Null references redux

bearophile bearophileHUGS at lycos.com
Sat Sep 26 16:27:51 PDT 2009


Walter Bright:

> I used to work at Boeing designing critical flight systems. Absolutely 
> the WRONG failure mode is to pretend nothing went wrong and happily 
> return default values and show lovely green lights on the instrument 
> panel. The right thing is to immediately inform the pilot that something 
> went wrong and INSTANTLY SHUT THE BAD SYSTEM DOWN before it does 
> something really, really bad, because now it is in an unknown state. The 
> pilot then follows the procedure he's trained to, such as engage the backup.

Today we think this design is not the best one, because the pilot suddenly goes from a situation seen as safe where the autopilot does most things, to a situation where the pilot has to do everything. It causes panic. A human needs time to understand the situation and act correctly. So a better solution is to fail gracefully, giving back the control to the human in a progressive way, with enough time to understand the situation.
Some of the things you have seen at Boeing today can be done better, there's some progress in the design of human interfaces too. That's why I suggest you to program in dotnet C# for few days.


> You could think of null exceptions like pain - sure it's unpleasant, but 
> people who feel no pain constantly injure themselves and don't live very 
> long. When I went to the dentist as a kid for the first time, he shot my 
> cheek full of novacaine. After the dental work, I went back to school. I 
> found to my amusement that if I chewed on my cheek, it didn't hurt.
> 
> Boy was I sorry about that later <g>.

Oh my :-(

Bye,
bearophile



More information about the Digitalmars-d mailing list