On Sun, 10 Feb 2013, Alan Barrett wrote:
* Remove the panicstr test from kern_assert() in
sys/lib/libkern/kern_assert.c, so that KASSERT, KASSERTMSG and
friends do not degenerate to no-ops after a panic.
I don't know a reason for making all kernel asserts degenerate
to no-ops, but I imagine that it might have been a workaround
for problems with recursive panics, and I propose to address
recursive panics directly (see below).
I can also imagine that there are particular kernel asserts
that need to degenerate to no-ops after a panic, and I suggest
explicitly rewriting them in terms of (panicstr != NULL ||
<other tests>). I have not attempted to identify such asserts.
People have informed me that, when debugging a kernel after a
panic, they often want to call functions that may hit assertion
failures, and the particular asserts cannot reasonably be
identified in advance, so it's useful for all kernel asserts to
degenerate to no-ops after a panic.
I will produce a revised proposal that retains this feature which
people obviously want. My current ideas are to print a message
about the fact that the assertion failure was ignored (instead
of silently ignoring the assertion failure), and to use ifdefs to
allow static analysers to behave as if the assertion failures are
never ignored.
--apb (Alan Barrett)
