Vinzent Hoefler <0439279208b62c95f1880bf0f8776eeb@t-domaingrabbing.de> wrote in message ... >robin wrote: >> Vinzent Hoefler <0439279208b62c95f1880bf0f8776eeb@t-domaingrabbing.de> wrote in message ... >>> Elias Salomão Helou Neto wrote: > >>>> Since then I have been wondering. If compiler checking where actually >>>> turned on, what would have happened? > >>> The same, according to the specification. > >>>> How could it avoid the disaster? > >>> Not at all. > >> On the contrary., an error handler would have performed >> something useful. >Precisely what? The _only_ reasonable action at that point was to assume >a hardware error and shutdown the computer. For Ariane 4, that is. Whether Ariane 4 or 5, it was not reasonable to assume that the error was hardware. See my post elsewhere. >> The crux of the matter is that the data bus would not have been >> loaded with an error number [which was then treated as guidance data]. >AFAIK this was required in case both systems died. And as we know, they >did exactly that. But only if the error was hardware, which it wasn't. > I'd assume the possibility of two hardware errors at >the same time were considered remote. >>> By handling it exactly the way it was supposed to be: > >>> Assuming a hardware error and leave control to the redundant subsystem. > >> That was the major blunder that they made, >> namely, treating a programming error as a hardware error. >> By doing that, they guaranteed failure of the mission. >Again. In the Ariane 4 it would have been exactly that. A hardware error. Again, you are making a false assumption. >There was no freaking way, Ariane 4 could have exceeded the safe range. recall Murphy, "If anything can go wrong, it will". >>> Which one, if any, is close to reality? > >>> As it has been mentioned here many times before, the software behaved >>> exactly as specified and it is very unlikely that _any_ error handling >>> could have avoided the problem > >> An error handler would have rescued the mission. >Only if were not behaving according to the specification. That means if >it were buggy - It was buggy. It didn't handle the overflow.