Full_Name: Wietse Venema Version: All LMDB versions OS: Linux, BSD URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (70.104.130.26)

Subject: LMDB terminates Postfix daemon process without logfile record

The LMDB library uses assert() which will abort() the program after writing a message to stderr. In the case of the Postfix MTA, the symptom is a that a daemon process falls out of the sky without logfile record.

- This frustrates sysadmins (no logfile message).

- This frustrates my efforts to make Postfix automatically recover from non-catastrophic error. In many cases the database is only a cache, a mere optimization. I want the option to just blow it away when LMDB has a problem with it.

- Library modules should not abort programs after error. They should return an error result such as EINVAL, or use some other strategy that leaves control with the application.

- Writing diagnostics to stderr is not useful for daemon programs in the general case.

To fix this problem I suggest that LMDB provide way to notify the application that it was unable to complete a request, so that the application can make proper arrangements.

A few alternatives:

- When a request fails, return a distinct error code such as MDB_PANIC, and allow the application to look up the text for the error.

- Invoke an application call-back function with the error code and problem description text. If the error code is MDB_PANIC then the application knows that it needs to make final arrangements.

The second option preserves 100% backwards compatibility. The first option may cause functions to return a result that they didn't return previously.

Wietse