From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM
	autolearn=ham autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,f948976d12c7ee33
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2003-06-23 22:22:46 PST
Path: archiver1.google.com!postnews1.google.com!not-for-mail
From: snarflemike@yahoo.com (Mike Silva)
Newsgroups: comp.lang.ada
Subject: Re: Boeing and Dreamliner
Date: 23 Jun 2003 22:22:45 -0700
Organization: http://groups.google.com/
Message-ID: <20619edc.0306232122.598389dd@posting.google.com>
References: <mailman.4.1056169754.352.comp.lang.ada@ada.eu.org>
 <zN9Ja.2184$N%6.569@nwrdny02.gnilink.net> <3EF5F3F3.6000806@attbi.com>
 <e2e5731a.0306231813.35f7dd7a@posting.google.com>
 <pNOJa.9904$Kg7.2691@nwrdny01.gnilink.net>
NNTP-Posting-Host: 165.247.209.198
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: posting.google.com 1056432165 9196 127.0.0.1 (24 Jun 2003 05:22:45
 GMT)
X-Complaints-To: groups-abuse@google.com
NNTP-Posting-Date: 24 Jun 2003 05:22:45 GMT
Xref: archiver1.google.com comp.lang.ada:39633
Date: 2003-06-24T05:22:45+00:00
List-Id: <comp.lang.ada>

Hyman Rosen <hyrosen@mail.com> wrote in message news:<pNOJa.9904$Kg7.2691@nwrdny01.gnilink.net>...
> ...Pure and simple,
> the Ariane 4 programmers left a buffer overflow bug in their
> code, and the Ariane 5 people tripped over it. 

Good heavens, no, you're thinking of C!  There was no buffer overflow,
and there was no bug.  There was a float-to-int conversion that was
proven to be safe (FP value guaranteed to always fit into int) for the
-4.  Therefore, any conversion overflow was assumed to be caused by a
sensor/hardware problem and thus programmed by intention to shut down
the SDI and let the backup system take over.  There is no way I can
imagine that the -4 people can be accused of leaving a bug in the
code.  To me the situation is akin to correctly specifying a 5 Amp
fuse in a 4 Amp circuit, then "reusing" the circuit but now pumping 10
Amps through it.  When the 5A fuse blows, was that a design error in
the original circuit?

> The fact that it was in Ada helped not at all.

True enough, even though the exception was a hardware trap that would
have done the same thing regardless of language.

Mike