I've just laid hands on "Hermes, A Language for Distributed Computing"
in the hopes of getting a little insight into how Hermes wanted to
accomodate reliable systems based on dependably enforced interfaces
between modules, even when the modules may have little or no mutual
The language appears to have focused on API's and techniques to decouple
blocking. But it says almost nothing on how two distinct processes on a
single system will be protected from each other in the face of faulty or
even malicious resource consumption. There's the Depletion exception,
but if one part of the system's going to get that because of some other
part is running wild, it seems like you've basically accepted global
loss of functionality due to local malfunctions.
Were there thoughts on this beyond what I can find in the book?