On 2018-05-08 18:04:07 -0400, Tom Lane wrote:
> Andres Freund <andres@anarazel.de> writes:
> > Well, the question is if that'd ever have us defer killing the process
> > for longer. quickdie is intended to actually die quickly.
>
> Yeah. Though now that we have the postmaster mechanism to wait-five-
> seconds-then-SIGKILL, maybe we could rethink that requirement? If we
> reimplemented SIGQUIT to work more like SIGTERM, it would surely be
> a lot safer. There would be cases where a stuck backend wouldn't
> respond and it'd eventually get SIGKILL'd, but in return we'd get rid
> of problems like this one.
Right now we intentionally do not accept interrupts in a couple places
where we want to die quickly because we're making persistent changes. I
don't think it'd be good to continue e.g. committing any longer than
possible after one process segfaulted. One counter-argument to that is
that the timing right now is far from synchronous either.
Greetings,
Andres Freund
