From: Marin David Condic <condicma@bogon.pwfl.com>
Subject: Re: Ada and Java. different behaviour. casting long to int problem.
Date: 1999/06/17
Date: 1999-06-17T00:00:00+00:00 [thread overview]
Message-ID: <376906CF.109EEF55@pwfl.com> (raw)
In-Reply-To: 7kaa6o$nr3$2@wanadoo.fr
Jean-Pierre Rosen wrote:
> Please read the report.
> The Ariane 501 failure was caused by the *removal* of a necessary
> check.
> Ada then diagnosed correctly the error, and did what the
> specifications required it to do in this case: it made a memory dump
> which was interpreted by the flight computer as positionnal data.
> You can't blame the language for doing exactly what was in the
> specification; the specifications were wrong.
> Of course, without overflow checking, you would'nt have triggered the
> incorrect behaviour required by the specification, but I don't think
> this can be taken as an argument against overflow checking...
This is a debate which has gone on before and you may be letting the
toothpaste get out of the tube. ;-) IMHO, the *real* problem was not
anything to do with language features - it was a fundamental management
problem. They decided to use a piece of very successful, reliable
software in a different application and never bothered to verify that it
would work correctly given an entirely new and different set of
requirements. The code which "broke" was only the immediate cause, but
not the fundamental reason. In my understanding, they explicitly removed
runtime checks from the code in question because of performance issues
(not at all uncommon) but then went and validated that the code would
never see anything out of range given the flight profile of the Ariane 4
rocket. Hence, the code was safe. Moving the code to Ariane 5 which had
a different flight profile changed the requirements - but the code was
never tested against those requirements. Hence the disaster.
MDC
--
Marin David Condic
Real Time & Embedded Systems, Propulsion Systems Analysis
United Technologies, Pratt & Whitney, Large Military Engines
M/S 731-95, P.O.B. 109600, West Palm Beach, FL, 33410-9600
***To reply, remove "bogon" from the domain name.***
Visit my web page at: http://www.mcondic.com/
next prev parent reply other threads:[~1999-06-17 0:00 UTC|newest]
Thread overview: 120+ messages / expand[flat|nested] mbox.gz Atom feed top
1999-06-12 0:00 Ada and Java. different behaviour. casting long to int problem nabbasi
1999-06-12 0:00 ` Tucker Taft
1999-06-12 0:00 ` Keith Thompson
1999-06-12 0:00 ` kirck
1999-06-13 0:00 ` Robert Dewar
1999-06-12 0:00 ` Fred
1999-06-14 0:00 ` Mark Hood
1999-06-15 0:00 ` mike
1999-06-15 0:00 ` D'Arcy Smith
1999-06-16 0:00 ` George W. Bayles
1999-06-16 0:00 ` D'Arcy Smith
1999-06-17 0:00 ` Aidan Skinner
1999-06-17 0:00 ` Matthew Heaney
1999-06-15 0:00 ` Marin David Condic
1999-06-15 0:00 ` Mike Silva
1999-06-15 0:00 ` rich
1999-06-15 0:00 ` tmoran
1999-06-15 0:00 ` David Botton
1999-06-16 0:00 ` Richard D Riehle
1999-06-16 0:00 ` Samuel Mize
1999-06-15 0:00 ` Marin David Condic
1999-06-15 0:00 ` D'Arcy Smith
1999-06-15 0:00 ` Keith Thompson
1999-06-16 0:00 ` D'Arcy Smith
1999-06-16 0:00 ` bill
1999-06-16 0:00 ` George W. Bayles
1999-06-16 0:00 ` Fraser Wilson
1999-06-17 0:00 ` Aidan Skinner
1999-06-17 0:00 ` David Botton
1999-06-18 0:00 ` Dale Stanbrough
1999-06-18 0:00 ` David Botton
1999-06-18 0:00 ` Pascal Obry
1999-06-18 0:00 ` Matthew Heaney
1999-06-17 0:00 ` Chris Dollin
1999-07-20 0:00 ` Geoff Bull
1999-06-16 0:00 ` George W. Bayles
1999-06-16 0:00 ` D'Arcy Smith
1999-06-16 0:00 ` D'Arcy Smith
1999-06-16 0:00 ` Tucker Taft
1999-06-17 0:00 ` George W. Bayles
1999-06-17 0:00 ` Tucker Taft
1999-06-17 0:00 ` bob
1999-06-17 0:00 ` Larry Kilgallen
1999-06-16 0:00 ` Marin David Condic
1999-06-16 0:00 ` Mike Silva
1999-06-16 0:00 ` D'Arcy Smith
1999-06-16 0:00 ` kirk
1999-06-16 0:00 ` Hyman Rosen
1999-06-17 0:00 ` Robert I. Eachus
1999-06-17 0:00 ` Hyman Rosen
1999-06-17 0:00 ` Marin David Condic
1999-06-17 0:00 ` bob
1999-06-18 0:00 ` Hyman Rosen
1999-06-18 0:00 ` mike
1999-06-18 0:00 ` Hyman Rosen
1999-06-19 0:00 ` Samuel Mize
1999-06-21 0:00 ` Marin David Condic
1999-06-19 0:00 ` Dale Stanbrough
1999-06-21 0:00 ` Marin David Condic
1999-06-21 0:00 ` Mike Silva
1999-06-17 0:00 ` Jean-Pierre Rosen
1999-06-17 0:00 ` Marin David Condic [this message]
1999-06-17 0:00 ` Samuel Mize
1999-06-17 0:00 ` Marin David Condic
1999-06-22 0:00 ` Hyman Rosen
1999-06-22 0:00 ` Keith Thompson
1999-06-23 0:00 ` Marin David Condic
1999-06-24 0:00 ` Robert A Duff
1999-06-24 0:00 ` Marin David Condic
1999-06-23 0:00 ` Marin David Condic
1999-06-18 0:00 ` Aidan Skinner
1999-06-17 0:00 ` Markus Kuhn
1999-06-20 0:00 ` Sera Hirasuna
1999-06-19 0:00 ` Kio
1999-06-20 0:00 ` Vladimir Olensky
1999-06-21 0:00 ` Hyman Rosen
1999-06-21 0:00 ` Samuel T. Harris
1999-06-22 0:00 ` Richard D Riehle
1999-06-22 0:00 ` Robert I. Eachus
1999-06-23 0:00 ` Richard D Riehle
1999-06-23 0:00 ` Aidan Skinner
1999-06-16 0:00 ` D'Arcy Smith
1999-06-17 0:00 ` Markus Kuhn
1999-06-17 0:00 ` D'Arcy Smith
1999-06-17 0:00 ` john
1999-06-17 0:00 ` Ed Falis
1999-06-18 0:00 ` Aidan Skinner
1999-06-17 0:00 ` Jean-Pierre Rosen
1999-06-22 0:00 ` Robert Dewar
1999-06-23 0:00 ` Marin David Condic
1999-06-23 0:00 ` Vladimir Olensky
1999-06-23 0:00 ` Marin David Condic
1999-06-23 0:00 ` Roedy Green
1999-06-23 0:00 ` Marin David Condic
1999-06-23 0:00 ` Keith Thompson
1999-06-24 0:00 ` Marin David Condic
1999-06-24 0:00 ` Mike Silva
1999-06-15 0:00 ` Samuel Mize
1999-06-16 0:00 ` Mark Hood
1999-06-17 0:00 ` Jean-Pierre Rosen
1999-06-17 0:00 ` Robert I. Eachus
1999-06-17 0:00 ` Marin David Condic
1999-06-15 0:00 ` Samuel Mize
1999-06-15 0:00 ` jerry
1999-06-16 0:00 ` Richard D Riehle
1999-06-16 0:00 ` jerry
1999-06-17 0:00 ` Markus Kuhn
1999-06-17 0:00 ` David Botton
1999-06-12 0:00 ` PPAATT
1999-06-13 0:00 ` Robert Dewar
1999-06-14 0:00 ` tmoran
1999-06-30 0:00 ` John Merryweather Cooper
1999-07-01 0:00 ` Chad R. Meiners
1999-07-02 0:00 ` Robert Dewar
1999-07-02 0:00 ` John Merryweather Cooper
1999-07-03 0:00 ` Robert Dewar
1999-06-12 0:00 ` nabbasi
1999-06-12 0:00 ` jerry
1999-06-12 0:00 ` Robert Dewar
1999-06-14 0:00 ` Marin David Condic
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox