diff --git a/.gitignore b/.gitignore
index bb52af91..e2fcd401 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,4 +8,3 @@ regression.out
 *.gcov
 tags
 
-aqo--?.?.sql
diff --git a/Makefile b/Makefile
index e2b652eb..30d5967a 100644
--- a/Makefile
+++ b/Makefile
@@ -13,14 +13,12 @@ REGRESS =	aqo_disabled \
 			aqo_intelligent \
 			aqo_forced \
 			aqo_learn \
-			schema
+			schema \
+			aqo_CVE-2020-14350
 
 EXTRA_REGRESS_OPTS=--temp-config=$(top_srcdir)/$(subdir)/conf.add
 
-TAP_TESTS = 1
-
-DATA = aqo--1.0.sql aqo--1.0--1.1.sql aqo--1.1--1.2.sql
-DATA_built = aqo--1.2.sql
+DATA = aqo--1.0.sql aqo--1.0--1.1.sql aqo--1.1--1.2.sql aqo--1.2.sql
 
 MODULE_big = aqo
 ifdef USE_PGXS
@@ -34,6 +32,3 @@ include $(top_builddir)/src/Makefile.global
 include $(top_srcdir)/contrib/contrib-global.mk
 endif
 
-
-$(DATA_built): $(DATA)
-	cat $+ > $@
diff --git a/aqo--1.2.sql b/aqo--1.2.sql
new file mode 100644
index 00000000..3d96f0cc
--- /dev/null
+++ b/aqo--1.2.sql
@@ -0,0 +1,130 @@
+-- complain if script is sourced in psql, rather than via CREATE EXTENSION
+\echo Use "CREATE EXTENSION aqo" to load this file. \quit
+
+CREATE TABLE public.aqo_queries (
+	query_hash		int CONSTRAINT aqo_queries_query_hash_idx PRIMARY KEY,
+	learn_aqo		boolean NOT NULL,
+	use_aqo			boolean NOT NULL,
+	fspace_hash		int NOT NULL,
+	auto_tuning		boolean NOT NULL
+);
+
+CREATE TABLE public.aqo_query_texts (
+	query_hash		int CONSTRAINT aqo_query_texts_query_hash_idx PRIMARY KEY REFERENCES public.aqo_queries ON DELETE CASCADE,
+	query_text		text NOT NULL
+);
+
+CREATE TABLE public.aqo_query_stat (
+	query_hash		int CONSTRAINT aqo_query_stat_idx PRIMARY KEY REFERENCES public.aqo_queries ON DELETE CASCADE,
+	execution_time_with_aqo					double precision[],
+	execution_time_without_aqo				double precision[],
+	planning_time_with_aqo					double precision[],
+	planning_time_without_aqo				double precision[],
+	cardinality_error_with_aqo				double precision[],
+	cardinality_error_without_aqo			double precision[],
+	executions_with_aqo						bigint,
+	executions_without_aqo					bigint
+);
+
+CREATE TABLE public.aqo_data (
+	fspace_hash		int NOT NULL REFERENCES public.aqo_queries ON DELETE CASCADE,
+	fsspace_hash	int NOT NULL,
+	nfeatures		int NOT NULL,
+	features		double precision[][],
+	targets			double precision[]
+);
+
+CREATE UNIQUE INDEX aqo_fss_access_idx ON public.aqo_data (fspace_hash, fsspace_hash);
+
+INSERT INTO public.aqo_queries VALUES (0, false, false, 0, false);
+INSERT INTO public.aqo_query_texts VALUES (0, 'COMMON feature space (do not delete!)');
+-- a virtual query for COMMON feature space
+
+CREATE FUNCTION invalidate_deactivated_queries_cache() RETURNS trigger
+	AS 'MODULE_PATHNAME' LANGUAGE C;
+
+CREATE TRIGGER aqo_queries_invalidate AFTER UPDATE OR DELETE OR TRUNCATE
+	ON public.aqo_queries FOR EACH STATEMENT
+	EXECUTE PROCEDURE invalidate_deactivated_queries_cache();
+
+--
+-- Service functions
+--
+
+-- Show query state at the AQO knowledge base
+CREATE FUNCTION public.aqo_status(hash int)
+RETURNS TABLE (
+	"learn"			BOOL,
+	"use aqo"		BOOL,
+	"auto tune"		BOOL,
+	"fspace hash"	INT,
+	"t_naqo"		TEXT,
+	"err_naqo"		TEXT,
+	"iters"			BIGINT,
+	"t_aqo"			TEXT,
+	"err_aqo"		TEXT,
+	"iters_aqo"		BIGINT
+)
+AS $func$
+SELECT	learn_aqo,use_aqo,auto_tuning,fspace_hash,
+		to_char(execution_time_without_aqo[n4],'9.99EEEE'),
+		to_char(cardinality_error_without_aqo[n2],'9.99EEEE'),
+		executions_without_aqo,
+		to_char(execution_time_with_aqo[n3],'9.99EEEE'),
+		to_char(cardinality_error_with_aqo[n1],'9.99EEEE'),
+		executions_with_aqo
+FROM public.aqo_queries aq, public.aqo_query_stat aqs,
+	(SELECT array_length(n1,1) AS n1, array_length(n2,1) AS n2,
+		array_length(n3,1) AS n3, array_length(n4,1) AS n4
+	FROM
+		(SELECT cardinality_error_with_aqo		AS n1,
+				cardinality_error_without_aqo	AS n2,
+				execution_time_with_aqo			AS n3,
+				execution_time_without_aqo		AS n4
+		FROM public.aqo_query_stat aqs WHERE
+			aqs.query_hash = $1) AS al) AS q
+WHERE (aqs.query_hash = aq.query_hash) AND
+	aqs.query_hash = $1;
+$func$ LANGUAGE SQL;
+
+CREATE FUNCTION public.aqo_enable_query(hash int)
+RETURNS VOID
+AS $func$
+UPDATE public.aqo_queries SET
+	learn_aqo = 'true',
+	use_aqo = 'true'
+	WHERE query_hash = $1;
+$func$ LANGUAGE SQL;
+
+CREATE FUNCTION public.aqo_disable_query(hash int)
+RETURNS VOID
+AS $func$
+UPDATE public.aqo_queries SET
+	learn_aqo = 'false',
+	use_aqo = 'false',
+	auto_tuning = 'false'
+	WHERE query_hash = $1;
+$func$ LANGUAGE SQL;
+
+CREATE FUNCTION public.aqo_clear_hist(hash int)
+RETURNS VOID
+AS $func$
+DELETE FROM public.aqo_data WHERE fspace_hash=$1;
+$func$ LANGUAGE SQL;
+
+-- Show queries that contains 'Never executed' nodes at the plan.
+CREATE FUNCTION public.aqo_ne_queries()
+RETURNS SETOF int
+AS $func$
+SELECT query_hash FROM public.aqo_query_stat aqs
+	WHERE -1 = ANY (cardinality_error_with_aqo::double precision[]);
+$func$ LANGUAGE SQL;
+
+CREATE FUNCTION public.aqo_drop(hash int)
+RETURNS VOID
+AS $func$
+DELETE FROM public.aqo_queries aq WHERE (aq.query_hash = $1);
+DELETE FROM public.aqo_data ad WHERE (ad.fspace_hash = $1);
+DELETE FROM public.aqo_query_stat aq WHERE (aq.query_hash = $1);
+DELETE FROM public.aqo_query_texts aq WHERE (aq.query_hash = $1);
+$func$ LANGUAGE SQL;
diff --git a/expected/aqo_CVE-2020-14350.out b/expected/aqo_CVE-2020-14350.out
new file mode 100644
index 00000000..5dafac09
--- /dev/null
+++ b/expected/aqo_CVE-2020-14350.out
@@ -0,0 +1,372 @@
+/*
+ * Check fix for CVE-2020-14350.
+ * See also 7eeb1d986 postgresql commit.
+ */
+SET client_min_messages = 'warning';
+DROP ROLE IF EXISTS regress_hacker;
+SET client_min_messages = 'notice';
+CREATE ROLE regress_hacker LOGIN;
+-- Test 1
+RESET ROLE;
+ALTER ROLE regress_hacker NOSUPERUSER;
+SET ROLE regress_hacker;
+SHOW is_superuser;
+ is_superuser 
+--------------
+ off
+(1 row)
+
+CREATE FUNCTION format(f text, r regclass, t text)
+RETURNS text
+AS $$
+BEGIN
+  ALTER ROLE regress_hacker SUPERUSER;
+  RETURN '';
+END
+$$ LANGUAGE plpgsql RETURNS NULL ON NULL INPUT;
+RESET ROLE;
+CREATE EXTENSION aqo;
+-- Test result (must be 'off')
+SET ROLE regress_hacker;
+SHOW is_superuser;
+ is_superuser 
+--------------
+ off
+(1 row)
+
+RESET ROLE;
+DROP FUNCTION format(text, regclass, text);
+DROP EXTENSION IF EXISTS aqo;
+-- Test 2
+RESET ROLE;
+ALTER ROLE regress_hacker NOSUPERUSER;
+SET ROLE regress_hacker;
+SHOW is_superuser;
+ is_superuser 
+--------------
+ off
+(1 row)
+
+CREATE FUNCTION aqo_status(hash int)
+RETURNS TABLE (
+  "learn"       BOOL,
+  "use aqo"     BOOL,
+  "auto tune"   BOOL,
+  "fspace hash" INT,
+  "t_naqo"      TEXT,
+  "err_naqo"    TEXT,
+  "iters"       BIGINT,
+  "t_aqo"       TEXT,
+  "err_aqo"     TEXT,
+  "iters_aqo"   BIGINT
+)
+AS $$
+BEGIN
+END
+$$ LANGUAGE plpgsql;
+RESET ROLE;
+-- Test result (error expected)
+CREATE EXTENSION aqo;
+ERROR:  function "aqo_status" already exists with same argument types
+SET ROLE regress_hacker;
+CREATE OR REPLACE FUNCTION aqo_status(hash int)
+RETURNS TABLE (
+  "learn"       BOOL,
+  "use aqo"     BOOL,
+  "auto tune"   BOOL,
+  "fspace hash" INT,
+  "t_naqo"      TEXT,
+  "err_naqo"    TEXT,
+  "iters"       BIGINT,
+  "t_aqo"       TEXT,
+  "err_aqo"     TEXT,
+  "iters_aqo"   BIGINT
+)
+AS $$
+BEGIN
+  ALTER ROLE regress_hacker SUPERUSER;
+END
+$$ LANGUAGE plpgsql;
+RESET ROLE;
+SELECT aqo_status(42);
+ aqo_status 
+------------
+(0 rows)
+
+SET ROLE regress_hacker;
+SHOW is_superuser;
+ is_superuser 
+--------------
+ on
+(1 row)
+
+RESET ROLE;
+DROP FUNCTION aqo_status(int);
+DROP EXTENSION IF EXISTS aqo;
+NOTICE:  extension "aqo" does not exist, skipping
+-- Test 3
+RESET ROLE;
+ALTER ROLE regress_hacker NOSUPERUSER;
+SET ROLE regress_hacker;
+SHOW is_superuser;
+ is_superuser 
+--------------
+ off
+(1 row)
+
+CREATE FUNCTION aqo_enable_query(hash int)
+RETURNS VOID
+AS $$
+BEGIN
+END
+$$ LANGUAGE plpgsql;
+RESET ROLE;
+-- Test result (error expected)
+CREATE EXTENSION aqo;
+ERROR:  function "aqo_enable_query" already exists with same argument types
+SET ROLE regress_hacker;
+CREATE OR REPLACE FUNCTION aqo_enable_query(hash int)
+RETURNS VOID
+AS $$
+BEGIN
+  ALTER ROLE regress_hacker SUPERUSER;
+END
+$$ LANGUAGE plpgsql;
+RESET ROLE;
+SELECT aqo_enable_query(42);
+ aqo_enable_query 
+------------------
+ 
+(1 row)
+
+SET ROLE regress_hacker;
+SHOW is_superuser;
+ is_superuser 
+--------------
+ on
+(1 row)
+
+RESET ROLE;
+DROP FUNCTION aqo_enable_query(int);
+DROP EXTENSION IF EXISTS aqo;
+NOTICE:  extension "aqo" does not exist, skipping
+-- Test 4
+RESET ROLE;
+ALTER ROLE regress_hacker NOSUPERUSER;
+SET ROLE regress_hacker;
+SHOW is_superuser;
+ is_superuser 
+--------------
+ off
+(1 row)
+
+CREATE FUNCTION aqo_disable_query(hash int)
+RETURNS VOID
+AS $$
+BEGIN
+END
+$$ LANGUAGE plpgsql;
+RESET ROLE;
+-- Test result (error expected)
+CREATE EXTENSION aqo;
+ERROR:  function "aqo_disable_query" already exists with same argument types
+SET ROLE regress_hacker;
+CREATE OR REPLACE FUNCTION aqo_disable_query(hash int)
+RETURNS VOID
+AS $$
+BEGIN
+  ALTER ROLE regress_hacker SUPERUSER;
+END
+$$ LANGUAGE plpgsql;
+RESET ROLE;
+SELECT aqo_disable_query(42);
+ aqo_disable_query 
+-------------------
+ 
+(1 row)
+
+SET ROLE regress_hacker;
+SHOW is_superuser;
+ is_superuser 
+--------------
+ on
+(1 row)
+
+RESET ROLE;
+DROP FUNCTION aqo_disable_query(int);
+DROP EXTENSION IF EXISTS aqo;
+NOTICE:  extension "aqo" does not exist, skipping
+-- Test 5
+RESET ROLE;
+ALTER ROLE regress_hacker NOSUPERUSER;
+SET ROLE regress_hacker;
+SHOW is_superuser;
+ is_superuser 
+--------------
+ off
+(1 row)
+
+CREATE FUNCTION aqo_clear_hist(hash int)
+RETURNS VOID
+AS $$
+BEGIN
+END
+$$ LANGUAGE plpgsql;
+RESET ROLE;
+-- Test result (error expected)
+CREATE EXTENSION aqo;
+ERROR:  function "aqo_clear_hist" already exists with same argument types
+SET ROLE regress_hacker;
+CREATE OR REPLACE FUNCTION aqo_clear_hist(hash int)
+RETURNS VOID
+AS $$
+BEGIN
+  ALTER ROLE regress_hacker SUPERUSER;
+END
+$$ LANGUAGE plpgsql;
+RESET ROLE;
+SELECT aqo_clear_hist(42);
+ aqo_clear_hist 
+----------------
+ 
+(1 row)
+
+SET ROLE regress_hacker;
+SHOW is_superuser;
+ is_superuser 
+--------------
+ on
+(1 row)
+
+RESET ROLE;
+DROP FUNCTION aqo_clear_hist(int);
+DROP EXTENSION IF EXISTS aqo;
+NOTICE:  extension "aqo" does not exist, skipping
+-- Test 6
+RESET ROLE;
+ALTER ROLE regress_hacker NOSUPERUSER;
+SET ROLE regress_hacker;
+SHOW is_superuser;
+ is_superuser 
+--------------
+ off
+(1 row)
+
+CREATE FUNCTION aqo_drop(hash int)
+RETURNS VOID
+AS $$
+BEGIN
+END
+$$ LANGUAGE plpgsql;
+RESET ROLE;
+-- Test result (error expected)
+CREATE EXTENSION aqo;
+ERROR:  function "aqo_drop" already exists with same argument types
+SET ROLE regress_hacker;
+CREATE OR REPLACE FUNCTION aqo_drop(hash int)
+RETURNS VOID
+AS $$
+BEGIN
+  ALTER ROLE regress_hacker SUPERUSER;
+END
+$$ LANGUAGE plpgsql;
+RESET ROLE;
+SELECT aqo_drop(42);
+ aqo_drop 
+----------
+ 
+(1 row)
+
+SET ROLE regress_hacker;
+SHOW is_superuser;
+ is_superuser 
+--------------
+ on
+(1 row)
+
+RESET ROLE;
+DROP FUNCTION aqo_drop(int);
+DROP EXTENSION IF EXISTS aqo;
+NOTICE:  extension "aqo" does not exist, skipping
+-- Test 7
+RESET ROLE;
+ALTER ROLE regress_hacker NOSUPERUSER;
+SET ROLE regress_hacker;
+SHOW is_superuser;
+ is_superuser 
+--------------
+ off
+(1 row)
+
+CREATE FUNCTION aqo_ne_queries()
+RETURNS SETOF int
+AS $$
+BEGIN
+END
+$$ LANGUAGE plpgsql;
+RESET ROLE;
+-- Test result (error expected)
+CREATE EXTENSION aqo;
+ERROR:  function "aqo_ne_queries" already exists with same argument types
+SET ROLE regress_hacker;
+CREATE OR REPLACE FUNCTION aqo_ne_queries()
+RETURNS SETOF int
+AS $$
+BEGIN
+  ALTER ROLE regress_hacker SUPERUSER;
+END
+$$ LANGUAGE plpgsql;
+RESET ROLE;
+SELECT aqo_ne_queries();
+ aqo_ne_queries 
+----------------
+(0 rows)
+
+SET ROLE regress_hacker;
+SHOW is_superuser;
+ is_superuser 
+--------------
+ on
+(1 row)
+
+RESET ROLE;
+DROP FUNCTION aqo_ne_queries();
+DROP EXTENSION IF EXISTS aqo;
+NOTICE:  extension "aqo" does not exist, skipping
+-- Test 8
+RESET ROLE;
+ALTER ROLE regress_hacker NOSUPERUSER;
+SET ROLE regress_hacker;
+SHOW is_superuser;
+ is_superuser 
+--------------
+ off
+(1 row)
+
+CREATE FUNCTION aqo_migrate_to_1_1_get_pk(rel text)
+RETURNS regclass
+AS $$
+DECLARE
+  ret regclass;
+BEGIN
+  ALTER ROLE regress_hacker SUPERUSER;
+  SELECT * FROM aqo_migrate_to_1_1_get_pk(rel::regclass) INTO ret;
+  RETURN ret;
+END
+$$ LANGUAGE plpgsql;
+RESET ROLE;
+CREATE EXTENSION aqo;
+-- Test result (must be 'off')
+SET ROLE regress_hacker;
+SHOW is_superuser;
+ is_superuser 
+--------------
+ off
+(1 row)
+
+RESET ROLE;
+DROP FUNCTION aqo_migrate_to_1_1_get_pk(text);
+DROP EXTENSION IF EXISTS aqo;
+-- Cleanup
+RESET ROLE;
+DROP ROLE regress_hacker;
diff --git a/sql/aqo_CVE-2020-14350.sql b/sql/aqo_CVE-2020-14350.sql
new file mode 100644
index 00000000..7fff18a4
--- /dev/null
+++ b/sql/aqo_CVE-2020-14350.sql
@@ -0,0 +1,315 @@
+/*
+ * Check fix for CVE-2020-14350.
+ * See also 7eeb1d986 postgresql commit.
+ */
+
+SET client_min_messages = 'warning';
+DROP ROLE IF EXISTS regress_hacker;
+SET client_min_messages = 'notice';
+
+CREATE ROLE regress_hacker LOGIN;
+
+-- Test 1
+RESET ROLE;
+ALTER ROLE regress_hacker NOSUPERUSER;
+
+SET ROLE regress_hacker;
+SHOW is_superuser;
+CREATE FUNCTION format(f text, r regclass, t text)
+RETURNS text
+AS $$
+BEGIN
+  ALTER ROLE regress_hacker SUPERUSER;
+  RETURN '';
+END
+$$ LANGUAGE plpgsql RETURNS NULL ON NULL INPUT;
+
+RESET ROLE;
+CREATE EXTENSION aqo;
+
+-- Test result (must be 'off')
+SET ROLE regress_hacker;
+SHOW is_superuser;
+
+RESET ROLE;
+DROP FUNCTION format(text, regclass, text);
+DROP EXTENSION IF EXISTS aqo;
+
+-- Test 2
+RESET ROLE;
+ALTER ROLE regress_hacker NOSUPERUSER;
+
+SET ROLE regress_hacker;
+SHOW is_superuser;
+
+CREATE FUNCTION aqo_status(hash int)
+RETURNS TABLE (
+  "learn"       BOOL,
+  "use aqo"     BOOL,
+  "auto tune"   BOOL,
+  "fspace hash" INT,
+  "t_naqo"      TEXT,
+  "err_naqo"    TEXT,
+  "iters"       BIGINT,
+  "t_aqo"       TEXT,
+  "err_aqo"     TEXT,
+  "iters_aqo"   BIGINT
+)
+AS $$
+BEGIN
+END
+$$ LANGUAGE plpgsql;
+
+RESET ROLE;
+-- Test result (error expected)
+CREATE EXTENSION aqo;
+
+SET ROLE regress_hacker;
+CREATE OR REPLACE FUNCTION aqo_status(hash int)
+RETURNS TABLE (
+  "learn"       BOOL,
+  "use aqo"     BOOL,
+  "auto tune"   BOOL,
+  "fspace hash" INT,
+  "t_naqo"      TEXT,
+  "err_naqo"    TEXT,
+  "iters"       BIGINT,
+  "t_aqo"       TEXT,
+  "err_aqo"     TEXT,
+  "iters_aqo"   BIGINT
+)
+AS $$
+BEGIN
+  ALTER ROLE regress_hacker SUPERUSER;
+END
+$$ LANGUAGE plpgsql;
+
+RESET ROLE;
+SELECT aqo_status(42);
+
+SET ROLE regress_hacker;
+SHOW is_superuser;
+
+RESET ROLE;
+DROP FUNCTION aqo_status(int);
+DROP EXTENSION IF EXISTS aqo;
+
+-- Test 3
+RESET ROLE;
+ALTER ROLE regress_hacker NOSUPERUSER;
+
+SET ROLE regress_hacker;
+SHOW is_superuser;
+
+CREATE FUNCTION aqo_enable_query(hash int)
+RETURNS VOID
+AS $$
+BEGIN
+END
+$$ LANGUAGE plpgsql;
+
+RESET ROLE;
+-- Test result (error expected)
+CREATE EXTENSION aqo;
+
+SET ROLE regress_hacker;
+CREATE OR REPLACE FUNCTION aqo_enable_query(hash int)
+RETURNS VOID
+AS $$
+BEGIN
+  ALTER ROLE regress_hacker SUPERUSER;
+END
+$$ LANGUAGE plpgsql;
+
+RESET ROLE;
+SELECT aqo_enable_query(42);
+
+SET ROLE regress_hacker;
+SHOW is_superuser;
+
+RESET ROLE;
+DROP FUNCTION aqo_enable_query(int);
+DROP EXTENSION IF EXISTS aqo;
+
+-- Test 4
+RESET ROLE;
+ALTER ROLE regress_hacker NOSUPERUSER;
+
+SET ROLE regress_hacker;
+SHOW is_superuser;
+
+CREATE FUNCTION aqo_disable_query(hash int)
+RETURNS VOID
+AS $$
+BEGIN
+END
+$$ LANGUAGE plpgsql;
+
+RESET ROLE;
+-- Test result (error expected)
+CREATE EXTENSION aqo;
+
+SET ROLE regress_hacker;
+CREATE OR REPLACE FUNCTION aqo_disable_query(hash int)
+RETURNS VOID
+AS $$
+BEGIN
+  ALTER ROLE regress_hacker SUPERUSER;
+END
+$$ LANGUAGE plpgsql;
+
+RESET ROLE;
+SELECT aqo_disable_query(42);
+
+SET ROLE regress_hacker;
+SHOW is_superuser;
+
+RESET ROLE;
+DROP FUNCTION aqo_disable_query(int);
+DROP EXTENSION IF EXISTS aqo;
+
+-- Test 5
+RESET ROLE;
+ALTER ROLE regress_hacker NOSUPERUSER;
+
+SET ROLE regress_hacker;
+SHOW is_superuser;
+
+CREATE FUNCTION aqo_clear_hist(hash int)
+RETURNS VOID
+AS $$
+BEGIN
+END
+$$ LANGUAGE plpgsql;
+
+RESET ROLE;
+-- Test result (error expected)
+CREATE EXTENSION aqo;
+
+SET ROLE regress_hacker;
+CREATE OR REPLACE FUNCTION aqo_clear_hist(hash int)
+RETURNS VOID
+AS $$
+BEGIN
+  ALTER ROLE regress_hacker SUPERUSER;
+END
+$$ LANGUAGE plpgsql;
+
+RESET ROLE;
+SELECT aqo_clear_hist(42);
+
+SET ROLE regress_hacker;
+SHOW is_superuser;
+
+RESET ROLE;
+DROP FUNCTION aqo_clear_hist(int);
+DROP EXTENSION IF EXISTS aqo;
+
+-- Test 6
+RESET ROLE;
+ALTER ROLE regress_hacker NOSUPERUSER;
+
+SET ROLE regress_hacker;
+SHOW is_superuser;
+
+CREATE FUNCTION aqo_drop(hash int)
+RETURNS VOID
+AS $$
+BEGIN
+END
+$$ LANGUAGE plpgsql;
+
+RESET ROLE;
+-- Test result (error expected)
+CREATE EXTENSION aqo;
+
+SET ROLE regress_hacker;
+CREATE OR REPLACE FUNCTION aqo_drop(hash int)
+RETURNS VOID
+AS $$
+BEGIN
+  ALTER ROLE regress_hacker SUPERUSER;
+END
+$$ LANGUAGE plpgsql;
+
+RESET ROLE;
+SELECT aqo_drop(42);
+
+SET ROLE regress_hacker;
+SHOW is_superuser;
+
+RESET ROLE;
+DROP FUNCTION aqo_drop(int);
+DROP EXTENSION IF EXISTS aqo;
+
+-- Test 7
+RESET ROLE;
+ALTER ROLE regress_hacker NOSUPERUSER;
+
+SET ROLE regress_hacker;
+SHOW is_superuser;
+
+CREATE FUNCTION aqo_ne_queries()
+RETURNS SETOF int
+AS $$
+BEGIN
+END
+$$ LANGUAGE plpgsql;
+
+RESET ROLE;
+-- Test result (error expected)
+CREATE EXTENSION aqo;
+
+SET ROLE regress_hacker;
+CREATE OR REPLACE FUNCTION aqo_ne_queries()
+RETURNS SETOF int
+AS $$
+BEGIN
+  ALTER ROLE regress_hacker SUPERUSER;
+END
+$$ LANGUAGE plpgsql;
+
+RESET ROLE;
+SELECT aqo_ne_queries();
+
+SET ROLE regress_hacker;
+SHOW is_superuser;
+
+RESET ROLE;
+DROP FUNCTION aqo_ne_queries();
+DROP EXTENSION IF EXISTS aqo;
+
+-- Test 8
+RESET ROLE;
+ALTER ROLE regress_hacker NOSUPERUSER;
+
+SET ROLE regress_hacker;
+SHOW is_superuser;
+
+CREATE FUNCTION aqo_migrate_to_1_1_get_pk(rel text)
+RETURNS regclass
+AS $$
+DECLARE
+  ret regclass;
+BEGIN
+  ALTER ROLE regress_hacker SUPERUSER;
+  SELECT * FROM aqo_migrate_to_1_1_get_pk(rel::regclass) INTO ret;
+  RETURN ret;
+END
+$$ LANGUAGE plpgsql;
+
+RESET ROLE;
+CREATE EXTENSION aqo;
+
+-- Test result (must be 'off')
+SET ROLE regress_hacker;
+SHOW is_superuser;
+
+RESET ROLE;
+DROP FUNCTION aqo_migrate_to_1_1_get_pk(text);
+DROP EXTENSION IF EXISTS aqo;
+
+-- Cleanup
+RESET ROLE;
+DROP ROLE regress_hacker;
+
diff --git a/t/000_security.pl b/t/000_security.pl
deleted file mode 100644
index 7caf1ba3..00000000
--- a/t/000_security.pl
+++ /dev/null
@@ -1,43 +0,0 @@
-# Acquiring superuser privileges
-use strict;
-use warnings;
-use PostgresNode;
-use TestLib;
-use Test::More tests => 1;
-
-my $node;
-
-# Initialize node
-$node = get_new_node('node');
-$node->init;
-$node->start;
-
-my $query;
-my $is_su;
-
-print($node->safe_psql("postgres", "CREATE USER regress_hacker LOGIN"));
-$is_su = $node->safe_psql('postgres', undef,
-  extra_params => [ '-U', 'regress_hacker', '-c', 'SHOW is_superuser' ]);
-diag("The regress_hacker is superuser: " . $is_su . "\n");
-
-$query = q{
-CREATE FUNCTION format(f text, r regclass, t text)
-RETURNS text
-AS $$
-BEGIN
-  ALTER ROLE regress_hacker SUPERUSER;
-  RETURN '';
-END
-$$ LANGUAGE plpgsql RETURNS NULL ON NULL INPUT;
-};
-
-print($node->safe_psql('postgres', undef,
-  extra_params => [ '-U', 'regress_hacker', '-c', $query ]) . "\n");
-
-$node->psql("postgres", "CREATE EXTENSION aqo");
-
-$is_su = $node->safe_psql('postgres', undef,
-  extra_params => [ '-U', 'regress_hacker', '-c', 'SHOW is_superuser' ]);
-
-diag("The regress_hacker is superuser: " . $is_su . "\n");
-ok($is_su eq 'off');