[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Linus replies. Re: Computer: Can We Make Operating Systems Reliable
|
From: |
Ludovic Courtès |
|
Subject: |
Re: Linus replies. Re: Computer: Can We Make Operating Systems Reliable and Secure? |
|
Date: |
Thu, 18 May 2006 12:16:33 +0200 |
|
User-agent: |
Gnus/5.110004 (No Gnus v0.4) Emacs/21.4 (gnu/linux) |
Hi,
Thomas Bushnell BSG <address@hidden> writes:
> Donnie Jones <address@hidden> quotes Linus Torvalds thus:
[...]
>> Microkernels are much harder to write and maintain
>> exactly because of this issue. You can do simple
>> things easily - and in particular, you can do things where
>> the information only passes in one direction quite easily,
>> but anythign else is much much harder, because there is
>> no "shared state" (by design). And in the absense of shared
>> state, you have a hell of a lot of problems trying to make
>> any decision that spans more than one entity in the
>> system.
>
> Dare I say it.
>
> Linus is right. Of course, saying that something is harder doesn't
> mean that it's a bad idea; it's harder to run a fair court system than
> a kangaroo court, but that doesn't mean we should abandon efforts
> toward the former.
IMO, multiserver systems emphasize *cooperation* among system services,
rather than state sharing.
Designing protocols that allow various components to efficiently
cooperate is indeed harder than entangling their functionalities into
one big component, relying on global, shared state. However, designing
such protocols makes it possible to clearly identify inter-components
relationships, promote separation of concerns, and yields improved
flexibility (e.g., the ability to replace components by other components
implementing the same interface).
Now, whether the components really run in separate address spaces (as in
the Hurd) or not is a separate issue: one can assemble components with
clearly defined interfaces that do not rely on global shared state in a
single address space.
As an example, the THINK project [0] defines a set of well-defined,
fine-grain, component interfaces. Components can only cooperate via
those interfaces, not via some hypothetical shared state (i.e., there is
no reliance on side-effects). Then (at least theoretically), one can
choose to use one address space per component (in which case
inter-component communication is implemented by IPC) or to bundle all
the components into a single address space (in which case
inter-component communication is implemented by simple function calls),
etc.
Thanks,
Ludovic.
[0] http://think.objectweb.org
- Re: OT: protection in SASOS, (continued)
- Re: Linus replies. Re: Computer: Can We Make Operating Systems Reliable and Secure?, Jonathan S. Shapiro, 2006/05/11
- Re: Linus replies. Re: Computer: Can We Make Operating Systems Reliable and Secure?// SAS, Niklas Klügel, 2006/05/11
- Re: Linus replies. Re: Computer: Can We Make Operating Systems Reliable and Secure?// SAS, Jonathan S. Shapiro, 2006/05/11
- Re: Linus replies. Re: Computer: Can We Make Operating Systems Reliable and Secure?// SAS, Niklas Klügel, 2006/05/11
- Re: Linus replies. Re: Computer: Can We Make Operating Systems Reliable and Secure?// SAS, Jonathan S. Shapiro, 2006/05/11
- Re: Linus replies. Re: Computer: Can We Make Operating Systems Reliable and Secure?// SAS, Bas Wijnen, 2006/05/11
- Re: Linus replies. Re: Computer: Can We Make Operating Systems Reliable and Secure?// SAS, Jonathan S. Shapiro, 2006/05/11
- Re: Linus replies. Re: Computer: Can We Make Operating Systems Reliable and Secure?,
Ludovic Courtès <=
Re: Linus replies. Re: Computer: Can We Make Operating Systems Reliable and Secure?, Marco Gerards, 2006/05/11