From: Simon Wright <simon.j.wright@mac.com>
Subject: Re: Allocators and exceptions
Date: Sun, 09 Sep 2007 23:43:01 +0100
Date: 2007-09-09T23:43:01+01:00 [thread overview]
Message-ID: <m2r6l7o3yi.fsf@mac.com> (raw)
In-Reply-To: 1189369871.672082.162750@50g2000hsm.googlegroups.com
Maciej Sobczak <see.my.homepage@gmail.com> writes:
> procedure P is
>
> type T (Init : Integer) is record
> C : Positive := Positive (Init);
> end record;
>
> type T_Access is access T;
>
> Ptr : T_Access;
>
> begin
> Ptr := new T (-5);
> exception
> when Constraint_Error =>
> -- is memory leaked or deallocated?
> null;
> end;
>
> I want to know whether the memory that was allocated for the new
> object was immediately deallocated due to the exception. By
> "immediately" I mean before the control even goes to the exception
> part.
>
> I don't find this guarantee anywhere in the AARM and it scares me.
I'm not sure that I'd be scared, precisely.
If this was a safety-related program I would expect some serious test
effort, which would probably discover the mistake; or maybe formal
methods would be appropriate.
Even then, a safety-related _system_ ought to have some strategy for
recovering from such a runtime error. Perhaps it should reboot into a
safe mode? I would certainly expect the processor running a car's
ignition system not to just give up on an unhandled exception ...
In any case, why would the runtime system need to guarantee memory
recovery when it can hardly be expected to recover from the failed
design that led to the situation in the first place? I don't believe
there's any sensible recovery action to be taken -- the program's
state is corrupt already. Reboot, you know it makes sense!
next prev parent reply other threads:[~2007-09-09 22:43 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-09-09 7:40 Allocators and exceptions Maciej Sobczak
2007-09-09 12:17 ` anon
2007-09-09 20:31 ` Maciej Sobczak
2007-09-09 22:43 ` Simon Wright [this message]
2007-09-10 12:10 ` Maciej Sobczak
2007-09-10 19:08 ` Simon Wright
2007-09-10 2:56 ` anon
2007-09-10 12:42 ` Dmitry A. Kazakov
2007-09-10 21:48 ` Maciej Sobczak
2007-09-11 9:16 ` Dmitry A. Kazakov
2007-09-11 9:19 ` Maciej Sobczak
2007-09-11 12:27 ` Dmitry A. Kazakov
2007-09-11 19:07 ` Maciej Sobczak
2007-09-11 22:56 ` Georg Bauhaus
2007-09-12 12:36 ` Maciej Sobczak
2007-09-12 22:19 ` Randy Brukardt
2007-09-12 9:32 ` Dmitry A. Kazakov
2007-09-12 12:42 ` Maciej Sobczak
2007-09-12 15:25 ` Dmitry A. Kazakov
2007-09-12 12:29 ` Stephen Leake
2007-09-12 12:46 ` Maciej Sobczak
2007-09-12 20:53 ` Simon Wright
2007-09-12 22:32 ` Randy Brukardt
2007-09-12 23:43 ` Simon Wright
2007-09-13 3:42 ` Randy Brukardt
2007-09-13 3:36 ` Randy Brukardt
2007-09-13 9:43 ` Maciej Sobczak
2007-09-12 22:25 ` Randy Brukardt
2007-09-13 11:51 ` Stephen Leake
2007-09-12 14:14 ` Markus E L
2007-09-10 10:37 ` Allocators and exceptions => Read Me First anon
2007-09-10 12:16 ` Maciej Sobczak
2007-09-10 22:10 ` Allocators and exceptions => Trying Again anon
2007-09-10 23:15 ` Markus E L
2007-09-10 15:44 ` Allocators and exceptions Adam Beneschan
2007-09-10 21:58 ` Maciej Sobczak
2007-09-10 22:07 ` Jeffrey R. Carter
2007-09-11 9:14 ` Dmitry A. Kazakov
2007-09-11 9:23 ` Maciej Sobczak
2007-09-11 2:36 ` Randy Brukardt
2007-09-11 15:33 ` Adam Beneschan
2007-09-11 19:21 ` Maciej Sobczak
2007-09-11 21:56 ` Adam Beneschan
2007-09-12 0:34 ` Jeffrey R. Carter
2007-09-12 12:13 ` Maciej Sobczak
2007-09-12 16:34 ` Jeffrey R. Carter
2007-09-12 23:50 ` Jeffrey R. Carter
2007-09-12 12:22 ` Maciej Sobczak
2007-09-12 14:11 ` Markus E L
2007-09-12 16:08 ` Adam Beneschan
2007-09-12 20:35 ` Dmitry A. Kazakov
2007-09-12 21:01 ` Adam Beneschan
2007-09-12 22:45 ` Randy Brukardt
2007-09-13 7:48 ` Dmitry A. Kazakov
2007-09-12 3:08 ` Allocators and exceptions -- Debugging says memory leak! anon
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox