postgres
diff --git a/‎src/backend/access/heap/heapam.c
+36-7 b/‎src/backend/access/heap/heapam.c
+36-7
diff --git a/‎src/backend/access/transam/xact.c
+18-8 b/‎src/backend/access/transam/xact.c
+18-8
diff --git a/‎src/backend/catalog/index.c
+9-2 b/‎src/backend/catalog/index.c
+9-2
diff --git a/‎src/backend/commands/event_trigger.c
-5 b/‎src/backend/commands/event_trigger.c
-5
diff --git a/‎src/backend/replication/logical/decode.c
+11-15 b/‎src/backend/replication/logical/decode.c
+11-15
diff --git a/‎src/backend/utils/cache/catcache.c
+4-3 b/‎src/backend/utils/cache/catcache.c
+4-3
@@ -6351,6 +6351,24 @@ heap_inplace_update_and_unlock(Relation relation,
 	if (oldlen != newlen || htup->t_hoff != tuple->t_data->t_hoff)
 		elog(ERROR, "wrong tuple length");
 
+	/*
+	 * Construct shared cache inval if necessary.  Note that because we only
+	 * pass the new version of the tuple, this mustn't be used for any
+	 * operations that could change catcache lookup keys.  But we aren't
+	 * bothering with index updates either, so that's true a fortiori.
+	 */
+	CacheInvalidateHeapTupleInplace(relation, tuple, NULL);
+
+	/*
+	 * Unlink relcache init files as needed.  If unlinking, acquire
+	 * RelCacheInitLock until after associated invalidations.  By doing this
+	 * in advance, if we checkpoint and then crash between inplace
+	 * XLogInsert() and inval, we don't rely on StartupXLOG() ->
+	 * RelationCacheInitFileRemove().  That uses elevel==LOG, so replay would
+	 * neglect to PANIC on EIO.
+	 */
+	PreInplace_Inval();
+
 	/* NO EREPORT(ERROR) from here till changes are logged */
 	START_CRIT_SECTION();
 
@@ -6394,17 +6412,28 @@ heap_inplace_update_and_unlock(Relation relation,
 		PageSetLSN(BufferGetPage(buffer), recptr);
 	}
 
+	LockBuffer(buffer, BUFFER_LOCK_UNLOCK);
+
+	/*
+	 * Send invalidations to shared queue.  SearchSysCacheLocked1() assumes we
+	 * do this before UnlockTuple().
+	 *
+	 * If we're mutating a tuple visible only to this transaction, there's an
+	 * equivalent transactional inval from the action that created the tuple,
+	 * and this inval is superfluous.
+	 */
+	AtInplace_Inval();
+
 	END_CRIT_SECTION();
+	UnlockTuple(relation, &tuple->t_self, InplaceUpdateTupleLock);
 
-	heap_inplace_unlock(relation, oldtup, buffer);
+	AcceptInvalidationMessages();	/* local processing of just-sent inval */
 
 	/*
-	 * Send out shared cache inval if necessary.  Note that because we only
-	 * pass the new version of the tuple, this mustn't be used for any
-	 * operations that could change catcache lookup keys.  But we aren't
-	 * bothering with index updates either, so that's true a fortiori.
-	 *
-	 * XXX ROLLBACK discards the invalidation.  See test inplace-inval.spec.
+	 * Queue a transactional inval.  The immediate invalidation we just sent
+	 * is the only one known to be necessary.  To reduce risk from the
+	 * transition to immediate invalidation, continue sending a transactional
+	 * invalidation like we've long done.  Third-party code might rely on it.
 	 */
 	if (!IsBootstrapProcessingMode())
 		CacheInvalidateHeapTuple(relation, tuple, NULL);
 
@@ -1358,14 +1358,24 @@ RecordTransactionCommit(void)
 
 		/*
 		 * Transactions without an assigned xid can contain invalidation
-		 * messages (e.g. explicit relcache invalidations or catcache
-		 * invalidations for inplace updates); standbys need to process those.
-		 * We can't emit a commit record without an xid, and we don't want to
-		 * force assigning an xid, because that'd be problematic for e.g.
-		 * vacuum.  Hence we emit a bespoke record for the invalidations. We
-		 * don't want to use that in case a commit record is emitted, so they
-		 * happen synchronously with commits (besides not wanting to emit more
-		 * WAL records).
+		 * messages.  While inplace updates do this, this is not known to be
+		 * necessary; see comment at inplace CacheInvalidateHeapTuple().
+		 * Extensions might still rely on this capability, and standbys may
+		 * need to process those invals.  We can't emit a commit record
+		 * without an xid, and we don't want to force assigning an xid,
+		 * because that'd be problematic for e.g. vacuum.  Hence we emit a
+		 * bespoke record for the invalidations. We don't want to use that in
+		 * case a commit record is emitted, so they happen synchronously with
+		 * commits (besides not wanting to emit more WAL records).
+		 *
+		 * XXX Every known use of this capability is a defect.  Since an XID
+		 * isn't controlling visibility of the change that prompted invals,
+		 * other sessions need the inval even if this transactions aborts.
+		 *
+		 * ON COMMIT DELETE ROWS does a nontransactional index_build(), which
+		 * queues a relcache inval, including in transactions without an xid
+		 * that had read the (empty) table.  Standbys don't need any ON COMMIT
+		 * DELETE ROWS invals, but we've not done the work to withhold them.
 		 */
 		if (nmsgs != 0)
 		{
 
@@ -2889,12 +2889,19 @@ index_update_stats(Relation rel,
 	if (dirty)
 	{
 		systable_inplace_update_finish(state, tuple);
-		/* the above sends a cache inval message */
+		/* the above sends transactional and immediate cache inval messages */
 	}
 	else
 	{
 		systable_inplace_update_cancel(state);
-		/* no need to change tuple, but force relcache inval anyway */
+
+		/*
+		 * While we didn't change relhasindex, CREATE INDEX needs a
+		 * transactional inval for when the new index's catalog rows become
+		 * visible.  Other CREATE INDEX and REINDEX code happens to also queue
+		 * this inval, but keep this in case rare callers rely on this part of
+		 * our API contract.
+		 */
 		CacheInvalidateRelcacheByTuple(tuple);
 	}
 
 
@@ -975,11 +975,6 @@ EventTriggerOnLogin(void)
 				 * this instead of regular updates serves two purposes. First,
 				 * that avoids possible waiting on the row-level lock. Second,
 				 * that avoids dealing with TOAST.
-				 *
-				 * Changes made by inplace update may be lost due to
-				 * concurrent normal updates; see inplace-inval.spec. However,
-				 * we are OK with that.  The subsequent connections will still
-				 * have a chance to set "dathasloginevt" to false.
 				 */
 				systable_inplace_update_finish(state, tuple);
 			}
 
@@ -508,23 +508,19 @@ heap_decode(LogicalDecodingContext *ctx, XLogRecordBuffer *buf)
 
 			/*
 			 * Inplace updates are only ever performed on catalog tuples and
-			 * can, per definition, not change tuple visibility.  Since we
-			 * don't decode catalog tuples, we're not interested in the
-			 * record's contents.
+			 * can, per definition, not change tuple visibility.  Inplace
+			 * updates don't affect storage or interpretation of table rows,
+			 * so they don't affect logicalrep_write_tuple() outcomes.  Hence,
+			 * we don't process invalidations from the original operation.  If
+			 * inplace updates did affect those things, invalidations wouldn't
+			 * make it work, since there are no snapshot-specific versions of
+			 * inplace-updated values.  Since we also don't decode catalog
+			 * tuples, we're not interested in the record's contents.
 			 *
-			 * In-place updates can be used either by XID-bearing transactions
-			 * (e.g.  in CREATE INDEX CONCURRENTLY) or by XID-less
-			 * transactions (e.g.  VACUUM).  In the former case, the commit
-			 * record will include cache invalidations, so we mark the
-			 * transaction as catalog modifying here. Currently that's
-			 * redundant because the commit will do that as well, but once we
-			 * support decoding in-progress relations, this will be important.
+			 * WAL contains likely-unnecessary commit-time invals from the
+			 * CacheInvalidateHeapTuple() call in heap_inplace_update().
+			 * Excess invalidation is safe.
 			 */
-			if (!TransactionIdIsValid(xid))
-				break;
-
-			(void) SnapBuildProcessChange(builder, xid, buf->origptr);
-			ReorderBufferXidSetCatalogChanges(ctx->reorder, xid, buf->origptr);
 			break;
 
 		case XLOG_HEAP_CONFIRM:
 
@@ -2288,7 +2288,8 @@ void
 PrepareToInvalidateCacheTuple(Relation relation,
 							  HeapTuple tuple,
 							  HeapTuple newtuple,
-							  void (*function) (int, uint32, Oid))
+							  void (*function) (int, uint32, Oid, void *),
+							  void *context)
 {
 	slist_iter	iter;
 	Oid			reloid;
@@ -2329,7 +2330,7 @@ PrepareToInvalidateCacheTuple(Relation relation,
 		hashvalue = CatalogCacheComputeTupleHashValue(ccp, ccp->cc_nkeys, tuple);
 		dbid = ccp->cc_relisshared ? (Oid) 0 : MyDatabaseId;
 
-		(*function) (ccp->id, hashvalue, dbid);
+		(*function) (ccp->id, hashvalue, dbid, context);
 
 		if (newtuple)
 		{
@@ -2338,7 +2339,7 @@ PrepareToInvalidateCacheTuple(Relation relation,
 			newhashvalue = CatalogCacheComputeTupleHashValue(ccp, ccp->cc_nkeys, newtuple);
 
 			if (newhashvalue != hashvalue)
-				(*function) (ccp->id, newhashvalue, dbid);
+				(*function) (ccp->id, newhashvalue, dbid, context);
 		}
 	}
 }
Original file line number	Diff line number	Diff line change
`@@ -2889,12 +2889,19 @@ index_update_stats(Relation rel,`
`2889`	`2889`	`if (dirty)`
`2890`	`2890`	`{`
`2891`	`2891`	`systable_inplace_update_finish(state, tuple);`
`2892`		`- /* the above sends a cache inval message */`
	`2892`	`+ /* the above sends transactional and immediate cache inval messages */`
`2893`	`2893`	`}`
`2894`	`2894`	`else`
`2895`	`2895`	`{`
`2896`	`2896`	`systable_inplace_update_cancel(state);`
`2897`		`- /* no need to change tuple, but force relcache inval anyway */`
	`2897`	`+`
	`2898`	`+ /*`
	`2899`	`+ * While we didn't change relhasindex, CREATE INDEX needs a`
	`2900`	`+ * transactional inval for when the new index's catalog rows become`
	`2901`	`+ * visible. Other CREATE INDEX and REINDEX code happens to also queue`
	`2902`	`+ * this inval, but keep this in case rare callers rely on this part of`
	`2903`	`+ * our API contract.`
	`2904`	`+ */`
`2898`	`2905`	`CacheInvalidateRelcacheByTuple(tuple);`
`2899`	`2906`	`}`
`2900`	`2907`
Original file line number	Diff line number	Diff line change
`@@ -2288,7 +2288,8 @@ void`
`2288`	`2288`	`PrepareToInvalidateCacheTuple(Relation relation,`
`2289`	`2289`	`HeapTuple tuple,`
`2290`	`2290`	`HeapTuple newtuple,`
`2291`		`- void (*function) (int, uint32, Oid))`
	`2291`	`+ void (function) (int, uint32, Oid, void ),`
	`2292`	`+ void *context)`
`2292`	`2293`	`{`
`2293`	`2294`	`slist_iter iter;`
`2294`	`2295`	`Oid reloid;`
`@@ -2329,7 +2330,7 @@ PrepareToInvalidateCacheTuple(Relation relation,`
`2329`	`2330`	`hashvalue = CatalogCacheComputeTupleHashValue(ccp, ccp->cc_nkeys, tuple);`
`2330`	`2331`	`dbid = ccp->cc_relisshared ? (Oid) 0 : MyDatabaseId;`
`2331`	`2332`
`2332`		`- (*function) (ccp->id, hashvalue, dbid);`
	`2333`	`+ (*function) (ccp->id, hashvalue, dbid, context);`
`2333`	`2334`
`2334`	`2335`	`if (newtuple)`
`2335`	`2336`	`{`
`@@ -2338,7 +2339,7 @@ PrepareToInvalidateCacheTuple(Relation relation,`
`2338`	`2339`	`newhashvalue = CatalogCacheComputeTupleHashValue(ccp, ccp->cc_nkeys, newtuple);`
`2339`	`2340`
`2340`	`2341`	`if (newhashvalue != hashvalue)`
`2341`		`- (*function) (ccp->id, newhashvalue, dbid);`
	`2342`	`+ (*function) (ccp->id, newhashvalue, dbid, context);`
`2342`	`2343`	`}`
`2343`	`2344`	`}`
`2344`	`2345`	`}`