bearophile Wrote:
> This is a paper that shows why DbC can not enough in some situations, by Ken > Garlington, 1998: > http://home.flash.net/~kennieg/ariane.html > > In the situation like the one of the Ariane I think the good solution is the > introduce a fuzzy control system that has a degradation of its effectiveness > as conditions come out of its specs, but avoids a total failure. This is what > biological designs too do. It's a kind of 'defensive programming'. > >From what I heard, the software for Ariane was physically unable to handle >Ariane, so no matter what assertions you put into it, it would crash.
