On Thursday, 31 October 2013 at 18:46:07 UTC, Walter Bright wrote:
On 10/31/2013 9:00 AM, eles wrote:
What if the hardware fails? Such as a bad memory bit that flips
a bit in the perfect software, and now it decides to launch
nuclear missiles?
If that happens, any software verification could become useless.
On the latest project that I'm working on, we simply went with
two identical (but not independently-developed, just identical)
hardwares, embedded software on them.
A comparator compares the two outputs. Any difference results in
an emergency procedure (either a hardware reboot through a
watchdog, either a controlled shutdown - to avoid infinite loop
reboot).
