Merge pull request #447 from diffix/piotr/date_trunc

Support date_trunc

Author: pdobacz

pg_diffix/query/allowed_objects.h

@@ -8,6 +8,12 @@
  */
 extern bool is_allowed_function(Oid funcoid);
 
+/*
+ * Returns index of the primary argument of an allowed function, i.e. the one intended to
+ * be the column reference.
+ */
+extern int primary_arg_index(Oid funcoid);
+
 /*
  * Returns whether the OID points to a cast allowed in defining buckets.
  */

src/query/allowed_objects.c

@@ -14,18 +14,49 @@ static const char *const g_allowed_casts[] = {
     "ftod", "dtof",
     "int4_numeric", "float4_numeric", "float8_numeric",
     "numeric_float4", "numeric_float8",
+    "date_timestamptz",
     /**/
 };
 
-static const char *const g_allowed_builtins[] = {
+typedef struct FunctionByName
+{
+  const char *name;
+  int primary_arg;
+} FunctionByName;
+
+typedef struct FunctionByOid
+{
+  Oid funcid;
+  int primary_arg;
+} FunctionByOid;
+
+static const FunctionByName g_allowed_builtins[] = {
     /* rounding casts */
-    "ftoi2", "ftoi4", "ftoi8", "dtoi2", "dtoi4", "dtoi8", "numeric_int4",
+    (FunctionByName){.name = "ftoi2", .primary_arg = 0},
+    (FunctionByName){.name = "ftoi4", .primary_arg = 0},
+    (FunctionByName){.name = "ftoi8", .primary_arg = 0},
+    (FunctionByName){.name = "dtoi2", .primary_arg = 0},
+    (FunctionByName){.name = "dtoi4", .primary_arg = 0},
+    (FunctionByName){.name = "dtoi8", .primary_arg = 0},
+    (FunctionByName){.name = "numeric_int4", .primary_arg = 0},
     /* substring */
-    "text_substr", "text_substr_no_len", "bytea_substr", "bytea_substr_no_len",
+    (FunctionByName){.name = "text_substr", .primary_arg = 0},
+    (FunctionByName){.name = "text_substr_no_len", .primary_arg = 0},
+    (FunctionByName){.name = "bytea_substr", .primary_arg = 0},
+    (FunctionByName){.name = "bytea_substr_no_len", .primary_arg = 0},
     /* numeric generalization */
-    "dround", "numeric_round", "dceil", "numeric_ceil", "dfloor", "numeric_floor",
+    (FunctionByName){.name = "dround", .primary_arg = 0},
+    (FunctionByName){.name = "numeric_round", .primary_arg = 0},
+    (FunctionByName){.name = "dceil", .primary_arg = 0},
+    (FunctionByName){.name = "numeric_ceil", .primary_arg = 0},
+    (FunctionByName){.name = "dfloor", .primary_arg = 0},
+    (FunctionByName){.name = "numeric_floor", .primary_arg = 0},
     /* width_bucket */
-    "width_bucket_float8", "width_bucket_numeric",
+    (FunctionByName){.name = "width_bucket_float8", .primary_arg = 0},
+    (FunctionByName){.name = "width_bucket_numeric", .primary_arg = 0},
+    /* date_trunc */
+    (FunctionByName){.name = "timestamptz_trunc", .primary_arg = 1},
+    (FunctionByName){.name = "timestamp_trunc", .primary_arg = 1},
     /**/
 };
 
@@ -42,7 +73,7 @@ static const char *const g_implicit_range_builtins_untrusted[] = {
 
 /* Some allowed functions don't appear in the builtins catalog, so we must allow them manually by OID. */
 #define F_NUMERIC_ROUND_INT 1708
-static const Oid g_allowed_builtins_extra[] = {F_NUMERIC_ROUND_INT};
+static const FunctionByOid g_allowed_builtins_extra[] = {(FunctionByOid){.funcid = F_NUMERIC_ROUND_INT, .primary_arg = 0}};
 
 typedef struct AllowedCols
 {
@@ -116,6 +147,21 @@ static const FmgrBuiltin *fmgr_isbuiltin(Oid id)
   return &fmgr_builtins[index];
 }
 
+static bool is_func_member_of(Oid funcoid, const FunctionByName func_array[], int length)
+{
+  const FmgrBuiltin *fmgr_builtin = fmgr_isbuiltin(funcoid);
+  if (fmgr_builtin != NULL)
+  {
+    for (int i = 0; i < length; i++)
+    {
+      if (strcmp(func_array[i].name, fmgr_builtin->funcName) == 0)
+        return true;
+    }
+  }
+
+  return false;
+}
+
 static bool is_funcname_member_of(Oid funcoid, const char *const name_array[], int length)
 {
   const FmgrBuiltin *fmgr_builtin = fmgr_isbuiltin(funcoid);
@@ -131,6 +177,34 @@ static bool is_funcname_member_of(Oid funcoid, const char *const name_array[], i
   return false;
 }
 
+int primary_arg_index(Oid funcoid)
+{
+  for (int i = 0; i < ARRAY_LENGTH(g_implicit_range_udfs); i++)
+  {
+    /* We ensured that our UDFs have the primary arg first. */
+    if (*g_implicit_range_udfs[i] == funcoid)
+      return 0;
+  }
+
+  const FmgrBuiltin *fmgr_builtin = fmgr_isbuiltin(funcoid);
+  if (fmgr_builtin != NULL)
+  {
+    for (int i = 0; i < ARRAY_LENGTH(g_allowed_builtins); i++)
+    {
+      if (strcmp(g_allowed_builtins[i].name, fmgr_builtin->funcName) == 0)
+        return g_allowed_builtins[i].primary_arg;
+    }
+  }
+
+  for (int i = 0; i < ARRAY_LENGTH(g_allowed_builtins_extra); i++)
+  {
+    if (g_allowed_builtins_extra[i].funcid == funcoid)
+      return g_allowed_builtins_extra[i].primary_arg;
+  }
+
+  FAILWITH("Cannot identify the primary argument position for funcid %u.", funcoid);
+}
+
 bool is_allowed_cast(Oid funcoid)
 {
   return is_funcname_member_of(funcoid, g_allowed_casts, ARRAY_LENGTH(g_allowed_casts));
@@ -154,12 +228,12 @@ bool is_allowed_function(Oid funcoid)
       return true;
   }
 
-  if (is_funcname_member_of(funcoid, g_allowed_builtins, ARRAY_LENGTH(g_allowed_builtins)))
+  if (is_func_member_of(funcoid, g_allowed_builtins, ARRAY_LENGTH(g_allowed_builtins)))
     return true;
 
   for (int i = 0; i < ARRAY_LENGTH(g_allowed_builtins_extra); i++)
   {
-    if (g_allowed_builtins_extra[i] == funcoid)
+    if (g_allowed_builtins_extra[i].funcid == funcoid)
       return true;
   }
 

src/query/anonymization.c

@@ -534,6 +534,39 @@ static void append_seed_material(
   strcpy(existing_material + existing_material_length, new_material);
 }
 
+static char *datum_seed_material(Oid type, Datum value, bool is_null)
+{
+  if (is_null)
+  {
+    char *value_as_string = palloc(sizeof(char) * (4 + 1));
+    strcpy(value_as_string, "NULL");
+    return value_as_string;
+  }
+  else if (is_supported_numeric_type(type))
+  {
+    /* Normalize numeric values. */
+    double value_as_double = numeric_value_to_double(type, value);
+    char *value_as_string = palloc(sizeof(char) * DOUBLE_SHORTEST_DECIMAL_LEN);
+    double_to_shortest_decimal_buf(value_as_double, value_as_string);
+    return value_as_string;
+  }
+  else if (TypeCategory(type) == TYPCATEGORY_DATETIME)
+  {
+    char *value_as_string = palloc(sizeof(char) * (MAXDATELEN + 1));
+    /* Leveraging `json.h` with UTC to get style-stable encoding of various datetime types. */
+    const int tzp = 0;
+    JsonEncodeDateTime(value_as_string, value, type, &tzp);
+    return value_as_string;
+  }
+
+  /* Handle all other types by casting to text. */
+  Oid type_output_funcid = InvalidOid;
+  bool is_varlena = false;
+  getTypeOutputInfo(type, &type_output_funcid, &is_varlena);
+
+  return OidOutputFunctionCall(type_output_funcid, value);
+}
+
 typedef struct CollectMaterialContext
 {
   Query *query;
@@ -585,13 +618,9 @@ static bool collect_seed_material(Node *node, CollectMaterialContext *context)
     bool isnull;
     get_stable_expression_value(node, context->bound_params, &type, &value, &isnull);
 
-    if (!is_supported_numeric_type(type))
-      FAILWITH_LOCATION(exprLocation(node), "Unsupported constant type used in bucket definition!");
-
-    double const_as_double = numeric_value_to_double(type, value);
-    char const_as_string[DOUBLE_SHORTEST_DECIMAL_LEN];
-    double_to_shortest_decimal_buf(const_as_double, const_as_string);
-    append_seed_material(context->material, const_as_string, ',');
+    char *value_as_string = datum_seed_material(type, value, isnull);
+    append_seed_material(context->material, value_as_string, ',');
+    pfree(value_as_string);
   }
 
   /* We ignore unknown nodes. Validation should make sure nothing unsafe reaches this stage. */
@@ -617,36 +646,9 @@ static void collect_seed_material_hashes(Query *query, List *exprs, List **seed_
 
 static hash_t hash_label(Oid type, Datum value, bool is_null)
 {
-  if (is_null)
-    return hash_string("NULL");
-
-  if (is_supported_numeric_type(type))
-  {
-    /* Normalize numeric values. */
-    double value_as_double = numeric_value_to_double(type, value);
-    char value_as_string[DOUBLE_SHORTEST_DECIMAL_LEN];
-    double_to_shortest_decimal_buf(value_as_double, value_as_string);
-    return hash_string(value_as_string);
-  }
-
-  if (TypeCategory(type) == TYPCATEGORY_DATETIME)
-  {
-    char value_as_string[MAXDATELEN + 1];
-    /* Leveraging `json.h` with UTC to get style-stable encoding of various datetime types. */
-    const int tzp = 0;
-    JsonEncodeDateTime(value_as_string, value, type, &tzp);
-    return hash_string(value_as_string);
-  }
-
-  /* Handle all other types by casting to text. */
-  Oid type_output_funcid = InvalidOid;
-  bool is_varlena = false;
-  getTypeOutputInfo(type, &type_output_funcid, &is_varlena);
-
-  char *value_as_string = OidOutputFunctionCall(type_output_funcid, value);
+  char *value_as_string = datum_seed_material(type, value, is_null);
   hash_t hash = hash_string(value_as_string);
   pfree(value_as_string);
-
   return hash;
 }
 

src/query/validation.c

@@ -237,11 +237,14 @@ static void verify_bucket_expression(Node *node)
 
     Assert(list_length(func_expr->args) > 0); /* All allowed functions require at least one argument. */
 
-    if (!IsA(unwrap_cast(linitial(func_expr->args)), Var))
+    int primary_arg = primary_arg_index(func_expr->funcid);
+    if (!IsA(unwrap_cast(list_nth(func_expr->args, primary_arg)), Var))
       FAILWITH_LOCATION(func_expr->location, "Primary argument for a generalization function has to be a simple column reference.");
 
-    for (int i = 1; i < list_length(func_expr->args); i++)
+    for (int i = 0; i < list_length(func_expr->args); i++)
     {
+      if (i == primary_arg)
+        continue;
       Node *arg = unwrap_cast((Node *)list_nth(func_expr->args, i));
       if (!is_stable_expression(arg))
         FAILWITH_LOCATION(exprLocation(arg), "Non-primary arguments for a generalization function have to be simple constants.");

test/expected/datetime.out

@@ -16,6 +16,7 @@ INSERT INTO test_datetime VALUES
   (6, '2012-05-14', '14:59', '2012-05-14', '2012-05-14', '1 years'),
   (7, '2012-05-14', '14:59', '2012-05-14', '2012-05-14', '1 years');
 CALL diffix.mark_personal('test_datetime', 'id');
+GRANT ALL PRIVILEGES ON TABLE test_datetime TO diffix_test; 
 SET ROLE diffix_test;
 SET pg_diffix.session_access_level = 'anonymized_trusted';
 ----------------------------------------------------------------
@@ -30,7 +31,7 @@ SELECT diffix.access_level();
 ----------------------------------------------------------------
 -- Seeding
 ----------------------------------------------------------------
--- Datetime values are seeded the same regardless of global `datestyle` setting
+-- Datetime values are seeded in UTC the same regardless of global `datestyle` setting
 SET datestyle = 'SQL';
 SELECT ts, count(*) FROM test_datetime GROUP BY 1;
          ts          | count 
@@ -45,17 +46,35 @@ SELECT ts, count(*) FROM test_datetime GROUP BY 1;
  2012-05-14 00:00:00 |     9
 (1 row)
 
+SET TIMEZONE TO 'EST';
+SELECT tz, count(*) FROM test_datetime GROUP BY 1;
+           tz           | count 
+------------------------+-------
+ 2012-05-14 02:00:00-05 |    11
+(1 row)
+
 SET TIMEZONE TO 'UTC';
 SELECT tz, count(*) FROM test_datetime GROUP BY 1;
            tz           | count 
 ------------------------+-------
  2012-05-14 07:00:00+00 |    11
 (1 row)
 
-SET TIMEZONE TO DEFAULT;
+SET pg_diffix.session_access_level = 'direct';
+UPDATE test_datetime SET tz = '2012-05-14T07:00+00:00' WHERE true;
+SET pg_diffix.session_access_level = 'anonymized_trusted';
+SELECT tz, count(*) FROM test_datetime GROUP BY 1;
+           tz           | count 
+------------------------+-------
+ 2012-05-14 07:00:00+00 |    11
+(1 row)
+
+SET pg_diffix.session_access_level = 'direct';
+UPDATE test_datetime SET tz = '2012-05-14T08:00+01:00' WHERE true;
+SET pg_diffix.session_access_level = 'anonymized_trusted';
 SELECT tz, count(*) FROM test_datetime GROUP BY 1;
            tz           | count 
 ------------------------+-------
- 2012-05-14 00:00:00-07 |    11
+ 2012-05-14 07:00:00+00 |    11
 (1 row)
 

test/expected/validation.out

@@ -6,7 +6,8 @@ CREATE TABLE test_validation (
   discount REAL,
   birthday DATE,
   lunchtime TIME,
-  last_seen TIMESTAMP
+  last_seen TIMESTAMP,
+  last_seen_tz TIMESTAMP WITH TIME ZONE
 );
 CALL diffix.mark_personal('test_validation', 'id');
 CALL diffix.mark_not_filterable('test_validation', 'birthday');
@@ -116,12 +117,23 @@ GROUP BY 1, 2;
 
 SELECT
   substring(cast(last_seen AS text), 1, 3),
+  substring(cast(last_seen_tz AS text), 1, 3),
   substring(cast(birthday AS text), 2, 3),
   substring(cast(lunchtime AS varchar), 1, 4)
 FROM test_validation
+GROUP BY 1, 2, 3, 4;
+ substring | substring | substring | substring 
+-----------+-----------+-----------+-----------
+(0 rows)
+
+SELECT
+  date_trunc('year', last_seen),
+  date_trunc('year', last_seen_tz),
+  date_trunc('year', birthday)
+FROM test_validation
 GROUP BY 1, 2, 3;
- substring | substring | substring 
------------+-----------+-----------
+ date_trunc | date_trunc | date_trunc 
+------------+------------+------------
 (0 rows)
 
 -- Allow all functions post-anonymization.
@@ -427,6 +439,16 @@ SELECT COUNT(*) FROM test_validation GROUP BY substr('aaaa', 1, 2);
 ERROR:  [PG_DIFFIX] Primary argument for a generalization function has to be a simple column reference.
 LINE 1: SELECT COUNT(*) FROM test_validation GROUP BY substr('aaaa',...
                                                       ^
+-- Get rejected because of lack of interval support
+SELECT date_trunc('year', lunchtime) FROM test_validation GROUP BY 1;
+ERROR:  [PG_DIFFIX] Unsupported function used for generalization.
+LINE 1: SELECT date_trunc('year', lunchtime) FROM test_validation GR...
+               ^
+-- Get rejected because of averaging opportunity
+SELECT  date_trunc('year', last_seen_tz, 'EST') FROM test_validation GROUP BY 1;
+ERROR:  [PG_DIFFIX] Unsupported function used for generalization.
+LINE 1: SELECT  date_trunc('year', last_seen_tz, 'EST') FROM test_va...
+                ^
 -- Get rejected because expression node type is unsupported.
 SELECT COALESCE(discount, 20) FROM test_validation;
 ERROR:  [PG_DIFFIX] Unsupported generalization expression.