In PR #7791 the coverage stuff is slightly updated. The changes are
related to excluding some directories where the coverage will not be
calculated. The patch itself is straightforward enough, but I can see
the problems with uploading the results to coveralls.io:

NO_WRAP
    Using lcov file: ./coverage.info
    FATAL ERROR: Ineffective mark-compacts near heap limit Allocation failed - JavaScript heap out of memory

    <--- Last few GCs --->

    [2683200:0x327c000]    27836 ms: Scavenge 2033.4 (2038.7) -> 2033.2 (2044.2) MB, 6.8 / 0.0 ms  (average mu = 0.258, current mu = 0.243) allocation failure
    [2683200:0x327c000]    27854 ms: Scavenge 2036.7 (2044.2) -> 2037.1 (2044.4) MB, 15.6 / 0.0 ms  (average mu = 0.258, current mu = 0.243) allocation failure
    [2683200:0x327c000]    27871 ms: Scavenge 2037.2 (2044.4) -> 2036.7 (2055.9) MB, 17.1 / 0.0 ms  (average mu = 0.258, current mu = 0.243) allocation failure

    <--- JS stacktrace --->

    ==== JS stack trace =========================================

        0: ExitFrame [pc: 0x140dc19]
    Security context: 0x2481918808d1 <JSObject>
        1: encode(aka encode) [0x23ec5e514a11] [/opt/actions-runner/_work/_actions/coverallsapp/github-action/v1.1.2/node_modules/qs/lib/utils.js:~118] [pc=0x193ecd3d5d82](this=0x35d34e4804b1 <undefined>,0x1e5895380119 <Very long string[60387428]>)
        2: stringify(aka stringify) [0x23ec5e5174c9] [/opt/actions-runner/_work/_actions/coverallsapp/github-action/v1.1.2/n...

     1: 0xa1a640 node::Abort() [/opt/actions-runner/externals/node12/bin/node]
     2: 0xa1aa4c node::OnFatalError(char const*, char const*) [/opt/actions-runner/externals/node12/bin/node]
     3: 0xb9a62e v8::Utils::ReportOOMFailure(v8::internal::Isolate*, char const*, bool) [/opt/actions-runner/externals/node12/bin/node]
     4: 0xb9a9a9 v8::internal::V8::FatalProcessOutOfMemory(v8::internal::Isolate*, char const*, bool) [/opt/actions-runner/externals/node12/bin/node]
     5: 0xd57c25  [/opt/actions-runner/externals/node12/bin/node]
     6: 0xd582b6 v8::internal::Heap::RecomputeLimits(v8::internal::GarbageCollector) [/opt/actions-runner/externals/node12/bin/node]
     7: 0xd64b75 v8::internal::Heap::PerformGarbageCollection(v8::internal::GarbageCollector, v8::GCCallbackFlags) [/opt/actions-runner/externals/node12/bin/node]
     8: 0xd65a25 v8::internal::Heap::CollectGarbage(v8::internal::AllocationSpace, v8::internal::GarbageCollectionReason, v8::GCCallbackFlags) [/opt/actions-runner/externals/node12/bin/node]
     9: 0xd670cf v8::internal::Heap::HandleGCRequest() [/opt/actions-runner/externals/node12/bin/node]
    10: 0xd15b35 v8::internal::StackGuard::HandleInterrupts() [/opt/actions-runner/externals/node12/bin/node]
    11: 0x1071176 v8::internal::Runtime_StackGuard(int, unsigned long*, v8::internal::Isolate*) [/opt/actions-runner/externals/node12/bin/node]
    12: 0x140dc19  [/opt/actions-runner/externals/node12/bin/node]
NO_WRAP

I have tried to use the latest version of the action (1.1.3), but I have
got the same issue.

It looks like it is a `coverallsapp/github-action` issue due to issue
in JavaScript due to inefficient amount of memory. The corresponding
bug [1] was filed against the repo.

So I suggest switching to the console utility `coveralls-lcov`. I did
some internal testing and it works fine.

[1] https://github.com/coverallsapp/github-action/issues/133

Fixes tarantool/tarantool-qa#278

NO_DOC=ci
NO_TEST=ci
NO_CHANGELOG=ci

Currently, in case of recovery from an old snapshot, Tarantool allows to
perform DDL operations on an instance with non-upgraded schema.
It leads to various unpredictable errors (because the DDL code assumes
that the schema is already upgraded). This patch forbids the following
operations unless the user has the most recent schema version:
- box.schema.space.create
- box.schema.space.drop
- box.schema.space.alter
- box.schema.index.create
- box.schema.index.drop
- box.schema.index.alter
- box.schema.sequence.create
- box.schema.sequence.drop
- box.schema.sequence.alter
- box.schema.func.create
- box.schema.func.drop

Closes #7149

NO_DOC=bugfix

By default a user might not have privileges to access the _schema space,
that will cause an error during schema_needs_upgrade(), which calls
get_version(). Fix this by using C variable dd_version_id, which is
updated in the _schema.version replace trigger.

There's a special case for upgrade() during bootstrap() - triggers are
disabled during bootstrap, that's why dd_version_id is not being updated.
Handle this by passing _initial_version=1.7.5 to the upgrade function.

Part of #7149

NO_DOC=internal
NO_CHANGELOG=internal

It's quite inconvenient to extend LuaJIT integration workflow now: one
needs to patch GitHub workflow file in Tarantool repository and then
setup integration testing in LuaJIT repository.

This patch introduces a new workflow parameter that can replace several
existing parameters (e.g. buildtype and GC64) and allow to easy extend
integration CI in LuaJIT (with rare little touches in Tarantool).

NO_DOC=ci
NO_TEST=ci
NO_CHANGELOG=ci

Reviewed-by: Sergey Kaplun <skaplun@tarantool.org>
Reviewed-by: Yaroslav Lobankov <y.lobankov@tarantool.org>
Signed-off-by: Igor Munkin <imun@tarantool.org>

This patch fixed the assertion when JOIN uses index of unsupported type.

Closes #5678

NO_DOC=bugfix

This commit adds support of transaction isolation levels introduced
earlier for memtx mvcc by commit ec750af6 ("txm: introduce
transaction isolation levels"). The isolation levels work exactly in
the same way as in memtx:

 - Unless a transaction explicitly specifies the 'read-committed'
   isolation level, it'll skip prepared statements, even if they are
   visible from its read view. The background for this was implemented
   in the previous patches, which added the is_prepared_ok flag to
   cache and mem iterators.

 - If a transaction skips a prepared statement, which would otherwise be
   visible from its read view, it's sent to the most recent read view
   preceding the prepared statement LSN. Note, older prepared statements
   are still visible from this read view and can actually be selected if
   committed later.

 - A transaction using the 'best-effort' isolation level (default) is
   switched to 'read-committed' when it executes the first write
   statement.

The implementation is tested by the existing memtx mvcc tests that were
made multi-engine in the scope of this commit. However, we add one more
test case - the one that checks that a 'best-effort' read view is
properly updated in case there is more than one prepared transaction.
Also, there are few tests that relied upon the old implementation and
assumed that select from Vinyl may return unconfirmed tuples. We update
those tests here as well.

Closes #5522

NO_DOC=already documented

To implement read-confirmed and best-effort isolation levels, we need
to skip unconfirmed (aka prepared) statements in the cache iterator. To
achieve that, we add a new flag is_prepared_ok. Unless the flag is set,
the iterator will skip prepared statements even if they are visible from
the iterator read view. Note, in contrast to the mem iterator, we don't
need to keep track of the min skipped statement LSN, because the cache
is just a view of the underlying levels so we'll find it out when we
descend to the mem level.

Needed for #5522

NO_DOC=internal
NO_CHANGELOG=internal

To implement read-confirmed and best-effort isolation levels, we need
to skip unconfirmed (aka prepared) statements in the mem iterator. To
achieve that, we add a new flag is_prepared_ok. Unless the flag is set,
the iterator will skip prepared statements even if they are visible from
the iterator read view. Upon skipping a statement, the iterator updates
min_skipped_plsn if the LSN of the skipped statement is less. We'll use
this LSN to update the transaction read view accordingly.

Needed for #5522

NO_DOC=internal
NO_CHANGELOG=internal

unit/vy_mem:
 - Remove the code creating unused lsregion.
 - Make test key_def and tuple_format global variables.
 - Replace assert() with fail().

unit/vy_cache:
 - Add missing test plan.

both:
 - Move history_node_pool to test/unit/vy_iterator_helpers.c.

Needed for #5522

NO_DOC=test
NO_TEST=test
NO_CHANGELOG=test

This commit replaces vy_tx_manager::last_prepared_tx with a list of all
prepared transactions sorted by PSN. We need this list to find the
newest prepared transaction that is older than a given PSN, which is
required to switch to the most recent read view in the 'best-effort'
isolation level when an unconfirmed (prepared) statement is skipped.

Needed for #5522

NO_DOC=internal
NO_TEST=internal
NO_CHANGELOG=internal

Unconfirmed statements have lsn >= MAX_LEN. Let's add a helper function
that would check this.

Needed for #5522

NO_DOC=refactoring
NO_TEST=refactoring
NO_CHANGELOG=refactoring

If index.get is called outside a transaction, we use the global read
view for it and set tx to NULL. This works fine for now, but may result
in dirty reads in a single statement, because prepared but not yet
committed to WAL statements are visible in the global read view. We are
planning to fix it in the tx manager. Let's make index.get create a
dummy transaction so once we fix it, index.get will always return
committed statements.

Note, index.pairs already creates a dummy transaction if called
outside a transaction (see vinyl_index_create_iterator) so this patch
makes behavior consistent across both read paths.

Needed for #5522

NO_DOC=refactoring
NO_TEST=refactoring
NO_CHANGELOG=refactoring

With libunwind/libunwind@f67ef28 we can now use `unw_backtrace` with
PAC enabled on AARCH64 and remove the workaround with glibc's `backtrace`
for this case.

Closes #7285

NO_CHANGELOG=refactoring
NO_DOC=refactoring
NO_TEST=refactoring

libunwind/libunwind@f67ef28 adds the ability for libunwind to unwind a
stack where the return address obtained from the AARCH6 link register (x30)
has a pointer authentication code (PAC).

Needed for #7285

NO_CHANGELOG=<internal submodule version bump>
NO_DOC=<submodule version bump>
NO_TEST=<submodule version bump>

There was a bug that an instance could ack a transaction from an
old Raft term thus allowing the old leader to CONFIRM it, even if
that first instance knew there is a newer Raft term going on.

As a result, the old leader could write CONFIRM even if there is
already a new leader elected and the synchro quorum was > half.
That led to split-brain, when bad txn reached the new leader, and
PROMOTE reached the old leader.

Split-brain here is totally unnecessary. If the quorum is correct,
synchro timeout is infinite, and there is no async transactions,
then split-brain shouldn't ever happen.

The fix is as simple as attach the current Raft term number to
applier heartbeats.

In the testcase above if terms are attached, the old leader gets
ACK + new term. That causes the old leader freeze even if the
pending txn got quorum. The old leader can't CONFIRM nor ROLLBACK
its pending txns until a new leader is elected.

Freeze is guaranteed, because if a new leader was elected, then it
had got votes from > half cluster. It means > half nodes have the
new term. That in turn means the old leader during collecting ACKs
for its "new" txn will get the new term number from at least one
replica.

When the new leader finished writing PROMOTE, it either confirms
or rolls back the txn of the old leader (depending on whether it
has reached the new leader before promotion). Neither result
causes split brain. The rollback only causes a non-critical error
on the old leader raised by the bad txn's commit attempt.

There were some alternatives considered. One of the most promising
ones was to make instances reject txns if they see these txns
coming from an instance having an old Raft term. It would help in
the test provided above. But wouldn't do in a more complicated
test, when there is a third node which gets the bad transaction,
then gets local term bumped, and then replicates to any other
instance. Others would accept that bad txn, because the sender has
a newer Raft term, even though the txn author is still in the old
term. Tracking terms of txn author is not possible in too many
cases so as to rely on that.

Closes #7253

@TarantoolBot document
Title: New iproto field in applier -> relay ACKs
The applier->relay channel (from replica back to master) is used
only for sending ACKs. Replication data goes the other way
(relay->applier).

These ACKs had 2 fields: `IPROTO_VCLOCK (0x26)` and
`IPROTO_VCLOCK_SYNC (0x5a)`.

Now they have a new field: `IPROTO_TERM (0x53)`. It is a unsigned
number containing `box.info.election.term` of the sender node
(applier, replica).

The function play_wal_until_synchro_queue_is_busy() was used in a
few tests copy-pasted since it was considered to be too specific
for a few rare tests. But apparently it is going to be used again
in a new test in a future commit.

The patch makes this function a method of server object to reuse
it properly.

Needed for #7253

NO_DOC=refactoring
NO_CHANGELOG=refactoring

New term handling from a remote instance is moved into a new
function raft_process_term(). It is going to be used in a next
commit to handle incoming bare terms, not full raft_msgs.

Part of #7253

NO_DOC=refactoring
NO_CHANGELOG=refactoring
NO_TEST=refactoring

The patch adds structs applier_heartbeat and relay_heartbeat.

It is similar to the previous commit, which does the same for all
the other replication requests, but these work not via struct
replication_request.

The heartbeats have their own codecs. The goal is to avoid the big
expensive replication_request usage with a lot of optional fields.
It makes sense, because the HBs are sent somewhat frequently.

They also store members by values. But copying before encoding and
decoding is avoided by storing the HB structs by values right
inside applier and relay.

The motivation is to simplify addition of a new field to
applier_heartbeat in a next commit.

Needed for #7253

NO_DOC=refactoring
NO_CHANGELOG=refactoring
NO_TEST=refactoring

There were 3 comments which mentioned relay stream restart. It
could happen when replicas ignored data from non-leaders. A newly
elected leader had to re-send data, which others ignored, while
the source wasn't a leader.

Was removed in the commit 6336ea26
("refactoring: remove relay_restart_recovery as unneeded").

This is fixed now, because otherwise some of these comments would
need to be updated by a next commit in this series.

In scope of #7253

NO_DOC=refactoring
NO_CHANGELOG=refactoring
NO_TEST=refactoring

The patch adds `struct <name>_request` types for replication
requests: join, subscribe, register. Only not for ack/heartbeat
requests. They are covered separately in a next commit.

The motivation is to make them independent. Previously a lot of
codecs were calling xrow_encode/decode_subscribe() under the hood
with tons of optional params.

Now inside they all fallback to internal
`struct replication_request`. The code duplication is reduced,
because all encoding/decoding is handled by replication_request.
Also alteration of any of the requests only requires to update
that request itself and replication_request codec.

Additionally, this is consistent with other requests having their
own structs like synchro_request, raft_request, call_request, etc.

Alongside the commit fixes xrow_decode_register(), which used to
try to decode version_id, but the result wasn't used and the
version_id wasn't encoded in xrow_encode_register() anyway.

This work is done now, because soon replication acks will get a
new field and it wouldn't be good to update all this codecs mess
again just for that field.

The downside is that the requests store their members by values.
That requires to copy them before encoding. Not good for big
fields like vclocks. OTOH the requests affected by this commit are
sent very rarely, perf is not important at all.

Needed for #7253

NO_DOC=refactoring
NO_CHANGELOG=refactoring
NO_TEST=refactoring

Currently if a non-string type is passed to luaT_key_def_set_part,
lua_tolstring returns null-pointer type_name, which is passed to
a string formatting function in diag_set.

Closes #5222

NO_DOC=bugfix

Don't accept an empty string or leading part of "str" or "num" as a
valid field type.

Closes #5940

NO_DOC=Partial field types weren't documented

Co-authored-by: Alexander Turenko <alexander.turenko@tarantool.org>

Since the function is actually an eval, by default there should
be no execute access right in public role.

Closes tarantool/security#14

NO_DOC=bugfix

By design after patching update.lua, introducing new data version,
a developer needs to update bootstrap.snap, which would have the
new data version.

Generation of bootstrap.snap is a bit tricky, there's a manual:
https://github.com/tarantool/tarantool/wiki/How-to-generate-new-bootstrap-snapshot

This commit presents a simple script that automates the process.
Just run it in tarantool build directory and check its output.
Check --help for script options.

Follow-up of tarantool/security#14

NO_DOC=internal tool
NO_TEST=internal tool
NO_CHANGELOG=internal tool

Prior to this patch, it was possible to call box.execute() before box
was initialized, i.e. before calling box.cfg(). This, however, caused
box.cfg() to be called automatically, which could be problematic as some
parameters could not be changed after box.cfg() was called. After this
patch, box.execute() will only be available when the box has been
initialized.

Closes #4726

@TarantoolBot document
Title: box.execute() now available only after initialization of box

Previously, it was possible to call box.execute() before the box was
configured, in which case the box was configured automatically, which
could lead to problems with box parameters. Now box.execute() can only
be called after the box has been properly configured.

It is also forbidden to set language to SQL in a console with an
unconfigured box.

Fix a simple typo that caused the problem.

Closes #7645

NO_DOC=bugfix

This patch introduces new rules to determine type of NULLIF() built-in
function.

Closes #6990

@TarantoolBot document
Title: New rules to determine type of result of NULLIF

The type of the result of NULLIF() function now matches the type of the
first argument.

This patch introduces new rules to determine type of CASE operation.

Part of #6990

@TarantoolBot document
Title: New rules to determine type of result of CASE

New rules are applied to determine the type of the CASE operation. If
all values are NULL with no type, or if a bind variable exists among
the possible results, then the type of CASE is ANY. Otherwise, all NULL
values with no type are ignored, and the type of CASE is determined
using the following rules:
1) if all values of the same type, then type of CASE is this type;
2) otherwise, if any of the possible results is of one of the
incomparable types, then the type of CASE is ANY;
3) otherwise, if any of the possible results is of one of the
non-numeric types, then the type of CASE is SCALAR;
4) otherwise, if any of the possible results is of type NUMBER, then the
type of CASE is NUMBER;
5) otherwise, if any of the possible results is of type DECIMAL, then
the type of CASE is DECIMAL;
6) otherwise, if any of the possible results is of type DOUBLE, then the
type of CASE is DOUBLE;
7) otherwise the type of CASE is INTEGER.

Part of #7618

NO_DOC=internal
NO_CHANGELOG=internal

Part of #7618

NO_DOC=internal
NO_CHANGELOG=internal

- vy_cache.test
- vy_mem.test
- vy_point_lookup.test
- vy_write_iterator.test

Part of #7618

NO_DOC=internal
NO_CHANGELOG=internal

Part of #7618

NO_DOC=internal
NO_CHANGELOG=internal

Part of #7618

NO_DOC=internal
NO_CHANGELOG=internal

Part of #7618

NO_DOC=internal
NO_CHANGELOG=internal

Part of #7618

NO_DOC=internal
NO_CHANGELOG=internal

Part of #7618

NO_DOC=internal
NO_CHANGELOG=internal

Part of #7618

NO_DOC=internal
NO_CHANGELOG=internal

Updated swim.test, swim_errinj.test, swim_proto.test
to activate TAP-compatible mode.

Part of #7618

NO_DOC=internal
NO_CHANGELOG=internal

Part of #7618

NO_DOC=internal
NO_CHANGELOG=internal

Part of #7618

NO_DOC=internal
NO_CHANGELOG=internal