From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=AWL,BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, NICE_REPLY_A,RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL, SPF_HELO_NONE,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 696C11F4B4 for ; Sun, 11 Oct 2020 10:54:10 +0000 (UTC) Received: from localhost ([::1]:51876 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kRYzR-0006gl-5O for normalperson@yhbt.net; Sun, 11 Oct 2020 06:54:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:60650) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kRYzK-0006gN-Lb for bug-gnulib@gnu.org; Sun, 11 Oct 2020 06:54:02 -0400 Received: from mo4-p00-ob.smtp.rzone.de ([85.215.255.22]:25978) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kRYzH-0006BT-IM for bug-gnulib@gnu.org; Sun, 11 Oct 2020 06:54:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1602413634; s=strato-dkim-0002; d=clisp.org; h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: X-RZG-CLASS-ID:X-RZG-AUTH:From:Subject:Sender; bh=mX/NWvF/enresG6apd8VihUdimr3phdPfDvZBzQaPVc=; b=fgGtLH1qqF5MUxffHIJySaxdyhwAXgxSsgofsbCHbXy0LOZOhzeLiIlpDty1+8uSoM vJvX7YzxoWjUp7dVtl9BuhQywmHh5N0yohN8tEIfIs+ZezjGUWWge08TdjJ++7mFVAjP n+dzIxmt+j+eO/P+Mj2ptJH0b17PZfanqaNwjCrpKiweUUcOOoNADZSFK2v1gVN8rIqq 6zZBkMgxtT88Hrtwee1GSld5MBtgf9yJ2M9cjNoVHdRVvm2uNIpwE6MwknYb5JB5Llqp koQusEvvBHzWOgYUGhnRSKN4JOy58Pt59belzGOOUYSvuuGleuaB9FbBGVq+Q7nggLjy l0tg== X-RZG-AUTH: ":Ln4Re0+Ic/6oZXR1YgKryK8brlshOcZlIWs+iCP5vnk6shH+AHjwLuWOGaf0yJVW" X-RZG-CLASS-ID: mo00 Received: from bruno.haible.de by smtp.strato.de (RZmta 47.2.1 DYNA|AUTH) with ESMTPSA id R01daaw9BArssms (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (curve X9_62_prime256v1 with 256 ECDH bits, eq. 3072 bits RSA)) (Client did not present a certificate); Sun, 11 Oct 2020 12:53:54 +0200 (CEST) From: Bruno Haible To: Marc =?ISO-8859-1?Q?Nieper=2DWi=DFkirchen?= Subject: Re: out-of-memory handling Date: Sun, 11 Oct 2020 12:53:53 +0200 Message-ID: <1665092.e0loyZ5jqH@omega> User-Agent: KMail/5.1.3 (Linux/4.4.0-189-generic; KDE/5.18.0; x86_64; ; ) In-Reply-To: References: <4061217.bO9BgZUEL3@omega> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" Received-SPF: none client-ip=85.215.255.22; envelope-from=bruno@clisp.org; helo=mo4-p00-ob.smtp.rzone.de X-detected-operating-system: by eggs.gnu.org: First seen = 2020/10/11 06:53:55 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: bug-gnulib@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Gnulib discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: bug-gnulib@gnu.org Errors-To: bug-gnulib-bounces+normalperson=yhbt.net@gnu.org Sender: "bug-gnulib" Marc Nieper-Wi=C3=9Fkirchen wrote: > > 2) We have a dilemma regarding use of malloc vs. xmalloc. While modul= es > > meant for use in programs can readily use xmalloc, modules meant f= or use > > (also) in libraries cannot use xmalloc, since a library is not sup= posed > > to terminate the program, even when memory is tight. >=20 > GMP more or less has this behavior. Indeed, GMP's out-of-memory options [1] are poor in this respect: "There=E2=80=99s currently no defined way for the allocation functions to= recover from an error such as out of memory, they must terminate program executi= on. A longjmp or throwing a C++ exception will have undefined results." Likewise for libffcall, alas. > > The solution we found for this dilemma is that the *-set and *-map= modules > > use just malloc, and we have thin wrapper modules (xset, xmap) tha= t do > > call xalloc_die() in case of out-of-memory. > > > > Unfortunately, the API of many of the functions need to be adjuste= d to > > cope with the possibility of an ENOMEM failure. That is tedious wo= rk, and > > the code does not look so pretty afterwards... But I see no other = way to > > make it fit for use in libraries. >=20 > The bigger problem is that it mustn't make the code slower for the > 99,99999% of the use cases where there is either enough memory or > calling xalloc_die is the only reasonable action. OK. When we add hamt as a possible implementation for gl_set and gl_map, we could document that out-of-memory handling must be done - either through xalloc_die(), - or by defining xmalloc and xrealloc [this is what Emacs does], unlike for the other implementations. Bruno [1] https://gmplib.org/manual/Custom-Allocation