apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeff Trawick" <traw...@gmail.com>
Subject Re: Memory allocation checks. Veri big impact to stablility
Date Fri, 24 Mar 2006 13:55:21 GMT
On 3/24/06, Konstantin Sharenkov <Konstantin.Sharenkov@enterra-inc.com> wrote:
> >>On 3/23/06, Konstantin Sharenkov <Konstantin.Sharenkov@enterra-inc.com>
wrote:
> >>
> >> If I understand everything correctly the function apr_palloc and apr_pcalloc
> >> can return NULL as result if there is no more memory available.
>
> >if no abort function is registered
>
> >> These functions are widely being used within library but a lot of times
> >> result of these functions not being checked
>
> >when creating the pool, specify an abort function; see doc for
> >apr_pool_create_ex()
>
>
> The shortage of memory should be expected by any real stable server I think.
> So my server will need continue to work, just some of requests not will be handled (error
should be returned to client)

That's certainly true for some applications.  And for this and other
reasons, APR memory management is at once the reason APR is ideally
suited to some applications and impractical for others.

For many server applications:
* if it runs out of memory, it can be a software bug leading to
spiralling memory use, and a crash is exactly what needs to happen to
gather diagnostic documentation
* if it runs out of memory, tuning has to be fixed whether or not this
request is gracefully failed
* all those checks for out of memory conditions are paths that are
often missed in coding, often not unit tested leading to bugs
preventing graceful recovery anyway, and complicate the code enough to
harm the fixing of real software defects that tuning can't correct

For some notable platforms, the OS memory management will assume that
there is another page available and pretend to the application layer
that more memory is available, but touching the page will cause a
segfault because of lack of paging space, and checking all the return
codes in the world won't help that.

> What you offer to do with abort_fn except terminate application.
> In C++ environment I can throw exception ant this behaviouк will solve my problem. But
what I need to do in C environment with multiple threads?

jumping around large functional areas (e.g., processing a single
request or connection) sounds like a good start
Mime
View raw message