Re: Emergency memory pool for Glib

From: Havoc Pennington <hp redhat com>
To: Carl Worth <cworth cworth org>
Cc: Federico Mena Quintero <federico ximian com>, GTK+ development mailing list <gtk-devel-list gnome org>
Subject: Re: Emergency memory pool for Glib
Date: Thu, 13 Jul 2006 19:54:49 -0400

Carl Worth wrote:


A downside is that these new, inert objects are exposed to the
application and might cause unexpected side effects. (In practice, as
I've been switching various parts of cairo's internals to this scheme,
the worst side effect I've found is that switching to an inert-object
scheme defeats previous checks for NULL return values. In GTK+ that
problem shouldn't exist as nobody is checking for NULL return values
already).

Inert objects would only seem reasonable if your objects/operations aredoing things that in some sense "can" be skipped; e.g. if you don'trepaint a window, I guess that isn't catastrophic. (Though sending amangled print job might be...)

The memory pool thing IMO just doesn't work very well though; it's aprobabilistic/one-time/race-prone hack pretty much.

dbus goes further than both and "actually handles" OOM, i.e. all itsfunctions are "transactional" and their effects roll back on OOM, so youcan retry the operation if OOM is detected. I would not recommend thiswithout 100% test coverage *including simulating failure of each andevery malloc* - dbus has about 70% coverage, and when I added thecoverage around 5% or so of mallocs were handled in a broken way, andfixing them required a number of API changes. So you will NOT get thisright without extensive testing, though you might write a lot of codeyou think works and think you got it right and sleep at night, you wouldbe mistaken ;-)

As another proof, when I added malloc failure testing to libxml2 (whichthought it had it right) for the first time, libxml2 blew up left andright. I think it might be fixed now.

In both the dbus and libxml2 cases, it was quite possibly a waste sinceapps don't check or handle any of the OOM stuff anyway. Well,dbus-daemon is the only app that does, at least.

For almost all apps I think gtk pretty much has this right already.Aborting (or perhaps sleep() and retry a few times) is all that makes sense.

Remember there's g_try_malloc that apps can use for allocating largeobjects where failure is likely.


Havoc

References:
- Emergency memory pool for Glib
  - From: Federico Mena Quintero
- Re: Emergency memory pool for Glib
  - From: Carl Worth

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]