ten thousand small processes

D. J. Bernstein djb at cr.yp.to
Wed Jun 25 19:26:50 PDT 2003

I want separate processes for the memory protection. Each process is
chrooted under its own uid, so it can't write to disk except through
supplied file descriptors, and it can't hit other processes. (If I had a
portable way to cut off other communication channels, such as creating
new sockets, I'd do that too.)

I'm willing to sacrifice one page per process for the sake of memory
protection; I realize that it's hard to do better than that. But I'm not
willing to casually piss away large fractions of a gigabyte of RAM. Not
this decade, anyway.

The lack of memory protection is exactly why I can't use threads. It's
also why I'm not surprised to hear that processes are _slightly_ less
efficient than threads. But something is seriously wrong if processes
are _much_ less efficient than threads.

---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science, University of Illinois at Chicago

More information about the freebsd-performance mailing list