发表新帖
发表新帖

Should we check if memory allocations fail?

后端 未结
关注
7 1851
温柔的废话
温柔的废话 2020-12-31 08:41

I\'ve seen a lot of code that checks for NULL pointers whenever an allocation is made. This makes the code verbose, and if it\'s not done consistently, only when the program

相关标签:
7条回答
  • 半阙折子戏
    2020-12-31 08:48

    In a hosted environment error checking the return of malloc makes not much sense nowadays. Most machines have a virtual address space of 64 bit. You'd need a lot of time to exhaust that. Your program will most likely fail at a completely different place, namely when your physical+swap memory is exhausted. It will have shown completely ridiculous performance before that, because it only was swapping and the user will have triggered Cntrl-C long before you ever come there.

    Segfaulting "nicely" on a null pointer reference would be a clear point to see where things fail in a debugger. But in my practice I have never seen a failed malloc as a cause.

    When programming for embedded systems the picture changes completely. There you definitively should check for failed malloc.

    Edit: To clarify that after the edit of the question. The kind of programs/systems described there are clearly not "embedded". I have never seen malloc fail under the circumstances described there.

    0 讨论(0)
  • 臣服心动
    2020-12-31 08:49

    I'd like to add that edge cases should always be checked even if you think they are safe or cannot lead to other issues than a crash. Null pointer dereference can potentially be exploited (http://uninformed.org/?v=4&a=5&t=sumry).

    0 讨论(0)
  • 悲哀的现实
    2020-12-31 08:54

    but it is much more difficult to troubleshoot if you don't log where the malloc failed.

    failed to allocate memory in line XX is to prefer than just to crash.

    0 讨论(0)
  • 不知归路
    2020-12-31 09:01

    Yes, you should check for a null return value from malloc. Even if you can't recover from the failure of memory allocation you should explicitly exit. Carrying on as though memory allocation had succeeded leaves your application in an inconsistent state and is likely to cause "undefined behavior" which should be avoided.

    For example, you may end up writing inconsistent data to external storage which may hinder the ability of the next run of the application to recover. It's much safer to exit swiftly in a more controlled fashion.

    Many applications that want to exit on allocation failure wrap malloc in a function that checks the return value and explicitly aborts on failure.

    Arguably, this is one advantage of the C++ default new approach to throw an exception on allocation failure. It requires no effort to exit on memory allocation failure.

    0 讨论(0)
  • 逝去的感伤
    2020-12-31 09:01

    You should definitely check the return value for malloc. Helpful in debugging and the code becomes robust.

    Always check malloc'ed memory?

    0 讨论(0)
  • 被撕碎了的回忆
    2020-12-31 09:07

    Always check the return value, but for clarity, it's common to wrap malloc() in a function which never returns NULL:

    void *
emalloc(size_t amt){
    void *v = malloc(amt);  
    if(!v){
        fprintf(stderr, "out of mem\n");
        exit(EXIT_FAILURE);
    }
    return v;
}

    Then, later you can use

    char *foo = emalloc(56);
foo[12] = 'A';

    With no guilty conscience.

    0 讨论(0)
 看不清?
提交回复
热议问题