OK, I see your point. Can anyone remember why this was needed? I
remember Magnus wanted query cancel, but what was the logic for session
termination?
---------------------------------------------------------------------------
Tom Lane wrote:
> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > I have applied the attached patch:
> > Exit backend from SIGTERM or FATAL by simulating client EOF, rather than
> > calling proc_exit() directly. This should make SIGTERM more reliable.
>
> After further consideration I have concluded that this was a
> spectacularly bad idea and we should revert that patch. There is a very
> large amount of processing that this patch will cause to happen after a
> FATAL error has been declared, and I doubt that any of it is a good
> idea. Some examples:
>
> * AbortCurrentTransaction() --- not too cool if the FATAL error was one
> of the ones in xact.c that are complaining of fatally bollixed
> transaction state.
>
> * pgstat reporting --- aside from the chance of an outright crash, we
> might be transmitting bogus statistics to the collector.
>
> * sending a ReadyForQuery (Z) message --- one thing we quite certainly
> ain't is ReadyForQuery.
>
> * EnableNotifyInterrupt --- this may result in actually trying to run
> a transaction to look through pg_listener :-(
>
> * ProcessConfigFile, if we had a pending SIGHUP --- also not too cool,
> if the FATAL was from guc.c.
>
>
> I am still dubious that zapping random backends with SIGTERM is a sane
> or supportable idea. But this patch does not make things better, it
> simply greatly increases the chance of a FATAL exit turning into a
> backend crash or PANIC.
>
> regards, tom lane
>
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
