Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vPXw6-006DYj-0R for pgsql-hackers@arkaria.postgresql.org; Sun, 30 Nov 2025 03:17:18 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1vPXw2-00FtMm-38 for pgsql-hackers@arkaria.postgresql.org; Sun, 30 Nov 2025 03:17:15 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vPXw2-00FtMW-1N for pgsql-hackers@lists.postgresql.org; Sun, 30 Nov 2025 03:17:14 +0000 Received: from out-180.mta1.migadu.com ([95.215.58.180]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vPXvy-002Lvq-23 for pgsql-hackers@lists.postgresql.org; Sun, 30 Nov 2025 03:17:13 +0000 Mime-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nmfay.com; s=key1; t=1764472627; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JG53rz/0FdHRp2W/pkasV+wYd/t8KnlnXC1OCicDE+8=; b=RdyllgRhDyHBoYR3CYpqOZbVpxF2lmYg3uaCDyGL+YYcKwzpzEQ5SsFXTHc1zZVNfWrI4b LRQXGNdRrUPPtgxJJX1QFkHVrw1a6xTvbXhV6lvze4cQkYCdpj6g9IkxcijEKB3mJCQYFF H54rRKUjAxmMHdYig3ZY9S2GY8d6TRcVI6VlbKdGhXoPgHH6/mOVOkSYW8ngW0eXWx2bxu MYPW2oPwWbIlkl3BrmaORzQqdzhtPuL7zdYEhb4WA89uI7zeGiFVv2WgH91e9yQND4Sr92 JBLnsacIUJIA6JS8n2UC3XWN/Pz+O9B9Y5DsYTjwnlxp3IH5fR3XV2lrz4PQ4A== Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Sat, 29 Nov 2025 22:16:44 -0500 Message-Id: Cc: "Matheus Alcantara" , "Jakub Wartak" , "PostgreSQL Hackers" Subject: Re: pg_plan_advice X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: "Dian Fay" To: "Robert Haas" References: In-Reply-To: X-Migadu-Flow: FLOW_OUT List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Mon Nov 24, 2025 at 11:14 AM EST, Robert Haas wrote: > On Sat, Nov 22, 2025 at 7:43=E2=80=AFPM Dian Fay wrote: >> Since the policies don't contain any execution boundaries, all the quals >> should be going into a single bucket for planning if I understand the >> process correctly. The bitmap heap scan should be a candidate given the >> `tags &&` predicate (and indeed if I switch to a privileged role, the >> advice matches successfully without any policies in the mix), but gdb >> shows the walker bouncing out of pgpa_walker_contains_scan without any >> candidate scans for the BITMAP_HEAP_SCAN strategy. > > In this particular case, I think the problem is that the user-supplied > qual item.tags @> ARRAY[id] is not leakproof and therefore must be > tested after the security qual. There's no way to use a Bitmap Heap > Scan without reversing the order of those tests. Right, I keep forgetting the functions underneath those array operators aren't leakproof. Thanks for digging. > And honestly, this is one of the things I'm worried about if we go > forward with this, that we'll get a ton of people who think it doesn't > work because it doesn't force the planner to do things which the > planner rejects on non-cost considerations. We're going to need really > good documentation to explain to people that if you use this to try to > force a plan and you can't, that's not a bug, that's the planner > telling you that that plan shape is not able to be considered for some > reason. Once we're closer to consensus on pg_plan_advice or something like it landing, I'm interested in helping out on this end of things!