[erlang-questions] A nice code upgrade trick from Andy Tanenbaum

Jesper Louis Andersen jesper.louis.andersen@REDACTED
Fri Jun 19 14:29:19 CEST 2015

Hi list,

I was watching this nice youtube talk where Andrew Tanenbaum talks about
work his students have done to port MINIX 3 to NetBSD[0]. Observations:

* "MINIX 3" is basically "Erlang/OTP"
* Restarts of processes through a "reincarnation server" (read: supervisor).
* Isolated memory spaces of drivers through MMU
* Capability oriented: Only the disk driver is allowed to manipulate disk
driver registers. The audio driver may only do stuff with sound. It may not
talk to the network.
* Hot code upgrades of drivers.

Now the last part has a trick which I had not seen before. Suppose we have
a function code_change/2 (not /3 for simplicity) allowing us to up and
downgrade between versions. Then they do:

upgrade(OldVsn, NextVsn, State) ->
    NextState = code_change(NextVsn, State),
    case code_change({down, OldVsn}, NextState) of
        State -> {ok, NextState};
        _ -> {error, abort_code_upgrade}

That is, they upgrade the state and immediately downgrade it again. If
there is any discrepancy here, then they abort the upgrade. According to
Tanenbaum this captures a remarkable number of botched upgrades.

If we are not doing this, we may want to transplant the idea into OTP.

[0] https://www.youtube.com/watch?v=0pebP891V0c

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20150619/ea857bf7/attachment.htm>

More information about the erlang-questions mailing list