Tom Lane wrote:
> I wrote:
>> The first idea that comes to mind is to have some sort of "dead man
>> switch" that flags an active backend and is reset by proc_exit() after
>> it's finished cleaning up everything else. If the postmaster sees
>> this flag still set after backend exit, then it treats the backend as
>> having crashed regardless of what the reported exit code is.
>
> Another thought that came to mind: we could set up an atexit hook that
> does all the work that proc_exit() currently does, and reduce
> proc_exit() itself to just an exit() call. psql already relies on
> having atexit (or on_exit) so this doesn't appear to add any new
> portability issues.
>
> This will probably not fix the Vista taskmanager issue, since I'll
> bet it's not running atexit hooks anyway. What it would do is improve
> the situation so that a "clueless" exit() call would be no worse than
> elog(FATAL), rather than triggering a DB-wide restart as the dead man
> switch would do.
This sounds like a good idea in general - because it will avoid having
to restart on unix.
It'd still have to be combined with the dead-man-switch idea to defend
completely. But it could be worthwhile doing anyway, for other platforms.
//Magnus
