If a base backup is cancelled by server shutdown or crash, throw an error

in WAL recovery when it sees the shutdown checkpoint record. It's more
user-friendly to find out about it at that point than at the end of
recovery, and you're not left wondering why your hot standby server never
opens up for read-only connections.

src/backend/access/transam/xlog.c

@@ -7,7 +7,7 @@
  * Portions Copyright (c) 1996-2010, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/backend/access/transam/xlog.c,v 1.403 2010/04/23 20:21:31 sriggs Exp $
+ * $PostgreSQL: pgsql/src/backend/access/transam/xlog.c,v 1.404 2010/04/27 09:25:18 heikki Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -7713,6 +7713,16 @@ xlog_redo(XLogRecPtr lsn, XLogRecord *record)
 		if (standbyState != STANDBY_DISABLED)
 			CheckRequiredParameterValues(checkPoint);
 
+		/*
+		 * If we see a shutdown checkpoint while waiting for an
+		 * end-of-backup record, the backup was cancelled and the
+		 * end-of-backup record will never arrive.
+		 */
+		if (InArchiveRecovery &&
+			!XLogRecPtrIsInvalid(ControlFile->backupStartPoint))
+			ereport(ERROR,
+					(errmsg("online backup was cancelled, recovery cannot continue")));
+
 		/*
 		 * If we see a shutdown checkpoint, we know that nothing was
 		 * running on the master at this point. So fake-up an empty