Date: Wed, 12 Dec 2012 16:25:17 -0800 From: Navdeep Parhar <np@FreeBSD.org> To: Alfred Perlstein <bright@mu.org> Cc: Adrian Chadd <adrian@FreeBSD.org>, src-committers@FreeBSD.org, John Baldwin <jhb@FreeBSD.org>, svn-src-all@FreeBSD.org, Alfred Perlstein <alfred@FreeBSD.org>, Andriy Gapon <avg@FreeBSD.org>, svn-src-head@FreeBSD.org Subject: Re: svn commit: r244112 - head/sys/kern Message-ID: <50C9206D.6080502@FreeBSD.org> In-Reply-To: <50C91CD3.7030900@mu.org> References: <201212110708.qBB78EWx025288@svn.freebsd.org> <201212121046.43706.jhb@freebsd.org> <CAJ-Vmo=U04GX%2BZyKuzXLwV%2BPpzU6_dm5BCmL=DWfsmhTVAR%2BsA@mail.gmail.com> <201212121658.49048.jhb@freebsd.org> <50C90567.8080406@FreeBSD.org> <50C909BD.9090709@mu.org> <50C91B32.4080904@FreeBSD.org> <50C91CD3.7030900@mu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/12/12 16:09, Alfred Perlstein wrote: > On 12/12/12 4:02 PM, Navdeep Parhar wrote: >> On 12/12/12 14:48, Alfred Perlstein wrote: >>> On 12/12/12 2:29 PM, Andriy Gapon wrote: >>>> Now we get a new middle-ground: get both worse performance (because >>>> KASSERTs are compiled in) and a risk of harming your data (because >>>> KASSERTs no longer panic). The upside: there is no panic! There's just >>>> a log message (or etc). and chance to get more log messages because >>>> the insanity propagates. And a chance to lose your data (your >>>> customer's) - but I've already mentioned this. I am not sure that I >>>> like this kind of middle-ground. >>> I have a number of points here: >>> >>> The most important one being: >>> 1) without kassert you would still have the bug, just that it would be >>> unreported. >>> The upside: there is no panic! There's **NO** log message (or etc). >>> and chance to get more log messages because the insanity propagates. >>> >>> Terrible! >>> >>> Let me explain that again: >>> If you don't compile in KASSERT, then it's not like the condition is >>> never going to happen. Instead it will just be unreported. >> A KASSERT() really is for a condition that should never happen. It is >> primarily useful during development and testing (and when the code is >> reworked or redesigned). I agree with Andriy here -- a non-fatal assert >> shouldn't really exist. > > > What do you think happens to a FreeBSD kernel when INVARIANTS is > compiled in and it trips an assertion after my change? I know the new knob has sane defaults. My point was that invariants should be considered inviolable. A knob that allows for it's-really-not-supposed-to-fail-but-in-case-it-does... dilutes their meaning, so it may have been better to introduce a new macro for the kind of tests you had in mind. I would use it too instead of the if (!foo) kdb_backtrace() that I often resort to for conditions that I'm not sure about. Regards, Navdeep
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50C9206D.6080502>