Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sH6xM-003OXV-UE for pgsql-hackers@arkaria.postgresql.org; Tue, 11 Jun 2024 19:14:57 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1sH6xL-0091DW-3f for pgsql-hackers@arkaria.postgresql.org; Tue, 11 Jun 2024 19:14:55 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sH6xK-0091DO-Pp for pgsql-hackers@lists.postgresql.org; Tue, 11 Jun 2024 19:14:55 +0000 Received: from sss.pgh.pa.us ([68.162.161.243]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sH6xJ-0019KH-8u for pgsql-hackers@lists.postgresql.org; Tue, 11 Jun 2024 19:14:55 +0000 Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1]) by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 45BJEn9l1053871; Tue, 11 Jun 2024 15:14:49 -0400 From: Tom Lane To: Tomas Vondra cc: Amit Kapila , vignesh C , PostgreSQL Hackers Subject: Re: confirmed flush lsn seems to be move backward in certain error cases In-reply-to: References: Comments: In-reply-to Tomas Vondra message dated "Tue, 11 Jun 2024 15:42:44 +0200" MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <1053869.1718133289.1@sss.pgh.pa.us> Date: Tue, 11 Jun 2024 15:14:49 -0400 Message-ID: <1053870.1718133289@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Tomas Vondra writes: > Why should it be OK for the subscriber to confirm a flush LSN and then > later take that back and report a lower LSN? Seems somewhat against my > understanding of what "flush LSN" means. > The commit message explains this happens when the subscriber does not > need to do anything for - but then why shouldn't it just report the > prior LSN, in such cases? Yeah, I was wondering about that too when I saw the commit go by. > I haven't looked into the details, but my concern is this removes an > useful assert, protecting us against certain type of bugs. And now we'll > just happily ignore them. Is that a good idea? If we think this is a real protection, then it shouldn't be an Assert anyway, because it will not protect production systems that way. It needs to be regular test-and-elog. Or maybe test-and-ignore-the- bogus-value? If you want to take this seriously then you need to define a recovery procedure after the problem is detected. regards, tom lane