMMIT/ABORT we delete the entry from TwoPhaseState->prepXacts.
64 * If gxact->ondisk is true, the corresponding entry from the disk
65 * is additionally deleted.
66 * * RecoverPreparedTransactions(), StandbyRecoverPreparedTransactions()
67 * and PrescanPreparedTransactions() have been modified to go through
68 * gxact->inredo entries that have not made it to disk.
69 *
70 *-------------------------------------------------------------------------
71 */
74 #include <fcntl.h>
75 #include <sys/stat.h>
76 #include <time.h>
77 #include <unistd.h>
111 /*
112 * Directory where Two-phase commit files reside within PGDATA
113 */
116 /* GUC variable, can't be changed after startup */
119 /*
120 * This struct describes one global transaction that is in prepared state
121 * or attempting to become prepared.
122 *
123 * The lifecycle of a global transaction is:
124 *
125 * 1. After checking that the requested GID is not in use, set up an entry in
126 * the TwoPhaseState->prepXacts array with the correct GID and valid = false,
127 * and mark it as locked by my backend.
128 *
129 * 2. After successfully completing prepare, set valid = true and enter the
130 * referenced PGPROC into the global ProcArray.
131 *
132 * 3. To begin COMMIT PREPARED or ROLLBACK PREPARED, check that the entry is
133 * valid and not locked, then mark the entry as locked by storing my current
134 * backend ID into locking_backend. This prevents concurrent attempts to
135 * commit or rollback the same prepared xact.
136 *
137 * 4. On completion of COMMIT PREPARED or ROLLBACK PREPARED, remove the entry
138 * from the ProcArray and the TwoPhaseState->prepXacts array and return it to
139 * the freelist.
140 *
141 * Note that if the preparing transaction fails between steps 1 and 2, the
142 * entry must be removed so that the GID and the GlobalTransaction struct
143 * can be reused. See AtAbort_Twophase().
144 *
145 * typedef struct GlobalTransactionData *GlobalTransaction appears in
146 * twophase.h
147 */
150 {
156 /*
157 * Note that we need to keep track of two LSNs for each GXACT. We keep
158 * track of the start LSN because this is the address we must use to read
159 * state data back from WAL when committing a prepared GXACT. We keep
160 * track of the end LSN because that is the LSN we need to wait for prior
161 * to commit.
162 */
175 /*
176 * Two Phase Commit shared state. Access to this struct is protected
177 * by TwoPhaseStateLock.
178 */
180 {
181 /* Head of linked list of free GlobalTransactionData structs */
182 GlobalTransaction freeGXacts;
184 /* Number of valid prepXacts entries. */
187 /* There are max_prepared_xacts items in this array */
193 /*
194 * Global transaction entry currently locked by us, if any. Note that any
195 * access to the entry pointed to by this variable must be protected by
196 * TwoPhaseStateLock, though obviously the pointer itself doesn't need to be
197 * (since it's just local memory).
198 */
228 XLogRecPtr prepare_start_lsn,
232 Oid databaseid);
236 /*
237 * Initialization of shared memory
238 */
239 Size
241 {
242 Size size;
244 /* Need the fixed struct, the array of pointers, and the GTD structs */
253 }
255 void
257 {
264 {
265 GlobalTransaction gxacts;
272 /*
273 * Initialize the linked list of free GlobalTransactionData structs
274 */
280 {
281 /* insert into linked list */
285 /* associate it with a PGPROC assigned by InitProcGlobal */
288 /*
289 * Assign a unique ID for each dummy proc, so that the range of
290 * dummy backend IDs immediately follows the range of normal
291 * backend IDs. We don't dare to assign a real backend ID to dummy
292 * procs, because prepared transactions don't take part in cache
293 * invalidation like a real backend ID would imply, but having a
294 * unique ID for them is nevertheless handy. This arrangement
295 * allows you to allocate an array of size (MaxBackends +
296 * max_prepared_xacts + 1), and have a slot for every backend and
297 * prepared transaction. Currently multixact.c uses that
298 * technique.
299 */
301 }
302 }
303 else
305 }
307 /*
308 * Exit hook to unlock the global transaction entry we're working on.
309 */
310 static void
312 {
313 /* same logic as abort */
315 }
317 /*
318 * Abort hook to unlock the global transaction entry we're working on.
319 */
320 void
322 {
326 /*
327 * What to do with the locked global transaction entry? If we were in the
328 * process of preparing the transaction, but haven't written the WAL
329 * record and state file yet, the transaction must not be considered as
330 * prepared. Likewise, if we are in the process of finishing an
331 * already-prepared transaction, and fail after having already written the
332 * 2nd phase commit or rollback record to the WAL, the transaction should
333 * not be considered as prepared anymore. In those cases, just remove the
334 * entry from shared memory.
335 *
336 * Otherwise, the entry must be left in place so that the transaction can
337 * be finished later, so just unlock it.
338 *
339 * If we abort during prepare, after having written the WAL record, we
340 * might not have transferred all locks and other state to the prepared
341 * transaction yet. Likewise, if we abort during commit or rollback,
342 * after having written the WAL record, we might not have released all the
343 * resources held by the transaction yet. In those cases, the in-memory
344 * state can be wrong, but it's too late to back out.
345 */
349 else
354 }
356 /*
357 * This is called after we have finished transferring state to the prepared
358 * PGPROC entry.
359 */
360 void
362 {
368 }
371 /*
372 * MarkAsPreparing
373 * Reserve the GID for the given transaction.
374 */
375 GlobalTransaction
378 {
379 GlobalTransaction gxact;
386 gid)));
388 /* fail immediately if feature is disabled */
395 /* on first call, register the exit hook */
397 {
400 }
404 /* Check for conflicting GID */
406 {
409 {
413 gid)));
414 }
415 }
417 /* Get a free gxact from the freelist */
423 max_prepared_xacts)));
431 /* And insert it into the active array */
438 }
440 /*
441 * MarkAsPreparingGuts
442 *
443 * This uses a gxact struct and puts it into the active array.
444 * NOTE: this is also used when reloading a gxact after a crash; so avoid
445 * assuming that we can use very much backend context.
446 *
447 * Note: This function should be called with appropriate locks held.
448 */
449 static void
452 {
461 /* Initialize the PGPROC entry */
467 {
468 /* clone VXID, for TwoPhaseGetXidByVirtualXID() to find */
471 }
472 else
473 {
475 /* GetLockConflicts() uses this to specify a wait on the XID */
478 }
495 /* subxid data must be filled later by GXactLoadSubxactData */
507 /*
508 * Remember that we have this GlobalTransaction entry locked for us. If we
509 * abort after this, we must release it.
510 */
512 }
514 /*
515 * GXactLoadSubxactData
516 *
517 * If the transaction being persisted had any subtransactions, this must
518 * be called before MarkAsPrepared() to load information into the dummy
519 * PGPROC.
520 */
521 static void
524 {
527 /* We need no extra lock since the GXACT isn't valid yet */
529 {
532 }
534 {
538 }
539 }
541 /*
542 * MarkAsPrepared
543 * Mark the GXACT as fully valid, and enter it into the global ProcArray.
544 *
545 * lock_held indicates whether caller already holds TwoPhaseStateLock.
546 */
547 static void
549 {
550 /* Lock here may be overkill, but I'm not convinced of that ... */
558 /*
559 * Put it into the global ProcArray so TransactionIdIsInProgress considers
560 * the XID as still running.
561 */
563 }
565 /*
566 * LockGXact
567 * Locate the prepared transaction and mark it busy for COMMIT or PREPARE.
568 */
569 static GlobalTransaction
571 {
574 /* on first call, register the exit hook */
576 {
579 }
584 {
588 /* Ignore not-yet-valid GIDs */
594 /* Found it, but has someone else got it locked? */
599 gid)));
607 /*
608 * Note: it probably would be possible to allow committing from
609 * another database; but at the moment NOTIFY is known not to work and
610 * there may be some other issues as well. Hence disallow until
611 * someone gets motivated to make it work.
612 */
619 /* OK for me to lock it */
626 }
633 gid)));
635 /* NOTREACHED */
637 }
639 /*
640 * RemoveGXact
641 * Remove the prepared transaction from the shared memory array.
642 *
643 * NB: caller should have already removed it from ProcArray
644 */
645 static void
647 {
653 {
655 {
656 /* remove from the active array */
660 /* and put it back in the freelist */
665 }
666 }
669 }
671 /*
672 * Returns an array of all prepared transactions for the user-level
673 * function pg_prepared_xact.
674 *
675 * The returned array and all its elements are copies of internal data
676 * structures, to minimize the time we need to hold the TwoPhaseStateLock.
677 *
678 * WARNING -- we return even those transactions that are not fully prepared
679 * yet. The caller should filter them out if he doesn't want them.
680 *
681 * The returned array is palloc'd.
682 */
683 static int
685 {
686 GlobalTransaction array;
693 {
698 }
710 }
713 /* Working status for pg_prepared_xact */
715 {
716 GlobalTransaction array;
721 /*
722 * pg_prepared_xact
723 * Produce a view with one row per prepared transaction.
724 *
725 * This function is here so we don't have to export the
726 * GlobalTransactionData struct definition.
727 */
728 Datum
730 {
735 {
736 TupleDesc tupdesc;
737 MemoryContext oldcontext;
739 /* create a function context for cross-call persistence */
742 /*
743 * Switch to memory context appropriate for multiple function calls
744 */
747 /* build tupdesc for result tuples */
748 /* this had better match pg_prepared_xacts view in system_views.sql */
763 /*
764 * Collect all the 2PC status information that we will format and send
765 * out as a result set.
766 */
774 }
780 {
785 HeapTuple tuple;
786 Datum result;
791 /*
792 * Form tuple with appropriate data.
793 */
804 }
807 }
809 /*
810 * TwoPhaseGetGXact
811 * Get the GlobalTransaction struct for a prepared transaction
812 * specified by XID
813 *
814 * If lock_held is set to true, TwoPhaseStateLock will not be taken, so the
815 * caller had better hold it.
816 */
817 static GlobalTransaction
819 {
828 /*
829 * During a recovery, COMMIT PREPARED, or ABORT PREPARED, we'll be called
830 * repeatedly for the same XID. We can save work with a simple cache.
831 */
839 {
843 {
846 }
847 }
859 }
861 /*
862 * TwoPhaseGetXidByVirtualXID
863 * Lookup VXID among xacts prepared since last startup.
864 *
865 * (This won't find recovered xacts.) If more than one matches, return any
866 * and set "have_more" to true. To witness multiple matches, a single
867 * BackendId must consume 2^32 LXIDs, with no intervening database restart.
868 */
869 TransactionId
872 {
880 {
883 VirtualTransactionId proc_vxid;
890 {
891 /* Startup process sets proc->backendId to InvalidBackendId. */
895 {
898 }
900 }
901 }
906 }
908 /*
909 * TwoPhaseGetDummyBackendId
910 * Get the dummy backend ID for prepared transaction specified by XID
911 *
912 * Dummy backend IDs are similar to real backend IDs of real backends.
913 * They start at MaxBackends + 1, and are unique across all currently active
914 * real backends and prepared transactions. If lock_held is set to true,
915 * TwoPhaseStateLock will not be taken, so the caller had better hold it.
916 */
917 BackendId
919 {
923 }
925 /*
926 * TwoPhaseGetDummyProc
927 * Get the PGPROC that represents a prepared transaction specified by XID
928 *
929 * If lock_held is set to true, TwoPhaseStateLock will not be taken, so the
930 * caller had better hold it.
931 */
932 PGPROC *
934 {
938 }
940 /************************************************************************/
941 /* State file support */
942 /************************************************************************/
944 #define TwoPhaseFilePath(path, xid) \
947 /*
948 * 2PC state file format:
949 *
950 * 1. TwoPhaseFileHeader
951 * 2. TransactionId[] (subtransactions)
952 * 3. RelFileLocator[] (files to be deleted at commit)
953 * 4. RelFileLocator[] (files to be deleted at abort)
954 * 5. SharedInvalidationMessage[] (inval messages to be sent at commit)
955 * 6. TwoPhaseRecordOnDisk
956 * 7. ...
957 * 8. TwoPhaseRecordOnDisk (end sentinel, rmid == TWOPHASE_RM_END_ID)
958 * 9. checksum (CRC-32C)
959 *
960 * Each segment except the final checksum is MAXALIGN'd.
961 */
963 /*
964 * Header for a 2PC state file
965 */
970 /*
971 * Header for each record in a state file
972 *
973 * NOTE: len counts only the rmgr data, not the TwoPhaseRecordOnDisk header.
974 * The rmgr data will be stored starting on a MAXALIGN boundary.
975 */
977 {
983 /*
984 * During prepare, the state file is assembled in memory before writing it
985 * to WAL and the actual state file. We use a chain of StateFileChunk blocks
986 * for that.
987 */
989 {
991 uint32 len;
995 static struct xllist
996 {
999 uint32 num_chunks;
1005 /*
1006 * Append a block of data to records data structure.
1007 *
1008 * NB: each block is padded to a MAXALIGN multiple. This must be
1009 * accounted for when the file is later read!
1010 *
1011 * The data is copied, so the caller is free to modify it afterwards.
1012 */
1013 static void
1015 {
1019 {
1028 }
1034 }
1036 /*
1037 * Start preparing a state file.
1038 *
1039 * Initializes data structure and inserts the 2PC file header record.
1040 */
1041 void
1043 {
1046 TwoPhaseFileHeader hdr;
1054 /* Initialize linked list */
1067 /* Create header */
1084 /* EndPrepare will fill the origin data, if necessary */
1091 /*
1092 * Add the additional info about subxacts, deletable files and cache
1093 * invalidation messages.
1094 */
1096 {
1098 /* While we have the child-xact data, stuff it in the gxact too */
1100 }
1102 {
1105 }
1107 {
1110 }
1112 {
1116 }
1118 {
1122 }
1124 {
1128 }
1129 }
1131 /*
1132 * Finish preparing state data and writing it to WAL.
1133 */
1134 void
1136 {
1141 /* Add the end sentinel to the list of 2PC records */
1145 /* Go back and fill in total_len in the file header record */
1154 {
1157 }
1159 /*
1160 * If the data size exceeds MaxAllocSize, we won't be able to read it in
1161 * ReadTwoPhaseFile. Check for that now, rather than fail in the case
1162 * where we write data to file and then re-read at commit time.
1163 */
1169 /*
1170 * Now writing 2PC state data to WAL. We let the WAL's CRC protection
1171 * cover us, so no need to calculate a separate CRC.
1172 *
1173 * We have to set DELAY_CHKPT_START here, too; otherwise a checkpoint
1174 * starting immediately after the WAL record is inserted could complete
1175 * without fsync'ing our state file. (This is essentially the same kind
1176 * of race condition as the COMMIT-to-clog-write case that
1177 * RecordTransactionCommit uses DELAY_CHKPT_START for; see notes there.)
1178 *
1179 * We save the PREPARE record's location in the gxact for later use by
1180 * CheckPointTwoPhase.
1181 */
1198 {
1199 /* Move LSNs forward for this replication origin */
1202 }
1206 /* If we crash now, we have prepared: WAL replay will fix things */
1208 /* Store record's start location to read that later on Commit */
1211 /*
1212 * Mark the prepared transaction as valid. As soon as xact.c marks MyProc
1213 * as not running our XID (which it will do immediately after this
1214 * function returns), others can commit/rollback the xact.
1215 *
1216 * NB: a side effect of this is to make a dummy ProcArray entry for the
1217 * prepared XID. This must happen before we clear the XID from MyProc /
1218 * ProcGlobal->xids[], else there is a window where the XID is not running
1219 * according to TransactionIdIsInProgress, and onlookers would be entitled
1220 * to assume the xact crashed. Instead we have a window where the same
1221 * XID appears twice in ProcArray, which is OK.
1222 */
1225 /*
1226 * Now we can mark ourselves as out of the commit critical section: a
1227 * checkpoint starting after this will certainly see the gxact as a
1228 * candidate for fsyncing.
1229 */
1232 /*
1233 * Remember that we have this GlobalTransaction entry locked for us. If
1234 * we crash after this point, it's too late to abort, but we must unlock
1235 * it so that the prepared transaction can be committed or rolled back.
1236 */
1241 /*
1242 * Wait for synchronous replication, if required.
1243 *
1244 * Note that at this stage we have marked the prepare, but still show as
1245 * running in the procarray (twice!) and continue to hold locks.
1246 */
1251 }
1253 /*
1254 * Register a 2PC record to be written to state file.
1255 */
1256 void
1259 {
1260 TwoPhaseRecordOnDisk record;
1268 }
1271 /*
1272 * Read and validate the state file for xid.
1273 *
1274 * If it looks OK (has a valid magic number and CRC), return the palloc'd
1275 * contents of the file, issuing an error when finding corrupted data. If
1276 * missing_ok is true, which indicates that missing files can be safely
1277 * ignored, then return NULL. This state can be reached when doing recovery.
1278 */
1281 {
1287 uint32 crc_offset;
1288 pg_crc32c calc_crc,
1289 file_crc;
1296 {
1303 }
1305 /*
1306 * Check file length. We can determine a lower bound pretty easily. We
1307 * set an upper bound to avoid palloc() failure on a corrupt file, though
1308 * we can't guarantee that we won't get an out of memory error anyway,
1309 * even on a valid file.
1310 */
1332 path)));
1334 /*
1335 * OK, slurp in the file.
1336 */
1342 {
1347 else
1351 }
1365 path)));
1371 path)));
1383 path)));
1386 }
1389 /*
1390 * Reads 2PC data from xlog. During checkpoint this data will be moved to
1391 * twophase files and ReadTwoPhaseFile should be used instead.
1392 *
1393 * Note clearly that this function can access WAL during normal operation,
1394 * similarly to the way WALSender or Logical Decoding would do.
1395 */
1396 static void
1398 {
1407 NULL);
1418 {
1424 else
1429 }
1445 }
1448 /*
1449 * Confirms an xid is prepared, during recovery
1450 */
1451 bool
1453 {
1463 /* Read and validate file */
1468 /* Check header also */
1474 }
1476 /*
1477 * FinishPreparedTransaction: execute COMMIT PREPARED or ROLLBACK PREPARED
1478 */
1479 void
1481 {
1482 GlobalTransaction gxact;
1484 TransactionId xid;
1488 TransactionId latestXid;
1498 /*
1499 * Validate the GID, and lock the GXACT to ensure that two backends do not
1500 * try to commit the same GID at once.
1501 */
1506 /*
1507 * Read and validate 2PC state data. State data will typically be stored
1508 * in WAL files if the LSN is after the last checkpoint record, or moved
1509 * to disk if for some reason they have lived for a long time.
1510 */
1513 else
1517 /*
1518 * Disassemble the header area
1519 */
1537 /* compute latestXid among all children */
1540 /* Prevent cancel/die interrupt while cleaning up */
1543 /*
1544 * The order of operations here is critical: make the XLOG entry for
1545 * commit or abort, then mark the transaction committed or aborted in
1546 * pg_xact, then remove its PGPROC from the global ProcArray (which means
1547 * TransactionIdIsInProgress will stop saying the prepared xact is in
1548 * progress), then run the post-commit or post-abort callbacks. The
1549 * callbacks will release the locks the transaction held.
1550 */
1556 commitstats,
1559 else
1564 abortstats,
1565 gid);
1569 /*
1570 * In case we fail while running the callbacks, mark the gxact invalid so
1571 * no one else will try to commit/rollback, and so it will be recycled if
1572 * we fail after this point. It is still locked by our backend so it
1573 * won't go away yet.
1574 *
1575 * (We assume it's safe to do this without taking TwoPhaseStateLock.)
1576 */
1579 /*
1580 * We have to remove any files that were supposed to be dropped. For
1581 * consistency with the regular xact.c code paths, must do this before
1582 * releasing locks, so do it before running the callbacks.
1583 *
1584 * NB: this code knows that we couldn't be dropping any temp rels ...
1585 */
1587 {
1590 }
1591 else
1592 {
1595 }
1597 /* Make sure files supposed to be dropped are dropped */
1602 else
1605 /*
1606 * Handle cache invalidation messages.
1607 *
1608 * Relcache init file invalidation requires processing both before and
1609 * after we send the SI messages, only when committing. See
1610 * AtEOXact_Inval().
1611 */
1613 {
1619 }
1621 /*
1622 * Acquire the two-phase lock. We want to work on the two-phase callbacks
1623 * while holding it to avoid potential conflicts with other transactions
1624 * attempting to use the same GID, so the lock is released once the shared
1625 * memory state is cleared.
1626 */
1629 /* And now do the callbacks */
1632 else
1637 /* Clear shared memory state */
1640 /*
1641 * Release the lock as all callbacks are called and shared memory cleanup
1642 * is done.
1643 */
1646 /* Count the prepared xact as committed or aborted */
1649 /*
1650 * And now we can clean up any files we may have left.
1651 */
1660 }
1662 /*
1663 * Scan 2PC state data in memory and call the indicated callbacks for each 2PC record.
1664 */
1665 static void
1668 {
1670 {
1684 }
1685 }
1687 /*
1688 * Remove the 2PC file for the specified XID.
1689 *
1690 * If giveWarning is false, do not complain about file-not-present;
1691 * this is an expected case during WAL replay.
1692 */
1693 static void
1695 {
1704 }
1706 /*
1707 * Recreates a state file. This is used in WAL replay and during
1708 * checkpoint creation.
1709 *
1710 * Note: content and len don't include CRC.
1711 */
1712 static void
1714 {
1716 pg_crc32c statefile_crc;
1719 /* Recompute CRC */
1733 /* Write content and CRC */
1737 {
1738 /* if write didn't set errno, assume problem is no disk space */
1744 }
1746 {
1747 /* if write didn't set errno, assume problem is no disk space */
1753 }
1756 /*
1757 * We must fsync the file because the end-of-replay checkpoint will not do
1758 * so, there being no GXACT in shared memory yet to tell it to.
1759 */
1771 }
1773 /*
1774 * CheckPointTwoPhase -- handle 2PC component of checkpointing.
1775 *
1776 * We must fsync the state file of any GXACT that is valid or has been
1777 * generated during redo and has a PREPARE LSN <= the checkpoint's redo
1778 * horizon. (If the gxact isn't valid yet, has not been generated in
1779 * redo, or has a later LSN, this checkpoint is not responsible for
1780 * fsyncing it.)
1781 *
1782 * This is deliberately run as late as possible in the checkpoint sequence,
1783 * because GXACTs ordinarily have short lifespans, and so it is quite
1784 * possible that GXACTs that were valid at checkpoint start will no longer
1785 * exist if we wait a little bit. With typical checkpoint settings this
1786 * will be about 3 minutes for an online checkpoint, so as a result we
1787 * expect that there will be no GXACTs that need to be copied to disk.
1788 *
1789 * If a GXACT remains valid across multiple checkpoints, it will already
1790 * be on disk so we don't bother to repeat that write.
1791 */
1792 void
1794 {
1803 /*
1804 * We are expecting there to be zero GXACTs that need to be copied to
1805 * disk, so we perform all I/O while holding TwoPhaseStateLock for
1806 * simplicity. This prevents any new xacts from preparing while this
1807 * occurs, which shouldn't be a problem since the presence of long-lived
1808 * prepared xacts indicates the transaction manager isn't active.
1809 *
1810 * It's also possible to move I/O out of the lock, but on every error we
1811 * should check whether somebody committed our transaction in different
1812 * backend. Let's leave this optimization for future, if somebody will
1813 * spot that this place cause bottleneck.
1814 *
1815 * Note that it isn't possible for there to be a GXACT with a
1816 * prepare_end_lsn set prior to the last checkpoint yet is marked invalid,
1817 * because of the efforts with delayChkptFlags.
1818 */
1821 {
1822 /*
1823 * Note that we are using gxact not PGPROC so this works in recovery
1824 * also
1825 */
1831 {
1841 serialized_xacts++;
1842 }
1843 }
1846 /*
1847 * Flush unconditionally the parent directory to make any information
1848 * durable on disk. Two-phase files could have been removed and those
1849 * removals need to be made persistent as well as any files newly created
1850 * previously since the last checkpoint.
1851 */
1860 "%u two-phase state files were written "
1862 serialized_xacts,
1863 serialized_xacts)));
1864 }
1866 /*
1867 * restoreTwoPhaseData
1868 *
1869 * Scan pg_twophase and fill TwoPhaseState depending on the on-disk data.
1870 * This is called once at the beginning of recovery, saving any extra
1871 * lookups in the future. Two-phase files that are newer than the
1872 * minimum XID horizon are discarded on the way.
1873 */
1874 void
1876 {
1883 {
1886 {
1887 TransactionId xid;
1899 }
1900 }
1903 }
1905 /*
1906 * PrescanPreparedTransactions
1907 *
1908 * Scan the shared memory entries of TwoPhaseState and determine the range
1909 * of valid XIDs present. This is run during database startup, after we
1910 * have completed reading WAL. ShmemVariableCache->nextXid has been set to
1911 * one more than the highest XID for which evidence exists in WAL.
1912 *
1913 * We throw away any prepared xacts with main XID beyond nextXid --- if any
1914 * are present, it suggests that the DBA has done a PITR recovery to an
1915 * earlier point in time without cleaning out pg_twophase. We dare not
1916 * try to recover such prepared xacts since they likely depend on database
1917 * state that doesn't exist now.
1918 *
1919 * However, we will advance nextXid beyond any subxact XIDs belonging to
1920 * valid prepared xacts. We need to do this since subxact commit doesn't
1921 * write a WAL entry, and so there might be no evidence in WAL of those
1922 * subxact XIDs.
1923 *
1924 * On corrupted two-phase files, fail immediately. Keeping around broken
1925 * entries and let replay continue causes harm on the system, and a new
1926 * backup should be rolled in.
1927 *
1928 * Our other responsibility is to determine and return the oldest valid XID
1929 * among the prepared xacts (if none, return ShmemVariableCache->nextXid).
1930 * This is needed to synchronize pg_subtrans startup properly.
1931 *
1932 * If xids_p and nxids_p are not NULL, pointer to a palloc'd array of all
1933 * top-level xids is stored in *xids_p. The number of entries in the array
1934 * is returned in *nxids_p.
1935 */
1936 TransactionId
1938 {
1949 {
1950 TransactionId xid;
1965 /*
1966 * OK, we think this file is valid. Incorporate xid into the
1967 * running-minimum result.
1968 */
1973 {
1975 {
1977 {
1980 }
1981 else
1982 {
1985 }
1986 }
1988 }
1991 }
1995 {
1998 }
2001 }
2003 /*
2004 * StandbyRecoverPreparedTransactions
2005 *
2006 * Scan the shared memory entries of TwoPhaseState and setup all the required
2007 * information to allow standby queries to treat prepared transactions as still
2008 * active.
2009 *
2010 * This is never called at the end of recovery - we use
2011 * RecoverPreparedTransactions() at that point.
2012 *
2013 * The lack of calls to SubTransSetParent() calls here is by design;
2014 * those calls are made by RecoverPreparedTransactions() at the end of recovery
2015 * for those xacts that need this.
2016 */
2017 void
2019 {
2024 {
2025 TransactionId xid;
2038 }
2040 }
2042 /*
2043 * RecoverPreparedTransactions
2044 *
2045 * Scan the shared memory entries of TwoPhaseState and reload the state for
2046 * each prepared transaction (reacquire locks, etc).
2047 *
2048 * This is run at the end of recovery, but before we allow backends to write
2049 * WAL.
2050 *
2051 * At the end of recovery the way we take snapshots will change. We now need
2052 * to mark all running transactions with their full SubTransSetParent() info
2053 * to allow normal snapshots to work correctly if snapshots overflow.
2054 * We do this here because by definition prepared transactions are the only
2055 * type of write transaction still running, so this is necessary and
2056 * complete.
2057 */
2058 void
2060 {
2065 {
2066 TransactionId xid;
2076 /*
2077 * Reconstruct subtrans state for the transaction --- needed because
2078 * pg_subtrans is not preserved over a restart. Note that we are
2079 * linking all the subtransactions directly to the top-level XID;
2080 * there may originally have been a more complex hierarchy, but
2081 * there's no need to restore that exactly. It's possible that
2082 * SubTransSetParent has been set before, if the prepared transaction
2083 * generated xid assignment records.
2084 */
2107 /*
2108 * Recreate its GXACT and dummy PGPROC. But, check whether it was
2109 * added in redo and already has a shmem entry for it.
2110 */
2115 /* recovered, so reset the flag for entries generated by redo */
2123 /*
2124 * Recover other state (notably locks) using resource managers.
2125 */
2128 /*
2129 * Release locks held by the standby process after we process each
2130 * prepared transaction. As a result, we don't need too many
2131 * additional locks at any one time.
2132 */
2136 /*
2137 * We're done with recovering this transaction. Clear MyLockedGxact,
2138 * like we do in PrepareTransaction() during normal operation.
2139 */
2145 }
2148 }
2150 /*
2151 * ProcessTwoPhaseBuffer
2152 *
2153 * Given a transaction id, read it either from disk or read it directly
2154 * via shmem xlog record pointer using the provided "prepare_start_lsn".
2155 *
2156 * If setParent is true, set up subtransaction parent linkages.
2157 *
2158 * If setNextXid is true, set ShmemVariableCache->nextXid to the newest
2159 * value scanned.
2160 */
2163 XLogRecPtr prepare_start_lsn,
2166 {
2179 /* Already processed? */
2181 {
2183 {
2186 xid)));
2188 }
2189 else
2190 {
2193 xid)));
2195 }
2197 }
2199 /* Reject XID if too new */
2201 {
2203 {
2206 xid)));
2208 }
2209 else
2210 {
2213 xid)));
2215 }
2217 }
2220 {
2221 /* Read and validate file */
2223 }
2224 else
2225 {
2226 /* Read xlog data */
2228 }
2230 /* Deconstruct header */
2233 {
2238 xid)));
2239 else
2243 xid)));
2244 }
2246 /*
2247 * Examine subtransaction XIDs ... they should all follow main XID, and
2248 * they may force us to advance nextXid.
2249 */
2254 {
2259 /* update nextXid if needed */
2265 }
2268 }
2271 /*
2272 * RecordTransactionCommitPrepared
2273 *
2274 * This is basically the same as RecordTransactionCommit (q.v. if you change
2275 * this function): in particular, we must set DELAY_CHKPT_START to avoid a
2276 * race condition.
2277 *
2278 * We know the transaction made at least one XLOG entry (its PREPARE),
2279 * so it is never possible to optimize out the commit record.
2280 */
2281 static void
2293 {
2294 XLogRecPtr recptr;
2298 /*
2299 * Are we using the replication origins feature? Or, in other words, are
2300 * we replaying remote actions?
2301 */
2307 /* See notes in RecordTransactionCommit */
2311 /*
2312 * Emit the XLOG commit record. Note that we mark 2PC commits as
2313 * potentially having AccessExclusiveLocks since we don't know whether or
2314 * not they do.
2315 */
2320 initfileinval,
2326 /* Move LSNs forward for this replication origin */
2328 XactLastRecEnd);
2330 /*
2331 * Record commit timestamp. The value comes from plain commit timestamp
2332 * if replorigin is not enabled, or replorigin already set a value for us
2333 * in replorigin_session_origin_timestamp otherwise.
2334 *
2335 * We don't need to WAL-log anything here, as the commit record written
2336 * above already contains the data.
2337 */
2342 replorigin_session_origin_timestamp,
2343 replorigin_session_origin);
2345 /*
2346 * We don't currently try to sleep before flush here ... nor is there any
2347 * support for async commit of a prepared xact (the very idea is probably
2348 * a contradiction)
2349 */
2351 /* Flush XLOG to disk */
2354 /* Mark the transaction committed in pg_xact */
2357 /* Checkpoint can proceed now */
2362 /*
2363 * Wait for synchronous replication, if required.
2364 *
2365 * Note that at this stage we have marked clog, but still show as running
2366 * in the procarray and continue to hold locks.
2367 */
2369 }
2371 /*
2372 * RecordTransactionAbortPrepared
2373 *
2374 * This is basically the same as RecordTransactionAbort.
2375 *
2376 * We know the transaction made at least one XLOG entry (its PREPARE),
2377 * so it is never possible to optimize out the abort record.
2378 */
2379 static void
2388 {
2389 XLogRecPtr recptr;
2392 /*
2393 * Are we using the replication origins feature? Or, in other words, are
2394 * we replaying remote actions?
2395 */
2399 /*
2400 * Catch the scenario where we aborted partway through
2401 * RecordTransactionCommitPrepared ...
2402 */
2405 xid);
2409 /*
2410 * Emit the XLOG commit record. Note that we mark 2PC aborts as
2411 * potentially having AccessExclusiveLocks since we don't know whether or
2412 * not they do.
2413 */
2422 /* Move LSNs forward for this replication origin */
2424 XactLastRecEnd);
2426 /* Always flush, since we're about to remove the 2PC state file */
2429 /*
2430 * Mark the transaction aborted in clog. This is not absolutely necessary
2431 * but we may as well do it while we are here.
2432 */
2437 /*
2438 * Wait for synchronous replication, if required.
2439 *
2440 * Note that at this stage we have marked clog, but still show as running
2441 * in the procarray and continue to hold locks.
2442 */
2444 }
2446 /*
2447 * PrepareRedoAdd
2448 *
2449 * Store pointers to the start/end of the WAL record along with the xid in
2450 * a gxact entry in shared memory TwoPhaseState structure. If caller
2451 * specifies InvalidXLogRecPtr as WAL location to fetch the two-phase
2452 * data, the entry is marked as located on disk.
2453 */
2454 void
2457 {
2461 GlobalTransaction gxact;
2469 /*
2470 * Reserve the GID for the given transaction in the redo code path.
2471 *
2472 * This creates a gxact struct and puts it into the active array.
2473 *
2474 * In redo, this struct is mainly used to track PREPARE/COMMIT entries in
2475 * shared memory. Hence, we only fill up the bare minimum contents here.
2476 * The gxact also gets marked with gxact->inredo set to true to indicate
2477 * that it got added in the redo phase
2478 */
2480 /* Get a free gxact from the freelist */
2486 max_prepared_xacts)));
2501 /* And insert it into the active array */
2506 {
2507 /* recover apply progress */
2510 }
2513 }
2515 /*
2516 * PrepareRedoRemove
2517 *
2518 * Remove the corresponding gxact entry from TwoPhaseState. Also remove
2519 * the 2PC file if a prepared transaction was saved via an earlier checkpoint.
2520 *
2521 * Caller must hold TwoPhaseStateLock in exclusive mode, because TwoPhaseState
2522 * is updated.
2523 */
2524 void
2526 {
2535 {
2539 {
2543 }
2544 }
2546 /*
2547 * Just leave if there is nothing, this is expected during WAL replay.
2548 */
2552 /*
2553 * And now we can clean up any files we may have left.
2554 */
2559 }
2561 /*
2562 * LookupGXact
2563 * Check if the prepared transaction with the given GID, lsn and timestamp
2564 * exists.
2565 *
2566 * Note that we always compare with the LSN where prepare ends because that is
2567 * what is stored as origin_lsn in the 2PC file.
2568 *
2569 * This function is primarily used to check if the prepared transaction
2570 * received from the upstream (remote node) already exists. Checking only GID
2571 * is not sufficient because a different prepared xact with the same GID can
2572 * exist on the same node. So, we are ensuring to match origin_lsn and
2573 * origin_timestamp of prepared xact to avoid the possibility of a match of
2574 * prepared xact from two different nodes.
2575 */
2576 bool
2578 TimestampTz origin_prepare_timestamp)
2579 {
2585 {
2588 /* Ignore not-yet-valid GIDs. */
2590 {
2594 /*
2595 * We are not expecting collisions of GXACTs (same gid) between
2596 * publisher and subscribers, so we perform all I/O while holding
2597 * TwoPhaseStateLock for simplicity.
2598 *
2599 * To move the I/O out of the lock, we need to ensure that no
2600 * other backend commits the prepared xact in the meantime. We can
2601 * do this optimization if we encounter many collisions in GID
2602 * between publisher and subscriber.
2603 */
2606 else
2607 {
2610 }
2616 {
2620 }
2623 }
2624 }
2627 }