高级操作系统高级操作系统 (25).pdf

第 5 讲：The Interface of OS第四节：How to design a Linux kernel interfaceIntroduction.IntroductionMoral 1:diverse user usagestry to imagine the ways in which anarmy of inventive user-spaceprogrammers might(ab)use yourAPI3.5 MQ changes also broke user space in at least twoplacesIntroduced hard limit of 1024 on queues_max,Fixedby commit f3713fd9cSemantics of value exported in/dev/mqueue QSIZEfield changed.IntroductionMoral 2:unit testswithout unit tests you will screw upsomeones APIRegressions happen more often than youd expectLinux 2.6.12 silently changed meaning of fcntl()F_SETOWNNo longer possible to target signals at specific threadin multithreaded processInotify IN_ONESHOT flagBy design,IN_ONESHOT did not cause anIN_IGNORED event when watch is dropped afterone eventFrom 2.6.36,IN_ONESHOT does causeIN_IGNORED.IntroductionMoral 3:Specification,Andrew MortonProgramming is not just an act of telling a computerwhat to do:it is also an act of telling otherprogrammers what you wished the computer to do.Both are important,and the latter deserves care.recvmmsg()timeout argument needed a specification;something like:timeout is NULLtimeout points to 0,0timeout points to a structure which is nonzero.If,while blocking,the call is interrupted by a signalhandler.IntroductionMoral 4:feedback loopStrive to shorten worst-case feedback loop.Publicize API design as widely+early aspossible.Ideally,do all of the following before API release:Write a detailed specificationWrite example programs that fully demonstrate APIEmail relevant mailing lists and,especially,relevantpeople,CC linux-apivger.kernel.orgwrite an LWN.net article.IntroductionMoral 5:into real worldOnly way to discover design problems in anew nontrivial API is by writing complete,real-world application(s)Writing a“real”inotify applicationBack story:I thought I understood inotifyThen I tried to write a“real”application(500 linesof C with(lots of)comments)Written up on LWN(https:/ understood all the work that inotify still leavesyou to do.IntroductionMoral 6:technical checklistNew system calls should allow for extensibility.Undefined arguments and flags must be zero.Syscalls with timeouts should allow absolutetimeoutsAvoid extending multiplexor system calls,etc.