[lmilcin]

I once worked on an application which if failed even once meant considerable loss for the company including possible closure.

By design, there was no memory management. The memory was only ever allocated at the start and never de-allocated. All algorithms were implemented around the concept of everything being a static buffer of infinite lifetime.

It was not possible to spring a memory leak.

[conro1108]

This sounds fascinating, could you elaborate any on why a single failure of this application would be so catastrophic?

[lmilcin]

I can't discuss this particular application.

But there are whole classes of applications that are also mission critical -- an example might be software driving your car or operating dangerous chemical processes.

For automotive industry there are MISRA standards which we used to guide our development process amongst other ideas from NASA and Boeing (yeah, I know... it was some time ago)

[voldacar]

How did this work exactly? the program just never had to work on data greater than a certain statically known size? or did it process anything larger than that in chunks instead of mallocing a buffer of the necessary size?

[lmilcin]

Not necessarily. What this means, is you need to have a limit for every data structure in the application and have a strategy on how to either prevent the limit to ever be hit or how to deal when the limit is excercised.

Imagine a simple example of a webapp and number of user sessions.

Instead of the app throwing random errors or slowing down drastically, you could have a hard limit on the number of active sessions.

Whenever the app tries to allocate (find a slot) for a user session but it can't (all objects are already used), it will just throw an error.

This ensures that the application will always work correctly once you log in -- you will not experience a slowdown because too many users logged in.

Now, you also need to figure out what to do with users that received an error when trying to log in. They might receive an error and be told to log in later, they might be put on hold by UI and logged in automatically later or they might be redirected by loadbalancer to another server (maybe even started on demand).

When you start doing this for every aspect of application you get into situation where your application never really gets out of its design parameters and it is one of the important aspect to get an ultra stable operation.