Program logic bugs vs input/environmental errors
Piotrek via Digitalmars-d
digitalmars-d at puremagic.com
Sat Oct 4 02:20:27 PDT 2014
On Saturday, 4 October 2014 at 08:30:11 UTC, Walter Bright wrote:
> On 10/3/2014 3:27 PM, Piotrek wrote:
>> My point was that the broken speed indicators shut down the
>> autopilot systems.
>
> The alternative is to have the autopilot crash the airplane.
> The autopilot cannot fly with compromised airspeed data.
Yes, I know. I just provided that example as a response to:
> Do you interpret airplane safety right? As I understand,
> airplanes are safe
> exactly because they recover from assert failures and continue
> operation.
And Paulo stated it's a bad example. Maybe it is, but I couldn't
find a better one. This accident just sits in my head as the
sequence of events shocked me the most from all accident stories
I heard.
Piotrek
More information about the Digitalmars-d
mailing list