Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1q1qrm-0004Om-BP for pgsql-hackers@arkaria.postgresql.org; Wed, 24 May 2023 15:57:34 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1q1qrk-0000B8-8c for pgsql-hackers@arkaria.postgresql.org; Wed, 24 May 2023 15:57:32 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1q1qrj-0000Ay-VW for pgsql-hackers@lists.postgresql.org; Wed, 24 May 2023 15:57:31 +0000 Received: from sss.pgh.pa.us ([66.207.139.130]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1q1qrg-001tkI-UQ for pgsql-hackers@lists.postgresql.org; Wed, 24 May 2023 15:57:31 +0000 Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1]) by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 34OFvOo61140463; Wed, 24 May 2023 11:57:24 -0400 From: Tom Lane To: Tomas Vondra cc: Andres Freund , PostgreSQL Hackers Subject: Re: memory leak in trigger handling (since PG12) In-reply-to: References: <222a3442-7f7d-246c-ed9b-a76209d19239@enterprisedb.com> <20230523171433.earidmyzock7fnk4@awork3.anarazel.de> <993814.1684877984@sss.pgh.pa.us> Comments: In-reply-to Tomas Vondra message dated "Wed, 24 May 2023 10:49:14 +0200" MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <1140461.1684943844.1@sss.pgh.pa.us> Date: Wed, 24 May 2023 11:57:24 -0400 Message-ID: <1140462.1684943844@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Tomas Vondra writes: > On 5/23/23 23:39, Tom Lane wrote: >> FWIW, I've had some success localizing palloc memory leaks with valgrind's >> leak detection mode. The trick is to ask it for a report before the >> context gets destroyed. Beats writing your own infrastructure ... > I haven't tried valgrind, so can't compare. > Would it be possible to filter which memory contexts to track? Say we > know the leak is in ExecutorState, so we don't need to track allocations > in other contexts. That was a huge speedup for me, maybe it'd help > valgrind too. I don't think valgrind has a way to do that, but this'd be something you set up specially in any case. > Also, how did you ask for the report before context gets destroyed? There are several valgrind client requests that could be helpful: /* Do a full memory leak check (like --leak-check=full) mid-execution. */ #define VALGRIND_DO_LEAK_CHECK \ VALGRIND_DO_CLIENT_REQUEST_STMT(VG_USERREQ__DO_LEAK_CHECK, \ 0, 0, 0, 0, 0) /* Same as VALGRIND_DO_LEAK_CHECK but only showing the entries for which there was an increase in leaked bytes or leaked nr of blocks since the previous leak search. */ #define VALGRIND_DO_ADDED_LEAK_CHECK \ VALGRIND_DO_CLIENT_REQUEST_STMT(VG_USERREQ__DO_LEAK_CHECK, \ 0, 1, 0, 0, 0) /* Return number of leaked, dubious, reachable and suppressed bytes found by all previous leak checks. They must be lvalues. */ #define VALGRIND_COUNT_LEAK_BLOCKS(leaked, dubious, reachable, suppressed) \ Putting VALGRIND_DO_ADDED_LEAK_CHECK someplace in the executor loop would help narrow things down pretty quickly, assuming you had a self-contained example demonstrating the leak. I don't recall exactly how I used these but it was something along that line. >> Yeah, it's not clear whether we could make the still-hypothetical check >> sensitive enough to find leaks using small test cases without getting an >> unworkable number of false positives. Still, might be worth trying. > I'm not against experimenting with that. Were you thinking about > something that'd be cheap enough to just be enabled always/everywhere, > or something we'd enable during testing? We seem to have already paid the overhead of counting all palloc allocations, so I don't think it'd be too expensive to occasionally check the ExecutorState's mem_allocated and see if it's growing (especially if we only do so in assert-enabled builds). The trick is to define the rules for what's worth reporting. >> It might be an acceptable tradeoff to have stricter rules for what can >> be allocated in ExecutorState in order to make this sort of problem >> more easily detectable. > Would these rules be just customary, or defined/enforced in the code > somehow? I can't quite imagine how would that work, TBH. If the check bleated "WARNING: possible executor memory leak" during regression testing, people would soon become conditioned to doing whatever they have to do to avoid it ;-) regards, tom lane