Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1w4gLL-002RjH-2x for pgsql-hackers@arkaria.postgresql.org; Mon, 23 Mar 2026 14:33:24 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1w4gLK-000kAx-14 for pgsql-hackers@arkaria.postgresql.org; Mon, 23 Mar 2026 14:33:22 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1w4gLJ-000kAC-3C for pgsql-hackers@lists.postgresql.org; Mon, 23 Mar 2026 14:33:22 +0000 Received: from lahtoruutu.iki.fi ([185.185.170.37]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from ) id 1w4gLH-00000000daS-3mD5 for pgsql-hackers@lists.postgresql.org; Mon, 23 Mar 2026 14:33:21 +0000 Received: from [10.0.2.15] (unknown [130.41.208.1]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange x25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: hlinnaka) by lahtoruutu.iki.fi (Postfix) with ESMTPSA id 4ffbHr0KLKz49Q5V; Mon, 23 Mar 2026 16:33:11 +0200 (EET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1774276393; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ttchfRUc5WWMiZwe34QkpekNTWkomd1AjIkukZpuHXs=; b=uq6CjqJro/F3ANT2sfhiygCmR84JMVHHExceDPuEyEgMhJIRawaom2+ZbHsui++r7Bnq2m ujXvf59NUHNN2vqbn2cOtFCVdv+C/qDarLs3k7Yz4gdIZAB1vQ26aD+hDU6c5VJFcVN35s /mwLH+KuGoCW0zPz6WaUBFOk5LMtyDLFgy6SyZNfyvqk161yFb2HXY32jo9mBgkqDo7kSx T7r1m7YmbcXaA/Bpaav+67GXQD9K3RFVV6HDR5cpmqcGA813kSL6cdp6RZEpP84VavcJuq efY1Ad1vsgVdt8Cj7cPC7PCyT7PcAZmIAsLSkAGXzGhq8gFpOY5FSvAbdkvZBA== ARC-Seal: i=1; a=rsa-sha256; d=iki.fi; s=lahtoruutu; cv=none; t=1774276393; b=fLXPq0QWdtwKH/RVvCFMDPruGOcc8qGb2FAKg9EJZJHXzQ/vVIJU+HtStVA2zElg0pjenQ XLQrTmiHklnYhUF8AswvKbrr/zm2Kjh+2Lc0mcd5Wc22ajK1PRzvKVYPfPltibCWG+OOB2 qfi1KXcgX6LOgUWjTqL2KecuOejrXK6Ogtvqv28gKDJyHP/UpRfCtCdAoIXxQ5jtxZLlJw f2kukZTuJ+5yVaiRscUXR31SxwCnhblw2GTyvbNMT76AKL4TUrBWG22pH3q5OBUvmeh0c7 4WGCxZp4A9h0rxL8BRnOgyHu33f5zilAC2G7nqDmCWS4lOjVMTdTagMz0oGH5w== ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=hlinnaka smtp.mailfrom=hlinnaka@iki.fi ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1774276393; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ttchfRUc5WWMiZwe34QkpekNTWkomd1AjIkukZpuHXs=; b=F4/LE3XXe0GUhDsGD2RRES3gA2WZJ3Ru6ShOAtC5RsySeGsCBpWgkEOu8HPTNrxilOr3FC JO/9PT95mOP6g7IsvUrViZAOT45hpep1uDN1DJ2+AHPcTLO3cogyDExqeXlv1gqp7FM8pw EsSKGXW/u9rlIVvJyS76dYntDB2iSy2xDMPUSG8MSvlIsMGWFC36QHSbDf8aGmd4jjxiYk hS1QEk0Qj36iuMtBWzTlbNBUxVrTwXCkaoJue6hbIpiWgdHoDgS0SzqQTdURWbTuVPOAAd l0P2utcRvQAcujFUGpj3CKJkXDSglTveN4s+PmSLpp0GXf5zrI7pwd24g0GwUA== Message-ID: Date: Mon, 23 Mar 2026 16:33:10 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Avoid use of TopMemoryContext for resource owner cleanup in portals To: Lukas Fittl Cc: PostgreSQL Hackers , Andres Freund , Zsolt Parragi References: Content-Language: en-US From: Heikki Linnakangas In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 22/03/2026 17:23, Lukas Fittl wrote: > On Sun, Mar 22, 2026 at 5:40 AM Heikki Linnakangas wrote: >> >> On 21/03/2026 22:18, Lukas Fittl wrote: >>> >>> Whilst working on the stack-based instrumentation patch [0] which adds >>> a new resource owner that gets set up during a query's execution, I >>> encountered the following challenge: >>> >>> When allocating memory related to a resource, that is intended to be >>> accessed during resource owner cleanup on abort, one cannot use a >>> memory context that's below the active portal (e.g. the executor >>> context), but must instead chose a longer-lived context, often >>> TopMemoryContext. >> >> Yeah, resources managed by resource owners have their own lifecycle >> that's independent of memory contexts. > > FWIW, I don't think this is clearly documented today, so if that's the > consensus and we want to keep it that way, we could clarify the > resource owner README. +1 >>> If we separate out the freeing of this subsidiary portal memory to run >>> separately, after resource owner cleanup is done (0001 patch), we can >>> remove a handful of uses of TopMemoryContext from the tree in LLVM >>> JIT, WaitEventSet and OpenSSL (0002 patch, passes CI), and make it >>> much less likely that new resource owner code accidentally leaks >>> because it uses the top memory context and missed a pfree. >> >> It also makes it much more likely that you crash if you release the >> resource owner only after deleting the memory context. I don't think >> this is a good idea. > > Do you have a specific case where we intentionally do this today? > > It seems to me that the consistent coding pattern is that resource > owners do get cleaned up before the memory context in the happy path - > its just that the abort path has the out-of-order cleanup that occurs > with subsidiary memory contexts in a portal. > > FWIW, from some more research, that early free during abort was added > back in 395249ecbeaaf2f2, but it was one of several changes, and its > not clear to me if the change intentionally made the memory freed > before resource owner cleanup. I don't know if we intentionally cleanup memory vs resource owners in any particular order today, but life is easier if you don't have to do things in a particular order. >> I think it's a good rule that anything that's >> needed for resource owner cleanup must be allocated in TopMemoryContext, >> so that there's no hidden dependency between resource owners and memory >> contexts and you can release them in any order. (I'm not 100% sure we >> follow that rule everywhere today, but still) > > It just seems odd to me to require using TopMemoryContext for > short-lived memory - especially the fact that it requires doing > explicit pfree(..) for every allocation or you leak. For more complicated data structures associated with a resource tracked by a ResourceOwner, I'd recommend creating a dedicated memory context with TopMemoryContext as its parent. >>> It also happens to make things significantly easier for the >>> stack-based instrumentation patch, since we could rely on the executor >>> context to free memory allocations that need to be accessed during >>> abort (to propagate instrumentation data up the stack). >> >> Hmm, I'm not sure I follow. Do you plan to rely on resource owner >> cleanup to propagate the instrumentation data? That doesn't feel right >> to me. > > Indeed, that's what's currently being used (feedback certainly > welcome), since we don't want to lose instrumentation data during > aborts. Using resource owners for this purpose was previously > suggested by Andres, and it seems reasonable to me (since they can > also handle instrumentation situations outside of the executor), apart > from the memory management challenge. The alternative is introducing > explicit AtAbort helper functions that get called during > Abort(Sub)Transaction. I'll take a look at that thread and chime in there.. - Heikki