On Saturday, 4 October 2014 at 08:15:51 UTC, Walter Bright wrote:
On 10/3/2014 8:43 AM, Sean Kelly wrote:
My point, and I think Kagamin's as well, is that the entire
plane is a system
and the redundant internals are subsystems. They may not
share memory, but they
are wired to the same sensors, servos, displays, etc.
No, they do not share sensors, servos, etc.
Gotcha. I imagine there are redundant displays in the cockpit as
well, which makes sense. Thus the unifying factor in an airplane
is the pilot. In a non-mannned system, it would be a control
program (or a series of redundant control programs). So the
system in this case includes the pilot.
Thus the point about shutting down the entire plane as a
result of a small failure is fair.
That's a complete misunderstanding.
Right. So the system relies on the intelligence and training of
the pilot for proper operation. Choosing which systems are in
error vs. which are correct, etc. I still think an argument
could be made that an entire airplane, pilot included, is
analogous to a server infrastructure, or even a memory isolated
program (the Erlang example).
My only point in all this is that while choosing the OS process
is a good default when considering the potential scope of
undefined behavior, it's not the only definition. The pilot
misinterpreting sensor data and making a bad judgement call is
equivalent to the failure of distinct subsystems corrupting the
state of the entire system to the point where the whole thing
fails. The sensors were communicating confusing information to
the pilot, and his programming, as it were, was not up to the
task of separating the good information from the bad.
Do you have any thoughts concerning my proposal in the "on
errors" thread?
