On 18/04/18 09:55, Thomas Munro wrote:
Here's a draft patch that does that. One contentious question is: should you have to opt *in* to auto-exit-on-postmaster death? Andres opined that you should. I actually think it's not so bad if you don't have to do that, and instead have to opt out. I think of it as a kind of 'process cancellation point' or a quiet PANIC that you can opt out of. It's nice to remove the old boilerplate code without having to add a new boilerplate event that you have to remember every time. Any other opinions?
Hmm. Exiting on postmaster death by default does feel a bit too magical to me. But as your patch points out, there are currently no places where you *don't* want to exit on postmaster death, some callers just prefer to handle it themselves. And I like having a default or something to make sure that all call sites in the future will also exit quickly.
I'd suggest that we add a new WL_EXIT_ON_POSTMASTER_DEATH flag, making it opt-on. But add an assertion in WaitLatchOrSocket:
Assert ((wakeEvents & (WL_EXIT_POSTMASTER_DEATH | WL_POSTMASTER_DEATH)) != 0);
That ensures that all callers either use WL_EXIT_ON_POSTMASTER_DEATH, or WL_POSTMASTER_DEATH to handle it in the caller. Having to specify WL_EXIT_ON_POSTMASTER_DEATH reminds you that the call might exit(), so if that's not what you want, you need to do something else. But the assertion makes sure that all callers deal with postmaster death in some way.
- Heikki
