From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=BAYES_00,INVALID_MSGID, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,c70f02b79bc3d231 X-Google-Attributes: gid103376,public From: JP Thornley Subject: Re: dynamic memory allocation Date: 1997/06/19 Message-ID: <285596144wnr@diphi.demon.co.uk>#1/1 X-Deja-AN: 251152103 References: <33A55F1B.63FE@gsfc.nasa.gov> <5o7jql$jpo@news.ida.org> X-Mail2News-User: jpt@diphi.demon.co.uk X-Mail2News-Path: punt-1.mail.demon.net!diphi.demon.co.uk Organization: None Reply-To: jpt@diphi.demon.co.uk Newsgroups: comp.lang.ada Date: 1997-06-19T00:00:00+00:00 List-Id: In article: <5o7jql$jpo@news.ida.org> wheeler@ida.org (David Wheeler) writes: > Regarding memory allocation issues, this is the sort of thing that's > so obvious to practitioners that it's rarely written down. > I believe that the U.K.'s 00-55 military standard required > that allocation only occur during system initialization; note that > 00-55 also advocated the use of formal methods. > Perhaps someone in the U.K. can enlighten you on the current status of 00-55. > The 00-55 standard has now been finalised and we're waiting to get the printed versions. In the meantime the document is available on the web - go to www.mod.uk and follow the link "00-56 and Computer Guidance". There are html and downloadable versions of both 00-55 and 00-56. On the question of dynamic memory, 00-55 now contains the following (apologies for the loss of formatting):- The standard says:- 35.3 The Software Design shall be: .. (c) such that justification can be provided which shows that it meets its specification in terms of both functionality and performance and that it does nothing else; (d) consistent with all non-functional requirements of the Software Requirement, including fault-tolerance, size, capacity, accuracy, maintainability, reliability, usability and configuration. and the Guidance says:- 35.3 The requirement for the Software Design to be constructed in a manner which permits justification that it meets its specification tends to restrict the features and styles that may be used. The Design Team should pay careful attention to the following: .. (j) Dynamic memory allocation (heaps): The use of pointers is a natural way to declare certain data structures, including linked lists, graphs and trees. It is almost inconceivable to imagine developing a compiler without the use of pointers. Pointers may reference global areas where objects are allocated and their storage is managed (the heap space). The main concern with using dynamic memory allocation is the difficulty of predicting whether the memory space allowed is adequate, particularly if it becomes fragmented as it is reused. The use of dynamic memory allocation is not a problem provided that exhausting the memory space does not constitute a dangerous failure. Note that even if the application code does not use dynamic memory allocation, the compiler may well use memory space, typically when arrays and records are passed as parameters to procedures and functions. Object oriented languages generally require the use of dynamic memory allocation. For most real time systems, heap space should only be used when: (i) the operations are deterministic; (ii) the pointers are typed (ie the space required for an object can be predicted); (iii) the space used is bounded; (iv) storage fragmentation does not occur. HTH Phil Thornley -- ------------------------------------------------------------------------ | JP Thornley EMail jpt@diphi.demon.co.uk | | phil.thornley@acm.org | ------------------------------------------------------------------------