Re: Safe memory allocation functions

Andres Freund wrote:
> On 2015-01-16 12:56:18 -0300, Alvaro Herrera wrote:

> > So how about something like
> >
> > #define ALLOCFLAG_HUGE 0x01
> > #define ALLOCFLAG_NO_ERROR_ON_OOM 0x02
> > void *
> > MemoryContextAllocFlags(MemoryContext context, Size size, int flags);

> I don't know, this seems a bit awkward to use. Your earlier example with
> the *Huge variant that returns a smaller allocation doesn't really
> convince me - that'd need a separate API anyway.

What example was that? My thinking was that the mcxt.c function would
return NULL if the request was not satisfied; only the caller would be
entitled to retry with a smaller size. I was thinking in something like

baseflag = ALLOCFLAG_NO_ERROR_ON_OOM;
reqsz = SomeHugeValue;
while (true)
{
ptr = MemoryContextAllocFlags(cxt, reqsz,
ALLOCFLAG_HUGE | baseflag);
if (ptr != NULL)
break; /* success */

/* too large, retry with a smaller allocation */
reqsz *= 0.75;

/* if under some limit, have it fail next time */
if (reqsz < SomeHugeValue * 0.1)
baseflag = 0;
}
/* by here, you know ptr points to a memory area of size reqsz, which is
between SomeHugeValue * 0.1 and SomeHugeValue. */

Were you thinking of something else?

> I definitely do not want to push the nofail stuff via the
> MemoryContextData-> API into aset.c. Imo aset.c should always return
> NULL and then mcxt.c should throw the error if in the normal palloc()
> function.

Sure, that seems reasonable ...

--
Álvaro Herrera http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services