Program logic bugs vs input/environmental errors

[Piotrek via Digitalmars-d]

On Friday, 3 October 2014 at 16:11:00 UTC, Ola Fosheim Grøstad 
wrote:
> On Friday, 3 October 2014 at 15:43:59 UTC, Sean Kelly wrote:
>> My point, and I think Kagamin's as well, is that the entire 
>> plane is a system and the redundant internals are subsystems.  
>> They may not share memory, but they are wired to the same 
>> sensors, servos, displays, etc.  Thus the point about shutting 
>> down the entire plane as a result of a small failure is fair.
>
> An airplane is a bad analogy for a regular server. You have 
> redundant backups everywhere and you are not allowed to take 
> off at the smallest sign of deviation from normal operation.

That depends on design (logic). Ever heard of this?

http://www.reddit.com/r/programming/comments/1ax0oa/how_kdes_1500_git_repositories_almost_were_lost/


> I think Walter forgets that you ensure integrity of a complex 
> system of servers by utilizing a rock solid proven transaction 
> database/task-scheduler for handling all critical information. 
> If that fails, you probably should shut down everything, roll 
> back to the last backup and reboot.

I agree with Walter wholeheartedly. If I get him correctly he 
speaks about distinction between the program logic and input 
errors. Not about recovery strategies/decisions.

> But you don't shut down a restaurant because the waiter forgets 
> to write down an order every once in a while, you shut it down 
> if the kitchen is unsuitable for preparing food. After 
> sanitizing the kitchen you open the restaurant again. You also 
> don't fire the sloppy waiter until you have a better waiter at 
> hand…

Let me play the game of finding analogies ;)
IMO, an exception is more suitable for the analogy with waiter 
and dirty kitchen.
A logic error would be a case when you think you are running a 
garage but suddenly you noticed your stuff is selling meals and 
is wearing chef's uniforms.

Piotrek