AW: [std-proposals] What a non-reallocating version of the standard would look like.

An autopilot could disengage (that may count as going into a failure mode and request human intervention).

Very critical software can be programmed with two different methods (different teams, different programming languages, even different hardware) to avoid common failure modes.

-----Ursprüngliche Nachricht-----
Von: Tiago Freire via Std-Proposals <std-proposals@lists.isocpp.org>
Gesendet: Di 02.06.2026 09:03
Betreff: Re: [std-proposals] What a non-reallocating version of the standard would look like.
An: std-proposals@lists.isocpp.org;
CC: Tiago Freire <tmiguelf@hotmail.com>;

Likely what happens in those devices when a critical error occurs is that it keeps running regardless because stopping is worse, it may go into a failure mode, it may try to reset things and recover from the error while trying to keep whatever device it is controlling in a safe state as best as possible, maybe it has to trigger an alarm and request human intervention right now, but it can never stop.