[TUHS] Death by bug
Ralph Corderoy
ralph at inputplus.co.uk
Mon Jul 12 19:56:39 AEST 2021
Hi Ted,
> > This is why I have purposely stayed away from jobs at companies
> > doing stuff like this. I know I don't write perfect code; I don't
> > want to be responsible for devices that can affect human life.
>
> We should never be depending on a human being able to write "perfect
> code".
And no one has suggested we do; Arnold just pointed out he knows doesn't
which is a good first step to working on critical software.
> Instead, we need to come up with processes so that imperfect code
> doesn't escape into production *despite* the fact that humans are
> fallible. Such processes might include requiring unit tests,
> integration tests, stress tests, etc., requiring code reivews by a
> second pair of eyes, perhaps using formal proofs, having multiple
> implementations of critical algorithms, cross-checking the results
> from those independent implementations, and so on.
Haven't you just pushed the need for perfection from coding to processes
to achieve ‘imperfect code doesn't escape into production’. Perfection
doesn't exist there either.
--
Cheers, Ralph.
More information about the TUHS
mailing list