From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,f948976d12c7ee33 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2003-06-24 05:21:15 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!headwall.stanford.edu!newshub.sdsu.edu!elnk-pas-nf2!newsfeed.earthlink.net!stamper.news.pas.earthlink.net!stamper.news.atl.earthlink.net!harp.news.atl.earthlink.net!not-for-mail From: Marin David Condic Newsgroups: comp.lang.ada Subject: Re: Boeing and Dreamliner Date: Tue, 24 Jun 2003 08:06:13 -0400 Organization: MindSpring Enterprises Message-ID: <3EF83EB5.6020204@noplace.com> References: <3EF5F3F3.6000806@attbi.com> <20619edc.0306232122.598389dd@posting.google.com> NNTP-Posting-Host: d1.56.a0.74 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Server-Date: 24 Jun 2003 12:06:24 GMT User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 (OEM-HPQ-PRS1C03) X-Accept-Language: en-us, en Xref: archiver1.google.com comp.lang.ada:39655 Date: 2003-06-24T12:06:24+00:00 List-Id: Rising to the bait, Marin writes... :-) The important thing to remember is that the original designers *deliberately* stripped out the Ada safety features and *deliberately* designed the system to do exactly what it did. There was no bug here - it was a carefully considered engineering decision and, in the context of Ariane 4, it was the correct one. You're analogy of the 5 amp fuse in the 4 amp circuit is 100% on track. It was adequately designed for the original intended usage and then stuck in a different situation where it was not tested for the modified usage. MDC Mike Silva wrote: > > > Good heavens, no, you're thinking of C! There was no buffer overflow, > and there was no bug. There was a float-to-int conversion that was > proven to be safe (FP value guaranteed to always fit into int) for the > -4. Therefore, any conversion overflow was assumed to be caused by a > sensor/hardware problem and thus programmed by intention to shut down > the SDI and let the backup system take over. There is no way I can > imagine that the -4 people can be accused of leaving a bug in the > code. To me the situation is akin to correctly specifying a 5 Amp > fuse in a 4 Amp circuit, then "reusing" the circuit but now pumping 10 > Amps through it. When the 5A fuse blows, was that a design error in > the original circuit? -- ====================================================================== Marin David Condic I work for: http://www.belcan.com/ My project is: http://www.jast.mil/ Send Replies To: m c o n d i c @ a c m . o r g "In general the art of government consists in taking as much money as possible from one class of citizens to give to the other." -- Voltaire ======================================================================