Simon Riggs <simon@2ndQuadrant.com> writes:
> On Tue, 2009-12-01 at 16:40 +0200, Heikki Linnakangas wrote:
>> It's not hard to imagine that when a hardware glitch happens
>> causing corruption, it also causes the system to crash. Recalculating
>> the CRCs after crash would mask the corruption.
> They are already masked from us, so continuing to mask those errors
> would not put us in a worse position.
No, it would just destroy a large part of the argument for why this
is worth doing. "We detect disk errors ... except for ones that happen
during a database crash." "Say what?"
The fundamental problem with this is the same as it's been all along:
the tradeoff between implementation work expended, performance overhead
added, and net number of real problems detected (with a suitably large
demerit for actually *introducing* problems) just doesn't look
attractive. You can make various compromises that improve one or two of
these factors at the cost of making the others worse, but at the end of
the day I've still not seen a combination that seems worth doing.
regards, tom lane