Program logic bugs vs input/environmental errors
Kagamin via Digitalmars-d
digitalmars-d at puremagic.com
Wed Oct 15 00:19:06 PDT 2014
On Saturday, 4 October 2014 at 08:08:49 UTC, Walter Bright wrote:
> On 10/3/2014 4:27 AM, Kagamin wrote:
>> Do you interpret airplane safety right? As I understand,
>> airplanes are safe
>> exactly because they recover from assert failures and continue
>> operation.
>
> Nope. That's exactly 180 degrees from how it works.
>
> Any airplane system that detects a fault shuts itself down and
> the backup is engaged. No way in hell is software allowed to
> continue that asserted.
Sure, software is one part of an airplane, like a thread is a
part of a process. When the part fails, you discard it and
continue operation. In software it works by rolling back a failed
transaction. An airplane has some tricks to recover from
failures, but still it's a "no fail" design you argue against: it
shuts down parts one by one when and only when they fail and
continues operation no matter what until nothing works and even
then it still doesn't fail, just does nothing. The airplane
example works against your arguments.
The unreliable design you talk about would be committing a failed
transaction, but no, nobody suggests that.
More information about the Digitalmars-d
mailing list