[SystemSafety] When malloc() Never Returns NULL
David MENTRE
david.mentre at bentobako.org
Thu May 11 21:34:14 CEST 2023
Hello,
The USS Yorktown is a good example, thank you for the reminder. I agree that one can underestimate the criticality of some applications.
Best regards,
David Mentré
> Le 11 mai 2023 à 20:58, Derek M Jones <derek at knosof.co.uk> a écrit :
>
> David,
>
>> How is it relevant to System Safety (topic of this list)? This paper is interesting but as far as I know, safety critical programs are not executed on generic OS mentioned by this paper but real-time OS or bare metal. Moreover, such programs
>
> The divide-by zero error on the USS Yorktown springs to mind
> https://medium.com/dataseries/when-smart-ships-divide-by-zer0-uss-yorktown-4e53837f75b2
>
>> would never do dynamic memory allocation or only at program startup. In my view, the recommendations of this paper (in particular using x family functions that assume allocation always succeed or terminate the application) are not valid in safety critical context: the handling of memory allocation failure should be considered and handled properly.
>
> I continue to be surprised by the complexity of hardware/software
> being used in safety related applications.
>
> Every now and again something considered as not safety critical fails,
> and an unnoticed dependency suddenly appears.
>
> I know of (not used in safety critical, as far as I know) programs that
> handle malloc returning NULL by sensibly closing things down. The
> idea that malloc failing might result in the cleanup never occurring,
> because the process is killed by the OS, is something relatively new.
>
>> Best regards,
>> David Mentré
>>>> Le 11 mai 2023 à 12:58, Derek M Jones <derek at knosof.co.uk> a écrit :
>>>
>>> All,
>>>
>>> Coding guidelines have been telling developers to
>>> check the return value of malloc forever.
>>>
>>> It certainly used to make a difference, but it looks
>>> as if out-of-memory is becoming a thing of the past,
>>> at least on the desktop.
>>>
>>> "When malloc() Never Returns NULL -- Reliability as an Illusion"
>>> https://arxiv.org/abs/2208.08484
>>>
>>> --
>>> Derek M. Jones Evidence-based software engineering
>>> blog:https://shape-of-code.com
>>> _______________________________________________
>>> The System Safety Mailing List
>>> systemsafety at TechFak.Uni-Bielefeld.DE
>>> Manage your subscription: https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
>> _______________________________________________
>> The System Safety Mailing List
>> systemsafety at TechFak.Uni-Bielefeld.DE
>> Manage your subscription: https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
>
> --
> Derek M. Jones Evidence-based software engineering
> blog:https://shape-of-code.com
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
> Manage your subscription: https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
More information about the systemsafety
mailing list