Fail Safe

I have used NuMega's FailSafe products for years in my VisualBasic development to find out what could be causing my errors and to automatically generate error handling routines. -- sg

---

The expression also refers to a design criterion that insists the system remain in a non-harmful state despite whatever failure may occur.

For example, in a TrainDispatch system, fail safe means that when all else fails the trains are safe (All lights red.) This would probably be best dealt with in a distributed manner by making all signals automatically red unless a heartbeat from the central controller said stay green. (Information discovered by clicking on title and reading referring pages).

To use your actual example... Historically, train signals used red for "stop" and white/clear for "go". Problem was that the colored lenses would occasionally get broken and fall out of the lamp, thus a signal that should have been red appeared clear. Result: train smash-ups. By changing the protocol to let red or clear mean "stop" (and green for "go"), the signals became fail-safe... at least as far as missing signal lenses were concerned.

Having been involved in implementation of Automatic Train-Stop systems, I can tell you, unless the Engineer in clear violation of operating rules finds a way to over-ride the system, in the case of a broken lens or even burnt-out lamps in the signal. or fog, or mud on the windshield, failure to acknowledge an automatic signal of a more restrictive condition (even yellow) within a given short period of time, for whatever reason, will result in the brakes of the locomotive and its consist being applied automatically to bring the train to a sudden and abrupt stop.

Other sources will confirm the above:

• http://en.wikipedia.org/wiki/Automatic_train_stop
• http://en.wikipedia.org/wiki/Cab_signalling

---

Despite the existence of such products mentioned above, the writers of many modern operating systems seem to think most users are quite OK about rebooting their machines with monotonous regularity as if there was nothing better to do with one's own or one's employers valuable time ....

Perhaps its not really the fault of the writers of these operating systems, but that of their marketing colleagues who keep insisting on releasing product to the public way before its ready.

-- RichardCollins

Most systems cannot be made failure-proof, but they can be designed such that a failure will not lead to injury/death or to catastrophic data loss. A desktop system that requires a reboot is probably in a FailSafe state.

In popular mis-usage, fail-safe has come to mean infallible. The original concept of fallible but still safe is very effective in distributed and scalable system design. -- PeteProkopowicz