Date: Wed, 10 Mar 1999 11:05:11 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: Dag-Erling Smorgrav <des@flood.ping.uio.no> Cc: sthaug@nethelp.no, dcs@newsguy.com, Jos.Backus@nl.origin-it.com, dima@tejblum.dnttm.rssi.ru, perhaps@yes.no, freebsd-current@FreeBSD.ORG Subject: Re: panic: zone: entry not free Message-ID: <199903101905.LAA57081@apollo.backplane.com> References: <xzplnh57340.fsf@flood.ping.uio.no> <28892.921083219@verdi.nethelp.no> <xzpiuc97054.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
:No, it is not - not in the general case, and not in the long term. I
:was trying to point out that there may be extreme cases where an
:otherwise harmless bug would cause a panic with invariants enabled.
:
:Matt claimed that invariants increase data safety, which I find
:difficult to understand.
:
:DES
There is no such thing as a harmless bug. If it's a bug, it needs to be
fixed.
Many 'harmless bugs' which are noted in source code come back to bite you
later when some other programmer adds new code that uses a function in a
legal but never-before-tested way.
It is my considered opinion that one of the reasons why it has taken
FreeBSD years to work out and fix serious bugs in the kernel is that
there are simply not enough sanity checks being made in the kernel.
The VM system is especially fragile in this regard, but most of the
rest of the system has the same problem. For example, trying to block
on a lockmgr lock inside an interrupt should result in an instantanious
panic. But it doesn't. I can recall at least a dozen bugs that took
months to locate because that sort of sanity check is not being made. It
is *NOT* 'harmless', even if the occassional hit doesn't fry the system.
-Matt
Matthew Dillon
<dillon@backplane.com>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199903101905.LAA57081>