Null references (oh no, not again!)
Sean Kelly
sean at invisibleduck.org
Wed Mar 4 09:52:00 PST 2009
Denis Koroskin wrote:
> On Wed, 04 Mar 2009 13:55:57 +0300, Walter Bright
> <newshound1 at digitalmars.com> wrote:
>>
>> If software is in your flight critical systems, the way one proceeds
>> is to *assume skynet takes it over* and will attempt to do everything
>> possible to crash the airplane.
>
> Assume you got a null-derefence under Linux. How are you going to
> recover from it? You can't catch the NullPointerException, so your
> program will fail and bring down the whole system *anyway*.
Every process is monitored and backed-up by one or more other processes,
thus the system is resilient through preemptive failover to back-up
systems. It's also common for monitor processes to run every operation
in parallel through more than one equivalent sub-process and compare
results. If a discrepancy occurs, either a failover is triggered or the
"correct" result is determined by consensus. In every case though,
attempting in-process error recovery in mission-critical code is a bad idea.
More information about the Digitalmars-d
mailing list