On Tuesday, July 27, 2010 15:00:20 Walter Bright wrote: > bearophile wrote: > > You have to think about proofs as another (costly) tool to avoid > > bugs/bangs, but not as the ultimate and only tool you have to use (I > > think dsimcha was trying to say that there are more costly-effective > > tools. This can be true, but you can't be sure that is right in > > general). > > I want to re-emphasize the point that keeps getting missed. > > Building reliable systems is not about trying to make components that > cannot fail. It is about building a system that can TOLERATE failure of > any of its components. > > It's how you build safe systems from UNRELIABLE parts. And all parts are > unreliable. All of them. Really. All of them.
Especially the programmer. ;) - Jonathan M Davis