| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov> |
| Cc: | rlowe(at)pablowe(dot)net, pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #6497: Error sent to client, but data written anyway |
| Date: | 2012-02-28 22:42:10 |
| Message-ID: | 29380.1330468930@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
"Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov> writes:
> Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> Huh? If the backend dumped core before you sent it the commit,
>> the data will certainly not be committed. It might be physically
>> present on disk, but it won't be considered valid.
> I suppose that there is a window of time between the commit becoming
> effective and the return to the application which, from a user
> perspective, would be hard to distinguish from what the OP
> described. I don't really see how that can be avoided, though,
> short of a transaction manager using 2PC. Any time the server
> crashes while a COMMIT is pending, one must check to see whether it
> "took".
Yeah, a post-commit crash leaves you in doubt about whether the commit
"took", but you get into byzantine-generals issues as soon as you try to
design that out. Consider the possibility that the commit went fine but
the network eats the reply packet saying so. Really, any application
that is constructed to reconnect and retry has got to have logic to test
whether the commit occurred, not just assume that it did or didn't.
(2PC is hardly a magic bullet for this, either.)
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Curd Reinert | 2012-02-29 09:57:56 | Re: BUG #6494: Listening to * fails for IP V6 |
| Previous Message | Kevin Grittner | 2012-02-28 22:01:40 | Re: BUG #6497: Error sent to client, but data written anyway |