| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Hiroshi Inoue <Inoue(at)tpf(dot)co(dot)jp> |
| Cc: | "Mikheev, Vadim" <vmikheev(at)SECTORBASE(dot)COM>, pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | Re: SIGTERM -> elog(FATAL) -> proc_exit() is probably a bad idea |
| Date: | 2001-01-15 01:41:33 |
| Message-ID: | 15924.979522893@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hiroshi Inoue <Inoue(at)tpf(dot)co(dot)jp> writes:
>>>> I've thought that the main purpose of CRIT_SECTION is to
>>>> force redo recovery for any errors during the CRIT_SECTION
>>>> to complete the critical operation e.g. bt_split().
>>
>> How could it force redo?
> Doesn't proc_exit(non-zero) force shuttdown recovery ?
It forces a shutdown and restart, but that does not do anything good
that I can see. The WAL log entry hasn't been made, typically, so there
is nothing to redo. If there *were* a log entry, and the redo failed
again (pretty likely), then we'd have an infinite crash/try to
restart/crash cycle, which is just about the worst possible behavior.
So I'm not seeing what the point is.
> Oh you removed the code 20 hours ago. AFAIK, the (equivalent)
> code has lived there from the first appearance of CRIT_SECTION.
> Is there any reason to remove the code ?
Because I think turning an elog(ERROR) into a system-wide crash is
not a good idea ;-). If you are correct that this behavior is necessary
for WAL-related critical sections, then indeed we need two kinds of
critical sections, one that just holds off cancel/die response and one
that turns elog(ERROR) into a dangerous weapon. I'm going to wait and
see Vadim's response before I do anything ...
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2001-01-15 02:29:30 | Re: copy from stdin; bug? |
| Previous Message | Christopher Kings-Lynne | 2001-01-15 01:37:07 | RE: primary keys |