Program logic bugs vs input/environmental errors

eles via Digitalmars-d digitalmars-d at puremagic.com
Sat Oct 4 02:11:05 PDT 2014


On Saturday, 4 October 2014 at 08:15:51 UTC, Walter Bright wrote:
> On 10/3/2014 8:43 AM, Sean Kelly wrote:

> In NO CASE does avionics software do anything after an assert 
> but get shut down and physically isolated from what it controls.
>
> I've explained this over and over. It baffles me how twisted up 
> this simple concept becomes when repeated back to me.

AFAICT, you hold the righ idea. Either the discussion fellows 
argue about a different thing and this is a communication 
problem, either they are on a wrong path.

Once an inconsistency in its own state is detected, any program 
quits guessing, and shuts down, sometimes with a minimal logging 
(if not harmless).

An inconsistency is when a software or a system finds intself in 
a situation for which it wasn't designed to face. It simply 
breaks the ultimat variants of all that any critical program 
makes. This invariant is: "I know what I'm doing."

Yes, a software might detect inconsistencies in the rest of the 
system and try to correct those *if it is designed (read: if it 
is made to know) what is doing. Majority voting, for example, is 
such case, but there the basic hypothesis is that sensors are not 
100% reliable. And, sometimes, even the majority voting is 
directly wired.

But, a critical software (and, for the general case, any 
software) only goes as far as it (believes) that it knows what's 
doing. When this is not the case, it does not continue, it stops 
immediately.


More information about the Digitalmars-d mailing list