Hi Pavel-san, Iwata-san,
+1 to Allow-background-workers-to-be-terminated
The result is same, so I think it's better to prioritize compatibility.
PGWORKER_PROTECTED would be used in scenarios like the following:
Existing features are probably not designed to be forcibly stopped.
Therefore, all existing features should have PROTECTED applied to them.
Most newly implemented features will also have PROTECTED applied because it requires less thought and is safer.
Only considerate developers of features that can easily guarantee safety would adopt the default.
In conclusion, this is no different from BGWORKER_INTERRUPTABLE.
Therefore, I think it's better to prioritize compatibility.
I am not sure if I understand what you prefer.
I share your opinion that most developers use options that are more safe and require less thinking (and if this option will not be default, most developers maybe don't use it in the first cycle).
At the end most bgworkers will be not be marked as interruptible (isn't important if we use flag INTERRUPTIBLE or PROTECTED). Then proposed flag without FORCE clause will be mostly inefficient - and then there is strong question if proposed feature has some real benefit. I don't think so this feature should be implemented and committed once, but we should to find a consensus on implemented behaviour in all possible cases, and all possible question.
1. When bgworker is marked as INTERRUPTIBLE, then can be cancelled immediately - there is full agreement - I don't see any problem - just probably almost all bgworkers will be not be marked as INTERRUPTIBLE
2. When bgworker is not marked as INTERRUPTIBLE, then can it be cancelled? How dangerous is this? If it cannot be cancelled, then ALTER should wait on lock forever, or there should be some special timeout - like CREATE, DROP DATABASE and waiting on template databases.
3. If the user needs to execute ALTER, then probably he manually terminates the worker any time. Are currently used workers safe against terminating? We know so mostly workers will be restarted after timeout - and then it is "safe". It is really safe? Can we expect it? If it is safe, then we can implement FORCE clause. Probably any worker can be restarted - and without safety it is hard to imagine using in the production.
I think there is a fundamental question that should be solved before - what is a risk of canceling bgworker? The possible reply is so there is not any risk for correctly implemented bgworkers. And then there is a question if we still need the flag INTERRUPTIBLE? My opinion for this case is probably yes, because cancelling can introduce some bigger latency.
Regards
Pavel
Best Regards
Ryo Matsumura
