Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site ubc-cs.UUCP
Path: utzoo!utcsri!sask!alberta!ubc-vision!ubc-cs!ludemann
From: ludemann@ubc-cs.UUCP (Peter Ludemann)
Newsgroups: can.politics
Subject: Re: problems with Star Wars #2 (part 2: the crux)
Message-ID: <1213@ubc-cs.UUCP>
Date: Wed, 14-Aug-85 00:38:12 EDT
Article-I.D.: ubc-cs.1213
Posted: Wed Aug 14 00:38:12 1985
Date-Received: Fri, 16-Aug-85 00:41:38 EDT
References: <16069@watmath.UUCP>
Reply-To: ludemann@ubc-cs.UUCP (Peter Ludemann)
Distribution: can
Organization: UBC Department of Computer Science, Vancouver, B.C., Canada
Lines: 22

>                                 ....  Human beings deal better with
>unexpected situations than computer programs.

Agreed.  I worked on real-time systems at BNR (telephone switching,
which is *much* better defined than missile detection) and observed
in my code and others' code that one of the most common causes of
bugs (besides not understanding the problem) was the extra code
put in to catch exceptional conditions.  This code was needed
because the system had very high reliability requirements - it just
wasn't supposed to crash (mustn't stop that phone call to your
granny in Moose Jaw).  But very often this code would not only
not catch the exceptional conditions, it would cause crashes under
normal conditions.  Rigourous testing, type-checking compilers, etc.
helped produce a very reliable system, but I'm extremely sceptical
about the reliability of a system many times bigger than a telephone
switch, which can't be tested to nearly the same extent and whose
problem domain is much less well defined.
-- 
ludemann%ubc-vision@ubc-cs.uucp (ubc-cs!ludemann@ubc-vision.uucp)
ludemann@cs.ubc.cdn
ludemann@ubc-cs.csnet
Peter_Ludemann@UBC.mailnet