On 7/27/2013 12:40 AM, deadalnix wrote:
This kind of software can leverage way to recovers that would be untolerable in
an airplane (for instance because they only work most of the time, or would
produce an erratic behavior for a short period of time, like an audio glitch).
D right now is not very friendly to such use cases as it is designed to crash
hard as soon as something wrong happens.
I think you're seriously mistaken about this not being "friendly". I don't think
there's anything "friendly" about a program that goes wild and keeps on running.
My experience with such programs (DOS programs would not crash, they'd just run
wild) is universally unfriendly.
The way to deal tolerantly with errant processes is to have an "executive"
process that spawns the worker process. It monitors the worker, and if the
worker crashes, the executive simply respawns it. This is a reasonably friendly
way to do things. Continuing to run already crashed programs is a very bad idea.
After all, what if your corrupted program now proceeds to corrupt all your
user's profile data? I don't think the user would consider that friendly. What
if your media player scrambles the playlists? (Happened to me.) Oh joy, I loved
that one.
No thanks.
(I've been arguing for decades against the idea that somehow crashed programs
should keep on running. I keep hearing all kinds of explanations for why zombies
should keep on running, even though you have no idea what they will do (except
that it will be bad).)
