[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: malloc() patches round 3

From: Thomas Bushnell, BSG
Subject: Re: malloc() patches round 3
Date: 22 Aug 2001 17:06:19 -0700
User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7

Igor Khavkine <i_khavki@alcor.concordia.ca> writes:

> In my perfect world, OS's don't crash unless there is a hardware failure
> or an internal inconsistency, and resource exhaustion is neither.  If
> you want the system to reboot in that situation, all that is needed is
> some sort of daemon that uses a fixed amount of resources and reboots
> the system if the error is propagated to it.
> We have an opportunity to create something like this. And just because
> Mach crashes when it's out of memory, doesn't mean it's the right thing
> to do. We can change that as well.

Unfortunately, this is a much more global problem than just passing
error codes around.  Among other things, you need to edit carefully
the behavior of all those other Debian packages.  If any of a jillion
of them misbehaves under resource failures, then chaos ensues.

The idea of just having things sit and wait for resources to become
available is also not adequate.  Such things are invitations to
deadlock.  Instead, there needs to be a way to ask programs to release
resources.  And that requires even more significant pervasive changes.

And those changes are not just kernel, or hurd, changes.  They have to
occur in every program in every package.  

The cost of getting it wrong, however, is that the system misbehaves
or deadlocks: and in those cases, it would be better if the system had


reply via email to

[Prev in Thread] Current Thread [Next in Thread]