Re: [Firebird-devel] Running with low memory

[Alex P. <pe...@in...>]

Hello!
Jim Starkey wrote:

> There are numerous places in the code that go to great lengths to 
> continue operation after memory is exhausted.  The server, for 
> example, goes into a timeout and retry loop when a memory allocation 
> fails.
>
> Does this really make sense, particularly when allocating a small 
> block?  When memory is truly exhausted almost everything stops working 
> -- system services, library functions, other Firebird code, and 
> critically important, error reporting.  What are the chances that 
> essentially untested recovery code could ever recover from a bona fide 
> memory exhaustion?  Wouldn't it make more sense to try for an 
> immediate, reasonably clean server shutdown than to risk something 
> else failing catastrophically?
>
> It certainly is possible write code that is tolerant of low memory 
> conditions, but it requires careful analysis of all possible 
> allocation failures including library and system services and special 
> testing to simulate and test all conceived failure modes.   
> Realistically, I think this is way beyond what can reasonably be 
> expected of a large, complex database system, particularly one that 
> suffered significant mid-life abuse.
>
> I'd like hear some discussion as to what the internal policy should be 
> -- attempt recovery or graceful shutdown.  (This is really a server 
> issue -- the engine itself must return an error, but it can certainly 
> latch into an error state to block further processing).
>
> Thought and comments?
>
May be this is a little offtopic, but...
I'm not sure about Vulcan,  but Firebird in it's current state may 
easily lead system to low memory condition itself. One sample.
Because since ib6.0 we have no limit on number of simultaneous 
connections to server, any user may create as many connections with his 
login, as he wants. And if in each connection he starts a big 
transaction, and doesn't commit it properly (as variant - his bad 
program puts his windows on knees), therefore all connections and 
transactions remain active and don't free memory.
Practice showed, that server memory use grows up to 1Gb of RAM during a 
few hours.
Instead of learning engine to work in low memory conditions is not it 
better to learn him don't create such conditions itself?

Alex.