Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!wuarchive!uunet!igor!rutabaga!jls
From: jls@rutabaga.Rational.COM (Jim Showalter)
Newsgroups: comp.software-eng
Subject: Re: Provocative statement
Message-ID: <jls.672700118@rutabaga>
Date: 26 Apr 91 21:08:38 GMT
References: <9776@castle.ed.ac.uk> <1991Apr25.133216.20855@jyu.fi>
Sender: news@Rational.COM
Lines: 23

>If the bridge designer wants to have a greater security factor,
>(s)he can specify a little thicker steel and cables than suggested
>by standard calculations.  The software designer cannot say:
>"This system has to be really safe and secure, so let's put in
>30% more code!"

I disagree strongly with this. It has been my experience that the
systems that are engineered from the outset to have excellent
error detection and correction mechanisms are quite robust and
fault-tolerant. Often, the amount of error code that is involved
CAN be about 30% of the total.

Paradoxically, it has also been my experience that these safety-
engineered systems are engineered well throughout, and so tend
not to NEED the error checking that was added. On the other hand,
systems that are written without much error checking seem to be
infected with an overall attitude of slovenliness, and so are the
ones most prone to failure.
--
* "Beyond 100,000 lines of code, you should probably be coding in Ada." *
*      - P.G. Plauger, Convener and Secretary of the ANSI C Committee   *
*                                                                       *
*                The opinions expressed herein are my own.              *