Jeff Xu <[email protected]> wrote:
> Even without free.
> I personally do not like the heap getting sealed like that.
>
> Component A.
> p=malloc(4096);
> writing something to p.
>
> Component B:
> mprotect(p,4096, RO)
> mseal(p,4096)
>
> This will split the heap VMA, and prevent the heap from shrinking, if
> this is in a frequent code path, then it might hurt the process's
> memory usage.
>
> The existing code is more likely to use malloc than mmap(), so it is
> easier for dev to seal a piece of data belonging to another component.
> I hope this pattern is not wide-spreading.
>
> The ideal way will be just changing the library A to use mmap.
I think you are lacking some test programs to see how it actually
behaves; the effect is worse than you think, and the impact is immediately
visible to the programmer, and the lesson is clear:
you can only seal objects which you gaurantee never get recycled.
Pushing a sealed object back into reuse is a disasterous bug.
Noone should call this interface, unless they understand that.
I'll say again, you don't have a test program for various allocators to
understand how it behaves. The failure modes described in your docuemnts
are not correct.
