Hi,
On 2021-03-15 13:58:02 -0700, Peter Geoghegan wrote:
> On Mon, Mar 15, 2021 at 12:58 PM Peter Geoghegan <pg@bowt.ie> wrote:
> > > I'm not comfortable with this change without adding more safety
> > > checks. If there's ever a case in which the HEAPTUPLE_DEAD case is hit
> > > and the xid needs to be frozen, we'll either cause errors or
> > > corruption. Yes, that's already the case with params->index_cleanup ==
> > > DISABLED, but that's not that widely used.
> >
> > I noticed that Noah's similar 2013 patch [1] added a defensive
> > heap_tuple_needs_freeze() + elog(ERROR) to the HEAPTUPLE_DEAD case. I
> > suppose that that's roughly what you have in mind here?
>
> I'm not sure if you're arguing that there might be (either now or in
> the future) a legitimate case (a case not involving data corruption)
> where we hit HEAPTUPLE_DEAD, and find we have an XID in the tuple that
> needs freezing. You seem to be suggesting that even throwing an error
> might not be acceptable, but what better alternative is there? Did you
> just mean that we should throw a *better*, more specific error right
> there, when we handle HEAPTUPLE_DEAD? (As opposed to relying on
> heap_prepare_freeze_tuple() to error out instead, which is what would
> happen today.)
Right now (outside of the index-cleanup-disabled path), we very well may
just actually successfully and correctly do the deletion? So there
clearly is another option?
See my email from a few minutes ago for a somewhat crude idea for how to
tackle the issue differently...
Greetings,
Andres Freund