埃尔朗的让人失意的哲学 - 适用于其他地方? [英] Erlang's let-it-crash philosophy - applicable elsewhere?
问题描述
我想知道的是 - 这种方法只适用于像Erlang这样的平台? Erlang拥有一个虚拟机,具有对过程监控树的简单本机支持,并且重新启动过程真的是。我应该花费我的发展努力(当不在Erlang世界)重新创建监督树,而不是陷入自己的顶级异常处理程序,错误代码,空结果等等。
$ b $你认为这种改变方法在(或者说).NET或Java空间中会很好吗?
它适用于任何地方。无论您是否将软件编写为让其崩溃模式,即使硬件出现故障,也会崩溃。 让它崩溃适用于您需要承受现实的任何地方。 Quoth James Hamilton:
如果硬件故障需要立即采取行政行动,则服务根本无法以成本有效且可靠的方式进行规模化。如果没有人事管理互动,整个服务必须能够幸存下来。故障恢复必须是一个非常简单的路径,该路径必须经常进行测试。斯坦福大学的阿曼多·福克斯(Armando Fox)认为,测试故障路径的最佳方式是永远不会正常关闭服务。只是很难失败。这听起来是直观的,但是如果故障路径不经常使用,则在需要时它们将无法正常工作。
'不是说'不用守卫',但不要害怕崩溃!
Erlang's (or Joe Armstrong's?) advice NOT to use defensive programming and to let processes crash (rather than pollute your code with needless guards trying to keep track of the wreckage) makes so much sense to me now that I wonder why I wasted so much effort on error handling over the years!
What I wonder is - is this approach only applicable to platforms like Erlang? Erlang has a VM with simple native support for process supervision trees and restarting processes is really fast. Should I spend my development efforts (when not in the Erlang world) on recreating supervision trees rather than bogging myself down with top-level exception handlers, error codes, null results etc etc etc.
Do you think this change of approach would work well in (say) the .NET or Java space?
It's applicable everywhere. Whether or not you write your software in a "let it crash" pattern, it will crash anyway, e.g., when hardware fails. "Let it crash" applies anywhere where you need to withstand reality. Quoth James Hamilton:
If a hardware failure requires any immediate administrative action, the service simply won’t scale cost-effectively and reliably. The entire service must be capable of surviving failure without human administrative interaction. Failure recovery must be a very simple path and that path must be tested frequently. Armando Fox of Stanford has argued that the best way to test the failure path is never to shut the service down normally. Just hard-fail it. This sounds counter-intuitive, but if the failure paths aren’t frequently used, they won’t work when needed.
This doesn't precisely mean "never use guards," though. But don't be afraid to crash!
这篇关于埃尔朗的让人失意的哲学 - 适用于其他地方?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
