"scott.marlowe" <scott.marlowe@ihs.com> writes:
>> Unfortunately not --- at checkpoint time, the constraint goes the other
>> way. We have to be sure all the data file updates are down to disk
>> before we write a checkpoint record to the WAL log. So you can still
>> get screwed if the data-file drive lies about write completion.
> Hmmm. OK. Would the transaction size be an issue here? I.e. would small
> transactions likely be safer against corruption than large transactions?
Transaction size would make no difference AFAICS. Reducing the interval
between checkpoints might make things safer in such a case.
> I ask because most of the testing I did was with pgbench running 100+
> simos (on a -s 100 pgbench database) and as long as the WAL drive was
> fsyncing correctly, the database survived.
Did you try pulling the plug immediately after a CHECKPOINT command
completes? You could test by manually issuing a CHECKPOINT while
pgbench runs, and yanking power as soon as the prompt comes back.
regards, tom lane
