Re: Dynamic allocation in the predefined language environment

[Bob Duff <bobduff@theworld.com>]

Matthias-Christian Ott <ott@mirix.org> writes:

> On 06/07/15 14:56, Bob Duff wrote:
>> 6   The execution of any construct raises Storage_Error if there is
>> insufficient storage for that execution. The amount of storage needed for the
>> execution of constructs is unspecified.
>
> I think that answers the first part of my question adequately, although
> its in a surprising part of the specification...

Well, it's hard to know where to put a rule that applies to pretty-much
every feature of the language.  I wouldn't want to duplicate it
in every section.  You were wondering about Unbounded_Strings, if
I recall correctly.  But I wouldn't want to say (in the section on
Unbounded_Strings) "operations in this package raise Storage_Error
if they run out of memory, and it's implementation dependent whether
they do", because there's nothing special about Unbounded_Strings
in that regard.

Perhaps Storage_Error should get its own section.  But with the language
as it is, it would be a pretty short section.  (I'd actually like to
add some functionality: a way to ensure that certain procedures
do NOT run out of memory.)

>... and the "any construct" is
> a bit ambiguous because it's in the dynamic semantics section of
> exception declarations but seems to refer to any construct in the language.

It says "execution of...", so it applies only to those constructs that
are executed (which includes "evaluated" and "elaborated").  Yes, that's
pretty-much "any construct".

And for sure it belongs under Dynamic Semantics, because it happens at
run time.

> If you follow the strong exception safety principle from C++, corrupted
> data structures should not be a problem.

I don't see how.  Storage_Error as defined by the language is like an
asynchronous interrupt.  When programming with asynchronous interrupts,
you need a way to disable interrupts in usually-short sections of code.
When programming with Storage_Error, you need a way to "disable" running
out of memory.  Ada lacks such a feature (and so does every other
programming language I know).

>...However, you can only do this
> in code that is under your control.
>
> You can somewhat avoid Storage_Error exception while handling
> Storage_Error exceptions by having "spare" memory that you free directly
> after the exception handler is invoked.

Yes, but Storage_Error is raised when running out of stack memory as
well as heap/pool memory.  Stack memory is the more "interesting" issue,
IMHO.  Imagine a "when Storage_Error" handler that simply prints a
message "Memory exhausted while processing line N of the input".
No heap-allocation involved, but in theory it can still raise
Storage_Error.

>...Otherwise there are many
> application-specific possibilities on how to deal with memory allocation
> errors in a spectrum ranging from simply aborting to degradation of
> service/user experience.

- Bob