Everyone who writes safety critical software should read this

[Jonathan M Davis]

On Tuesday, October 29, 2013 19:14:50 Walter Bright wrote:

> 3. Beating out of engineers the hubris that "this part I designed will never
> fail!" Jeepers, how often I've heard that.

It makes me think of a manager where I work who was happy that one of the 
projects had no bugs reported on it by the testers, whereas we thought that it 
was horrible. We _knew_ that there were bugs (there's no way that they're 
weren't), but they weren't being reported. So, we thought that the lack of bug 
reports was a horrible sign, whereas he thought that it meant that the product 
was in good shape.

Going to the extreme of assuming that something that you wrote won't fail is 
even worse. I don't trust even the stuff that I tested to death to be bug-free, 
and that's not even taking into account the possibility of the assumptions 
that it's using falling apart for some reason (e.g. the underlying system 
calls ceasing to function properly for some reason) or hardware failures 
(which will happen eventually). No program will run forever or perfectly 
(especially one of any real complexity), and no hardware will never die. 
That's a given, and it's sad to see a trained engineer thinking otherwise.

- Jonathan M Davis