Re: Question about reliability? - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Question about reliability?
Date
Msg-id 6380.973784608@sss.pgh.pa.us
Whole thread Raw
In response to Question about reliability?  (Philip Warner <pjw@rhyme.com.au>)
Responses Re: Question about reliability?
Re: Question about reliability?
List pgsql-hackers
Philip Warner <pjw@rhyme.com.au> writes:
> I'd be interested to know the reason for killing the other backends;

Because they all share the same shared-memory pool.  After a backend
crash you can't be sure whether shared memory is corrupted or not.
(Even if it's not been actively scribbled on by code gone wild, there
are still going to be proc-table and lock-table entries for the failed
backend, and we have no other mechanism for getting rid of those.)

> Would there be any potential to avoid these (possibly) unnecessary deaths?

No, at least it'll never get my vote.

There is a reason why C-language procedure creation is only allowed to
the superuser ;-) --- both in terms of reliability and in terms of
ability to access data, you are granting the author of a C procedure
100% life-and-death power over your installation.  If you find that his
code is not reliable enough for you, either remove it, fix it, or make
a separate playpen installation that he can crash at whim.
        regards, tom lane


pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: AW: Unhappy thoughts about pg_dump and objects inherited from template1
Next
From: Tom Lane
Date:
Subject: Re: Unhappy thoughts about pg_dump and objects inherited from template1