S
santosh
Malcolm said:You can have something that will never happen, yet could happen. Like
a monkey typing out the works of Shakespeare.
That's what assert is for.
Malcolm said:You can have something that will never happen, yet could happen. Like
a monkey typing out the works of Shakespeare.
That's what assert is for.
Richard said:santosh said:
No. Assertions are for something that cannot happen if the program
is correctly written (but may well happen if it is not!). They are
not for detecting low-probability runtime events.
And also for detecting hardware failures, which do not require
program writing failures. Considering the number of machines
without ECC memory protection, this is an impressive number.
And also for detecting hardware failures, which do not require
program writing failures.
The result is the same, if assert is defined to fail the programRichard said:CBFalconer said:
I disagree. If a programmer is sufficiently prescient to predict a hardware
failure using an assertion, he can do so just as well using an ordinary
if(), and can thus fail the program elegantly instead of having it crash
out with possible data loss.
The result is the same,
if assert is defined to fail the program
elegantly and only used for conditions that "can't happen",
then it's as good a way to trap errors as any.
CBFalconer said:
I disagree. If a programmer is sufficiently prescient to predict a hardware
failure using an assertion, he can do so just as well using an ordinary
if(), and can thus fail the program elegantly instead of having it crash
out with possible data loss.
The program has to assume the foundations on which it is built are wellRichard said:Ian Collins said:
How you use it is up to you. I use it only for conditions that "can't
happen if the program is correct".
It the hardware providing the program's date becomes unreliable, allNo, because it offers no opportunity for graceful (failsafe) degradation,
let alone recovery.
You can have something that will never happen, yet could happen.
Kelsey said:[snips]
And if nothing else, malloc doesn't lie about what it actually does,
and works on all legitimate size requests, if memory is, in fact,
available to meet the request.
Unfortunately, only on systems that do not overcommit memory.
Sure. Once or twice in your program you may have a legitimate memory
request that could exceed the range of an int.
In that case you, the
programmer, should be aware that you are asking for an enormous amount
of memory.
Unless you totally control the system, you should also be
aware that it is rather likely that the request won't be honoured.
The test if(ptr == NULL) is trivial. What's non-trivial is what goes in
the if condition
, You might want to put up a box for the user saying
"image too large". In which case your windowing system had better be in
scope.
If the allocation is most unlikely to fail, why go through all this,
What you are describing is a classic case of over-engineering.
Yes, your
program will be better, but you have to write lines and lines of custom
code to handle the failure of every single allocation.
Remember that
means cleaning up, unwinding the program state, destroying every object,
until you come to a point where you can recover.
If the memory request
was trivial, most of the time the program will fail to get memory again
on recovery, and will eventually close down or be closed down anyway.
But what if the memory requests are so small that in fact the chance of
the computer breaking is greater than the chance of malloc() failure?
If
you've a backup computer, that runs a mirror of the program, sure, the
application must never terminate. It's running a nuclear power station
or something. But if you don't provide such a hardware mirror, can you
really say "the application must never terminate?"
The program has to assume the foundations on which it is built are well
behaved.
It the hardware providing the program's date becomes unreliable, all
opportunities for graceful degradation have passed.
Typo on my part, that should have been "If the hardware providing theRandy said:Not true. In many cases, you could alert the user that the system
clock has become unreliable, and ask if they want to abort, save the
data at that point anyway into a new file, continue, etc.
What you are describing is a classic case of over-engineering. Yes, yourKelsey Bjarnason said:No, I don't. I want a response back from my allocation function that
tells me it couldn't honour the allocation, that I can do any of a
million possible things with it.
In one application, for example, it will continue to work, simply a
little less efficiently, with a smaller buffer.
You forgot option 4, use the operating system's file mapping API and letKelsey said:As a simple example, let's ponder a function which parses data from a
file, where the expectation is that the typical file so parsed is
relatively large - say several gigabytes.
Option 1: run through it, character by character, using fgetc() or some
equivalent. This was actually tested, and performance sucked.
Option 2: run through it line by line, using fgets or some equivalent.
This was also tested, works better, but not as well as it should.
Option 3: allocate a buffer of size N, read N bytes' worth of data,
process in memory. This, based on testing, is the most efficient, with
efficiency increasing, on average, with increasing values of N, to a
point, say around 64MB, where the benefits of more memory are
insufficient to justify increased usage.
And that's exactly what xmalloc does: it allows me to request the 64MB
I'd like, but prevents me from detecting the failure and adjusting the
request.
You complain that malloc causes problems. Even assuming you had a
point, your solution is worse than the problem. At least with malloc,
*I* can adjust to conditions. *I* can choose to use a smaller buffer.
*I* can detect the error and decide that perhaps I should try another
task, then check back later to see if memory is available. With your
code, no such options are available.
Granted, with your "user function" or whatever you call it, I can, in
principle, say "try again, with a smaller amount of memory", but that
doesn't help, as I cannot tell the calling code that the change has
occurred; it asked for 64MB, what was *actually* allocated was 16MB,
how the hell does it know that? It doesn't - there's no way to
respond back that the request was not honoured.
Randy said:Also realize that machines with ECC memory can also corrupt memory,
just not nearly as often.
Richard said:CBFalconer said:
I disagree. If a programmer is sufficiently prescient to predict a
hardware failure using an assertion, he can do so just as well using
an ordinary if(), and can thus fail the program elegantly instead of
having it crash out with possible data loss.
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.