Re: What I miss... (really C, Ada, religion)

[jer@peora.UUCP (J. Eric Roskos)]

> I'd like to re-ask my question.  What do you do in a finished product in a
> high-risk environment when an unanticipated bug (anticipated errors will
> have been dealt with in both languages if the programmer is worth his pay)
> occurs?

Then, I'd like to re-answer it.  The idea here is that you want to try to
design your product in such a way that if errors occur, you will recover from
them.  Here there's sort of a problem with the term "unanticipated errors".
For example, suppose you have some flight-control system for a missile, and
an "unanticipated error" occurs, so the missile goes off course.  Well, you
would like, then, to have some other system monitoring the trajectory of
the missile, that says, "the missile is off course... I'll just disarm the
warhead, here", or maybe starts up a redundant guidance system, or something
like that.

The problem is that if you do this right, there shouldn't BE any unantic-
ipated errors; an unanticipated error would be something like if the
laws of physics quit working.  How well you design your system determines
how well you accomplish this; but the various forms of exception handling,
etc. that we have been discussing are supposed to make this easier by
allowing your program both to discover certain types of errors, and to remain
in control when these errors occur (rather than producing some error message
and halting, as some people have suggested).

As you said, in "both languages" (I don't remember what the other one was)
such a problem can be handled; the newer approaches (exception handlers and
the like) just try to make this easier, to make it less likely that the
programmer will do it wrong.
-- 
Shyy-Anzr:  J. Eric Roskos
UUCP: Ofc:  ..!{decvax,ucbvax,ihnp4}!vax135!petsd!peora!jer
     Home:  ..!{decvax,ucbvax,ihnp4}!vax135!petsd!peora!jerpc!jer
  US Mail:  MS 795; Perkin-Elmer SDC;
	    2486 Sand Lake Road, Orlando, FL 32809-7642