On Mon, Jan 31, 2022 at 09:32:21AM -0500, Robert Haas wrote: > The main reason why this doesn't work for MaxBackends is that > MaxBackends depends on the values of multiple GUCs. There is a further > wrinkle too, which is that none of those GUCs can change, and > therefore code does things with the resulting value on the assumption > that they won't change, like size shared-memory data structures. > Therefore, if you read the wrong value, you've got a big problem. So > the real issues here IMHO are about the difficulty of making sure that > (1) when a GUC changes, we update all of the things that depend on it > including things which may also depend on other GUCs and (2) making > sure that values which can't ever change are computed before they are > used. > > I don't know what the solution to problem #1 is, but the solution to > problem #2 is simple: make people call a function to get the value > rather than just reading a bare variable. GetConfigOption() is not a > good solution for people aiming to write C code that does useful > things, because it delivers the value as a string, and that is not > what you want. But an accessor function like GetMaxBackends() for a > quantity of this type is wonderful. Depending on the situation, you > might choose to have the accessor function [a] fail an assertion if > the value is not available yet or [b] compute the value if they value > has not yet been computed or [c] do the latter if possible, otherwise > the former. But the fact that you are making code call a function > rather than just read a variable gives you a very strong tool to make > sure that someone can't blindly read a 0 or whatever instead of the > real value.
+1 I can work on a new patch if this is the direction we want to go. There were a couple of functions that called GetMaxBackends() repetitively that I should probably fix before the patch should be seriously considered. -- Nathan Bossart Amazon Web Services: https://aws.amazon.com