Simon Riggs wrote:
> On Mon, 2010-04-19 at 10:24 -0400, Tom Lane wrote:
>> Robert Haas <robertmhaas@gmail.com> writes:
>>> On Mon, Apr 19, 2010 at 5:05 AM, Simon Riggs <simon@2ndquadrant.com> wrote:
>>>> It doesn't seem to be something we should place highly on the list of
>>>> events we need protection from, does it?
>>> Since when do we not protect against race-conditions just because
>>> they're low likelihood?
>> Murphy's law says that the probability of any race condition happening
>> in the field is orders of magnitude higher than you think. This has
>> been proven true many times ...
Right. And some future code changes elsewhere could make it more likely,
by the time we've forgotten all about this.
> Choices are
>
> 1. Check RecoveryInProgress() once outside of lock, plus wild rumour of
> Murphy
>
> 2. Check RecoveryInProgress() before and after holding lock
>
> 3. Check RecoveryInProgress() while holding lock
4. Check RecoveryInProgress() once outside of lock, and scan the
ProcArray anyway, just in case. That's what we did before this patch.
Document that takenDuringRecovery == true means that the snapshot was
most likely taken during recovery, but there is some race conditions
where takenDuringRecovery is true even though the snapshot was taken
just after recovery finished. AFAICS all of the other current uses of
takenDuringRecovery work fine with that.
-- Heikki Linnakangas EnterpriseDB http://www.enterprisedb.com
