Everyone who writes safety critical software should read this
Walter Bright
newshound2 at digitalmars.com
Tue Oct 29 19:14:50 PDT 2013
On 10/29/2013 6:55 PM, Walter Bright wrote:
> On 10/29/2013 5:54 PM, H. S. Teoh wrote:
>> Is there a third instalment, or is this it?
>
> That's it.
The ideas are actually pretty simple. The hard parts are:
1. Convincing engineers that this is the right way to do it.
2. Convincing people that improving quality, better testing, hiring better
engineers, government licensing for engineers, following MISRA standards, etc.,
are not the solution. (Note that all of the above were proposed in the HN thread.)
3. Beating out of engineers the hubris that "this part I designed will never
fail!" Jeepers, how often I've heard that.
4. Developing a mindset of "what happens when this part fails in the worst way."
5. Learning to recognize inadvertent coupling between the primary and backup
systems.
6. Being familiar with the case histories of failure of related designs.
7. Developing a system to track failures, the resolutions, and check that new
designs don't suffer from the same problems. (Much like D's bugzilla, the test
suite, and the auto-tester.)
More information about the Digitalmars-d
mailing list