On Wed, Jun 7, 2023 at 5:45 PM Andres Freund <and...@anarazel.de> wrote: > People have argued that the process model is more robust. But it turns out > that we have to crash-restart for just about any "bad failure" anyway. It used > to be (a long time ago) that we didn't, but that was just broken.
How hard have you thought about memory leaks as a failure mode? Or file descriptor leaks? Right now, a process needs to release all of its shared resources before exiting, or trigger a crash-and-restart cycle. But it doesn't need to release any process-local resources, because the OS will take care of that. But that wouldn't be true any more, and that seems like it might require fixing quite a few things. -- Robert Haas EDB: http://www.enterprisedb.com
