From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Thread: 103376,ac9405996d0dcb7f X-Google-Attributes: gid103376,public X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news1.google.com!proxad.net!newsfeed.icl.net!skynet.be!newspost001!tjb!not-for-mail Date: Fri, 26 Nov 2004 23:22:25 +0100 From: Adrien Plisson Reply-To: aplisson-news@stochastique.net User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: fr-be, fr, en-us, en MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: Would You Fly an Airplane with a Linux-Based Control System? References: <2004112218292016807%david@bottoncom> <20619edc.0411251028.3e249bf3@posting.google.com> <41A7014E.8090803@mailinator.com> <41a731d4$0$7824$ba620e4c@news.skynet.be> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Message-ID: <41a7ac28$0$30716$ba620e4c@news.skynet.be> Organization: -= Belgacom Usenet Service =- NNTP-Posting-Host: 300562c7.news.skynet.be X-Trace: 1101507624 news.skynet.be 30716 81.241.123.195:10478 X-Complaints-To: usenet-abuse@skynet.be Xref: g2news1.google.com comp.lang.ada:6529 Date: 2004-11-26T23:22:25+01:00 List-Id: Marius Amado Alves wrote: > This is better. Now, can you prove this? That the ship could get out of > control and crash on a city for example? If C had been used instead? Or > if the exception had not been catched? (Probably not invoking the backup > system.) ok, let's take an example. the system seems to control data associated with the trajectory of the ship. if a value arrives and overflows and if the exception is not catched, there is a lot of chances the value will be truncated and used as a normal value. the result depends on the action you take with this value: we will first consider the system is using this value to control directly the trajectory, by acting on directionnal engines. the value is less than the real value. you try to correct the trajectory but don't correct enough, the ship is going out of its programmed path. - at best, it will then miss the orbit it was programmed for: the satellites will become useless or eventually crash on other satellites on the same orbit, pieces of those satellites may fall down on earth. - at worst, the correction is so bad the ship continue to be out of the path. the more the ship derives, the more the exception arises and is not caught, the more the values are wrong. the ship gets out of control, and start to fall down. since it is out of control, we cannot predict where it will fall... (maybe on cuba which will think of a strike from the u.s. then reply with the atomic bomb. WW3 is starting). the second case is that those values are stored and used as a reference to calculate the absolute position of the ship throughout its journey. obvioulsy, the ship will never take the right path and we are back in the best case of the first consideration. the predictability of the path the ship will take with these truncated values is like predicating the weather: you are able to calculate for some times ahead, but rapidly do not hve enough informations to predict further. now i see your next question: what had happened if C had been used instead ? well, if C had caught the exception, the software would have behaved the same way as the Ada software, and the ship would have exploded too... but exception handling is not really easy in C, considered that there is NO way in the langauge to do it (maybe the exception handling facility that would have been implemented in C would have been buggy...) i can continue for a long time with ifs, maybes and suppositions. "avec des si, on mettrais Paris en bouteille". so we will stop the suppositions, and believe me, it is better that the ship exploded. -- rien