Fix relcache callback handling causing crashes

[erimatnor]

Fix a crash that could corrupt indexes when running VACUUM FULL pg_class.

The crash happens when caches are queried/updated within a cache
invalidation function, which can lead to corruption and recursive
cache invalidations.

To solve the issue, make sure the relcache invalidation callback is
simple and never invokes the relcache or syscache directly or
indirectly.

Some background: The extension is preloaded and thus have planner
hooks installed irrespective of whether the extension is actually
installed or not in the current database. However, the hooks need to
be disabled as long as the extension is not installed. To avoid always
having to dynamically check for the presence of the extension, the
state is cached in the session.

However, the cached state needs to be updated if the extension changes
(altered/dropped/created). Therefore, the relcache invalidation
callback mechanism is (ab)used in TimescaleDB to signal updates to the
extension state across all active backends.

The signaling is implemented by installing a dummy table as part of
the extension and any invalidation on the relid for that table signals
a change in the extension state. However, as of this change, the
actual state is no longer determined in the callback itself, since it
requires use of the relcache and causes the bad behavior. Therefore,
the only thing that remains in the callback after this change is to
reset the extension state.

The actual state is instead resolved on-demand, but can still be
cached when the extension is in the installed state and the dummy
table is present with a known relid. However, if the extension is not
installed, the extension state can no longer be cached as there is no
way to signal other backends that the state should be reset when they
don't know the dummy table's relid, and cannot resolve it from within
the callback itself.

Fixes #3924

Disable-Check: Commit-Count

[codecov]

Codecov Report

Merging #4193 (1b3f478) into main (566a4ff) will decrease coverage by 0.01%.
The diff coverage is 96.46%.

❗ Current head 1b3f478 differs from pull request most recent head 6cddc41. Consider uploading reports for the commit 6cddc41 to get more accurate results

@@            Coverage Diff             @@
##             main    #4193      +/-   ##
==========================================
- Coverage   90.77%   90.75%   -0.02%     
==========================================
  Files         215      215              
  Lines       39384    39464      +80     
==========================================
+ Hits        35750    35815      +65     
- Misses       3634     3649      +15     

Impacted Files	Coverage Δ
src/chunk.h	100.00% <ø> (ø)
src/ts_catalog/catalog.h	100.00% <ø> (ø)
tsl/src/fdw/data_node_scan_plan.c	98.21% <ø> (ø)
src/dimension_vector.c	86.36% <50.00%> (-0.85%)	⬇️
src/extension.c	85.85% <88.23%> (-4.44%)	⬇️
src/hypertable_restrict_info.c	95.84% <95.83%> (+0.33%)	⬆️
src/dimension_slice.c	93.88% <97.50%> (+0.06%)	⬆️
src/cache_invalidate.c	91.48% <100.00%> (-0.35%)	⬇️
src/chunk.c	94.16% <100.00%> (-0.64%)	⬇️
src/chunk_constraint.c	94.19% <100.00%> (ø)
... and 17 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 915bd03...6cddc41. Read the comment docs.

[erimatnor]

I tested manually these two things:

• That the PR code no longer reproduces the VACUUM FULL pg_class issue in [Bug]: Segmentation Fault when VACUUM FULL pg_class  #3924. Any help in trying to reproduce the bug with this code is appreciated. Hopefully no one can.
• That extension state tracking still works across multiple sessions:
  • E.g., create extension in one session and make sure the state is "created" in another
  • Make sure that dropping the extension in one session moves the state to "unknown" in another session.

[mkindahl]

A few comments, but I need to continue checking.

[mkindahl]

Approving this since the last comment is not critical.

[mfundul]

Will look into this PR more seriously as well.

[mfundul]

We should probably have a disclaimer in comments above every function that is potentially called in syscache callback context.

Something in the spirit of:

/*
 * WARNING: this function may be called in SysCache invalidation context. No SysCache accesses allowed.
 */

[mfundul]

Other than the above LGTM.

[mfundul]

Maybe add this here:

Assert(OidIsValid(fpinfo->shippable_extensions));

[erimatnor]

I removed the assertion since the function ts_extension_get_oid() cannot return an invalid OID.

[mfundul]

All .sql files we have that use @MODULE_PATHNAME@ don't have an .in extension. We're not very consistent. Also, I think this is the first test script that actually uses @MODULE_PATHNAME@.

[erimatnor]

Some test sql files use :MODULE_PATHNAME, because it is set at runtime via psql variables. The solution I use here is different and sets the @MODULE_PATHNAME@ to replace it at configuration (cmake) time. This is also why I added the .in extension. I think both are valid approaches, but the runtime-option isn't easily available for TAP tests.

Also, this sql file isn't strictly a test, but rather a library file. But not sure that matters.

If we are inconsistent elsewhere, we can fix that separately.