Skip to main content

mz_adapter/
session.rs

1// Copyright Materialize, Inc. and contributors. All rights reserved.
2//
3// Use of this software is governed by the Business Source License
4// included in the LICENSE file.
5//
6// As of the Change Date specified in that file, in accordance with
7// the Business Source License, use of this software will be governed
8// by the Apache License, Version 2.0.
9
10//! Per-connection configuration parameters and state.
11
12#![warn(missing_docs)]
13
14use std::collections::btree_map::Entry;
15use std::collections::{BTreeMap, BTreeSet};
16use std::future::Future;
17use std::mem;
18use std::net::IpAddr;
19use std::pin::Pin;
20use std::sync::Arc;
21
22use chrono::{DateTime, Utc};
23use derivative::Derivative;
24use itertools::Itertools;
25use mz_adapter_types::connection::ConnectionId;
26use mz_auth::AuthenticatorKind;
27use mz_build_info::{BuildInfo, DUMMY_BUILD_INFO};
28use mz_controller_types::ClusterId;
29use mz_ore::metrics::{MetricsFutureExt, MetricsRegistry};
30use mz_ore::now::{EpochMillis, NowFn};
31use mz_pgwire_common::Format;
32use mz_repr::role_id::RoleId;
33use mz_repr::user::{ExternalUserMetadata, InternalUserMetadata};
34use mz_repr::{CatalogItemId, Datum, Row, RowIterator, SqlScalarType, Timestamp};
35use mz_sql::ast::{AstInfo, Raw, Statement, TransactionAccessMode};
36use mz_sql::plan::{Params, PlanContext, QueryWhen, StatementDesc};
37use mz_sql::session::metadata::SessionMetadata;
38use mz_sql::session::user::{
39    INTERNAL_USER_NAME_TO_DEFAULT_CLUSTER, RoleMetadata, SYSTEM_USER, User,
40};
41use mz_sql::session::vars::IsolationLevel;
42pub use mz_sql::session::vars::{
43    DEFAULT_DATABASE_NAME, EndTransactionAction, SERVER_MAJOR_VERSION, SERVER_MINOR_VERSION,
44    SERVER_PATCH_VERSION, SessionVars, Var,
45};
46use mz_sql_parser::ast::TransactionIsolationLevel;
47use mz_storage_client::client::TableData;
48use mz_storage_types::sources::Timeline;
49use qcell::{QCell, QCellOwner};
50use timely::progress::Timestamp as _;
51use tokio::sync::mpsc::{self, UnboundedReceiver, UnboundedSender};
52use tokio::sync::watch;
53use uuid::Uuid;
54
55use crate::catalog::CatalogState;
56use crate::client::RecordFirstRowStream;
57use crate::coord::appends::BuiltinTableAppendNotify;
58use crate::coord::in_memory_oracle::InMemoryTimestampOracle;
59use crate::coord::peek::PeekResponseUnary;
60use crate::coord::timestamp_selection::{TimestampContext, TimestampDetermination};
61use crate::coord::{Coordinator, ExplainContext};
62use crate::error::AdapterError;
63use crate::metrics::{Metrics, SessionMetrics};
64use crate::statement_logging::PreparedStatementLoggingInfo;
65use crate::{AdapterNotice, ExecuteContext};
66use mz_catalog::durable::Snapshot;
67
68const DUMMY_CONNECTION_ID: ConnectionId = ConnectionId::Static(0);
69
70/// A session holds per-connection state.
71#[derive(Derivative)]
72#[derivative(Debug)]
73pub struct Session {
74    conn_id: ConnectionId,
75    /// A globally unique identifier for the session. Not to be confused
76    /// with `conn_id`, which may be reused.
77    uuid: Uuid,
78    prepared_statements: BTreeMap<String, PreparedStatement>,
79    portals: BTreeMap<String, Portal>,
80    transaction: TransactionStatus,
81    pcx: Option<PlanContext>,
82    metrics: SessionMetrics,
83    #[derivative(Debug = "ignore")]
84    builtin_updates: Option<BuiltinTableAppendNotify>,
85
86    /// The role metadata of the current session.
87    ///
88    /// Invariant: role_metadata must be `Some` after the user has
89    /// successfully connected to and authenticated with Materialize.
90    ///
91    /// Prefer using this value over [`SessionConfig::user`].
92    //
93    // It would be better for this not to be an Option, but the
94    // `Session` is initialized before the user has connected to
95    // Materialize and is able to look up the `RoleMetadata`. The `Session`
96    // is also used to return an error when no role exists and
97    // therefore there is no valid `RoleMetadata`.
98    role_metadata: Option<RoleMetadata>,
99    client_ip: Option<IpAddr>,
100    vars: SessionVars,
101    notices_tx: mpsc::UnboundedSender<AdapterNotice>,
102    notices_rx: mpsc::UnboundedReceiver<AdapterNotice>,
103    next_transaction_id: TransactionId,
104    secret_key: u32,
105    external_metadata_rx: Option<watch::Receiver<ExternalUserMetadata>>,
106    // Token allowing us to access `Arc<QCell<StatementLogging>>`
107    // metadata. We want these to be reference-counted, because the same
108    // statement might be referenced from multiple portals simultaneously.
109    //
110    // However, they can't be `Rc<RefCell<StatementLogging>>`, because
111    // the `Session` is sent around to different threads.
112    //
113    // On the other hand, they don't need to be
114    // `Arc<Mutex<StatementLogging>>`, because they will always be
115    // accessed from the same thread that the `Session` is currently
116    // on. We express this by gating access with this token.
117    #[derivative(Debug = "ignore")]
118    qcell_owner: QCellOwner,
119    session_oracles: BTreeMap<Timeline, InMemoryTimestampOracle>,
120    /// Incremented when session state that is relevant to prepared statement planning changes.
121    /// Currently, only changes to `portals` are tracked. Changes to `prepared_statements` don't
122    /// need to be tracked, because prepared statements can't depend on other prepared statements.
123    /// TODO: We might want to track changes also to session variables.
124    /// (`Catalog::transient_revision` similarly tracks changes on the catalog side.)
125    state_revision: u64,
126}
127
128impl SessionMetadata for Session {
129    fn conn_id(&self) -> &ConnectionId {
130        &self.conn_id
131    }
132
133    fn client_ip(&self) -> Option<&IpAddr> {
134        self.client_ip.as_ref()
135    }
136
137    fn pcx(&self) -> &PlanContext {
138        &self
139            .transaction()
140            .inner()
141            .expect("no active transaction")
142            .pcx
143    }
144
145    fn role_metadata(&self) -> &RoleMetadata {
146        self.role_metadata
147            .as_ref()
148            .expect("role_metadata invariant violated")
149    }
150
151    fn vars(&self) -> &SessionVars {
152        &self.vars
153    }
154}
155
156/// Data structure suitable for passing to other threads that need access to some common Session
157/// properties.
158#[derive(Debug)]
159pub struct SessionMeta {
160    conn_id: ConnectionId,
161    client_ip: Option<IpAddr>,
162    pcx: PlanContext,
163    role_metadata: RoleMetadata,
164    vars: SessionVars,
165}
166
167impl SessionMetadata for SessionMeta {
168    fn vars(&self) -> &SessionVars {
169        &self.vars
170    }
171
172    fn conn_id(&self) -> &ConnectionId {
173        &self.conn_id
174    }
175
176    fn client_ip(&self) -> Option<&IpAddr> {
177        self.client_ip.as_ref()
178    }
179
180    fn pcx(&self) -> &PlanContext {
181        &self.pcx
182    }
183
184    fn role_metadata(&self) -> &RoleMetadata {
185        &self.role_metadata
186    }
187}
188
189/// Configures a new [`Session`].
190#[derive(Debug, Clone)]
191pub struct SessionConfig {
192    /// The connection ID for the session.
193    ///
194    /// May be reused after the session terminates.
195    pub conn_id: ConnectionId,
196    /// A universally unique identifier for the session, across all processes,
197    /// region, and all time.
198    ///
199    /// Must not be reused, even after the session terminates.
200    pub uuid: Uuid,
201    /// The peer address of the client
202    pub client_ip: Option<IpAddr>,
203    /// The name of the user associated with the session.
204    pub user: String,
205    /// An optional receiver that the session will periodically check for
206    /// updates to a user's external metadata.
207    pub external_metadata_rx: Option<watch::Receiver<ExternalUserMetadata>>,
208    /// Helm chart version
209    pub helm_chart_version: Option<String>,
210    /// The authenticator that authenticated this user, if any.
211    pub authenticator_kind: AuthenticatorKind,
212    /// Groups from JWT claims for OIDC group-to-role sync.
213    pub groups: Option<Vec<String>>,
214}
215
216impl Session {
217    /// Creates a new session for the specified connection ID.
218    pub(crate) fn new(
219        build_info: &'static BuildInfo,
220        config: SessionConfig,
221        metrics: SessionMetrics,
222    ) -> Session {
223        assert_ne!(config.conn_id, DUMMY_CONNECTION_ID);
224        Self::new_internal(build_info, config, metrics)
225    }
226
227    /// Returns a reference-less collection of data usable by other tasks that don't have ownership
228    /// of the Session.
229    pub fn meta(&self) -> SessionMeta {
230        SessionMeta {
231            conn_id: self.conn_id().clone(),
232            client_ip: self.client_ip().copied(),
233            pcx: self.pcx().clone(),
234            role_metadata: self.role_metadata().clone(),
235            vars: self.vars.clone(),
236        }
237
238        // TODO: soft_assert that these are the same as Session.
239    }
240
241    /// Creates new statement logging metadata for a one-off
242    /// statement.
243    // Normally, such logging information would be created as part of
244    // allocating a new prepared statement, and a refcounted handle
245    // would be copied from that prepared statement to portals during
246    // binding. However, we also support (via `Command::declare`)
247    // binding a statement directly to a portal without creating an
248    // intermediate prepared statement. Thus, for those cases, a
249    // mechanism for generating the logging metadata directly is needed.
250    pub(crate) fn mint_logging<A: AstInfo>(
251        &self,
252        raw_sql: String,
253        stmt: Option<&Statement<A>>,
254        now: EpochMillis,
255    ) -> Arc<QCell<PreparedStatementLoggingInfo>> {
256        Arc::new(QCell::new(
257            &self.qcell_owner,
258            PreparedStatementLoggingInfo::still_to_log(
259                raw_sql,
260                stmt,
261                now,
262                "".to_string(),
263                self.uuid,
264                false,
265            ),
266        ))
267    }
268
269    pub(crate) fn qcell_ro<'a, T2: 'a>(&'a self, cell: &'a Arc<QCell<T2>>) -> &'a T2 {
270        self.qcell_owner.ro(&*cell)
271    }
272
273    pub(crate) fn qcell_rw<'a, T2: 'a>(&'a mut self, cell: &'a Arc<QCell<T2>>) -> &'a mut T2 {
274        self.qcell_owner.rw(&*cell)
275    }
276
277    /// Returns a unique ID for the session.
278    /// Not to be confused with `connection_id`, which can be reused.
279    pub fn uuid(&self) -> Uuid {
280        self.uuid
281    }
282
283    /// Creates a new dummy session.
284    ///
285    /// Dummy sessions are intended for use when executing queries on behalf of
286    /// the system itself, rather than on behalf of a user.
287    pub fn dummy() -> Session {
288        let registry = MetricsRegistry::new();
289        let metrics = Metrics::register_into(&registry);
290        let metrics = metrics.session_metrics();
291        let mut dummy = Self::new_internal(
292            &DUMMY_BUILD_INFO,
293            SessionConfig {
294                conn_id: DUMMY_CONNECTION_ID,
295                uuid: Uuid::new_v4(),
296                user: SYSTEM_USER.name.clone(),
297                client_ip: None,
298                external_metadata_rx: None,
299                helm_chart_version: None,
300                authenticator_kind: AuthenticatorKind::None,
301                groups: None,
302            },
303            metrics,
304        );
305        dummy.initialize_role_metadata(RoleId::User(0));
306        dummy
307    }
308
309    fn new_internal(
310        build_info: &'static BuildInfo,
311        SessionConfig {
312            conn_id,
313            uuid,
314            user,
315            client_ip,
316            mut external_metadata_rx,
317            helm_chart_version,
318            authenticator_kind,
319            groups,
320        }: SessionConfig,
321        metrics: SessionMetrics,
322    ) -> Session {
323        let (notices_tx, notices_rx) = mpsc::unbounded_channel();
324        let default_cluster = INTERNAL_USER_NAME_TO_DEFAULT_CLUSTER.get(&user);
325        let user = User {
326            name: user,
327            internal_metadata: None,
328            external_metadata: external_metadata_rx
329                .as_mut()
330                .map(|rx| rx.borrow_and_update().clone()),
331            authenticator_kind: Some(authenticator_kind),
332            groups,
333        };
334        let mut vars = SessionVars::new_unchecked(build_info, user, helm_chart_version);
335        if let Some(default_cluster) = default_cluster {
336            vars.set_cluster(default_cluster.clone());
337        }
338        Session {
339            conn_id,
340            uuid,
341            transaction: TransactionStatus::Default,
342            pcx: None,
343            metrics,
344            builtin_updates: None,
345            prepared_statements: BTreeMap::new(),
346            portals: BTreeMap::new(),
347            role_metadata: None,
348            client_ip,
349            vars,
350            notices_tx,
351            notices_rx,
352            next_transaction_id: 0,
353            secret_key: rand::random(),
354            external_metadata_rx,
355            qcell_owner: QCellOwner::new(),
356            session_oracles: BTreeMap::new(),
357            state_revision: 0,
358        }
359    }
360
361    /// Returns the secret key associated with the session.
362    pub fn secret_key(&self) -> u32 {
363        self.secret_key
364    }
365
366    fn new_pcx(&self, mut wall_time: DateTime<Utc>) -> PlanContext {
367        if let Some(mock_time) = self.vars().unsafe_new_transaction_wall_time() {
368            wall_time = *mock_time;
369        }
370        PlanContext::new(wall_time)
371    }
372
373    /// Starts an explicit transaction, or changes an implicit to an explicit
374    /// transaction.
375    pub fn start_transaction(
376        &mut self,
377        wall_time: DateTime<Utc>,
378        access: Option<TransactionAccessMode>,
379        isolation_level: Option<TransactionIsolationLevel>,
380    ) -> Result<(), AdapterError> {
381        // Check that current transaction state is compatible with new `access`
382        if let Some(txn) = self.transaction.inner() {
383            // `READ WRITE` prohibited if:
384            // - Currently in `READ ONLY`
385            // - Already performed a query
386            let read_write_prohibited = match txn.ops {
387                TransactionOps::Peeks { .. } | TransactionOps::Subscribe => {
388                    txn.access == Some(TransactionAccessMode::ReadOnly)
389                }
390                TransactionOps::None
391                | TransactionOps::Writes(_)
392                | TransactionOps::SingleStatement { .. }
393                | TransactionOps::DDL { .. } => false,
394            };
395
396            if read_write_prohibited && access == Some(TransactionAccessMode::ReadWrite) {
397                return Err(AdapterError::ReadWriteUnavailable);
398            }
399        }
400
401        match std::mem::take(&mut self.transaction) {
402            TransactionStatus::Default => {
403                let id = self.next_transaction_id;
404                self.next_transaction_id = self.next_transaction_id.wrapping_add(1);
405                self.transaction = TransactionStatus::InTransaction(Transaction {
406                    pcx: self.new_pcx(wall_time),
407                    ops: TransactionOps::None,
408                    write_lock_guards: None,
409                    access,
410                    id,
411                });
412            }
413            TransactionStatus::Started(mut txn)
414            | TransactionStatus::InTransactionImplicit(mut txn)
415            | TransactionStatus::InTransaction(mut txn) => {
416                if access.is_some() {
417                    txn.access = access;
418                }
419                self.transaction = TransactionStatus::InTransaction(txn);
420            }
421            TransactionStatus::Failed(_) => unreachable!(),
422        };
423
424        if let Some(isolation_level) = isolation_level {
425            self.vars
426                .set_local_transaction_isolation(isolation_level.into());
427        }
428
429        Ok(())
430    }
431
432    /// Starts either a single statement or implicit transaction based on the
433    /// number of statements, but only if no transaction has been started already.
434    pub fn start_transaction_implicit(&mut self, wall_time: DateTime<Utc>, stmts: usize) {
435        if let TransactionStatus::Default = self.transaction {
436            let id = self.next_transaction_id;
437            self.next_transaction_id = self.next_transaction_id.wrapping_add(1);
438            let txn = Transaction {
439                pcx: self.new_pcx(wall_time),
440                ops: TransactionOps::None,
441                write_lock_guards: None,
442                access: None,
443                id,
444            };
445            match stmts {
446                1 => self.transaction = TransactionStatus::Started(txn),
447                n if n > 1 => self.transaction = TransactionStatus::InTransactionImplicit(txn),
448                _ => {}
449            }
450        }
451    }
452
453    /// Starts a single statement transaction, but only if no transaction has been started already.
454    pub fn start_transaction_single_stmt(&mut self, wall_time: DateTime<Utc>) {
455        self.start_transaction_implicit(wall_time, 1);
456    }
457
458    /// Clears a transaction, setting its state to Default and destroying all
459    /// portals. Returned are:
460    /// - sinks that were started in this transaction and need to be dropped
461    /// - the cleared transaction so its operations can be handled
462    ///
463    /// The [Postgres protocol docs](https://www.postgresql.org/docs/current/protocol-flow.html#PROTOCOL-FLOW-EXT-QUERY) specify:
464    /// > a named portal object lasts till the end of the current transaction
465    /// and
466    /// > An unnamed portal is destroyed at the end of the transaction
467    #[must_use]
468    pub fn clear_transaction(&mut self) -> TransactionStatus {
469        self.portals.clear();
470        self.pcx = None;
471        self.state_revision += 1;
472        mem::take(&mut self.transaction)
473    }
474
475    /// Marks the current transaction as failed.
476    pub fn fail_transaction(mut self) -> Self {
477        match self.transaction {
478            TransactionStatus::Default => unreachable!(),
479            TransactionStatus::Started(txn)
480            | TransactionStatus::InTransactionImplicit(txn)
481            | TransactionStatus::InTransaction(txn) => {
482                self.transaction = TransactionStatus::Failed(txn);
483            }
484            TransactionStatus::Failed(_) => {}
485        };
486        self
487    }
488
489    /// Returns the current transaction status.
490    pub fn transaction(&self) -> &TransactionStatus {
491        &self.transaction
492    }
493
494    /// Returns the current transaction status.
495    pub fn transaction_mut(&mut self) -> &mut TransactionStatus {
496        &mut self.transaction
497    }
498
499    /// Returns the session's transaction code.
500    pub fn transaction_code(&self) -> TransactionCode {
501        self.transaction().into()
502    }
503
504    /// Adds operations to the current transaction. An error is produced if
505    /// they cannot be merged (i.e., a timestamp-dependent read cannot be
506    /// merged to an insert).
507    pub fn add_transaction_ops(&mut self, add_ops: TransactionOps) -> Result<(), AdapterError> {
508        self.transaction.add_ops(add_ops)
509    }
510
511    /// Returns a channel on which to send notices to the session.
512    pub fn retain_notice_transmitter(&self) -> UnboundedSender<AdapterNotice> {
513        self.notices_tx.clone()
514    }
515
516    /// Adds a notice to the session.
517    pub fn add_notice(&self, notice: AdapterNotice) {
518        self.add_notices([notice])
519    }
520
521    /// Adds multiple notices to the session.
522    pub fn add_notices(&self, notices: impl IntoIterator<Item = AdapterNotice>) {
523        for notice in notices {
524            let _ = self.notices_tx.send(notice);
525        }
526    }
527
528    /// Awaits a possible notice.
529    ///
530    /// This method is cancel safe.
531    pub async fn recv_notice(&mut self) -> AdapterNotice {
532        // This method is cancel safe because recv is cancel safe.
533        loop {
534            let notice = self
535                .notices_rx
536                .recv()
537                .await
538                .expect("Session also holds a sender, so recv won't ever return None");
539            match self.notice_filter(notice) {
540                Some(notice) => return notice,
541                None => continue,
542            }
543        }
544    }
545
546    /// Returns a draining iterator over the notices attached to the session.
547    pub fn drain_notices(&mut self) -> Vec<AdapterNotice> {
548        let mut notices = Vec::new();
549        while let Ok(notice) = self.notices_rx.try_recv() {
550            if let Some(notice) = self.notice_filter(notice) {
551                notices.push(notice);
552            }
553        }
554        notices
555    }
556
557    /// Returns Some if the notice should be reported, otherwise None.
558    fn notice_filter(&self, notice: AdapterNotice) -> Option<AdapterNotice> {
559        // Filter out low threshold severity.
560        let minimum_client_severity = self.vars.client_min_messages();
561        let sev = notice.severity();
562        if !minimum_client_severity.should_output_to_client(&sev) {
563            return None;
564        }
565        // Filter out notices for other clusters.
566        if let AdapterNotice::ClusterReplicaStatusChanged { cluster, .. } = &notice {
567            if cluster != self.vars.cluster() {
568                return None;
569            }
570        }
571        Some(notice)
572    }
573
574    /// Sets the transaction ops to `TransactionOps::None`. Must only be used after
575    /// verifying that no transaction anomalies will occur if cleared.
576    pub fn clear_transaction_ops(&mut self) {
577        if let Some(txn) = self.transaction.inner_mut() {
578            txn.ops = TransactionOps::None;
579        }
580    }
581
582    /// If the current transaction ops belong to a read, then sets the
583    /// ops to `None`, returning the old read timestamp context if
584    /// any existed. Must only be used after verifying that no transaction
585    /// anomalies will occur if cleared.
586    pub fn take_transaction_timestamp_context(&mut self) -> Option<TimestampContext> {
587        if let Some(Transaction { ops, .. }) = self.transaction.inner_mut() {
588            if let TransactionOps::Peeks { .. } = ops {
589                let ops = std::mem::take(ops);
590                Some(
591                    ops.timestamp_determination()
592                        .expect("checked above")
593                        .timestamp_context,
594                )
595            } else {
596                None
597            }
598        } else {
599            None
600        }
601    }
602
603    /// Returns the transaction's read timestamp determination, if set.
604    ///
605    /// Returns `None` if there is no active transaction, or if the active
606    /// transaction is not a read transaction.
607    pub fn get_transaction_timestamp_determination(&self) -> Option<TimestampDetermination> {
608        match self.transaction.inner() {
609            Some(Transaction {
610                pcx: _,
611                ops: TransactionOps::Peeks { determination, .. },
612                write_lock_guards: _,
613                access: _,
614                id: _,
615            }) => Some(determination.clone()),
616            _ => None,
617        }
618    }
619
620    /// Whether this session has a timestamp for a read transaction.
621    pub fn contains_read_timestamp(&self) -> bool {
622        matches!(
623            self.transaction.inner(),
624            Some(Transaction {
625                pcx: _,
626                ops: TransactionOps::Peeks {
627                    determination: TimestampDetermination {
628                        timestamp_context: TimestampContext::TimelineTimestamp { .. },
629                        ..
630                    },
631                    ..
632                },
633                write_lock_guards: _,
634                access: _,
635                id: _,
636            })
637        )
638    }
639
640    /// Registers the prepared statement under `name`.
641    pub fn set_prepared_statement(
642        &mut self,
643        name: String,
644        stmt: Option<Statement<Raw>>,
645        raw_sql: String,
646        desc: StatementDesc,
647        state_revision: StateRevision,
648        now: EpochMillis,
649    ) {
650        let logging = PreparedStatementLoggingInfo::still_to_log(
651            raw_sql,
652            stmt.as_ref(),
653            now,
654            name.clone(),
655            self.uuid,
656            false,
657        );
658        let statement = PreparedStatement {
659            stmt,
660            desc,
661            state_revision,
662            logging: Arc::new(QCell::new(&self.qcell_owner, logging)),
663        };
664        self.prepared_statements.insert(name, statement);
665    }
666
667    /// Removes the prepared statement associated with `name`.
668    ///
669    /// Returns whether a statement previously existed.
670    pub fn remove_prepared_statement(&mut self, name: &str) -> bool {
671        self.prepared_statements.remove(name).is_some()
672    }
673
674    /// Removes all prepared statements.
675    pub fn remove_all_prepared_statements(&mut self) {
676        self.prepared_statements.clear();
677    }
678
679    /// Retrieves the prepared statement associated with `name`.
680    ///
681    /// This is unverified and could be incorrect if the underlying catalog has
682    /// changed.
683    pub fn get_prepared_statement_unverified(&self, name: &str) -> Option<&PreparedStatement> {
684        self.prepared_statements.get(name)
685    }
686
687    /// Retrieves the prepared statement associated with `name`.
688    ///
689    /// This is unverified and could be incorrect if the underlying catalog has
690    /// changed.
691    pub fn get_prepared_statement_mut_unverified(
692        &mut self,
693        name: &str,
694    ) -> Option<&mut PreparedStatement> {
695        self.prepared_statements.get_mut(name)
696    }
697
698    /// Returns the prepared statements for the session.
699    pub fn prepared_statements(&self) -> &BTreeMap<String, PreparedStatement> {
700        &self.prepared_statements
701    }
702
703    /// Returns the portals for the session.
704    pub fn portals(&self) -> &BTreeMap<String, Portal> {
705        &self.portals
706    }
707
708    /// Binds the specified portal to the specified prepared statement.
709    ///
710    /// If the prepared statement contains parameters, the values and types of
711    /// those parameters must be provided in `params`. It is the caller's
712    /// responsibility to ensure that the correct number of parameters is
713    /// provided.
714    ///
715    /// The `results_formats` parameter sets the desired format of the results,
716    /// and is stored on the portal.
717    pub fn set_portal(
718        &mut self,
719        portal_name: String,
720        desc: StatementDesc,
721        stmt: Option<Statement<Raw>>,
722        logging: Arc<QCell<PreparedStatementLoggingInfo>>,
723        params: Vec<(Datum, SqlScalarType)>,
724        result_formats: Vec<Format>,
725        state_revision: StateRevision,
726    ) -> Result<(), AdapterError> {
727        // The empty portal can be silently replaced.
728        if !portal_name.is_empty() && self.portals.contains_key(&portal_name) {
729            return Err(AdapterError::DuplicateCursor(portal_name));
730        }
731        self.state_revision += 1;
732        let param_types = desc.param_types.clone();
733        self.portals.insert(
734            portal_name,
735            Portal {
736                stmt: stmt.map(Arc::new),
737                desc,
738                state_revision,
739                parameters: Params {
740                    datums: Row::pack(params.iter().map(|(d, _t)| d)),
741                    execute_types: params.into_iter().map(|(_d, t)| t).collect(),
742                    expected_types: param_types,
743                },
744                result_formats,
745                state: PortalState::NotStarted,
746                logging,
747                lifecycle_timestamps: None,
748            },
749        );
750        Ok(())
751    }
752
753    /// Removes the specified portal.
754    ///
755    /// If there is no such portal, this method does nothing. Returns whether that portal existed.
756    pub fn remove_portal(&mut self, portal_name: &str) -> bool {
757        self.state_revision += 1;
758        self.portals.remove(portal_name).is_some()
759    }
760
761    /// Retrieves a reference to the specified portal.
762    ///
763    /// If there is no such portal, returns `None`.
764    pub fn get_portal_unverified(&self, portal_name: &str) -> Option<&Portal> {
765        self.portals.get(portal_name)
766    }
767
768    /// Retrieves a mutable reference to the specified portal.
769    ///
770    /// If there is no such portal, returns `None`.
771    ///
772    /// Note: When using the returned `PortalRefMut`, there is no need to increment
773    /// `Session::state_revision`, because the portal's meaning is not changed.
774    pub fn get_portal_unverified_mut(&mut self, portal_name: &str) -> Option<PortalRefMut<'_>> {
775        self.portals.get_mut(portal_name).map(|p| PortalRefMut {
776            stmt: &p.stmt,
777            desc: &p.desc,
778            state_revision: &mut p.state_revision,
779            parameters: &mut p.parameters,
780            result_formats: &mut p.result_formats,
781            logging: &mut p.logging,
782            state: &mut p.state,
783            lifecycle_timestamps: &mut p.lifecycle_timestamps,
784        })
785    }
786
787    /// Creates and installs a new portal.
788    pub fn create_new_portal(
789        &mut self,
790        stmt: Option<Statement<Raw>>,
791        logging: Arc<QCell<PreparedStatementLoggingInfo>>,
792        desc: StatementDesc,
793        parameters: Params,
794        result_formats: Vec<Format>,
795        state_revision: StateRevision,
796    ) -> Result<String, AdapterError> {
797        self.state_revision += 1;
798
799        // See: https://github.com/postgres/postgres/blob/84f5c2908dad81e8622b0406beea580e40bb03ac/src/backend/utils/mmgr/portalmem.c#L234
800        for i in 0usize.. {
801            let name = format!("<unnamed portal {}>", i);
802            match self.portals.entry(name.clone()) {
803                Entry::Occupied(_) => continue,
804                Entry::Vacant(entry) => {
805                    entry.insert(Portal {
806                        stmt: stmt.map(Arc::new),
807                        desc,
808                        state_revision,
809                        parameters,
810                        result_formats,
811                        state: PortalState::NotStarted,
812                        logging,
813                        lifecycle_timestamps: None,
814                    });
815                    return Ok(name);
816                }
817            }
818        }
819
820        coord_bail!("unable to create a new portal");
821    }
822
823    /// Resets the session to its initial state. Returns sinks that need to be
824    /// dropped.
825    pub fn reset(&mut self) {
826        let _ = self.clear_transaction();
827        self.prepared_statements.clear();
828        self.vars.reset_all();
829    }
830
831    /// Returns the [application_name] that created this session.
832    ///
833    /// [application_name]: (https://www.postgresql.org/docs/current/runtime-config-logging.html#GUC-APPLICATION-NAME)
834    pub fn application_name(&self) -> &str {
835        self.vars.application_name()
836    }
837
838    /// Returns a reference to the variables in this session.
839    pub fn vars(&self) -> &SessionVars {
840        &self.vars
841    }
842
843    /// Returns a mutable reference to the variables in this session.
844    pub fn vars_mut(&mut self) -> &mut SessionVars {
845        &mut self.vars
846    }
847
848    /// Grants a set of write locks to this session's inner [`Transaction`].
849    ///
850    /// # Panics
851    /// If the inner transaction is idle. See [`TransactionStatus::try_grant_write_locks`].
852    ///
853    pub fn try_grant_write_locks(&mut self, guards: WriteLocks) -> Result<(), &WriteLocks> {
854        self.transaction.try_grant_write_locks(guards)
855    }
856
857    /// Drains any external metadata updates and applies the changes from the latest update.
858    pub fn apply_external_metadata_updates(&mut self) {
859        // If no sender is registered then there isn't anything to do.
860        let Some(rx) = &mut self.external_metadata_rx else {
861            return;
862        };
863
864        // If the value hasn't changed then return.
865        if !rx.has_changed().unwrap_or(false) {
866            return;
867        }
868
869        // Update our metadata! Note the short critical section (just a clone) to avoid blocking
870        // the sending side of this watch channel.
871        let metadata = rx.borrow_and_update().clone();
872        self.vars.set_external_user_metadata(metadata);
873    }
874
875    /// Applies the internal user metadata to the session.
876    pub fn apply_internal_user_metadata(&mut self, metadata: InternalUserMetadata) {
877        self.vars.set_internal_user_metadata(metadata);
878    }
879
880    /// Initializes the session's role metadata.
881    pub fn initialize_role_metadata(&mut self, role_id: RoleId) {
882        self.role_metadata = Some(RoleMetadata::new(role_id));
883    }
884
885    /// Ensures that a timestamp oracle exists for `timeline` and returns a mutable reference to
886    /// the timestamp oracle.
887    pub fn ensure_timestamp_oracle(&mut self, timeline: Timeline) -> &mut InMemoryTimestampOracle {
888        self.session_oracles.entry(timeline).or_insert_with(|| {
889            InMemoryTimestampOracle::new(Timestamp::minimum(), NowFn::from(Timestamp::minimum))
890        })
891    }
892
893    /// Ensures that a timestamp oracle exists for reads and writes from/to a local input and
894    /// returns a mutable reference to the timestamp oracle.
895    pub fn ensure_local_timestamp_oracle(&mut self) -> &mut InMemoryTimestampOracle {
896        self.ensure_timestamp_oracle(Timeline::EpochMilliseconds)
897    }
898
899    /// Returns a reference to the timestamp oracle for `timeline`.
900    pub fn get_timestamp_oracle(&self, timeline: &Timeline) -> Option<&InMemoryTimestampOracle> {
901        self.session_oracles.get(timeline)
902    }
903
904    /// If the current session is using the Strong Session Serializable isolation level advance the
905    /// session local timestamp oracle to `write_ts`.
906    pub fn apply_write(&mut self, timestamp: Timestamp) {
907        if self.vars().transaction_isolation() == &IsolationLevel::StrongSessionSerializable {
908            self.ensure_local_timestamp_oracle().apply_write(timestamp);
909        }
910    }
911
912    /// Returns the [`SessionMetrics`] instance associated with this [`Session`].
913    pub fn metrics(&self) -> &SessionMetrics {
914        &self.metrics
915    }
916
917    /// Sets the `BuiltinTableAppendNotify` for this session.
918    pub fn set_builtin_table_updates(&mut self, fut: BuiltinTableAppendNotify) {
919        let prev = self.builtin_updates.replace(fut);
920        mz_ore::soft_assert_or_log!(prev.is_none(), "replacing old builtin table notify");
921    }
922
923    /// Takes the stashed `BuiltinTableAppendNotify`, if one exists, and returns a [`Future`] that
924    /// waits for the writes to complete.
925    pub fn clear_builtin_table_updates(&mut self) -> Option<impl Future<Output = ()> + 'static> {
926        if let Some(fut) = self.builtin_updates.take() {
927            // Record how long we blocked for, if we blocked at all.
928            let histogram = self
929                .metrics()
930                .session_startup_table_writes_seconds()
931                .clone();
932            Some(async move {
933                fut.wall_time().observe(histogram).await;
934            })
935        } else {
936            None
937        }
938    }
939
940    /// Return the state_revision of the session, which can be used by dependent objects for knowing
941    /// when to re-plan due to session state changes.
942    pub fn state_revision(&self) -> u64 {
943        self.state_revision
944    }
945}
946
947/// A prepared statement.
948#[derive(Derivative, Clone)]
949#[derivative(Debug)]
950pub struct PreparedStatement {
951    stmt: Option<Statement<Raw>>,
952    desc: StatementDesc,
953    /// The most recent state revision that has verified this statement.
954    pub state_revision: StateRevision,
955    #[derivative(Debug = "ignore")]
956    logging: Arc<QCell<PreparedStatementLoggingInfo>>,
957}
958
959impl PreparedStatement {
960    /// Returns the AST associated with this prepared statement,
961    /// if the prepared statement was not the empty query.
962    pub fn stmt(&self) -> Option<&Statement<Raw>> {
963        self.stmt.as_ref()
964    }
965
966    /// Returns the description of the prepared statement.
967    pub fn desc(&self) -> &StatementDesc {
968        &self.desc
969    }
970
971    /// Returns a handle to the metadata for statement logging.
972    pub fn logging(&self) -> &Arc<QCell<PreparedStatementLoggingInfo>> {
973        &self.logging
974    }
975}
976
977/// A portal represents the execution state of a running or runnable query.
978#[derive(Derivative)]
979#[derivative(Debug)]
980pub struct Portal {
981    /// The statement that is bound to this portal.
982    pub stmt: Option<Arc<Statement<Raw>>>,
983    /// The statement description.
984    pub desc: StatementDesc,
985    /// The most recent state revision that has verified this portal.
986    pub state_revision: StateRevision,
987    /// The bound values for the parameters in the prepared statement, if any.
988    pub parameters: Params,
989    /// The desired output format for each column in the result set.
990    pub result_formats: Vec<Format>,
991    /// A handle to metadata needed for statement logging.
992    #[derivative(Debug = "ignore")]
993    pub logging: Arc<QCell<PreparedStatementLoggingInfo>>,
994    /// The execution state of the portal.
995    #[derivative(Debug = "ignore")]
996    pub state: PortalState,
997    /// Statement lifecycle timestamps coming from `mz-pgwire`.
998    pub lifecycle_timestamps: Option<LifecycleTimestamps>,
999}
1000
1001/// A mutable reference to a portal, capturing its state and associated metadata. Importantly, it
1002/// does _not_ give _mutable_ access to `stmt` and `desc`, which means that you do not need to
1003/// increment `Session::state_revision` when modifying fields through a `PortalRefMut`, because the
1004/// portal's meaning is not changed.
1005pub struct PortalRefMut<'a> {
1006    /// The statement that is bound to this portal.
1007    pub stmt: &'a Option<Arc<Statement<Raw>>>,
1008    /// The statement description.
1009    pub desc: &'a StatementDesc,
1010    /// The most recent state revision that has verified this portal.
1011    pub state_revision: &'a mut StateRevision,
1012    /// The bound values for the parameters in the prepared statement, if any.
1013    pub parameters: &'a mut Params,
1014    /// The desired output format for each column in the result set.
1015    pub result_formats: &'a mut Vec<Format>,
1016    /// A handle to metadata needed for statement logging.
1017    pub logging: &'a mut Arc<QCell<PreparedStatementLoggingInfo>>,
1018    /// The execution state of the portal.
1019    pub state: &'a mut PortalState,
1020    /// Statement lifecycle timestamps coming from `mz-pgwire`.
1021    pub lifecycle_timestamps: &'a mut Option<LifecycleTimestamps>,
1022}
1023
1024/// Points to a revision of catalog state and session state. When the current revisions are not the
1025/// same as the revisions when a prepared statement or a portal was described, we need to check
1026/// whether the description is still valid.
1027#[derive(Debug, Clone, Copy, PartialEq)]
1028pub struct StateRevision {
1029    /// A revision of the catalog.
1030    pub catalog_revision: u64,
1031    /// A revision of the session state.
1032    pub session_state_revision: u64,
1033}
1034
1035/// Execution states of a portal.
1036pub enum PortalState {
1037    /// Portal not yet started.
1038    NotStarted,
1039    /// Portal is a rows-returning statement in progress with 0 or more rows
1040    /// remaining.
1041    InProgress(Option<InProgressRows>),
1042    /// Portal has completed and should not be re-executed. If the optional string
1043    /// is present, it is returned as a CommandComplete tag, otherwise an error
1044    /// is sent.
1045    Completed(Option<String>),
1046}
1047
1048/// State of an in-progress, rows-returning portal.
1049pub struct InProgressRows {
1050    /// The current batch of rows.
1051    pub current: Option<Box<dyn RowIterator + Send + Sync>>,
1052    /// A stream from which to fetch more row batches.
1053    pub remaining: RecordFirstRowStream,
1054}
1055
1056impl InProgressRows {
1057    /// Creates a new InProgressRows from a batch stream.
1058    pub fn new(remaining: RecordFirstRowStream) -> Self {
1059        Self {
1060            current: None,
1061            remaining,
1062        }
1063    }
1064
1065    /// Determines whether the underlying stream has ended and there are also no more rows
1066    /// stashed in `current`.
1067    pub fn no_more_rows(&self) -> bool {
1068        self.remaining.no_more_rows && self.current.is_none()
1069    }
1070}
1071
1072/// A channel of batched rows.
1073pub type RowBatchStream = UnboundedReceiver<PeekResponseUnary>;
1074
1075/// Part of statement lifecycle. These are timestamps that come from the Adapter frontend
1076/// (`mz-pgwire`) part of the lifecycle.
1077#[derive(Debug, Clone)]
1078pub struct LifecycleTimestamps {
1079    /// When the query was received. More specifically, when the tokio recv returned.
1080    /// For a Simple Query, this is for the whole query, for the Extended Query flow, this is only
1081    /// for `FrontendMessage::Execute`. (This means that this is after parsing for the
1082    /// Extended Query flow.)
1083    pub received: EpochMillis,
1084}
1085
1086impl LifecycleTimestamps {
1087    /// Creates a new `LifecycleTimestamps`.
1088    pub fn new(received: EpochMillis) -> Self {
1089        Self { received }
1090    }
1091}
1092
1093/// The transaction status of a session.
1094///
1095/// PostgreSQL's transaction states are in backend/access/transam/xact.c.
1096#[derive(Debug)]
1097pub enum TransactionStatus {
1098    /// Idle. Matches `TBLOCK_DEFAULT`.
1099    Default,
1100    /// Running a single-query transaction. Matches
1101    /// `TBLOCK_STARTED`. In PostgreSQL, when using the extended query protocol, this
1102    /// may be upgraded into multi-statement implicit query (see [`Self::InTransactionImplicit`]).
1103    /// Additionally, some statements may trigger an eager commit of the implicit transaction,
1104    /// see: <https://git.postgresql.org/gitweb/?p=postgresql.git&a=commitdiff&h=f92944137>. In
1105    /// Materialize however, we eagerly commit all statements outside of an explicit transaction
1106    /// when using the extended query protocol. Therefore, we can guarantee that this state will
1107    /// always be a single-query transaction and never be upgraded into a multi-statement implicit
1108    /// query.
1109    Started(Transaction),
1110    /// Currently in a transaction issued from a `BEGIN`. Matches `TBLOCK_INPROGRESS`.
1111    InTransaction(Transaction),
1112    /// Currently in an implicit transaction started from a multi-statement query
1113    /// with more than 1 statements. Matches `TBLOCK_IMPLICIT_INPROGRESS`.
1114    InTransactionImplicit(Transaction),
1115    /// In a failed transaction. Matches `TBLOCK_ABORT`.
1116    Failed(Transaction),
1117}
1118
1119impl TransactionStatus {
1120    /// Extracts the inner transaction ops and write lock guard if not failed.
1121    pub fn into_ops_and_lock_guard(self) -> (Option<TransactionOps>, Option<WriteLocks>) {
1122        match self {
1123            TransactionStatus::Default | TransactionStatus::Failed(_) => (None, None),
1124            TransactionStatus::Started(txn)
1125            | TransactionStatus::InTransaction(txn)
1126            | TransactionStatus::InTransactionImplicit(txn) => {
1127                (Some(txn.ops), txn.write_lock_guards)
1128            }
1129        }
1130    }
1131
1132    /// Exposes the inner transaction.
1133    pub fn inner(&self) -> Option<&Transaction> {
1134        match self {
1135            TransactionStatus::Default => None,
1136            TransactionStatus::Started(txn)
1137            | TransactionStatus::InTransaction(txn)
1138            | TransactionStatus::InTransactionImplicit(txn)
1139            | TransactionStatus::Failed(txn) => Some(txn),
1140        }
1141    }
1142
1143    /// Exposes the inner transaction.
1144    pub fn inner_mut(&mut self) -> Option<&mut Transaction> {
1145        match self {
1146            TransactionStatus::Default => None,
1147            TransactionStatus::Started(txn)
1148            | TransactionStatus::InTransaction(txn)
1149            | TransactionStatus::InTransactionImplicit(txn)
1150            | TransactionStatus::Failed(txn) => Some(txn),
1151        }
1152    }
1153
1154    /// Whether the transaction's ops are DDL.
1155    pub fn is_ddl(&self) -> bool {
1156        match self {
1157            TransactionStatus::Default => false,
1158            TransactionStatus::Started(txn)
1159            | TransactionStatus::InTransaction(txn)
1160            | TransactionStatus::InTransactionImplicit(txn)
1161            | TransactionStatus::Failed(txn) => {
1162                matches!(txn.ops, TransactionOps::DDL { .. })
1163            }
1164        }
1165    }
1166
1167    /// Expresses whether or not the transaction was implicitly started.
1168    /// However, its negation does not imply explicitly started.
1169    pub fn is_implicit(&self) -> bool {
1170        match self {
1171            TransactionStatus::Started(_) | TransactionStatus::InTransactionImplicit(_) => true,
1172            TransactionStatus::Default
1173            | TransactionStatus::InTransaction(_)
1174            | TransactionStatus::Failed(_) => false,
1175        }
1176    }
1177
1178    /// Whether the transaction may contain multiple statements.
1179    pub fn is_in_multi_statement_transaction(&self) -> bool {
1180        match self {
1181            TransactionStatus::InTransaction(_) | TransactionStatus::InTransactionImplicit(_) => {
1182                true
1183            }
1184            TransactionStatus::Default
1185            | TransactionStatus::Started(_)
1186            | TransactionStatus::Failed(_) => false,
1187        }
1188    }
1189
1190    /// Whether we are in a multi-statement transaction, AND the query is immediate.
1191    pub fn in_immediate_multi_stmt_txn(&self, when: &QueryWhen) -> bool {
1192        self.is_in_multi_statement_transaction() && when == &QueryWhen::Immediately
1193    }
1194
1195    /// Grants the writes lock to the inner transaction, returning an error if the transaction
1196    /// has already been granted write locks.
1197    ///
1198    /// # Panics
1199    /// If `self` is `TransactionStatus::Default`, which indicates that the
1200    /// transaction is idle, which is not appropriate to assign the
1201    /// coordinator's write lock to.
1202    ///
1203    pub fn try_grant_write_locks(&mut self, guards: WriteLocks) -> Result<(), &WriteLocks> {
1204        match self {
1205            TransactionStatus::Default => panic!("cannot grant write lock to txn not yet started"),
1206            TransactionStatus::Started(txn)
1207            | TransactionStatus::InTransaction(txn)
1208            | TransactionStatus::InTransactionImplicit(txn)
1209            | TransactionStatus::Failed(txn) => txn.try_grant_write_locks(guards),
1210        }
1211    }
1212
1213    /// Returns the currently held [`WriteLocks`], if this transaction holds any.
1214    pub fn write_locks(&self) -> Option<&WriteLocks> {
1215        match self {
1216            TransactionStatus::Default => None,
1217            TransactionStatus::Started(txn)
1218            | TransactionStatus::InTransaction(txn)
1219            | TransactionStatus::InTransactionImplicit(txn)
1220            | TransactionStatus::Failed(txn) => txn.write_lock_guards.as_ref(),
1221        }
1222    }
1223
1224    /// The timeline of the transaction, if one exists.
1225    pub fn timeline(&self) -> Option<Timeline> {
1226        match self {
1227            TransactionStatus::Default => None,
1228            TransactionStatus::Started(txn)
1229            | TransactionStatus::InTransaction(txn)
1230            | TransactionStatus::InTransactionImplicit(txn)
1231            | TransactionStatus::Failed(txn) => txn.timeline(),
1232        }
1233    }
1234
1235    /// The cluster of the transaction, if one exists.
1236    pub fn cluster(&self) -> Option<ClusterId> {
1237        match self {
1238            TransactionStatus::Default => None,
1239            TransactionStatus::Started(txn)
1240            | TransactionStatus::InTransaction(txn)
1241            | TransactionStatus::InTransactionImplicit(txn)
1242            | TransactionStatus::Failed(txn) => txn.cluster(),
1243        }
1244    }
1245
1246    /// Snapshot of the catalog that reflects DDL operations run in this transaction.
1247    pub fn catalog_state(&self) -> Option<&CatalogState> {
1248        match self.inner() {
1249            Some(Transaction {
1250                ops: TransactionOps::DDL { state, .. },
1251                ..
1252            }) => Some(state),
1253            _ => None,
1254        }
1255    }
1256
1257    /// Reports whether any operations have been executed as part of this transaction
1258    pub fn contains_ops(&self) -> bool {
1259        match self.inner() {
1260            Some(txn) => txn.contains_ops(),
1261            None => false,
1262        }
1263    }
1264
1265    /// Checks whether the current state of this transaction allows writes
1266    /// (adding write ops).
1267    pub fn allows_writes(&self) -> bool {
1268        match self {
1269            TransactionStatus::Started(Transaction { ops, access, .. })
1270            | TransactionStatus::InTransaction(Transaction { ops, access, .. })
1271            | TransactionStatus::InTransactionImplicit(Transaction { ops, access, .. }) => {
1272                match ops {
1273                    TransactionOps::None => access != &Some(TransactionAccessMode::ReadOnly),
1274                    TransactionOps::Peeks { determination, .. } => {
1275                        // We can switch a peek-only transaction to a write
1276                        // transaction only if the peeks thus far are constant
1277                        // (i.e. they do not have a timestamp) and the
1278                        // transaction is not explicitly marked read-only.
1279                        access != &Some(TransactionAccessMode::ReadOnly)
1280                            && !determination.timestamp_context.contains_timestamp()
1281                    }
1282                    TransactionOps::Subscribe => false,
1283                    TransactionOps::Writes(_) => true,
1284                    TransactionOps::SingleStatement { .. } => false,
1285                    TransactionOps::DDL { .. } => false,
1286                }
1287            }
1288            TransactionStatus::Default | TransactionStatus::Failed(_) => {
1289                unreachable!()
1290            }
1291        }
1292    }
1293
1294    /// Adds operations to the current transaction. An error is produced if they cannot be merged
1295    /// (i.e., a timestamp-dependent read cannot be merged to an insert).
1296    ///
1297    /// The `DDL` variant is an exception and does not merge operations, but instead overwrites the
1298    /// old ops with the new ops. This is correct because it is only used in conjunction with the
1299    /// Dry Run catalog op which returns an error containing all of the ops, and those ops are
1300    /// passed to this function which then overwrites.
1301    ///
1302    /// # Panics
1303    /// If the operations are compatible but the operation metadata doesn't match. Such as reads at
1304    /// different timestamps, reads on different timelines, reads on different clusters, etc. It's
1305    /// up to the caller to make sure these are aligned.
1306    pub fn add_ops(&mut self, add_ops: TransactionOps) -> Result<(), AdapterError> {
1307        match self {
1308            TransactionStatus::Started(Transaction { ops, access, .. })
1309            | TransactionStatus::InTransaction(Transaction { ops, access, .. })
1310            | TransactionStatus::InTransactionImplicit(Transaction { ops, access, .. }) => {
1311                match ops {
1312                    TransactionOps::None => {
1313                        if matches!(access, Some(TransactionAccessMode::ReadOnly))
1314                            && matches!(add_ops, TransactionOps::Writes(_))
1315                        {
1316                            return Err(AdapterError::ReadOnlyTransaction);
1317                        }
1318                        *ops = add_ops;
1319                    }
1320                    TransactionOps::Peeks {
1321                        determination,
1322                        cluster_id,
1323                        requires_linearization,
1324                    } => match add_ops {
1325                        TransactionOps::Peeks {
1326                            determination: add_timestamp_determination,
1327                            cluster_id: add_cluster_id,
1328                            requires_linearization: add_requires_linearization,
1329                        } => {
1330                            assert_eq!(*cluster_id, add_cluster_id);
1331                            match (
1332                                &determination.timestamp_context,
1333                                &add_timestamp_determination.timestamp_context,
1334                            ) {
1335                                (
1336                                    TimestampContext::TimelineTimestamp {
1337                                        timeline: txn_timeline,
1338                                        chosen_ts: txn_ts,
1339                                        oracle_ts: _,
1340                                    },
1341                                    TimestampContext::TimelineTimestamp {
1342                                        timeline: add_timeline,
1343                                        chosen_ts: add_ts,
1344                                        oracle_ts: _,
1345                                    },
1346                                ) => {
1347                                    assert_eq!(txn_timeline, add_timeline);
1348                                    assert_eq!(txn_ts, add_ts);
1349                                }
1350                                (TimestampContext::NoTimestamp, _) => {
1351                                    *determination = add_timestamp_determination
1352                                }
1353                                (_, TimestampContext::NoTimestamp) => {}
1354                            };
1355                            if matches!(requires_linearization, RequireLinearization::NotRequired)
1356                                && matches!(
1357                                    add_requires_linearization,
1358                                    RequireLinearization::Required
1359                                )
1360                            {
1361                                *requires_linearization = add_requires_linearization;
1362                            }
1363                        }
1364                        // If the peeks thus far are constant (i.e. they do not
1365                        // have a timestamp), writes can follow and switch the
1366                        // transaction to a write transaction. But a read-only
1367                        // transaction must still reject the write. Without that
1368                        // check the write would silently turn a read-only
1369                        // transaction into a write transaction, and a later
1370                        // write would then trip the assert in the `Writes` arm
1371                        // below.
1372                        writes @ TransactionOps::Writes(..)
1373                            if !determination.timestamp_context.contains_timestamp() =>
1374                        {
1375                            if matches!(access, Some(TransactionAccessMode::ReadOnly)) {
1376                                return Err(AdapterError::ReadOnlyTransaction);
1377                            }
1378                            *ops = writes;
1379                        }
1380                        _ => return Err(AdapterError::ReadOnlyTransaction),
1381                    },
1382                    TransactionOps::Subscribe => {
1383                        return Err(AdapterError::SubscribeOnlyTransaction);
1384                    }
1385                    TransactionOps::Writes(txn_writes) => match add_ops {
1386                        TransactionOps::Writes(mut add_writes) => {
1387                            // We should have already checked the access above, but make sure we don't miss
1388                            // it anyway.
1389                            assert!(!matches!(access, Some(TransactionAccessMode::ReadOnly)));
1390                            txn_writes.append(&mut add_writes);
1391                        }
1392                        // Iff peeks do not have a timestamp (i.e. they are
1393                        // constant), we can permit them.
1394                        TransactionOps::Peeks { determination, .. }
1395                            if !determination.timestamp_context.contains_timestamp() => {}
1396                        _ => {
1397                            return Err(AdapterError::WriteOnlyTransaction);
1398                        }
1399                    },
1400                    TransactionOps::SingleStatement { .. } => {
1401                        return Err(AdapterError::SingleStatementTransaction);
1402                    }
1403                    TransactionOps::DDL {
1404                        ops: og_ops,
1405                        revision: og_revision,
1406                        state: og_state,
1407                        side_effects,
1408                        snapshot: og_snapshot,
1409                    } => match add_ops {
1410                        TransactionOps::DDL {
1411                            ops: new_ops,
1412                            revision: new_revision,
1413                            side_effects: mut net_new_side_effects,
1414                            state: new_state,
1415                            snapshot: new_snapshot,
1416                        } => {
1417                            if *og_revision != new_revision {
1418                                return Err(AdapterError::DDLTransactionRace);
1419                            }
1420                            // The old og_ops are overwritten, not extended.
1421                            if !new_ops.is_empty() {
1422                                *og_ops = new_ops;
1423                                *og_state = new_state;
1424                                *og_snapshot = new_snapshot;
1425                            }
1426                            side_effects.append(&mut net_new_side_effects);
1427                        }
1428                        _ => return Err(AdapterError::DDLOnlyTransaction),
1429                    },
1430                }
1431            }
1432            TransactionStatus::Default | TransactionStatus::Failed(_) => {
1433                unreachable!()
1434            }
1435        }
1436        Ok(())
1437    }
1438}
1439
1440/// An abstraction allowing us to identify different transactions.
1441pub type TransactionId = u64;
1442
1443impl Default for TransactionStatus {
1444    fn default() -> Self {
1445        TransactionStatus::Default
1446    }
1447}
1448
1449/// State data for transactions.
1450#[derive(Debug)]
1451pub struct Transaction {
1452    /// Plan context.
1453    pub pcx: PlanContext,
1454    /// Transaction operations.
1455    pub ops: TransactionOps,
1456    /// Uniquely identifies the transaction on a per connection basis.
1457    /// Two transactions started from separate connections may share the
1458    /// same ID.
1459    /// If all IDs have been exhausted, this will wrap around back to 0.
1460    pub id: TransactionId,
1461    /// Locks for objects this transaction will operate on.
1462    write_lock_guards: Option<WriteLocks>,
1463    /// Access mode (read only, read write).
1464    access: Option<TransactionAccessMode>,
1465}
1466
1467impl Transaction {
1468    /// Tries to grant the write lock to this transaction for the remainder of its lifetime. Errors
1469    /// if this [`Transaction`] has already been granted write locks.
1470    fn try_grant_write_locks(&mut self, guards: WriteLocks) -> Result<(), &WriteLocks> {
1471        match &mut self.write_lock_guards {
1472            Some(existing) => Err(existing),
1473            locks @ None => {
1474                *locks = Some(guards);
1475                Ok(())
1476            }
1477        }
1478    }
1479
1480    /// The timeline of the transaction, if one exists.
1481    fn timeline(&self) -> Option<Timeline> {
1482        match &self.ops {
1483            TransactionOps::Peeks {
1484                determination:
1485                    TimestampDetermination {
1486                        timestamp_context: TimestampContext::TimelineTimestamp { timeline, .. },
1487                        ..
1488                    },
1489                ..
1490            } => Some(timeline.clone()),
1491            TransactionOps::Peeks { .. }
1492            | TransactionOps::None
1493            | TransactionOps::Subscribe
1494            | TransactionOps::Writes(_)
1495            | TransactionOps::SingleStatement { .. }
1496            | TransactionOps::DDL { .. } => None,
1497        }
1498    }
1499
1500    /// The cluster of the transaction, if one exists.
1501    pub fn cluster(&self) -> Option<ClusterId> {
1502        match &self.ops {
1503            TransactionOps::Peeks { cluster_id, .. } => Some(cluster_id.clone()),
1504            TransactionOps::None
1505            | TransactionOps::Subscribe
1506            | TransactionOps::Writes(_)
1507            | TransactionOps::SingleStatement { .. }
1508            | TransactionOps::DDL { .. } => None,
1509        }
1510    }
1511
1512    /// Reports whether any operations have been executed as part of this transaction
1513    fn contains_ops(&self) -> bool {
1514        !matches!(self.ops, TransactionOps::None)
1515    }
1516}
1517
1518/// A transaction's status code.
1519#[derive(Debug, Clone, Copy)]
1520pub enum TransactionCode {
1521    /// Not currently in a transaction
1522    Idle,
1523    /// Currently in a transaction
1524    InTransaction,
1525    /// Currently in a transaction block which is failed
1526    Failed,
1527}
1528
1529impl From<TransactionCode> for u8 {
1530    fn from(code: TransactionCode) -> Self {
1531        match code {
1532            TransactionCode::Idle => b'I',
1533            TransactionCode::InTransaction => b'T',
1534            TransactionCode::Failed => b'E',
1535        }
1536    }
1537}
1538
1539impl From<TransactionCode> for String {
1540    fn from(code: TransactionCode) -> Self {
1541        char::from(u8::from(code)).to_string()
1542    }
1543}
1544
1545impl From<&TransactionStatus> for TransactionCode {
1546    /// Convert from the Session's version
1547    fn from(status: &TransactionStatus) -> TransactionCode {
1548        match status {
1549            TransactionStatus::Default => TransactionCode::Idle,
1550            TransactionStatus::Started(_) => TransactionCode::InTransaction,
1551            TransactionStatus::InTransaction(_) => TransactionCode::InTransaction,
1552            TransactionStatus::InTransactionImplicit(_) => TransactionCode::InTransaction,
1553            TransactionStatus::Failed(_) => TransactionCode::Failed,
1554        }
1555    }
1556}
1557
1558/// The type of operation being performed by the transaction.
1559///
1560/// This is needed because we currently do not allow mixing reads and writes in
1561/// a transaction. Use this to record what we have done, and what may need to
1562/// happen at commit.
1563#[derive(Derivative)]
1564#[derivative(Debug)]
1565pub enum TransactionOps {
1566    /// The transaction has been initiated, but no statement has yet been executed
1567    /// in it.
1568    None,
1569    /// This transaction has had a peek (`SELECT`, `SUBSCRIBE`). If the inner value
1570    /// is has a timestamp, it must only do other peeks. However, if it doesn't
1571    /// have a timestamp (i.e. the values are constants), the transaction can still
1572    /// perform writes.
1573    Peeks {
1574        /// The timestamp and timestamp related metadata for the peek.
1575        determination: TimestampDetermination,
1576        /// The cluster used to execute peeks.
1577        cluster_id: ClusterId,
1578        /// Whether this peek needs to be linearized.
1579        requires_linearization: RequireLinearization,
1580    },
1581    /// This transaction has done a `SUBSCRIBE` and must do nothing else.
1582    Subscribe,
1583    /// This transaction has had a write (`INSERT`, `UPDATE`, `DELETE`) and must
1584    /// only do other writes, or reads whose timestamp is None (i.e. constants).
1585    Writes(Vec<WriteOp>),
1586    /// This transaction has a prospective statement that will execute during commit.
1587    SingleStatement {
1588        /// The prospective statement.
1589        stmt: Arc<Statement<Raw>>,
1590        /// The statement params.
1591        params: mz_sql::plan::Params,
1592    },
1593    /// This transaction has run some _simple_ DDL and must do nothing else. Any statement/plan that
1594    /// uses this must return false in `must_serialize_ddl()` because this is serialized instead in
1595    /// `sequence_plan()` during `COMMIT`.
1596    DDL {
1597        /// Catalog operations that have already run, and must run before each subsequent op.
1598        ops: Vec<crate::catalog::Op>,
1599        /// In-memory state that reflects the previously applied ops.
1600        state: CatalogState,
1601        /// A list of side effects that should be executed if this DDL transaction commits.
1602        #[derivative(Debug = "ignore")]
1603        side_effects: Vec<
1604            Box<
1605                dyn for<'a> FnOnce(
1606                        &'a mut Coordinator,
1607                        Option<&'a mut ExecuteContext>,
1608                    ) -> Pin<Box<dyn Future<Output = ()> + 'a>>
1609                    + Send
1610                    + Sync,
1611            >,
1612        >,
1613        /// Transient revision of the `Catalog` when this transaction started.
1614        revision: u64,
1615        /// Snapshot of the durable transaction state after the last dry run.
1616        /// Used to initialize the next dry run's transaction so it starts
1617        /// in sync with the accumulated `state`. `None` for the first
1618        /// statement in the transaction (before any dry run).
1619        snapshot: Option<Snapshot>,
1620    },
1621}
1622
1623impl TransactionOps {
1624    fn timestamp_determination(self) -> Option<TimestampDetermination> {
1625        match self {
1626            TransactionOps::Peeks { determination, .. } => Some(determination),
1627            TransactionOps::None
1628            | TransactionOps::Subscribe
1629            | TransactionOps::Writes(_)
1630            | TransactionOps::SingleStatement { .. }
1631            | TransactionOps::DDL { .. } => None,
1632        }
1633    }
1634}
1635
1636impl Default for TransactionOps {
1637    fn default() -> Self {
1638        Self::None
1639    }
1640}
1641
1642/// An `INSERT` waiting to be committed.
1643#[derive(Debug, Clone, PartialEq)]
1644pub struct WriteOp {
1645    /// The target table.
1646    pub id: CatalogItemId,
1647    /// The data rows.
1648    pub rows: TableData,
1649}
1650
1651/// Whether a transaction requires linearization.
1652#[derive(Debug)]
1653pub enum RequireLinearization {
1654    /// Linearization is required.
1655    Required,
1656    /// Linearization is not required.
1657    NotRequired,
1658}
1659
1660impl From<&ExplainContext> for RequireLinearization {
1661    fn from(ctx: &ExplainContext) -> Self {
1662        match ctx {
1663            ExplainContext::None | ExplainContext::PlanInsightsNotice(_) => {
1664                RequireLinearization::Required
1665            }
1666            _ => RequireLinearization::NotRequired,
1667        }
1668    }
1669}
1670
1671/// A complete set of exclusive locks for writing to collections identified by [`CatalogItemId`]s.
1672///
1673/// To prevent deadlocks between two sessions, we do not allow acquiring a partial set of locks.
1674#[derive(Debug)]
1675pub struct WriteLocks {
1676    locks: BTreeMap<CatalogItemId, tokio::sync::OwnedMutexGuard<()>>,
1677    /// Connection that currently holds these locks, used for tracing purposes only.
1678    conn_id: ConnectionId,
1679}
1680
1681impl WriteLocks {
1682    /// Create a [`WriteLocksBuilder`] pre-defining all of the locks we need.
1683    ///
1684    /// When "finishing" the builder with [`WriteLocksBuilder::all_or_nothing`], if we haven't
1685    /// acquired all of the necessary locks we drop any partially acquired ones.
1686    pub fn builder(sources: impl IntoIterator<Item = CatalogItemId>) -> WriteLocksBuilder {
1687        let locks = sources.into_iter().map(|gid| (gid, None)).collect();
1688        WriteLocksBuilder { locks }
1689    }
1690
1691    /// Validate this set of [`WriteLocks`] is sufficient for the provided collections.
1692    /// Dropping the currently held locks if it's not.
1693    pub fn validate(
1694        self,
1695        collections: impl Iterator<Item = CatalogItemId>,
1696    ) -> Result<Self, BTreeSet<CatalogItemId>> {
1697        let mut missing = BTreeSet::new();
1698        for collection in collections {
1699            if !self.locks.contains_key(&collection) {
1700                missing.insert(collection);
1701            }
1702        }
1703
1704        if missing.is_empty() {
1705            Ok(self)
1706        } else {
1707            // Explicitly drop the already acquired locks.
1708            drop(self);
1709            Err(missing)
1710        }
1711    }
1712}
1713
1714impl Drop for WriteLocks {
1715    fn drop(&mut self) {
1716        // We may have merged the locks into GroupCommitWriteLocks, thus it could be empty.
1717        if !self.locks.is_empty() {
1718            tracing::info!(
1719                conn_id = %self.conn_id,
1720                locks = ?self.locks,
1721                "dropping write locks",
1722            );
1723        }
1724    }
1725}
1726
1727/// A builder struct that helps us acquire all of the locks we need, or none of them.
1728///
1729/// See [`WriteLocks::builder`].
1730#[derive(Debug)]
1731pub struct WriteLocksBuilder {
1732    locks: BTreeMap<CatalogItemId, Option<tokio::sync::OwnedMutexGuard<()>>>,
1733}
1734
1735impl WriteLocksBuilder {
1736    /// Adds a lock to this builder.
1737    pub fn insert_lock(&mut self, id: CatalogItemId, lock: tokio::sync::OwnedMutexGuard<()>) {
1738        self.locks.insert(id, Some(lock));
1739    }
1740
1741    /// Finish this builder by returning either all of the necessary locks, or none of them.
1742    ///
1743    /// If we fail to acquire all of the locks, returns one of the [`CatalogItemId`]s that we
1744    /// failed to acquire a lock for, that should be awaited so we know when to run again.
1745    pub fn all_or_nothing(self, conn_id: &ConnectionId) -> Result<WriteLocks, CatalogItemId> {
1746        let (locks, missing): (BTreeMap<_, _>, BTreeSet<_>) =
1747            self.locks
1748                .into_iter()
1749                .partition_map(|(gid, lock)| match lock {
1750                    Some(lock) => itertools::Either::Left((gid, lock)),
1751                    None => itertools::Either::Right(gid),
1752                });
1753
1754        match missing.iter().next() {
1755            None => {
1756                tracing::info!(%conn_id, ?locks, "acquired write locks");
1757                Ok(WriteLocks {
1758                    locks,
1759                    conn_id: conn_id.clone(),
1760                })
1761            }
1762            Some(gid) => {
1763                tracing::info!(?missing, "failed to acquire write locks");
1764                // Explicitly drop the already acquired locks.
1765                drop(locks);
1766                Err(*gid)
1767            }
1768        }
1769    }
1770}
1771
1772/// Collection of [`WriteLocks`] gathered during [`group_commit`].
1773///
1774/// Note: This struct should __never__ be used outside of group commit because it attempts to merge
1775/// together several collections of [`WriteLocks`] which if not done carefully can cause deadlocks
1776/// or consistency violations.
1777///
1778/// We must prevent writes from occurring to tables during read then write plans (e.g. `UPDATE`)
1779/// but we can allow blind writes (e.g. `INSERT`) to get committed concurrently at the same
1780/// timestamp when submitting the updates from a read then write plan.
1781///
1782/// Naively it would seem as though we could allow blind writes to occur whenever as blind writes
1783/// could never cause invalid retractions, but it could cause us to violate serializability because
1784/// there is no total order we could define for the transactions. Consider the following scenario:
1785///
1786/// ```text
1787/// table: foo
1788///
1789///  a | b
1790/// --------
1791///  x   2
1792///  y   3
1793///  z   4
1794///
1795/// -- Session(A)
1796/// -- read then write plan, reads at t0, writes at t3, transaction Ta
1797/// DELETE FROM foo WHERE b % 2 = 0;
1798///
1799///
1800/// -- Session(B)
1801/// -- blind write into foo, writes at t1, transaction Tb
1802/// INSERT INTO foo VALUES ('q', 6);
1803/// -- select from foo, reads at t2, transaction Tc
1804/// SELECT * FROM foo;
1805///
1806///
1807/// The times these operations occur at are ordered:
1808/// t0 < t1 < t2 < t3
1809///
1810/// Given the timing of the operations, the transactions must have the following order:
1811///
1812/// * Ta does not observe ('q', 6), so Ta < Tb
1813/// * Tc does observe ('q', 6), so Tb < Tc
1814/// * Tc does not observe the retractions from Ta, so Tc < Ta
1815///
1816/// For total order to exist, Ta < Tb < Tc < Ta, which is impossible.
1817/// ```
1818///
1819/// [`group_commit`]: super::coord::Coordinator::group_commit
1820#[derive(Debug, Default)]
1821pub(crate) struct GroupCommitWriteLocks {
1822    locks: BTreeMap<CatalogItemId, tokio::sync::OwnedMutexGuard<()>>,
1823}
1824
1825impl GroupCommitWriteLocks {
1826    /// Merge a set of [`WriteLocks`] into this collection for group commit.
1827    pub fn merge(&mut self, mut locks: WriteLocks) {
1828        // Note: Ideally we would use `.drain`, but that method doesn't exist for BTreeMap.
1829        //
1830        // See: <https://github.com/rust-lang/rust/issues/81074>
1831        let existing = std::mem::take(&mut locks.locks);
1832        self.locks.extend(existing);
1833    }
1834
1835    /// Returns the collections we're missing locks for, if any.
1836    pub fn missing_locks(
1837        &self,
1838        writes: impl Iterator<Item = CatalogItemId>,
1839    ) -> BTreeSet<CatalogItemId> {
1840        let mut missing = BTreeSet::new();
1841        for write in writes {
1842            if !self.locks.contains_key(&write) {
1843                missing.insert(write);
1844            }
1845        }
1846        missing
1847    }
1848}
1849
1850impl Drop for GroupCommitWriteLocks {
1851    fn drop(&mut self) {
1852        if !self.locks.is_empty() {
1853            tracing::info!(
1854                locks = ?self.locks,
1855                "dropping group commit write locks",
1856            );
1857        }
1858    }
1859}