Re: Is the Ada run-time required to detect out-of-memory

[Ludovic Brenta <ludovic.brenta@insalien.org>]

"Robert I. Eachus" writes:
> Ludovic Brenta wrote:
>
>> I just closed your bug report after determining that the issue was not
>> in libgnat but in the kernel.  Basically, Linux sends SIGKILL to
>> programs that exhaust physical RAM; as you know, SIGKILL cannot be
>> caught so libgnat has no chance to raise an exception.  If the virtual
>> memory is exhausted before physical memory is, then libgnat does raise
>> Storage_Error.
>
> Did you refile the bug against the kernel?

No, I didn't.  As explained above, I leave this to the OP to decide
whether or not the current behaviour is a problem.

> As I understand it now, the problem is not that the kernel raises
> SIGKILL if physical RAM is exhausted, but that malloc doesn't check
> that the allocation can succeed before making it.
> 
> Having said that, I suspect that this should be a low priority bug,
> and it will be pretty hard to fix.  It may take adding a version of
> malloc that does the check, and leaving the decision as to which one
> to call to the compiler run-time.  (GNAT should then use the new call
> when allocating storage pools, and probably continue using the current
> version for allocations in the default storage pool.

As Duncan pointed out, a version of malloc that does the check would
be very difficult to write indeed.  It would have to hook directly
into the kernel's memory manager in order to know which pages are
swapped out, which ones are dirty, and so on.  Note that it would have
to switch paradigms in the process, from arbitrary-sized chunks to
pages and from user space to kernel space.  This also would break the
whole purpose of some important design decisions made in Linux.

Personally, I would just leave it at that.  If someone needs more
deterministic behaviour than Linux provides, they should be using a
real-time kernel without any virtual memory.

-- 
Ludovic Brenta.