svn commit: r192535 - head/sys/kern

Robert Watson rwatson at FreeBSD.org
Fri May 22 09:38:25 UTC 2009


On Fri, 22 May 2009, Attilio Rao wrote:

>>> You need to check return values here if it returns NULL.
>>>
>>> IMHO, having a non-sleepable version of destroy_dev(), create_dev() and 
>>> such would be ideal. Ideally, we should resolve all the sleeping point and 
>>> do the conversion. I'm unable to check the code right now.
>>
>> Sure. Something like this.
>
> At this point I wonder what's the purpose of maintaining the sleeping 
> version for such functions?

Exceptional case error handling tends to be some of the buggiest code in our 
kernel, due to a nasty combination of added complexity and infrequent 
real-world execution.  It's what leads to an excess of gotos in the network 
stack, tricky unwinding of structure allocation, locking, and global variable 
manipulation, and races due to prematurely exposed partially initialized 
objects on the intersection of subsystems.  Where we can avoid dealing with 
failure unnecessarily, code is simpler and more likely to be correct.  At 
times, this is false economy, as some failures must happen and be handled 
gracefully (such as throughout the network stack during operations like 
m_pullup when driven by ithreads), but in many other cases the win is real.

Robert N M Watson
Computer Laboratory
University of Cambridge


More information about the svn-src-all mailing list