On 4/1/2013 2:20 PM, Simen Kjærås wrote:
I am reminded of Therac-25[1]. though the situation there was slightly different, similar situations could arise from not turning off hardware.
Relying on a program running correctly in order to avoid disaster is a terrible design. Even mathematically proving a program to be correct is in no way, shape, or form sufficient to deal with this.
