From owner-freebsd-current  Wed Mar 10 11: 5:45 1999
Delivered-To: freebsd-current@freebsd.org
Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2])
	by hub.freebsd.org (Postfix) with ESMTP id 4E3B4151DD
	for <freebsd-current@FreeBSD.ORG>; Wed, 10 Mar 1999 11:05:31 -0800 (PST)
	(envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.3/8.9.1) id LAA57081;
	Wed, 10 Mar 1999 11:05:11 -0800 (PST)
	(envelope-from dillon)
Date: Wed, 10 Mar 1999 11:05:11 -0800 (PST)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <199903101905.LAA57081@apollo.backplane.com>
To: Dag-Erling Smorgrav <des@flood.ping.uio.no>
Cc: sthaug@nethelp.no, dcs@newsguy.com, Jos.Backus@nl.origin-it.com,
	dima@tejblum.dnttm.rssi.ru, perhaps@yes.no,
	freebsd-current@FreeBSD.ORG
Subject: Re: panic: zone: entry not free
References: <xzplnh57340.fsf@flood.ping.uio.no> <28892.921083219@verdi.nethelp.no> <xzpiuc97054.fsf@flood.ping.uio.no>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

:No, it is not - not in the general case, and not in the long term. I
:was trying to point out that there may be extreme cases where an
:otherwise harmless bug would cause a panic with invariants enabled.
:
:Matt claimed that invariants increase data safety, which I find
:difficult to understand.
:
:DES

    There is no such thing as a harmless bug.  If it's a bug, it needs to be
    fixed.

    Many 'harmless bugs' which are noted in source code come back to bite you
    later when some other programmer adds new code that uses a function in a
    legal but never-before-tested way.

    It is my considered opinion that one of the reasons why it has taken
    FreeBSD years to work out and fix serious bugs in the kernel is that
    there are simply not enough sanity checks being made in the kernel.
    The VM system is especially fragile in this regard, but most of the
    rest of the system has the same problem.  For example, trying to block
    on a lockmgr lock inside an interrupt should result in an instantanious
    panic.  But it doesn't.  I can recall at least a dozen bugs that took
    months to locate because that sort of sanity check is not being made.  It
    is *NOT* 'harmless', even if the occassional hit doesn't fry the system.

						-Matt
						Matthew Dillon 
						<dillon@backplane.com>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message