public inbox for [email protected]
help / color / mirror / Atom feedFrom: Laurenz Albe <[email protected]>
To: [email protected]
To: [email protected]
Subject: Re: Minor necessary/sufficient slip-up?
Date: Wed, 03 Sep 2025 09:52:56 +0200
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
On Tue, 2025-09-02 at 08:22 +0000, PG Doc comments form wrote:
> Page: https://www.postgresql.org/docs/17/routine-vacuuming.html
>
> This is a most pedantic point, but since the postgres documentation is
> incredibly accurate and well written I indulge my pedantry this one time:
>
> Regarding the last sentence of the first paragraph of 24.1.5: I sure hope
> vacuuming every table in every database at least once every two billion
> transactions is not only necessary to avoid catastrophic data loss, but also
> sufficient. Indeed if I understand the subsequent explanation, it is
> sufficient but not necessary.
>
> Here is the full paragraph:
>
> 24.1.5. Preventing Transaction ID Wraparound Failures
> PostgreSQL's MVCC transaction semantics depend on being able to compare
> transaction ID (XID) numbers: a row version with an insertion XID greater
> than the current transaction's XID is “in the future” and should not be
> visible to the current transaction. But since transaction IDs have limited
> size (32 bits) a cluster that runs for a long time (more than 4 billion
> transactions) would suffer transaction ID wraparound: the XID counter wraps
> around to zero, and all of a sudden transactions that were in the past
> appear to be in the future — which means their output become invisible. In
> short, catastrophic data loss. (Actually the data is still there, but that's
> cold comfort if you cannot get at it.) To avoid this, it is necessary to
> vacuum every table in every database at least once every two billion
> transactions.
>
> Suggested change for the last sentence:
> To avoid this, it suffices to vacuum every table in every database at least
> once every two billion transactions.
I don't think that that would be an improvement. Yes, it is sufficient, but
it is also necessary. And the "necessary" part is the more important one.
As reader, I would implicitly assume that VACUUM is sufficient, otherwise
the nice writers of the documentation would surely have told me what else I
have to do to avoid that scary eventuality.
I'd be OK with writing "necessary and sufficient". Or is that too much
legalese?
Yours,
Laurenz Albe
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: Minor necessary/sufficient slip-up?
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox