On Mon, Jan 18, 2021 at 11:56 AM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> > I've wanted this in the past, too, so +1 from me.
>
> I dunno, this seems pretty scary and easily abusable. There's not all
> that much that can be done safely in ProcessInterrupts(), and we should
> not be encouraging extensions to think they can add random processing
> there.
We've had this disagreement before about other things, and I just
don't agree. If somebody uses a hook for something wildly unsafe, that
will break their stuff, not ours.
Generally yeah.
And we have no shortage of hooks with plenty of error or abuse potential and few safeguards already. I'd argue that in C code any external code is inherently unsafe anyway. So it's mainly down to whether the hook actively encourages unsafe actions without providing commensurate benefits, and whether there's a better/safer way to achieve the same thing.
That's not to say I endorse adding
hooks for random purposes in random places. In particular, if it's
impossible to use a particular hook in a reasonably safe way, that's a
sign that the hook is badly-designed and that we should not have it.
Yep. Agreed.
Any hook is possible to abuse or write incorrectly, from simple fmgr loadable functions right on up.
The argument that a hook could be abused would apply just as well to exposing pqsignal() itself to extensions. Probably more so. Also to anything like ProcessUtility_hook.
> We're about halfway there already, see 7e784d1dc. I didn't do the
> other half because it wasn't necessary to the problem, but exposing
> the shutdown state more fully seems reasonable.
Excellent, I'll take a look. Thanks.
