> > Most of what makes a 'good' driver is common for all purposes - things you
> > mention like don't make the system hang, don't cause fatal exceptions. But
> > there are some things that would be different between a desktop, embedded
> > system, enterprise server, or carrier server. For instance, when there is a
> > tradeoff between reliability and performance; when reliability is king, it
> > might be wise to do an insane amount of parameter checking to offset the
> > merest chance of an undetected bug crashing a system.
> This is not a valid example.  We do not make tradeoffs between 
> performance and reliability.  Reliability _always_ comes first.  If it 
> did not, it's a bug.

No. We do run all drivers in *one* addressspace. That's bad for reliability.

