Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sZ5vx-00GNmX-9q for pgsql-hackers@arkaria.postgresql.org; Wed, 31 Jul 2024 09:47:49 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1sZ5vv-004SQp-Gw for pgsql-hackers@arkaria.postgresql.org; Wed, 31 Jul 2024 09:47:47 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sZ5vv-004SQg-3N for pgsql-hackers@lists.postgresql.org; Wed, 31 Jul 2024 09:47:47 +0000 Received: from mail-qv1-xf2f.google.com ([2607:f8b0:4864:20::f2f]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1sZ5vs-002M5T-DV for pgsql-hackers@lists.postgresql.org; Wed, 31 Jul 2024 09:47:45 +0000 Received: by mail-qv1-xf2f.google.com with SMTP id 6a1803df08f44-6b7b23793c1so30658876d6.0 for ; Wed, 31 Jul 2024 02:47:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dunslane-net.20230601.gappssmtp.com; s=20230601; t=1722419263; x=1723024063; darn=lists.postgresql.org; h=in-reply-to:autocrypt:content-language:from:references:cc:to :subject:user-agent:mime-version:date:message-id:from:to:cc:subject :date:message-id:reply-to; bh=1N2QLAhBlaUPnlV0clFXd/rtISsXCpjBFADH9qPCrSM=; b=dRQ7eZO1zo8h9LbSYQIJ5ps36h2fDukzy64p4Sy8CXYl6LOkAIjH+kebJNePthW7HZ vBQl63OmSlw4TSGlNY4IZyF9oE6zBs++k3fYcEwadJRUMwTZmF0Q5LymVdZhJic+nCx4 D1YdSiZBeMAbFQUyY++G++fQ0zksdYiCBFFTk/EDg2Q0a5SFp98q81H8TCnnX/eTwF8c OdoLxeuC6/hipDTitiIK1gpkd8YdM2yy00iZyGwiLUVXo3sCD1C69doi2CixrEHv0n4H vduvTmE6o4BrnEEVjGKWf0atndRlySF6GZyewcWLmWw9sBcNwglIoutpEvPxIsFer5v9 F7sw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722419263; x=1723024063; h=in-reply-to:autocrypt:content-language:from:references:cc:to :subject:user-agent:mime-version:date:message-id:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=1N2QLAhBlaUPnlV0clFXd/rtISsXCpjBFADH9qPCrSM=; b=GzUpX0HCSuPYHOu1hxwIyGeg0ClCjC0kyvlMeaCXJg4xQAl+v0LT7qRAGEMBZor47p Ae8qdn0naO/PRIlxc3n0P8KC+0oPXFx8U5TjslVBP9nUEuzvZTjhymCL9wWRHjSbhXYE iWIkgx0Yu7pqyt7uiFQI8cxeqX4E3B7tZ5ekKnV7oBS4bhZBDRfepjq67ZYAl3qXtrkN UZrm3gfOExLbyIW4cO87Anm3L6VLEvUHeYG10VBMc9By5iEVuuGp1B1LkT4/jzqkEvaP eMEZkgnr4Eb61J3+H4QD9TVQIq8e3B1ES1LdFrXQn/I2uA0VNM02pvWUQqETLi74ej4j U6fw== X-Gm-Message-State: AOJu0YwLu6LEXGsJYzpFfEZb79/XzOCQFaN/bYqZkkWbg7scCLOcFdJq YJ7VtGOtkVPAsB2twcV1qDeavr6/XfTSfAfrBlsXzgQEELr2FMhTE4MSAlOHFGw= X-Google-Smtp-Source: AGHT+IFFmKZfPEE0taY/ZjD7DMx2YQ77I6ItZlLxViCAIp6rwpxMEsBJKetf4m9sM9rkE9s4JYc6XQ== X-Received: by 2002:a05:6214:402:b0:6b5:80e0:1301 with SMTP id 6a1803df08f44-6bb55aeca19mr186571386d6.55.1722419262709; Wed, 31 Jul 2024 02:47:42 -0700 (PDT) Received: from ?IPV6:2605:a601:9180:9800::2bb? ([2605:a601:9180:9800::2bb]) by smtp.googlemail.com with ESMTPSA id 6a1803df08f44-6bb3fa94e57sm71605346d6.85.2024.07.31.02.47.42 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 31 Jul 2024 02:47:42 -0700 (PDT) Content-Type: multipart/alternative; boundary="------------MN04CsHs3qnN3uF09101OJ72" Message-ID: <50d3a76e-afaa-44ed-aef5-6fb7f23cccab@dunslane.net> Date: Wed, 31 Jul 2024 05:47:40 -0400 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: can we mark upper/lower/textlike functions leakproof? To: David Rowley Cc: PostgreSQL Hackers References: From: Andrew Dunstan Content-Language: en-US Autocrypt: addr=andrew@dunslane.net; keydata= xsBNBE7KWFkBCAClridxur2AIc7eW2AR7izbfp3EnNefie2HbLF0izW5Ik5UjX2HBXBx4syI gY6b0ugohXrr274+baoAlvSbq6cAoQuEVrk5IZFzt20b1Xkx65FwGSEj526yiKLocqkJceSq Xr9xcA5SGY+FZv441chh5SU92v4q6z+6LPpoHOh97ptAVXZYNTtU0LevyvD5lja0TzbvJm6C eFXitJfnm1pLEr0DGJCR/iUOl/N62Kh4855zZC7NHIjQHPOvV5Stz/l5ilDhvGVk+xkXFPys SjZoUr1rXhYLpiyi5sR0X9FHXT0KnGuz1F5ERO7ZTLSSQ6fJwPj6gOk9K+vvoKvoeql5ABEB AAHNJEFuZHJldyBEdW5zdGFuIDxhbmRyZXdAZHVuc2xhbmUubmV0PsLAmwQTAQgARQIbAwIX gAIZAQULCQgHAgMiAgEGFQoJCAsCBBYCAwECHgcWIQTkPlhGHfx8v0RpFaWZ+n/LWfw7gQUC ZFlxxwUJGVGAbgAKCRCZ+n/LWfw7gXikB/9ZdcUy6CTBFIIuL/bVsc1eLEW/gJBjJBF6HxNY xgEkAgXAp4Lg4A5U+QB9GouFr7+GYxF0BU4hzoGhNPUWltxnHdMWP8nC/38LAqgMi8L/bbsm HW5YPBdWYaAZAPJQVfOAgjTbRUb26KSprpyrrJKW0ZmrZfjhNPcQ72jpWzoPLQqx2X6B0fru 1jq+cBh8lb6r1mJTim1T3JIn+F/v5VpdQS+EL8xqsHkfzKjIPsW3CIXpkypSk6saA55Rkkbl 26AW8ftPVB0Q6Lnn6FLt9CP0MGNixBQ55yq8r1K+nCBvCCjvQjM8RDm0UUum0WNl+ifQgTLO E8TWEnwVtkBf+3QWzsBNBE7KWFkBCADRnOM0FCzsYW6jtncg+dWIagjUZpvaClmqn/sJluLa Q3v1VXMQJzYs3eC1gh386W+XBwLRpDj3jzH81lX+p73Re3d3oJW7X+ffsxuzu5ZVdMUkqBYo nkAbKxr6gyJ12F/+JkUVzLcoTN+d/7YsQvUVi7NaKH8mJgjz112O4fUe3p9wfAaFa0RXHc5S GPzRTYRRlv/XZBIho4J2tkZOnteZJZ+GbxQVlINt6fd8P6al3MWOvpP/ExJPguEfjOsO6Njy xjo3WfpD4lHMOR/Oc3/8mScEF84rF2jXbsFgelWnbPWAvXY+pD0dXOFRkagGmC/viwBDqq5b 5tk76kKmUbZxABEBAAHCwHwEGAEIACYCGwwWIQTkPlhGHfx8v0RpFaWZ+n/LWfw7gQUCZFlx 5wUJGVGAjgAKCRCZ+n/LWfw7gf+iB/4g8CPY5jihf5r/8EsoIGe2H+dpVmpPF8YGBzTIvCz/ fQoOq8AX/pE76QEuFnFZWfjw+wgBXgCVmkox2Eflkk6z4ND3pcwGZ6CfCxTQCDk/dij+2DQ4 6bmDCy/sBgcbz9mTpoLC11HLoPae6YN9nBNQRZDcEFEu54OaVOqlIdbA6m+POIBCXZdHOFc0 WoDTgxHRzC1jgQNidyd6tKqcsVJs0dzF0oKTmFFmUAqTdJO12LBuNA1rlqrR3EtpYk8B/wtS 5dIMD7Q8hwQpL+4C6GNpb6ZKnPkLi47pDOLhz2qBrqN+rqUEsT3YnExYpzj5yOBi+FlmV1Hw 49QYe1sn2ZPs In-Reply-To: List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk This is a multi-part message in MIME format. --------------MN04CsHs3qnN3uF09101OJ72 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 2024-07-30 Tu 6:51 PM, David Rowley wrote: > On Wed, 31 Jul 2024 at 09:35, Andrew Dunstan wrote: >> Fast forward to now. The customer has found no observable ill effects of >> marking these functions leakproof. The would like to know if there is >> any reason why we can't mark them leakproof, so that they don't have to >> do this in every database of every cluster they use. >> >> Thoughts? > According to [1], it's just not been done yet due to concerns about > risk to reward ratios. Nobody mentioned any reason why it couldn't > be, but there were some fears that future code changes could yield new > failure paths. > > David > > [1]https://postgr.es/m/02BDFCCF-BDBB-4658-9717-4D95F9A91561%40thebuild.com Hmm, somehow I missed that thread in searching, and clearly I'd forgotten it. Still, I'm not terribly convinced by arguments along the lines you're suggesting. "Sufficient unto the day is the evil thereof." Maybe we need a test to make sure we don't make changes along those lines, although I have no idea what such a test would look like. cheers andrew -- Andrew Dunstan EDB:https://www.enterprisedb.com --------------MN04CsHs3qnN3uF09101OJ72 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit


On 2024-07-30 Tu 6:51 PM, David Rowley wrote:
On Wed, 31 Jul 2024 at 09:35, Andrew Dunstan <andrew@dunslane.net> wrote:
Fast forward to now. The customer has found no observable ill effects of
marking these functions leakproof. The would like to know if there is
any reason why we can't mark them leakproof, so that they don't have to
do this in every database of every cluster they use.

Thoughts?
According to [1], it's just not been done yet due to concerns about
risk to reward ratios.  Nobody mentioned any reason why it couldn't
be, but there were some fears that future code changes could yield new
failure paths.

David

[1] https://postgr.es/m/02BDFCCF-BDBB-4658-9717-4D95F9A91561%40thebuild.com


Hmm, somehow I missed that thread in searching, and clearly I'd forgotten it.

Still, I'm not terribly convinced by arguments along the lines you're suggesting. "Sufficient unto the day is the evil thereof." Maybe we need a test to make sure we don't make changes along those lines, although I have no idea what such a test would look like.


cheers

andrew

--
Andrew Dunstan
EDB: https://www.enterprisedb.com
--------------MN04CsHs3qnN3uF09101OJ72--