[C ++] how should we deal with Oom?

As a C/C ++ Program Staff, how should we deal with Oom, especially as a Linux Server developer?

Many people like logical 'perfection' solutions,The following two are common examples::

1. When new fails, an exception is thrown, and catch and reject are performed on the outside.
2. The program determines the return value of malloc/New. If it is null, the request is rejected.

Both seemingly perfect solutions have huge defects.

1. If a new error is thrown, C ++ cannot release resources correctly. Unless the C ++ programmer carefully designs each class and carries out a catch every time, this is actually impossible; and it often leads to various complexity and instability.
2. The program determines the return value of malloc/new. This is relatively reliable, but it will actually complicate the program and cannot control what will be done after malloc/New fails in the class library. In addition, it cannot solve the problems caused by oom_killer of the operating system.
3,Lazy allocation and memory overcommit cannot be processed. This is the most fatal.

What is the correct solution?

1. Plan the memory in advance, as in memcached and squid, to specify the maximum memory usage. If you want to reject a request, you must reject it before malloc and never encounter oom. Oom not only brings trouble to you, but also causes trouble to the operating system and other processes through oom_killer.
2. Trust oom_killer. If the memory is insufficient, the system will free up your memory. (When the memory is insufficient, malloc/new will be blocked. Wait for oom_killer to finish the work. Therefore, if malloc/New fails, it means no kill process can be found even with oom_killer.)
3. Do not trust oom_killer. Yes, this is in conflict with the above. Oom_killer has a very high priority, which often causes swap and unexpected side effects. You 'd better never meet it.
4. in Linux, you need to trust glibc's malloc. Many articles on the Internet that describe malloc fragments and other fragments are all fried with cold meals. If you do not understand the principles and the latest progress, you trust malloc. If the memory allocation is large, a mem pool is created.
5. perform monitoring and automatic restart. Monitoring and automatic restart are required because of accidents such as oom_killer. In addition, the objective existence of coredump also requires monitoring and automatic restart.