Program logic bugs vs input/environmental errors
Walter Bright via Digitalmars-d
digitalmars-d at puremagic.com
Sat Oct 4 01:15:52 PDT 2014
On 10/3/2014 8:43 AM, Sean Kelly wrote:
> My point, and I think Kagamin's as well, is that the entire plane is a system
> and the redundant internals are subsystems. They may not share memory, but they
> are wired to the same sensors, servos, displays, etc.
No, they do not share sensors, servos, etc.
> Thus the point about shutting down the entire plane as a result of a small failure is fair.
That's a complete misunderstanding.
In NO CASE does avionics software do anything after an assert but get shut down
and physically isolated from what it controls.
I've explained this over and over. It baffles me how twisted up this simple
concept becomes when repeated back to me.
More information about the Digitalmars-d
mailing list