Re: [HACKERS] SIGTERM -> elog(FATAL) -> proc_exit() is probably a bad idea

[Hiroshi Inoue]

Tom Lane wrote: > > Hiroshi Inoue <[EMAIL PROTECTED]> writes: > >>>> I've thought that the main purpose of CRIT_SECTION is to > >>>> force redo recovery for any errors during the CRIT_SECTION > >>>> to complete the critical operation e.g. bt_split(). > >> > >> How could it force redo? > > > Doesn't proc_exit(non-zero) force shuttdown recovery ? > > It forces a shutdown and restart, but that does not do anything good > that I can see. The WAL log entry hasn't been made, typically, so there > is nothing to redo. If there *were* a log entry, and the redo failed > again (pretty likely), then we'd have an infinite crash/try to > restart/crash cycle, which is just about the worst possible behavior. > So I'm not seeing what the point is. > It seems a nature of 7.1 recovery scheme. Once a WAL log entry is made, recovery should complete the log in regardless of the cause of recovery(elog, system error like SEGV etc). I've wondered why no one has asked how we could recover from a recovery failure. Unfortunately, I don't know the answer. Recovery failure seems veeeeery serious because postmaster couldn't start if the startup recovery fails. In addtion I have another anxiety. I don't know how robust WAL is against general bugs not directly related to WAL. Regards. Hiroshi Inoue