| Here's a different way of looking at it. How many die because of faulty software vs faulty humans? Yes, all software is going to have bugs and bugs in critical software can cost real lives, but I think we focus too much on the negatives and ignore all of the lives that we've saved because of modern technology. People seem to prefer explainable patterns over random ones, even if the random ones are less common. For some reason, "the pilot must have been overworked" is more acceptable than "an unlikely condition wasn't tested for and the software got into an invalid path", which can look random from the outside. My point here is that, while software failing is terrible and we should do everything we can to prevent it, we need to recognize that it's often a net benefit. As for practical ways to prevent it, here are a few thoughts: - formal proofs of correctness
- extensive tests, both automated and manual
- frozen compilers
- limited scope; the less code there is, the easier it is to make reliable
- high quality hardware (unexpected bit flips are just a deadly as a software bug) I don't write critical software like this, but I do read about it, such as NASA's design guidelines. However, we have to accept that there will be errors when going into a critical project, and do everything we can to prevent them. |