Hi,
Just following up on my point that manual deallocation of store
jeopardising the system integrity :-
Aaron Sloman wrote :-
>Though probably not in contexts like the above where it is obvious
>that nothing can use the links of temporary list, as the predicate
>is applied only to the elements of the list.
The word "probably" is used in a precise fashion that I suspect
most readers would miss. The context (which I have deleted for
brevity) was to briefly employ a list for syssort and then return
it to the garbage collector. When does this violate system
integrity? When the statement "nothing can use the links of
the temporary list" is false.
This happens in Poplog when a timer interrupt intervenes during
the execution of the routine AND a copy of the executing call chain
is taken (by any one of a variety of mechanisms) AND both the
copy and the original are allowed to run AND there is sufficient
delay between the two executions that the deallocated pairs are
reallocated by some other activity.
Is this "probable"? No. Have I seen this in practice? Yes.
This is the kind of issue that makes people with many years
of experience unenthusiastic about explicit store deallocation.
Steve
P.S. One comment on this scenario that I would accept is that process
copying in Poplog is flawed - and not the explicit store deallocation
technique that Aaron discussed. There is the "well-known" problem that
type-3 variables are not copied (unlike all other types) in addition
to the above. Process copying predates both explicit store
deallocation and type-3 variables and is in conflict with them.
I suspect the time to revisit and revise Poplog processes has
arrived.
|