Implementing Malloc()

>
"James Kuyper" <jameskuyper@ve rizon.netwrote in messageThe problem is that, often, there is nothing you can do without imposing
unacceptable runtime overheads.

This is especially true in windowing
systems where function that need to allocate trivial amounts of memory
are called by indirection, often several layers deep. It is no longer
possible to return an error condition to the caller.

If all you cna do is exit(EXIT_FAILU RE); you might as well segfault, and
have more readable code.

That's why I introduced xmalloc(), the malloc() that never fails. It
achieves this by nagging for memory, until killed by the user as a last
resort when the cupboard is bare.

Two posters recalled the overcommit feature of Linux (and probably the
BSD's and AIX),

once engaged malloc() *never* returns NULL. Instead, if
the system runs out of VM, the kernel goes on a killing spree and
terminates all processes that razzed him. The malloc manpage even
contains instructions how to fix this. The idiots are everywhere.

>
>If you design it without mechanisms for returning error conditions that
>is true. However, if you design it properly it is not true.
>>
>Complete and utter rubbish. One is predictable and occurs at the actual
>point of failure the other is not guaranteed.

>Two posters recalled the overcommit feature of Linux (and probably the
>BSD's and AIX), once engaged malloc() *never* returns NULL.

Malcolm McLean wrote, On 26/11/07 23:27:

>
Which it must be doing by checking the value returned by malloc. How can
you be claiming it produces an unacceptable overhead and then actually
doing it?

>the end of the mallocated block. In this case, either there's a SIGSEGV
>again (no worse off than before), or if the 512Kb is in the middle of
>the heap malloc() is drawing from then the writes might well succeed,
>and the program can continue albeit with some possible minor data
>corruption.

We were discussing implementing malloc(), in particular the following
situation.
>
Suppose the user requests 1Mb of memory. Unfortunately, we only have
512Kb available. In this situation, most mallocs() would return null.
The huge majority of programmers won't bother to check malloc() failure
for such a small allocation, so the program will crash with a SIGSEGV as
soon as the NULL pointer is dereferenced.
>
So why not just return a pointer to the 512Kb that's available? It's
quite possible that the user will never actually write into the upper
half of the memory he's allocated, in which case the program will have
continued successfully where before it would have crashed.
>
The worst thing that can happen is that the programmer _does_ write to
the end of the mallocated block. In this case, either there's a SIGSEGV
again (no worse off than before), or if the 512Kb is in the middle of
the heap malloc() is drawing from then the writes might well succeed,
and the program can continue albeit with some possible minor data
corruption.
>
Do any implementations of malloc() use a strategy like this?
>
=============== =============== =======
McCoy's a seducer galore,
And of virgins he has quite a score.
He tells them, "My dear,
You're the Final Frontier,
Where man never has gone before."

In article <nd2s15x47s.ln2 @news.flash-gordon.me.uk>,
Flash Gordon <spam@flash-gordon.me.ukwro te:
>>
Not guaranteed by the C standard, but probably guaranteed on whatever
you're writing a window system for.

The C standard isn't the only
relevant source of guarantees for most programmers.

Not that I advocate doing it. If it really isn't useful to handle the
error gracefully (which is often the case), then something like
xmalloc() is the oobvious solution.

In article <nd2s15x47s.ln2 @news.flash-gordon.me.ukFla sh Gordon <spam@flash-gordon.me.ukwri tes:...>
Not only that. It goes into a tight loop which is not user-friendly at
all, probably tying up many resources.

CJ wrote On 11/26/07 16:40,:>
This idea can be extended to produce the following
extremely efficient implementation of malloc() and its
companions:
>
#include <stdlib.h>
>
static unsigned long memory;
>
void *malloc(size_t bytes) {
return &memory;
}
>
void *calloc(size_t esize, size_t ecount) {
memory = 0;
return &memory;
}
>
void *realloc(void *old, size_t bytes) {
return old;
}
>
void free(void *ptr) {
#ifdef DEBUGGING
memory = 0xDEADBEEF;
#endif
}
>
Not only does this implementation avoid the processing
overhead of maintaining potentially large data structures
describing the state of memory pools, but it also reduces
the "memory footprint" of every program that uses it, thus
lowering page fault rates, swap I/O rates, and out-of-memory
problems.

Not only does this implementation avoid the processing
overhead of maintaining potentially large data structures
describing the state of memory pools, but it also reduces
the "memory footprint" of every program that uses it, thus
lowering page fault rates, swap I/O rates, and out-of-memory
problems.

On 26 Nov 2007 at 22:34, Eric Sosman wrote:>
All very amusing, but I think you and some of the other posters have
misunderstood the context of the discussion.
>
Of course an implementation of malloc should return a pointer to as much
memory as requested whenever that's possible! The discussion was about
the rare failure case. Typically, programs assume malloc returns a
non-null pointer, so if it returns null on failure then the program will
crash and burn.
>
The idea is that instead of a guaranteed crash, isn't it better to make
a last-ditch effort to save the program's bacon by returning a pointer
to what memory there _is_ available? If the program's going to crash
anyway, it's got to be worth a shot.
>
>
=============== =============== =========
There once was an old man from Esser,
Who's knowledge grew lesser and lesser.
It at last grew so small,
He knew nothing at all,
And now he's a College Professor.

>On 26 Nov 2007 at 22:34, Eric Sosman wrote:>
>All very amusing, but I think you and some of the other posters have
>misunderstoo d the context of the discussion.

>The idea is that instead of a guaranteed crash,

Of course an implementation of malloc should return a pointer to as much
memory as requested whenever that's possible! The discussion was about
the rare failure case. Typically, programs assume malloc returns a
non-null pointer, so if it returns null on failure then the program will
crash and burn.

The idea is that instead of a guaranteed crash, isn't it better to make
a last-ditch effort to save the program's bacon by returning a pointer
to what memory there _is_ available? If the program's going to crash
anyway, it's got to be worth a shot.

On 26 Nov 2007 at 22:34, Eric Sosman wrote:>
All very amusing, but I think you and some of the other posters have
misunderstood the context of the discussion.
>
Of course an implementation of malloc should return a pointer to as
much memory as requested whenever that's possible! The discussion was
about the rare failure case. Typically, programs assume malloc returns
a non-null pointer, so if it returns null on failure then the program
will crash and burn.

The idea is that instead of a guaranteed crash,

isn't it better to
make a last-ditch effort to save the program's bacon by returning a
pointer to what memory there _is_ available? If the program's going to
crash anyway, it's got to be worth a shot.