Re: Catching resource leaks during WAL replay

Heikki Linnakangas <hlinnakangas(at)vmware(dot)com> writes:
> On 28.03.2013 01:01, Tom Lane wrote:
>> Simon Riggs<simon(at)2ndQuadrant(dot)com> writes:
>>> I'm inclined to think that the overhead isn't worth the trouble. This
>>> is the only bug of its type we had in recent years.

>> I agree that checking for resource leaks after each WAL record seems
>> too expensive compared to what we'd get for it. But perhaps it's worth
>> making a check every so often, like at restartpoints?

> That sounds very seldom. How about making it an assertion to check after
> every record? I guess I'll have to do some testing to see how expensive
> it really is.

Well, the actually productive part of this patch is to reduce such a
failure from ERROR to WARNING, which seems like it probably only
requires *one* resource cleanup after we exit the apply loop. Doing it
per restartpoint is probably reasonable to limit the resource owner's
memory consumption (if there were a leak) over a long replay sequence.
I am really not seeing much advantage to doing it per record.

I suppose you are thinking of being helpful during development, but if
anything I would argue that the current behavior of a hard failure is
best for development. It guarantees that the developer will notice the
failure, if it occurs at all in his test scenario; whereas a WARNING
that goes only to the postmaster log will be very very easily missed.

regards, tom lane