ABSTRACT
The bottom line for mathematicians is that the architecture has to be right. Many characteristics of a system pull against each other — the architect satisfies one at the expense of another. Trade-offs need to be consciously taken into account and the justifications recorded. For many systems that provide functional safety, occasional unreliability can be tolerated, while unavailability is dangerous. In some systems, the relative importance of availability and reliability may change dynamically. High-performance code is likely to be less readable, less easily maintained, less likely to detect runtime errors, and less amenable to deep static analysis than is code specifically written with those characteristics in mind. Integration testing might find that a module that was not specified at design time as needing to have high performance, needs that performance. This could involve not only design, but also implementation, rework.
