Re: [PATCH] ProcessInterrupts_hook

On Tue, 19 Jan 2021, 02:01 Robert Haas, <robertmhaas(at)gmail(dot)com> wrote:

> On Mon, Jan 18, 2021 at 11:56 AM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> > > I've wanted this in the past, too, so +1 from me.
> >
> > I dunno, this seems pretty scary and easily abusable. There's not all
> > that much that can be done safely in ProcessInterrupts(), and we should
> > not be encouraging extensions to think they can add random processing
> > there.
>
> We've had this disagreement before about other things, and I just
> don't agree. If somebody uses a hook for something wildly unsafe, that
> will break their stuff, not ours.

Generally yeah.

And we have no shortage of hooks with plenty of error or abuse potential
and few safeguards already. I'd argue that in C code any external code is
inherently unsafe anyway. So it's mainly down to whether the hook actively
encourages unsafe actions without providing commensurate benefits, and
whether there's a better/safer way to achieve the same thing.

That's not to say I endorse adding

hooks for random purposes in random places. In particular, if it's
> impossible to use a particular hook in a reasonably safe way, that's a
> sign that the hook is badly-designed and that we should not have it.
>

Yep. Agreed.

Any hook is possible to abuse or write incorrectly, from simple fmgr
loadable functions right on up.

The argument that a hook could be abused would apply just as well to
exposing pqsignal() itself to extensions. Probably more so. Also to
anything like ProcessUtility_hook.

> > We're about halfway there already, see 7e784d1dc. I didn't do the
> > other half because it wasn't necessary to the problem, but exposing
> > the shutdown state more fully seems reasonable.
>

Excellent, I'll take a look. Thanks.