|From:||Andres Freund <andres(at)anarazel(dot)de>|
|To:||Chris Travers <chris(dot)travers(at)adjust(dot)com>|
|Cc:||Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, pgsql-hackers(at)lists(dot)postgresql(dot)org|
|Subject:||Re: Proposal for Signal Detection Refactoring|
|Views:||Raw Message | Whole Thread | Download mbox|
On 2019-01-23 11:55:09 +0100, Chris Travers wrote:
> +Implementation Notes on Globals and Signal/Event Handling
> +The approch to signal handling in PostgreSQL is designed to strictly conform
> +with the C89 standard and designed to run with as few platform assumptions as
I'm not clear as to what that means. For one we don't target C99
anymore, for another a lot of the signal handling stuff we do isn't
defined by C99, but versions of posix.
> +The primary constraint in signal handling is that things are interruptable.
> +This means that the signal handler may be interrupted at any point and that
> +execution may return to it at a later point in time.
That seems wrong. The primary problem is that *non* signal handler code
can be interrupted at ay time. Sure signal handlers interrupting each
other is a thing, but comparatively that doesn't add a ton of
> +How PostgreSQL Handles Signals
> +Most signals (except SIGSEGV, and SIGKILL) are blocked by PostgreSQL
> +during process startup. Certain signals are given specific meaning and
> +trapped by signal handlers. The primary signal handlers of the backends,
> +located in src/backend/tcop/postgres.c, typically just write to variables of
> +sig_atomic_t (as documented below) and return control back to the main code.
Note that the other absolutely crucial thing is to save/restore errno.
I don't really think that signals handlers "return control back to the
> +An exception is made for SIGQUIT which is used by the postmaster to terminate
> +backend sessions quickly when another backend dies so that the postmaster
> +may re-initialize shared memory and otherwise return to a known-good state.
> +The signals are then checked later when the CHECK_FOR_INTERRUPTS() macro is
> +called. This macro conditionally calls CheckPendingInterrupts in
> +src/backend/tcop/postgres.c if InterruptPending is set. This allows for
> +query cancellation and process termination to be done, under ordiary cases,
> +in a timely and orderly way, without posing problems for shared resources such
> +as shard memory and semaphores.
> +CHECK_FOR_INTERRUPTS() may be called only when there is no more cleanup to do
> +because the query or process may be aborted. However query cancellation
> +requests and SIGTERM signals will not be processed until the next time this is
I don't think that's correct. Most resources can be cleaned up at
> +Checking and Handling Interrupts
> +CHECK_FOR_SIGNALS() may cause a non-local exit because the function it wraps
> +utilizes PostgreSQL's built-in exception framework (ereport) to abort queries
> +and can call exit() to exit a orocess.
You mean CHECK_FOR_INTERRUPTS?
> +For this reason, it is imperative that CHECK_FOR_INTERRUPTS() is not called in
> +places that require additional cleanup, such as dynamic shared memory, temporary
> +files, or any other shared resource. Instead CHECK_FOR_INTERRUPTS() should be
> +called at the next point when it is safe to do so.
That's largely wrong, there's cleanup mechanisms fo rmost of the above.
|Next Message||Andres Freund||2019-02-14 19:13:16||Re: INSTALL file|
|Previous Message||Andres Freund||2019-02-14 18:59:05||Re: Using POPCNT and other advanced bit manipulation instructions|