On Mar 12, 2011, at 10:42 PM, Graydon Hoare wrote: > On 12/03/2011 8:46 AM, Evan Martin wrote: > >> It seems from the bug Brendan linked to (I skimmed, I admit) they >> wanted to be able to catch memory allocation failures; it's not clear >> to me whether that's a desirable goal in Rust. (It's not clear to me >> if you're out of memory whether you can write any useful >> non-allocating Rust code to handle the error condition.) > > Not at all naive. I'd like to be able to unwind from an out-of-memory > situation though.
Mozilla C++ has the same constraint, which makes precise the problem with STL's containers, e.g., lacking failed-due-to-OOM return codes. While we decorate as fallible allocation sites whose size is variable and failure-prone due to web mistakes and attacks (e.g. image height and width), and null-check, we're not yet ready to let the main process (!) fail hard if a smaller allocation walks off a cliff. And at least on Windows, it seems, it's easy to run out of VM in some cases, even in spite of overcommit being the default OS policy. /be _______________________________________________ Rust-dev mailing list [email protected] https://mail.mozilla.org/listinfo/rust-dev
