Обсуждение: BUG #8516: Calling VOLATILE from STABLE function
The following bug has been logged on the website: Bug reference: 8516 Logged by: Dwayne Towell Email address: dwayne@docketnavigator.com PostgreSQL version: 9.2.4 Operating system: CentOS Description: Why doesn't PostgreSQL give a warning when calling a volatile function from a stable function? For example: CREATE TABLE x (val double); CREATE FUNCTION g() RETURNS boolean AS $$ INSERT INTO x SELECT rand() RETURNING val>0.5; $$ LANGUAGE SQL VOLATILE; CREATE FUNCTION f() RETURNS boolean AS $$ SELECT g(); -- this is where the stability-violation happens $$ LANGUAGE SQL STABLE; -- this is a lie According to the documentation, f() should be marked VOLATILE also, since calling f() produces side effects. PostgreSQL does not give a warning (or better yet, an error); I think it should.
On Wed, Oct 9, 2013 at 08:58:46PM +0000, dwayne@docketnavigator.com wrote: > The following bug has been logged on the website: > > Bug reference: 8516 > Logged by: Dwayne Towell > Email address: dwayne@docketnavigator.com > PostgreSQL version: 9.2.4 > Operating system: CentOS > Description: > > Why doesn't PostgreSQL give a warning when calling a volatile function from > a stable function? > > > For example: > CREATE TABLE x (val double); > > > CREATE FUNCTION g() RETURNS boolean AS $$ > INSERT INTO x SELECT rand() RETURNING val>0.5; > $$ LANGUAGE SQL VOLATILE; > > > CREATE FUNCTION f() RETURNS boolean AS $$ > SELECT g(); -- this is where the stability-violation happens > $$ LANGUAGE SQL STABLE; -- this is a lie > > > According to the documentation, f() should be marked VOLATILE also, since > calling f() produces side effects. PostgreSQL does not give a warning (or > better yet, an error); I think it should. I think the answer is that function authors are required to prevent functions they mark as STABLE from calling VOLATILE functions. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + Everyone has their own god. +
On Thu, Oct 10, 2013 at 04:10:35PM -0700, Dwayne Towell wrote: > > According to the documentation, f() should be marked VOLATILE also, since > > calling f() produces side effects. PostgreSQL does not give a warning (or > > better yet, an error); I think it should. > > I think the answer is that function authors are required to prevent > functions they mark as STABLE from calling VOLATILE functions. > > -- > > I understand it's an error (at least usually), my question/issue is why does > PostgreSQL NOT give at least a warning when a programmer (probably > accidentally) calls a VOLATILE function in one that he has specifically > tagged as STABLE? The compiler has all the information to notify the > programmer of a mistake, but isn't. This violates a fundamental principle of > software engineering--take every opportunity to prevent errors. Well, we can't walk the function tree to know all called functions, and those they call, so we don't even try. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + Everyone has their own god. +
'Bruce Momjian' <bruce@momjian.us> writes: > Well, we can't walk the function tree to know all called functions, and > those they call, so we don't even try. Inter function dependencies is a hard topic indeed. I still would like to see some kind of progress being made someday. The general case is turing complete tho, because you can use EXECUTE against programatically generated SQL. You could even generate a CREATE FUNCTION command from within a PL function and EXECUTE it then call the created function=E2=80=A6 and I think= I've seen people do that in the past. Still some kind of limited in scope static analysis for the cases where it's possible to do so would be great. With pg_depend tracking so that you know you're doing something wrong at DROP FUNCTION time. Regards, --=20 Dimitri Fontaine http://2ndQuadrant.fr PostgreSQL : Expertise, Formation et Support
Terje Elde <terje@elde.net> writes: > Would it be possible (and make sense) to solve this in a completely different way, not walking the function tree or doingstatic analysis, but simply setting and checking a bit during execution? While it's possible that we could do something like that, I think it's fairly unlikely that we would. The reason is that it would disable constructs that some people find useful; that is, sometimes it's intentional that a stable function calls a volatile one. A couple of examples: 1. You might want to make some database updates but continue to do queries with a pre-update snapshot. A single function can't accomplish that, but the combination of a stable outer function with a volatile update function can. 2. A security checking function (for use with Veil or the proposed row security feature) might wish to log accesses without denying them. To do that it'd have to be volatile, so if we had a restriction like this the function would fail when invoked within a stable function. You can imagine various ways around such issues, but it would add a lot of complication. regards, tom lane
> According to the documentation, f() should be marked VOLATILE also, since > calling f() produces side effects. PostgreSQL does not give a warning (or > better yet, an error); I think it should. I think the answer is that function authors are required to prevent functions they mark as STABLE from calling VOLATILE functions. -- I understand it's an error (at least usually), my question/issue is why does PostgreSQL NOT give at least a warning when a programmer (probably accidentally) calls a VOLATILE function in one that he has specifically tagged as STABLE? The compiler has all the information to notify the programmer of a mistake, but isn't. This violates a fundamental principle of software engineering--take every opportunity to prevent errors. Dwayne