On Tue, 19 Jan 2021, 02:01 Robert Haas, <robertmh...@gmail.com> wrote:
> On Mon, Jan 18, 2021 at 11:56 AM Tom Lane <t...@sss.pgh.pa.us> wrote: > > > I've wanted this in the past, too, so +1 from me. > > > > I dunno, this seems pretty scary and easily abusable. There's not all > > that much that can be done safely in ProcessInterrupts(), and we should > > not be encouraging extensions to think they can add random processing > > there. > > We've had this disagreement before about other things, and I just > don't agree. If somebody uses a hook for something wildly unsafe, that > will break their stuff, not ours. Generally yeah. And we have no shortage of hooks with plenty of error or abuse potential and few safeguards already. I'd argue that in C code any external code is inherently unsafe anyway. So it's mainly down to whether the hook actively encourages unsafe actions without providing commensurate benefits, and whether there's a better/safer way to achieve the same thing. That's not to say I endorse adding hooks for random purposes in random places. In particular, if it's > impossible to use a particular hook in a reasonably safe way, that's a > sign that the hook is badly-designed and that we should not have it. > Yep. Agreed. Any hook is possible to abuse or write incorrectly, from simple fmgr loadable functions right on up. The argument that a hook could be abused would apply just as well to exposing pqsignal() itself to extensions. Probably more so. Also to anything like ProcessUtility_hook. > > We're about halfway there already, see 7e784d1dc. I didn't do the > > other half because it wasn't necessary to the problem, but exposing > > the shutdown state more fully seems reasonable. > Excellent, I'll take a look. Thanks.
