Re: What I miss... (really C, Ada, religion)

[throopw@rtp47.UUCP (Wayne Throop)]

> I'd like to re-ask my question. What do you do in a finished product in a
> high-risk environment when an unanticipated bug (anticipated errors will have
> been dealt with in both languages if the programmer is worth his pay) occurs?

I don't have an answer (and I suspect there aren't any unique answers),
but I'd like to point out that this doesn't seem to be either an
architectural issue, nor a language issue.  In any language, on any
architecture, irrecoverable errors will occur (that is, fundamental
assertions about the state of the world that are necessary to allow the
program to proceed will be violated).

When this happens, the acceptable response will vary according to the
situation.  If a critical subroutine traps, the process might attempt to
recover (perhaps re-executing the subroutine after some fixup action).
If a critical process "core dumps", the system might attempt to recover
(perhaps by restarting the process at some checkpoint or other).  If a
critical process can't be restarted, the system might try to recover by
rebooting.  And so on and on.

But when push comes to shove, there will be some cases that just can't
be handled.  So, my fuzzy answer to "What do you do in a finished
product in a high-risk environment when an unanticipated bug occurs?" is
"The best you can".
-- 
Wayne Throop at Data General, RTP, NC
<the-known-world>!mcnc!rti-sel!rtp47!throopw