> > > 5. We will now run a new transaction with the same XID that was in use
> > > before the crash. If that transaction commits, then we have a tuple on
> > > disk that will be considered valid --- and should not be.
> >
> > I do not think this is true. Before any modification to a page the original page will be
> > written to the log (aka physical log).
>
> Yes there must be XLogFlush() before writing buffers.
> BTW how do we get the next XID if WAL files are corrupted ?
Normally:
1. pg_control checkpoint info
2. checkpoint record in WAL ?
3. then rollforward of WAL
If WAL is corrupt the only way to get a consistent state is to bring the
db into a state as it was during last good checkpoint. But this is only possible
if you can at least read all "physical log" records from WAL.
Failing that, the only way would probably be to scan all heap files for XID's that are
greater than the XID from checkpoint.
I think the utility Tom has in mind, that resets WAL, will allow you to dump the db
so you can initdb and reload. I don't think it is intended that you can immediately
resume operation, (unless of course for the mentioned case of an upgrade with
a good checkpoint as last WAL record (== proper shutdown)).
Andreas