It was forgotten to swap old and new mask (holding fields involved into
foreign key relation) during space alteration (lists of object
representing FK metadata are swapped successfully). Since mask is vital
and depending on its value different byte-codes implementing SQL query
can be produced, this mistake resulted in assertion fault in debug build
and wrong constraint check in release build. Let's fix this bug and swap
masks as well as foreign key lists.

Closes #4495

ENGINE became reserved keyword in 1013a744. There's no any actual
reason why ENGINE should be reserved keyword. What is more, we are going
to use this word as a name of some fields for tables forming
informational schema. Hence, until it is too late (it is not documented
yet), let's remove ENGINE from the list of reserved keywords and allow
identifiers be that word.

Historically, we join a new replica off the last checkpoint. As a
result, we must always keep the last memtx snapshot and all vinyl data
files corresponding to it. Actually, there's no need to use the last
checkpoint for joining a replica. Instead we can use the current read
view as both memtx and vinyl support it. This should speed up the
process of joining a new replica, because we don't need to replay all
xlogs written after the last checkpoint, only those that are accumulated
while we are relaying the current read view. This should also allow us
to avoid creating a snapshot file on bootstrap, because the only reason
why we need it is allowing joining replicas. Besides, this is a step
towards decoupling the vinyl metadata log from checkpointing in
particular and from xlogs in general.

Closes #1271

This commit does not change a user visible behaviour. It refactors pwd
module to explicitly divide code that fetches data from passwd / group
databases from code that performs deserialization of the data to Lua
tables.

The idea of splitting of those actions appears when it was observed that
a call of getpw() / getgr() leads to problems on some systems when it is
invoked during passwd / group database traveral.

Now it is more obvious that we don't call getpw() during passwd
traversal and getgr() during group traveral.

Follows up #4428 and #4447.

Aside of that fixed other badges URLs to point to master branch.

(cherry picked from commit 7965aaaa88e6eaf266d2e51776598ac05a4a6cde)

LTO build fails on warning message:
In file included from /tarantool/src/lib/core/diag.h:33:0,
                 from /tarantool/src/box/engine.h:36,
                 from /tarantool/src/box/memtx_engine.h:40,
                 from /tarantool/src/box/memtx_engine.c:31:
/tarantool/src/box/memtx_engine.c: In function
'metmx_tuple_chunk_delete':
/tarantool/src/trivia/util.h:201:49: error: initialization from
incompatible pointer type [-Werror]
  const typeof( ((type *)0)->member  ) *__mptr = (ptr); \
                                                 ^
/tarantool/src/box/memtx_engine.c:1115:3: note: in expansion of macro
'container_of'
   container_of((typeof(tuple_chunk->data) *)data,
   ^
/tarantool/src/trivia/util.h:201:49: error: (near initialization for
'tuple_chunk') [-Werror]
  const typeof( ((type *)0)->member  ) *__mptr = (ptr); \
                                                 ^
/tarantool/src/box/memtx_engine.c:1115:3: note: in expansion of macro
'container_of'
   container_of((typeof(tuple_chunk->data) *)data,

Closes #4438

This patch provides a test suite that allows us to make sure that
the SQL BOOLEAN type works as intended.

Part of #4228

In a configuration with several read-only and read-write instances, if
replication_connect_quorum is not greater than the amount of read-only
instances and replication_connect_timeout happens to be small enough
for some read-only instances to form a quorum and exceed the timeout
before any of the read-write instaces start, all these read-only
instances will choose themselves a read-only bootstrap leader.
This 'leader' will successfully bootstrap itself, but will fail to
register any of the other instances in _cluster table, since it isn't
writeable. As a result, some of the read-only instances will just die
unable to bootstrap from a read-only bootstrap leader, and when the
read-write instances are finally up, they'll see a single read-only
instance which managed to bootstrap itself and now gets a
REPLICASET_UUID_MISMATCH error, since no read-write instance will
choose it as bootstrap leader, and will rather bootstrap from one of
its read-write mates.

The described situation is clearly not what user has hoped for, so
throw an error, when a read-only instance tries to initiate the
bootstrap. The error will give the user a cue that he should increase
replication_connect_timeout.

Closes #4321

@TarantoolBot document
Title: replication: forbid to bootstrap read-only masters.

It is no longer possible to bootstrap a read-only instance in an emply
data directory as a master. You will see the following error trying to
do so:
```
ER_BOOTSTRAP_READONLY: Trying to bootstrap a local read-only instance as master
```
Now if you have a fresh instance, which has
`read_only=true` in an initial `box.cfg` call, you need to set up
replication from an instance which is either read-write, or has your
local instance's uuid in its `_cluster` table.

In case you have multiple read-only and read-write instances with
replication set up, and you still see the aforementioned error message,
this means that none of your read-write instances managed to start
listening on their port before read_only instances have exceeded the
`replication_connect_timeout`. In this case you should raise
`replication_connect_timeout` to a greater value.

* All test chunks related to luajit were moved from tarantool source
tree to the luajit repo
* Adjusted CMakeLists via creating a symlink to luajit test directory
to fix out-of-source tests

Closed #4478

rows_per_wal does not allow to properly limit size of WAL logs.
A user would need to estimate size of each WAL row to do that.
Now WAL supports option wal_max_size allowing to limit WAL size
much more precise.

Part of #3762

The json.encode() used to cause a segfault in case of recursive
table:
  tbl = {}
  tbl[1] = tbl
  json.encode(tbl)

Library doesn't test whether given object on Lua stack parsed
earlier, because it performs a lightweight in-depth traverse
of Lua stack. However it must stop when encode_max_depth is
reached (by design).

Tarantool's lua_cjson implementation has a bug introduced during
porting original library: it doesn't handle some corner cases:
entering into a map correctly increases a current depth, while
entering into an array didn't. This patch adopts author's
approach to check encode_max_depth limit. Thanks to handling this
constraint correctly the segfault no longer occurs.

Closes #4366

Added support for the following curl options:
* CURLOPT_PROXY
* CURLOPT_PROXYPORT
* CURLOPT_PROXYUSERPWD
* CURLOPT_NOPROXY

@TarantoolBot document
Title: httpc: proxy server options

Use 'proxy' option to specify the proxy server host or IP-address
(optionally may be prefixed with a scheme - e.g. http:// or https://).
'proxy_port' and 'proxy_user_pwd' options may be used to specify the
proxy port (443 for https proxy and 1080 for others by default) and
user credentials (format: [user name]:[password]) respectively.

If 'proxy' option is not set a value from the corresponding
environment variable will be used. Environment variable names are:
'http_proxy', 'https_proxy', 'ftp_proxy' etc. 'all_proxy' variable
is used if no protocol specific proxy was set.

Setting 'proxy' option to an empty string will explicitly disable the
use of a proxy, even if there is an environment variable set for it.

Set 'no_proxy' option to specify a comma separated list of hosts that
do not require a proxy to get reached, even if one is specified by
'proxy' option (or the corresponding environment variable). The only
wildcard available is a single * character, which matches all hosts,
and effectively disables the proxy. 'no_proxy' environment variable
will be used if this option is not set.

Setting 'no_proxy' option to an empty string will explicitly enable
the proxy for all host names, even if there is an environment variable
set for it.

See:
https://curl.haxx.se/libcurl/c/CURLOPT_PROXY.html
https://curl.haxx.se/libcurl/c/CURLOPT_PROXYPORT.html
https://curl.haxx.se/libcurl/c/CURLOPT_USERPWD.html
https://curl.haxx.se/libcurl/c/CURLOPT_NOPROXY.html

The test sql-tap/gh-3083-ephemeral-unref-tuples.test.lua took
too long runtime and failed to finish in timeout limit of 2
minutes when it runs near the end of the running queue:

No output during 120 seconds. Will abort after 120 seconds without output. List of workers not reporting the status:
- 012_sql-tap [sql-tap/gh-3083-ephemeral-unref-tuples.test.lua, vinyl] at var/012_sql-tap/gh-3083-ephemeral-unref-tuples.result:0
Test hung! Result content mismatch:
[File does not exists: sql-tap/gh-3083-ephemeral-unref-tuples.result]
[Main process] No output from workers. It seems that we hang. Send SIGKILL to workers; exiting...

Due to suggestion from Konstantin Osipov at gh-3845:
https://github.com/tarantool/tarantool/issues/3845#issue-385735959

The following tests:
  gh-3083-ephemeral-unref-tuples.test.lua
  gh-3332-tuple-format-leak.test.lua
where set to run only on memtx configuration.

Also the test:
  gh-3083-ephemeral-unref-tuples.test.lua
was removed from the test-run 'fragile' option flaky list.

Closed #4128

We know that madvise(MADV_DONTDUMP) is present
on linux based platforms only (macos doesn't
support it at all, freebsd requires MADV_NOCORE
or similar which is unsupported by now) thus
we should not print a warning on other systems
to not spam users.

Fixes #4464

Closes #2200
Closes #4113
Closes #2233

@TarantoolBot document
Title: The box.internal.sql_function_create is forbidden
Legacy mechanism box.internal.sql_function_create to make some
Lua function available in SQL is forbidden now.

To make some function available in SQL you need to use
box.schema.func.create() mechanism: you need to specify
1) function language and language-specific options(e.g. you
   are able to define a persistent Lua function)
2) whether this function is_deterministic or not: deterministic
   functions allows to generate more efficient SQL VDBE bytecode
   so you better specify it when it is true
3) the function returns type: a Tarantool type string describes
   a type of value returned by function
4) param_list - a table of Tarantool's types strings desccribe
   function argument types
5) exports - a table of Tarantool's frontends where this function
   should be available ('LUA' by default). You need to specify
   {'LUA', 'SQL'} to make function available both in SQL requests
   and visible in box.func folder

Example:
-- Case1: C function
-- function1.so has int divide() symbol
box.schema.func.create("function1.divide", {language = 'C',
			returns = 'number',
			param_list = {'number', 'number'},
			is_deterministic = true,
			exports = {'LUA', 'SQL'}})
box.execute('SELECT "function1.divide"(6, 3)')
- metadata:
  - name: '"function1.divide"(6, 3)'
    type: number
  rows:
  - [2]
box.schema.func.drop("function1.divide")

-- Case2: Persistent Lua function
box.schema.func.create("SUMMARIZE", {language = 'LUA',
			returns = 'number',
			body = 'function (a, b) return a + b end',
			param_list = {'number', 'number'},
			is_deterministic = true,
			exports = {'LUA', 'SQL'}})
box.execute('SELECT summarize(1, 2)')
- metadata:
  - name: summarize(1, 2)
    type: number
  rows:
  - [3]
box.schema.func.drop("summarize")

Moreover there is a special predefined Lua function LUA that
allows to evaluate a custom Lua expressions in SQL.
You need to pass a string in form "return ...." to LUA function
that returns more than one value of any type.

Example:
box.execute('SELECT lua(\'return 1 + 1\')')
- metadata:
  - name: lua('return 1 + 1')
    type: any
  rows:
  - [2]
box.execute('SELECT lua(\'return box.cfg.memtx_memory\')')
- metadata:
  - name: lua('return box.cfg.memtx_memory')
    type: any
  rows:
  - [268435456]

Now it is possible to move all SQL builtin functions to
Tarantool's function hash. An existent FuncDef function
representation was replaced with func_sql_builtin class.
It has a sql-specific method :call and :finalize, while
port API call is not supported and protected with stubs.

This patch removes FuncDef hash and sql_function_create endpoint,
but doesn't introduce something instead. Therefore few affected
tests are disabled. A required functionality would be fixed in
the next patch.

Following tests using sql_create_function are broken now.
They are going to be fixed in the next commit:
 sql-tap/alias.test.lua sql-tap/check.test.lua
 sql-tap/func5.test.lua sql-tap/lua_sql.test.lua
 sql-tap/subquery.test.lua sql-tap/trigger9.test.lua
 sql/errinj.result sql/errinj.test.lua
 sql/func-recreate.test.lua

Part of #2200, #4113, #2233

@TarantoolBot document
Title: SQL builtins priveleges

All SQL built-ins are executed on SQL privilege level that is
undefined yet.

Now all SQL builtins are unique, i.e. each function has the only
hash table entry. This technique requires to remove static argc
checks for some builtins(substr, round, like, trim, count,
group_concat). Now they raise a runtime error in case of invalid
usage.

Updated error messages correspondingly, to provide more
informative messages in such cases. Taking into account upcoming
changes, all built-in functions names are uppercased.

Needed for #2200, #4113, #2233

Replaced sql function flag SQL_FUNC_MINMAX with couple new flags
SQL_FUNC_MIN and SQL_FUNC_MAX. This allows to distinguish MIN and
MAX function by flag instead of using user_data context.

This allows to delete user_data field in FundDef object in
further refactoring.

Needed for #2200, #4113, #2233

Changed sql_vdbe_mem_alloc_region routine name to the
vdbe_mem_alloc_blob_region because we are going to introduce
a new function with a really similar (but more appropriate) name
vdbemem_alloc_on_region in following patch. Due to the fact that
the function used only in vdbe.c module it has been moved there
and has been marked as "static".

Needed for #2200, #4113, #2233

Before a46b5200 SQL implementation featured min()/max() functions
overloading: if one argument was passed, then aggregate version would be
invoked; otherwise - scalar one. We decided to get rid of it and rename
scalar version to LEAST()/GREATEST() correspondingly. However, assertion
inside their implementations has been remained: it verifies that number
of passed arguments is greater than 1. On the other hand, now one can
pass literally any number of arguments to this function, including one
(which results in fired mentioned assertion) and zero (which leads to
NULL dereference in expr.c: these functions are marked with
SQL_FUNC_NEEDCOLL flag, and as a consequence they are assumed to have at
least one argument). Firstly, let's place check that number of passed
arguments more than one. Secondly, let's not assume that functions with
SQL_FUNC_NEEDCOLL must have any arguments.

Closes #4453

Added "fragile" option to the flaky tests that are
not intended to be run in parallel with others.
Option set at the suite.ini file at the appropriate
suites with comments including the issue that stores
the fail.

Removed the jobs that is interesting to check on gitlab-ci
instead of travis-ci:
  - osx 13 "Sierra"
  - all LTO jobs
  - ASAN job

Part of #4410

This is a followup for 7691154a

In case of throwing client error because of inactive function
we did not destroy used port. It could possibly cause huge
memory leaks as could be seen with top or its analogues when
performing net.box test run in a loop.

Closes #4388

It turned out that patch d0e38d59 wasn't accompanied
w/ a test. Add proper check.

Currently we only enter orphan mode when instance fails to connect to
replication_connect_quorum remote instances during local recovery.
On bootstrap and manual replication configuration change an error is
thrown. We better enter orphan mode on manual config change, and leave
it only in case we managed to sync with replication_connect_quorum
instances.

Closes #4424

@TarantoolBot document
Title: document reaction on error in replication configuration change.

Now when issuing `box.cfg{replication={uri1, uri2, ...}}` and failing to
sync with replication_connect_quorum remote instances, the server will
throw an error, if it is bootstrapping, and just set its state to orphan
in all other cases (recovering from existing xlog/snap files or manually
changing box.cfg.replication on the fly). To leave orphan mode, you may
wait until the server manages to sync with replication_connect_quorum
instances.
In order to leave orphan mode you need to make the server sync with
enough instances. To do so, you may either:
1) set replication_connect_quorum to a lower value
2) reset box.cfg.replication to exclude instances that cannot
   be reached or synced with
3) just set box.cfg.replication to "" (empty string)

In 3-node replica-set, registering with the leader node
does not guarantee the registration record arrives to the second
peer immediately. The joining node may bootstrap faster than
the registration record arrives to the second peer, in which
case replication will fail to create a full mesh.

A follow up on gh-4305, fix failing args.test.py

To make it possible to develop and test related features on
systems without systemd.

WITH_SYSTEMD cmake flag is used to generate systemd related files:
unit, generator script, etc. To keep this behavior and make it possible
to use NOTIFY_SOCKET without other systemd-related stuff,
I added WITH_NOTIFY_SOCKET cmake flag.

It also required some changes to support other OS:

SOCK_CLOEXEC (not available on macOS) flag for socket()
is replaced with `fcntl(fd, F_SETFD, FD_CLOEXEC)` which has the same effect.

MSG_NOSIGNAL flag for sendmsg is also not available on macOS.
However it has SO_NOSIGPIPE flag for setsockopt which disables SIGPIPE.
So it requires different solution for different OS. Inspired by
https://nwat.xyz/blog/2014/01/16/porting-msg_more-and-msg_nosigpipe-to-osx/

Have to reduce send-buffer size to 4MB because larger values
are not supported on macOS by default. This value should be enough
for all systems because notification messages are usually less than 1KB.

Fixes #4436

System-wide dynamic libraries usually (always?) have NEEDED and RUNPATH
tags in a dynamic section (as `readelf -d /usr/lib/lib<...>.so` shows),
so when we link, say, with libssl.so, which depends on libz.so, a linker
does not complain against unresolved symbols that can be found in Z
library (if it is installed within a system).

Things are different when we linking with a static library. Say, when we
linking with libssl.a, which contains an unresolved symbol from Z
library, a linker reports an error. It is not possible to store an
information where to find unresolved symbols (NEEDED / RUNPATH) in a
static library (AFAIK).

We depend on three libraries that are depend on Z library: libcurl,
libssl and libcrypto (two latter are part of OpenSSL). When one of those
libraries is linked statically we should link with libz.so or libz.a
(depending on BUILD_STATIC flag). The patch doing exactly this.

The patch changes OPENSSL_LIBRARIES variable to fix the issue with
static linking of OpenSSL libraries. It also changes CURL_LIBRARIES in
the same way, however this does not alter any visible behaviour, because
OPENSSL_LIBRARIES is added to CURL_LIBRARIES. The latter change was made
to unify the way to choose libraries to link with: it is pure
refactoring part.

Fixes #4437.

Tuple fields can be named, accessed by name, indexed by name, but
till this commit field names couldn't be used in update
operations. Now it is possible.

This patch is a teaser of updates by JSON path.

Part of #1261

Rope will not be used by tuple_update directly in
next patches.

Rope library stores alloc, split and free functions by pointer,
that is a huge slog at performance, as any other virtual
function call. There is no reason, why the rope library may not
become a template, except historical ones.

The patch not only removes virtual functions, but also makes rope
deletion almost no-op in case if free() function is not defined.

A second motivation point of that patch is that original rope
structure was too big. Again, because it stored several pointers
to functions. In forthcoming patches on #1261 multiple ropes can
be created per each update, so it makes sense to reduce size of
this structure.

They are always region_aligned_alloc and region pointer. Lets use
them always inside tuple_update.c, with no necessity to pass
explicitly.

The patch is motivated by forthcoming updates by JSON path, which
will strongly complicate and perhaps slow down the tuple_update.c
code. The present patch as well as some next ones should smooth
these problems.

A manual action is needed after pulling of this commit to actually use
the downstream repository instead of the upstream one:

sed -i -e 's@https://github.com/curl/curl.git@https://github.com/tarantool/curl.git@' .git/config

It is part of our processes to use forked repositories for submodules.

Suggested by Konstantin Osipov.

Cleaned up the .gitlab-ci.yml file from duplicating
code - added templates that storres the needed
configuration values for different jobs.
Also moved the static_build from 'deploy' tag to
'deploy_test' tag to be sure that tests will not
be run under high load.

This problem is similar to the one fixed in commit
3c6c1cc9 (lua:fix decimal comparison
with nil)
We should handle box.NULL the same way.

Closes #4454