Garbage collection

Re: Garbage collection


"Eligiusz Narutowicz" <eligiuszdotnar u@hotmail.comwr ote in message
news:fv24na$cqu $1@registered.m otzarella.org.. .Malloc can run out of memory.

Not using malloc can't! So the program can't fail for that reason.

--
Bartc

Re: Garbage collection

Eligiusz Narutowicz wrote:
I think the point that Flash is making is that malloc *can* fail. In a
fault-intolerant environment, you want to keep chances of failures to a
minimum. In a important section of code, what should be done if malloc
returns NULL due to some reason or the other, like say memory
fragmentation? The options open to desktop or general purpose programs
(like calling exit, abort etc.) may not be acceptable at in some
contexts. Recursion *can* be used safely, but again it simply opens up
the program to more chances of failure and consumes excessive resources
in a very likely resource constrained environment.

So I would say that for certain limited types of applications Flash's
recommendations are entirely sensible.

Re: Garbage collection

"Bartc" <bc@freeuk.comw rites:
Malloc can also break down when the power goes off too. In a well
designed program on a properly specced piece of HW it does not run out
of memory. So the natural extension of your reply is "do not use malloc
as it may run out of memory". I wonder if C is being for you?

Re: Garbage collection

Bartc wrote:
In a really safety critical program sufficient memory for maximum
expected usage must be present as part of system design. Otherwise,
instead of malloc failing, we will simply get the even more
unmanageable stack memory exhaustion.

Re: Garbage collection

Eligiusz Narutowicz wrote:Of course it may run out of memory if for some reason (BUG) there is
a memory leak.

Of course this never happens to you, Mr Superman. (Unless you run into
Kryptonite)

What people like you fail to understand is that a moderately complex
piece of software can't be tested exhaustively since the exponential
growth of the combinations of input parameters, interrupts, timing
considerations, possible paths through the software etc makes exhaustive
testing impossible.

What can be done is to test each module as far as the budget goes,
test all the modules in simulated real life conditions, etc.

But no amount of testing will make bugs go away, specially in C,
and SPECIALLY using manually garbage collection!!!

In manual GC (malloc/free) each allocation/release becomes a point of
failure. Using a GC, the GC can be the point of failure but when the GC
is certified, all other points of failures disappear.

Obviously you haven't read the abundant literature about software
testing, and apparently you are ignorant of all the problems associated
with manual GC. It is therefore with the usual ARROGANCE of the people
that think that know everything that you dare to ask:

<< I wonder if C is for you >>

as if you were some kind of demigod, that never makes mistakes.

You know nothing about the subject matter guy!


--
jacob navia
jacob at jacob point remcomp point fr
logiciels/informatique

Re: Garbage collection


"Eligiusz Narutowicz" <eligiuszdotnar u@hotmail.comwr ote in message
news:fv26m3$ob8 $3@registered.m otzarella.org.. .What difference will changing language make? If dynamic memory is being used
in a complex way then it is conceivable that memory can become full whatever
the language. At least in C there is some choice.

Imagine a graph showing heap memory usage from 0% to 100% over runtime.
There will be peaks and troughs. Some peaks can be near 100%. But can you
prove that it will not hit 100%? Ever? On any combination of programs that
might be sharing the memory?

If you take dynamic memory out of the equation (or get the dynamic
allocations out of the way right at the start, in a proven setup) then you
forcing other techniques to be used so that you can avoid that problem.
Where it's important, then there are ways of taking care of that.

--
Bartc

Re: Garbage collection

jacob navia wrote:

<snip>
<snip>

What exactly do you mean by a "failure" in a GC? Is failing to collect
storage for which all references have been lost a failure? If this is
so, and in due course the program fails to run because of an
out-of-memory situation due to the GC failing to collect blocks that it
should have, would you still say that such software can be reliably
used in safety or performance critical contexts?

Also how exactly do you propose to certify a GC? Just because it works
for some set of programs doesn't mean that it will work for all
possible programs.

Re: Garbage collection

santosh wrote, On 27/04/08 16:37:You also need to be able to prove with a certain degree of rigour (which
varies depending on how safety critical the SW is and what else there is
to prevent injury or loss of life).
Or simply a bug in the malloc/free implementation. So you would have to
either get the library provider to get their library tested to the
relevant standards (such testing is expensive, even more so if it was
not designed to meet those standards in the first place) or you have to
take responsibility for it and prove the library.
Indeed. How do you fancy being in (or under) a military jet flying at
night 30 feet above the ground when the pilots night vision system
decides to reboot? You could be dead in under a second.
Even if it is not tightly constrained (where I worked there was a
standard requirement of 50% free resources to allow for future
enhancements) it still makes it harder to *prove* that it is safe.
There are a lot of applications where it makes sense, and a lot more
where it doesn't make sense. Safety critical (and it was someone else
who mentioned "life depending on it") would be at the top of my list of
things where it makes sense.

I would be interested to here what the MISRA standard said about
allocated memory and recursion, I suspect it might be forbidden or at
least highly constrained there too.

Oh, and when I worked in the defence industry we had these restrictions.
For the type of applications I worked on it was not a problem and even
without the restrictions there was only one application in 15 years
where I might have considered using malloc, and I can't think of any
where recursion would have been appropriate.

For "normal" applications (like those I work on now) I will happily use
malloc/realloc/free, I might consider garbage collection if it was part
of the standard, and I think nothing of mutually recursive functions (we
have very good reason for a() calls b() calls c() calls a() and even
more complex things).
--
Flash Gordon

Re: Garbage collection

santosh wrote:1) Failing to collect an unused block
2) Failure to realize that a released block was actually in use
3) Failure to compact memory
Yes.
Of course not. And I am not proposing that a conservative GC
that is OK for desktop applications be used in an airplane software.

But a GC can be built into the compiler, or programmed specifically
for the application, etc.
As all other certifications process for complex software go.

Exactly. It is very difficult!


--
jacob navia
jacob at jacob point remcomp point fr
logiciels/informatique

Re: Garbage collection

George Peter Staplin wrote:True, I should have mentioned that I was talking about GC in C (or a
normal C implementation anyway), which doesn't store enough type
information for the collector to know what is a pointer and what isn't.

--
Hallvard

Re: Garbage collection

jacob navia wrote:Definitely yes. I pay attention to these things, and have produced
lots of software, embedded and otherwise, that accurately handles
memory with malloc and equivalents. I know what is happening. And
the lives of others depended on that software.

I prefer to trust my own judgment than that of some unknown.

--
[mail]: Chuck F (cbfalconer at maineline dot net)
[page]: <http://cbfalconer.home .att.net>
Try the download section.


** Posted from http://www.teranews.com **

Re: Garbage collection

jacob navia <jacob@nospam.c omwrites:
Yes - this is true of all programs in all languages.
I'm not sure what you are being aggressive for. I am just saying that a
well tested and debugged program does not lose memory - do yours?
Certainly using GC to cover sloppy programming is no remedy I think.
What can be tested and checked is a well marshalled malloc/free
access. God knows I have worked on enough C progrms which are large and
do not leak memory. Have I made bugs? Of course.
I think - sorry, I know, you are wrong. You are basically saying you
can not make a bug free program using malloc. This is clearly not the
truth.
Actually I have been a professional C programmer for approximately 20
years. I am acutely aware of the issues and pitfalls involedv in C
programming.

I think you have misunderstood me.

I am saying this - one does not "not use malloc" because its possible to
use it badly. Do you not drive a car because its possibly to crash it if
you make a mistake?

Re: Garbage collection

CBFalconer <cbfalconer@yah oo.comwrites:
I too am confused why Jacob thinks it is not possible to use malloc/free
in a proven, tested and bug free manner. it is a surprise to me and I
wonder how all these C programs over the years are still working so well
- including Gnome and the Linux kernel.

Personally I do not like GC - I think it encourages lazy thinking and if
you then go back to a non GC C environment then possibly this lazy
thinkings will be causing bugs.

Re: Garbage collection

CBFalconer wrote:

[ ... ]
Now if everybody said the same...

Re: Garbage collection

Eligiusz Narutowicz wrote:

<snip>
I would be interested to hear your views on what you mean by "lazy
thinking" in this context.

Personally I consider it lazy programming (in a manual malloc -free
context) to free some memory but not others. With a GC of course you
don't free anything at all. However a poor GC which fails to pick up
eligible objects may itself be called "lazy" I suppose. :-)

Also (at least in the context of C programming) even if one uses a GC
other resources like file streams, file descriptors, mmap'ed objects
still need to be freed manually. Typically they are much scarcer than
memory too! So it pays (IMHO) to get into the practise of closely
tracking all your program resources early on, if you ever want to be a
good C or C++ programmer.