From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID
	autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,885dab3998d28a4
X-Google-Attributes: gid103376,public
X-Google-Thread: 101deb,885dab3998d28a4
X-Google-Attributes: gid101deb,public
X-Google-Thread: 107079,eca28648989efca9
X-Google-Attributes: gid107079,public
X-Google-Thread: f74ae,eca28648989efca9
X-Google-Attributes: gidf74ae,public
From: KUNNE@frcpn11.in2p3.fr (Ronald Kunne)
Subject: Re: Ariane 5 failure
Date: 1996/09/27
Message-ID: <1780FB1E3.KUNNE@frcpn11.in2p3.fr>#1/1
X-Deja-AN: 185625626
distribution: inet
references: <agrapsDy4oJH.29G@netcom.com> <52a572$9kk@goanna.cs.rmit.edu.au>
 <52bm1c$gvn@rational.rational.com> <1780E8471.KUNNE@frcpn11.in2p3.fr>
 <mheaney-ya023180002609962252500001@news.ni.net>
organization: In2p3
newsgroups: sci.astro,sci.math.num-analysis,comp.lang.pl1,comp.lang.ada
Date: 1996-09-27T00:00:00+00:00
List-Id: <comp.lang.ada>


In article <mheaney-ya023180002609962252500001@news.ni.net>
mheaney@ni.net (Matthew Heaney) writes:
 
>>The problem of constructing bug-free real-time software seems to me
>>a trade-off between safety and speed of execution (and maybe available
>>memory?). In other words: including tests on array boundaries might
>>make the code saver, but also slower.
 
>Why, yes.  If the rocket blows up, at the cost of millions of dollars, then
>I'm not clear what the value of "faster execution" is.  The rocket's gone,
>so what difference does it make how fast the code executed?  If you left
>the range checks in, your code would be *marginally* slower, but you'd
>still have your rocket, now wouldn't you?
 
Despite the sarcasm, I will elaborate.
 
Suppose an array goes from 0 to 100, and the calculated index is known
not to go outside this range. Why would one insist on putting the
range test in, which will slow down the code? This might be a problem
if the particular piece of code is heavily used, and the code executes
too slowly otherwise. "Marginally slower" if it happens only once, but
such checks on indices and function arguments (like squareroots), are
necessary *everywhere* in code, if one is consequent.
 
Actually, this was the case here: the code was taken from an Ariane 4
code where it was physically impossible that the index would go out
of range: a test would have been a waste of time.
Unfortunately this was no longer the case in the Ariane 5.
 
Friendly greetings,
Ronald Kunne