On 9/1/2018 3:49 AM, Dennis wrote:
On Friday, 31 August 2018 at 22:23:09 UTC, Walter Bright wrote:
For example, in any CS program, are there any courses at all about this?
In Year 1 Q4 of my Bachelor CS, there was a course "Software Testing and Quality
Engineering" which covered things like test types (unit, end-to-end, smoke
etc.), code coverage and design by contract. They taught how to implement
invariants, preconditions and postconditions in Java by manually placing asserts
(since unlike D, there's no `in`, `out` or `invariant` keywords in Java) but I
don't recall anything related to recovery from errors, or using aviation safety
principles to make a safe system from unreliable parts. They said that you can
decide between security and performance when choosing to leave asserts on/off in
release builds.
Sigh.
It's not just the software industry. Industry outside of aerospace appears to be
ignorant of it. See the Deepwater Horizon, Fukushima, medical devices, Toyota
car computers, it just goes on and on.
One of my favorite examples is when the power failed in New Orleans during a
storm, and the city flooded. Guess where the backup generators were located? In
the basements! The flooding took them out. Only one building had power after the
disaster, and they'd located the emergency generator above sea level.
Only one did that.
The backups were destroyed by the same situation that caused the need for the
backups - flooding from power failure. Completely worthless design, because the
systems were coupled.
