Re: Proposed change to make cancellations safe - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Proposed change to make cancellations safe
Date
Msg-id 25468.1461706759@sss.pgh.pa.us
Whole thread Raw
In response to Re: Proposed change to make cancellations safe  (Robert Haas <robertmhaas@gmail.com>)
List pgsql-hackers
Robert Haas <robertmhaas@gmail.com> writes:
> On Mon, Apr 25, 2016 at 12:16 PM, Shay Rojansky <roji@roji.org> wrote:
>> Sure. I'd consider sending in a patch, but as this is a protocol-changing
>> feature it seems like working on this before the team "officially" starts
>> working on a new protocol might be a waste of time. Once there's critical
>> mass for a new protocol and agreement that PostgreSQL is going for it I'd be
>> happy to work on it.

> I don't immediately see a reason why this couldn't be done as an
> isolated change.  Suppose that we change the server to allow a cancel
> request to be either 16 bytes or 20 bytes, rather than always 16 bytes
> as they are currently.  Clients will need to be careful not to send
> the new type of cancel request to a server that is too old to
> understand it, but since they've got an active connection,
> server_version will have been previously reported.

> More generally, as long as new protocol bits are client-initiated, I
> don't think we really need to bump the protocol version.  If we want
> to change the kinds of responses the server sends or structurally
> change the format of protocol messages or deprecate messages that
> exist now, then we do.

Meh --- I'm fairly suspicious of shoehorning things in and pretending
it's not a protocol change.  That usually leads to crufty and ultimately
unmaintainable designs, because you're forced to do strange things when
you do it that way.  (Cf the COPY RAW thread for a recent example.)

Having said that, CANCEL is sufficiently outside the normal protocol
that maybe you are right: we could invent what amounts to a new cancel
protocol and trust clients to look at server_version to know what to send.

One problem is that we really ought to widen the random cancel key while
we're at it; 32 bits doesn't seem like enough to prevent brute-force
searches anymore.  However, since the cancel key is transmitted from the
server within the normal protocol, I don't see any way to do that without
a compatibility break.

Is there anything else people have complained about w.r.t. CANCEL?
        regards, tom lane



pgsql-hackers by date:

Previous
From: Andres Freund
Date:
Subject: Re: [BUGS] Breakage with VACUUM ANALYSE + partitions
Next
From: David Rowley
Date:
Subject: Re: EXPLAIN VERBOSE with parallel Aggregate