Everyone who writes safety critical software should read this
eles
eles at eles.com
Thu Oct 31 14:24:43 PDT 2013
On Thursday, 31 October 2013 at 18:46:07 UTC, Walter Bright wrote:
> On 10/31/2013 9:00 AM, eles wrote:
> What if the hardware fails? Such as a bad memory bit that flips
> a bit in the perfect software, and now it decides to launch
> nuclear missiles?
If that happens, any software verification could become useless.
On the latest project that I'm working on, we simply went with
two identical (but not independently-developed, just identical)
hardwares, embedded software on them.
A comparator compares the two outputs. Any difference results in
an emergency procedure (either a hardware reboot through a
watchdog, either a controlled shutdown - to avoid infinite loop
reboot).
More information about the Digitalmars-d
mailing list