Date: Wed, 12 Dec 2012 14:49:43 -0800 From: Alfred Perlstein <bright@mu.org> To: Adrian Chadd <adrian@freebsd.org> Cc: src-committers@freebsd.org, John Baldwin <jhb@freebsd.org>, svn-src-all@freebsd.org, Alfred Perlstein <alfred@freebsd.org>, Andriy Gapon <avg@freebsd.org>, svn-src-head@freebsd.org Subject: Re: svn commit: r244112 - head/sys/kern Message-ID: <50C90A07.5030501@mu.org> In-Reply-To: <CAJ-Vmo=sP0uojVBM9MdY7jL%2BUZoN5mj%2Bim_MBdq9U%2B8uRuTv3A@mail.gmail.com> References: <201212110708.qBB78EWx025288@svn.freebsd.org> <201212121046.43706.jhb@freebsd.org> <CAJ-Vmo=U04GX%2BZyKuzXLwV%2BPpzU6_dm5BCmL=DWfsmhTVAR%2BsA@mail.gmail.com> <201212121658.49048.jhb@freebsd.org> <50C90567.8080406@FreeBSD.org> <CAJ-Vmo=sP0uojVBM9MdY7jL%2BUZoN5mj%2Bim_MBdq9U%2B8uRuTv3A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/12/12 2:38 PM, Adrian Chadd wrote: > There are two parts to this; > > * don't compile in invariants. Panics panic. Invariant conditions > aren't checked. You end up with data corruption still if there are > bugs. > * compile in invariants. Panics panic. Invariant conditions are > checked and immediately panic. You can't run this in production to get > debugging info because our debugging info is "create a crash dump and > reboot." > > Now, the crash dump is great for us developers. But crap for say, a > file server. If it's some very subtle issue that only occasionally > pops up once a week and doesn't obviously screw with your data: > > * you can enable invariants and get a crash dump each time - then us > developers get lots of information, but the user experiences outages > once a week; > * they just give the hell up, disable invariants in production and > occasionally hit odd issues they can't explain. > > So now there's a third option: > > * enable invariants, get told when you hit that condition, and continue running. > > Now, we ship _right now_ generic with INVARIANTS disabled, because in > theory the releases are supposed to be stable enough for us not to > need the extra debugging information. That means that for those very > occasional, very subtle bugs that invariants may catch, we don't have > any way of getting told about them. > > Now, enabling some alternative to panic() is a different story and not > what's being addressed here. > > HTH, > Yes. -Alfred
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50C90A07.5030501>