Re: Ariane Crash (Was: Adriane crash)

[rgilbert@unconfigured.xvnews.domain (Bob Gilbert)]

In article <4ta1vu$m1u@goanna.cs.rmit.edu.au>, rav@goanna.cs.rmit.edu.au (++           robin) writes:
> 
> ---Is this a euphemism for a programming error?  because that's
> what it was -- a programming error.
> 
>    The error was in assuming that a value would not overflow.

The error was assuming that the Ariane 4 design would be adaquate
for the Ariane 5 system.

> The specific error was that a conversion of a double-precision
> floating-point value (~58 significant bits) to 15 significant
> bits caused fixed-point overflow.  The conversion was not
> checked for overflow.  It should have been.

It was checked, hence the exception and an exception handler to
take corrective action.  Unfortunately the corrective action was
to assume that the SRI had failed and to shut it down.  The
software performed exactly as designed.

>  This is, after all,
> a real-time system.  It's a fundamental check that a programmer
> experienced in real-time systems should have carried out.
> 
>    Control was then passed to the interrupt handler, which
> shut down the system.

Exactly as designed.

>    The question is, basically, why was Ada used for this work?

The failure is not a language issue, this is not the question.

-Bob