From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,
	REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4
Path: 
 buffer2.nntp.dca1.giganews.com!border2.nntp.dca1.giganews.com!border1.nntp.dca1.giganews.com!nntp.giganews.com!usenet.blueworldhosting.com!feeder01.blueworldhosting.com!feeder.erje.net!1.eu.feeder.erje.net!news.mb-net.net!open-news-network.org!aioe.org!.POSTED!not-for-mail
From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Newsgroups: comp.lang.ada
Subject: Re: Dynamic allocation in the predefined language environment
Date: Wed, 8 Jul 2015 23:16:47 +0200
Organization: cbb software GmbH
Message-ID: <1bv14e65z4ys0$.1qgyoeym2s0hg.dlg@40tude.net>
References: 
 <559a623d$0$293$14726298@news.sunsite.dk><873811cre5.fsf@theworld.com><559a8d12$0$297$14726298@news.sunsite.dk>
 <mne2u2$k4b$1@dont-email.me><559a936c$0$292$14726298@news.sunsite.dk><87twthbaia.fsf@theworld.com><559b9160$0$297$14726298@news.sunsite.dk>
 <87fv4zvbsf.fsf@theworld.com> <mnjuoa$in8$1@loke.gir.dk>
Reply-To: mailbox@dmitry-kazakov.de
NNTP-Posting-Host: evoS9sCOdnHjo0GRLLMU1Q.user.speranza.aioe.org
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Complaints-To: abuse@aioe.org
User-Agent: 40tude_Dialog/2.0.15.1
X-Notice: Filtered by postfilter v. 0.8.2
Xref: number.nntp.giganews.com comp.lang.ada:194013
Date: 2015-07-08T23:16:47+02:00
List-Id: <comp.lang.ada>

On Wed, 8 Jul 2015 14:47:22 -0500, Randy Brukardt wrote:

> It's hard to imagine how any programming language (or language 
> implementation) could protect against running out of memory.

By using contracts? E.g. the post-condition:

      stack has more than n free storage units elements
   AND
      whatever normal completion does.
OR
      stack has less than n free storage units elements
   AND
      Storage_Error raised

With such contracts you could prove that Storage_Error is not raised if the
client has more than m free storage units of the stack.

> At best, one can try to contain the damage,

It is usually too late at this point and useless for any practical purpose
anyway.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de