From owner-svn-src-head@FreeBSD.ORG  Wed Dec 12 22:49:44 2012
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id A995C88D;
 Wed, 12 Dec 2012 22:49:44 +0000 (UTC) (envelope-from bright@mu.org)
Received: from elvis.mu.org (elvis.mu.org [192.203.228.196])
 by mx1.freebsd.org (Postfix) with ESMTP id 81AD28FC0A;
 Wed, 12 Dec 2012 22:49:44 +0000 (UTC)
Received: from Alfreds-MacBook-Pro-6.local
 (c-67-180-208-218.hsd1.ca.comcast.net [67.180.208.218])
 by elvis.mu.org (Postfix) with ESMTPSA id 2F5E71A3C20;
 Wed, 12 Dec 2012 14:49:44 -0800 (PST)
Message-ID: <50C90A07.5030501@mu.org>
Date: Wed, 12 Dec 2012 14:49:43 -0800
From: Alfred Perlstein <bright@mu.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7;
 rv:17.0) Gecko/17.0 Thunderbird/17.0
MIME-Version: 1.0
To: Adrian Chadd <adrian@freebsd.org>
Subject: Re: svn commit: r244112 - head/sys/kern
References: <201212110708.qBB78EWx025288@svn.freebsd.org>
 <201212121046.43706.jhb@freebsd.org>
 <CAJ-Vmo=U04GX+ZyKuzXLwV+PpzU6_dm5BCmL=DWfsmhTVAR+sA@mail.gmail.com>
 <201212121658.49048.jhb@freebsd.org> <50C90567.8080406@FreeBSD.org>
 <CAJ-Vmo=sP0uojVBM9MdY7jL+UZoN5mj+im_MBdq9U+8uRuTv3A@mail.gmail.com>
In-Reply-To: <CAJ-Vmo=sP0uojVBM9MdY7jL+UZoN5mj+im_MBdq9U+8uRuTv3A@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: src-committers@freebsd.org, John Baldwin <jhb@freebsd.org>,
 svn-src-all@freebsd.org, Alfred Perlstein <alfred@freebsd.org>,
 Andriy Gapon <avg@freebsd.org>, svn-src-head@freebsd.org
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Dec 2012 22:49:44 -0000

On 12/12/12 2:38 PM, Adrian Chadd wrote:
> There are two parts to this;
>
> * don't compile in invariants. Panics panic. Invariant conditions
> aren't checked. You end up with data corruption still if there are
> bugs.
> * compile in invariants. Panics panic. Invariant conditions are
> checked and immediately panic. You can't run this in production to get
> debugging info because our debugging info is "create a crash dump and
> reboot."
>
> Now, the crash dump is great for us developers. But crap for say, a
> file server. If it's some very subtle issue that only occasionally
> pops up once a week and doesn't obviously screw with your data:
>
> * you can enable invariants and get a crash dump each time - then us
> developers get lots of information, but the user experiences outages
> once a week;
> * they just give the hell up, disable invariants in production and
> occasionally hit odd issues they can't explain.
>
> So now there's a third option:
>
> * enable invariants, get told when you hit that condition, and continue running.
>
> Now, we ship _right now_ generic with INVARIANTS disabled, because in
> theory the releases are supposed to be stable enough for us not to
> need the extra debugging information. That means that for those very
> occasional, very subtle bugs that invariants may catch, we don't have
> any way of getting told about them.
>
> Now, enabling some alternative to panic() is a different story and not
> what's being addressed here.
>
> HTH,
>

Yes.

-Alfred