Volatile is stupid
Doug Gwyn
gwyn at brl-smoke.ARPA
Wed Jun 29 06:57:27 AEST 1988
In article <225800039 at uxe.cso.uiuc.edu> mcdonald at uxe.cso.uiuc.edu writes:
>>Then the program will work fine for five years, and someone will install
>>it in an airplane controller, then someone else will manually `correct'
>>something, and your program will crash, along with the airplane. This
>>is what correctness checking is all about.
>Does anyone know what language was used to write the control program
>for the Airbus A320 "crash by wire" plane?
Who cares? Such programs should NOT repeat NOT rely on theoretical
total correctness of the compiler, application code, etc. for their
safety! It is known how to engineer reliability into systems.
I think someone has been listening too intently to the bogus anti-SDI
argument that "everything has to function perfectly the first time".
More information about the Comp.lang.c
mailing list