[SystemSafety] When malloc() Never Returns NULL

Derek M Jones derek at knosof.co.uk
Tue May 23 11:27:46 CEST 2023


David,

A more recent example.
Using a spreadsheet with a 64K limit on the number of rows
is not a good idea when dealing with a potential sample
size in the 100K+
https://warwick.ac.uk/fac/soc/economics/research/centres/cage/publications/workingpapers/2020/does_contact_tracing_work_quasi_experimental_evidence_from_an_excel_error_in_england/

> The USS Yorktown is a good example, thank you for the reminder. I agree that one can underestimate the criticality of some applications.
> 
> Best regards,
> David Mentré
> 
>> Le 11 mai 2023 à 20:58, Derek M Jones <derek at knosof.co.uk> a écrit :
>>
>> David,
>>
>>> How is it relevant to System Safety (topic of this list)? This paper is interesting but as far as I know, safety critical programs are not executed on generic OS mentioned by this paper but real-time OS or bare metal. Moreover, such programs
>>
>> The divide-by zero error on the USS Yorktown springs to mind
>> https://medium.com/dataseries/when-smart-ships-divide-by-zer0-uss-yorktown-4e53837f75b2
>>
>>> would never do dynamic memory allocation or only at program startup. In my view, the recommendations of this paper (in particular using x family functions that assume allocation always succeed or terminate the application) are not valid in safety critical context: the handling of memory allocation failure should be considered and handled properly.
>>
>> I continue to be surprised by the complexity of hardware/software
>> being used in safety related applications.
>>
>> Every now and again something considered as not safety critical fails,
>> and an unnoticed dependency suddenly appears.
>>
>> I know of (not used in safety critical, as far as I know) programs that
>> handle malloc returning NULL by sensibly closing things down.  The
>> idea that malloc failing might result in the cleanup never occurring,
>> because the process is killed by the OS, is something relatively new.
>>
>>> Best regards,
>>> David Mentré
>>>>> Le 11 mai 2023 à 12:58, Derek M Jones <derek at knosof.co.uk> a écrit :
>>>>
>>>> All,
>>>>
>>>> Coding guidelines have been telling developers to
>>>> check the return value of malloc forever.
>>>>
>>>> It certainly used to make a difference, but it looks
>>>> as if out-of-memory is becoming a thing of the past,
>>>> at least on the desktop.
>>>>
>>>> "When malloc() Never Returns NULL -- Reliability as an Illusion"
>>>> https://arxiv.org/abs/2208.08484
>>>>
>>>> -- 
>>>> Derek M. Jones           Evidence-based software engineering
>>>> blog:https://shape-of-code.com
>>>> _______________________________________________
>>>> The System Safety Mailing List
>>>> systemsafety at TechFak.Uni-Bielefeld.DE
>>>> Manage your subscription: https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
>>> _______________________________________________
>>> The System Safety Mailing List
>>> systemsafety at TechFak.Uni-Bielefeld.DE
>>> Manage your subscription: https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
>>
>> -- 
>> Derek M. Jones           Evidence-based software engineering
>> blog:https://shape-of-code.com
>> _______________________________________________
>> The System Safety Mailing List
>> systemsafety at TechFak.Uni-Bielefeld.DE
>> Manage your subscription: https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
> Manage your subscription: https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety

-- 
Derek M. Jones           Evidence-based software engineering
blog:https://shape-of-code.com


More information about the systemsafety mailing list