> I had even more extreme ideas on paper. One simple one was that
> most programming languages don't really provide an environment where
> dimensions and units of measure are supported.  I had described a
> language where that might have caught the errors that resulted in
> the failures of the european satellite launch and the mars lander.

Did you lateron ever find a language that does support this? (I mean at
compile time, whith zero run-time overhead, and without having to
declare all the intermediate types and their operators explicitly.)

> When I asked them how they ensured that their
> product would have no failures they proudly announced that they
> used fault trees.

Not a bad approach, but only for problems that are somehow 'visible' in
the design.

> He explained
> that every major disaster, Three Mile, Brown's Ferry, the Apollo
> fire, Bo Pol, Chernobyl, etc.  all had had a careful analysis and
> complete fault tree constructed, that all the fault trees seemed
> to guarantee was that the failure would be outside what you had
> thought of.

These kind of analysis never (at least to my knowledge) take human
(mis)behaviour into account. Humans have a bad tendency to concentrate
their errors on the timescale, which circumvents checks, redundancy,
etc. They also tend to use override functions to compensate for lack of
maintenance, lack of knowledge etc.

Wouter van Ooijen

-- -------------------------------------------
Van Ooijen Technische Informatica: www.voti.nl
consultancy, development, PICmicro products
docent Hogeschool van Utrecht: www.voti.nl/hvu
 

-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist