Walter Bright: > I want to re-emphasize the point that keeps getting missed. > > Building reliable systems is not about trying to make components that cannot > fail. It is about building a system that can TOLERATE failure of any of its > components. > > It's how you build safe systems from UNRELIABLE parts. And all parts are > unreliable. All of them. Really. All of them.
Each of those parts must be pretty reliable if you want to design a globally reliable system. Space Shuttle control systems are redundant as you say, and probably each single point of failure has a backup, but each software system is pretty reliable by itself, probably they have proved some of its parts for each of the independently written redundant software systems. If your subsystems are crap, your overall system is crap, unless you have tons of them and they can be all used in "parallel" (with no single coordinator that can be a failure point). Bye, bearophile
