Making alloca more safe
Tomas Lindquist Olsen
tomas.l.olsen at gmail.com
Mon Nov 16 12:59:11 PST 2009
On Mon, Nov 16, 2009 at 9:48 PM, Walter Bright
<newshound1 at digitalmars.com> wrote:
> bearophile wrote:
>>
>> Walter Bright:
>>>
>>> I just wished to point out that it was not a *safety* issue.<
>>
>> A safe system is not a program that switches itself off as soon as
>> there's a small problem.
>
> Computers cannot know whether a problem is "small" or not.
>
>> One Ariane missile has self-destroyed (and destroyed an extremely
>> important scientific satellite it was carrying whose mission I miss
>> still) because of this silly behaviour united with the inflexibility
>> of the Ada language.
>>
>> A reliable system is a systems that keeps working correctly despite
>> all. If this is not possible, in real life you usually want a "good
>> enough" behaviour. For example, for your TAC medical machine, in
>> Africa if the machine switches itself off at the minimal problem they
>> force the machine to start again, because they don't have money for a
>> 100% perfect fix. So for them it's better a machine that shows a slow
>> and graceful degradation. That's a reliable system, something that
>> looks more like your liver, that doesn't totally switch off as soon
>> it has a small problem (killing you quickly).
>
> This is how you make reliable systems:
>
You sure got all the answers...
More information about the Digitalmars-d
mailing list