[snips]
g_malloc() is not a raw wrapper around malloc. You can get into it, and
do stuff where malloc() fails. And *then* return NULL to glib, and it
will abort (or quit application yourself).
Sounds good. Let's see.
I have a function which has created an object to store, oh, a page of
modified text.
It calls my UI handling functions which, in turn, create a window,
assorted doo-dads and so forth and attempt to create a usable display
environment.
About 10 levels down the call tree, these functions invoke a glib call
which allocates memory... and fails.
If glib were properly designed, it would pass back the allocation
failure, which would propagate up the tree to the original function, the
one with the modified data, which could then do any number of things,
including saving the document while tagging the modifications as
"provisional" before exiting, such that on the next run, the app can
display them as unconfirmed edits.
Unfortunately, according to the glib documentation, this doesn't happen.
According to the documentation, the allocations work or die and as a
result there's no reason to even check if allocation succeeded.
So my code never sees the returned NULL, or equivalent failure notice,
never gets a chance to save the edited data, poof, it's gone.
Linux VMWare uses Gtk for its UI, isn't it funny? That "out of resources
message" corresponds to a failed g_try_malloc(), so what?
According to the glib memory allocation documentation page, this cannot
be true, as the page clearly states, right near the top, that allocation
either *works* or the application *terminates*. If vmware is reporting
an allocation failure _and not terminating_ it cannot, therefore, be
using the glib allocation routines.
Here's the exact quote from the page:
"If any call to allocate memory fails, the application is terminated."
Terminated. Not recovered. There is *no* ability to recover, period,
the application is terminated. VMWare recovers, therefore the failure is
not in allocation, or, if it is, it is _not_ using glib's allocation
functions.
Also from that same page:
"This also means that there is no need to check if the call succeeded."
Right there, it says there's no reason whatsoever to check for NULLs, to
use a catch or any other sort of attempt to detect allocation failures.
Why? Because glib doesn't do that, it simply terminates the application
on allocation failure.
No recovery. No reporting. No way to stop it. No "g_try_new reports
failure without exiting". Nope, according to their documentation, it
either works or the application dies. Period.
VMWare runs out of resources and _recovers_? Then it *cannot* be using
the glib allocation functions. Period.
Well, either that, or the glib documentation lies through its teeth, and
in fact allocation failure does *not* result in termination, there *is* a
point to checking the return, but then, if the documentation lies to the
developer, how much can you trust it, or the code?
As to "frequently", here is another piece of usage data: when
applications crash here, they crash because of random bugs, never
because of malloc failure.
My apps don't crash as a result of malloc failure either. They detect it
and handle it appropriately, instead. Something not possible if one uses
the glib allocation routines.
Does that mean malloc() never fails? I mean,
yeah, Lotus is great. So what? What losses do actually happen because
g_malloc() will abort by default when malloc() fails? How often, how
much?
It doesn't matter if it's only once, if that once is critical. No, you
cannot prevent all failures and losses, we know this. You *can*,
however, prevent many losses, and the notion of designing a library where
the response to such an error is to simply give up and throw in the towel
is frankly irresponsible.