9th Workshop on Hot Topics in Operating Systems (HotOS IX) Abstract
George Candea and Armando Fox, Stanford University
Crash-only programs crash safely and recover quickly. There is only one way to stop such softwareby crashing itand only one way to bring it upby initiating recovery. Crash-only systems are built from crash-only components, and the use of transparent component-level retries hides intra-system component crashes from end users. In this paper we advocate a crash-only design for Internet systems, showing that it can lead to more reliable code, easier failure prevention, and faster, more effective recovery. We present ideas on how to build such crash-only Internet services, taking successful techniques to their logical extreme.
- View the full text of this paper in
The Proceedings are published as a collective work, © 2003 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.