From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=0.2 required=5.0 tests=BAYES_00,INVALID_MSGID,
	REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 107079,eca28648989efca9
X-Google-Attributes: gid107079,public
X-Google-Thread: f74ae,eca28648989efca9
X-Google-Attributes: gidf74ae,public
X-Google-Thread: 103376,885dab3998d28a4
X-Google-Attributes: gid103376,public
X-Google-Thread: 101deb,885dab3998d28a4
X-Google-Attributes: gid101deb,public
From: Alan Brain <aebrain@dynamite.com.au>
Subject: Re: Ariane 5 failure
Date: 1996/09/27
Message-ID: <324C8405.F8B@dynamite.com.au>#1/1
X-Deja-AN: 185615871
references: <agrapsDy4oJH.29G@netcom.com> <52a572$9kk@goanna.cs.rmit.edu.au>
 <52bm1c$gvn@rational.rational.com> <1780E8471.KUNNE@frcpn11.in2p3.fr>
content-type: text/plain; charset=us-ascii
organization: @Home
mime-version: 1.0
reply-to: aebrain@dynamite.com.au
newsgroups: sci.astro,sci.math.num-analysis,comp.lang.pl1,comp.lang.ada
x-mailer: Mozilla 3.0 (Win16; I)
Date: 1996-09-27T00:00:00+00:00
List-Id: <comp.lang.ada>


Ronald Kunne wrote:

> The problem of constructing bug-free real-time software seems to me
> a trade-off between safety and speed of execution (and maybe available
> memory?). In other words: including tests on array boundaries might
> make the code saver, but also slower.
> 
> Comments?

Bug-free software is not a reasonable criterion for success in a
safety-critical system, IMHO. A good program should meet the
requirements for safety etc despite bugs. Also despite hardware
failures, soft failures, and so on. A really good safety-critical
program should be remarkably difficult to de-bug, as the only way you
know it's got a major problem is by examining the error log, and
calculating that it's performance is below theoretical expectations.

And if it runs too slow, many times in the real-world you can spend 2
years of development time and many megabucks kludging the software, or
wait 12 months and get the new 400 Mhz chip instead of your current 133.

----------------------      <> <>    How doth the little Crocodile
| Alan & Carmel Brain|      xxxxx       Improve his shining tail?
| Canberra Australia |  xxxxxHxHxxxxxx _MMMMMMMMM_MMMMMMMMM
---------------------- o OO*O^^^^O*OO o oo     oo oo     oo  
                    By pulling Maerklin Wagons, in 1/220 Scale