Claudio Natoli <[EMAIL PROTECTED]> writes:
> Actually, if I was going to argue anything, I'd say that if a backend goes
> nuts and zeroes the whole shmem segment you've probably some bigger things
> to worry about (Aside: Would postgres actually recover from such an
> occurence? BTW, I'd be pretty impressed if it did, but not all that
> surprised ;-).

It should, although there are limits (for instance, if someone is
actively writing out a page of WAL at the same time the bogus backend
comes by and zeroes that buffer, you might lose WAL entries for
already-committed transactions, which would be unhappy-making).

As a developer, though, I crash backends all the time, and I can say
that this mechanism is indeed pretty robust.  The postmaster never goes
down (what, never? well, hardly ever) and it's *extremely* seldom that
a crash results in on-disk corruption, because the postmaster generally
manages to kill the other backends before any corruption in shared
memory gets propagated to disk.

                        regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster

Reply via email to