Embedded software DbC
Kagamin
spam at here.lot
Mon Aug 2 22:24:41 PDT 2010
bearophile Wrote:
> If well designed such systems have a graceful degradation of functionality even when you step out of their specs. Systems like this are used today in critical systems like breakers control systems of subway trains where a sharp shutdown like the one on the Ariane can cause hundred of deaths. When well designed such fuzzy systems do work very well. All this is kind of the opposite of the design strategy behind DbC :-)
>
I doubt that degradation is acceptable in rocket launch.
Definitely, there's some window for errors, but the starting rocket already operates at its limit, you don't have free resources necessary to compensate degradation. And the window is small: a couple of degrees and you crash, and if software is inadequate, you easily go out of this window.
There can be other factors: with a train you have to control only acceleration, the rocket has much more parameters to control - more bugs in logic.
More information about the Digitalmars-d
mailing list