From: Gary Powell (Gary.Powell_at_[hidden])
Date: 2001-04-12 16:42:10
> Sure all of that is desirable. All I'm saying is that it's preferable
> for critical software to crash rather than limp along with possibly
> corrupt state. Things like an X-ray machine or an auto-pilot fit this
> bill I think.
I beg to disagree. An X-ray machine should shut itself off on the way out,
an auto-pilot should sound an alarm and request to be reset. Crashing
airplanes is really not a very nice option.
Both situations, could alert the main loop with an exception and that can
decide what to do next.
(Flown on a 757/767? I worked on the auto throttle for them when I was at
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk