On Tue, Jun 17, 2014 at 9:00 PM, Craig Ringer <craig@2ndquadrant.com> wrote:
> On 06/18/2014 12:41 AM, Robert Haas wrote:
>> On Mon, Jun 16, 2014 at 12:58 AM, Craig Ringer <craig@2ndquadrant.com> wrote:
>>> > On 05/30/2014 11:14 PM, Heikki Linnakangas wrote:
>>>> >> Yeah. To recap, the failure mode is that if the master crashes and
>>>> >> restarts, the transaction becomes visible in the master even though it
>>>> >> was never replicated.
>>> >
>>> > Wouldn't another pg_clog bit for the transaction be able to sort that out?
>> How?
>
> A flag to indicate that the tx is locally committed but hasn't been
> confirmed by a streaming synchronous replica, so it must not become
> visible until the replica confirms it or SR is disabled.
>
> Then scan pg_clog on start / replica connect and ask the replica to
> confirm local commit for those tx's.
>
> No?
No. Otherwise, one of those bits could get changed after a backend
takes a snapshot and before it finishes using it - so that the
transaction snapshot is in effect changing underneath it. You could
avoid that by memorizing the contents of CLOG when taking a snapshot,
but that would defeat the whole purpose of CSN-based snapshots, which
is to make the small and fixed-size.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
