I think most of us agree that SQLite is close to the gold standard for stability and testing. This post reminds us that even SQLite has critical bugs.<p>But looking at <a href="https://www.sqlite.org/cgi/src/rptview?rn=7" rel="nofollow">https://www.sqlite.org/cgi/src/rptview?rn=7</a> I see a few Core Crash Bugs every month (April has 7). Most of them are not 'critical', to be clear, plenty of 'severe' and 'important' in the list.<p>I don't want to disparage SQLite. They have a free, fantastic product, go to great lengths to have stability no matter what, and document their processes. I learned a lot of them.<p>But clearly, our gold standard is not perfect. So now what?<p>* We might turn to theorem proving. But is it possible at SQLite scale? Are the proofs themselves enough? I remember about a critical piece of software with a proof no incorrect answers would come out. Turns out they forgot to prove the program would end, so they got no answer ever instead of an incorrect one. How do you prove your proofs are complete enough?<p>* We might turn to fuzzing, code analyses, linting,... SQLite does all of them.<p>* Or simply admit we are human, fallible, and try to do the best we can while knowing our limits? Sounds defeatist.