From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID
	autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 101deb,885dab3998d28a4
X-Google-Attributes: gid101deb,public
X-Google-Thread: f74ae,eca28648989efca9
X-Google-Attributes: gidf74ae,public
X-Google-Thread: 103376,885dab3998d28a4
X-Google-Attributes: gid103376,public
X-Google-Thread: 107079,eca28648989efca9
X-Google-Attributes: gid107079,public
From: wayne@cs.toronto.edu (Wayne Hayes)
Subject: Re: Ariane 5 failure
Date: 1996/09/27
Message-ID: <1996Sep27.023246.18774@jarvis.cs.toronto.edu>#1/1
X-Deja-AN: 185597344
distribution: inet
x-nntp-posting-host: qew.cs.toronto.edu
references: <agrapsDy4oJH.29G@netcom.com> <52bm1c$gvn@rational.rational.com>
 <1780E8471.KUNNE@frcpn11.in2p3.fr>
 <mheaney-ya023180002609962252500001@news.ni.net>
organization: CS Lab, University of Toronto
newsgroups: sci.astro,comp.lang.ada,sci.math.num-analysis,comp.lang.pl1
Date: 1996-09-27T00:00:00+00:00
List-Id: <comp.lang.ada>


In article <mheaney-ya023180002609962252500001@news.ni.net>,
Matthew Heaney <mheaney@ni.net> wrote:
>Why, yes.  If the rocket blows up, at the cost of millions of dollars, then
>I'm not clear what the value of "faster execution" is.  The rocket's gone,
>so what difference does it make how fast the code executed?  If you left
>the range checks in, your code would be *marginally* slower, but you'd
>still have your rocket, now wouldn't you?

You have a moot point.  In this case, catching the error wouldn't have
helped.  The out-of-bounds error happened in a piece of code designed
for the Ariane-4, in which it was *physically impossible* for the value
to overflow (the Ariane-4 didn't go that fast, and it was a velocity
variable).  Then the code was used, as-is, in the Ariane-5, without an
analysis of how the code would react in the new hardware, which flew
faster.  Had the analysis been done, they wouldn't have added bounds
checking, they would have modified the code to actually *work*, because
they would have realized that the code was *guaranteed* to fail on the
first flight.

-- 
        "And a woman needs a man...        || Wayne Hayes, wayne@cs.utoronto.ca
      like a fish needs a bicycle..."      || Astrophysics & Computer Science
-- U2 (apparently quoting Gloria Steinem?) || http://www.cs.utoronto.ca/~wayne