On Fri, Aug 31, 2018 at 02:52:06PM +0900, Kyotaro HORIGUCHI wrote: > The patch inhibits turning off updateMinRecoveryPoint on other > than the startup process running crash-recovery except at the end > of XLogNeedsFlush.
Yes that's a matter of safety, as I put into the truck any modules which may use XLogFlush(). And that maps with the old code, so there is no more surprise. > Even if any other processes than the startup calls the function > during crash recovery, they don't have a means to turn on > updateMinRecoveryPoint again. Actually the only process that > calls the function during crash recovery is the startup. bwriter > and checkpointer doesn't. Hot-standby backends come after > crash-recvery ends. After all, we just won't have an invalid > minRecoveryPoint value there, and updateMinRecoverypoint must be > true. Yes, until a recovery point is reached only the startup process could call that. Now I would imagine that we could have a background worker as well which is spawned when the postmaster starts, and calls those code paths... > + /* > + * No other process than the startup doesn't reach here before crash > + * recovery ends. So minRecoveryPoint must have a valid value here. > + */ > + Assert(minRecoveryPoint != InvalidXLogRecPtr); ... And that would invalidate your assertion here. -- Michael
signature.asc
Description: PGP signature
