Re: [boost] Review of a safer memory management approach for C++
Mathias,
------------------------------
Message: 19 Date: Mon, 07 Jun 2010 15:43:18 +0100 From: Mathias Gaunard <mathias.gaunard@ens-lyon.org> To: boost@lists.boost.org Subject: Re: [boost] Review of a safer memory management approach for C++? Message-ID: <huj0io$6iu$1@dough.gmane.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Bartlett, Roscoe A wrote:
I am fine with the language allowing for undefined behavior. Clearly if you want the highest performance, you have to turn off array-bounds checking, for instance, which allows for undefined behavior. What I am not okay with is people writing programs that expose that undefined behavior, especially w.r.t. to usage of memory. Every computational scientist has had the experience of writing code that appeared to work just fine on their main development platform but when they took to over to another machine for a "production" run on a large (expensive) MPP to run on 1000 processors, it segfaulted after having run for 45 minutes and lost everything. This happens all the time with current CSE software written in C, C++, and even Fortran. This is bad on many levels.
Are you suggesting that people should write programs that rely on undefined behavior or are you just saying that you don't think it should be eliminated from the language?
From my experience, the best tool to identify and eliminate undefined behaviour due to bad memory access is valgrind.
I found it more practical and catching more errors than any library-level tool.
[Bartlett, Roscoe A] Tools like valgrind and purify are very helpful but are not nearly sufficient as described in Section 3.2 (and other sections) in: http://www.cs.sandia.gov/~rabartl/TeuchosMemoryManagementSAND.pdf Have other people had similar experiences with valgrind and purify to what I describe in Sectioin 3.2 in the above document? If valgrind and purify can pin-point memory errors so effectively, then why does it sometimes take nearly a week to track down certain types of memory errors in C++ (I have heard of such stories)? My record is most likely about three days to track down a single memory error (including using valgrind and purify for all the glues that I can get, less they segfaulted themselves of course which sometimes they do). In the process of tracking down and diagnosing some of these memory errors, I have had to apply all of my PhD-level problem solving and research skills and in the end I could not write a research paper to describe the wonderful problem-solving research-quality work that I did. What a waste of time and effort; very frustrating. I know many people that I work with that have had similar experiences. These types of experiences have lead many C++ teams to code C++ with a (justified but unfortunate) paranoia about the use of memory in C++ that has all kinds of bad consequences (see Section 1 in the above document for some of the consequences). Come one, at least some people on this mail list must have had similar nightmare experiences in trying to track down and diagnose hard memory misuse errors in C++ that took days of effort to resolve (even with the help of tools like valgrind and purify). And again, tools like valgrind and purify will *never* catch semantic misuse of memory (i.e. allocating a big chunk of memory and then breaking it up to be used to construct different objects and array of objects). The Teuchos MM classes will catch most semantic misuse of memory in a way that no tool like valgrind and purify every can (because they don't know the context of your program, they only know that any read/writes in a big block of memory that you allocated look okay). I think this is a big deal in catching hard-to-find defects that are not (technically speaking) memory misuse defects but are program defects none the less. Cheers, - Ross
Bartlett, Roscoe A wrote:
Tools like valgrind and purify are very helpful but are not nearly sufficient as described in Section 3.2 (and other sections) in:
http://www.cs.sandia.gov/~rabartl/TeuchosMemoryManagementSAND.pdf
The limitations you give are simply that you expect valgrind to do more than tell you about memory errors, but also to tell you about contract violation of any library as well. That's not something a generic tool can do. Contracts are specified by each library, and can be optionally checked in a special debug mode the library may provide. All that valgrind can do (as far as I my usage goes) is tell you if you access some unallocated memory (relatively to the default global allocator) or if you read an uninitialized object.
Bartlett, Roscoe A wrote:
Come one, at least some people on this mail list must have had similar nightmare experiences in trying to track down and diagnose hard memory misuse errors in C++ that took days of effort to resolve (even with the help of tools like valgrind and purify).
Hi, yes, I had such experiences, but that's years in the past, when I did not know shared pointers. With shared pointers only very few memory issues ever occurred. These days, our memory issues are of a different kind: Memory fragmenation due to malloc's strategies in multithreading scenarios. These are even worse, because formally, there is no problem in the code. Writing you own allocator and then suddenly not being able to use valgrind anymore, that's the memory fun today. Regards, Roland
07/06/2010 18:14, Roland Bock wrote:
Writing you own allocator and then suddenly not being able to use valgrind anymore, that's the memory fun today.
It's pretty easy to add hooks for valgrind to work properly with your own allocator, or even your own thread library.
Mathias Gaunard wrote:
07/06/2010 18:14, Roland Bock wrote:
Writing you own allocator and then suddenly not being able to use valgrind anymore, that's the memory fun today.
It's pretty easy to add hooks for valgrind to work properly with your own allocator, or even your own thread library.
Hi, good to know, thanks for the info. Do you have a link available? Thanks and regards, Roland
Roland Bock wrote:
Mathias Gaunard wrote:
07/06/2010 18:14, Roland Bock wrote:
Writing you own allocator and then suddenly not being able to use valgrind anymore, that's the memory fun today. It's pretty easy to add hooks for valgrind to work properly with your own allocator, or even your own thread library.
Hi,
good to know, thanks for the info. Do you have a link available?
<http://valgrind.org/docs/manual/manual-core-adv.html#manual-core-adv.clientreq>
Mathias Gaunard wrote:
Roland Bock wrote:
Mathias Gaunard wrote:
07/06/2010 18:14, Roland Bock wrote:
Writing you own allocator and then suddenly not being able to use valgrind anymore, that's the memory fun today. It's pretty easy to add hooks for valgrind to work properly with your own allocator, or even your own thread library.
Hi,
good to know, thanks for the info. Do you have a link available?
<http://valgrind.org/docs/manual/manual-core-adv.html#manual-core-adv.clientreq>
Thanks!
Hi Bartlett, Just for the record and since your statements below are about general experiences with large scale C++ projects, let me put my own experiences in context: I had been architecting, designing and implementing large-scaled projects from the early 90's. The largest of which accounts for 160K of C++ code, which in fact I wrote almost entirely myslef. Again this is just to put the comments based on my experience in persective.
These types of experiences have lead many C++ teams to code C++ with a (justified but unfortunate) paranoia about the use of memory in C++ that has all kinds of bad consequences
I think that those memory problems are funtamentally rooted at a design issue. In the mid 90's I used to developed best practices and utilities for sane memory management (and other sanity requirements), in the same spirit of the paper you presented (I did read it btw). I even implemented custom allocators, based on class-specific memory pools, and mandated that every object should obey a strict allocation-deallocation protocol. Simply defining a new class on my system required the use of a macro-based DSL, something like "DEFINE_DERIVED_OBJECT(Foo,Base). Likewise, object graphs had to be very carefully spelled with my DSL, as in "INCLUDE_SUBOBJECT(Bar)", and so on.. This forced everyone in the team, year after year, to learn a language on top of C++. In the long end, however, I realized I was just overengineering the problem way too much, putting a big burden on the team and making it difficult for newcomers. When C++ evolved I found new, much simpler ways to solve the same problems, and in particular, memory problems: using smart pointers (even long before boost::shared_ptr came alone). Once I started using smart pointers I never looked back, and I never again, ever, had to spend a single minute on a memory leak.
Come one, at least some people on this mail list must have had similar nightmare experiences in trying to track down and diagnose hard memory misuse errors in C++ that took days of effort to resolve (even with the help of tools like valgrind and purify).
Before I started using smart pointers, yes. After that, no.. never again.
And again, tools like valgrind and purify will *never* catch semantic misuse of memory (i.e. allocating a big chunk of memory and then breaking it up to be used to construct different objects and array of objects). The Teuchos MM classes will catch most semantic misuse of memory in a way that no tool like valgrind and purify every can (because they don't know the context of your program, they only know that any read/writes in a big block of memory that you allocated look okay). I think this is a big deal in catching hard-to-find defects that are not (technically speaking) memory misuse defects but are program defects none the less.
I totally fail to see why this design mistakes (wrong allocation pattern) should be detected by a framework? These are design issues and should be deal with at that stage. Surely any team can be trained not to make such mistakes. Best -- Fernando Cacciola SciSoft Consulting, Founder http://www.scisoft-consulting.com
Bartlett, Roscoe A wrote:
Come one, at least some people on this mail list must have had similar nightmare experiences in trying to track down and diagnose hard memory misuse errors in C++ that took days of effort to resolve (even with the help of tools like valgrind and purify).
Since you ask, no. I honestly don't remember when I last had a memory leak or similar error in C++ code. Not for years. C++ does have some other hazards, such as iterator invalidation rules and thread safety and abuse of reinterpret_cast, that I sometimes stumble with. But I think that the current tools for managing pointers are very effective and sufficient. Based on a few random recent conversations, I have a feeling that many of the people who used to write C++ code that suffered from memory leaks may now be coding in C# instead. Regards, Phil.
-----Original Message----- From: boost-bounces@lists.boost.org [mailto:boost-bounces@lists.boost.org] On Behalf Of Phil Endecott Sent: Monday, June 07, 2010 6:37 PM To: boost@lists.boost.org Subject: Re: [boost] Review of a safer memory management approach for C++
Based on a few random recent conversations, I have a feeling that many of the people who used to write C++ code that suffered from memory leaks may now be coding in C# instead.
Regards, Phil.
AMEN!
participants (6)
-
Bartlett, Roscoe A -
Fernando Cacciola -
Mathias Gaunard -
Phil Endecott -
Roland Bock -
Sid Sacek