On Thu, Feb 2, 2012 at 12:45 PM, Robert Haas <robertmhaas@gmail.com> wrote:
> I believe the adequate defense that we have is precisely the logic you
> are proposing to change. Regardless of whether you want to call
> XMAX_INVALID a hint or, say, a giant tortoise, I am fairly sure that
> we don't WAL-log setting it. That means that a bit set before a crash
> won't necessarily still be set after a crash. But the corresponding
> relfrozenxid advancement will be WAL-logged, leading to the problem
> scenario I described.
To put that another way, the problem isn't that we might have code
somewhere in the system that ignores HEAP_XMAX_INVALID. The problem
is that HEAP_XMAX_INVALID might not still be set on that tuple the
next time somebody looks at it, if a database crash intervenes after
that bit is set and before it is flushed to disk.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
