Re: Access violation in free()

Richard Heathfield wrote:
Tor Rustad said:

Unless you are writing e.g. a non-stop server (or a library for it,
kernel mode code etc.), the normally best thing to do on memory
failures, is simply to exit.

We've had this debate over and over, and I think it's fair to say that the balance of expert opinion is against you (although it's far from unanimous), although of course it does depend very much on what you're writing (as you suggest). The consensus seems to be that, if you're writing 'generic' code - code that you expect to be used many times by many programs - then you should report errors rather than terminate the program.

In generic code, I would design a call-back mechanism for error handling, rather than propagating critical errors all over the place.

Yup, we have discussed this before, and perhaps most experts disagree with me, but my comment on error management in the draft on "Secure C Library Functions", did very much seem to have made it into the final "TR 24731 Part1: Bounce-checking interfaces".

http://groups.google.no/group/comp.std.c/browse_thread/thread/d340397fc9ac32f5/25af554fcc8ceeae?lnk=gst&q=Tor+Rustad&rnum=8&hl=no#25af554fcc8ceeae

Douglas A. Gwyn agreed with me, and some other experts must have too. :)


If you're writing the program itself, however, then of course you do whatever is the right thing for that program. But if my word processor exit()ed on a memory allocation failure without at least giving me the chance to save the last twenty minutes' typing, I'd be looking for a new word processor.

If a program need a save-data-and-terminate handler, such a thing can easily be added to a library. Propagating NULL, isn't the best way to go IMO.

--
Tor <torust [at] online [dot] no>
.

Relevant Pages

  • Re: advice on occasional memory error
    ... customers about mysterious failures. ... wrong memory contents, i.e. there are single bits flipped, sometimes ... TEST PROGRAM ONE: ... Start five boards running the test. ...
    (comp.arch.embedded)
  • Re: advice on occasional memory error
    ... customers about mysterious failures. ... Most of the memory contents is ... TEST PROGRAM ONE: ... Start five boards running the test. ...
    (comp.arch.embedded)
  • Re: killing a zombie process
    ... IOW you may find something that will *copy* the file to allow continued work and then sort the mess out when it is convenient to reboot. ... The whole purpose of a word processor is to make changes in the file it is editing, so it would deny both reading and writing. ... Usually word processors keep the whole document in memory, unless they are designed to work on very large files. ... Usually they are used to install a new version of a loaded dll. ...
    (comp.os.os2.misc)
  • Re: Determine calling function
    ... >> Now, if the work area is not sufficiently large, the function fails, ... > Since you plan to *abort* anyway then, ... > failures, at least the kind that lead to abort. ... can and do suffer from memory leaks. ...
    (comp.lang.c)
  • Re: advice on occasional memory error
    ... These failures seem to be caused by wrong memory contents, i.e. there are single bits flipped, sometimes from 0 to one, sometime from 1 to 0. ... Most of the memory contents is beeing changed all the time except a quite small number of bytes which are going through a sequence of values during startup and are not going to be changed or refreshed later. ... Next step would be code that verifies by readback, and checksums blocks ... Even idle-loop code that runs a rolling signature in scattered areas of ram, looking for faults can be useful. ...
    (comp.arch.embedded)