On 31.10.2013 19:46, Walter Bright wrote: > On 10/31/2013 9:00 AM, eles wrote: >> Basically, I think that critical code is almost always developed as if >> being >> transaction-based. It succeeds or it leaves no trace. > > That's great for the software. > > What if the hardware fails? Such as a bad memory bit that flips a bit in > the perfect software, and now it decides to launch nuclear missiles?
Three different pieces of software (written by different teams) that should do the same thing and then have a consensual voting on the correct action? Or even more pieces, depending on the clusterfuck that can be caused by flipped bit... The interaction with hardware can be a bit tricky and afterall anything can go wrong in the right circumstances, no matter how hard you try. It is up to you to decide cost/benefit.