* If a user builds dependencies into an arbitrary directory, allow
  CFLAGS to propagate that information to the compiler and linker.
Signed-off-by: NMarbin Tan <mtan@pivotal.io>

With cd2cfa7d (disabling heterogeneous index scans) , now we can make
stronger assumption about the usefulness of partial logical indices and
return only complete logical indices for a partitioned table.

Now that we don't use optimizer_plan_id, also stop setting
optimizer_enable_space_pruning and optimizer_enumerate_plans. This
should speed up our test quite a bit.

(cherry picked from commit 74b90db3281c6e7fb3240a4ad565d3ebbd46b0a5)

Another bug in atmsort will take three dashes as an indicator of the
tabular separator for plan output, and that will suppress the normal
processing of `start_ignore` and other directives. This produces very
very useless test failures.
This commit fixes that.

atmsort.pl kinda indiscriminately treat lines (even comments) containing
the character sequence EXPLAIN...SELECT as a hint of the following lines
being a plan. Which is wrong, when the word selector also matches that.

Changing the comments for now, before we really fix atmsort. This will
give us much better failures.

bfv_partition was migrated from TINC, which didn't seem to filter output
through atmsort.pl . This presents us a surprise: a lot of our queries
will trigger an "EXPLAIN re-format" in atmsort where we did NOT intend
it to happen: we already run PL/Python over the EXPLAIN output to count
operators. This surprising behavior also crept up on us when we had a
test failure, and we saw out-of-order output lines in the diff.

This commit fixes that.

This commit fixes the following Coverity errors.

ftsfilerep.c: 129923 (for fts.c), 160618, 160637, 160639
ftsprobe.c: 129898
primary_mirror_mode.c: 160714 (for ftsprobe.c)
ftssan.c: 160620, 160636, 160638, 157330

The individual Coverity warnings are described below

ftsfilerep.c
============
CID 129923
----------
The Coverity error is reported in fts.c.  However, the fix is in ftsfilerep.c.

In function probePublishUpdate(), function FtsGetPairStateFilerep() will return
FILEREP_SENTINEL if the segements are in inconsistent state.  This value is
passed to transition() as the stateOld parameter.  The function transition()
calls FtsTransitionFilerep() with this value of stateOld.

FtsTransitionFilerep() uses stateOld to index the state_machine_filerep array.
However, this causes the following warning from Coverity.

Out-of-bounds access (OVERRUN)
overrun-call: Overrunning callee's array of size 3 by passing argument stateOld
(which evaluates to 4) in call to transition.

There is an Assert in FtsTransitionFilerep() to check the validity of stateOld.
However, production code is compiled without Assert, so this is a possible error
condition at runtime.

The fix is to log an error when an invalid stateOld value is passed to
FtsTranstionFilerep() and return without indexing the array.

CID 160618
----------
Added missing break in FtsResolveStateFilerep() for FILEREP_PUS_MUS and
FILEREP_PUR_MUR cases.

CID 160637
----------
The IS_VALID_OLD_STATE_FILEREP(state) macro is defined as:

    (state >= FILEREP_PUS_MUS && state <= FILEREP_PUC_MDX)

where the FILEREP_* states are enums starting at 0.

The macro is called with state defined as uint32.  This results in the following
Coverity warning.

Macro compares unsigned to 0 (NO_EFFECT)
unsigned_compare: This greater-than-or-equal-to-zero comparison of an unsigned
value is always true. stateOld >= FILEREP_PUS_MUS

I have modified the macro definition to:

    ((unsigned int)(state) <= FILEREP_PUC_MDX)

160639
------
The IS_VALID_NEW_STATE_FILEREP(state) macro is defined as:

    (state >= FILEREP_PUS_MUS && state < FILEREP_SENTINEL)

where the FILEREP_* states are enums starting at 0.

The macro is called with state defined as uint32.  This results in the following
Coverity warning.

Macro compares unsigned to 0 (NO_EFFECT)
unsigned_compare: This greater-than-or-equal-to-zero comparison of an unsigned
value is always true. pairState->stateNew >= FILEREP_PUS_MUS.

I have modified the macro definition to:

    ((unsigned int)(state) < FILEREP_SENTINEL)

ftsprobe.c
==========

CID 129898
----------
In function probeTimeout(), we have:

unint64 elapsed_ms = ...;

if (elapsed_ms > gp_fts_probe_timeout * 1000)
  ...

gp_fts_probe_timout is defined as an int.  Therefore, we get the following
Coverity error:

Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
overflow_before_widen: Potentially overflowing expression gp_fts_probe_timeout *
1000 with type int (32 bits, signed) is evaluated using 32-bit arithmetic, and
then used in a context that expects an expression of type uint64 (64 bits,
unsigned).

I have casted gp_fts_probe_timout to uint64 to resolve this.

primary_mirror_mode.c
=====================

CID 160714
----------
Function probeProcessResponse() in ftsprobe.c reads a network packet to process
probe response from the segments.  The fault field from the packet is passed to
getFaultType() in primary_mirror_mode.c to index the labels array.  Therefore,
we get the following warning from Coverity.

Use of untrusted scalar value (TAINTED_SCALAR)
tainted_data: Passing tainted variable fault to a tainted sink.

I resolved this my making sure that the faultType is within the dimension
of the labels array before using the faultType as an index.

ftssan.c
=========

CID 160620
----------
Added missing break in FtsResolveStateSAN() for the SAN_PU_MU case.

CID 160636
----------
The IS_VALID_NEW_STATE_SN(state) macro is defined as:

    (state >= SAN_PU_MU && state < SAN_SENTINEL)

where the SAN_* states are enums starting at 0.

The macro is called with state defined as uint32.  This results in the following
Coverity warning.

Macro compares unsigned to 0 (NO_EFFECT)
unsigned_compare: This greater-than-or-equal-to-zero comparison of an unsigned
value is always true. pairState->stateNew >= SAN_PU_MU.

I have modified the macro definition to:

    ((unsigned int)(state) < SAN_SENTINEL)

CID 160638
-----------
The IS_VALID_OLD_STATE_SAN(state) macro is defined as:

    (state >= SAN_PU_MU && state <= SAN_PU_MD)

where the SAN_* states are enums starting at 0.

The macro is called with state defined as uint32.  This results in the following
Coverity warning.

Macro compares unsigned to 0 (NO_EFFECT)
unsigned_compare: This greater-than-or-equal-to-zero comparison of an unsigned
value is always true. stateOld >= SAN_PU_MU.

I have modified the macro definition to:

    ((unsigned int)(state) <= SAN_PU_MD)

CID 157330
----------

The mountMaintenanceForMpid() function sets the gphome_env variable to
getenv("GPHOME").  The gphome_env variable is used as a file path in a command
string that is passed to the system() OS call.  This results in the following
warning from Coverity.

Use of untrusted string value (TAINTED_STRING)
tainted_string: Passing tainted string cmd to system, which cannot accept
tainted data.

I resolved this by using the execlp() system call instead of system() as
recommended in
https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=2130132.

To use execlp(), individual arguments have to be built as separate characters
strings.

Signed-off-by: NTodd Sedano <tsedano@pivotal.io>

This is a cherry-pick of following upstream commit:

Author: Tom Lane <tgl@sss.pgh.pa.us>
Date:   Thu Jul 10 02:14:03 2008 +0000

    Tighten up SS_finalize_plan's computation of valid_params to exclude Params of
    the current query level that aren't in fact output parameters of the current
    initPlans.  (This means, for example, output parameters of regular subplans.)
    To make this work correctly for output parameters coming from sibling
    initplans requires rejiggering the API of SS_finalize_plan just a bit:
    we need the siblings to be visible to it, rather than hidden as
    SS_make_initplan_from_plan had been doing.  This is really part of my response
    to bug #4290, but I concluded this part probably shouldn't be back-patched,
    since all that it's doing is to make a debugging cross-check tighter.

    (cherry picked from commit eaf1b5d3)

Otherwise the test would prematurely determine that all segments are up after
PANIC and move on.  This is causing intermittent failure in CI.

This warning message will only happen before actual change to xlog. Users
have to type excactly `yes` or `Y` to continue. This is to ensure users aware
of the risk before proceed.

Signed-off-by: NLarry Hamel <lhamel@pivotal.io>

-- add README for macOS build and configuration notes
Signed-off-by: NLarry Hamel <lhamel@pivotal.io>

Signed-off-by: NMarbin Tan <mtan@pivotal.io>

* revert-2220-fixorfce

* fix missing line continuation

The feature is undergoing major rethink, and is in our way of something
more important.

While we were at it, also rid the test of `optimizer_plan_id`, it's a
broken way of testing a feature.

This reverts commit 22403851.

The variable `outernotreferencedbyinner` is always false and hence
`nl_QuitIfEmptyInner` will never set to be true.

Renaming session_state_memory_entries to session_level_memory_consumption in uninstall script for the session state view (#2208)

* Renaming session_state_memory_entries to session_level_memory_consumption in uninstall script for the session state view.

* Adding ICW test to check the installation/uninstallation, shape and basic content of session_level_memory_consumption.

* Changing expected file to a dynamically generated one.

Coverity reported: Either the check against null is unnecessary, or there may be
a null pointer dereference. In ProcArrayEndTransaction: Pointer is checked
against null but then dereferenced anyway.

While its not an issue and for commit case, pointer is never null, but simplify
the code and stop using pointer itself here.

We never build without ORCA, as evidenced by how stale this file is.
I'd rather remove this rather than letting it rot here.

* remove orafce from installcheck

* remove mkorafce target

It's unnecessary, and it will cause memory leak and double free with
multiple sub-queries as a global varible.
Signed-off-by: NPeifeng Qiu <pqiu@pivotal.io>

The test was querying all locks when it really needed to validate only locks
relevant to appendonly tables.

Similar to 615b4c69, this removes a duplicate (and dead) typedef. This
unblocks compilation on older versions of GCC.

Fixes assert failure introduced by 8baaa67a. Before we got lucky as it
was in a structures that was zero'd to the correct enum value.

This guc only applies to HAWQ parquet tables and does not impact GPDB.