Author: John Morris Date: To: Arnt Gulbrandsen, dng New-Topics: Re: [DNG] Supervision scripts Subject: Re: [DNG] Supervision scripts (was Re: OpenRC and Devuan)
On Wed, 2016-05-04 at 21:41 +0100, Arnt Gulbrandsen wrote:
> Malloc() is very simple: You ask for memory and get it. The negative
> side
> of that simplicity is that if you're out of memory (and that happens
> occasionally if a server is run close to capacity) then processes die
> and/or become unresponsive. Such is the tyranny of the Poisson
> distribution.
Not a problem at all. An API is a contract, violate it at your peril.
The malloc() call's contract is you request memory with the
understanding that "no" is a legal answer. If you fail to account for
that possibility (tactics like preallocation) you either made a mistake
or worse, failed to understand the nature of the deal. On the other
hand, a tactic of simply allowing the process that hits the memory
limit to die, thus freeing up some memory, might be the winning move.
If you can't accept that, program in a language which deals with those
sort of low level details for you and accept the solution it chooses
when a request for memory fails. C isn't for everyone and isn't the
best answer to every problem.
After all, wrapping malloc in a simple test for NULL and exit beats
just assuming any malloc will succeed.