On Fri, Aug 7, 2020 at 5:20 PM Andres Freund <and...@anarazel.de> wrote: > In which situations is the removal actually useful *and* safe, with > these constraints? You'd have to have a very narrow set of functions > that are called while the exit hook is present, i.e. basically this > would only be usable for PG_ENSURE_ERROR_CLEANUP and nothing else. And > even there it seems like it's pretty easy to get into a situation where > it's not safe.
Well, I don't really care whether or not we change this function to iterate over the callback list or whether we add a warning that you need to use it in LIFO order, but I think we should do one or the other, because this same confusion has come up multiple times. I thought that Tom was opposed to making it iterate over the callback list (for reasons I don't really understand, honestly) so adding a comment and a cross-check seemed like the practical option. Now I also think it's fine to iterate over the callback list: this function doesn't get used so much that it's likely to be a performance problem, and I don't think this is the first bug that would have become a non-bug had we done that years and years ago whenever it was first proposed. In fact, I'd go so far as to say that the latter is a slightly better option. However, doing nothing is clearly worst. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company