Обсуждение: UPDATE is not allowed in a non-volatile function
Hi all, I missed the discussion on hacker about this, and I'd like to give my HO. The fact that a non-volatile function can not perform update is a good improvement but on the other side will limit too much if I know what I'm doing. I did a sort of Lookup framework and this is extensively used in my project. The core is a "read" function that retrieve data from a very huge table. I declared the "read" function as "STABLE" this because each call with the same argument will return always the same value. For performances reason this "read" function first look in a little table (lt) that is used as a first level cache, if the data is not found then the function retrieve the data from the big one (bt) and replace the oldest required row in the lt. As you can understand I have to update lt in order to perform my replace policy. The "read" is often used inside other "STABLE" function. Not being able to declare "read" as STABLE I have to modify the function caller as well... :-( C++ have the same "problem": a const function can not modify the internal status of an object (that is great), however C++ permit to declare some internal status as "mutable" in this way a non-const function is able to modify status marked as mutable. ( For example you need to count how many time a const function was called ). I think a clean solution is be able to declare a table as "mutable" as well. Am I completely wrong or out of mind ? Regards Gaetano Mendola
Gaetano Mendola <mendola@bigfoot.com> writes: > The fact that a non-volatile function can not perform > update is a good improvement but on the other side will > limit too much if I know what I'm doing. I've got zero sympathy for this argument. It's been documented right along that functions with side-effects must be marked volatile. You don't have a lot of room to complain because 8.0 started to enforce that. In practice you can circumvent the restriction by splitting the function in two (ie, there is no check that a nonvolatile function doesn't call any volatile functions). So if you insist on sticking with an unsafe application design, you can do it with relatively localized changes. regards, tom lane
Tom Lane wrote: > Gaetano Mendola <mendola@bigfoot.com> writes:>>> The fact that a non-volatile function can not perform>> update is a goodimprovement but on the other side will>> limit too much if I know what I'm doing.>>>> I've got zero sympathy for thisargument. It's been documented right> along that functions with side-effects must be marked volatile. You> don't havea lot of room to complain because 8.0 started to enforce that. > In practice you can circumvent the restriction by splitting the> function in two (ie, there is no check that a nonvolatilefunction> doesn't call any volatile functions). So if you insist on sticking> with an unsafe application design,you can do it with relatively> localized changes. I do not consider my design as "unsafe", this is for example how a cache works: expose a "read" without side effect but updating internal statistics. After all the read will not alter the data that it expose but other data that the user even don't know the existence. However I think that "that missing check" is "unsafe" and jeopardize the effort to avoid a wrong user design. Having say that I'm happy to know that what I did will continue to work splitting the function in two parts. Regards Gaetano Mendola
Gaetano, > > I do not consider my design as "unsafe", this is for example how a > cache works: expose a "read" without side effect but updating internal > statistics. After all the read will not alter the data that it expose > but other data that the user even don't know the existence. > > However I think that "that missing check" is "unsafe" and jeopardize the > effort to avoid a wrong user design. > > Having say that I'm happy to know that what I did will continue to work > splitting the function in two parts. > I think Gaetano has a point but I consider the solution somewhat kludgy. The Rationale for my opinion is that since there is a need to accomplish what Gaetano needs, there should be declarative power to express it and thus, prevent "unsafe" designs. We need a way to declare a function "stable with no _intrusive_ side effects". It's far better to explicitly state this then to rely on a flaw of the current function calling mechanism. The current read-only status, maintained and passed to the SPI execute functions by function developers themselves, is not good enough. There are two main reasons for this: a) Nesting is not accounted for. The correct behavior should be to block all nested volatile calls as soon as a function declared non-volatile is called. I can of course enforce this within the PL/Java domain but I have no control over functions written in other languages. b) The responsability to maintain the read-only flag should not be pushed onto the function developers. It's fully possible for the PostgreSQL calling mechanism to maintain some global structure that is updated prior to calling functions and then for the SPI functions to consult that structure. Regards, Thomas Hallgren
Thomas Hallgren <thhal@mailblocks.com> writes: > The Rationale for my opinion is that since there is a need to accomplish > what Gaetano needs, there should be declarative power to express it and > thus, prevent "unsafe" designs. We need a way to declare a function > "stable with no _intrusive_ side effects". What you think is non-intrusive may not be so at the database's level. regards, tom lane
Tom, >What you think is non-intrusive may not be so at the database's level. > > I know. But thats not my point. Look at this this way: I'd like to declare a function STABLE. And I'd like to trust that declaration 100%. So a stable function must *never* call a function that is VOLATILE. Not directly and not implicit through nesting. I think we agree that the current way of enforcing that protection can't be trusted. As a function developer you really need to know what you are doing and take great care not to call a volatile function from within a stable or immutable function. The system won't protect you at all. My suggestion is first and foremost an attempt to enforce the procection and make the STABLE declaration really mean something so that all users can benefit from this and be able to rely on the concept. So far, no mention of non-intrusive. I'd really like your opinion on this part as a separate issue. Now, some people, like Gaetano, might want to go further and do things that are beyond what PostgreSQL can provide 100% protection for. They *want* to take on the responsability themselves. That's where my new function characteristic with "non-intrusive" comes in. I admitt that "non-intrusive" might be a bad term for this. What I mean is a characteristic that overrides my suggested 100% reliable interpretation of STABLE. This characteristic is not intended for the everyday function developer and should be documented as such. Regards, Thomas Hallgren
On Wednesday 03 November 2004 18:06, Thomas Hallgren wrote: > Tom, > > >What you think is non-intrusive may not be so at the database's level. > > I know. But thats not my point. Look at this this way: > > I'd like to declare a function STABLE. And I'd like to trust that > declaration 100%. So a stable function must *never* call a function that > is VOLATILE. Not directly and not implicit through nesting. > > I think we agree that the current way of enforcing that protection can't > be trusted. As a function developer you really need to know what you are > doing and take great care not to call a volatile function from within a > stable or immutable function. The system won't protect you at all. > I think the guidelines are fairly clear on what types of functions should be declared with which types. But the key is that these are guidelines, not hard and fast rules, since there may be times when you need to ignore them. > My suggestion is first and foremost an attempt to enforce the procection > and make the STABLE declaration really mean something so that all users > can benefit from this and be able to rely on the concept. So far, no > mention of non-intrusive. I'd really like your opinion on this part as a > separate issue. > "users" shouldn't care. the function developer should determine the details and "users" shouldn't have to think about it. > Now, some people, like Gaetano, might want to go further and do things > that are beyond what PostgreSQL can provide 100% protection for. They > *want* to take on the responsability themselves. That's where my new > function characteristic with "non-intrusive" comes in. I admitt that > "non-intrusive" might be a bad term for this. What I mean is a > characteristic that overrides my suggested 100% reliable interpretation > of STABLE. This characteristic is not intended for the everyday function > developer and should be documented as such. > Well, personally I prefered the way thing worked in 7.4, but I'm willing to live with the 8.x method. If you forcibly prevent the work around though, you better provide a work around, and if that mean a fourth function type I could live with that; it's certainly better than marking these types of functions volitile, which is a non-starter in my application. -- Robert Treat Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
Robert, >I think the guidelines are fairly clear on what types of functions should be >declared with which types. But the key is that these are guidelines, not hard >and fast rules, since there may be times when you need to ignore them. > > In 7.4 they where indeed guidelines. In 8.x the semantics of the function attribute are meant to be enforced. I quote Tom from this thread: "You don't have a lot of room to complain because 8.0 started to enforce that.". >"users" shouldn't care. the function developer should determine the details >and "users" shouldn't have to think about it. > > The "user" in this context, is the user of the function attribute, i.e. the function developer. Sorry if I was unclear. >Well, personally I prefered the way thing worked in 7.4, but I'm willing to >live with the 8.x method. If you forcibly prevent the work around though, >you better provide a work around, and if that mean a fourth function type I >could live with that; it's certainly better than marking these types of >functions volitile, which is a non-starter in my application. > > Right, I also preferred 7.4 since I consider it less ambiguous then the current solution. But a much better solution is just around the corner and it would be unfortunate if some fairly rare scenarios are used as an argument to prevent it. Especially since those scenarios can be easily catered for by introducing a fourth type. Regards, Thomas Hallgren
Tom Lane wrote:> Thomas Hallgren <thhal@mailblocks.com> writes:>>>The Rationale for my opinion is that since there is a needto accomplish>>what Gaetano needs, there should be declarative power to express it and>>thus, prevent "unsafe" designs.We need a way to declare a function>>"stable with no _intrusive_ side effects".>>> What you think is non-intrusivemay not be so at the database's level.> Right, but the actual solution is far from be the good one. If you claim that an immutable function "must not" do update because otherwise the database could be in a inconsisten status, then we are in trouble permitting a non-immutable function to be called by an "immutable" one. I like see postgres stable as always was till now and I prefer seen my code completelly broken than see someone call a non-immutable function inside a "immutable" one and claim on this list that he lost data. I think a clean solution is enforce the check between functions call ( I prefer even only this one), and at the same time provide a "mutable" attribute for tables ( a mutable table can be updated even inside an immutable contest ). Regards Gaetano Mendola
Tom Lane wrote: > Gaetano Mendola <mendola@bigfoot.com> writes: > >>The fact that a non-volatile function can not perform >>update is a good improvement but on the other side will >>limit too much if I know what I'm doing. > > > I've got zero sympathy for this argument. It's been documented right > along that functions with side-effects must be marked volatile. You > don't have a lot of room to complain because 8.0 started to enforce that. > In practice you can circumvent the restriction by splitting the > function in two (ie, there is no check that a nonvolatile function > doesn't call any volatile functions). So if you insist on sticking > with an unsafe application design, you can do it with relatively > localized changes. I do not consider my design as "unsafe", this is for example how a cache works: expose a "read" without side effect but updating internal statistics. After all the read will not alter the data that it expose but other data that the user even don't know the existence. However I think that "that missing check" is "unsafe" and jeopardize the effort to avoid a wrong user design. Having say that I'm happy to know that what I did will continue to work splitting the function in two parts. Regards Gaetano Mendola