On Saturday, 4 October 2014 at 08:08:49 UTC, Walter Bright wrote:
On 10/3/2014 4:27 AM, Kagamin wrote:
Do you interpret airplane safety right? As I understand,
airplanes are safe
exactly because they recover from assert failures and continue
operation.
Nope. That's exactly 180 degrees from how it works.
Any airplane system that detects a fault shuts itself down and
the backup is engaged. No way in hell is software allowed to
continue that asserted.
Sure, software is one part of an airplane, like a thread is a
part of a process. When the part fails, you discard it and
continue operation. In software it works by rolling back a failed
transaction. An airplane has some tricks to recover from
failures, but still it's a "no fail" design you argue against: it
shuts down parts one by one when and only when they fail and
continues operation no matter what until nothing works and even
then it still doesn't fail, just does nothing. The airplane
example works against your arguments.
The unreliable design you talk about would be committing a failed
transaction, but no, nobody suggests that.
