Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1q9pv8-0004r8-FL for pgsql-hackers@arkaria.postgresql.org; Thu, 15 Jun 2023 16:34:03 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1q9pv5-000839-81 for pgsql-hackers@arkaria.postgresql.org; Thu, 15 Jun 2023 16:33:59 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1q9pv4-00082Z-QM for pgsql-hackers@lists.postgresql.org; Thu, 15 Jun 2023 16:33:58 +0000 Received: from mail.postgrespro.ru ([93.174.131.139]) by makus.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1q9pv1-002Na5-7p for pgsql-hackers@lists.postgresql.org; Thu, 15 Jun 2023 16:33:57 +0000 Received: from [10.4.14.209] (unknown [93.174.131.141]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: y.sokolov@postgrespro.ru) by mail.postgrespro.ru (Postfix/465) with ESMTPSA id 301E1E20C38; Thu, 15 Jun 2023 19:33:52 +0300 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=postgrespro.ru; s=mx2023; t=1686846832; bh=QXU7v8QXvR4DmM4yWAqqjWP0aZW/PxHv1i0Nr3ZBoyk=; h=Message-ID:Date:User-Agent:Subject:To:Cc:References:From: In-Reply-To:From; b=syi9PcONXFFOsINGZA6TIhrVV01O1l+CaTpq84e57Ob0f9/f+52LdjyO/XvyFiYTA A82IHfpqO6aIOOAu1aF3HHNIsJBr0Zc+XXZ4kUy/6lzPKOOMuUbJxP5YjpcUthu+5I QR+oPWzo83Kyepk6QT2trUSfoO/u8uWHmGfkOc0APAmhlNVJdt8EREKUjKrPBaA++J HopoLx8fcpnrXlKCRpAJw5KRFr7iFLqWizirWoG2AISOI6/ZsfwCca6cxA/Esyr7FB XGLfnRMAe7nGZ2gxx4pgivUogg7efCyebeFZjhiJEVO/OfBX4KkRwqiuvU5iXq4ECP xaPF92um7MgSg== Message-ID: <79ea991d-e7d9-17f3-da51-982d74a5c37e@postgrespro.ru> Date: Thu, 15 Jun 2023 19:33:52 +0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Subject: Re: When IMMUTABLE is not. Content-Language: en-US To: Tom Lane , "David G. Johnston" Cc: "chap@anastigmatix.net" , "pgsql-hackers@lists.postgresql.org" References: <389c986d-fbb4-c644-9280-db7836af7ca9@postgrespro.ru> <2111925.1686835298@sss.pgh.pa.us> <69234e25e34e68425f49630f79ef9991@anastigmatix.net> <4c32f84bc097dee0081e4cc3e733ef8d@anastigmatix.net> <2131668.1686840541@sss.pgh.pa.us> From: Yura Sokolov In-Reply-To: <2131668.1686840541@sss.pgh.pa.us> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk 15.06.2023 17:49, Tom Lane пишет: > "David G. Johnston" writes: >> The failure to find and execute the function code itself is not a failure >> mode that these markers need be concerned with. Assuming one can execute >> the function an immutable function will give the same answer for the same >> input for all time. > The viewpoint taken in the docs I mentioned is that an IMMUTABLE > marker is a promise from the user to the system about the behavior > of a function. While the system does provide a few simple tools > to catch obvious errors and to make it easier to write functions > that obey such promises, it's mostly on the user to get it right. > > In particular, we've never enforced that an immutable function can't > call non-immutable functions. While that would seem like a good idea > in the abstract, we've intentionally not tried to do it. (I'm pretty > sure there is more than one round of previous discussions of the point > in the archives, although locating relevant threads seems hard.) > One reason not to is that polymorphic functions have to be marked > with worst-case volatility labels. There are plenty of examples of > functions that are stable for some input types and immutable for > others (array_to_string, for instance); but the marking system can't > represent that so we have to label them stable. Enforcing that a > user-defined immutable function can't use such a function might > just break things for no gain. "Stable vs Immutable" is much lesser problem compared to "ReadOnly vs Volatile". Executing fairly read-only function more times than necessary (or less times), doesn't modify data in unexpecting way. But executing immutable/stable function, that occasionally modifies data, could lead to different unexpected effects due to optimizer decided to call them more or less times than query assumes. Some vulnerabilities were present due to user defined functions used in index definitions started to modify data. If "read-only" execution were forced in index operations, those issues couldn't happen. > it's mostly on the user to get it right. It is really bad premise. Users does strange things and aren't expected to be professionals who really understand whole PostgreSQL internals. And it is strange to hear it at the same time we don't allow users to do query hints since "optimizer does better" :-D Ok, I'd go and cool myself. Certainly I don't get some point.