[coyotos-dev] Sleep for interval
Jonathan S. Shapiro
shap at eros-os.com
Fri Oct 5 12:03:01 EDT 2007
On Fri, 2007-10-05 at 11:56 -0400, Christopher Nelson wrote:
> I am a fan of not having timeouts. Many of the problems I am
> confronted with in my job involve programmers assuming that "this
> operation will *never* take longer than X time units." Then it
> invariably does in a situation they didn't anticipate, and the
> software fails in a really unexpected way.
>
> On the other hand, there are places where it seems impossible to get
> away from timeouts. As an example, trying to connect to an
> unresponsive host. You will never get a "fail" message. At some
> point you have to stop trying.
>
> With respect to IPC, I don't see a need for timeouts unless it is
> possible for a receiver to ignore a sender. If every receiver must
> response positively or negatively to a message, then you don't need
> timeouts. However, if a sender is trying to contact a receiver that
> is ignoring it, at some point it either has to give up - or at the
> very least inform the user somehow that things are taking
> longer than expected.
I think that is a pretty good summary. Here is another way to say the
same thing:
1. Timeouts should be used only at the boundaries of recovery domains
2. The majority of IPCs do not cross recovery domains
If [2] turns out to be incorrect, then the assertions about system
structure that underly the philosophy of microkernel-based system
designs are false, and microkernels as a concept should probably be
abandoned outside of specialty applications.
shap
--
Jonathan S. Shapiro, Ph.D.
Managing Director
The EROS Group, LLC
www.coyotos.org, www.eros-os.org
More information about the coyotos-dev
mailing list