Fix segfault in case when ibuf.rpos is null
Now error is raised in the case

Closes #3005

If the value of range_size is absent in the _index system space, it will
be initialized to 0 in struct index_def. This will lead to insane range
splitting in vinyl and, as a result, file descriptor exhaustion. We ran
into this problem after restoring memtx spaces as vinyl using tarantool
dump utility (the latter simply replaces 'memtx' with 'vinyl' in the
_space system space on restore). To avoid a debacle like this in future,
let's use hardcoded defaults if vinyl options were omitted in the _index
system space on insertion. The default values are the same we use for
the corresponding box.cfg options. We already do it for run_size_ratio,
run_count_per_level, and bloom_fpr so let's do it for range_size and
page_size too.

Closes #3019

That is convenient for environments where python3 is the primary
interpreter.

Currently we requrie read and write on system spaces to be able to
create objects, and only object definer can drop an object.

Release 1.7.7 adds 'create' and 'drop' acls, which can
be used to explicitly pass around create/drop privileges.

Automatically grant 'create' privilege to all users created
pre-1.7.7 who have global read and write privileges on universe
during 1.7.7 automatic upgrade.

Add a role which contains all ACLs.

Fixes gh-3022.

Useful for any quick start:

box.schema.user.grant('guest', 'super')

* --gdbserver
* --gdb was broken and is fixed (again)

box.session:

* change .user() to return the authenticated user
* implement .effective.user()

Extends gh-2994.

Add system privileges 'session' and 'usage'

* 'session' privilege lets user connect to database server
* 'usage' privilege lets user use his/her rights on database objects
* Both privileges are assigned to all users by default.

Implementation details:
* system privileges are special grant rights to 'universe'.
Therefore, they can be granted only by admin. Because of this fact,
during creation or deletion of user, we have to switch to 'admin' to
grant or revoke these rights.

Important changes:
* changed bootstrap.snap due to need to start admin with new privileges
* added auto upgrade script for 1.7.7

Fixes gh-2898.

With contributions by @kostja.

The original patch returned authenticated user for effective and vice
versa.

Reverse the meaning and update the patch.

box.session.su() changes both user and effective user right now.
Changing only the session user seems to be rather difficult:
we need to keep the object allocated somewhere, and keeping
in mind request multiplexor in iproto, with which many requests
can share the same session, it can only be Lua stack.

While at it, change current_user() to effective_user() to
make it less ambiguous.

* Fix box.session.uid returning user id
* Add function box.session.euid returning
effective user id
Closes #2994

Introduce all the necessary ACL for ANSI SQL, as well as SESSION
and USAGE.

Change access storage type from uint8_t to a typedef.

Necessary for gh-2898.

Add error if user given in box.schema.space.create option
was not found

Closes #2068

This patch adds a new function, box.info.memory(). The functions returns
a table with the following fields:

 - data - size of memory in bytes used for storing user data (i.e.
   tuples) in memtx and in vinyl level 0, without taking into account
   memory fragmentation.

 - index - size of memory in bytes used for indexing user data. This
   includes memtx and vinyl memory tree extents, vinyl page index, vinyl
   bloom filters.

 - cache - size of memory in bytes used for caching user data. Memtx
   doesn't have cache so basically this is the size of the vinyl tuple
   cache.

 - tx - size of memory in bytes used up by active transactions. For
   vinyl it is the total size of all allocated struct txv, struct vy_tx,
   struct vy_read_interval, plus tuples pinned by those objects. For
   memtx it is going to be 0 for now as memtx transaction manager
   shouldn't consume much memory. We may want to account struct txn and
   struct txn_stmt there too in future.

 - net - size of memory in bytes used up by network input and output
   buffers.

 - lua - size of memory used by the Lua runtime.

It is supposed to be used by the admin to get a general knowledge about
what's going on with a particular tarantool instance. For more info, per
subsystem statistics are supposed to be used (e.g. box.info.vinyl()).

Closes #934

Add function iproto_mem_used() that returns the total amount of memory
allocated for storing input and output buffers. It will be used by
box.info.memory() implementation to show aggregated network statistics.

Note, to account memory used by output buffers, we have to introduce a
separate slab cache (currently, the cache of the tx cord is used).

Needed for #934

To be reported by box.info.memory().tx

Needed for #934

To be reported by box.info.memory().index

Needed for #934

To be reported by box.info.memory().index

Needed for #934

CALL should check only EXECUTE access on universe instead of
READ, WRITE, EXECUTE.

Closes #3017

At least print an error message when we try to set json log format
for syslog log type.
Do not iterate over all loggers on each SIGHUP.
Style fixes.

* fix a bug in opening syslog file descriptor on Mac (Darwin)
* add comments

If index parts are not specied, default part types ignore space format.
Lets use in default index parts types from a space format.

Closes #2893

* Add check on NULL filename in format functions
* The need of this fix was inspired by possible need of custom loggers
which want to reuse our format functions

* Add struct log
* Add possibility to add logger configuration to global scope
* Refactor functions in say to use them with specified config,
 not only global variable

 This patch was inspired by need of additional logger in audit log
 Relates #2912

* Pull error processing from functions say_XXX_init(file, pipe, sys)
to say_log_init
* Remove error processing with passing point error
message as an argument
* Add new exception IllegalParameters

The ER_INDEX_FIELD_COUNT now stores error message about minimal
field count. Lets rename the errcode to repair consistency and
slightly fix error message.

Closes #2855

If a field type is defined differently in index and in space format,
or in two or more indexes, then print more useful error message:
* What type of mismatch? - space vs index; index vs index;
* Name of mismatched field, if it is defined.

Besides, do not print, which type is defined 'previous' or not
'previous' - it is unknown during tuple_format creation.

Part of #2855

If an index is modified, in index_def_swap it does not swap key_defs.
But index alter can change part types and comparators. Lets swap
key_defs too. Note, that we can not swap key_defs by pointers - they
are stored in memtx trees.

Closes #3000

Every iteration over a secondary index tracks a point in the transaction
manager (due to lookup in the primary index). As a result, if the user
calls 'select' or 'pairs' over a huge data set, it will consume a lot of
memory due to this tracked points, even if the user doesn't uses
transactions.

To mitigate this, let's send all read only transactions to read view
immediately so that tracking is disabled completely during iteration.
Note, with this patch select() called outside a transaction doesn't
populate the cache any more, but it seems to be OK as caching large
select() requests results in cache thrashing.

Closes #2534

Currently, if tx is not NULL, tx->read_view is used, otherwise the
global read view is used. For the sake of #2534 (read view for read only
autocommit statements), we will need to pass an arbitrary read view to
this function. So let's add the corresponding argument. This also allows
us to drop env from the argument list.

While we are at it, let's also inline vy_index_full_by_stmt() as it is a
trivial wrapper around vy_index_get().

Needed for #2534

We don't account latency of point lookups, neither we emit a warning if
a point lookup took > too_long_threshold. To fix this, let's move the
too_long_threshold configuration parameter from vy_env to vy_index_env
and check it in both vy_read_iterator_next() and vy_point_lookup().
This will also allow us not to pass too_long_threshold (or vy_env for
that matter) all the way down to read iterator initialization.

The variable is only used for asserts, which
started to fail sporadically because of a missing initialization
since the last patch.

The point iterator is not actually an iterator: it doesn't have an
internal state and it acts as a function. Wrapping it into the iterator
protocol only complicates its usage. Let's turn it into a function.

This is not necessary, because if the index is primary, its key_def and
cmp_def are the same and so the read iterator will not compare extra
tuple parts as it is the case for secondary indexes.

tuple_extract_key() uses region to store the result. If the region is
not truncated, as it is currently the case, the memory consumption can
rocket sky high during a transaction execution. This is especially
critical in case of select() or pairs() over a secondary index.

To fix that, let's introduce vy_stmt_extract_key() wrapper, which would
store the result on malloc, and use it throughout the code. Note, this
doesn't add malloc() invocations, because malloc() has to be invoked by
vy_index_get() anyway - we just move it up.

A DNS issue can raise a SystemError, applier should handle this error

Fixed #3001

 - Use vy_tuple_compare() instead of vy_stmt_compare() in places where
   we know that both arguments are tuples (type != SELECT).

 - Use vy_tuple_compare() instead of tuple_compare() in the write
   iterator to assure that none of its arguments happens to be a key.

 - Use vy_stmt_compare() instead of vy_tuple_compare_with_key() in the
   read iterator when comparing the resulting statement to the search
   key, because the search key may be a tuple.