Is "Out of Memory" a recoverable error?

Russell Lewis webmaster at villagersonline.com
Tue Dec 2 08:57:33 PST 2008 

Walter Bright wrote:
> I asked this over on stackoverflow.com to see what people using other 
> languages have to say, as well as the D community. The reason I ask is 
> to see if memory allocation can be allowed in functions marked "nothrow".
> 
> http://stackoverflow.com/questions/333736/is-out-of-memory-a-recoverable-error 

It seems that D has (or rather, can have) a trivial solution to this 
problem.  Allow programs to register with the GC when they have memory 
which can be easily freed (caches and such).  Then you can make "out of 
memory" a non-recoverable error, since it only hits when we fail to 
recover enough.

It seems to me that there are 3 different types of callbacks that can be 
registered: pre-scan, post-scan, and crisis.

PRE-SCAN

Before the mark & sweep runs, *every one* of these callbacks is called. 
  These are for things which the program can give up with very little 
cost, such as emptying free pools in allocators.  Since this happens 
before the scan, you do *not* have to use explicit "delete"s; you can 
just drop references as normal.  After all of these callbacks are 
called, the mark & sweep runs, and we hope that it will find some 
newly-discarded regions.

POST-SCAN

This is for things which we typically don't want to give up, but which 
we might relinquish if the only alternative would be getting more memory 
from the OS.  For instance, caches of things read from disk.  In this 
case, callbacks must explicitly delete things (since the scanner has 
already run).  The GC will call each of these in turn, but will stop if 
and when enough (contiguous) memory is freed to perform the allocation 
that the GC is trying to perform.  If the GC goes through the entire 
list without finding enough, it will ask the OS for more memory.

CRISIS

This is a set of callbacks which represent things which we would only 
discard in a true crisis, such as caches which would be time-consuming 
to rebuild.  These are called only if the OS refuses to give us more 
memory.  Again, you have to explicitly delete, and the GC will stop 
calling if and when it finds enough free memory.



Seems to me that with this mechanism in place, we can treat 
out-of-memory as an unrecoverable error.

Thoughts?

P.S. It would be nice to also have callbacks that were called when the 
OS started page swapping, or callbacks to deal with fragmentation.  But 
that is something to consider some other time...

More information about the Digitalmars-d mailing list