Jim Balter wrote:
You're being religious about this and arguing against a strawman. While
all parts are unreliable, they aren't *equally* unreliable.
They don't have to have equal reliability in order for redundancy to be very
effective.
Unit tests,
contract programming, memory safe access, and other reliability
techniques, *including correctness proofs*, all increase reliability.
True, but the problem is when one is seduced by that into thinking that
redundancy is not necessary.
On the flip side, you can't guarantee reliability with simplistic rules
like "no continuing after an exception".
Of course, but you can guarantee unreliability by thinking one can continue
after an exception thrown by a programming error. (In engineering, one can never
"guarantee" reliability anyway. What one does is set a maximum failure rate, and
prove a design is more reliable than that.)
Blindly applying rules without using one's brain is bad, and ignoring rules
without thoroughly understanding their rationale is equally bad.
Numerous (relatively) reliable systems have demonstrated that religion to be a
myth as well.
If there's an interesting example here, please tell me about it!
As for the religion aspect, please consider that I get this from my experience
with how airliners are designed. I think there can be little doubt that these
techniques (religion) are extremely effective in producing incredibly reliable
and safe airline travel.
