From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,82c2596e4584d057 X-Google-Attributes: gid103376,public From: Alan Brain Subject: Re: Ariane 5 Failure - Summary Report Date: 1996/07/25 Message-ID: <4t7fs4$bq62@red.interact.net.au>#1/1 X-Deja-AN: 170056638 references: <31F60E8A.2D74@lmtas.lmco.com> <31F629B8.5FFB@lmtas.lmco.com> content-type: text/plain; charset=us-ascii organization: At Home mime-version: 1.0 newsgroups: comp.lang.ada x-mailer: Mozilla 1.2N (Windows; I; 16bit) Date: 1996-07-25T00:00:00+00:00 List-Id: Ken Garlington wrote: >So, anyway, we now have another software package written in Ada that >caused the loss of a system, and again specification and design issues >outside Ada's control are the culprit. Not just design and specification, the implementation as well. Firstly, the brain-dead attitude of "handle all exceptions by shutting down and going to the backup" on a complex piece of equipment without many, many redundancies is ... incredible. Only duplication? Glad I'm not riding it... So that's a Specification fault. Secondly, the notion that conversion from a 64-bit value to a 16 bit value will always be OK, and that any time it isn't means a total failure of the unit, is a bit hard to swallow. In a complex piece of software, incapable of strict mathematical verification, I'd expect this to happen sometimes, not because of any soft failure or random hardware failure, but because Software Has Bugs. That's no excuse for losing a payload! This is a design fault. Thirdly, assuming either of the above, not checking that an arithmetic operation of this kind before it's fully complete is just plain silly. And such a check is un morceau de gateaux. This is an implementation fault. Jeez, Ada provides safety belts, Anti-lock brakes, etc but if people don't buckle up, and don't even bother to use the brake peddle, what can you do?