15.06.2023 17:49, Tom Lane пишет:
"David G. Johnston" <david.g.johns...@gmail.com> writes:
The failure to find and execute the function code itself is not a failure
mode that these markers need be concerned with. Assuming one can execute
the function an immutable function will give the same answer for the same
input for all time.
The viewpoint taken in the docs I mentioned is that an IMMUTABLE
marker is a promise from the user to the system about the behavior
of a function. While the system does provide a few simple tools
to catch obvious errors and to make it easier to write functions
that obey such promises, it's mostly on the user to get it right.
In particular, we've never enforced that an immutable function can't
call non-immutable functions. While that would seem like a good idea
in the abstract, we've intentionally not tried to do it. (I'm pretty
sure there is more than one round of previous discussions of the point
in the archives, although locating relevant threads seems hard.)
One reason not to is that polymorphic functions have to be marked
with worst-case volatility labels. There are plenty of examples of
functions that are stable for some input types and immutable for
others (array_to_string, for instance); but the marking system can't
represent that so we have to label them stable. Enforcing that a
user-defined immutable function can't use such a function might
just break things for no gain.
"Stable vs Immutable" is much lesser problem compared to "ReadOnly vs
Volatile".
Executing fairly read-only function more times than necessary (or less
times),
doesn't modify data in unexpecting way.
But executing immutable/stable function, that occasionally modifies
data, could
lead to different unexpected effects due to optimizer decided to call
them more
or less times than query assumes.
Some vulnerabilities were present due to user defined functions used in
index
definitions started to modify data. If "read-only" execution were forced
in index
operations, those issues couldn't happen.
> it's mostly on the user to get it right.
It is really bad premise. Users does strange things and aren't expected
to be
professionals who really understand whole PostgreSQL internals.
And it is strange to hear it at the same time we don't allow users to do
query hints
since "optimizer does better" :-D
Ok, I'd go and cool myself. Certainly I don't get some point.
