Never ever use an invalid XID, if we fail to connect to the GTM

The code before this commit would happily proceed further if GTM becomes dead
or unreachable. This may result in random problems since rest of the code is
not prepared to deal with that situation (as seen from the crash in TAP tests).
It seems far safer to just throw an error in such case.

TAP test and report by Pallavi Sontakke

diff --git a/src/backend/access/transam/varsup.c b/src/backend/access/transam/varsup.c
index a0ec908bceca330a2f7483068421b1e3efcdc146..a1d161d8c9f5e453837da972285431244147d424 100644 (file)
--- a/src/backend/access/transam/varsup.c
+++ b/src/backend/access/transam/varsup.c
@@ -411,6 +411,15 @@ GetNewTransactionId(bool isSubXact)
                xid = ShmemVariableCache->nextXid;
 #endif
        }
+
+#ifdef XCP
+       if (!TransactionIdIsValid(xid))
+               ereport(ERROR,
+                               (errcode(ERRCODE_INTERNAL_ERROR),
+                                errmsg("Could not obtain a transaction ID from GTM. The GTM"
+                                        " might have failed or lost connectivity")));
+#endif
+
        /*
         * If we are allocating the first XID of a new page of the commit log,
         * zero out that commit-log page before returning. We must do this while