From: Ian Campbell <ian.campbell@citrix.com>
To: Ian Jackson <Ian.Jackson@eu.citrix.com>,
Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Martin Osterloh <osterlohm@ainfosec.com>,
"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
Subject: Re: libxl and malloc failure (Re: Current LibXL Status)
Date: Fri, 19 Feb 2016 10:52:11 +0000 [thread overview]
Message-ID: <1455879131.6225.89.camel@citrix.com> (raw)
In-Reply-To: <22214.2619.86697.724156@mariner.uk.xensource.com>
graft 51 ^
thanks
On Thu, 2016-02-18 at 18:15 +0000, Ian Jackson wrote:
> Andrew Cooper writes ("Re: [Xen-devel] Current LibXL Status"):
> > There really is a show-stopper, which I have stated before.
> >
> > Languages such as OCaml use -ENOMEM as a hint to run the garbage
> > collector some more. I expect Haskell is the same.
>
> This cannot possibly be true (if what you mean is that they use
> ENOMEM[1] from malloc as such an indication). It would make it
> impossible to write a correct binding to a normal C library.
>
> Typically C library which calls malloc will do so in the middle of its
> execution. Even if the library returns the resulting error up as
> a distinguishable error code, you can't just make the same library
> call again - it may have done half its work but not the other half.
FWIW there is some code in the Ocaml runtime which raises an Out_of_memory
exception in response to ENOMEM in C land (and from ocaml code in some
circumstances too).
The Unix module (which wraps standard Unix libc type APIs) looks to (when
appropriate) reasonably consistently return errors as Unix_error(errno),
that is handled generically so will include raising Unix_error(ENOMEM) as
necessary.
In principal it ought to be possible to write an ocaml program which
correctly dealt with those (and similar ones from other lower level
bindings), for example the interactive command line interpreter catches
Out_of_memory (but not Unix_error) and calls the gc before iterating. (I
did see one reference in a book which suggested Out_of_memory wasn't
catcheable, but that appears to be out of date from what I can tell).
So I suppose it ought to be possible to write an ocaml daemon which caught
errors like these at the top level and aborted only the currently attempted
operation without taking down the whole daemon process. How feasible that
is in practice I can't say.
This of course relies on all the C bindings correctly turning errors into
exceptions and the semantics of your particular daemon allowing for
abandoning things half way through (which I suppose is a relative of some
kind to crash-only s/w).
Ian.
>
> So I think you must be wrong.
>
> Ian.
>
> [1] NB that when malloc fails there is no -ENOMEM, only ENOMEM.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-02-19 10:52 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-18 18:32 Current LibXL Status Martin Osterloh
2015-11-19 9:20 ` Ian Campbell
2015-11-19 10:23 ` George Dunlap
2015-11-19 10:55 ` Andrew Cooper
2015-11-19 11:23 ` Ian Campbell
2015-11-19 11:30 ` Processed: " xen
2015-11-19 11:33 ` Andrew Cooper
2015-11-19 11:48 ` Ian Campbell
2015-11-19 11:55 ` Ian Campbell
2015-11-19 12:16 ` Ian Campbell
2015-11-20 0:30 ` Yang Hongyang
2016-02-18 17:09 ` George Dunlap
2016-02-18 17:19 ` Ian Jackson
2016-02-18 17:26 ` Ian Campbell
2016-02-18 17:40 ` George Dunlap
2016-02-18 17:24 ` Ian Campbell
2016-02-18 18:30 ` Ian Jackson
2015-11-19 15:34 ` George Dunlap
2016-02-18 17:26 ` George Dunlap
2016-02-18 17:39 ` Ian Campbell
2016-02-18 17:47 ` George Dunlap
2016-02-18 17:50 ` Ian Campbell
2016-02-18 18:15 ` libxl and malloc failure (Re: Current LibXL Status) Ian Jackson
2016-02-19 10:52 ` Ian Campbell [this message]
2016-02-19 11:00 ` Processed: " xen
2016-02-22 16:48 ` Ian Jackson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1455879131.6225.89.camel@citrix.com \
--to=ian.campbell@citrix.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=osterlohm@ainfosec.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).