svn commit: r244112 - head/sys/kern
John Baldwin
jhb at freebsd.org
Wed Dec 12 22:11:20 UTC 2012
On Wednesday, December 12, 2012 12:06:22 pm Adrian Chadd wrote:
> kassert()s are already optional. Ie, you can choose to not compile them in.
>
> So the __dead2() code path bit for doing KASSERT() -> kassert_panic()
> at compile time isn't a problem.
>
> The problem is where you do panic() -> kassert_panic() (eg in the
> Witness code) which is what Alfred discovered shortly after doing up
> his initial patch.
>
> Anything which is a KASSERT() can and should be treated as a run-time
> warning just as much as a run-time "crash here so I can figure out
> what broke." Having the warning in a production box is going to be
> helpful for developers.
Hmmm, I'll have to chew on this. Adding lots of returns because panic's are
now no longer dead2 was why I ended up backing the removal of the
RESTARTABLE_PANICS option.
I'm inclined to say that it's really bad to let a kernel known to be in a
bad state continue, and that if someone has asked for the slowdown of all
the extra checks INVARIANTS adds, they might as well minimize the chance for
data corruption by having the kernel stop as soon as a problem is detected.
(Note that the primary reason I know for people not running with INVARIANTS
enabled is not that they don't want panics, but that they don't want the
performance hit.)
--
John Baldwin
More information about the svn-src-head
mailing list