Sign in to follow this  
Geri

realloc stability on failing computer

Recommended Posts

Geri    367
I am now into an application, a very important part of a linux based operating system. Becouse of this, this application cant afford itself to crash, even if the system ram and the cpu fails a bit. This application uses OpenGL and based on my existing multimedia engine. For this, i am implemented some code redundancy, and a lot other tricks, like double array boundary tests before access, etc.

After i have implemented this extreme redundancy, i tested the application on a bit broken old machine. I overclocked it, placed damaged heatstinks on it, the mainboard in that computer was broken aniway (some wires on the mainboard was deeply cutted so not any pheripherias was able to work).

[img]http://wpshrine.com/uploads/smallsc/192.jpg[/img]

In this system, i got the folowing results:

Windows operating system: explorer.exe crashed after 40-50 minute forever.
Linux operating system: desktop applications in linux (part of kde) randomly crashed in every 2-10 minutes (gnu stability strikes again)
My application (running on windows) [b]BEFORE[/b] the redundancy add-ons: crashed 1x from 5 start, crashed after ~20 mins of work
My application (running on windows) [b]AFTER [/b]the redundancy add-ons: application not crashed for [b]5-6 hours[/b], then windows BSOD-ed.

This app cant exit from a small electronic spike coming from the power cables, or from a confusion in the force caused by Jedis.
The show must go on aniways.

Close enough. I think my goal is reached about stability with this, but there is a thing wich cant go into my mind:

realloc.

realloc, if fails, returns null, and i started to use too much reallocs in the extended versions for now. So:

cat = (float*)realloc(cat, newsize);

if this nulls, it will destroy the cat pointer that had precious data. If malloc, i can retry it again, but not with realloc.

Is realloc destroys the memory area of cat, if it fails?

for example, if i realloc cat and put the result to a different pointer like this:
cat2 = (float*)realloc(cat, newsize);
if(!cat2) cat2 = (float*)realloc(cat, newsize);
cat=cat2;

will this help to me? I mean, will cat still store the correct data, if realloc fails?
-If not, then i may can use this code.
-If it destroys it, then i should create an own, secure realloc implementation, wich will be probably mutch slower than the built in.
-Or, maybee realloc is protected against instability? I dubt, becouse malloc is also not protected against it.

Any hints are welcome.

Share this post


Link to post
Share on other sites
Bregma    9214
Realloc is required to leave cat unaffected if new memory allocation fails.

You may be disappointed to learn that dynamic memory allocation is unlikely to be any more affected by hardware failure than any other memory operation, including any code or data access at all. I think most of your effort is being wasted.

Share this post


Link to post
Share on other sites
Geri    367
thenk you for your reply, but this was not an answer to my question.

wich one do you suggest?

[size="2"][color="#483D8B"][i]-If not, then i may can use this code.
-If it destroys it, then i should create an own, secure realloc implementation, wich will be probably mutch slower than the built in.
-Or, maybee realloc is protected against instability? I dubt, becouse malloc is also not protected against it. [/i][/color][/size]

Share this post


Link to post
Share on other sites
Ohforf sake    2052
You are writing an important part of a linux based OS that mustn't fail (or at least rather later than sooner) and it is using OpenGL and your own existing multimedia engine?



From an academical standpoint this is an interesting problem and I seem to remember an esoteric programming language where each instruction is only executed with a certain probability. Can't remember the name, but they invented quite some interesting mechanisms to write "working" programs for it.

From a practical standpoint I have found the best way to deal with this is a watchdog timer that either reboots the entire system or neatly shuts it all down and raises an alarm. Everything apart from that can't be trusted at best and is dangerous at worst.

Share this post


Link to post
Share on other sites
rip-off    10979
You generally add additional machines to get such redundancy. That way you can fix it if one breaks, and return to having two as soon as possible. I can't imagine that you can reliably run anything on a machine like you are describing. Something will give, you'll be accessing corrupted memory somewhere.

No matter how many double checks you add to your code, the external libraries and system you're calling will require a stable system.

Share this post


Link to post
Share on other sites
Geri    367
Thank you for the new suggestions,

[color="#000080"][i]watchdog timer that either reboots the entire system[/i][/color]
This would be a very bad idea. I want to run the system, and not shut it down for the first crc error.

[i][color="#000080"]You generally add additional machines to get such redundancy. [/color][/i]
This system is not meant for such environments where this can be managed.


the question is still the same: how to use realloc to ensure the biggest stability? answer 1 2 or 3?

Share this post


Link to post
Share on other sites
Geri    367
okay, a friend of me told me that the official specification of realloc both on msdn and cplusplus says that it should not kill the cat, if it fails. Is anybody tryed such situation?

Share this post


Link to post
Share on other sites
Ohforf sake    2052
To answer the question "I mean, will cat still store the correct data, if realloc fails?" you will have to specify exactly the way in which realloc fails.

The kind of hardware failures you describe could result in *any* possible state of the machine. This includes (but is not limited to) disregarding your realloc and all its safeguards, inventing the cure to aids and taking over the world all at once.

EDIT: And there is no part in the C/C++ specification that handles hardware failures!

Share this post


Link to post
Share on other sites
rip-off    10979
Realloc involves walking whatever data structures that belong to the heap. In the event of hardware failures, all bets are off. It might give you a not-null pointer that would crash you, it might give you a not-null pointer to somewhere that is already considered allocated, it might return null but silently leak memory, eventually causing you to crash.

Your requirements seem extreme, certainly not something one would expect to run on a consumer OS using OpenGL. What is this application that cannot fail?

Share this post


Link to post
Share on other sites
Geri    367
i dont want to publically tell yet, what will be this system, its mostly in planning phase, and i dont like to annouce things wich maybe would never be done ever. But if you are courios, i tell the informations to you, just pick me up on msn or skype, you can find my addresses at my sites.

Share this post


Link to post
Share on other sites
ChrisBrowne    102
I can't add anything particularly constructive to this thread as I'm struggling to understand the problem (you're being purposely vague).

However, the below code (copy-pasted from your original post) has a glaring problem:
[color="#1C2837"][size="2"][code]
cat2 = (float*)realloc(cat, newsize);
if(!cat2) cat2 = (float*)realloc(cat, newsize);
cat=cat2;
[/code]

[color="#1C2837"][size="2"]Why are you calling realloc() twice on cat2? What's more, your if() does [i]not[/i] encompass the following "cat=cat2", which means that if the second realloc returns null, you're back to your old problem.[/size][/color]
[color="#1C2837"][size="2"]In other words, the above code is equivalent (but more processor-intensive) to: cat = (float*)realloc(cat,newsize);[/size][/color]

[color="#1C2837"][size="2"]Did you mean:[/size][/color]
[code]
cat2 = (float*)realloc(cat, newsize);
if(!cat2) cat = cat2;
[/code]

[color="#1C2837"][size="2"]by any chance?[/size][/color]
I'd avoid using single-statement if()'s anyway, since they can cause confusion. That said, I often use them myself because I'm lazy and stubborn.[/size][/color]

Share this post


Link to post
Share on other sites
popeax    100
I think it has already been answered, since the standard requires compilers to leave the memory untouched in a realloc fail that's the way one can expect compilers to work. The OP is focused on an environment where one can expect realloc failing to allocate. I agree the code has a problem if both realloc's fail.

If one was really paranoid one could maybe use self-modifying techniques to make sure the app code itself is not corrupted. Or make it a one-app OS by modifying the kernel.

Share this post


Link to post
Share on other sites
[quote name='Geri' timestamp='1307559768' post='4821024']
I am now into an application, a very important part of a linux based operating system. Becouse of this, this application cant afford itself to crash, even if the system ram and the cpu fails a bit. This application uses OpenGL and based on my existing multimedia engine. For this, i am implemented some code redundancy, and a lot other tricks, like double array boundary tests before access, etc.

After i have implemented this extreme redundancy, i tested the application on a bit broken old machine. I overclocked it, placed damaged heatstinks on it, the mainboard in that computer was broken aniway (some wires on the mainboard was deeply cutted so not any pheripherias was able to work).

[img]http://wpshrine.com/uploads/smallsc/192.jpg[/img]

In this system, i got the folowing results:

Windows operating system: explorer.exe crashed after 40-50 minute forever.
Linux operating system: desktop applications in linux (part of kde) randomly crashed in every 2-10 minutes (gnu stability strikes again)
My application (running on windows) [b]BEFORE[/b] the redundancy add-ons: crashed 1x from 5 start, crashed after ~20 mins of work
My application (running on windows) [b]AFTER [/b]the redundancy add-ons: application not crashed for [b]5-6 hours[/b], then windows BSOD-ed.

This app cant exit from a small electronic spike coming from the power cables, or from a confusion in the force caused by Jedis.
The show must go on aniways.

Close enough. I think my goal is reached about stability with this, but there is a thing wich cant go into my mind:

realloc.

realloc, if fails, returns null, and i started to use too much reallocs in the extended versions for now. So:

cat = (float*)realloc(cat, newsize);

if this nulls, it will destroy the cat pointer that had precious data. If malloc, i can retry it again, but not with realloc.

Is realloc destroys the memory area of cat, if it fails?

for example, if i realloc cat and put the result to a different pointer like this:
cat2 = (float*)realloc(cat, newsize);
if(!cat2) cat2 = (float*)realloc(cat, newsize);
cat=cat2;

will this help to me? I mean, will cat still store the correct data, if realloc fails?
-If not, then i may can use this code.
-If it destroys it, then i should create an own, secure realloc implementation, wich will be probably mutch slower than the built in.
-Or, maybee realloc is protected against instability? I dubt, becouse malloc is also not protected against it.

Any hints are welcome.
[/quote]

is there speedup from realloc ?

for opengl app stability on linux trapping video adapter exceptions/faults is first.

Share this post


Link to post
Share on other sites
Sign in to follow this