Microkernels & Reliability vs Performance

Discussion in 'NZ Computing' started by Lawrence D'Oliveiro, Mar 22, 2010.

  1. Andy “Minix†Tanenbaum is still pushing the microkernel idea
    <http://www.linuxpromagazine.com/Online/News/FOSDEM-2010-Andrew-Tanenbaum-Sets-Reliability-Before-Performance>.

    Frankly, I don’t buy the reliability argument. His idea of “reliability†is
    that the microkernel still keeps running, even though a device driver
    crashes. But if a disk driver crashes, what happens to your filesystem? And
    if a display driver crashes, what happens to all your interactive processes?
    As far as the user is concerned, the result might as well be a system crash.

    Also there are other ways of increasing system reliability, through things
    like clustering. Who cares if one node crashes? The others simply take up
    the slack until it comes up again. Introducing the overheads of a
    microkernel just to improve single-node reliability seems, in this day and
    age, to be a complete waste of time.
     
    Lawrence D'Oliveiro, Mar 22, 2010
    #1
    1. Advertising

  2. Lawrence D'Oliveiro

    Sweetpea Guest

    On Mon, 22 Mar 2010 17:02:58 +1300, Lawrence D'Oliveiro wrote:

    > Frankly, I don’t buy the reliability argument.


    I *DO* buy the reliability argument - the kernel should not crash, and neither should the device drivers!

    But, I see little value in using a micro-kernel.


    --
    "Filtering the Internet is like trying to boil the ocean"
     
    Sweetpea, Mar 22, 2010
    #2
    1. Advertising

  3. In message <ho6q5j$kbj$>, Lawrence D'Oliveiro wrote:

    > Andy “Minix†Tanenbaum is still pushing the microkernel idea
    > <http://www.linuxpromagazine.com/Online/News/FOSDEM-2010-Andrew-Tanenbaum-Sets-Reliability-Before-Performance>.


    “That imposterbull character is giving my ass a real whipping when
    I pick on Dimdows. Maybe I had better pick on another operating
    system like Minix which imposterbull doesn't care about.â€

    > Frankly, I don’t buy the reliability argument. His idea of “reliability†is
    > that the microkernel still keeps running, even though a device driver
    > crashes. But if a disk driver crashes, what happens to your filesystem? And
    > if a display driver crashes, what happens to all your interactive processes?
    > As far as the user is concerned, the result might as well be a system crash.


    “If a DVD driver dies while you are watching a DVD movie, you could
    still save any work you had open at the same time. I am worried
    that if people get to hear about this, they might switch to Minix
    instead of Linux and I won't be able to dream about getting big
    fat Linux Consultant fees. I had better act as if every single
    driver is one whose crash is equivalent to a system crash. Maybe
    I can fool enough people to keep my dream alive.â€

    > Also there are other ways of increasing system reliability, through things
    > like clustering. Who cares if one node crashes? The others simply take up
    > the slack until it comes up again.


    “Of course clustering is for servers and not your average desktop.
    There is a risk that I could appear to be completely out of touch
    with the desktop. But I can feel safe that imposterbull will not
    expose me. Imposterbull will stop reading as soon as he sees I am
    picking on Minix and not Dimdows.â€

    > Introducing the overheads of a
    > microkernel just to improve single-node reliability seems, in this day and
    > age, to be a complete waste of time.


    “If there ever was an overhead argument, it could also be applied
    to using Java like OOo does. OOo is FOSS software which I promote.
    In this day and age CPUs are more powerful than ever, so the
    argument about overheads has less weight than it ever did. Maybe
    I should have kept my mouth shut and my keyboard stowed away.â€
     
    Lawrence D'Oublespeak, Mar 22, 2010
    #3
  4. Lawrence D'Oliveiro

    peterwn Guest

    On Mar 23, 12:28 am, Lawrence D'Oublespeak <l...@crok-
    central.gen.new_zealand> wrote:
    <snip>

    Hi 'Impossible'
     
    peterwn, Mar 23, 2010
    #4
  5. On 22 Mar, 17:02, Lawrence D'Oliveiro <l...@geek-
    central.gen.new_zealand> wrote:
    > Andy “Minix” Tanenbaum is still pushing the microkernel idea
    > <http://www.linuxpromagazine.com/Online/News/FOSDEM-2010-Andrew-Tanenb...>.
    >
    > Frankly, I don’t buy the reliability argument. His idea of “reliability” is
    > that the microkernel still keeps running, even though a device driver
    > crashes. But if a disk driver crashes, what happens to your filesystem? And
    > if a display driver crashes, what happens to all your interactive processes?
    > As far as the user is concerned, the result might as well be a system crash.


    Depends on how its implemented. Its certainly annoying when my
    graphics
    driver crashes under Windows NT 6 but nothing serious happens - screen
    goes
    blank for a few seconds and a balloon appears over the system tray
    saying my
    graphics driver was restarted because it did something stupid.

    With a bit of careful design and effort I'd say it would be possible
    to recover from
    a disk driver crash. You might loose what ever was in cache in the
    process but
    nothing would fall over and die. Driver crashes, reincarnation server
    restarts it,
    things keep running with perhaps a write failure or two. Total loss
    would be
    like pulling out your USB drive before asking the OS to unmount it.

    Also, AST is right - I'd quite happily take a small performance hit to
    improve stability.
    Waiting for my machine to come back up after some badly written driver
    crashed
    does not help with productivity.

    > Also there are other ways of increasing system reliability, through things
    > like clustering. Who cares if one node crashes? The others simply take up
    > the slack until it comes up again. Introducing the overheads of a
    > microkernel just to improve single-node reliability seems, in this day and
    > age, to be a complete waste of time.


    Not everything is a server. Can't really cluster desktop workstations.
     
    David Goodwin, Mar 24, 2010
    #5
  6. On 23 Mar, 00:28, Lawrence D'Oublespeak <l...@crok-
    central.gen.new_zealand> wrote:
    > In message <ho6q5j$>, Lawrence D'Oliveiro wrote:
    >
    > > Andy “Minix” Tanenbaum is still pushing the microkernel idea
    > > <http://www.linuxpromagazine.com/Online/News/FOSDEM-2010-Andrew-Tanenb....>.

    >
    >   “That imposterbull character is giving my ass a real whipping when
    >    I pick on Dimdows. Maybe I had better pick on another operating
    >    system like Minix which imposterbull doesn't care about.”
    >
    > > Frankly, I don’t buy the reliability argument. His idea of “reliability” is
    > > that the microkernel still keeps running, even though a device driver
    > > crashes. But if a disk driver crashes, what happens to your filesystem? And
    > > if a display driver crashes, what happens to all your interactive processes?
    > > As far as the user is concerned, the result might as well be a system crash.

    >
    >   “If a DVD driver dies while you are watching a DVD movie, you could
    >    still save any work you had open at the same time. I am worried
    >    that if people get to hear about this, they might switch to Minix
    >    instead of Linux and I won't be able to dream about getting big
    >    fat Linux Consultant fees. I had better act as if every single
    >    driver is one whose crash is equivalent to a system crash. Maybe
    >    I can fool enough people to keep my dream alive.”


    I doubt anyone would switch to minix impossible. Its not very fast and
    lacks
    features such as a proper memory manager. The OS has been written to
    be easy
    to understand (its used as a teaching tool - a lot of the code is in
    the appendix of
    ASTs book Operating Systems: Design and Implementation) which puts a
    bit of
    a limit on what can be put in it.

    Haiku is more of a threat really. AFAIK it uses a Hybrid kernel like
    Windows NT,
    MacOS X, etc.
     
    David Goodwin, Mar 24, 2010
    #6
  7. In message <6cb16815-d424-4e5e-
    >, David Goodwin wrote:

    > Also, AST is right - I'd quite happily take a small performance hit to
    > improve stability.


    In that case, why don’t you? He’s offering his Minix kernel, that does
    exactly that, so why don’t you use it?
     
    Lawrence D'Oliveiro, Mar 24, 2010
    #7
  8. On 24 Mar, 13:43, Lawrence D'Oliveiro <l...@geek-
    central.gen.new_zealand> wrote:
    > In message <6cb16815-d424-4e5e-
    >
    > >, David Goodwin wrote:
    > > Also, AST is right - I'd quite happily take a small performance hit to
    > > improve stability.

    >
    > In that case, why don’t you? He’s offering his Minix kernel, that does
    > exactly that, so why don’t you use it?


    Minix isn't as mature as far as desktop operating systems go. Last
    time I tried Minix 3 it didn't even have a proper memory manager. IO
    performance was fairly bad too so I needs some more optimisation.

    I'm keeping a fairly close eye on Haikus progress though. I may well
    switch my desktop linux systems over to it once driver and application
    support improves. I believe it has a hybrid kernel design similar to
    that which NT used to use.
     
    David Goodwin, Mar 24, 2010
    #8
  9. In message <99dfca57-
    >, David Goodwin
    wrote:

    > On 24 Mar, 13:43, Lawrence D'Oliveiro <_zealand>
    > wrote:
    >
    >> In message
    >> <>,
    >> David Goodwin wrote:
    >>
    >>> Also, AST is right - I'd quite happily take a small performance hit to
    >>> improve stability.

    >>
    >> In that case, why don’t you? He’s offering his Minix kernel, that does
    >> exactly that, so why don’t you use it?

    >
    > Minix isn't as mature as far as desktop operating systems go.


    Funny, isn’t it, for a system which has been in development longer than
    Linux?

    Or what about GNU Hurd? Thought about using that?

    Probably the one with the most widespread production use would be Mach,
    which is the basis of Apple’s OS X, I believe. A system which has had a long
    history of multitasking performance issues.
     
    Lawrence D'Oliveiro, Mar 24, 2010
    #9
  10. Lawrence D'Oliveiro

    Sweetpea Guest

    On Tue, 23 Mar 2010 17:21:23 -0700, David Goodwin wrote:

    > With a bit of careful design and effort I'd say it would be possible to
    > recover from a disk driver crash.


    How on earth would a buggy disc driver ever get installed on a production system unless the
    Administrator was so utterly incompetent???

    If that's what they did then they deserve all whats coming to them!


    --
    "Filtering the Internet is like trying to boil the ocean"
     
    Sweetpea, Mar 24, 2010
    #10
  11. On 24 Mar, 17:36, Lawrence D'Oliveiro <l...@geek-
    central.gen.new_zealand> wrote:
    > In message <99dfca57-
    > >, David Goodwin
    > wrote:
    >
    > > On 24 Mar, 13:43, Lawrence D'Oliveiro <_zealand>
    > > wrote:

    >
    > >> In message
    > >> <>,
    > >> David Goodwin wrote:

    >
    > >>> Also, AST is right - I'd quite happily take a small performance hit to
    > >>> improve stability.

    >
    > >> In that case, why don’t you? He’s offering his Minix kernel, that does
    > >> exactly that, so why don’t you use it?

    >
    > > Minix isn't as mature as far as desktop operating systems go.

    >
    > Funny, isn’t it, for a system which has been in development longer than
    > Linux?


    Yes - but with a different goal. Minix was targeted as a teaching
    tool. This means the code needs to be easy to read, understand and
    modify. A lot of the source code is actually printed in the real
    physical book. Just go pick up your copy of OSDI and see. Its used as
    example code.

    This somewhat limits the features it can acquire. A lot of
    optimisation may improve performance but it would probably not improve
    the readability of the code. Likewise with other random features.
    This, I believe, was one of the reasons why Linux was developed.

    > Or what about GNU Hurd? Thought about using that?


    Yes, I have. I just wish the project would hurry up and make a stable
    release. They've been at it for some twenty years already - thats even
    longer than DNF! As it is I doubt its hardware support is a lot better
    than that provided by Minix either.

    > Probably the one with the most widespread production use would be Mach,
    > which is the basis of Apple’s OS X, I believe. A system which has had a long
    > history of multitasking performance issues.


    I am not terribly familiar with the architecture of NeXTSTEP or MacOS
    X. I believe they essentially run the FreeBSD kernel (or parts of it
    at least) as a server under Mach for UNIX compatibility. That probably
    doesn't improve its performance. I don't think MacOS X really takes
    much advantage of Mach. Feel free to correct me if I'm wrong though -
    its been a while since I read up on it.

    OSF/1 (Digital UNIX / (Compaq/HP) Tru64) was the other major UNIX that
    used Mach. It ran on Alpha workstations and servers - expensive
    systems designed for performance. I imagine the developers would have
    been careful to ensure their OS didn't make the system perform badly.
    Certainly the brief times I've run 4.0F and 5.1B it _seemed_ fast
    enough.
     
    David Goodwin, Mar 24, 2010
    #11
  12. On 25 Mar, 00:14, Sweetpea <> wrote:
    > On Tue, 23 Mar 2010 17:21:23 -0700, David Goodwin wrote:
    > > With a bit of careful design and effort I'd say it would be possible to
    > > recover from a disk driver crash.

    >
    > How on earth would a buggy disc driver ever get installed on a production system unless the
    > Administrator was so utterly incompetent???
    >
    > If that's what they did then they deserve all whats coming to them!
    >
    > --
    > "Filtering the Internet is like trying to boil the ocean"


    We aren't only talking about servers here. A lot of desktop users
    would probably never know to search for driver updates if they kept
    getting BSODs. Those who do would probably never check that the
    updated driver isn't worse. Luckily under NT6 much of the video driver
    code has been moved into user mode - until I updated my driver a week
    or two ago I was having the driver restart every few minutes while
    decoding H.264. If Windows NT had a purely monolithic kernel (or I was
    running NT 5) each one of those resets would have been a BSOD.

    Moving that code out of kernel mode will have reduced performance
    slightly - but it also made the computer usable when buggy drivers are
    present.
     
    David Goodwin, Mar 24, 2010
    #12
  13. In message <48461d98-d61c-4c11-baeb-
    >, David Goodwin wrote:

    > Minix was targeted as a teaching tool. This means the code needs to be
    > easy to read, understand and modify.
    >
    > This somewhat limits the features it can acquire. A lot of
    > optimisation may improve performance but it would probably not improve
    > the readability of the code. Likewise with other random features.
    > This, I believe, was one of the reasons why Linux was developed.


    I would argue that Linux code is as easy to read, understand and modify as
    any real-world code, and the proof is in the sheer number of contributors to
    that code. That would also make it a more realistic teaching tool.

    > I don't think MacOS X really takes much advantage of Mach.


    It maps Cocoa threads directly to Mach threads, as this Technote makes clear
    <http://developer.apple.com/legacy/mac/library/technotes/tn/tn2028.html>. It
    also makes the surprising admission:

    Apple recognizes that using a Mach thread per Thread Manager thread is
    expensive and is looking at ways to reduce this cost in the future.
    However, this change is not in Mac OS X 10.0.x and will not be in Mac OS
    X 10.1.

    And that has never been updated. The dependence on expensive Mach threads
    has never been fixed.

    And the iPhone, too, which runs some version of the OS X kernel, has had
    well-known problems with multitasking.
     
    Lawrence D'Oliveiro, Mar 25, 2010
    #13
  14. Lawrence D'Oliveiro

    Sweetpea Guest

    On Wed, 24 Mar 2010 16:57:56 -0700, David Goodwin wrote:

    > On 25 Mar, 00:14, Sweetpea <> wrote:
    >> On Tue, 23 Mar 2010 17:21:23 -0700, David Goodwin wrote:
    >> > With a bit of careful design and effort I'd say it would be possible
    >> > to recover from a disk driver crash.

    >>
    >> How on earth would a buggy disc driver ever get installed on a
    >> production system unless the Administrator was so utterly
    >> incompetent???
    >>
    >> If that's what they did then they deserve all whats coming to them!
    >>
    >> --
    >> "Filtering the Internet is like trying to boil the ocean"

    >
    > We aren't only talking about servers here.


    Indeed we're not! We're talking about commercial releases of buggy software that is, frankly, sub-
    standard and should not be being inflicted on Windows Users.

    A buggy disc driver is a very basic flaw in a Disc Operating System and no vendor with integrity should
    be selling such software!


    > A lot of desktop users would
    > probably never know to search for driver updates if they kept getting
    > BSODs.


    They shouldn't have to! Device drivers are very fundamental components of a computer operating
    system and should always work 100% reliably.

    Would you expect people with video/DVD players to do firmware upgrades so that they can play more
    than 15 minutes of a DVD before their player turns itself off?


    > Those who do would probably never check that the updated driver
    > isn't worse. Luckily under NT6 much of the video driver code has been
    > moved into user mode - until I updated my driver a week or two ago I was
    > having the driver restart every few minutes while decoding H.264. If
    > Windows NT had a purely monolithic kernel (or I was running NT 5) each
    > one of those resets would have been a BSOD.


    The derisively laughable thing is that people accept software developers' refusal to take professional
    responsibility for their work!

    Wouldn't you expect a restaurant to take responsibility if they gave someone a defective product (buggy
    food) in the form of botulism?

    Why don't you hold software developers to the same professional standard?


    --
    "Filtering the Internet is like trying to boil the ocean"
     
    Sweetpea, Mar 25, 2010
    #14
  15. Lawrence D'Oliveiro

    AD. Guest

    On Mar 25, 10:01 pm, Sweetpea <> wrote:
    > Wouldn't you expect a restaurant to take responsibility if they gave someone a defective product (buggy
    > food) in the form of botulism?


    More idiocy.

    Just like all software has bugs in it, all food has bugs in it
    (especially by the time it gets to your mouth). And just like software
    users have a tolerance level for software bugs, so too does the human
    body have a tolerance level for bugs in food.

    Let me know when you've managed to write a mathematically proven
    totally bug free disk driver, or produced a dish without a single
    bacterium anywhere in it. I won't hold my breath.

    --
    Cheers
    Anton
     
    AD., Mar 25, 2010
    #15
  16. In message <0319c09b-0168-4f36-91aa-
    >, AD. wrote:

    > Let me know when you've managed to write a mathematically proven
    > totally bug free disk driver ...


    I think it was Donald Knuth who added a caveat like this to some piece of
    code he had written: “I have only proven it correct, I have not tested itâ€.
     
    Lawrence D'Oliveiro, Mar 25, 2010
    #16
  17. On 25 Mar, 22:01, Sweetpea <> wrote:
    > On Wed, 24 Mar 2010 16:57:56 -0700, David Goodwin wrote:
    > > On 25 Mar, 00:14, Sweetpea <> wrote:
    > >> On Tue, 23 Mar 2010 17:21:23 -0700, David Goodwin wrote:
    > >> > With a bit of careful design and effort I'd say it would be possible
    > >> > to recover from a disk driver crash.

    >
    > >> How on earth would a buggy disc driver ever get installed on a
    > >> production system unless the Administrator was so utterly
    > >> incompetent???

    >
    > >> If that's what they did then they deserve all whats coming to them!

    >
    > >> --
    > >> "Filtering the Internet is like trying to boil the ocean"

    >
    > > We aren't only talking about servers here.

    >
    > Indeed we're not! We're talking about commercial releases of buggy software that is, frankly, sub-
    > standard and should not be being inflicted on Windows Users.


    The driver isn't usually what people go shopping for - they buy the
    hardware. The driver is just something required to make the hadware
    work properly.

    > A buggy disc driver is a very basic flaw in a Disc Operating System and no vendor with integrity should
    > be selling such software!


    Most likely the vendor does not realise their driver has a bug.

    > > A lot of desktop users would
    > > probably never know to search for driver updates if they kept getting
    > > BSODs.

    >
    > They shouldn't have to! Device drivers are very fundamental components of a computer operating
    > system and should always work 100% reliably.


    Exactly. This is the argument for microkernels. Why should some third
    partys badly written driver be allowed to reduce the reliability of
    the operating system?

    > Would you expect people with video/DVD players to do firmware upgrades so that they can play more
    > than 15 minutes of a DVD before their player turns itself off?


    I suppose we will see. I believe bluray discs wont play on a
    "compromised" player model unless you let the disc install a firmware
    update.

    > > Those who do would probably never check that the updated driver
    > > isn't worse. Luckily under NT6 much of the video driver code has been
    > > moved into user mode - until I updated my driver a week or two ago I was
    > > having the driver restart every few minutes while decoding H.264. If
    > > Windows NT had a purely monolithic kernel (or I was running NT 5) each
    > > one of those resets would have been a BSOD.

    >
    > The derisively laughable thing is that people accept software developers' refusal to take professional
    > responsibility for their work!
    >
    > Wouldn't you expect a restaurant to take responsibility if they gave someone a defective product (buggy
    > food) in the form of botulism?
    >
    > Why don't you hold software developers to the same professional standard?


    I am not defending buggy drivers. But the simple fact is they exist.
    Why not try to minimise the problems they can cause?

    As for holding ATI responsible for their crap drivers - what could I
    do? return the card and buy a new one from NVidia? their drivers
    aren't any better.
     
    David Goodwin, Mar 25, 2010
    #17
  18. In message <0216ad3e-
    >, David Goodwin
    wrote:

    > Why should some third partys badly written driver be allowed to reduce the
    > reliability of the operating system?


    Why should the driver be written by a third party?
     
    Lawrence D'Oliveiro, Mar 26, 2010
    #18
  19. On 26 Mar, 14:14, Lawrence D'Oliveiro <l...@geek-
    central.gen.new_zealand> wrote:
    > In message <0216ad3e-
    > >, David Goodwin
    > wrote:
    >
    > > Why should some third partys badly written driver be allowed to reduce the
    > > reliability of the operating system?

    >
    > Why should the driver be written by a third party?


    In this context I mean third party to the operating system vendor.

    Sweetpeas comment implied that the drivers are a part of the operating
    system. While most operating systems come with a large array of
    drivers, it often seems to be the case that a driver that is causing
    problems is not one of them. I can't say I've had any problems with
    Microsoft-provided drivers. All the stability problems I can think of
    that I've experienced under linux can be traced back to nvidia.
     
    David Goodwin, Mar 26, 2010
    #19
  20. In message
    <>, David
    Goodwin wrote:

    > On 26 Mar, 14:14, Lawrence D'Oliveiro <_zealand>
    > wrote:
    >
    >> In message <0216ad3e-
    >> >, David Goodwin
    >> wrote:
    >>
    >>> Why should some third partys badly written driver be allowed to reduce
    >>> the reliability of the operating system?

    >>
    >> Why should the driver be written by a third party?

    >
    > In this context I mean third party to the operating system vendor.


    That’s what I meant too.

    > Sweetpeas comment implied that the drivers are a part of the operating
    > system.


    Let’s forget “impliedâ€, and make it explicit: that’s how it should be.

    > While most operating systems come with a large array of
    > drivers, it often seems to be the case that a driver that is causing
    > problems is not one of them.


    Precisely the point.
     
    Lawrence D'Oliveiro, Mar 26, 2010
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Anxious Man

    Reliability of Mozilla Backup

    Anxious Man, Jan 22, 2004, in forum: Firefox
    Replies:
    0
    Views:
    480
    Anxious Man
    Jan 22, 2004
  2. =?Utf-8?B?Q2FybG9z?=

    Performance and Reliability Updates released for Vista x64

    =?Utf-8?B?Q2FybG9z?=, Aug 8, 2007, in forum: Windows 64bit
    Replies:
    0
    Views:
    408
    =?Utf-8?B?Q2FybG9z?=
    Aug 8, 2007
  3. Mike

    Reliability and Performance Monitor

    Mike, Mar 30, 2008, in forum: Windows 64bit
    Replies:
    2
    Views:
    593
    Charlie Russel - MVP
    Apr 2, 2008
  4. Matt Schneyer

    value of performance index and reliability index

    Matt Schneyer, Nov 14, 2008, in forum: Windows 64bit
    Replies:
    10
    Views:
    978
    Matt Schneyer
    Nov 20, 2008
  5. Lawrence D'Oliveiro

    Tanenbaum still pushing microkernels

    Lawrence D'Oliveiro, Dec 7, 2008, in forum: NZ Computing
    Replies:
    2
    Views:
    391
    Lawrence D'Oliveiro
    Dec 12, 2008
Loading...

Share This Page