From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM
	autolearn=ham autolearn_force=no version=3.4.4
X-Google-Thread: 103376,7e8cebf09cf80560
X-Google-NewGroupId: yes
X-Google-Attributes: gida07f3367d7,domainid0,public,usenet
X-Google-Language: ENGLISH,ASCII-7-bit
Path: 
 g2news2.google.com!news2.google.com!npeer03.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!nx02.iad01.newshosting.com!newshosting.com!novia!news-out.readnews.com!postnews7.readnews.com!postbox2.readnews.com!not-for-mail
Date: Wed, 16 Mar 2011 16:52:44 -0400
From: Hyman Rosen <hyrosen@mail.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
 rv:1.9.2.14) Gecko/20110221 Thunderbird/3.1.8
MIME-Version: 1.0
Newsgroups: comp.lang.ada
Subject: Re: How would Ariane 5 have behaved if overflow checking were
 notturned
 off?
References: 
 <a8387564-0835-467d-a461-60a093c38133@k15g2000prk.googlegroups.com>
 <op.vscizsqqlzeukk@jellix.jlfencey.com>
 <4d80b140$0$43832$c30e37c6@exi-reader.telstra.net>
 <op.vsf7vmtblzeukk@jellix.jlfencey.com>
 <4d810172$0$4954$a8266bb1@postbox2.readnews.com>
 <d6e065fb-7271-42d5-812c-83912c8721a5@n1g2000yqm.googlegroups.com>
In-Reply-To: 
 <d6e065fb-7271-42d5-812c-83912c8721a5@n1g2000yqm.googlegroups.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Message-ID: <4d81231d$0$4966$a8266bb1@postbox2.readnews.com>
NNTP-Posting-Host: 198.186.190.52
X-Trace: 1300308765 postbox2.readnews.com 4966 198.186.190.52:39366
Xref: g2news2.google.com comp.lang.ada:19227
Date: 2011-03-16T16:52:44-04:00
List-Id: <comp.lang.ada>

On 3/16/2011 3:40 PM, KK6GM wrote:
> Here's the alternative, for the Ariane situation.  A float value gets
> converted to a 16-bit integer.  The float value is too big to fit
> (let's say it's 33000).  What 16-bit int will that get converted to?
> -31000?  Some random value?  How does continuing along with bogus data
> make the situation better?  Will the control loops really work OK with
> bogus feedback data?

Why are we converting floats to 16-bit integers? It's hard to tell
from the report, but was this a result of using an Ada fixed type?
Or the result of similar scaling based on knowing the range?

> If you have determined via thorough analysis that the variable in
> question can only _ever_ have a valid range of e.g. -20000 to 20000,
> and it goes to 33000, what _is_ the right action?

<http://web.archive.org/web/20000815230639/www.esrin.esa.it/htdocs/tidc/Press/Press96/ariane5rep.html>
Recommendation R3 says "Do not allow any sensor, such as the inertial
reference system, to stop sending best effort data." So if your sensor
can report data over a certain range, you should probably not use a
restrictive subtype that represents what you believe the possible
observed range will be. Otherwise, when Scotty is trying to nudge a
fraction more warp factor out of the engines, the Enterprise is going
to shut down and doom the Federation.