Program logic bugs vs input/environmental errors
Sean Kelly via Digitalmars-d
digitalmars-d at puremagic.com
Fri Oct 3 08:43:57 PDT 2014
On Friday, 3 October 2014 at 12:16:30 UTC, Jacob Carlborg wrote:
> On 03/10/14 13:27, Kagamin wrote:
>
>> Do you interpret airplane safety right? As I understand,
>> airplanes are
>> safe exactly because they recover from assert failures and
>> continue
>> operation. Your suggestion is when seat 2A creaks, shut down
>> the whole airplane. In reality airplanes continue to operate
>> until there's zero physical resource to operate.
>
> I have no idea of airplane works but I think Walter usual says
> they have at least three backup systems. If one system fails,
> shut it down and switch to the backup.
My point, and I think Kagamin's as well, is that the entire plane
is a system and the redundant internals are subsystems. They may
not share memory, but they are wired to the same sensors, servos,
displays, etc. Thus the point about shutting down the entire
plane as a result of a small failure is fair.
More information about the Digitalmars-d
mailing list