On Fri, Aug 31, 2018 at 02:52:06PM +0900, Kyotaro HORIGUCHI wrote:
> The patch inhibits turning off updateMinRecoveryPoint on other
> than the startup process running crash-recovery except at the end
> of XLogNeedsFlush.
Yes that's a matter of safety, as I put into the truck any modules which
may use XLogFlush(). And that maps with the old code, so there is no
more surprise.
> Even if any other processes than the startup calls the function
> during crash recovery, they don't have a means to turn on
> updateMinRecoveryPoint again. Actually the only process that
> calls the function during crash recovery is the startup. bwriter
> and checkpointer doesn't. Hot-standby backends come after
> crash-recvery ends. After all, we just won't have an invalid
> minRecoveryPoint value there, and updateMinRecoverypoint must be
> true.
Yes, until a recovery point is reached only the startup process could
call that. Now I would imagine that we could have a background worker
as well which is spawned when the postmaster starts, and calls those
code paths...
> + /*
> + * No other process than the startup doesn't reach here before crash
> + * recovery ends. So minRecoveryPoint must have a valid value here.
> + */
> + Assert(minRecoveryPoint != InvalidXLogRecPtr);
... And that would invalidate your assertion here.
--
Michael