On Armstrong Thesis Ch 2

Joe Armstrong advocates an architecture of inter-process communication solely via messages with no data sharing as the way to construct fault isolating systems. He claims this architecture also facilitates parallelism, however parallelism is not here the main goal. Obviously there is a potential efficiency associated with such an architecture, since components share nothing so a number of independent concurrent processes can be implemented on a multi-processor or run on a distributed network of processors. However parallelism is not a feasible approach when the application cannot easily be partitioned into a number of truly independent tasks. Employing parallelism enforces a new set of design constraints on the application, besides constraints for fault tolerance (e.g. no strong data dependencies between tasks).

Concurrent processes with no data sharing providing a strong measure of fault isolation, is the main design decision of the architecture. In this respect, the message passing abstraction hides underlying state changes that may be used in the implementation of sending messages. This is to limit the consequences of a software error. An important example of an architecture using a similar idea for enforcing fault isolation is the Microkernel architecture. The main goal of the microkernels is to make operating systems more reliable and more secure. With this in mind microkernels break the typical monolithic kernel architecture into a combination of minimal kernel running the privileged code and several servers running the not trusted code. The communication between the kernel and the server components is done through message passing.

A characteristic feature of microkernels is minimalism. Minimalism requires that OS’s trusted computing base (TCB) should be kept minimal. As the kernel (the code that executes in the privileged mode of the hardware) is always part of the TCB, minimizing it is natural in a security-driven and fault tolerant design. I mostly embraced Armstrong philosophy of designing a fault tolerant system. I guess it is a good approach of dealing with the problem of fault isolation while keeping a reasonable behavior. Looking at the microkernel approach I feel that the principle of minimalism should be also taken into account when designing the hierarchy of tasks. I agree that the most complex tasks should be organized on the first level that should be dealt with first. But how about the granularity of each level and applying the principle of minimalism of Microkernels in between layers? Employing such a design philosophy would mean breaking otherwise complex tasks from upper levels into a set of subtasks that can be downgraded to inferior levels in the task hierarchy. Consequently, the task hierarchy tree will tend to grow deeper. The task decomposition should of course keep the same invariants and behavior of the application. Designing a tool to visualize the task hierarchy would offer a very good illustration of this principle. Applications with deep hierarchical task trees will likely be more reliable than the rest.

Erlang makes no assumptions about reliable message passing. The programmer must write his or her application so that it works in the presence of unreliable message passing. I guess Armostron’s point is that since there is no guarantee for a mechanism not to fail, he advocates moving the responsibility of dealing with the reliability of passing messages between components, from the language or framework, into the components themselves and make it part of the philosophy of designing reliable components with respect to any type of interaction with the environment.