From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,FORGED_GMAIL_RCVD, FREEMAIL_FROM autolearn=no autolearn_force=no version=3.4.4 X-Google-Thread: 103376,7e8cebf09cf80560 X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII Path: g2news2.google.com!postnews.google.com!k15g2000prk.googlegroups.com!not-for-mail From: Shark8 Newsgroups: comp.lang.ada Subject: Re: How would Ariane 5 have behaved if overflow checking were notturned off? Date: Wed, 16 Mar 2011 14:09:30 -0700 (PDT) Organization: http://groups.google.com Message-ID: <45a24f37-ca05-44be-b74e-c3d7af894ac5@k15g2000prk.googlegroups.com> References: <4d80b140$0$43832$c30e37c6@exi-reader.telstra.net> <4d810172$0$4954$a8266bb1@postbox2.readnews.com> <4d81231d$0$4966$a8266bb1@postbox2.readnews.com> NNTP-Posting-Host: 174.28.172.140 Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Trace: posting.google.com 1300309770 20296 127.0.0.1 (16 Mar 2011 21:09:30 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Wed, 16 Mar 2011 21:09:30 +0000 (UTC) Complaints-To: groups-abuse@google.com Injection-Info: k15g2000prk.googlegroups.com; posting-host=174.28.172.140; posting-account=lJ3JNwoAAAAQfH3VV9vttJLkThaxtTfC User-Agent: G2/1.0 X-HTTP-UserAgent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15 ( .NET CLR 3.5.30729; .NET4.0E),gzip(gfe) Xref: g2news2.google.com comp.lang.ada:19230 Date: 2011-03-16T14:09:30-07:00 List-Id: On Mar 16, 2:52=A0pm, Hyman Rosen wrote: > On 3/16/2011 3:40 PM, KK6GM wrote: > > > Here's the alternative, for the Ariane situation. =A0A float value gets > > converted to a 16-bit integer. =A0The float value is too big to fit > > (let's say it's 33000). =A0What 16-bit int will that get converted to? > > -31000? =A0Some random value? =A0How does continuing along with bogus d= ata > > make the situation better? =A0Will the control loops really work OK wit= h > > bogus feedback data? > > Why are we converting floats to 16-bit integers? It's hard to tell > from the report, but was this a result of using an Ada fixed type? > Or the result of similar scaling based on knowing the range? > > > If you have determined via thorough analysis that the variable in > > question can only _ever_ have a valid range of e.g. -20000 to 20000, > > and it goes to 33000, what _is_ the right action? > > > Recommendation R3 says "Do not allow any sensor, such as the inertial > reference system, to stop sending best effort data." So if your sensor > can report data over a certain range, you should probably not use a > restrictive subtype that represents what you believe the possible > observed range will be. Otherwise, when Scotty is trying to nudge a > fraction more warp factor out of the engines, the Enterprise is going > to shut down and doom the Federation. Not quite. In the "nudge a fraction more warp factor out of the engines" there is indeed a valid range limitation: since we are talking about speeds* there can NEVER be a negative value as "speed*" is an absolute-value." *Velocity, to be more technically correct.