> On Sep 9, 2021, at 11:21 AM, Robert Haas <robertmh...@gmail.com> wrote:
>
> They have to check whether WAL has become prohibited
> and error out if so, and they need to do so before entering the
> critical section - because if the problem were detected for the first
> time inside the critical section it would escalate to a PANIC, which
> we do not want.
But that is the part that is still not clear. Should the comment say that a
concurrent change to prohibit wal after the current process checks but before
the current process exists the critical section will result in a panic? What
is unclear about the comment is that it implies that a check before the
critical section is sufficient, but ordinarily one would expect a lock to be
held and the check-and-lock dance to carefully avoid any race condition. If
somehow this is safe, the logic for why it is safe should be spelled out. If
not, a mia culpa saying, "hey, were not terribly safe about this" should be
explicit in the comment.
—
Mark Dilger
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
