Non-null objects, the Null Object pattern, and T.init
Ola Fosheim Grøstad" <ola.fosheim.grostad+dlang at gmail.com>
Ola Fosheim Grøstad" <ola.fosheim.grostad+dlang at gmail.com>
Sat Jan 18 02:50:33 PST 2014
On Saturday, 18 January 2014 at 03:07:30 UTC, H. S. Teoh wrote:
> You missed his point. The complaint is that the car has a
> *single*
> software system that handles everything. That's a single point
> of
> failure. When that single software system fails, *everything*
> fails.
I didn't miss the point at all. My point is that you should
always target the cost of improving the statistical overall
safety of the system rather than optimizing the stability of a
single part that almost never fail.
Having multiple independent software implementations only works
for very simple systems. And in that case you can prove
correctness by formal proofs. It is more likely to fail due to a
loose wire or electrical components.
More information about the Digitalmars-d
mailing list