On Wed, Dec 18, 2019 at 1:06 PM Simon Riggs <si...@2ndquadrant.com> wrote: > So this is the same discussion as elsewhere about potentially aborted > transactions...
Yep. > AFAIK, the worst that happens in that case is that the reading transaction > will end with an ERROR, similar to a serializable error. I'm not convinced of that. There's a big difference between a serializable error, which is an error that is expected to be user-facing and was designed with that in mind, and just failing a bunch of random sanity checks all over the backend. If those sanity checks happen to be less than comprehensive, which I suspect is likely, there will probably be scenarios where you can crash a backend and cause a system-wide restart. And you can probably also return just plain wrong answers to queries in some scenarios. > Just consider this part of the recovery toolkit. I agree that it would be useful to have a recovery toolkit for reading uncommitted data, but I think a lot more thought needs to be given to how such a thing should be designed. If you just add something called READ UNCOMMITTED, people are going to expect it to have *way* saner semantics than this will. They'll use it routinely, not just as a last-ditch mechanism to recover otherwise-lost data. And I'm reasonably confident that will not work out well. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company