From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Subject: Re: Large arrays (again), problem case for GNAT
Date: Fri, 15 Apr 2005 10:23:11 +0200
Date: 2005-04-15T10:23:09+02:00 [thread overview]
Message-ID: <1l21l23jmi5y9.1w6js3mje7brx$.dlg@40tude.net> (raw)
In-Reply-To: wcczmw1oy3g.fsf@shell01.TheWorld.com
On 14 Apr 2005 17:19:31 -0400, Robert A Duff wrote:
> "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> writes:
>
>> On 14 Apr 2005 11:18:22 -0400, Robert A Duff wrote:
>>
>>> The reason I like allocate-on-write is that it is very useful to
>>> allocate a huge array, and then only use some part of it. That way, the
>>> program can deal with enormous input data, without paying the cost when
>>> the input data is small. Physical memory is 1000 times more expensive
>>> than address space.
>>
>> I think this approach is flawed. The contract of malloc is to return memory
>> not the address space.
>
> Well, I'm not an expert on malloc. Where is it documented that this is
> the contract?
OK, let's call it an implied contract. The result of malloc is either 0 or
a valid pointer as long as C does not distinguish pointers and addresses.
> Apparently the Linux folks don't think that's the contract.
Yes I know. I participated in discussions on this issue 10+ years ago in
Linux groups. Nothing has changed since then. It is still badly wrong.
> I *am* an expert on Ada, and I know that "new" does not necessarily
> reserve real memory -- it might just reserve address space.
I think that this should be changed. Consider a tagged object.
Storage_Error could be raised in Initialize! Even worse, if the constructor
does not touch all bits, then you might get a properly constructed object
which is potentially unusable. It is a disaster. This is what people have
with that large arrays.
[ BTW, as a palliative, what about the attribute X'Valid, where X is a
pointer. X'Valid should be false in all cases when X.all is not properly
allocated (may result in Storage_Error.) ]
>>...That must be just another system call.
>
> I agree that there *should* be two separate calls: one reserves address
> space, and the other reserves real memory. Or one call with a Boolean
> parameter.
>
>> Consider an application that needs contiguous address space. User storage
>> pool is an excellent example. The application must request the space from
>> OS telling something like: "reserve me 100GB and allocate n bytes starting
>> from the first address." After that it could allocate memory *within* that
>> space by pieces as needed. For this it would simply use realloc instead of
>> malloc.
>
> No, I don't want to do realloc or anything like that. I just want it to
> allocate physical memory (and backing store) when I write upon that
> memory.
You cannot write into memory you don't have. Moreover, either in Ada or in
any other higher level language one simply cannot define the term "memory
write" in a way which would allow any reasonable handling of "write
errors". But in the case of the storage pool your program *knows* that it
does not have this memory. So it can allocate it using realloc without any
assumptions about OS behavior which might appear wrong.
[ Here I mean imaginary malloc and realloc and not Linux ones. The contract
or realloc should be that if I call it on a pointer which memory block is
followed by free address space, then the result will be the same pointer if
the additional memory is allocated and fits into the space ]
> Apparently, malloc on Linux is exactly the "reserve me 100GB
> and allocate n bytes starting from the first address" primitive, except
> there's no need for the "allocate n bytes starting from the first
> address" part. And it does exactly what I want in the storage-pool
> example.
But your storage pool will be simply unusable for many applications. And
that is independent on the fact that Storage_Error cannot be handled.
Consider an application that allocates something in your pool and then
starts series of transactions with a data base. In the middle of this
business it will crash leaving data in some unpredictable state! I wouldn't
equalize this scenario to memory check-sum error etc.
> I understand that other examples would prefer to prevent Storage_Error
> happening willy-nilly all over the place. Ada does not provide that
> semantics, and apparently Linux does not either, unless you set some
> global flag.
I think that Ada should differentiate Storage_[Access]_Error and
Storage_[Allocation]_Error.
>>... No need to break contracts.
>
> I don't think Linux (or GNAT upon Linux) is breaking any contract.
> You just don't like what the contract defines! Fair enough.
>
> - Bob
>
> P.S. Nobody has challenged my remark that Storage_Error handlers are
> impossible. ;-)
Maybe because you are right! (:-))
--
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de
next prev parent reply other threads:[~2005-04-15 8:23 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-13 12:46 Large arrays (again), problem case for GNAT Dr. Adrian Wrigley
2005-04-13 13:10 ` Larry Kilgallen
2005-04-13 13:24 ` Alex R. Mosteo
2005-04-13 13:31 ` Marc A. Criley
2005-04-13 19:52 ` Jeffrey Carter
2005-04-13 19:54 ` Randy Brukardt
2005-04-13 22:01 ` (see below)
2005-04-14 0:16 ` Robert A Duff
2005-04-14 1:11 ` Alexander E. Kopilovich
2005-04-14 7:29 ` Dmitry A. Kazakov
2005-04-14 7:45 ` Duncan Sands
[not found] ` <1113464720.9829.20.camel@localhost.localdomain>
2005-04-14 13:59 ` Marius Amado Alves
2005-04-14 14:09 ` Dr. Adrian Wrigley
2005-04-14 14:40 ` (see below)
[not found] ` <389d1596e98f95f0fdddc40afc0647b7@netcabo.pt>
2005-04-14 14:14 ` Duncan Sands
2005-04-14 15:18 ` Robert A Duff
2005-04-14 15:24 ` Robert A Duff
2005-04-15 5:21 ` Randy Brukardt
2005-04-15 11:49 ` Dr. Adrian Wrigley
2005-04-15 13:21 ` Dmitry A. Kazakov
2005-04-15 14:31 ` Dr. Adrian Wrigley
2005-04-15 14:57 ` Dmitry A. Kazakov
2005-04-14 15:39 ` Dr. Adrian Wrigley
2005-04-14 15:48 ` Dmitry A. Kazakov
2005-04-14 21:19 ` Robert A Duff
2005-04-15 8:23 ` Dmitry A. Kazakov [this message]
2005-04-15 8:38 ` Duncan Sands
2005-04-15 9:16 ` Dmitry A. Kazakov
2005-04-15 18:30 ` Mark Lorenzen
2005-04-15 19:06 ` Robert A Duff
[not found] ` <iSSDSN2L04G1@VB1162.spb.edu>
2005-04-14 7:34 ` Duncan Sands
2005-04-13 22:35 ` Robert A Duff
2005-04-14 11:40 ` Dr. Adrian Wrigley
2005-04-14 10:44 ` Dr. Adrian Wrigley
2005-04-14 15:03 ` Robert A Duff
2005-04-14 16:46 ` Dmitry A. Kazakov
2005-04-14 18:30 ` Pascal Obry
2005-04-14 19:45 ` Dmitry A. Kazakov
-- strict thread matches above, loose matches on Subject: below --
2005-04-13 13:52 Duncan Sands
2005-04-13 14:20 ` Dr. Adrian Wrigley
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox