Everyone who writes safety critical software should read this
Martin Drasar
drasar at ics.muni.cz
Thu Oct 31 12:00:28 PDT 2013
On 31.10.2013 19:46, Walter Bright wrote:
> On 10/31/2013 9:00 AM, eles wrote:
>> Basically, I think that critical code is almost always developed as if
>> being
>> transaction-based. It succeeds or it leaves no trace.
>
> That's great for the software.
>
> What if the hardware fails? Such as a bad memory bit that flips a bit in
> the perfect software, and now it decides to launch nuclear missiles?
Three different pieces of software (written by different teams) that
should do the same thing and then have a consensual voting on the
correct action? Or even more pieces, depending on the clusterfuck that
can be caused by flipped bit...
The interaction with hardware can be a bit tricky and afterall anything
can go wrong in the right circumstances, no matter how hard you try. It
is up to you to decide cost/benefit.
More information about the Digitalmars-d
mailing list