Extract mp_sizeof_ballot_max() and mp_encode_ballot() helpers from
iproto_reply_vote(), since they will be used by builtin
"internal.ballot" event soon.

While I'm at it, fix mp_sizeof_ballot() calculation: add forgotten map
element and replace mp_sizeof_uint(UINt*_MAX) with sizes of actual
values to be encoded.

Prerequisite #5272

NO_CHANGELOG=refactoring
NO_TEST=refactoring
NO_DOC=refactoring

Prompt bookkeeping introduced in 66ca6252 is not thread-safe, whilst the
logging environment is multithreaded: leave this feature only in main
(transaction) thread.

Closes #8124

NO_CHANGELOG=<gh-7169 was not release yet>
NO_DOC=bugfix
NO_TEST=<hard to make Tarantool flood log from multiple threads using
         current test harness>

Both of the callbacks in the `print` wrapper are expected to be called, but
`print` may throw errors, e.g.,
`print(setmetatable({}, {__tostring = error})`, so we need to call it in a
protected environment and execute the 'after' callback even if `print`
throws.

Closes #8136

NO_CHANGELOG=<gh-7186 was not released yet>
NO_DOC=bugfix

Every libunwind error during backtrace collection is reported with
`say_error`. Since commit 19abfd2a ("misc: get rid of fiber_gc")
backtraces are collected on each fiber gc allocation, of which there are
plenty.

For some reason (https://github.com/tarantool/tarantool/issues/7980)
each unw_step fails on mac, and an error is spammed to instance logs,
even though the backtrace is actually collected.

Silence the errors, since there is no much use for them anyway. And
silence all of them just to be consistent.

This doesn't close #7980, because that issue still needs a proper fix.
Although its severity is ameliorated now.

In-scope-of #7980

NO_DOC=bugfix
NO_CHANGELOG=bugfix
NO_TEST=nothing to test

lbox_push_event_f and lbox_push_event_f callback functions used for
passing the statement between txn and space on/before replace Lua
triggers don't assume that the transaction may be aborted by yield
after the current statement began (this may happen if a trigger callback
yields). In this case, all statements in txn would be rolled back and
txn_current_stmt would return NULL, leading to a crash.

Let's fix this by checking if the transaction is still active and
raising an error immediately if it isn't, thus skipping Lua triggers.

Notes:
 - We merged lbox_pop_txn_stmt_and_check_format into lbox_pop_txn_stmt,
   because the latter is only called by the former.
 - Since lbox_push_event_f callback may now fail, we have to update
   lbox_trigger_run to handle it.

Closes #8027

NO_DOC=bug fix

A remote space object presented by a net.box connection mimics the API
of a local space object presented by box.space. Currently, it misses
information about sequences. Let's add it.

Note, we have to handle the case when the recently introduced
_vspace_sequence system space view is missing on the remote host.
To check that this works correctly, we reuse the 2.10.4 test data
created by commit 1c33484d ("box: add auth_history and
last_modified fields to _user space"). We also add the 'gen.lua'
that can be used to regenerated the data.

Closes #7858

NO_DOC=bug fix

Note, this patch will be backported to 2.10 so we add upgrade function
for 2.10.5, not for 2.11.0.

Needed for #7858

@TarantoolBot document
Title: Document `_space_sequence` and `_vspace_sequence` system spaces

The `_space_sequence` system space was added long time ago (in 1.7.5)
along with the `_sequence` and `_sequence_data` system spaces, but it
was never documented. The space is used to attach sequences to spaces
and has the following fields:
 1. 'id', type 'unsigned'. Space id.
 2. 'sequence_id', type 'unsigned'. Id of the attached sequence.
 3. 'is_generated', type 'boolean'. True if the sequence was created
    automatically (`space:create_index('pk', {sequence = true})`)
 4. 'field', type 'unsigned'. Id of the space field that is set using
    the attached sequence.
 5. 'path', type 'string'. Path to the data within the field that is set
    using the attached sequence.

The `_vspace_sequence` is a system space view of the `_space_sequence`
space that, like any other system space view, shows only rows accessible
by the current user. It will be introduced in Tarantool 2.10.5.

Since commit 85ebbcc0 ("box: reset system space formats for
bootstrap"), it's illegal to use field names in the upgrade script.
The commit missed one place: upgrade of collation strength. Fix it.

NO_DOC=unreleased
NO_CHANGELOG=unreleased
NO_TEST=checked by upgrade script tests

If the first argument of box.atomic is a non-callable table then
consider it as options table for box.begin{}.

For test and debug purposes introduce internal getter of current
transaction isolation level as box.internal.txn_isolation().

Closes #7202

@TarantoolBot document
Title: Options in box.atomic

Now it's allowed to pass transaction options in the first argument
of box.atomic(..) call. The options must be a table, exactly as
in box.begin(..). If options are passed as the first arguments,
the second and the rest arguments are expected to be a functions
and its arguments, like in usual box.atomic.

When a transaction is in read-confirmed state it must ignore all
prepared changes, and if it actually ignores something - it must
fall to read-view state.

By a mistake the check relied not on actual skipping of a prepared
statement, but on the fact that there is a deleting statement. That
leads to excess conflicts for transactions with read-committed
isolation level.

Fix it by raising a conflict only if a deleting statement is skipped.

Closes #8122
Needed for #7202

NO_DOC=bugfix

Read lists (read set and other similar lists) are used only for
detecting a conflict when another transaction is committed.
Once a transaction is prepared (no matter with success or not)
those lists are no more needed. Moreover, in some part of code it
is expected that there can be no read set of already prepared tx.

So let's clean those lists once a transaction is prepared.

Closes #7945

NO_DOC=bugfix

There ware two functions - check_dup_clean and check_dup_dirty.
Merge them to one.

Also extract phantom checks from check_dup and call them explicitly.
That will additionally simplify check_dup and will allow to get rid
of temporary conflict trackers - memtx_tx_conflict. Note that this
kind of object will remain in memory monitoring by now. It will be
removed later.

No logical changes.

Part of #8122

NO_DOC=refactoring
NO_TEST=refactoring
NO_CHANGELOG=refactoring

If a transaction writes to a gap that is tracked by some another
transaction, the interval must be (usually) broken into parts,
while new story must be explicitly added to the read set of
reading transaction.

Now both read tracker and conflict trackers are set in this case.
But read tracker is enough in this case - when the writing tx
is prepared it will conflict reading transaction, that's all we
need.

Let's leave only read tracker.

Part of #8122

NO_DOC=refactoring
NO_TEST=refactoring
NO_CHANGELOG=refactoring

Each story has two ends: the beginning and the end. For each
transaction both ends of a story could be visible or not.

Now there's a function that checks visibility of both ends of
a story. It can distinguish three cases: both ends are visible,
both ends are invisible, and the beginning is visible while the
end is not. The function returns true in the first and the last
cases; the actual case is clarified with an additional function
argument - visible_tuple, which is set to null in one of the
cases..

Let's make two different functions for checking visibility of
the beginning and the end of a story. Actually that is simple
split of function into two parts. The visible_tuple argument
will no longer be needed.

No logical changes.

Part of #8122

NO_DOC=refactoring
NO_TEST=refactoring
NO_CHANGELOG=refactoring

There's no harm but also no sense in it.

Part of #8122

NO_DOC=refactoring
NO_TEST=refactoring
NO_CHANGELOG=refactoring

Hide structures and functions that are not required for API.

No logical changes.

Part of #8122

NO_DOC=refactoring
NO_TEST=refactoring
NO_CHANGELOG=refactoring

Option memtx_tx_manager_use_mvcc_engine changes the behavior of
transaction execution workflow. Usually that is implemented as
direct check of memtx_tx_manager_use_mvcc_engine. But there are
places in the code that rely on the fact that some pointers are
set to not null if the engine is enabled. That's a bit confusing.

Let's always check for memtx_tx_manager_use_mvcc_engine option
when it's needed to determine which workflow must be executed.

Note that checking of memtx_tx_manager_use_mvcc_engine option is
more correct: in case of delete of nothing (delete statement when
a tuple was not found by given key) all the pointers including
old_tuple and new_tuple are null, while logically we still need
to use mvcc execution workflow. Note also that in this case the
mvcc engine does (and must do) almost nothing, so there was no
bug in the previous behaviour.

Part of #8122

NO_DOC=refactoring
NO_TEST=refactoring
NO_CHANGELOG=refactoring

No logical changes.

Part of #8122

NO_DOC=refactoring
NO_TEST=refactoring
NO_CHANGELOG=refactoring

The status isn't used anywhere - to set the proper error when an aborted
transaction is attempted to be used, we check out transaction flags
(TXN_IS_CONFLICTED, TXN_IS_ABORTED_BY_YIELD, TXN_IS_ABORTED_BY_TIMEOUT).
Let's use TXN_ABORTED instead.

While we are at it, also set the transaction status to TXN_ABORTED when
a transaction is aborted by yield or timeout and use it instead of
checking flags where appropriate, since it's more convenient.

Follow-up #8123

NO_DOC=code cleanup
NO_TEST=code cleanup
NO_CHANGELOG=code cleanup

We fail write statements if the current transaction was aborted by yield
or timeout. We should fail read-only statements in this case, as well.
Note, we already fail read-only statements if the current transaction
was aborted by conflict.

Closes #8123

NO_DOC=bug fix

Fixed pthread-related CMake checks. The checks code is built with
`-pedantic-errors` and it leads to errors of the following kind on
clang 15:

```
<...>/CMakeFiles/CMakeScratch/TryCompile-78KaOK/src.c:4:17: error: a
    function declaration without a prototype is deprecated in all
    versions of C [-Werror,-Wstrict-prototypes]
        int main() { pthread_setname_np(pthread_self(), ""); }
                ^
                 void
```

Fixed a warning in the SQL code (it's an error in Debug build):

```
<...>/src/box/sql/vdbeaux.c:170:13: error: variable 'n' set but not used
    [-Werror,-Wunused-but-set-variable]
        static int n = 0;
```

Fixed several warnings from lemon.c of the following kind:

```
<...>/extra/lemon.c:173:6: warning: a function declaration without a
    prototype is deprecated in all versions of C and is treated as a
    zero-parameter prototype in C2x, conflicting with a subsequent
    definition [-Wdeprecated-non-prototype]
void FindRulePrecedences();
     ^
<...>/extra/lemon.c:766:6: note: conflicting prototype is here
void FindRulePrecedences(struct lemon *xp)
```

See also https://github.com/tarantool/small/issues/57

Fixes #8110

NO_DOC=build fix
NO_TEST=build fix

Bump the small submodule with the following commit:

* https://github.com/tarantool/small/commit/5c3a0880ae4659cb662085563ff0b9eee40565fe

See https://github.com/tarantool/small/issues/57
Part of #8110

NO_DOC=build fix
NO_TEST=build fix
NO_CHANGELOG=to be added in a commit that fixes #8110

Add `IPROTO_UNKNOWN` command code for overriding the unknown request
handler.

Change request type variable types related to IPROTO to `uint32_t`.

Add request handler hash table to transaction thread and request handler
set to IPROTO threads for storing overridden request handlers: TX thread
notifies IPROTO threads about overridden request handlers using IPROTO
configuration message.

If a given request handler is overridden, the IPROTO thread does not
preprocess it and sends the package immediately over a dedicated route. If
later it is necessary to fallback to the system handler, the message
decoding and dispatching is done in the TX thread.

Add new `box.iproto.override` method to Lua and `box_iproto_override` to C
API, which allow setting IPROTO request handler callbacks.

Closes #7901

@TarantoolBot document
Title: Document overriding IPROTO request handlers feature
For the API description and usage examples, see:
* [design document](https://www.notion.so/tarantool/box-iproto-override-44935a6ac7e04fb5a2c81ca713ed1bce#0f84694523214c0e9bf2f3d75cccace4);
* tarantool/tarantool#7901.

Factor out the logic of IPROTO message decoding into a separate function.

Needed for #7901

NO_DOC=refactoring
NO_CHANGELOG=refactoring
NO_TEST=refactoring

If the output buffer savepoint passed to `tx_end_msg` is the same as the
connection's current writing position, it means the response is empty, so
it makes no sense to record it.

Needed for #7901

NO_CHANGELOG=refactoring
NO_DOC=refactoring
NO_TEST=refactoring

Add an optional dictionary field to MsgPack object which can be used during
indexing for aliasing string keys.

Needed for #7901

NO_CHANGELOG=<internal feature>
NO_DOC=<internal feature>

Use an array to convert a hex digit into a number instead of
`isdigit()` and `tolower()`.

Eliminate the `isxdigit()` check by reusing the same array lookup.

Results on perf/lua/uri_escape_unescape.lua show 2.4x average boost
(from 2.1x to 2.5x).

Noise in the results: 4% in baseline, 11% in the new version (the
maximal difference between min and max results). The average
linear/standard deviation is within 3%.

Measured on i7-10510U, acpi-cpufreq driver (no intel_pstate),
no TurboBoost, userspace governor, 1.80GHz, HyperThreading. The workload
is bound to a single logical core using `taskset`.

NO_DOC=no behavior change
NO_TEST=no behavior change
NO_CHANGELOG=the function is new and not yet released

Closes #8043

NO_DOC=bug fix

This patch removes unused variables that were not caught by the compiler
due to MAYBE_UNUSED or conversion to void.

NO_DOC=refactoring
NO_TEST=refactoring
NO_CHANGELOG=refactoring

Also pretty printer was introduced for struct tuple, so it can be
printed with 'p' command as well. 'tt-tuple' command allows to specify
some additional options (see 'help tt-tuple')

Closes #7729

NO_DOC=gdb extension
NO_CHANGELOG=gdb extension
NO_TEST=gdb extension

Supported extensions:
- decimal
- uuid
- datetime
- error
- compression (only shows compression type and raw/compressed data size)
- interval

This functionality is similar to 'mp_str' function, but 'mp_str' can be
invoked from gdb only when a process is alive, so to be able to print
MsgPack during post-mortem analysis of core dump, 'mp_str' and all
subsequent functions that decode and convert MsgPack into human-readable
string were adapted to Python and put into the extension.

In order to simplify implementation and maintenance of the gdb-extension
implementation of the most of functions is kept as close to possible to
their 'C'-counterparts (original 'C'-name can be found as a comment at
the end of 'def' string)

Part of #7729

NO_DOC=gdb extension
NO_CHANGELOG=gdb extension
NO_TEST=gdb extension

This patch introduces new keyword SEQSCAN and new restrictions on
SELECTs. These restrictions are disabled by default.

Closes #7747

@TarantoolBot document
Title: SEQSCAN

Now scanning SELECT will not run and will throw an error if the new
SEQSCAN keyword is not used for scanned spaces. This change only affects
SELECT and does not affect UPDATE and DELETE. A SELECT is recognized as
a scanning SELECT if `EXPLAIN QUERY PLAN SELECT ...` indicates that the
SELECT `scans` rather than `searches`.

For example, if we have spaces created with these queries:
```
CREATE TABLE t(i INT PRIMARY KEY, a INT);
CREATE TABLE s(i INT PRIMARY KEY, a INT);
```

Then these queries will throw an error:
```
SELECT * FROM t;
SELECT * FROM t WHERE a > 1;
SELECT * FROM t WHERE i + 1 = 5;
SELECT * FROM t, s;
SELECT * FROM t JOIN s;
```

And these will not:
```
SELECT * FROM t WHERE i > 1;
SELECT * FROM SEQSCAN t;
SELECT * FROM SEQSCAN t WHERE i + 1 = 5;
SELECT * FROM SEQSCAN t, SEQSCAN s;
SELECT * FROM SEQSCAN t JOIN SEQSCAN s;
```

Scanning can be allowed or disallowed by default. To do this, a new
session setting is introduced: `sql_seq_scan`. The default value for
setting is `true`, i.e. scanning is allowed. When set to `false`, the
scanning SELECTs will throw a `scanning is not allowed` error.

This commit adds a few configuration options, function stubs, and error
codes that will be used to perform extra security checks in EE:

 * box.cfg.auth_delay. Type: double. Default: 0. Unit: seconds.

   Description: If authentication of a user fails, the next
   authentication attempt for the same user will fail with
   ER_AUTH_DELAY error if called before box.cfg.auth_delay passes.

   Implementation: Error will be raised by security_check_auth_pre()
   called by authenticate() right before checking the challenged
   password. Authentication failures will be accounted per user in
   session_on_auth trigger.

 - box.cfg.disable_guest. Type: boolean. Default: false.

   Description: If set, an attempt to perform any request except
   'auth', 'ping', 'id', or 'vote' over iproto without authentication
   or authenticated as guest will raise ER_AUTH_REQUIRED error.

   Implementation: Error will be raised by security_check_session()
   called by tx_check_msg(), which in turn is called before starting
   to process any message received over iproto.

 - box.cfg.password_lifetime_days. Type: number. Default: 0. Unit: days.

   Description: If > 0, an attempt to authenticate as a user that hasn't
   reset the password for more than box.cfg.password_lifetime_days will
   fail with ER_PASSWORD_EXPIRED error.

   Implementation: Error will be raised by security_check_auth_post()
   called by authenticate() right after successfully authenticating
   the user. Note, we can't raise the error in security_check_auth_pre()
   because that would enable user enumeration.

All the new options are dynamic. The option values will be stored and
used in C code so we'll have to define a configuration callback for them
in EE: box.internal.cfg_set_security. Also note that since the new
options configure authentication behavior, they should be set before
the box port is opened: we'll do that in security_cfg() called by
box_storage_init().

Needed for https://github.com/tarantool/tarantool-ee/issues/299
Needed for https://github.com/tarantool/tarantool-ee/issues/300
Needed for https://github.com/tarantool/tarantool-ee/issues/301

NO_DOC=ee
NO_TEST=ee
NO_CHANGELOG=ee

In contrast to all other request handlers, replication request handlers
don't check the schema version. Strictly speaking, this is incorrect -
if it's specified it must always be checked. It was fine, because we
don't set the schema version in replication requests. However, in the
future we're planning to add more checks in tx_check_msg, which will
have to be performed for all requests, including replication. So let's
call tx_check_msg before processing replication requests - it shouldn't
hurt to check the schema version if available.

Needed for https://github.com/tarantool/tarantool-ee/issues/301

NO_DOC=ee
NO_TEST=ee
NO_CHANGELOG=ee

After accepting an iproto message in tx, we call tx_check_schema to
check if the schema version supplied by the user matches the actual
one. If it doesn't, we bail out early with ER_WRONG_SCHEMA_VERSION.

We need to add more checks that should be done before continuing with
processing a message in tx. tx_check_schema looks like a perfect place
for it. Let's rename it to tx_check_msg and pass an accepted message
instead of the schema version to it.

Needed for https://github.com/tarantool/tarantool-ee/issues/301

NO_DOC=refactoring
NO_TEST=refactoring
NO_CHANGELOG=refactoring

Closes #7931

@TarantoolBot document
Title: Document a percent-encoding of params passed to http client

The HTTP client has `params` option, where a user may provide a table of
query parameters (added in #6832). Those parameters are encoded into a
`?foo=bar&tweedledoo=tweedledee` string verbatim. If a name or a value of
a query parameter contains `&`, `=` (or any another symbol with specific
meaning in the URI query component), the query may be interpreted
incorrectly by a server. Now key and values passed in a table as
`params` option are percent-encoded and then encoded to a query string.
This will be made automatically. Percent-encoding depends on used HTTP
method: with `GET`, `HEAD` and `DELETE` parameters `uri.QUERY_PART`
are used and with other HTTP method `uri.FORM_URLENCODED` is used.

Commit "uri: encode table with http params to a string" (b31aec89)
introduced two functions `params()` and `encode_kv()` that encodes a
table with http key-value parameters to a http query string. However,
keys and values could be interpreted wrong by http server if they
contains reserved symbols that have special meaning for http server.

Patch adds escaping for key-values before encoding params to query
string.

Needed for #7931

NO_CHANGELOG=internal
NO_DOC=internal

Patch replaces encoding and decoding functions written in Lua with
functions implemented in C.

Performance of Lua implementation (before the patch):

```
uri.escape   152.37  runs/sec
uri.unescape 263.44  runs/sec
```

Performance of C implementation (after the patch):

```
uri.escape   4983.03  runs/sec
uri.unescape 4197.19  runs/sec
```

Follows up #3682

NO_CHANGELOG=see previous commit
NO_DOC=see previous commit

Co-authored-by: Alexander Turenko <alexander.turenko@tarantool.org>

Closes #3682

@TarantoolBot document
Title: Document a new functions to encode and decode parts of URI

New functions `uri.escape()` and `uri.unescape()` have been introduced.
First one allows to escape symbols to a string and second one to
unescape symbols to a string according to RFC 3986 [1].

Examples:

```
tarantool> uri.escape("тарантул")
---
- '%D1%82%D0%B0%D1%80%D0%B0%D0%BD%D1%82%D1%83%D0%BB'
...

tarantool> uri.unescape("%D1%82%D0%B0%D1%80%D0%B0%D0%BD%D1%82%D1%83%D0%BB")
---
- тарантул
...

```

`uri.escape()` accepts a string that will be encoded and optionally a
table with encoding options: string with unreserved symbols that will
*not* be encoded and boolean option that enables/disables encoding of a
space characters as '+'. By default `uri.escape()` uses a set of
unreserved symbols defined in RFC 3986 ("2.3. Unreserved Characters")
and encoding of space characters as '+' is disabled. Table with default
encoding options is defined as `uri.RFC3986`.

`uri.unescape()` accepts a string that will be decoded and optionally a
table with decoding options: string with unreserved symbols (these
symbols are actually unused by decoding function) and boolean option
that enables/disables decoding of '+' as a space character. Table with
default decoding options is defined as `uri.RFC3986`.

See detailed description in RFC "http: add percent-encoding/decoding of
query string in request" [2].

NO_WRAP
1. Uniform Resource Identifier (URI): Generic Syntax
   https://datatracker.ietf.org/doc/html/rfc3986
2. https://www.notion.so/tarantool/http-add-percent-encoding-decoding-of-query-string-in-request-76a2425a4c4744a1a72643527a4fe7f7
NO_WRAP

Add translation table for `box.iproto.key` constants encoding to simplify
packet assembly.

Add new `box.iproto.send` method to Lua and `box_iproto_send` function to C
API, which allow sending arbitrary IPROTO packets, using active IPROTO
sessions. Packets are sent asynchronously using Kharon.

Add `xregion_join` to the `xalloc` API.

Change gh-7894 test: instead of simply comparing `box.iproto` table to the
reference table, iterate over `box.iproto` and check that corresponding
non-{function, thread, userdata} type values exist in the reference table.

Closes #7897

@TarantoolBot document
Title: Document sending arbitrary IPROTO packets feature
For the API description and usage examples, see:
* [design document](https://www.notion.so/tarantool/box-iproto-override-44935a6ac7e04fb5a2c81ca713ed1bce#a2cc04da89d34fad8f8564c150cd9977);
* tarantool/tarantool#7897.