From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,
	REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4
X-Google-Thread: 103376,7d3cb5920e882220
X-Google-Attributes: gid103376,public,usenet
X-Google-Language: ENGLISH,ASCII-7-bit
Path: 
 g2news1.google.com!news4.google.com!feeder1-2.proxad.net!proxad.net!feeder2-2.proxad.net!newsfeed.arcor.de!newsspool1.arcor-online.net!news.arcor.de.POSTED!not-for-mail
From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Subject: Re: Contracted exceptions for Ada
Newsgroups: comp.lang.ada
User-Agent: 40tude_Dialog/2.0.15.1
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Reply-To: mailbox@dmitry-kazakov.de
Organization: cbb software GmbH
References: 
 <5947aa62-2547-4fbb-bc46-1111b4a0dcc9@x69g2000hsx.googlegroups.com>
 <KoSdnYQKWIUB9cXanZ2dnUVZ_oytnZ2d@comcast.com>
 <uvkiadiwrfh2.wi288ebeq18y.dlg@40tude.net> <fjd2t9$hkg$1@jacob-sparre.dk>
 <7m9wkymyi5h7.1235e72is9mp9.dlg@40tude.net>
 <1355376.ahPdGlRDJW@linux1.krischik.com>
 <1bvj0n3ana6zj.1b1q7na2q2i0a.dlg@40tude.net> <m23aubiufw.fsf@mac.com>
 <5tw4p3ydoalt$.eyhp82hd04ch.dlg@40tude.net> <m2prxeguv5.fsf@mac.com>
Date: Tue, 11 Dec 2007 09:50:31 +0100
Message-ID: <1vc7xfiouucfe.14549yzryw44i$.dlg@40tude.net>
NNTP-Posting-Date: 11 Dec 2007 09:42:47 CET
NNTP-Posting-Host: 88454054.newsspool1.arcor-online.net
X-Trace: 
 DXC=57lSnWePRQeeoCI^f\Y]Eaic==]BZ:afn4Fo<]lROoRa4nDHegD_]RemN2fL^BObFfDNcfSJ;bb[eFCTGGVUmh?dLK[5LiR>kgbQa9In\@Pc7a
X-Complaints-To: usenet-abuse@arcor.de
Xref: g2news1.google.com comp.lang.ada:18891
Date: 2007-12-11T09:42:47+01:00
List-Id: <comp.lang.ada>

On Mon, 10 Dec 2007 20:25:34 +0000, Simon Wright wrote:

> The Ariane IV system engineers said to themselves, and probably in the
> design documentation, "The maximum horizontal velocity is X. Therefore
> the conversion to the fixed-point type _Whatever_ cannot
> overflow. Therefore we do not need to handle exceptions for this
> conversion, so (given we are short of CPU power) we will not do any
> extra processing to avoid exceptions."
>
> Not sure they would have recognised "contract" in that context.

Yes, my premise was that the type of H_Input changed from Ariane IV to
Ariane V. In this case translation of the conversion function
H_Input_To_Whatever could refute the second "therefore" because X would not
be the maximal possible value of H_Input anymore.

>> My point is that the fault could be detected (assuming that
>> conversion was in Ada), under the condition that the compiler vendor
>> would not make the same mistake while porting the compiler... (:-))
> 
> Not if there was no port, and the exact same hardware with the exact
> same software was reused! (I'm not sure if that was in fact the case)

You mean that the ADC was reused as well? In that case (just speculating of
course) the compiler could detect the problem already for Ariane IV,
noticing that the range of H_Input is not bound by X and forcing to add an
exception handler somewhere.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de