Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
aidenn0 4 days ago

Systems containing software fail, and the cause of that failure may originate in software.

And the article you intended to link is just wrong. E.g. the Therac-25 was not designed to output high power when an operator typed quickly; it was built in such a way to do so. This would be analogous to describing an airplane failure due to using bolts that were too weak: "the bolt didn't fail; it broke under exactly the forces you would expect it to break from its size; if they wanted it to not break, they should have used a larger bolt!" Just like in the Therac example, the failure would be consistently reproducible.

kqr 4 days ago | parent | next [-]

It sounds like our main disagreement lies around whether to call it "design error" or "build error" but I do not believe this erases the useful distinction between "error present in the thing from day one" and "unpredictable failure of component suddenly no longer doing what it used to do".

aidenn0 3 days ago | parent [-]

I think that's definitely part of it. I also believe that a physical component put under stresses it was not capable of bearing, even when those stresses were known to be within the expected environment at design time -- such as a bolt that was too weak for expected conditions -- is both:

1. Generally referred to as a "failure" of the part

2. Closely analogous to many software defects that cause system failure.

kqr 2 days ago | parent [-]

> Generally referred to

Sure, people may sloppily call it a failure, but then they miss out on a useful distinction which would help them create more robust software.

A bolt being under-engineered for its intended usage is a design error. When it breaks, that's a predictable (but unfortunate) mode of operation of the design, not a failure. (It has inadvertently been designed to act as a frangible link.)

The reason it's important to distinguish between the two cases is that we use different methods to deal with them.

motxilo 4 days ago | parent | prev [-]

You allude to the difference between requirements and constraints. What you say is true, but also it's true that the Therac-25 was not designed to not output high power when an operator typed quickly.