[erlang-questions] Question about Erlang and Ada

Wojtek Narczyński wojtek@REDACTED
Mon Jan 11 18:52:30 CET 2016


W dniu 2015-12-15 o 10:49, Richard Carlsson pisze:
>
>     I still insist that there is need for both: "let it crash" and
>     "correct by construction". You wouldn't want to let your
>     fly-by-wire system controller crash during landing, one meter
>     above the runway. But you also wouldn't want to build a correct
>     feature poor in-flight entertainment system.
>
>
> If restarting is fast enough (e.g. sub-millisecond), then yes, I do 
> want the fly-by-wire system controller to crash and get back to a 
> clean state, rather than make a poor guess at what to do to fix the 
> problem, or lock up.
>
I don't think we fundamentally disagree. AFAIR, they have supervision in 
the form of hardware watchdogs.

Flying an airliner by beam.smp is completely out of question. But I 
would not recommend Erlang even for a small uav autopilot project. Would 
you?

The largest correct by construction effort is probably CompCert. 
Fascinating achievement.

-- 
Wojtek Narczynski
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20160111/5d2db94d/attachment.htm>


More information about the erlang-questions mailing list