"Daniel C. Sobral" wrote:

> > It would be nice to have a way to indicate that, a la SIGDANGER.
> 
> Ok, everybody is avoiding this, so I'll comment. Yes, this would be
> interesting, and a good implementation will very probably be
> committed. *BUT*, this is not as useful as it seems. Since the
> correct solution is buy more memory/increase swap (correct solution
> for our target markets, anyway), there is little incentive to
> implement it.
> 
> So, I think people who can answer the above is thinking like "Well,
> it is useful, but it's not useful enough for me to spend my time on
> it, and I'm sure as hell don't want to write mini-papers on why it's
> not that useful".
> 

For those who wish to develop code for safety related systems that is
not good enough. They have to prove that all code can handle the
degradation
of resources gracefully. Such code relies on guaranteed memory
allocations
or in the very least warnings of memory shortage and prioritized
allocations.
So the least important sub-systems die first.

--Sean