LCA: Andrew Tanenbaum on creating reliable systems
Posted Jan 25, 2007 17:32 UTC (Thu) by pm101
Parent article: LCA: Andrew Tanenbaum on creating reliable systems
One downside of microkernel-style architectures is that they don't just impact performance -- they also impact complexity and code size. The system Andy describes does away with shared memory, so communication gets more difficult. It is highly threaded, and so the developer needs to worry about deadlocks. You also need to be tolerant of processes going away to have any benefit -- if the file system crashes while my word processor is saving, it needs to catch the fault and try saving again. This potentially dramatically increases code size and complexity, which leads to more bugs, and potentially a less stable overall system. Sticking compartments in a ship makes great sense, since it adds robustness without adding much design complexity. Sticking them in software is sometimes a good idea, but just as often, it sounds convincing, but actually leads to more bloated and less stable software.
to post comments)