From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00, PP_MIME_FAKE_ASCII_TEXT autolearn=no autolearn_force=no version=3.4.4 X-Google-Thread: 103376,7e8cebf09cf80560 X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,UTF8 Path: g2news2.google.com!news2.google.com!goblin1!goblin3!goblin.stu.neva.ru!exi-transit.telstra.net!news.telstra.net!exi-spool.telstra.net!exi-reader.telstra.net!not-for-mail From: "robin" Newsgroups: comp.lang.ada References: <82d3lsvqw7.fsf@stephe-leake.org> Subject: Re: How would Ariane 5 have behaved if overflow checking were not turned off? Date: Thu, 17 Mar 2011 22:44:05 +1100 X-Newsreader: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Message-ID: <4d8200cc$0$43837$c30e37c6@exi-reader.telstra.net> NNTP-Posting-Host: 123.3.20.123 X-Trace: 1300365517 exi-reader.telstra.net 43837 123.3.20.123:1030 Xref: g2news2.google.com comp.lang.ada:19247 Date: 2011-03-17T22:44:05+11:00 List-Id: Stephen Leake wrote in message <82d3lsvqw7.fsf@stephe-leake.org>... >Elias Salomão Helou Neto writes: > >> I have followed the (quite lenghty) on a topic, IIRC, about bitwise >> operators, which eventually lead to people mentioning the Ariane 5 >> case. >> >> Since then I have been wondering. If compiler checking where actually >> turned on, what would have happened? How could it avoid the disaster? > >Just to remind people; the real problem was that Ariane 4 code was >reused on Ariane 5, without carefully considering the design, also >without adequate testing. > >Ariane 5 is a bigger rocket; it has bigger accelerations. It does? The Report doesn't say anything about that. What it *does* say is that the horizontal velocity was greater in Ariane 5 than Ariane 4. That doesn't mean that the acceleration upwards was greater. > The range for >accelerations in the code, which was correct for Ariane 4, was incorrect >for Ariane 5. > >No amount of "defensive programming" can handle such a fundamental >design error. The remedy could have been as simple as substituting the largest magnitude integer (with appropriate sign).