> Because I think turning an elog(ERROR) into a system-wide crash is
> not a good idea ;-). If you are correct that this behavior
> is necessary for WAL-related critical sections, then indeed we need
> two kinds of critical sections, one that just holds off cancel/die
> response and one that turns elog(ERROR) into a dangerous weapon.
> I'm going to wait and see Vadim's response before I do anything ...
I've tried to move "dangerous" ops with non-zero probability of
elog(ERROR) (eg new file block allocation) out of crit sections.
Anyway we need in ERROR-->STOP for safety when changes aren't logged.
Vadim