Re: Fatal Errors

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Simon Riggs <simon(at)2ndQuadrant(dot)com>
Cc: pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Fatal Errors
Date: 2008-09-29 16:14:57
Message-ID: 13379.1222704897@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Simon Riggs <simon(at)2ndQuadrant(dot)com> writes:
> * Might we make AbortTransaction critical just as far as the
> END_CRIT_SECTION after XLogInsert in RecordTransactionAbort(), but no
> further? Don't expect yes, but seems worth recording thoughts.

The problem is that pretty much everything that proc_exit runs would
have to become critical, AFAICS. And a lot of that code is explicitly
intended not to be critical --- that's why we split it up into multiple
proc_exit callbacks. If one fails we pick up with the next, after a
recursive call to elog().

In any case it is clear that there will be failure cases where an
abort record cannot be written --- out of disk space for WAL being
one obvious example. Are we sure that we can, or want to, guarantee
that those all result in PANIC? (We do already PANIC on out of disk
space for WAL, but I'm not so sure about generalizing that to any
possible failure.)

>> Thought you were trying to get rid of the shutdown checkpoint during
>> restart?

> Yes, but if I do there would still be a WAL record of some kind there to
> allow us to confirm the change of tli.

> Anyway, I thought you wanted me to keep it now?

No, I don't have a strong opinion one way or the other on that bit.
But an ordinary crash and restart shouldn't generate a tli change.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Simon Riggs 2008-09-29 17:06:20 Re: Fatal Errors
Previous Message David E. Wheeler 2008-09-29 16:08:09 Re: Ad-hoc table type?