| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Andrei Lepikhov <a(dot)lepikhov(at)postgrespro(dot)ru> |
| Cc: | reid(dot)thompson(at)crunchydata(dot)com, Arne Roland <A(dot)Roland(at)index(dot)de>, Andres Freund <andres(at)anarazel(dot)de>, "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org>, vignesh C <vignesh21(at)gmail(dot)com>, Justin Pryzby <pryzby(at)telsasoft(dot)com>, Ibrar Ahmed <ibrar(dot)ahmad(at)gmail(dot)com>, "stephen(dot)frost" <stephen(dot)frost(at)crunchydata(dot)com> |
| Subject: | Re: Add the ability to limit the amount of memory that can be allocated to backends. |
| Date: | 2023-10-20 12:39:33 |
| Message-ID: | ZTJ1BfHC99LSzoHw@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Greetings,
* Andrei Lepikhov (a(dot)lepikhov(at)postgrespro(dot)ru) wrote:
> The only issue I worry about is the uncertainty and clutter that can be
> created by this feature. In the worst case, when we have a complex error
> stack (including the extension's CATCH sections, exceptions in stored
> procedures, etc.), the backend will throw the memory limit error repeatedly.
I'm not seeing what additional uncertainty or clutter there is- this is,
again, exactly the same as what happens today on a system with
overcommit disabled and I don't feel like we get a lot of complaints
about this today.
> Of course, one failed backend looks better than a surprisingly killed
> postmaster, but the mix of different error reports and details looks
> terrible and challenging to debug in the case of trouble. So, may we throw a
> FATAL error if we reach this limit while handling an exception?
I don't see why we'd do that when we can do better- we just fail
whatever the ongoing query or transaction is and allow further requests
on the same connection. We already support exactly that and it works
really rather well and I don't see why we'd throw that away because
there's a different way to get an OOM error.
If you want to make the argument that we should throw FATAL on OOM when
handling an exception, that's something you could argue independently of
this effort already today, but I don't think you'll get agreement that
it's an improvement.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | jian he | 2023-10-20 12:45:05 | Re: SQL:2011 application time |
| Previous Message | Stephen Frost | 2023-10-20 12:35:04 | Re: [PoC/RFC] Multiple passwords, interval expirations |