dchapiesky wrote:
as well as how are the updates versioned and delivered to the running kernel? And how do you take an inventory to *know* just what is currently running...
Well, versioning and delivering are necessary regardless of your update strategy. As for how you would know what's running, let me elaborate on what I meant above (while still disagreeing with this approach). First, you'd wait for the kernel to reach a
safe state (one that you can more easily reason about), perhaps by notifying it of an incoming update, at which point it might resolve all current requests and postpone any incoming ones. The safe state alone is not sufficient because the new version might expect some computation to have been performed before the kernel reached that point. To resolve this issue, a special
transfer function would translate the state that makes sense in the old version into one that makes sense in the new version. After that, the updated kernel could come out of its safe state and start accepting requests once again. For simplicity, you'd only have transfer functions from one kernel version to the next and perform
incremental updates in order to reach the latest version from any prior one. It's a bit more involved than that (not by much) but I was trying to keep the explanation short.
The biggest problem is that this requires maintainers to write up these transfer functions for every new version. That's a lot of work and there are opportunities for bugs. And if you've discovered a bug in the transfer function from version A to version B while preparing the transfer function from B to C then this latest update might need to treat a pure installation of version B differently than one that was updated from A, as that bug might mean it is in some weird state. It gets worse and worse the later you discover the bug.
On the other hand, simply restarting the kernel and telling it what the old kernel was doing is, in principle, as simple as a text editor loading a file saved by a prior version of that editor. What are you worried about, the less than half a second downtime it might take for serializing, reading the new version from disk, and deserializing? I'd say it's well worth the trade-off.