Robert Haas <robertmhaas@gmail.com> writes:
> On Mon, Apr 15, 2019 at 9:07 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> If we're failing to remove it, and it's below the desired freeze
>> horizon, then we'd darn well better freeze it instead, no?
> I don't know that that's safe. IIRC, the freeze code doesn't cope
> nicely with being given a tuple that actually ought to have been
> deleted. It'll just freeze it anyway, which is obviously bad.
Looking at heap_prepare_freeze_tuple, it looks to me like it'd notice
the problem and throw an error. The two possible reasons for a tuple
to be dead are xmin aborted and xmax committed, right? There are
tests in there that will complain if either of those is true and
the xid is below the freeze horizon.
Given that we don't get here except when the tuple has just become dead,
it probably is all right to assume that it can't possibly get selected
for freezing, and let those tests backstop the assumption.
(BTW, I don't understand why that code will throw "found xmin %u from
before relfrozenxid %u" if HeapTupleHeaderXminFrozen is true? Shouldn't
the whole if-branch at lines 6113ff be skipped if xmin_frozen?)
regards, tom lane
PS: I see that mandrill just replicated the topminnow failure that
started this discussion.