Subject: Re: CVS commit: src/sys/dev/usb
To: Greg Troxel <gdt@ir.bbn.com>
From: Christos Zoulas <christos@zoulas.com>
List: tech-kern
Date: 04/14/2006 21:04:11
On Apr 14,  7:23pm, gdt@ir.bbn.com (Greg Troxel) wrote:
-- Subject: Re: CVS commit: src/sys/dev/usb

| Christos Zoulas <christos@netbsd.org> writes:
| 
| > Module Name:	src
| > Committed By:	christos
| > Date:		Fri Apr 14 17:07:23 UTC 2006
| >
| > Modified Files:
| > 	src/sys/dev/usb: ohci.c
| >
| > Log Message:
| > Coverity CID 1115: It is quite pointless to have a DIAGNOSTIC panic that
| > checks a variable for being NULL, and if we are not in DIAGNOSTIC code, to
| > just dereference it causing a crash!
| >
| > To generate a diff of this commit:
| > cvs rdiff -r1.171 -r1.172 src/sys/dev/usb/ohci.c
| 
| I don't follow your comment or your fix.  I have always believed (but
| could well be off) that DIAGNOSTIC code should verify invariants that
| must always be true, but that given a non-zero defect density might
| not be.  Thus, DIAGNOSTIC is an explicit tradeoff of executing more
| instructions and being more likely to catch an "impossible" condition
| rather than e.g. dereferencing a NULL pointer.

On second thought I will change it back. This is the equivalent of a KASSERT()
and we have many of them in the kernel.

christos