On Thu, May 11, 2023 at 1:40 PM Peter Geoghegan <p...@bowt.ie> wrote: > Just to be clear, I am not proposing changing the name of > anti-wraparound autovacuum at all. What I'd like to do is use a term > like "XID exhaustion" to refer to the state that we internally refer > to as xidStopLimit. My motivation is simple: we've completely > terrified users by emphasizing wraparound, which is something that is > explicitly and prominently presented as a variety of data corruption. > The docs say this: > > "But since transaction IDs have limited size (32 bits) a cluster that > runs for a long time (more than 4 billion transactions) would suffer > transaction ID wraparound: the XID counter wraps around to zero, and > all of a sudden transactions that were in the past appear to be in the > future — which means their output become invisible. In short, > catastrophic data loss."
Notice that this says that "catastrophic data loss" occurs when "the XID counter wraps around to zero". I think that this was how it worked before the invention of freezing, over 20 years ago -- the last time the system would allocate about 4 billion XIDs without doing any freezing. While it is still possible to corrupt the database in single user mode, it has precisely nothing to do with the point that "the XID counter wraps around to zero". I believe that this wording has done not insignificant damage to the project's reputation. But let's assume for a moment that there's only a tiny chance that I'm right about all of this -- let's assume I'm probably just being alarmist about how this has been received in the wider world. Even then: why take even a small chance? -- Peter Geoghegan
