malloc (was: making a request to IBM)

[Alex Martelli]

mbrown at testsys.austin.ibm.com (Mark Brown) writes:
	...
:The Rationale: Rather than panic the machine, we'd like for it to keep
:running as long as possible. Hence, we try to keep running at all costs,
That's fine with me!  I just want malloc() to return NULL when there is
no more memory, rather than telling me a lie.  Our solid modeler allocates
space dynamically depending on the complexity of the scene that the user
is interactively defining; if/when it detects an out-of-memory condition,
it simply informs the user, who will then have to limit his/her modeling
ambitions, buy more memory, or whatever.  We regularly stress-test this
approach on each of the many WSs we support; often as paging space fills
a machine slows down a lot, often the console fills with warning about
page space exhausted, often a system will refuse to run some other process
when this happens (we have printouts of logs with 'Out of memory: cannot
allocate 7 bytes'...!) - but NOWHERE, EVER, did we get a panic.  On AIX3,
we catch SIGDANGER, but what can we do about it???  We can't even save
the modeler's state to disk - there is no virtual memory left for the
complex I/O necessary!!!  So, do we just die and waste the user's work
for all of a complex modeling session???  If we don't die, the X server
does, so there is no way left to communicate with our application.

Setting process limits so that this won't happen in some "normal situation"
(when the modeler is all alone on the machine) will still make this happen
as soon as any other significant process is alive while the modeling is
done - an xclock that isn't "usually" there can easily be enough!  Or an
ftp session from somewhere else.  Bah!  We have to print a special warning
in our application manual for AIX3, NOT to use it to build models that may
get to be very large or complex, save things often if you do, etc - and we
STILL get to hear from our customers that are bit by this "feature".

Since no other WS seems to feel it necessary to panic - we simply get a
NULL from malloc() at some point and all is peachy - I really DO hope that
IBM will see the light on this - possibly before our large installed base
on IBM 6150's get tired to wait for a 'solid' version of our solid modeler
on some machine with decent performance, and migrate en masse to something
like HP's new 9000/700 machines, which, of course, we also support.
-- 
Alex Martelli - CAD.LAB s.p.a., v. Stalingrado 53, Bologna, Italia
Email: (work:) martelli at cadlab.sublink.org, (home:) alex at am.sublink.org
Phone: (work:) ++39 (51) 371099, (home:) ++39 (51) 250434; 
Fax: ++39 (51) 366964 (work only), Fidonet: 332/401.3 (home only).