Hi Ted,
This is why I
have purposely stayed away from jobs at companies
doing stuff like this. I know I don't write perfect code; I don't
want to be responsible for devices that can affect human life.
We should never be depending on a human being able to write "perfect
code".
And no one has suggested we do; Arnold just pointed out he knows doesn't
which is a good first step to working on critical software.
Instead, we need to come up with processes so that
imperfect code
doesn't escape into production *despite* the fact that humans are
fallible. Such processes might include requiring unit tests,
integration tests, stress tests, etc., requiring code reivews by a
second pair of eyes, perhaps using formal proofs, having multiple
implementations of critical algorithms, cross-checking the results
from those independent implementations, and so on.
Haven't you just pushed the need for perfection from coding to processes
to achieve ‘imperfect code doesn't escape into production’. Perfection
doesn't exist there either.
--
Cheers, Ralph.