Bad array indexing is considered deadly
Ola Fosheim Grøstad via Digitalmars-d
digitalmars-d at puremagic.com
Sat Jun 3 03:00:19 PDT 2017
On Saturday, 3 June 2017 at 09:48:05 UTC, Timon Gehr wrote:
> I don't get why you would /restart/ mission-critical software
> that has been shown to be buggy. What you need to do instead:
> Have a few more development teams that create independent
> implementations of your service. (Completely from scratch, as
> the available libraries were not developed to the necessary
> standard.) All of them should run on different hardware
> produced in different factories by different companies.
> Furthermore, you need to hire a team of testers and software
> verification experts vastly exceeding the team of developers in
> magnitude, etc.
Yes, mission critical software such as flight control are (and
should) be proven correct. There is modelling software for this
very narrow field that will generate correct code.
Or as you say, you can implement 3 different versions, running on
3 different hardware platforms and shut down the 1 that disagrees
with the others.
But you still have to think in probabilistic terms, because there
could be problems with sensors, actuators, human errors etc etc
etc..
More information about the Digitalmars-d
mailing list