Reconsider nbtree page deletion assertion.

petergeoghegan · petergeoghegan · commit 67b0b2dbf947 · 2020-05-19T15:04:34.000-07:00
Commit 624686a added an assertion that verified that _bt_search successfully relocated the leaf page undergoing deletion. Page deletion cannot deal with the case where the descent stack is to the right of the page, so this seemed critical (deletion can only handle the case where the descent stack is to the left of the leaf/target page). However, the assertion went a bit too far. Since only a buffer pin is held on the leaf page throughout the call to _bt_search, nothing guarantees that it can't have split during this small window. And if does actually split, _bt_search may end up "relocating" a page to the right of the original target leaf page. This scenario seems extremely unlikely, but it must still be considered. Remove the assertion, and document how we cope in this scenario.
diff --git a/src/backend/access/nbtree/nbtpage.c b/src/backend/access/nbtree/nbtpage.c
@@ -1599,15 +1599,22 @@ _bt_pagedel(Relation rel, Buffer leafbuf, TransactionId *oldestBtpoXact)
 				itup_key->pivotsearch = true;
 				stack = _bt_search(rel, itup_key, &sleafbuf, BT_READ, NULL);
 				/* won't need a second lock or pin on leafbuf */
-				Assert(leafblkno == BufferGetBlockNumber(sleafbuf) ||
-					   !itup_key->heapkeyspace);
 				_bt_relbuf(rel, sleafbuf);
 
 				/*
 				 * Re-lock the leaf page, and start over to use our stack
 				 * within _bt_mark_page_halfdead.  We must do it that way
 				 * because it's possible that leafbuf can no longer be
 				 * deleted.  We need to recheck.
+				 *
+				 * Note: We can't simply hold on to the sleafbuf lock instead,
+				 * because it's barely possible that sleafbuf is not the same
+				 * page as leafbuf.  This happens when leafbuf split after our
+				 * original lock was dropped, but before _bt_search finished
+				 * its descent.  We rely on the assumption that we'll find
+				 * leafbuf isn't safe to delete anymore in this scenario.
+				 * (Page deletion can cope with the stack being to the left of
+				 * leafbuf, but not to the right of leafbuf.)
 				 */
 				LockBuffer(leafbuf, BT_WRITE);
 				continue;
@@ -1735,9 +1742,8 @@ _bt_mark_page_halfdead(Relation rel, Buffer leafbuf, BTStack stack)
 	 * Before attempting to lock the parent page, check that the right sibling
 	 * is not in half-dead state.  A half-dead right sibling would have no
 	 * downlink in the parent, which would be highly confusing later when we
-	 * delete the downlink that follows the leafbuf page's downlink.  It would
-	 * fail the "right sibling of target page is also the next child in parent
-	 * page" cross-check below.
+	 * delete the downlink.  It would fail the "right sibling of target page
+	 * is also the next child in parent page" cross-check below.
 	 */
 	if (_bt_rightsib_halfdeadflag(rel, leafrightsib))
 	{
