runtime hook for Crash on Error

Walter Bright newshound2 at digitalmars.com
Fri Jun 1 10:48:28 PDT 2012


On 6/1/2012 6:25 AM, Jacob Carlborg wrote:
> On Friday, 1 June 2012 at 01:16:28 UTC, Walter Bright wrote:
>
>> [When I worked on flight critical airplane systems, the only acceptable
>> response for a self-detected fault was to IMMEDIATELY stop the system,
>> physically DISENGAGE it from the flight controls, and inform the pilot.]
>
> Plane/computer:
>
> ERROR ERROR, I just wanted to inform you that I've detected an error with the
> landing gear. I will now disengage the landing gear from the plane, I hope you
> do not need to land.
>
> :)

I know you're joking, but the people who design these things have a lot of 
experience with things that fail on aircraft, why they fail, and how to design a 
system to survive failure.

And the record of airline safety speaks for itself - it is astonishingly, 
unbelievably, good.

(I don't know the landing gear system in detail, but I do know it has multiple 
*independent* subsystems to get it down and locked.)



More information about the Digitalmars-d mailing list