lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Yes, common Unix behavior makes malloc failure safety basically non- sensical.

Failing only for lack of address space and then later failing for lack of physical resources when the memory is accessed means that many allocation failures simply can't be detected at the point of allocation which means that essentially any allocation is potentially a ticking time bomb. My work around in the past for the cases where I worried about this was to allocate the backing store on disk -- though one also has to avoid over commit there as well -- and then memory map it. But really one needs a "I'm going to allocate this big buffer and I'm fully prepared for the allocation to fail so either really give it to me or fail" call.

Then there's the matter of small allocations. Coming from machines with constrained memory, I was in the habit of being very careful to check all allocations and have a strategy for the cases where they failed. I felt dirty writing code that essentially assumed that small allocations on MacOS X would succeed. But the nature of the beast is that if you can't allocate a small amount of memory, there are enough pieces of the runtime that will be unhappy that you are toast anyway and one should spend effort dealing with error cases that can actually be addressed.

As for airplanes, I guess the answer is: Don't run too close to the allocation limits.