Re: Ada vs Ruby

< ^ > P N |<>|^_>< --- | ~ ...Help
On Wed, Apr 16, 2008 at 12:57 PM, Phillip Gawlowski
<cmdjackryan / googlemail.com> wrote:
>  Eleanor McHugh wrote:
>
>  | It's a lovely idea, but ponder the impact of Göäel's Incompleteness
>  | Theorems or Turing's proof of the Halting Problem. In practice there are
>  | program states which can occur which cannot be identified in advance
>  | because they are dependent on interactions with the environment, or are
>  | artefacts of the underlying problem space.
>  |
>  | That's why run-time error handling and fail-safe behaviour are so
>  | important regardless of the rigour of Q&A processes.
>
>  Sure. But to know these states, the software should be tested as
>  thoroughly as possible. I somehow doubt that anybody using something
>  mission-critical to flying or medical health wants to call the hotline
>  during the final approach of a plane or when a surgical robot gets
>  fantasies of being SkyNET. ;)

Yes, testing, not a blind faith in whatever language is being used,
and it's compiler.

>  Anyway, this problem is (AFAIK, anyway), countered by using redundant
>  implementations of the hardware and software (well, as far as possible,
>  anyway), to minimize the effect of unknown states.

Of course this isn't perfect either.  In fact "The Bug Heard Round the
World." which I mentioned earlier in this thread, was a failure of
redundancy.

The Shuttle has, or at least did in the early days, redundant on-board
computers which monitor the health and behavior of shuttle systems,
with voting used to find discrepencies.  The hardware is/was comprised
of (3 I think) identical IBM 4Pi computers with 1 of those having a
totally independently implemented software load. When control of the
launch/mission is transferred to this system, the separate processors
run in parallel, and their outputs are compared.  If they disagree,
the launch is aborted.

Of course all of this worked well during the pre-STS1 mission sims.

However, on the day of the launch, there was a clock skew between the
redundant computers, so the output from one lagged just a bit behind
the others, and the system halted the launch, unnecessarily as it
turned out, at T-3

-- 
Rick DeNatale

My blog on Ruby
http://talklikeaduck.denhaven2.com/