Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 12 Dec 2012 14:38:23 -0800
From:      Adrian Chadd <adrian@freebsd.org>
To:        Andriy Gapon <avg@freebsd.org>
Cc:        svn-src-head@freebsd.org, svn-src-all@freebsd.org, Alfred Perlstein <alfred@freebsd.org>, src-committers@freebsd.org, John Baldwin <jhb@freebsd.org>
Subject:   Re: svn commit: r244112 - head/sys/kern
Message-ID:  <CAJ-Vmo=sP0uojVBM9MdY7jL%2BUZoN5mj%2Bim_MBdq9U%2B8uRuTv3A@mail.gmail.com>
In-Reply-To: <50C90567.8080406@FreeBSD.org>
References:  <201212110708.qBB78EWx025288@svn.freebsd.org> <201212121046.43706.jhb@freebsd.org> <CAJ-Vmo=U04GX%2BZyKuzXLwV%2BPpzU6_dm5BCmL=DWfsmhTVAR%2BsA@mail.gmail.com> <201212121658.49048.jhb@freebsd.org> <50C90567.8080406@FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help
There are two parts to this;

* don't compile in invariants. Panics panic. Invariant conditions
aren't checked. You end up with data corruption still if there are
bugs.
* compile in invariants. Panics panic. Invariant conditions are
checked and immediately panic. You can't run this in production to get
debugging info because our debugging info is "create a crash dump and
reboot."

Now, the crash dump is great for us developers. But crap for say, a
file server. If it's some very subtle issue that only occasionally
pops up once a week and doesn't obviously screw with your data:

* you can enable invariants and get a crash dump each time - then us
developers get lots of information, but the user experiences outages
once a week;
* they just give the hell up, disable invariants in production and
occasionally hit odd issues they can't explain.

So now there's a third option:

* enable invariants, get told when you hit that condition, and continue running.

Now, we ship _right now_ generic with INVARIANTS disabled, because in
theory the releases are supposed to be stable enough for us not to
need the extra debugging information. That means that for those very
occasional, very subtle bugs that invariants may catch, we don't have
any way of getting told about them.

Now, enabling some alternative to panic() is a different story and not
what's being addressed here.

HTH,



Adrian



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJ-Vmo=sP0uojVBM9MdY7jL%2BUZoN5mj%2Bim_MBdq9U%2B8uRuTv3A>