On 12 December 2012 14:33, Andriy Gapon <a...@freebsd.org> wrote: >> Yes, two of my employers were more of "we want to get more debug metrics, we >> have the spare cycles, but we can't deal with superfluous panics". >> >> It also allows us "non-architects" to slip in a debug image when we have >> spare >> cpu without getting yelled at for "crashing the $foo". > > There is clearly something wrong with this sort of mentality. > > If you find instances where a developer put panic(9) (or KASSERT or etc) to > mean > "maybe here is a bug, let's just panic", then let's get those things fixed. > > But most of assertions in our code that are know to me really mean that a real > bug has already occurred, that portions of kernel state are corrupted and > there > is no going back to a sane state, only going forward to corrupting more and > more.
Dude, if you're running -STABLE right now, you don't have invariants enabled and you aren't checking for them. So right now, as it stands, large swaths of our kernel code are falling afoul of what you're calling Alfred out on. Before you all reply, please review and understand the difference between "panic()" and "KASSERT()". panic() is not being changed here. KASSERT() is what's being changed here. panic() is not optional. KASSERT() is. With a non-INVARIANTS kernel, we _are not checking invariants_ and we are continuing to run _after_ said non-compiled-in invariants. With this in mind, please re-review this. :-) Adrian _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
