Warning: computer nerdy post. I keep thinking I should start a technical blog so that I don't have to subject you people to computer science rants that not only do you not care about, but that don't even make any sense. Sigh. Meantime...
It blows me away that the discussion of monolithic versus microkernels is still going on. I learned about these heated arguments in college, and in today's world, microkernel is the hands-down winner.
Look. It boils down to isolation. Isolation is a good thing. No piece of software is written correctly. It _will_ do something stupid, so you want to isolate it as much as possible. To put it perhaps more accurately, you should be relying on something stronger than the cleverness and carefulness of the programmer to prevent different pieces of code from stepping on each other, because if modern software history has taught us anything, it's that even the most veteran programmers will screw this up.
Now, I don't care how you achieve that isolation. Address spaces are the standard way to achieve this. But they aren't the only way. Software checking and verifiers that will look at a piece of code and say, "Yes, ok, I _promise_ this code won't do anything unreasonably stupid. It will play nice with its friends." Personally, I think this is the way to go. There's no reason you can't have something that acts like a microkernel but lives all in the same address space, thereby avoiding the performance penalties.
Regardless, if Linus is really arguing that shared data structures are important, he's an idiot. Okay, okay, not an idiot...just mired in outdated ways of thinking about software. I think, as Tanenbaum suggests, Linus is still thinking about performance as the ultimate goal of software when reliability is most often far more important in today's world. But anyway, regarding shared data structures, it should be a fundamental design principle to avoid doing that wherever possible, because that's exactly the means by which one errant player can take down a whole system.
As an aside, to make sure I cover the major computer science religious wars all in one post, this is why I believe message-passing is superior to shared memory models. Yes, they are functionally equivalent since you can model one with the other, but message-passing encourages a more isolated design.
So there. Hmmph.
Subscribe to:
Post Comments (Atom)
2 comments:
so what's windows?
As Tanenbaum said, Windows NT tried to be a microkernel and failed. For all practical purposes, it's a monolithic kernel, as far as I'm concerned. I think a few things here and there are put in separate processes, but way, way too much shit gets put together in the same address space.
They're trying to back-hack isolation boundaries by trying to get driver writers to run their drivers through verification tools, but it's still pretty weak enforcement, and if you haven't noticed, many vendors still don't bother to get their drivers certified because it's a pain in the ass to do so and involves Microsoft participating in the process.
Post a Comment