svn commit: r244112 - head/sys/kern

Alfred Perlstein bright at mu.org
Wed Dec 12 22:49:44 UTC 2012


On 12/12/12 2:38 PM, Adrian Chadd wrote:
> There are two parts to this;
>
> * don't compile in invariants. Panics panic. Invariant conditions
> aren't checked. You end up with data corruption still if there are
> bugs.
> * compile in invariants. Panics panic. Invariant conditions are
> checked and immediately panic. You can't run this in production to get
> debugging info because our debugging info is "create a crash dump and
> reboot."
>
> Now, the crash dump is great for us developers. But crap for say, a
> file server. If it's some very subtle issue that only occasionally
> pops up once a week and doesn't obviously screw with your data:
>
> * you can enable invariants and get a crash dump each time - then us
> developers get lots of information, but the user experiences outages
> once a week;
> * they just give the hell up, disable invariants in production and
> occasionally hit odd issues they can't explain.
>
> So now there's a third option:
>
> * enable invariants, get told when you hit that condition, and continue running.
>
> Now, we ship _right now_ generic with INVARIANTS disabled, because in
> theory the releases are supposed to be stable enough for us not to
> need the extra debugging information. That means that for those very
> occasional, very subtle bugs that invariants may catch, we don't have
> any way of getting told about them.
>
> Now, enabling some alternative to panic() is a different story and not
> what's being addressed here.
>
> HTH,
>

Yes.

-Alfred


More information about the svn-src-all mailing list