Re: Additional message in pg_terminate_backend

Hi all,

Thank you for the continued work on this patch.

Prafulla Ranadive and I reviewed this patch through the patch review
workshop. Overall, we find that the proposed feature is useful. We
have reviewed all five versions and have the following observations.

We agree with Jim's point of view that the v3 approach is better. v5
introduced separate _msg overloads (OID 8223 for
pg_cancel_backend_msg, OID 8222 for pg_terminate_backend_msg), which
adds catalog bloat and forces callers to use a different function
name:

> +{ oid => '8223', descr => 'cancel a server process\' current query',
> proname => 'pg_cancel_backend', provolatile => 'v', prorettype => 'bool',
> proargtypes => 'int4 text', prosrc => 'pg_cancel_backend_msg' },
> +{ oid => '8222', descr => 'terminate a server process',
> proname => 'pg_terminate_backend', provolatile => 'v', prorettype => 'bool',
> proargtypes => 'int4 int8 text', proargnames => '{pid,timeout,message}',
> prosrc => 'pg_terminate_backend_msg' },

V3 keeps one OID per function and stays backward-compatible. v6
restores the v3 approach.

--- a/src/include/catalog/pg_proc.dat
+++ b/src/include/catalog/pg_proc.dat
@@ -6727,19 +6727,14 @@

{ oid => '2171', descr => 'cancel a server process\' current query',
proname => 'pg_cancel_backend', provolatile => 'v', prorettype => 'bool',
- proargtypes => 'int4', prosrc => 'pg_cancel_backend' },
-{ oid => '8223', descr => 'cancel a server process\' current query',
- proname => 'pg_cancel_backend', provolatile => 'v', prorettype => 'bool',
- proargtypes => 'int4 text', prosrc => 'pg_cancel_backend_msg' },
+ proargtypes => 'int4 text', proargnames => '{pid,message}',
+ proargdefaults => '{""}'.
+ prosrc => 'pg_cancel_backend' },
{ oid => '2096', descr => 'terminate a server process',
- proname => 'pg_terminate_backend', provolatile => 'v', prorettype => 'bool',
- proargtypes => 'int4 int8', proargnames => '{pid,timeout}',
- proargdefaults => '{0}',
- prosrc => 'pg_terminate_backend' },
-{ oid => '8222', descr => 'terminate a server process',
proname => 'pg_terminate_backend', provolatile => 'v', prorettype => 'bool',
proargtypes => 'int4 int8 text', proargnames => '{pid,timeout,message}',
- prosrc => 'pg_terminate_backend_msg' },
+ proargdefaults => '{0,""}',
+ prosrc => 'pg_terminate_backend' },

--- a/src/backend/catalog/system_functions.sql
+++ b/src/backend/catalog/system_functions.sql
@@ -378,6 +378,16 @@ BEGIN ATOMIC
END;

+CREATE OR REPLACE FUNCTION
+ pg_cancel_backend(pid integer, message text DEFAULT '')
+ RETURNS boolean STRICT VOLATILE LANGUAGE INTERNAL AS 'pg_cancel_backend'
+ PARALLEL SAFE;
+
+CREATE OR REPLACE FUNCTION
+ pg_terminate_backend(pid integer, timeout int8 DEFAULT 0, message
text DEFAULT '')
+ RETURNS boolean STRICT VOLATILE LANGUAGE INTERNAL AS 'pg_terminate_backend'
+ PARALLEL SAFE;
+

The current approach scans all MaxBackends slots by PID twice. Since
pg_signal_backend() already calls BackendPidGetProc(pid) and has the
PGPROC* in hand, the PGPROC index into allProcs[ ] is the ProcNumber,
which is also the direct index into BackendMsgSlots[]. So v6 changes
the signature to BackendMsgSet(ProcNumber procno, ...) and the call in
pg_signal_backend() passes GetNumberFromPGProc(proc), making the
lookup O(1).

-int BackendMsgSet(pid_t pid, const char *msg)
+int BackendMsgSet(ProcNumber procno, const char *msg)
{
BackendMsgSlot *slot;
int len;
@@ -94,35 +94,26 @@ int BackendMsgSet(pid_t pid, const char *msg)
if (msg == NULL || msg[0] == '\0')
return 0;

- for (int i = 0; i < MaxBackends; ++i)
- {
- slot = &BackendMsgSlots[i];
-
- if (slot->pid == 0 || slot->pid != pid)
- continue;
-
- SpinLockAcquire(&slot->lock);
-
- if (slot->pid != pid)
- {
- SpinLockRelease(&slot->lock);
- break;
- }
+ slot = &BackendMsgSlots[procno];

Also, fixed a stale file-header path in backend_msg.c:

--- a/src/backend/utils/misc/backend_msg.c
+++ b/src/backend/utils/misc/backend_msg.c
@@ -7,7 +7,7 @@
* Portions Copyright (c) 1996-2026, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * src/include/utils/misc/backend_msg.c
+ * src/backend/utils/misc/backend_msg.c

Removed dead NULL checks on msg in pg_cancel_backend_msg() and
pg_terminate_backend_msg() because text_to_cstring() never returns
NULL.

pid = PG_GETARG_INT32(0);
msg = text_to_cstring(PG_GETARG_TEXT_PP(1));
- if (msg == NULL) {
- PG_RETURN_BOOL(false);
- }

Furthermore, the else before the fallback ereport(FATAL) in the
terminate path is missing in v5. Without the else, the fallback
ereport is unreachable when BackendMsgIsSet() is true because
ereport(FATAL) never returns, but it misleads readers into thinking
the generic message is always emitted. Adding an else is also
consistent with the pg_cancel approach. v6 adds else to make the
intent explicit.

- ereport(FATAL,
- (errcode(ERRCODE_ADMIN_SHUTDOWN),
- errmsg("terminating connection due to
administrator command")));
+ else
+ ereport(FATAL,
+ (errcode(ERRCODE_ADMIN_SHUTDOWN),
+ errmsg("terminating connection due to
administrator command")));
}
}

The _internal helper functions (pg_cancel_backend_internal,
pg_terminate_backend_internal) each have only one call site. What is
the intent behind keeping them separate, or can they be inlined
directly into pg_cancel_backend() and pg_terminate_backend()?

Andrey noted that:

> We have a race condition if many backends cancel same backend.
> Won't they mess each other's reason?

The spinlock in BackendMsgSet protects the write, but there is no
atomicity between writing the slot and delivering the signal. Another
backend can overwrite the slot between one writer's write and the
target reading it. Would it be valuable to define the behavior
explicitly, for example last-writer-wins, or document the limitation?

Andrey also raised this about translation:

> Keep in mind that Postgres literals are translated into many languages.
> So text ought to be clear enough for translators to build a sentence
> that precedes termination reason.

The current pattern:

> errmsg("terminating connection due to administrator command: %s", msg)

The colon-append pattern breaks in languages where the reason clause
is structured differently. Any suggestions on how to approach this, or
how similar cases are handled elsewhere in the codebase?

Also, parallel workers receive the generic message as they hit the
IsBackgroundWorker branch in ProcessInterrupts(), which bypasses
BackendMsgGet(). This is fine since parallel workers are ephemeral,
but should it be documented in the docs?

Patch attached.

--

Best Wishes,
Warda Bibi