On Fri, Jun 21, 2013 at 11:19 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: >> I think that's the Tom Lane theory. The Robert Haas theory is that if >> the postmaster has died, there's no reason to suppose that it hasn't >> corrupted shared memory on the way down, or that the system isn't >> otherwise heavily fuxxored in some way. > > Eh? The postmaster does its level best never to touch shared memory > (after initialization anyway).
And yet it certainly does - see pmsignal.c, for example. Besides which, as Andres points out, if the postmaster is dead, there is zip for a guarantee that some OTHER backend hasn't panicked. I think it's just ridiculous to suppose that the system can run in any sort of reasonable way without the postmaster. The whole reason why we work so hard to make sure that the postmaster doesn't die in the first place is because we need it to clean up when things go horribly wrong. If that cleanup function is important, then we need a living postmaster at all times. If it's not important, then our extreme paranoia about what operations the postmaster is permitted to engage in is overblown. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
