svn commit: r249105 - in head/sys/cam: ata scsi
Bruce Evans
brde at optusnet.com.au
Fri Apr 5 15:43:23 UTC 2013
On Thu, 4 Apr 2013, Alexander Motin wrote:
> On 04.04.2013 23:53, Adrian Chadd wrote:
>> Hi,
>>
>> Isn't this a prime candidate to replace with KASSERT()?
>
> It could be, but NULL dereference attempt will crash system no less reliably
> then KASSERT.
Much more reliably:
- if INAVRIANTS is not configured, then the NULL dereference still crashes
properly
- if INAVRIANTS is configured, then the NULL dereference gives a nice
(restartable) fault, while KASSERT() calls panic() and there is no way
to get back to the original context so as to to restart or debug it
more easily.
KASSERT() could be improved by replacing it by a a null dereference or
other restartable fault, at least before calling panic() or taking any
other unrestartable actions. The panic() call would still prevent
restarting very easily -- you would have to back out to before the
KASSERT() and fix up all the asserted conditions (usually more than
a single null pointer).
This method works well in userland too. Instead of assert() or abort(),
use an null dereference, or more portably, a signal, or less portably,
an asm with a breakpoint instruction or with the null pointer
dereference (so that the compiler can't see that it gives undefined
behaviour and optimize it away). I use this more to debug than to
restart. Even if optimization or the debugger doesn't lose the local
variables when assert() or abort() is called, it is easier to debug
if you don't have to go up several frames to see the variables.
Bruce
More information about the svn-src-head
mailing list