Hi,
On 2018-07-19 15:49:35 -0400, Tom Lane wrote:
> Andres Freund <andres@anarazel.de> writes:
> > On 2018-07-19 11:57:25 +0300, Heikki Linnakangas wrote:
> >> The regular backend's quickdie() function is more tricky. It should also
> >> call _exit(2) rather than exit(2). But it also tries to ereport a WARNING,
> >> and that is quite useful.
>
> There's already an on_exit_reset in there; why do we need more than that?
Because there's plenty things, many of which are not signal safe,
running atexit handlers, not necessarily just ours. exit() simply isn't
signal safe. In Asim's case that's a gnutls (where did that come from)
atexit(). There's plenty other libraries with things like that, not to
speak of PLs.
> > Is that actually true? Clients like libpq create the same error message
> > (which has its own issues, because it'll sometimes mis-interpret
> > things). The message doesn't actually have useful content, no?
>
> Yes, it does: it lets users tell the difference between exit due to a
> SIGQUIT and a crash of their own backend.
Not really reliably, though. Given that we can deadlock, the message
might not arrive, the absence doesn't allow to infer that it was a
crash.
> Admittedly, if we crash trying to send the message, then we're not
> better off. But since that happens only very rarely, I do not think
> it's a reasonable tradeoff to never send it at all.
Failovers that randomly take longer aren't all that harmless.
Greetings,
Andres Freund