Skip Tavakkolian wrote:
excellent points; i believe this. there's no sense in masking errors
with pseudo recovery. good test coverage should expose programmer
misunderstanding.
if the system can't afford memory allocation errors, then
preallocating (static or dynamic) and capping a maximum that the
system should ever need will help simulate exhaustion in testing and
make the memory usage and response times bounded. watchdog processes
and memory checksums are possible additional measures.
Memory shortage can often be temporary. Sleeping malloc has saved me
a few times.
