I wrote: > ... But Robert's question remains: how does > PANIC'ing after awhile make anything better? I flat out don't > believe the idea that having a backend stuck on a spinlock > would otherwise go undetected.
Oh, wait. After thinking a bit longer I believe I recall the argument for this behavior: it automates recovery from a genuinely stuck spinlock. If we waited forever, the only way out of that is for a DBA to kill -9 the stuck process, which has exactly the same end result as a PANIC, except that it takes a lot longer to put the system back in service and perhaps rousts somebody, or several somebodies, out of their warm beds to fix it. If you don't have a DBA on-call 24x7 then that answer looks even worse. So there's that. But that's not an argument that we need to be in a hurry to timeout; if the built-in reaction time is less than perhaps 10 minutes you're still miles ahead of the manual solution. On the third hand, it's still true that we have no comparable behavior for any other source of system lockups, and it's difficult to make a case that stuck spinlocks really need more concern than other kinds of bugs. regards, tom lane