<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font face="Georgia">What I found useful and simple in a particular
case was a high-priority process on a rather short timer. </font>Each
time it woke up it checked the end of object memory. When that was
above an arbitrary number (400M in this case) it opened a debugger
on the offending process - known in advance in this case, but not
too hard to figure out at the time. The overhead for running this is
very small and did what I needed at the time.<br>
<br>
Cheers,<br>
Bob<br>
<br>
<div class="moz-cite-prefix">On 12/10/12 8:33 PM, Eliot Miranda
wrote:<br>
</div>
<blockquote
cite="mid:CAC20JE0Wq9KQC=aS=S0mqbatiZXFfvh1c7SkkvSKJd8Qd0wf_g@mail.gmail.com"
type="cite"><br>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">2012/12/9 Sven Van Caekenberghe <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:sven@stfx.eu" target="_blank">sven@stfx.eu</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
<br>
Would it be possible to build some kind of protection
against stack overflow ?<br>
</blockquote>
<div><br>
</div>
<div>note that there already is some mechanism. The low space
mechanism is supposed to protect against stack overflow but
with today's memories and the difficulty of testing it, this
mechanism often a) takes way too long to kick in, and b)
either leaves the system in a very sluggish state or simply
fails to kick in and the system crashes with an
out-of-memory error.</div>
<div><br>
</div>
<div>Part of the problem is in designing a mechanism which is
in keeping with the reflective nature of the system. What I
mean is that we now have two different VMs, the Interpreter
and the STack/Cog VMs. First one wants a check which is
cheap. That means a check which isn't run on every send.
In the interpreter a natural time to check for recursion
would be on e.g. fullGC, checking for repetition in the
current process's context chain. The the Stack/Cog VMs the
natural time is on evacuating a stack page when the stack
zone is full. But these are two different mechanisms, both
of which are deep in the VM, neither of which can be
conveniently intercepted from Smalltalk, unlike e.g.
doesNotUnderstand:.</div>
<div><br>
</div>
<div>Personally I like the idea of reviving the low space
mechanism and maintaining it properly. For example, if the
low space mechanism causes the low space semaphore to fire
often, because the limit was set only a little way above the
current memory size, and not, as it is now, a little below
the absolute limit, then when it fires, the low space
process could inspect the current process's stack (e.g. via
accelerated via a primitive for performance) and see how
deep it is, and possibly whether there is recursion (e.g. a
bag of context methods would soon reveal high-frequency
methods, and then those contexts could be inspected for
repetition, but KISS says just have a per-process limit on
the maximum depth of stack).</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
This is actually the most common situation for loop/cycle
that either results in an unusable image or a crash.<br>
Interrupting with CMD-. is not always possible.<br>
A possible solution could be to just limit the stack size
and throw an exception.<br>
<br>
For example, in LispWorks, it goes like this:<br>
<br>
CL-USER 5 > (defun foo () (cons (random 100) (foo)))<br>
FOO<br>
<br>
CL-USER 6 > (foo)<br>
<br>
Stack overflow (stack size 48128).<br>
1 (continue) Extend stack by 50%.<br>
2 (abort) Return to level 0.<br>
3 Return to top loop level 0.<br>
<br>
Type :b for backtrace or :c <option number> to
proceed.<br>
Type :bug-form "<subject>" for a bug report template
or :? for other options.<br>
<br>
CL-USER 7 : 1 > :bq<br>
<br>
ERROR <- RUNTIME:BAD-ARGS-OR-STACK <- LENGTH <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO<br>
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO<br>
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO<br>
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO<br>
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO<br>
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO<br>
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO<br>
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO<br>
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO<br>
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO<br>
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO<br>
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO<br>
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO<br>
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO<br>
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO<br>
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO<br>
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO<br>
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO<br>
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO<br>
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO<br>
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO<br>
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO<br>
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO<br>
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO <- FOO
<- FOO <- FOO <- FOO <- FOO <- FOO<br>
<- FOO <- FOO <- EVAL <-
CAPI::CAPI-TOP-LEVEL-FUNCTION <-
CAPI::INTERACTIVE-PANE-TOP-LOOP <-
MP::PROCESS-SG-FUNCTION<br>
<br>
Obviously, this is possible, the question is, can it be done
easily and without paying an unbearable performance price ?<br>
<br>
Sven<br>
<br>
--<br>
Sven Van Caekenberghe<br>
<a moz-do-not-send="true" href="http://stfx.eu"
target="_blank">http://stfx.eu</a><br>
Smalltalk is the Red Pill<br>
<br>
<br>
<br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
best,
<div>Eliot</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">
</pre>
</blockquote>
<br>
</body>
</html>