Don't CHECK_FOR_INTERRUPTS between WaitLatch and ResetLatch.

tglsfdc · tglsfdc · commit 887feefe87b9 · 2016-08-01T15:13:53.000-04:00
This coding pattern creates a race condition, because if an interesting interrupt happens after we've checked InterruptPending but before we reset our latch, the latch-setting done by the signal handler would get lost, and then we might block at WaitLatch in the next iteration without ever noticing the interrupt condition. You can put the CHECK_FOR_INTERRUPTS before WaitLatch or after ResetLatch, but not between them. Aside from fixing the bugs, add some explanatory comments to latch.h to perhaps forestall the next person from making the same mistake. In HEAD, also replace gather_readnext's direct call of HandleParallelMessages with CHECK_FOR_INTERRUPTS. It does not seem clean or useful for this one caller to bypass ProcessInterrupts and go straight to HandleParallelMessages; not least because that fails to consider the InterruptPending flag, resulting in useless work both here (if InterruptPending isn't set) and in the next CHECK_FOR_INTERRUPTS call (if it is). This thinko seems to have been introduced in the initial coding of storage/ipc/shm_mq.c (commit ec9037d), and then blindly copied into all the subsequent parallel-query support logic. Back-patch relevant hunks to 9.4 to extirpate the error everywhere. Discussion: <1661.1469996911@sss.pgh.pa.us>
diff --git a/src/backend/executor/nodeGather.c b/src/backend/executor/nodeGather.c
@@ -330,8 +330,8 @@ gather_readnext(GatherState *gatherstate)
 		HeapTuple	tup;
 		bool		readerdone;
 
-		/* Make sure we've read all messages from workers. */
-		HandleParallelMessages();
+		/* Check for async events, particularly messages from workers. */
+		CHECK_FOR_INTERRUPTS();
 
 		/* Attempt to read a tuple, but don't block if none is available. */
 		reader = gatherstate->reader[gatherstate->nextreader];
@@ -388,7 +388,6 @@ gather_readnext(GatherState *gatherstate)
 
 			/* Nothing to do except wait for developments. */
 			WaitLatch(MyLatch, WL_LATCH_SET, 0);
-			CHECK_FOR_INTERRUPTS();
 			ResetLatch(MyLatch);
 			nvisited = 0;
 		}
diff --git a/src/backend/libpq/pqmq.c b/src/backend/libpq/pqmq.c
@@ -172,8 +172,8 @@ mq_putmessage(char msgtype, const char *s, size_t len)
 			break;
 
 		WaitLatch(&MyProc->procLatch, WL_LATCH_SET, 0);
-		CHECK_FOR_INTERRUPTS();
 		ResetLatch(&MyProc->procLatch);
+		CHECK_FOR_INTERRUPTS();
 	}
 
 	pq_mq_busy = false;
diff --git a/src/backend/storage/ipc/shm_mq.c b/src/backend/storage/ipc/shm_mq.c
@@ -896,11 +896,11 @@ shm_mq_send_bytes(shm_mq_handle *mqh, Size nbytes, const void *data,
 			 */
 			WaitLatch(MyLatch, WL_LATCH_SET, 0);
 
-			/* An interrupt may have occurred while we were waiting. */
-			CHECK_FOR_INTERRUPTS();
-
 			/* Reset the latch so we don't spin. */
 			ResetLatch(MyLatch);
+
+			/* An interrupt may have occurred while we were waiting. */
+			CHECK_FOR_INTERRUPTS();
 		}
 		else
 		{
@@ -993,11 +993,11 @@ shm_mq_receive_bytes(shm_mq *mq, Size bytes_needed, bool nowait,
 		 */
 		WaitLatch(MyLatch, WL_LATCH_SET, 0);
 
-		/* An interrupt may have occurred while we were waiting. */
-		CHECK_FOR_INTERRUPTS();
-
 		/* Reset the latch so we don't spin. */
 		ResetLatch(MyLatch);
+
+		/* An interrupt may have occurred while we were waiting. */
+		CHECK_FOR_INTERRUPTS();
 	}
 }
 
@@ -1092,11 +1092,11 @@ shm_mq_wait_internal(volatile shm_mq *mq, PGPROC *volatile * ptr,
 		/* Wait to be signalled. */
 		WaitLatch(MyLatch, WL_LATCH_SET, 0);
 
-		/* An interrupt may have occurred while we were waiting. */
-		CHECK_FOR_INTERRUPTS();
-
 		/* Reset the latch so we don't spin. */
 		ResetLatch(MyLatch);
+
+		/* An interrupt may have occurred while we were waiting. */
+		CHECK_FOR_INTERRUPTS();
 	}
 
 	return result;
diff --git a/src/include/storage/latch.h b/src/include/storage/latch.h
@@ -52,6 +52,22 @@
  * do. Otherwise, if someone sets the latch between the check and the
  * ResetLatch call, you will miss it and Wait will incorrectly block.
  *
+ * Another valid coding pattern looks like:
+ *
+ * for (;;)
+ * {
+ *	   if (work to do)
+ *		   Do Stuff(); // in particular, exit loop if some condition satisfied
+ *	   WaitLatch();
+ *	   ResetLatch();
+ * }
+ *
+ * This is useful to reduce latch traffic if it's expected that the loop's
+ * termination condition will often be satisfied in the first iteration;
+ * the cost is an extra loop iteration before blocking when it is not.
+ * What must be avoided is placing any checks for asynchronous events after
+ * WaitLatch and before ResetLatch, as that creates a race condition.
+ *
  * To wake up the waiter, you must first set a global flag or something
  * else that the wait loop tests in the "if (work to do)" part, and call
  * SetLatch *after* that. SetLatch is designed to return quickly if the
diff --git a/src/test/modules/test_shm_mq/setup.c b/src/test/modules/test_shm_mq/setup.c
@@ -281,11 +281,11 @@ wait_for_workers_to_become_ready(worker_state *wstate,
 		/* Wait to be signalled. */
 		WaitLatch(MyLatch, WL_LATCH_SET, 0);
 
-		/* An interrupt may have occurred while we were waiting. */
-		CHECK_FOR_INTERRUPTS();
-
 		/* Reset the latch so we don't spin. */
 		ResetLatch(MyLatch);
+
+		/* An interrupt may have occurred while we were waiting. */
+		CHECK_FOR_INTERRUPTS();
 	}
 
 	if (!result)
diff --git a/src/test/modules/test_shm_mq/test.c b/src/test/modules/test_shm_mq/test.c
@@ -231,8 +231,8 @@ test_shm_mq_pipelined(PG_FUNCTION_ARGS)
 			 * for us to do.
 			 */
 			WaitLatch(MyLatch, WL_LATCH_SET, 0);
-			CHECK_FOR_INTERRUPTS();
 			ResetLatch(MyLatch);
+			CHECK_FOR_INTERRUPTS();
 		}
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -172,8 +172,8 @@ mq_putmessage(char msgtype, const char *s, size_t len)`
`172`	`172`	`break;`
`173`	`173`
`174`	`174`	`WaitLatch(&MyProc->procLatch, WL_LATCH_SET, 0);`
`175`		`- CHECK_FOR_INTERRUPTS();`
`176`	`175`	`ResetLatch(&MyProc->procLatch);`
	`176`	`+ CHECK_FOR_INTERRUPTS();`
`177`	`177`	`}`
`178`	`178`
`179`	`179`	`pq_mq_busy = false;`
Original file line number	Diff line number	Diff line change
`@@ -231,8 +231,8 @@ test_shm_mq_pipelined(PG_FUNCTION_ARGS)`
`231`	`231`	`* for us to do.`
`232`	`232`	`*/`
`233`	`233`	`WaitLatch(MyLatch, WL_LATCH_SET, 0);`
`234`		`- CHECK_FOR_INTERRUPTS();`
`235`	`234`	`ResetLatch(MyLatch);`
	`235`	`+ CHECK_FOR_INTERRUPTS();`
`236`	`236`	`}`
`237`	`237`	`}`
`238`	`238`