Re: guarantees of exception safety in Lua

[Mark Hamburg <mark@...>]

Yes, common Unix behavior makes malloc failure safety basically non- 
sensical.

Failing only for lack of address space and then later failing for lack  
of physical resources when the memory is accessed means that many  
allocation failures simply can't be detected at the point of  
allocation which means that essentially any allocation is potentially  
a ticking time bomb. My work around in the past for the cases where I  
worried about this was to allocate the backing store on disk -- though  
one also has to avoid over commit there as well -- and then memory map  
it. But really one needs a "I'm going to allocate this big buffer and  
I'm fully prepared for the allocation to fail so either really give it  
to me or fail" call.

Then there's the matter of small allocations. Coming from machines  
with constrained memory, I was in the habit of being very careful to  
check all allocations and have a strategy for the cases where they  
failed. I felt dirty writing code that essentially assumed that small  
allocations on MacOS X would succeed. But the nature of the beast is  
that if you can't allocate a small amount of memory, there are enough  
pieces of the runtime that will be unhappy that you are toast anyway  
and one should spend effort dealing with error cases that can actually  
be addressed.

As for airplanes, I guess the answer is: Don't run too close to the  
allocation limits.

Mark