Robustness

Contents

• Overview
• Self-healing

Overview

All computer systems at some point or another end up in a corrupt state from which recovery is difficult or even impossible. In many cases, this is down to vendor mismanagement and poor implementation rather than hardware failure. As much as possible, an operating system should be designed to minimise the possibility of bad state. Although this is completely unavoidable, the severity of such situations should be mitigated as much as possible through principles of robustness.

Self-healing

Even disregarding hardware failure, there will always be some situation where internal records are wrong for some reason. Where possible, the system should be self-healing, i.e. able to perform a full reassessment of a subsystem and rebuild any caches. One of the reasons for avoiding Turing-complete software packages is being able to know at all times (by way of the retained package definition) what exactly the package comprises, along with exact knowledge of its dependencies. The entire database of installed software could be rebuilt.

An example of a self-healing system was the desktop database on classic Macs. When the Mac first saw a new application, it would automatically register all of its file types into the desktop database. If this database ever became damaged, the user could choose to rebuild it, which the Mac did by running a scan of all applications present. (This did have the unfortunate side effect of deleting all file comments until Apple finally rectified this mistake.)

The idea is to extent this functionality to the system as a whole.

See the packages page for more notes.