From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=BAYES_00,INVALID_MSGID, PP_MIME_FAKE_ASCII_TEXT autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII X-Google-Thread: fac41,a48e5b99425d742a X-Google-Attributes: gidfac41,public X-Google-Thread: 1108a1,5da92b52f6784b63 X-Google-Attributes: gid1108a1,public X-Google-Thread: 103376,a48e5b99425d742a X-Google-Attributes: gid103376,public X-Google-Thread: f43e6,a48e5b99425d742a X-Google-Attributes: gidf43e6,public From: Ken Garlington Subject: Re: Ariane-5: can you clarify? (Re: Please do not start a language war) Date: 1997/03/25 Message-ID: <333830BE.2DFD@lmtas.lmco.com>#1/1 X-Deja-AN: 228289601 References: <332B5495.167EB0E7@eiffel.com> Organization: Lockheed Martin Tactical Aircraft Systems Newsgroups: comp.lang.eiffel,comp.object,comp.software-eng,comp.lang.ada Date: 1997-03-25T00:00:00+00:00 List-Id: Nick Leaton wrote: > > Ken Garlington wrote: > > > > Nick Leaton wrote: > > > > > > Karel Th�nissen wrote: > > > > > > > > From personal experience I have found this to be the case. Being able to > > > > > test your comments is very useful! > > > > > > > > I fully agree, and every one should do this. But do you get this taught > > > > in software engineering class or do software engineering methods or > > > > languages enforce this? Do project managers require this? > > > > To further clarify my/our point. Right now tens of thousands of > > > > programmers wish that assumptions were more accurately documented in the > > > > code - on the spot - if only by means of informal comments. These > > > > programmers are making our software ready for the Y2000, they know the > > > > assumptions made, if only they could easily find those spots. > > > > > > I was very sceptical about assertions until I started using Eiffel. I am > > > now converted. > > > > > > I would however be interested in a discussion on how exceptions should > > > be handled. > > > > > > 1) Report and fail > > > 2) Have logic. In the Ariane case, just shut down the SRI after launch > > > 3) Fix and retry - could just be wait and retry > > > 4) Try method B > > > > > > Are there any others? > > > > I wouldn't recommend #2 in the Ariane 5 case, since that is exactly what > > the SRI did in response to the exception!!!!! > > > > In reality, there is no "one size fits all" response to exceptions. Each > > case must be analyzed separately - which is part of what makes writing > > good assertions so difficult. > > You misunderstand me, probably because 2) is not as explicit as I > originally intended. > > SRI raises exception. > Exception handler receives exception. > Exception handler checks launch status and finds out that > the rocket is launched. Since SRI is used for alignment, it is > now redundant so can be shutdown/ignored. Actually, the SRI is used during the entire flight profile. There was an alignment *function* that was contained *within* the SRI that should have been shut down as soon as the Ariane took off (alignment functions do not typically work well with moving platforms!) It would probably have been reasonable to shut down the process doing the alignment function of the SRI, assuming the processes were partitioned in a way that allowed the other necessary functions to continue, although there was no need to wait until an exception was raised to do this. So, in this particular case, it was probably reasonable to shut down part (but not all) of the SRI. Other parts of the SRI may not be able to shutdown under ANY circumstances. > > -- > > Nick -- LMTAS - The Fighter Enterprise - "Our Brand Means Quality" For job listings, other info: http://www.lmtas.com or http://www.lmco.com