From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID
	autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,fee8802cc3d8334d
X-Google-Attributes: gid103376,public
From: "Robert I. Eachus" <eachus@mitre.org>
Subject: Re: Ada and Java. different behaviour. casting long to int problem.
Date: 1999/06/17
Message-ID: <3769506F.157411C0@mitre.org>#1/1
X-Deja-AN: 490789188
Content-Transfer-Encoding: 7bit
References: <7jt2c0$vrb@drn.newsguy.com> <f92d7yyweva.fsf@eng.sun.com>
 <7k57vb$1ipf@drn.newsguy.com> <3766650F.705125B7@pwfl.com>
 <7k64t7$igo$1@its.hooked.net> <7k689a$ci2@drn.newsguy.com>
 <3766C842.E1EAB60A@pwfl.com> <3766D1CC.D712895E@itools.symantec.com>
 <7k8nn5$qcb$1@its.hooked.net> <3767E8A2.EF1A0570@itools.symantec.com>
 <7k8tv3$3gm@drn.newsguy.com> <t7so7rdd1u.fsf@calumny.jyacc.com>
X-Accept-Language: en
Content-Type: text/plain; charset=us-ascii
Organization: The MITRE Corporation
Mime-Version: 1.0
Newsgroups: comp.lang.ada
Date: 1999-06-17T00:00:00+00:00
List-Id: <comp.lang.ada>

Hyman Rosen wrote:
 
> Looks like it's time to mention again that an unhandled exception
> raised by conversion overflow caused the Ariane 5 rocket to go off
> course, resulting in its destruction.
 
    It may be time again to point out that that the software behaved
exactly as it was intended to behave.  However, it was designed for the
Ariane 4 and used succesfully in numerous launches, including one where
the specific feature that killed the first Ariane 5 was used.  To "save"
money, it was decided to use the software unchanged in the Araine 5 and
never check it against the Ariane 5 requirements, or do any ground
testing.  (To be fair, a simulation environment for the flight control
software was originally planed, but it was cut for cost and schedule
reasons.)

    Behavior that indicated a major malfunction on Ariane 4 was normal
and expected on the Ariane 5.  Software reuse can save money, but you
still have to ensure somehow that the software meets the new
requirements.  The way that the Ariane 5 project chose to do that was
probably the most expensive way possible.

    I'm not saying this to "defend" Ada.  I'm saying it because there
are circumstances where the software developers have no chance to get it
right because of management blunders, and it is wrong to blame this
either on the programmers or the programming language.  If someone buys
navigation software designed for cargo ships, then installs it in an
airplane, that nifty automatic grounding avoidance feature is going to
cause real problems.  But that is not the software developers fault. 
-- 

                                        Robert I. Eachus

with Standard_Disclaimer;
use  Standard_Disclaimer;
function Message (Text: in Clever_Ideas) return Better_Ideas is...