[Libvir] RFC: safer memory allocation APIs with compile time checking

Richard W.M. Jones rjones at redhat.com
Mon Apr 28 21:34:03 UTC 2008

On Mon, Apr 28, 2008 at 06:45:54PM +0000, David Lutterkort wrote:
> So maybe taking a hint from all the languages that contain 'fat'
> runtimes isn't the worst of strategies: die loudly by default, and let
> the application specify other handlers. In practice, the usefulness of
> those handlers is limited by their inability to unwind the stack and
> free dead memory on the way out. Has anybody seen such handlers be
> useful short of a full exception implementation ?

Since you say, yes!

My old c2lib[1] C library uses longjmp to recover from memory
allocation errors, so of course it doesn't free up as it unwinds the
stack.  However, c2lib also mandates using a pool allocator which
means to all intents and purposes the memory and other resources do
get freed up when the current pool is freed.  If you scope your pools
sensibly (around transctions, as in that blog entry) then recovering
from memory errors works.

So it is possible, in C.  Of course this is highly theoretical because
the only major C program I can think of which uses pools is Apache.


[1] http://www.annexia.org/freeware/c2lib/

Richard Jones, Emerging Technologies, Red Hat  http://et.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines.  Boot with a
live CD or over the network (PXE) and turn machines into Xen guests.

More information about the libvir-list mailing list