> On Sep 9, 2021, at 11:21 AM, Robert Haas <robertmhaas@gmail.com> wrote:
>
> They have to check whether WAL has become prohibited
> and error out if so, and they need to do so before entering the
> critical section - because if the problem were detected for the first
> time inside the critical section it would escalate to a PANIC, which
> we do not want.
But that is the part that is still not clear. Should the comment say that a concurrent change to prohibit wal after
thecurrent process checks but before the current process exists the critical section will result in a panic? What is
unclearabout the comment is that it implies that a check before the critical section is sufficient, but ordinarily one
wouldexpect a lock to be held and the check-and-lock dance to carefully avoid any race condition. If somehow this is
safe,the logic for why it is safe should be spelled out. If not, a mia culpa saying, "hey, were not terribly safe
aboutthis" should be explicit in the comment.
—
Mark Dilger
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
