From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,7e8cebf09cf80560 X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII Path: g2news1.google.com!postnews.google.com!v31g2000vbs.googlegroups.com!not-for-mail From: KK6GM Newsgroups: comp.lang.ada Subject: Re: How would Ariane 5 have behaved if overflow checking were notturned off? Date: Fri, 18 Mar 2011 09:49:17 -0700 (PDT) Organization: http://groups.google.com Message-ID: <05ec46e3-cc9c-406e-b4c9-3c1392726436@v31g2000vbs.googlegroups.com> References: <4d80b13f$0$43832$c30e37c6@exi-reader.telstra.net> <4d8200ce$0$43837$c30e37c6@exi-reader.telstra.net> <4d820f84$0$6990$9b4e6d93@newsspool4.arcor-online.net> <4d835402$0$43840$c30e37c6@exi-reader.telstra.net> <4d8356e0$0$5764$882e7ee2@usenet-news.net> NNTP-Posting-Host: 12.35.64.226 Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Trace: posting.google.com 1300466957 16083 127.0.0.1 (18 Mar 2011 16:49:17 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Fri, 18 Mar 2011 16:49:17 +0000 (UTC) Complaints-To: groups-abuse@google.com Injection-Info: v31g2000vbs.googlegroups.com; posting-host=12.35.64.226; posting-account=qZVz2QoAAAAN9WxYp-9jYb7jORc4Zqwt User-Agent: G2/1.0 X-HTTP-Via: 1.1 barracudaweb.tritool.rancho:8080 (http_scan/4.0.2.6.19) X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MDDR; .NET4.0C; .NET4.0E; InfoPath.1),gzip(gfe) Xref: g2news1.google.com comp.lang.ada:18303 Date: 2011-03-18T09:49:17-07:00 List-Id: On Mar 18, 5:57=A0am, Hyman Rosen wrote: > On 3/17/2011 7:34 PM, robin wrote: > > > Provided that the two SRI computers remained switched on, the mission w= as safe. > > Switching off "two still healthy critical units of equipment" guarantee= d failure. I realize now that we have been having two separate discussions, and I'd say that we're _all_ right. That is, it makes much more sense, when encountering a value that has been proven to be impossible to encounter, that the encountering system should fall back to the redundant hardware than to try and "fake it". However, (and this is the case you and robin have been arguing, while ignoring the existence of the redundant hardware in the first place), the last control system in the chain (the 2nd one in this case) should obviously never shut down, but should fall back to a limp-along mode, which of course may or may not be good enough for the mission to succeed.