From: "robin" <robin51@dodo.com.au>
Subject: Re: How would Ariane 5 have behaved if overflow checking were not turned off?
Date: Wed, 16 Mar 2011 21:33:20 +1100
Date: 2011-03-16T21:33:20+11:00 [thread overview]
Message-ID: <4d80b13f$0$43832$c30e37c6@exi-reader.telstra.net> (raw)
In-Reply-To: a8387564-0835-467d-a461-60a093c38133@k15g2000prk.googlegroups.com
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 1955 bytes --]
Elias Salom�o Helou Neto wrote in message ...
>I have followed the (quite lenghty) on a topic, IIRC, about bitwise
>operators, which eventually lead to people mentioning the Ariane 5
>case.
>
>Since then I have been wondering. If compiler checking where actually
>turned on, what would have happened? How could it avoid the disaster?
You mean, what if a user-supplied error handler had been provided?
To understand what that might have done, it is necessary to look at what happened.
An integer overflow occurred.
It was not caught by a user-written error handler.
For such an event, the OS was required to place the
error number on the data bus, and shut down the computer.
The assumption was that any such error was a hardware error,
and that the backup computer would then continue correctly.
Because the backup computer was programmed to do exactly
the same thing, a very short time later, it also shut down
[because the error was not a hardware error].
The error number on the data bus was then taken as guidance data,
and the result was catastrophic change of direction.
Thus, had an error handler been provided, the data bus would not have
had an error number placed on it, and that error number would
not have been taken as guidance data.
>Right now I think of three possibilities, the two former seem very
>unlikely to me.
>
>a) It would, even if the problem went undetected during testing, have
>made the developers actually develop code handling this exceptional
>possibility.
>
>b) The compiler default action for unhandled overflows have saved the
>day;
It didn't and couldn't.
What was required was an error handler.
>c) Developers would probably ignore the exceptional flow path and the
>disaster would happen anyway.
Anyone competent in real-time programming would never have
let the software go with unhandled overflow, because such an event
would result in failure of the mission.
>Which one, if any, is close to reality?
next prev parent reply other threads:[~2011-03-16 10:33 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-14 15:49 How would Ariane 5 have behaved if overflow checking were not turned off? Elias Salomão Helou Neto
2011-03-14 16:17 ` KK6GM
2011-03-14 19:25 ` Yannick Duchêne (Hibou57)
2011-03-14 19:28 ` Vinzent Hoefler
2011-03-14 20:28 ` KK6GM
2011-03-15 4:02 ` Yannick Duchêne (Hibou57)
2011-03-15 4:53 ` Shark8
2011-03-14 18:29 ` Vinzent Hoefler
2011-03-16 10:41 ` How would Ariane 5 have behaved if overflow checking were notturned off? robin
2011-03-16 15:16 ` Simon Wright
2011-03-17 11:48 ` robin
2011-03-16 16:58 ` Martin Krischik
2011-03-16 23:39 ` How would Ariane 5 have behaved if overflow checking werenotturned off? robin
2011-03-17 18:48 ` Vinzent Hoefler
2011-03-18 12:06 ` Alex R. Mosteo
2011-03-18 21:15 ` How would Ariane 5 have behaved if overflow checking were not turned off? robin
2011-03-20 10:42 ` Vinzent Hoefler
2011-03-20 17:06 ` How would Ariane 5 have behaved if overflow checking werenotturned off? Martin Krischik
2011-03-20 17:11 ` Martin Krischik
2011-03-20 18:10 ` Dmitry A. Kazakov
2011-03-21 13:24 ` Leif Roar Moldskred
2011-03-20 13:07 ` How would Ariane 5 have behaved if overflow checking were notturned off? Florian Weimer
2011-03-20 17:00 ` Martin Krischik
2011-03-20 20:17 ` Florian Weimer
2011-03-20 20:37 ` Vinzent Hoefler
2011-03-20 20:14 ` Vinzent Hoefler
2011-03-16 18:20 ` Vinzent Hoefler
2011-03-16 18:29 ` Hyman Rosen
2011-03-16 18:55 ` Vinzent Hoefler
2011-03-16 19:40 ` KK6GM
2011-03-16 20:52 ` Hyman Rosen
2011-03-16 21:02 ` KK6GM
2011-03-16 21:09 ` Shark8
2011-03-16 21:13 ` Hyman Rosen
2011-03-16 21:35 ` Shark8
2011-03-16 22:27 ` Vinzent Hoefler
2011-03-16 21:04 ` Shark8
2011-03-16 21:10 ` Hyman Rosen
2011-03-16 21:27 ` KK6GM
2011-03-16 21:31 ` Shark8
2011-03-16 22:32 ` Vinzent Hoefler
2011-03-18 21:14 ` How would Ariane 5 have behaved if overflow checking were not turned off? robin
2011-03-16 23:46 ` How would Ariane 5 have behaved if overflow checking werenotturned off? robin
2011-03-17 0:26 ` Simon Wright
2011-03-17 11:01 ` Georg Bauhaus
2011-03-17 11:04 ` robin
2011-03-17 13:36 ` Niklas Holsti
2011-03-18 21:13 ` How would Ariane 5 have behaved if overflow checking were not turned off? robin
2011-03-19 10:12 ` Niklas Holsti
2011-03-17 22:51 ` How would Ariane 5 have behaved if overflow checking werenotturned off? Vinzent Hoefler
2011-03-18 21:13 ` How would Ariane 5 have behaved if overflow checking were not turned off? robin
2011-03-20 10:42 ` Vinzent Hoefler
2011-03-15 6:28 ` Stephen Leake
2011-03-15 17:32 ` Keith Thompson
2011-03-15 17:40 ` KK6GM
2011-03-15 19:44 ` Robert A Duff
2011-03-15 19:12 ` Florian Weimer
2011-03-15 19:45 ` KK6GM
2011-03-15 19:57 ` Vinzent Hoefler
2011-03-20 13:00 ` Florian Weimer
2011-03-20 20:13 ` Vinzent Hoefler
2011-03-15 19:42 ` John B. Matthews
2011-03-17 11:44 ` robin
2011-03-17 18:37 ` Vinzent Hoefler
2011-03-17 23:04 ` How would Ariane 5 have behaved if overflow checking were notturned off? robin
2011-03-18 15:55 ` Vinzent Hoefler
2011-03-17 21:37 ` How would Ariane 5 have behaved if overflow checking were not turned off? Vinzent Hoefler
2011-03-16 10:33 ` robin [this message]
2011-03-16 15:08 ` Simon Wright
2011-03-17 12:39 ` robin
2011-03-17 13:41 ` Georg Bauhaus
2011-03-17 23:34 ` How would Ariane 5 have behaved if overflow checking were notturned off? robin
2011-03-18 12:57 ` Hyman Rosen
2011-03-18 16:49 ` KK6GM
2011-03-18 17:18 ` Dmitry A. Kazakov
2011-03-19 17:55 ` Keith Thompson
2011-03-20 18:39 ` Robert A Duff
2011-03-17 18:43 ` How would Ariane 5 have behaved if overflow checking were not turned off? Vinzent Hoefler
2011-03-17 20:58 ` Simon Wright
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox