From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=BAYES_00,INVALID_MSGID, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 101deb,12d7915e86ce849c X-Google-Attributes: gid101deb,public X-Google-Thread: 103376,5f645669103080a8 X-Google-Attributes: gid103376,public X-Google-Thread: 12b42c,12d7915e86ce849c X-Google-Attributes: gid12b42c,public From: rgilbert@unconfigured.xvnews.domain (Bob Gilbert) Subject: Re: Ariane Crash (Was: Adriane crash) Date: 1996/07/29 Message-ID: <4tiods$ehp@zeus.orl.mmc.com>#1/1 X-Deja-AN: 170862344 references: <4ta1vu$m1u@goanna.cs.rmit.edu.au> organization: The unconfigured xvnews people reply-to: rgilbert@unconfigured.xvnews.domain newsgroups: comp.lang.ada,comp.lang.pl1,rmit.cs.100 Date: 1996-07-29T00:00:00+00:00 List-Id: In article <4ta1vu$m1u@goanna.cs.rmit.edu.au>, rav@goanna.cs.rmit.edu.au (++ robin) writes: > > ---Is this a euphemism for a programming error? because that's > what it was -- a programming error. > > The error was in assuming that a value would not overflow. The error was assuming that the Ariane 4 design would be adaquate for the Ariane 5 system. > The specific error was that a conversion of a double-precision > floating-point value (~58 significant bits) to 15 significant > bits caused fixed-point overflow. The conversion was not > checked for overflow. It should have been. It was checked, hence the exception and an exception handler to take corrective action. Unfortunately the corrective action was to assume that the SRI had failed and to shut it down. The software performed exactly as designed. > This is, after all, > a real-time system. It's a fundamental check that a programmer > experienced in real-time systems should have carried out. > > Control was then passed to the interrupt handler, which > shut down the system. Exactly as designed. > The question is, basically, why was Ada used for this work? The failure is not a language issue, this is not the question. -Bob