From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM
	autolearn=ham autolearn_force=no version=3.4.4
X-Google-Thread: 103376,ac9405996d0dcb7f
X-Google-Attributes: gid103376,public
X-Google-Language: ENGLISH,ASCII-7-bit
Path: g2news1.google.com!postnews.google.com!not-for-mail
From: snarflemike@yahoo.com (Mike Silva)
Newsgroups: comp.lang.ada
Subject: Re: Would You Fly an Airplane with a Linux-Based Control System?
Date: 26 Nov 2004 13:09:54 -0800
Organization: http://groups.google.com
Message-ID: <20619edc.0411261309.220c8ab8@posting.google.com>
References: <20619edc.0411251028.3e249bf3@posting.google.com>
	<oSFxff11_F@VB1162.spb.edu>
 <mailman.123.1101469316.10401.comp.lang.ada@ada-france.org>
NNTP-Posting-Host: 67.8.58.78
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: posting.google.com 1101503394 25977 127.0.0.1 (26 Nov 2004 21:09:54
 GMT)
X-Complaints-To: groups-abuse@google.com
NNTP-Posting-Date: Fri, 26 Nov 2004 21:09:54 +0000 (UTC)
Xref: g2news1.google.com comp.lang.ada:6525
Date: 2004-11-26T13:09:54-08:00
List-Id: <comp.lang.ada>

Marius Amado Alves <amado.alves@netcabo.pt> wrote in message news:<mailman.123.1101469316.10401.comp.lang.ada@ada-france.org>...
> Alexander E. Kopilovich wrote:
> >... 
> > - The on-board software detects that one of the accelerometers is out of
> > range (actually, there was FPU exception generated when float-to-integer 
> > conversion exceeded the capacity of the integer), this was interpreted as
> > hardware error and caused the backup processor to take over;...
> > 
> > Do you agree that this addition is enough there?
> 
> No. This whole talk of hardware-generated exception sounds like "FUD". 
> Namely, it sounds like your trying to blame the hardware. The cause was 
> a SOFTWARE enginering error. Yes, a BUG. In the Ada software. And 
> because it's connected to exceptions, the hypothesis that if the thing 
> had been done in an exceptionless language like C the effect might have 
> been different. And yes, maybe less bad. And none of the explanations 
> I've seen so far (here, in books, and in the Internet) disprove this 
> hypothesis.

Even accepting your assertion that your hypothesis has not been
disproven, what conclusion do you draw?  That deliberately ignoring
out-of-range data (not throwing it away, just ignoring it) will
generally lead to safer systems than dealing with out-of-range data in
some pre-determined way that may not always be the right choice
(especially if the system is mis-used in a manner so that out-of-range
data is suddenly legal)?

What, again, is your conclusion?