Re: SIGTERM -> elog(FATAL) -> proc_exit() is probably a bad idea
| От | Tom Lane |
|---|---|
| Тема | Re: SIGTERM -> elog(FATAL) -> proc_exit() is probably a bad idea |
| Дата | |
| Msg-id | 15924.979522893@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: SIGTERM -> elog(FATAL) -> proc_exit() is probably a bad idea (Hiroshi Inoue <Inoue@tpf.co.jp>) |
| Список | pgsql-hackers |
Hiroshi Inoue <Inoue@tpf.co.jp> writes:
>>>> I've thought that the main purpose of CRIT_SECTION is to
>>>> force redo recovery for any errors during the CRIT_SECTION
>>>> to complete the critical operation e.g. bt_split().
>>
>> How could it force redo?
> Doesn't proc_exit(non-zero) force shuttdown recovery ?
It forces a shutdown and restart, but that does not do anything good
that I can see. The WAL log entry hasn't been made, typically, so there
is nothing to redo. If there *were* a log entry, and the redo failed
again (pretty likely), then we'd have an infinite crash/try to
restart/crash cycle, which is just about the worst possible behavior.
So I'm not seeing what the point is.
> Oh you removed the code 20 hours ago. AFAIK, the (equivalent)
> code has lived there from the first appearance of CRIT_SECTION.
> Is there any reason to remove the code ?
Because I think turning an elog(ERROR) into a system-wide crash is
not a good idea ;-). If you are correct that this behavior is necessary
for WAL-related critical sections, then indeed we need two kinds of
critical sections, one that just holds off cancel/die response and one
that turns elog(ERROR) into a dangerous weapon. I'm going to wait and
see Vadim's response before I do anything ...
regards, tom lane
В списке pgsql-hackers по дате отправления: