Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1w4KfI-0025sV-1U
	for pgsql-hackers@arkaria.postgresql.org;
	Sun, 22 Mar 2026 15:24:32 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1w4KfG-00DXw6-2m
	for pgsql-hackers@arkaria.postgresql.org;
	Sun, 22 Mar 2026 15:24:31 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <lukas@fittl.com>)
	id 1w4KfG-00DXvx-1h
	for pgsql-hackers@lists.postgresql.org;
	Sun, 22 Mar 2026 15:24:30 +0000
Received: from mail-qv1-xf30.google.com ([2607:f8b0:4864:20::f30])
	by magus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.98.2)
	(envelope-from <lukas@fittl.com>)
	id 1w4KfD-00000000VvU-34Pz
	for pgsql-hackers@lists.postgresql.org;
	Sun, 22 Mar 2026 15:24:30 +0000
Received: by mail-qv1-xf30.google.com with SMTP id
 6a1803df08f44-89a000f5adeso37693336d6.3
        for <pgsql-hackers@lists.postgresql.org>;
 Sun, 22 Mar 2026 08:24:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1774193066; cv=none;
        d=google.com; s=arc-20240605;
        b=FDq9zTGewuZ+Zw2iT8rvo5VkPlb3taF2S4kydEHTjIYnRkcxTqaO6ZIHmLJCN+WS0N
         HDxFWWMIyJPIP3HMUIfi9V9vsnYT1O8iJZbprhDXOZwsj5JiWiaBw+7GzzJDtE81wyxJ
         E4FGIB7wISkKsMII3AY6oDu4t6yp7T5ZNFB/z34VSYO3pje5Sw4MXbXj/woAPp0msoi6
         ZaUZfdbfgKe6Gk0hgcGQSN1KElSeazpncIjGWxY4x9LuHnIMywxAN4IA51VwFf/VHWfm
         iaETUmuoAu8OrnFr7V8Guci4XOOybL7zZCSW8nzy3xiooKYAKLZmtxSh2m7AUJTkptJU
         hGSQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=9c+36hKUbgNc+ymvnN911MewQgZ7JCzMwEWdOEUa77U=;
        fh=BwrvwzxqYkmdiQY/3gWLExWJvCqXbYNN3zkHNfq8KTc=;
        b=Lyq4WZC94X84mOzqegZgt70mWeWkkX79y0ml59/gxuPIshUFqQ/81kFAdvyUS5D1kz
         H6M2dHiP5YPOnLdmWiaMOgydDK9rbowlS/qFKUhNQwbRiMNXsLbGHrlGcogCgJPCvpBP
         YmR5iDfHAzp6UGtomrRryyZLjGvNYbDMmaslPCf/imlEacFBsCsYp3Cuh5XUQfJ5jZJk
         cuk6W9nQfVH5qBOKPh5mfRAKiyHXpTofOGej0Sy0dNLQENjh3b05Xut0uz8yTlT00dXy
         EyR1l3EYd6g50RnK+bYHRjnI6ASbUDy04fY0nHYUmcDkDGf8N8jgF2W9y29qTzKgzD5R
         zxcw==;
        darn=lists.postgresql.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=fittl.com; s=google; t=1774193066; x=1774797866;
 darn=lists.postgresql.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=9c+36hKUbgNc+ymvnN911MewQgZ7JCzMwEWdOEUa77U=;
        b=cxEj2FIMfXYOlNRtBbsQzbE+O+QazHNaz0GKdEd8GJvW4v30Hqn2Y4AnPyFt7DE7Kd
         7WJyHVIechf/cn8kWpiLCQznJBPdKBdIXn0hbTuQ8gQwOJ6EexQxasb7sCGSeuox2akQ
         PuavgMVrgrmatQLEPH+5gY5anG9N7WFjBV61E=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1774193066; x=1774797866;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=9c+36hKUbgNc+ymvnN911MewQgZ7JCzMwEWdOEUa77U=;
        b=jzWgqEEmySL1Ycu6YqmSi7IzJfYrz8N7LtCV7xLgZzbwLCy/GbcIVSvsjYEd72I/Lj
         bMa8sqfVtdC1+YN4jikirhviWgB6rR/K6uSIQgcAwCLpfEBJJ0Lt+h5QTcHt5jxr7M5X
         xdLb1NO4qeDSE6yK8cw1Ck9xFTz81L+eJZlM5aWTXu2S7OCdLOYWO2mwqQ1MUvbV+vdN
         FM0AShySvWzYJGoeVa3A1iEqi9Zec8U8Js3fUleULj2b7RcYqIck1Pbtn59KuRvdBKhl
         JJa6THfpFwyNqEg5sJkqsxYineGC00yRqwudL7dZCmeJh4sVLLWp6dFw71TebivLDI5L
         WLsw==
X-Gm-Message-State: AOJu0YzJT7k3oa7rpJNfZv9Bx/CFutQ8fFUoZfXMKqsKCNsYqHsueyuf
	AaqDxXq7ZHEcMG9xJNCeoKsBWBNVBr6LMbZ6GnOHfkoiOJih/Q9hGjSqAzVwyhPMsf72bGB1Koq
	R44Ey/J9p28JRVVSJsJlqniUpWSt5/7k4ECW5gmIe
X-Gm-Gg: ATEYQzwYwhdfRELCtwsWXq+AEDxsaIbtXYSVhEDo30YBIZzgWD1frbr3ZTYI2jkmigL
	5Py2r9uWdOmoOf5EFYhw1bbyt89rKL160mheVmkbhzxlsI2of8WiZcYp66MS2kUoan899Vfu8/j
	NWrU9uMQ4OVQntIwy3rFal+T1uEOEH4KaQ6uD2gj/Ca3b0v/1PNIWOo5RKP8szAa82UhMVNgOYS
	ifhu8Ww9kLVeG0RmB6+qgQkBvdjttc4U1JQZsuqCwIyFTQi9VMaHoJqFB/WFDa9mrkTV85P1xvO
	++XDL8zL3MI6hDi7aT3JdIQmY9gpzdAbq32g+nFh
X-Received: by 2002:a05:6214:d68:b0:89c:8cc8:7c67 with SMTP id
 6a1803df08f44-89c8cc882aemr125784496d6.21.1774193065678; Sun, 22 Mar 2026
 08:24:25 -0700 (PDT)
MIME-Version: 1.0
References: 
 <CAP53PkxfZu+WgeAC+1BybrS6asH+S_D1Nk5onq7Js5YDFZraJQ@mail.gmail.com>
 <a3197b31-f40d-4164-872d-906d8e9b374a@iki.fi>
In-Reply-To: <a3197b31-f40d-4164-872d-906d8e9b374a@iki.fi>
From: Lukas Fittl <lukas@fittl.com>
Date: Sun, 22 Mar 2026 08:23:49 -0700
X-Gm-Features: AaiRm51HXAil8M1buHOj7dvvQW0E7VW7Eqt-4zXnx_6dMeeV89Du8G-Ev1cjQaw
Message-ID: 
 <CAP53PkwP-OkMdVLY6ph8WpdC0QQCMmehYOOQPie7bF5jnPA5pA@mail.gmail.com>
Subject: Re: Avoid use of TopMemoryContext for resource owner cleanup in
 portals
To: Heikki Linnakangas <hlinnaka@iki.fi>
Cc: PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>,
 Andres Freund <andres@anarazel.de>,
	Zsolt Parragi <zsolt.parragi@percona.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/CAP53PkwP-OkMdVLY6ph8WpdC0QQCMmehYOOQPie7bF5jnPA5pA%40mail.gmail.com>
Precedence: bulk

Hi Heikki,

Thanks for taking a look!

On Sun, Mar 22, 2026 at 5:40=E2=80=AFAM Heikki Linnakangas <hlinnaka@iki.fi=
> wrote:
>
> On 21/03/2026 22:18, Lukas Fittl wrote:
> >
> > Whilst working on the stack-based instrumentation patch [0] which adds
> > a new resource owner that gets set up during a query's execution, I
> > encountered the following challenge:
> >
> > When allocating memory related to a resource, that is intended to be
> > accessed during resource owner cleanup on abort, one cannot use a
> > memory context that's below the active portal (e.g. the executor
> > context), but must instead chose a longer-lived context, often
> > TopMemoryContext.
>
> Yeah, resources managed by resource owners have their own lifecycle
> that's independent of memory contexts.

FWIW, I don't think this is clearly documented today, so if that's the
consensus and we want to keep it that way, we could clarify the
resource owner README.

> > If we separate out the freeing of this subsidiary portal memory to run
> > separately, after resource owner cleanup is done (0001 patch), we can
> > remove a handful of uses of TopMemoryContext from the tree in LLVM
> > JIT, WaitEventSet and OpenSSL (0002 patch, passes CI), and make it
> > much less likely that new resource owner code accidentally leaks
> > because it uses the top memory context and missed a pfree.
>
> It also makes it much more likely that you crash if you release the
> resource owner only after deleting the memory context. I don't think
> this is a good idea.

Do you have a specific case where we intentionally do this today?

It seems to me that the consistent coding pattern is that resource
owners do get cleaned up before the memory context in the happy path -
its just that the abort path has the out-of-order cleanup that occurs
with subsidiary memory contexts in a portal.

FWIW, from some more research, that early free during abort was added
back in 395249ecbeaaf2f2, but it was one of several changes, and its
not clear to me if the change intentionally made the memory freed
before resource owner cleanup.

> I think it's a good rule that anything that's
> needed for resource owner cleanup must be allocated in TopMemoryContext,
> so that there's no hidden dependency between resource owners and memory
> contexts and you can release them in any order. (I'm not 100% sure we
> follow that rule everywhere today, but still)

It just seems odd to me to require using TopMemoryContext for
short-lived memory - especially the fact that it requires doing
explicit pfree(..) for every allocation or you leak.

> > It also happens to make things significantly easier for the
> > stack-based instrumentation patch, since we could rely on the executor
> > context to free memory allocations that need to be accessed during
> > abort (to propagate instrumentation data up the stack).
>
> Hmm, I'm not sure I follow. Do you plan to rely on resource owner
> cleanup to propagate the instrumentation data? That doesn't feel right
> to me.

Indeed, that's what's currently being used (feedback certainly
welcome), since we don't want to lose instrumentation data during
aborts. Using resource owners for this purpose was previously
suggested by Andres, and it seems reasonable to me (since they can
also handle instrumentation situations outside of the executor), apart
from the memory management challenge. The alternative is introducing
explicit AtAbort helper functions that get called during
Abort(Sub)Transaction.

Thanks,
Lukas

--=20
Lukas Fittl