Armstrong Thesis (Chapter 5)

This chapter highlights fault-tolerant systems and how to achieve such success. It is difficult to be able to identify every possible circumstance the system will experience and how to handle the various circumstances.

The philosophy behind fault-tolerant systems is "if we cannot do what we want to do, then try to do something simpler." The thought involves creating a hierarchy of tasks being overseen by supervisors. If the highest level task cannot be performed by a worker process, then the supervisor process initiates a an error recovery procedure and will likely move down the ladder to a lower level task. The system will fail if you get to the ground with the simplest task of all.

The concept of AND and OR nodes reminds me of logic instituted on one of my past development programs. There was a parent or system executive process which monitored all other children processes. If the child process exited with a zero, then it was shutdown on purpose by a user. If the child process exited a value less than zero, the system executive had the ability to restart the child process if the configuration file deemed that action necessary. The concept came in handy when a process would get in a certain state and create a core file. The process is restarted with little interruption and developers could review the stack trace and core file for specific evidence.

I have not been exposed to the term "well-behaved function". Armstrong defines the WBF as a function which should not normally generate an exception. If an exception occurs which cannot be handled and corrected, the function should terminate with an exit statement. Notice the previous statement does not say the application should exit, just the function. Based on the four rules presented for WBFs, I must not fully understand how this approach is different than any other thoroughly thought out function in C++ or Java with try/catch blocks and throwing exceptions.