svn commit: r192535 - head/sys/kern
rwatson at FreeBSD.org
Fri May 22 09:38:25 UTC 2009
On Fri, 22 May 2009, Attilio Rao wrote:
>>> You need to check return values here if it returns NULL.
>>> IMHO, having a non-sleepable version of destroy_dev(), create_dev() and
>>> such would be ideal. Ideally, we should resolve all the sleeping point and
>>> do the conversion. I'm unable to check the code right now.
>> Sure. Something like this.
> At this point I wonder what's the purpose of maintaining the sleeping
> version for such functions?
Exceptional case error handling tends to be some of the buggiest code in our
kernel, due to a nasty combination of added complexity and infrequent
real-world execution. It's what leads to an excess of gotos in the network
stack, tricky unwinding of structure allocation, locking, and global variable
manipulation, and races due to prematurely exposed partially initialized
objects on the intersection of subsystems. Where we can avoid dealing with
failure unnecessarily, code is simpler and more likely to be correct. At
times, this is false economy, as some failures must happen and be handled
gracefully (such as throughout the network stack during operations like
m_pullup when driven by ithreads), but in many other cases the win is real.
Robert N M Watson
University of Cambridge
More information about the svn-src-all