[cap-talk] Object-capability vs. monolithic performance
Jed Donnelley
capability at webstart.com
Thu Jan 4 19:05:52 CST 2007
At 11:39 AM 1/4/2007, Jonathan S. Shapiro wrote:
>On Thu, 2007-01-04 at 19:23 +0000, David Hopwood wrote:
> > ...If everything but the GigE driver
> > (and presumably some parts of the TCP/IP stack) is modular and isolated,
> > how is that "losing most of the benefit of object-capability systems"?
> > It just means that you have to review the monolithic code *very* carefully,
> > to ensure that it is bug-free and equivalent to a modular and isolated
> > design. For a small amount of code, this is feasible.
>
>A modern, high performance GigE hardware interface driver is O(5,000)
>lines. A modern, high performance TCP/IP stack is a bit larger.
>
>Combine them and you are well past the size of anything that can be
>inspected with confidence.
Whether there are impenetrable barriers between the internal modules
or simply gentlemen's agreement subroutine interfaces, the modular
structure can remain and be just as inspectable/analyzable. If something
fails, it will be some module that fails - whether trusted or not. I expect
you'd fine (as we did in our file server case) that if a single module
fails substantively in your GigE hardware interface driver, then the whole
driver will fail. Which is more important to you, real performance or
theoretical isolation of modules? Note, I don't really care about the
answer. My axe is with the performance issues in the wrappable/
mappable object-capability interface, not in what I regard as generally
internal issues - though we did spend a lot of time discussing them ;-)
--Jed http://www.webstart.com/jed/
More information about the cap-talk
mailing list