Re: always forced restart after status 139?

Did not mean to give the impression I was going to put a buggy extension
into production. Relax guys. I've fixed the bug that was causing the
initial seg fault. Just trying to cover all the bases here and understand
what we need to do in our front end "if" we've overlooked something in one
of our extensions. Thanks for the help and clarifications.

Jason

-----Original Message-----
From: Tom Lane [mailto:tgl(at)sss(dot)pgh(dot)pa(dot)us]
Sent: Monday, March 18, 2002 2:47 PM
To: Jason Williams
Cc: Dominic J. Eidson; pgsql-general(at)postgresql(dot)org
Subject: Re: [GENERAL] always forced restart after status 139?

"Jason Williams" <jwilliams(at)wc-group(dot)com> writes:
> The problem is this: we are planning to make this database for a
commercial
> website that will handle financial transactions. What will happen if the
> database receives a seg fault and another user of the database is in the
> middle of submitting a "critical" update? I'm assuming it will rollback
> gracefully?

The seg fault as such is not a problem. What concerns me a tad is that
your buggy C extension may scribble on shared-memory disk buffers at
some point before it causes an outright crash. If corrupted data
manages to get written to disk before the backend crash and ensuing
restart, there's no guarantee we can clean it up. The odds of this are
probably not high (assuming you use conservatively-sized shared buffers,
rather than a large fraction of your address space as some here have
been known to suggest) ... but they're not zero.

I concur with Dominic: fix your extension *before* you put it in
production, not after. If you don't have confidence in your ability
to get the bugs out then maybe you shouldn't be writing C functions.
The interpreted PLs are a great deal safer.

regards, tom lane