On Wed, Apr 16, 2008 at 6:23 PM, Eleanor McHugh <eleanor / games-with-brains.com> wrote: > On 16 Apr 2008, at 14:42, Phillip Gawlowski wrote: > > > I doubt, however, that there is a single undefined state in the Space > > Shuttle's software. No uncaught exception, no reliance on language > > features to do the right things, but well understood and diligent > > implementation of those, together with rigorous QA. > > > > It's a lovely idea, but ponder the impact of Göäel's Incompleteness > Theorems or Turing's proof of the Halting Problem. In practice there are > program states which can occur which cannot be identified in advance because > they are dependent on interactions with the environment, or are artefactsf > the underlying problem space. > I am not sure but on a first approach I believe that neither Göäel nor Turing apply because they are talking about systems describing themselves. IIRC it is a theorem in TNT(1) making an assumption about TNT in the first case and a turing machine reading the description of a turing machine on its tape in the second case. I do not believe that Aircraft Control Systems have this degree of self awareness, but I can stand corrected if I am wrong, because although I have been taught a lot about TM and TNT I do not know a lot about Aircraft Control. > That's why run-time error handling and fail-safe behaviour are so important > regardless of the rigour of Q&A processes. That however I agree with! (1) http://en.wikipedia.org/wiki/Typographical_Number_Theory Cheers Robert -- http://ruby-smalltalk.blogspot.com/ --- Whereof one cannot speak, thereof one must be silent. Ludwig Wittgenstein