Re: Ariane 5 Failure - Summary Report

[Ken Garlington <garlingtonke@lmtas.lmco.com>]

Alan Brain wrote:
> 
> Thirdly, assuming either of the above, not checking that an arithmetic operation of
> this kind before it's fully complete is just plain silly. And such a check is un
> morceau de gateaux. This is an implementation fault.

It's a question of perception. If a system designer says, "Don't add this check," and
I as an implementer don't add this check (possibly only after asking the designer,
"Are you _sure_"?), is this a design or an implementation fault?

It appears to me, from reading the report, that the lack of a check was an intentional
_design_ decision, not just something that was required but inadvertantly left out of
the code. I consider this a design fault (if not a specification fault).

In the final analysis, you could call all of this an implementation error (since the
implementation is the only part of the process that was actually on the system), but
to me that seems to be a poor way to understand the chain of events.

> Jeez, Ada provides safety belts, Anti-lock brakes, etc but if people don't buckle
> up, and don't even bother to use the brake peddle, what can you do?

Certainly, if people don't buckle up, you don't blame the car implementer 
(manufacturer)!

-- 
LMTAS - "Our Brand Means Quality"