On Thu, Feb 2, 2012 at 11:27 AM, Tom Lane <t...@sss.pgh.pa.us> wrote: > Robert Haas <robertmh...@gmail.com> writes: >> I'm not convinced that it's a bug. Suppose that xmax is set but is >> hinted as invalid. > > XMAX_INVALID is not a "hint". When it's set, the contents of the field > must be presumed to be garbage. Any code failing to adhere to that rule > is broken. > >> We process the table and advanced relfrozenxid; >> then, we crash. After recovery, it's possible that the hint bit is >> gone (after all, setting hint bits isn't WAL-logged). Now we're in >> big trouble, because the next CLOG lookup on that xmax value might not >> happen until it's been reused, and we might get a different answer >> than before. > > I believe we have adequate defenses against that, and even if we did > not, that doesn't make the code in question less wrong.
I believe the adequate defense that we have is precisely the logic you are proposing to change. Regardless of whether you want to call XMAX_INVALID a hint or, say, a giant tortoise, I am fairly sure that we don't WAL-log setting it. That means that a bit set before a crash won't necessarily still be set after a crash. But the corresponding relfrozenxid advancement will be WAL-logged, leading to the problem scenario I described. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
