:
:On Tue, 13 Jul 1999 14:14:52 -0700 (PDT) 
: Matthew Dillon <dillon@apollo.backplane.com> wrote:
:
: >     If you don't have the disk necessary for a standard overcommit model to
: >     work, you definitely do not have the disk necessary for a non-overcommit 
: >     model to work.
:
:You obviously didn't pay attention to Chris's posting, nor apparently did
:you see th "embedded" in my posting.
:
:Who said anything about even having disks to swap to?  I just want the
:kernel to tell me when there aren't any more backing store resources
:(including *PHYSICAL PAGES*) for the memory allocation I just requested
:from userspace.  That way, my correctly written program can take appropriate
:action (like, say, invoke its type-stable memory pool garbage collector, and
:try again).
:
:Right now, BSD doesn't do this, and that makes creating a truly reliable
:system *very hard*.
:
:        -- Jason R. Thorpe <thorpej@nas.nasa.gov>

    Sure it does.  You are running an embedded system?  It has no swap?
    Fine...  you have ultimate design control over every process running on
    the system. Simply set appropriate resource limits for the processes 
    run by the system and you are done.  

    All the embedded systems I've ever done - and I've done quite a few,
    panic and reboot if they run out of memory.  The programs are written
    with a designed-in safety margin.  If the system runs out of memory,
    it is a catastrophic error and not something the programs try to 
    clean up from.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>