Re: [PATCH] nohz: Make tick_nohz_irq_exit() irq safe

From: Ingo Molnar
Date: Fri Feb 22 2013 - 03:54:50 EST

* Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:

> On Thu, Feb 21, 2013 at 10:21 AM, Thomas Gleixner <tglx@xxxxxxxxxxxxx> wrote:
> >
> > This was a draft patch. I made it a WARN_ON_ONCE() already.
> Ok, good.
> I really wish we could just get rid of BUG_ON(). It was a bad
> idea, and it makes it easy for people to do the wrong thing.
> Sadly, we have tons of them.

So my old plan was to use a little bit of psychology.

Firstly, we could just turn BUG_ON() into a WARN() variant that

BUG: ...

while a WARN()ings emit:


and then we could introduce a new primitive:


which would be used in the (few) places that really, really
cannot continue sanely and need to crash the box.

This naming alone would inhibit its use through two channels:

- Putting the word 'CRASH' into your code feels risky,
dissonant and wrong (perfect code does not crash) and thus
needs conscious frontal lobe effort to justify it - while
BUG_ON() really feels more like a harmless assert to most
kernel developers, which is in our muscle memory through
years training.

- CRASH_ON() takes one character more typing than WARN_ON(),
and we know good kernel developers are fundamentally lazy.

[ This is an arguably lazy plan that does not involve changing
the 10,000+ BUG_ON() call sites and does not involve the
re-training of thousands of mis-trained kernel developers who
introduced over 900 new BUG_ON()s in the v3.7->v3.8 cycle
alone (!). ]

So while I don't think we can win the war against BUG_ON(), I
think we can fight the lazy general's war: turn the enemy over
to our side and declare victory?


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at