[bumby]

Doesn’t this completely depend on the sensor failure mode? Eg if a voltage sensor internally shorts to ground, the failure will read 0V, not NaN. Or are you using “failed sensor” to only mean “not reporting” here?

I think your initialization is smart in many use cases, but the sensor application probably isn’t one of them except for that single failure mode. It can still lead to masked failures and false assumptions (“the sensor is getting a value so it must be working”). That’s the same issue as what you’re supposedly fixing by that design choice. It still requires engineering knowledge to assess correctly.

[WalterBright]

Yes, I assume the sensor is designed to detect its own failures. If a sensor is capable of emitting floating point values, surely its software can emit a NaN.

The point of a NaN value is it does not require sophisticated engineering knowledge to realize that a NaN output is not what you're expecting.

[bumby]

>I assume the sensor is designed to detect its own failures.

Bold assumption. I would be willing to bet this is more the exception than the rule on most sensors/systems.

>The point of a NaN value is it does not require sophisticated engineering knowledge to realize that a NaN output is not what you're expecting.

What I was pointing out is this only captures a relatively narrow set of failure modes and may lead to bad assumptions due to automation bias. E.g., "I only need to think about failures if the sensor gives an NaN because it's based on the assumption that a failure produces an NaN" whereas having an actual principled knowledge of operation can catch the other errors.