Miranda is no supposed to crash, ever. With a system whose downtime per year is measured in minutes, the entirety of the system needs to be looked at. For this reason, all subsystems run in there own thread. That way, if one thread crashes the rest can keep going.
Steps have to be taken to make sure that a stray unchecked exception doesn't take down the system, but it does make things more stable.
This represents a problem from a language standpoint, since languages like Java are not good at communicating between threads. Things like synchronized methods make this easier, but still not ideal.
This is why Miranda uses BlocingQueues and Messages when subsystems need to communicate. Using this model, a subsystem simply takes the next Message from its queue and processes it. If no Messages are available, then it waits. Subsystems process each message before going onto the next, so there are no interrupts.
All this makes Miranda reliable, but cumbersome. The difficulty in developing for Miranda is eclipsed by the need for reliability.
No comments:
Post a Comment