Philip Warner <pjw@rhyme.com.au> writes:
> I'd be interested to know the reason for killing the other backends;
Because they all share the same shared-memory pool. After a backend
crash you can't be sure whether shared memory is corrupted or not.
(Even if it's not been actively scribbled on by code gone wild, there
are still going to be proc-table and lock-table entries for the failed
backend, and we have no other mechanism for getting rid of those.)
> Would there be any potential to avoid these (possibly) unnecessary deaths?
No, at least it'll never get my vote.
There is a reason why C-language procedure creation is only allowed to
the superuser ;-) --- both in terms of reliability and in terms of
ability to access data, you are granting the author of a C procedure
100% life-and-death power over your installation. If you find that his
code is not reliable enough for you, either remove it, fix it, or make
a separate playpen installation that he can crash at whim.
regards, tom lane
