This chapter covers building a fault tolerant system. First, supervisors are used to detect when a process crashes. The supervisor can by an AND type, where if one child crashes, all are restarted, or an OR type, where only the faulty child is retried. I can see the OR model being common, as sub tasks hopefully do not need to know about other sub tasks. AND is useful in the cases where the tasks are dependent on the success of the other tasks.
Armstrong then covers the differences between exceptions, errors and failures. Exceptions occur whenever the run-time does not know what the do. Programmers then decide if these are truly errors or not by catching them and handling if necessary. Actually, the decision is not to be made by the programmers, but by the designers according to Armstrong. The specification for a function should tell what to do in the error cases, otherwise the programmer should just error out. This gives functions well defined behavior, but at the cost of needing to have good specifications. Problems are then specification problems, and are easier to recognize and fix. I think this is quite beneficial as a result, at the cost of more time up front spent in design.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment