Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vfy8U-006anm-0L for pgsql-hackers@arkaria.postgresql.org; Wed, 14 Jan 2026 10:29:58 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1vfy8R-009l5I-2z for pgsql-hackers@arkaria.postgresql.org; Wed, 14 Jan 2026 10:29:56 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vfy8R-009l59-1S for pgsql-hackers@lists.postgresql.org; Wed, 14 Jan 2026 10:29:55 +0000 Received: from mail-lj1-x234.google.com ([2a00:1450:4864:20::234]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1vfy8J-000MSe-1q for pgsql-hackers@lists.postgresql.org; Wed, 14 Jan 2026 10:29:49 +0000 Received: by mail-lj1-x234.google.com with SMTP id 38308e7fff4ca-38305d006faso59552431fa.3 for ; Wed, 14 Jan 2026 02:29:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768386585; x=1768991385; darn=lists.postgresql.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=L4ic5kB5RDQU/KcTTZ+/D4os/3doQ6Occ52nhQ0vwL8=; b=CWSq9PN4losBqCMHDsL/D74ruDPSJ5S27Oi2VC2KVGNGfMWZiQs5n7Iju5Rj6scI9r PrkslgolfaT6m+u+rxH6EJxz1Dd8EwJustWzVczHKcC+BMsgtSfGcwjxfqzoXu8xG7VO eSbZ7KKAqNzxylI3rKa4b63aLVkRsp9evjtaXnR+tzcPrh49C51owGrwTtUaxW8oOnqR wILhfs5+HBoIpcxvBNQqCYAVPn3k5Umv9b9TggA1N7Y7XKINS1FinapBXg98N/F7FDl8 jxUP+NWzzdPM7BpzKsEKLeqMoLPGk3UUUPp0cT5HacK+Pk8jMjouJQLkLo2lY2zsNmew +oRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768386585; x=1768991385; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=L4ic5kB5RDQU/KcTTZ+/D4os/3doQ6Occ52nhQ0vwL8=; b=mDBcpDZS2jPbO4AbXaqI9a30tlUaIe/nmUxe9/CEAuKjH12Mpt3dWduL6T2aNCVEwH shIniaZrMCsGqvGm33G/Gih0ilfGtJqnK7pdWF5aC9wNEYM0szbSo7THVF8haW61xa6V pUZzfEdRF/2rSS3vef80gFSDxdmHky8unwqDxcZW8ZBWtmIascN6A2j/T/pFoW52K4UB 4fKJxElPwtB6S0K94L4ydgmz7Nq9AGu1NLE6xktwXbXzxQJPdzjwmntRVy4O3UmuyZbZ MplwkFs1DUs3XTDyJnDZqztj7xLJRZpqZz3qNyMRU1NkvY7OhBwApvR487R3kTn/r6Uu nGfw== X-Forwarded-Encrypted: i=1; AJvYcCUyb8sSBjezhmpHHFLerqFapKJPvFr5kVdEHygyRchpLttJWQWsFmRqaxR21v5NjgTnlrdgZSP/MUnIWAW1@lists.postgresql.org X-Gm-Message-State: AOJu0YypND2uv3NqNNEV+VuwRtJYu82nQ5JcVYY+9Qm7xv8X+dsGI0+V hMXDti7IM0OcMEBqP7UoVsaB23kdfiO7IgvNwZFE6VuDef6hkrm5KSYUt3+aFUDLQ+nAjB+x4SZ eLlTVbRiksaFlOWkKGG/Y+c4hsUCaXNU= X-Gm-Gg: AY/fxX5uFREqm7nS7tjP1APd8Zv14GSScK9bzqUicKvkF3UwZ2IpsOAr8CxWnm00qVe QO1anvHbPHXQQNBLdx6JWN8sivzIUwLlMWd/JJvbX3iaS6M0yvbNR6SLu4PglLw3rKPeRPsEY7d YzHlmvEQZNoNxudk0fovi6qEkoBRcR/XaF3Irwnk/0kKAUcqqUVmA95m2OVkwZx/Tm6hHyGrtpl CDGiXm2jsFymQQTJ21BNyLjkmEkooEfRS7/2MU9vjS7LBYDmtN6ttbYz9yJEByoU8dKwsy8eByi 2N+WnZrlXkPqpVXe9W3ab9q1iwYjJA== X-Received: by 2002:a05:651c:2129:b0:37b:970f:d33f with SMTP id 38308e7fff4ca-38362f89e11mr4694361fa.21.1768386584872; Wed, 14 Jan 2026 02:29:44 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Amit Kapila Date: Wed, 14 Jan 2026 15:59:31 +0530 X-Gm-Features: AZwV_QgFtikMxFNlJ67IGg6k_hqiuT86M07jaISDvuHMM2hOpGzToF4w3dh-ekk Message-ID: Subject: Re: Proposal: Conflict log history table for Logical Replication To: Dilip Kumar Cc: shveta malik , Peter Smith , vignesh C , Masahiko Sawada , Bharath Rupireddy , PostgreSQL Hackers Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Tue, Jan 13, 2026 at 6:15=E2=80=AFPM Dilip Kumar = wrote: > > On Tue, Jan 13, 2026 at 5:02=E2=80=AFPM shveta malik wrote: > > > > On Tue, Jan 13, 2026 at 4:09=E2=80=AFPM Dilip Kumar wrote: > > > > > > On Tue, Jan 13, 2026 at 3:59=E2=80=AFPM shveta malik wrote: > > > > > > > > On Sat, Jan 10, 2026 at 6:45=E2=80=AFPM Dilip Kumar wrote: > > > > > > > > > >> > > > > > Here is the updated patch > > > > > > > > > > > > > Thanks, I will review the code. Few concerns while experimenting wi= th 001 alone: > > > > > > > > 1) > > > > I am able to insert and update rows in pg_conflict.pg_conflict_1639= 4. > > > > It should be restricted. > > > > > > > > 2) > > > > I think we need to block 'SELECT for UPDATE' and similar operations= on > > > > CLT. Currently it is allowed on CLT. > > > > See this: > > > > > > > > postgres=3D# SELECT * FROM pg_toast.pg_toast_3466 for UPDATE; > > > > ERROR: cannot lock rows in TOAST relation "pg_toast_3466" > > > > postgres=3D# SELECT * FROM pg_conflict.pg_conflict_16394 for UPDATE= ; > > > > .... > > > > > > I sent an analysis on this a few days ago but realized it only went t= o > > > Amit. Resending to the full list: > > > > > > So the summary is, currently, all INSERT/UPDATE/DELETE operations are > > > blocked for TOAST tables for safety. However, I have allowed these > > > operations for the pg-conflict table. Unlike TOAST, the system does > > > not internally reference conflict data, so user manipulation doesn't > > > pose a safety risk to the system. If a user modifies or deletes this > > > data, they simply lose their logs without impacting system stability. > > > What are your thoughts on this approach? > > > > > > > I don=E2=80=99t see a strong reason for a user to manually perform INSE= RT or > > UPDATE here. But on rethinking, I also agree that allowing it does no > > harm. It simply gives the user flexibility to modify data they =E2=80= =9Cown=E2=80=9D, > > i.e., data that the system does not internally reference. Personally, > > I=E2=80=99m okay with leaving it unrestricted, but it will be good to d= ocument > > it as a NOTE/CAUTION, stating that these DML operations are allowed > > and it is the user=E2=80=99s responsibility to manage any changes they = make > > manually. > > To clarify, I=E2=80=99m allowing INSERT and UPDATE alongside DELETE not > because I anticipate a specific use case, but to avoid adding > unnecessary code complexity. Since restricting these operations isn't > a safety requirement, I felt it was better to keep the implementation > simple rather than adding extra checks that don't provide real value. > What kind of complexity you are anticipating, can you show by top-up patch? I think allowing just DELETE and TRUNCATE to table owners would be ideal. > So let's get consensus on this decision and then we can change accordingl= y. > > > > > > > >> I Wrote > > > > I have been exploring the enforcement of these restrictions. > > > > Currently, DML is validated via CheckValidResultRel(). If we do not > > > > explicitly check for the conflict log table in that function, DML > > > > operations, including DELETE, will be permitted. While I am not ove= rly > > > > concerned about users attempting manual INSERT or UPDATE operations= . > > > > > > > Now for TRUNCATE, the truncate_check_rel() currently relies on > > > > IsSystemClass() to restrict truncations. Since the conflict namespa= ce > > > > is included in IsSystemClass() to prevent unauthorized DDL, TRUNCAT= E > > > > is blocked by default. We could allow it by adding an exception in > > > > truncate_check_rel() (e.g., IsSystemClass() && > > > > !IsConflictNamespace()), but I am unsure if this is necessary. Do w= e > > > > really need to permit TRUNCATE, or is allowing DELETE sufficient fo= r > > > > user-driven cleanup? > > > > > > > I am okay if we allow DELETE alone. > > Thanks for your opinion. > > > > > > > > > > > > > 3) > > > > We currently skip ANALYZE on TOAST tables, but I=E2=80=99m not sure= whether > > > > the same restriction should apply to CLT. Since users are expected = to > > > > query CLT frequently, collecting statistics could be beneficial. Ev= en > > > > though there are currently no indexes or other structures to enable > > > > more optimal plans, having statistics should not harm. Thoughts? > > > > > > > > postgres=3D# analyze pg_toast.pg_toast_16399; > > > > WARNING: skipping "pg_toast_16399" --- cannot analyze non-tables o= r > > > > special system tables > > > > > > > > postgres=3D# analyze pg_conflict.pg_conflict_16394; > > > > ANALYZE > > > > > > I think its good to ANALYZE CLT data because user logically never nee= d > > > to query the toast data, but they would have to query the conflict > > > data. > > > > Right. Do you think we shall allow index creation as well on this > > table? It may help if the table is huge. As an example, a user can > > create an index on relid to query it faster. Currently it is not > > allowed. > > That=E2=80=99s an interesting point. I initially considered creating inte= rnal > indexes to simplify management and avoid requiring users to have DDL > permissions on the pg_conflict schema. However, I realized that > predefined indexes might be too restrictive for diverse search > requirements. Perhaps we should omit indexes from the initial > version? We can then decide whether to add predefined indexes or allow > external ones based on actual usage patterns and feedback. Thoughts? > I agree that the indexes could be considered later unless required by internal code to search the conflict table. --=20 With Regards, Amit Kapila.