From owner-freebsd-arch@FreeBSD.ORG Thu Sep 25 18:22:53 2014 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0B808CC4; Thu, 25 Sep 2014 18:22:53 +0000 (UTC) Received: from mail-la0-x22c.google.com (mail-la0-x22c.google.com [IPv6:2a00:1450:4010:c03::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C6E47B40; Thu, 25 Sep 2014 18:22:51 +0000 (UTC) Received: by mail-la0-f44.google.com with SMTP id gi9so2859888lab.31 for ; Thu, 25 Sep 2014 11:22:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=o63mowZLNH6MkCcqsMexxieCc0BqrL9kJQuzOYTlZyU=; b=L+Je7u5WS1t+P/fofMVuqAb3m9U5kjH/8SAQHowfp7Ny6IZGb/HtPhGFVrB22oUT/X HHuLZCFCv2Oax7yFzrrwFtSlXQ6VJEgioNf9Su0QHABzIGvThMwIyaXIWtCvG2Q98446 3KLqyLcI/I8cRj5GvgAdNMdscWgnUVrf5F4PyqRrv4UVqDkSQamctq6NGA3q9ZBOERbE s0FzC3n4eVo7CEmYpjt6XVo5dPtxDd8z/iAdLbTCfquaB3bcLNwAyr1R10C7yA2giCMs ErKOZYepDmcwlT8MHSVYffHOtInMrwx3daBGfE+zP+DZWNh+Lw2yShcGnEoY96bFEj76 1JeA== MIME-Version: 1.0 X-Received: by 10.112.201.42 with SMTP id jx10mr4671220lbc.101.1411669369467; Thu, 25 Sep 2014 11:22:49 -0700 (PDT) Sender: chmeeedalf@gmail.com Received: by 10.25.15.29 with HTTP; Thu, 25 Sep 2014 11:22:49 -0700 (PDT) In-Reply-To: References: <54236CD6.4050807@FreeBSD.org> <5424392D.9030201@FreeBSD.org> <1411668571.66615.247.camel@revolution.hippie.lan> Date: Thu, 25 Sep 2014 11:22:49 -0700 X-Google-Sender-Auth: I-Quc5vswDLjrMoyU5uH5pE2ao4 Message-ID: Subject: Re: KASSERT_WARN for asserting malloc(M_WAITOK) not in a non-sleepable thread From: Justin Hibbits To: Davide Italiano Content-Type: text/plain; charset=UTF-8 Cc: Adrian Chadd , "freebsd-arch@freebsd.org" , Ian Lepore , Bryan Drewery X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Sep 2014 18:22:53 -0000 On Thu, Sep 25, 2014 at 11:16 AM, Davide Italiano wrote: > On Thu, Sep 25, 2014 at 11:09 AM, Ian Lepore wrote: >> On Thu, 2014-09-25 at 10:51 -0700, Davide Italiano wrote: >>> On Thu, Sep 25, 2014 at 9:14 AM, Adrian Chadd wrote: >>> > Hi, >>> > >>> > Please bring in KASSERT_WARN(). >>> > >>> > I'm grown up enough to use KASSERT_WARN() along with handling the >>> > invariant check myself in code. Having KASSERT_WARN() means I can add >>> > in this rather than printf()s or device_printf()'s with various knobs >>> > to remove it. >>> > >>> > (This is absolutely _not_ the "should KASSERT() optionally just log" >>> > argument. I'm not going to get into that a second time.) >>> > >>> > >>> >>> If you put a KASSERT() inside your code -- probably you should be >>> careful enough to put that iff you're sure that it should be always >>> verified. No exceptions. >>> People tend to be very lazy (including me). I don't expect everybody >>> diligently upgrading KASSERT_WARN to KASSERT. So KASSERT_WARN start >>> becoming more and more widespread, and people realize all of these >>> need to be upgraded to KASSERT or removed. This generally happens >>> after years. Yet. Another. Crusade. >>> There's a lot of work in the kernel to remove old/wrong/naive KPI >>> from the kernel. jhb@ is looking at timeout()-> callout() conversion. >>> I'm personally looking at dev_clone() removal. There are a lot of >>> other examples. >>> Adding KASSERT_WARN is a step backward, not a step forward, IMHO. >>> That said, if you want to pollute the kernel, fine. I expressed my >>> opinion, and I'm personally not happy about this, but I never stated >>> I'm gonna stop you from doing that. >>> >>> Thanks, >>> >>> -- >> >> IMO, this entire argument is ridiculous. Some conditions are so insane >> that you've got to stop immediately rather than make things worse. >> Other conditions indicate problems, but the code can recover or >> otherwise continue to operate safely. Trying to define every possible >> anomalous condition as either fatal or not worth mentioning is insane. >> >> Everyone is free to write code such as >> >> #ifdef INVARIANTS >> if (some_condition) >> printf("whatever warning\n"); >> #endif >> >> So let's be clear here: the objections are to spelling that code >> sequence KASSERT_WARN. If you object, please explain what's wrong with >> that spelling and how you would prefer it to be spelled. >> >> -- Ian >> >> > > Take the assert out of the name. Call it DEBUG_WARN, or something else > if you like. > assert as a pretty *clear* and specific semantic, no need to mess > around with it. > > Thanks, > > -- > Davide I like my bikeshed a nice royal blue. At a previous job we used ASSERT and VERIFY macros. VERIFY was comparable to this (warn if condition not met, don't panic), so how about KVERIFY() (I'll also support KWARN, but I think KVERIFY() conveys a better message by name). - Justin