[hulitu]

> What if the update is to address a safety issue?

If they didn't make "safety" right from the first time, why do you think they will do it better the second time, when the fixes are more expensive and the time pressure is enormous ?

[WalterBright]

Please refer to my earlier comment that there is zero chance of making bug-free software.

[throwway120385]

Counterpoint: You can get close enough that you can run a probe in space for 60 years.

[WalterBright]

Some probes have had major failures that JPL was able to work around with a software update.

[jacquesm]

True, but: different budget per unit of code produced.

[seanhunter]

Hence the famous joke at NASA that you get to launch the rocket when the documentation if piled up would be taller than the rocket itself.

...all of which is just an excuse to show this great picture of Margaret Hamilton [1] lead developer on the Apollo guidance system standing next to (and slightly shorter than) the printouts of the source code https://en.wikipedia.org/wiki/File:Margaret_Hamilton_-_resto...

[1] Who was admittedly quite short apparently

[jacquesm]

That's a fantastic picture.

I've worked on some interesting software with lives on the line as well and the amount of test code absolutely dwarfed the functional part. I wonder whether at the time of the effort you linked that was already common practice and if it was what the fraction of that code was tests.

Assuming she's 1.65 meters tall and 66 lines per page (quite common back then), at 0.2 mm thickness per page that's 8K pages times 66 lines / page is ~550K lines. Pretty impressive!