"Mikheev, Vadim" <vmikheev@SECTORBASE.COM> writes:
>>>>> Killing an individual backend with SIGTERM is bad luck.
> SIGTERM --> die() --> elog(FATAL)
> Is it true that elog(FATAL) doesn't clean up shmem etc?
> This would be very bad...
It tries, but I don't think it's possible to make a complete guarantee
without an unreasonable amount of overhead. The case at hand was a
stuck spinlock because die() --> elog(FATAL) had neglected to release
that particular spinlock before exiting. To guarantee that all
spinlocks will be released by die(), we'd need something like
START_CRIT_SECTION;S_LOCK(spinlock);record that we own spinlock;END_CRIT_SECTION;
around every existing S_LOCK() call, and the reverse around every
S_UNLOCK. Are you willing to pay that kind of overhead? I'm not
sure this'd be enough anyway. Guaranteeing that you have consistent
state at every instant that an ISR could interrupt you is not easy.
regards, tom lane