Hints and Principles for Computer System Design


February 9, 2015


Butler Lampson




I have many hints that are often helpful in designing computer systems, and I also know a few principles. There are several ways to organize them: .Goals (What you want)-simple, timely, efficient, adaptable, dependable, yummy. .Methods (How to get it)-approximate, increment, iterate, indirect, divide and conquer. .Phases (When to apply them)-requirements, architecture, process, techniques.

Of course the goals are in conflict, and engineering is the art of making tradeoffs, for instance among features, speed, cost, dependability, and time to market. Some simpler oppositions are: .For adaptable, between evolving and fixed, monolithic and extensible, scalable and bounded. .For dependable, between deterministic and non-deterministic, reliable and flaky, consistent and eventual. .For incremental, between indirect and inline, dynamic and static, experiment and plan, discover and prove.

It also helps to choose the right coordinate system, just as center of mass coordinates make many dynamics problems easier. You can view the system state as a name?value map, or as an initial state and a sequence of operations that transform the state. You can view a function as code or as a table or as a sequence of partial functions. Notation, vocabulary, and syntax are other kinds of coordinates.

In the complex process of designing systems, both principles and hints can only be justified by examples of what has worked and what has not.


Butler Lampson

Butler Lampson is a Technical Fellow at Microsoft Corporation and an adjunct professor of Computer Science and Electrical Engineering at MIT. He was on the faculty at Berkeley and then at the Computer Science Laboratory at Xerox PARC and at Digital’s Systems Research Center. He has worked on computer architecture, local area networks, raster printers, page description languages, operating systems, remote procedure call, programming languages and their semantics, programming in the large, fault-tolerant computing, transaction processing, computer security, WHSIWYG editors, and tablet computers. He was one of the designers of the SDS 940 time-sharing system, the Alto personal distributed computing system, the Xerox 9700 laser printer, two-phase commit protocols, the Autonet LAN, the SDSI/SPKI system for network security, the Microsoft Tablet PC software, the Microsoft Palladium high-assurance stack, and several programming languages.

He received an AB from Harvard University, a PhD in EECS from the University of California at Berkeley, and honorary ScDs from the Eidgenössische Technische Hochschule, Zurich and the University of Bologna. He holds a number of patents on networks, security, raster printing, and transaction processing. He is a member of the National Academy of Sciences and the National Academy of Engineering, and is a Fellow of the Association for Computing Machinery and the American Academy of Arts and Sciences. He received the ACM Software Systems Award in 1984 for his work on the Alto, the IEEE Computer Pioneer award in 1996, the National Computer Systems Security Award in 1998, the IEEE von Neumann Medal in 2001, the Turing Award in 1992, and the National Academy of Engineering’s Draper Prize in 2004.

At Microsoft, he has worked on anti-piracy, security, fault-tolerance, and user interfaces. He was one of the designers of Palladium, and spent two years as an architect in the Tablet PC group. Currently he is in Microsoft Research, working on security, privacy, and fault-tolerance, and kibitzing in systems, networking, and other areas.