On Tue, Jun 17, 2014 at 9:00 PM, Craig Ringer <cr...@2ndquadrant.com> wrote: > On 06/18/2014 12:41 AM, Robert Haas wrote: >> On Mon, Jun 16, 2014 at 12:58 AM, Craig Ringer <cr...@2ndquadrant.com> wrote: >>> > On 05/30/2014 11:14 PM, Heikki Linnakangas wrote: >>>> >> Yeah. To recap, the failure mode is that if the master crashes and >>>> >> restarts, the transaction becomes visible in the master even though it >>>> >> was never replicated. >>> > >>> > Wouldn't another pg_clog bit for the transaction be able to sort that out? >> How? > > A flag to indicate that the tx is locally committed but hasn't been > confirmed by a streaming synchronous replica, so it must not become > visible until the replica confirms it or SR is disabled. > > Then scan pg_clog on start / replica connect and ask the replica to > confirm local commit for those tx's. > > No?
No. Otherwise, one of those bits could get changed after a backend takes a snapshot and before it finishes using it - so that the transaction snapshot is in effect changing underneath it. You could avoid that by memorizing the contents of CLOG when taking a snapshot, but that would defeat the whole purpose of CSN-based snapshots, which is to make the small and fixed-size. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers