From: Ken Garlington <kennieg@nospam.flash.net>
Subject: Handling Exceptions
Date: 1998/02/12
Date: 1998-02-12T00:00:00+00:00 [thread overview]
Message-ID: <34E3A7EE.45B5@nospam.flash.net> (raw)
An article in the most recent issue of Aviation Week
and Space Technology caused me to think once again
about the difficulty of choosing appropriate responses
to raised exceptions.
An avaition display had been designed to perform an
automated reset when a particular parameter exceeded
a particular limit. The limit had been chosen to be
greater than any expected "real" value, such that only
system faults such as a corrupted message would reasonably
be the cause of the error.
A commercial aircraft using this display excountered
extreme turbulence, and the aircraft rocked violently,
causing the parameter to go out of tolerance. The display
performed a reset as required -- causing the data on the
display to become unavailable to the pilot for the 2-3
seconds (s)he needed it most, during the recovery from
the turbulence.
Although the language used in the display is not discussed
in the article, I think Ada users can benefit from considering
the issues this incident highlights. It is also comparing and
contrasting this case and the Ariane 5 disaster.
(More discussion on the problems of choosing good exception
handling is at
http://www.flash.net/~kennieg/ariane.html#s3.3 )
next reply other threads:[~1998-02-12 0:00 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
1998-02-12 0:00 Ken Garlington [this message]
1998-02-19 0:00 ` Handling Exceptions Nick Roberts
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox