Stephen Leake wrote in message <82d3lsvqw7.fsf@stephe-leake.org>... >Elias Salomão Helou Neto writes: > >> I have followed the (quite lenghty) on a topic, IIRC, about bitwise >> operators, which eventually lead to people mentioning the Ariane 5 >> case. >> >> Since then I have been wondering. If compiler checking where actually >> turned on, what would have happened? How could it avoid the disaster? > >Just to remind people; the real problem was that Ariane 4 code was >reused on Ariane 5, without carefully considering the design, also >without adequate testing. > >Ariane 5 is a bigger rocket; it has bigger accelerations. It does? The Report doesn't say anything about that. What it *does* say is that the horizontal velocity was greater in Ariane 5 than Ariane 4. That doesn't mean that the acceleration upwards was greater. > The range for >accelerations in the code, which was correct for Ariane 4, was incorrect >for Ariane 5. > >No amount of "defensive programming" can handle such a fundamental >design error. The remedy could have been as simple as substituting the largest magnitude integer (with appropriate sign).