mirror/postgresql
2
0
Fork 0
mirror of https://git.postgresql.org/git/postgresql.git synced 2025-01-06 15:24:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add new README file for pages/checksums

Browse Source
This commit is contained in:
Simon Riggs 2013-03-22 14:21:58 +00:00
parent 96ef3b8ff1
commit 9df56f6d91
1 changed files with 52 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
src/backend/storage/page/README Normal file
View File

@ -0,0 +1,52 @@
src/backend/storage/page/README
Checksums
---------
Checksums on data pages are designed to detect corruption by the I/O system.
We do not protect buffers against uncorrectable memory errors, since these
have a very low measured incidence according to research on large server farms,
http://www.cs.toronto.edu/~bianca/papers/sigmetrics09.pdf, discussed
2010/12/22 on -hackers list.
Current implementation requires this be enabled system-wide at initdb time.
The checksum is not valid at all times on a data page!!
The checksum is valid when the page leaves the shared pool and is checked
when it later re-enters the shared pool as a result of I/O.
We set the checksum on a buffer in the shared pool immediately before we
flush the buffer. As a result we implicitly invalidate the page's checksum
when we modify the page for a data change or even a hint. This means that
many or even most pages in shared buffers have invalid page checksums,
so be careful how you interpret the pd_checksum field.
That means that WAL-logged changes to a page do NOT update the page checksum,
so full page images may not have a valid checksum. But those page images have
the WAL CRC covering them and so are verified separately from this
mechanism. WAL replay should not test the checksum of a full-page image.
The best way to understand this is that WAL CRCs protect records entering the
WAL stream, and data page verification protects blocks entering the shared
buffer pool. They are similar in purpose, yet completely separate. Together
they ensure we are able to detect errors in data re-entering
PostgreSQL-controlled memory. Note also that the WAL checksum is a 32-bit CRC,
whereas the page checksum is only 16-bits.
Any write of a data block can cause a torn page if the write is unsuccessful.
Full page writes protect us from that, which are stored in WAL. Setting hint
bits when a page is already dirty is OK because a full page write must already
have been written for it since the last checkpoint. Setting hint bits on an
otherwise clean page can allow torn pages; this doesn't normally matter since
they are just hints, but when the page has checksums, then losing a few bits
would cause the checksum to be invalid. So if we have full_page_writes = on
and checksums enabled then we must write a WAL record specifically so that we
record a full page image in WAL. Hint bits updates should be protected using
MarkBufferDirtyHint(), which is responsible for writing the full-page image
when necessary.
New WAL records cannot be written during recovery, so hint bits set during
recovery must not dirty the page if the buffer is not already dirty, when
checksums are enabled. Systems in Hot-Standby mode may benefit from hint bits
being set, but with checksums enabled, a page cannot be dirtied after setting a
hint bit (due to the torn page risk). So, it must wait for full-page images
containing the hint bit updates to arrive from the master.