Re: dynamic memory allocation

[JP Thornley <jpt@diphi.demon.co.uk>]

In article: <5o7jql$jpo@news.ida.org>  wheeler@ida.org (David Wheeler) 
writes:
> Regarding memory allocation issues, this is the sort of thing that's
> so obvious to practitioners that it's rarely written down.
> I believe that the U.K.'s 00-55 military standard required
> that allocation only occur during system initialization; note that
> 00-55 also advocated the use of formal methods.
> Perhaps someone in the U.K. can enlighten you on the current status of 00-55.
> 

The 00-55 standard has now been finalised and we're waiting to get the 
printed versions.

In the meantime the document is available on the web - go to www.mod.uk 
and follow the link "00-56 and Computer Guidance".  There are html and 
downloadable versions of both 00-55 and 00-56.

On the question of dynamic memory, 00-55 now contains the following 
(apologies for the loss of formatting):-

The standard says:-

35.3 The Software Design shall be:
..
(c) such that justification can be provided which shows that it meets 
its specification in terms of both functionality and performance and 
that it does nothing else;  
(d) consistent with all non-functional requirements of the Software 
Requirement, including fault-tolerance, size, capacity, accuracy, 
maintainability, reliability, usability and configuration.

and the Guidance says:-

35.3 The requirement for the Software Design to be constructed in a 
manner which permits justification that it meets its specification tends 
to restrict the features and styles that may be used.  The Design Team 
should pay careful attention to the following:

..

(j) Dynamic memory allocation (heaps):  The use of pointers is a natural 
way to declare certain data structures, including linked lists, graphs 
and trees.  It is almost inconceivable to imagine developing a compiler 
without the use of pointers.  Pointers may reference global areas where 
objects are allocated and their storage is managed (the heap space).  
The main concern with using dynamic memory allocation is the difficulty 
of predicting whether the memory space allowed is adequate, particularly 
if it becomes fragmented as it is reused.  The use of dynamic memory 
allocation is not a problem provided that exhausting the memory space 
does not constitute a dangerous failure.  Note that even if the 
application code does not use dynamic memory allocation, the compiler 
may well use memory space, typically when arrays and records are passed 
as parameters to procedures and functions.  Object oriented languages 
generally require the use of dynamic memory allocation.  For most real 
time systems, heap space should only be used when:
(i) the operations are deterministic;
(ii) the pointers are typed (ie the space required for an object can be 
predicted);
(iii) the space used is bounded;
(iv) storage fragmentation does not occur.

HTH

Phil Thornley

-- 
------------------------------------------------------------------------
| JP Thornley    EMail jpt@diphi.demon.co.uk                           |
|                      phil.thornley@acm.org                           |
------------------------------------------------------------------------