On 2020-May-12, Peter Geoghegan wrote: > > The point is that when checking the table for corruption I avoid > > calling anything that might assert (or segfault, or whatever). > > I don't think that you can expect to avoid assertion failures in > general.
Hmm. I think we should (try to?) write code that avoids all crashes with production builds, but not extend that to assertion failures. Sticking again with the provided example, > I'll stick with your example. You're calling > TransactionIdDidCommit() from check_tuphdr_xids(), which will > interrogate the commit log and pg_subtrans. It's just not under your > control. in a production build this would just fail with an error that the pg_xact file cannot be found, which is fine -- if this happens in a production system, you're not disturbing any other sessions. Or maybe the file is there and the byte can be read, in which case you would get the correct response; but that's fine too. I don't know to what extent this is possible. -- Álvaro Herrera https://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services