bfv_partition was migrated from TINC, which didn't seem to filter output
through atmsort.pl . This presents us a surprise: a lot of our queries
will trigger an "EXPLAIN re-format" in atmsort where we did NOT intend
it to happen: we already run PL/Python over the EXPLAIN output to count
operators. This surprising behavior also crept up on us when we had a
test failure, and we saw out-of-order output lines in the diff.

This commit fixes that.

This commit fixes the following Coverity errors.

ftsfilerep.c: 129923 (for fts.c), 160618, 160637, 160639
ftsprobe.c: 129898
primary_mirror_mode.c: 160714 (for ftsprobe.c)
ftssan.c: 160620, 160636, 160638, 157330

The individual Coverity warnings are described below

ftsfilerep.c
============
CID 129923
----------
The Coverity error is reported in fts.c.  However, the fix is in ftsfilerep.c.

In function probePublishUpdate(), function FtsGetPairStateFilerep() will return
FILEREP_SENTINEL if the segements are in inconsistent state.  This value is
passed to transition() as the stateOld parameter.  The function transition()
calls FtsTransitionFilerep() with this value of stateOld.

FtsTransitionFilerep() uses stateOld to index the state_machine_filerep array.
However, this causes the following warning from Coverity.

Out-of-bounds access (OVERRUN)
overrun-call: Overrunning callee's array of size 3 by passing argument stateOld
(which evaluates to 4) in call to transition.

There is an Assert in FtsTransitionFilerep() to check the validity of stateOld.
However, production code is compiled without Assert, so this is a possible error
condition at runtime.

The fix is to log an error when an invalid stateOld value is passed to
FtsTranstionFilerep() and return without indexing the array.

CID 160618
----------
Added missing break in FtsResolveStateFilerep() for FILEREP_PUS_MUS and
FILEREP_PUR_MUR cases.

CID 160637
----------
The IS_VALID_OLD_STATE_FILEREP(state) macro is defined as:

    (state >= FILEREP_PUS_MUS && state <= FILEREP_PUC_MDX)

where the FILEREP_* states are enums starting at 0.

The macro is called with state defined as uint32.  This results in the following
Coverity warning.

Macro compares unsigned to 0 (NO_EFFECT)
unsigned_compare: This greater-than-or-equal-to-zero comparison of an unsigned
value is always true. stateOld >= FILEREP_PUS_MUS

I have modified the macro definition to:

    ((unsigned int)(state) <= FILEREP_PUC_MDX)

160639
------
The IS_VALID_NEW_STATE_FILEREP(state) macro is defined as:

    (state >= FILEREP_PUS_MUS && state < FILEREP_SENTINEL)

where the FILEREP_* states are enums starting at 0.

The macro is called with state defined as uint32.  This results in the following
Coverity warning.

Macro compares unsigned to 0 (NO_EFFECT)
unsigned_compare: This greater-than-or-equal-to-zero comparison of an unsigned
value is always true. pairState->stateNew >= FILEREP_PUS_MUS.

I have modified the macro definition to:

    ((unsigned int)(state) < FILEREP_SENTINEL)

ftsprobe.c
==========

CID 129898
----------
In function probeTimeout(), we have:

unint64 elapsed_ms = ...;

if (elapsed_ms > gp_fts_probe_timeout * 1000)
  ...

gp_fts_probe_timout is defined as an int.  Therefore, we get the following
Coverity error:

Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
overflow_before_widen: Potentially overflowing expression gp_fts_probe_timeout *
1000 with type int (32 bits, signed) is evaluated using 32-bit arithmetic, and
then used in a context that expects an expression of type uint64 (64 bits,
unsigned).

I have casted gp_fts_probe_timout to uint64 to resolve this.

primary_mirror_mode.c
=====================

CID 160714
----------
Function probeProcessResponse() in ftsprobe.c reads a network packet to process
probe response from the segments.  The fault field from the packet is passed to
getFaultType() in primary_mirror_mode.c to index the labels array.  Therefore,
we get the following warning from Coverity.

Use of untrusted scalar value (TAINTED_SCALAR)
tainted_data: Passing tainted variable fault to a tainted sink.

I resolved this my making sure that the faultType is within the dimension
of the labels array before using the faultType as an index.

ftssan.c
=========

CID 160620
----------
Added missing break in FtsResolveStateSAN() for the SAN_PU_MU case.

CID 160636
----------
The IS_VALID_NEW_STATE_SN(state) macro is defined as:

    (state >= SAN_PU_MU && state < SAN_SENTINEL)

where the SAN_* states are enums starting at 0.

The macro is called with state defined as uint32.  This results in the following
Coverity warning.

Macro compares unsigned to 0 (NO_EFFECT)
unsigned_compare: This greater-than-or-equal-to-zero comparison of an unsigned
value is always true. pairState->stateNew >= SAN_PU_MU.

I have modified the macro definition to:

    ((unsigned int)(state) < SAN_SENTINEL)

CID 160638
-----------
The IS_VALID_OLD_STATE_SAN(state) macro is defined as:

    (state >= SAN_PU_MU && state <= SAN_PU_MD)

where the SAN_* states are enums starting at 0.

The macro is called with state defined as uint32.  This results in the following
Coverity warning.

Macro compares unsigned to 0 (NO_EFFECT)
unsigned_compare: This greater-than-or-equal-to-zero comparison of an unsigned
value is always true. stateOld >= SAN_PU_MU.

I have modified the macro definition to:

    ((unsigned int)(state) <= SAN_PU_MD)

CID 157330
----------

The mountMaintenanceForMpid() function sets the gphome_env variable to
getenv("GPHOME").  The gphome_env variable is used as a file path in a command
string that is passed to the system() OS call.  This results in the following
warning from Coverity.

Use of untrusted string value (TAINTED_STRING)
tainted_string: Passing tainted string cmd to system, which cannot accept
tainted data.

I resolved this by using the execlp() system call instead of system() as
recommended in
https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=2130132.

To use execlp(), individual arguments have to be built as separate characters
strings.

Signed-off-by: NTodd Sedano <tsedano@pivotal.io>

This is a cherry-pick of following upstream commit:

Author: Tom Lane <tgl@sss.pgh.pa.us>
Date:   Thu Jul 10 02:14:03 2008 +0000

    Tighten up SS_finalize_plan's computation of valid_params to exclude Params of
    the current query level that aren't in fact output parameters of the current
    initPlans.  (This means, for example, output parameters of regular subplans.)
    To make this work correctly for output parameters coming from sibling
    initplans requires rejiggering the API of SS_finalize_plan just a bit:
    we need the siblings to be visible to it, rather than hidden as
    SS_make_initplan_from_plan had been doing.  This is really part of my response
    to bug #4290, but I concluded this part probably shouldn't be back-patched,
    since all that it's doing is to make a debugging cross-check tighter.

    (cherry picked from commit eaf1b5d3)

Otherwise the test would prematurely determine that all segments are up after
PANIC and move on.  This is causing intermittent failure in CI.

This warning message will only happen before actual change to xlog. Users
have to type excactly `yes` or `Y` to continue. This is to ensure users aware
of the risk before proceed.

Signed-off-by: NLarry Hamel <lhamel@pivotal.io>

-- add README for macOS build and configuration notes
Signed-off-by: NLarry Hamel <lhamel@pivotal.io>

Signed-off-by: NMarbin Tan <mtan@pivotal.io>

* revert-2220-fixorfce

* fix missing line continuation

The feature is undergoing major rethink, and is in our way of something
more important.

While we were at it, also rid the test of `optimizer_plan_id`, it's a
broken way of testing a feature.

This reverts commit 22403851.

The variable `outernotreferencedbyinner` is always false and hence
`nl_QuitIfEmptyInner` will never set to be true.

Renaming session_state_memory_entries to session_level_memory_consumption in uninstall script for the session state view (#2208)

* Renaming session_state_memory_entries to session_level_memory_consumption in uninstall script for the session state view.

* Adding ICW test to check the installation/uninstallation, shape and basic content of session_level_memory_consumption.

* Changing expected file to a dynamically generated one.

Coverity reported: Either the check against null is unnecessary, or there may be
a null pointer dereference. In ProcArrayEndTransaction: Pointer is checked
against null but then dereferenced anyway.

While its not an issue and for commit case, pointer is never null, but simplify
the code and stop using pointer itself here.

We never build without ORCA, as evidenced by how stale this file is.
I'd rather remove this rather than letting it rot here.

* remove orafce from installcheck

* remove mkorafce target

It's unnecessary, and it will cause memory leak and double free with
multiple sub-queries as a global varible.
Signed-off-by: NPeifeng Qiu <pqiu@pivotal.io>

The test was querying all locks when it really needed to validate only locks
relevant to appendonly tables.

Similar to 615b4c69, this removes a duplicate (and dead) typedef. This
unblocks compilation on older versions of GCC.

Fixes assert failure introduced by 8baaa67a. Before we got lucky as it
was in a structures that was zero'd to the correct enum value.

This guc only applies to HAWQ parquet tables and does not impact GPDB.

Move most of the process_schema logic into functions, clean up dead code,
and cover the process_schema function with unit tests.
Signed-off-by: NChris Hajas <chajas@pivotal.io>

This is tested in the C unit tests already.

The ids in "(relation,*)" lines are not transformed, this would cause
failures if executed on segments, like below:

    SELECT pg_lock_status() FROM foo
                                 pg_lock_status
     ----------------------------------------------------------------------
    - (relation,151955,151957,,,,,,,,2/4,29461,AccessShareLock,t,1117,t,0)
    - (relation,151955,151957,,,,,,,,2/4,29461,AccessShareLock,t,1117,t,0)
    - (relation,151955,151957,,,,,,,,2/4,29462,AccessShareLock,t,1117,t,1)
    - (relation,151955,151957,,,,,,,,2/4,29462,AccessShareLock,t,1117,t,1)
    + (relation,151955,151957,,,,,,,,2/4,29453,AccessShareLock,t,1116,t,0)
    + (relation,151955,151957,,,,,,,,2/4,29453,AccessShareLock,t,1116,t,0)
    + (relation,151955,151957,,,,,,,,2/4,29454,AccessShareLock,t,1116,t,1)
    + (relation,151955,151957,,,,,,,,2/4,29454,AccessShareLock,t,1116,t,1)
      (virtualxid,,,,,VIRTUAL/XID,,,,,VIRTUAL/XID,PID,ExclusiveLock,t,SESSIONID,t,0)
      (virtualxid,,,,,VIRTUAL/XID,,,,,VIRTUAL/XID,PID,ExclusiveLock,t,SESSIONID,t,0)
      (virtualxid,,,,,VIRTUAL/XID,,,,,VIRTUAL/XID,PID,ExclusiveLock,t,SESSIONID,t,1)
      (virtualxid,,,,,VIRTUAL/XID,,,,,VIRTUAL/XID,PID,ExclusiveLock,t,SESSIONID,t,1)
     (8 rows)

So we should transform them like the "(virtualxid,*)" lines.
Signed-off-by: NNing Yu <nyu@pivotal.io>

Passing InvalidOid to as a HeapTuple argument cause a warning for
NULL pointer constant, replace InvalidOid with NULL in call to
AlterResqueueCapabilityEntry() to avoid. Also initialize the owner
in GetResGroupIdForRole() since we otherwise read an uninitialized
value in case the CurrentResourceOwner was set.