"Dmitry A. Kazakov" wrote in message news:1j8hpasemtm7n$.1l1wrnukz7ewf$.dlg@40tude.net... > On Mon, 29 May 2006 17:08:27 +0200, Jan Vorbr�ggen wrote: > > >>>In the case of Ariane 501, the correct approach > >>>IMO would have been to have a test mode (with detection) and a flight mode, > >>>which turns on the "let's hope and pray" handling of errors and is reserved > >>>for use only on actual launches. > >> I don't think so. The problem (bug) wasn't in an inappropriate handling of > >> an error. It was a false positive in error detection. Handling was correct, > >> detection was wrong. > > > > If any error had been forseen, I might agree. But the problem lay in handling > > the unforseen error: that handling, in itself, led to failure. The approach > > taken just wasn't tolerant of errors in the programming. > > Ah, but an unforeseen error is a bug. One cannot be bug-tolerant, it is > self-contradictory, after all. A program can be bug-tolerant. Standard error-handling techniques dan del with them. Such programs containing error handling are called fail-safe programs.