On Thu, Oct 11, 2007 at 12:03:47PM -0400, Tom Lane wrote:
> > If in the meantime another writer changed the data we
> > originally read we would detect that by xmin having changed
> > hence no row to be updated. So, yes, there is a *tiny*
> > failure condition:
>
> Hmm. I think the failure condition is not what you are thinking: in
> your example, you'd correctly conclude that some other transaction
> modified the row.
Not really, notice:
- original XMIN read, transaction is closed
- a loooong time passes:
- original row gets frozen, XMIN changed to FrozenTransactionId
- XMIN wraps
- original XMIN is *reused* on the *exact same* original row by
another concurrent writer without changing the primary key
- the original row is written back to the database
with "... where xmin = original_xmin and pk = original_pk ..."
Now the update succeeds, although the data DID change !
This is a worst-case failure but should be *very* rare.
> The problem case is
>
> - read (a rather old) row including XMIN
> - VACUUM comes along and decides to set XMIN = FrozenTransactionId
> - update row with "... where pk = ... and XMIN = old_xmin_from_read"
> - update fails, when there is no need to fail
>
> As long as the failure is "soft", ie, you recover reasonably, this
> shouldn't be a big problem. But it's certainly not a scenario you
> should dismiss as not credible because of timescales.
Very true. I documented this in our code and set up a TODO
item to switch to a AFTER-trigger updated non-system oplock
column.
Thanks,
Karsten
--
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346
---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster
