From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM
	autolearn=ham autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,f039470e8f537101
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2003-07-23 07:11:24 PST
Path: 
 archiver1.google.com!news1.google.com!newsfeed.stanford.edu!bloom-beacon.mit.edu!news-peer.gip.net!news.gsl.net!gip.net!nntp.abs.net!ash.uu.net!spool.news.uu.net!not-for-mail
Date: Wed, 23 Jul 2003 10:11:12 -0400
From: Hyman Rosen <hyrosen@mail.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
 rv:1.5a) Gecko/20030611 Thunderbird/0.1a
X-Accept-Language: en-us, en
MIME-Version: 1.0
Newsgroups: comp.lang.ada
Subject: Re: Ariane5 FAQ
References: <mailman.26.1058753354.24167.comp.lang.ada@ada.eu.org>
 <1058799152.775376@master.nyc.kbcfp.com>
 <bfh2gb$eeiv4$1@ID-175126.news.uni-berlin.de>
 <1058810510.375902@master.nyc.kbcfp.com>
 <bfhaed$e786b$1@ID-175126.news.uni-berlin.de>
 <1058813341.841940@master.nyc.kbcfp.com>
 <bfhe55$eqglr$1@ID-175126.news.uni-berlin.de>
 <1058816605.566685@master.nyc.kbcfp.com>
 <bfhjjr$eftm1$1@ID-175126.news.uni-berlin.de>
 <AY0Ta.14787$0F4.7550@nwrdny02.gnilink.net>
 <PmiTa.119324$ye4.85458@sccrnsc01>
In-Reply-To: <PmiTa.119324$ye4.85458@sccrnsc01>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Organization: KBC Financial Products
Message-ID: <1058969472.350716@master.nyc.kbcfp.com>
Cache-Post-Path: master.nyc.kbcfp.com!unknown@nightcrawler.nyc.kbcfp.com
X-Cache: nntpcache 3.0.1 (see http://www.nntpcache.org/)
NNTP-Posting-Host: 204.253.250.10
X-Trace: 1058969472  26823 204.253.250.10
Xref: archiver1.google.com comp.lang.ada:40706
Date: 2003-07-23T10:11:12-04:00
List-Id: <comp.lang.ada>

Larry Elmore wrote:
> It was a design decision that in that case, there was no point in
 > handling that exception in software. It was not an oversight. It
 > did what it was supposed to do -- if it was flying on an Ariane 4.

If the value of the parameter had exceeded the Ariane 4 maximum but
was less than the 16-bit maximum, there would have been no exception
at all at the conversion point, and the too-high value would have
gone through the rest of the system, doing something else. There was
nothing in the code to handle a too-large value. The code would simply
barge ahead, either working or causing exceptions depending on the
exact number. You may wish to call that behavior "doing what it was
supposed to do" but I think that's a mischaracterization.

I'm not saying that the Ariane 4 people did anything unsuitable for
the Ariane 4. But doing it this way made the code brittle.
The investigation board said
    "No reference to justification of this decision was found
     directly in the source code. Given the large amount of
     documentation associated with any industrial application,
     the assumption, although agreed, was essentially obscured,
     though not deliberately, from any external review."

This is exactly the kind of coding practice that leads to problems
like integer overflow, buffer overflow, and Y2K issues. Shortcuts
are taken in order to optimize a program for local conditions, but
the dependencies are not communicated properly to people who then
go on to use the code in situations where the local conditions no
longer apply.