:No, it is not - not in the general case, and not in the long term. I
:was trying to point out that there may be extreme cases where an
:otherwise harmless bug would cause a panic with invariants enabled.
:Matt claimed that invariants increase data safety, which I find
:difficult to understand.

    There is no such thing as a harmless bug.  If it's a bug, it needs to be

    Many 'harmless bugs' which are noted in source code come back to bite you
    later when some other programmer adds new code that uses a function in a
    legal but never-before-tested way.

    It is my considered opinion that one of the reasons why it has taken
    FreeBSD years to work out and fix serious bugs in the kernel is that
    there are simply not enough sanity checks being made in the kernel.
    The VM system is especially fragile in this regard, but most of the
    rest of the system has the same problem.  For example, trying to block
    on a lockmgr lock inside an interrupt should result in an instantanious
    panic.  But it doesn't.  I can recall at least a dozen bugs that took
    months to locate because that sort of sanity check is not being made.  It
    is *NOT* 'harmless', even if the occassional hit doesn't fry the system.

                                                Matthew Dillon 

To Unsubscribe: send mail to majord...@freebsd.org
with "unsubscribe freebsd-current" in the body of the message

Reply via email to