|
|
Boost : |
From: Alexander Terekhov (terekhov_at_[hidden])
Date: 2003-10-08 17:32:40
David Abrahams wrote:
[...]
> I don't see how the mere fact that you've run out of memory means the
> program state can't be trusted. If that were the case, out-of-memory
> recovery would be impossible on every system, under all
> circumstances.
It's the same thing as with std::invalid_argument, so to speak.
> Unwinding doesn't do any damage unless you need
> debugging information.
That's true as long as you have a strong reason to belive that your
program state is totally okay or that unwinding won't hit some broken
invariant.
>
> > and "speeding up" externally driven recovery.
>
> Have you measured the cost of unwinding w.r.t. this "externally driven
> recovery" (restarting the transaction in a new process) to show that
> it's significant?
If you attempt to unwind on a broken program state, you can simply
deadlock or loop forever. External "ping" monitor (e.g. running
some "heartbeat" transactions) will hopefully detect your effective
death but with some latency. Termination is also the best/easy way
to fence off external resources -- you simply can't restart as long
as that "crazy zombie" is still alive and does something you have
no idea what (if/when it has access to external resources needed
for restart/takeover).
regards,
alexander.
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk