[cfe-dev] What clang should do when memory is exhausted?
Douglas Gregor
dgregor at apple.com
Sat Mar 24 21:07:05 PDT 2012
Sent from my iPhone
On Mar 21, 2012, at 1:04 AM, Abramo Bagnara <abramo.bagnara at gmail.com> wrote:
> Il 20/03/2012 22:56, Douglas Gregor ha scritto:
>>
>> On Mar 20, 2012, at 4:41 AM, Abramo Bagnara wrote:
>>
>>> Il 18/03/2012 12:51, Abramo Bagnara ha scritto:
>>>> In http://llvm.org/docs/CodingStandards.html#ci_rtti_exceptions I read
>>>> that exceptions are not used by design in clang code base.
>>>>
>>>> Despite this in source there are a lot of unguarded call to new
>>>> operator, does this means that when memory is lacking the compiler
>>>> executable is meant to fail in arbitrary way?
>>>
>>> I'd correct myself replacing "fail in arbitrary way" with "execute
>>> arbitrary code".
>>>
>>> Can I suggest the use in clang executables of set_new_handler (C++
>>> lib.set.new.handler) to have a graceful exit when memory is exhausted?
>>>
>>> Is it an acceptable solution?
>>
>> Seems okay for the compiler proper. For libclang, we'd probably just want to trap to kill the current thread.
>
> I'd leave the responsibility to use set_new_handler to application using
> libclang (the clang compiler is not an exception).
Sure.
> The important thing for libclang is to document that using default
> compilation flag the library does not propagate operator new exceptions:
> the programmer likely is unaware that this might lead to disasters (read
> arbitrary execution i.e. in unfortunate cases miscompilation of safety
> critical application) when memory is less than needed.
It's good to document this, but a safety-critical application should not be using Clang in-process. There are too many easy ways to crash Clang.
More information about the cfe-dev
mailing list