From: Matthias-Christian Ott <ott@mirix.org>
Subject: Re: Dynamic allocation in the predefined language environment
Date: Tue, 07 Jul 2015 08:46:41 +0000
Date: 2015-07-07T08:46:41+00:00 [thread overview]
Message-ID: <559b9160$0$297$14726298@news.sunsite.dk> (raw)
In-Reply-To: <87twthbaia.fsf@theworld.com>
On 06/07/15 14:56, Bob Duff wrote:
> Matthias-Christian Ott <ott@mirix.org> writes:
>
>> Then to finish this discussion: If it is required to raise
>> Storage_Error, then it should be in the standard.
>
> It is in the standard. See 11.1(6):
>
> 6 The execution of any construct raises Storage_Error if there is
> insufficient storage for that execution. The amount of storage needed for the
> execution of constructs is unspecified.
I think that answers the first part of my question adequately, although
its in a surprising part of the specification and the "any construct" is
a bit ambiguous because it's in the dynamic semantics section of
exception declarations but seems to refer to any construct in the language.
>> ... There are only a
>> handful of Ada compilers which most likely all raise Storage_Error but I
>> think the history of C shows that if there is an ambiguity in the
>> standard, both compiler writers and software developers will interpret
>> it differently, so that both different compilers and the assumptions of
>> software developers about these compilers will differ.
>
> Yes, all true, but 11.1(6) seems pretty unambiguous to me.
>
> Actually handling Storage_Error can be tricky, though. For one thing,
> in theory, the handler itself could raise Storage_Error, defeating the
> purpose. More importantly, since Storage_Error can be raised by
> anything, it is essentially asynchronous with the rest of the program,
> so can leave data structures in a corrupted state.
If you follow the strong exception safety principle from C++, corrupted
data structures should not be a problem. However, you can only do this
in code that is under your control.
You can somewhat avoid Storage_Error exception while handling
Storage_Error exceptions by having "spare" memory that you free directly
after the exception handler is invoked. Otherwise there are many
application-specific possibilities on how to deal with memory allocation
errors in a spectrum ranging from simply aborting to degradation of
service/user experience.
- Matthias-Christian
next prev parent reply other threads:[~2015-07-07 8:46 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-06 11:13 Dynamic allocation in the predefined language environment Matthias-Christian Ott
2015-07-06 13:04 ` G.B.
2015-07-06 14:21 ` Matthias-Christian Ott
2015-07-06 14:06 ` Bob Duff
2015-07-06 14:16 ` Matthias-Christian Ott
2015-07-06 14:23 ` G.B.
2015-07-06 14:43 ` Matthias-Christian Ott
2015-07-06 14:56 ` Bob Duff
2015-07-07 8:46 ` Matthias-Christian Ott [this message]
2015-07-07 22:32 ` Bob Duff
2015-07-08 19:47 ` Randy Brukardt
2015-07-08 21:08 ` Bob Duff
2015-07-10 21:58 ` Randy Brukardt
2015-07-08 21:16 ` Dmitry A. Kazakov
2015-07-06 14:45 ` Bob Duff
2015-07-06 20:28 ` Randy Brukardt
2015-07-07 8:49 ` Matthias-Christian Ott
2015-07-07 22:14 ` Bob Duff
2015-07-06 15:29 ` Simon Wright
2015-07-06 20:31 ` Randy Brukardt
2015-07-06 21:35 ` Simon Wright
2015-07-07 18:29 ` Randy Brukardt
2015-07-06 20:22 ` Randy Brukardt
2015-07-06 18:45 ` Jeffrey R. Carter
2015-07-07 7:42 ` Dmitry A. Kazakov
2015-07-07 8:23 ` Matthias-Christian Ott
2015-07-07 8:46 ` Dmitry A. Kazakov
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox