From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=BAYES_00,INVALID_MSGID, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: f43e6,5ac12f5a60b1bfe X-Google-Attributes: gidf43e6,public X-Google-Thread: 103376,5ac12f5a60b1bfe X-Google-Attributes: gid103376,public X-Google-Thread: 101deb,f96f757d5586710a X-Google-Attributes: gid101deb,public From: Thomas.Kendelbacher@erno.de (Thomas Kendelbacher) Subject: Re: Ariane 5 - not an exception? Date: 1996/08/03 Message-ID: <4tv3lc$8v4@mailsrv2.erno.de>#1/1 X-Deja-AN: 171779617 references: <3201D8EC.45E4@lmtas.lmco.com> organization: Daimler-Benz Aerospace, Space Infrastructure reply-to: Thomas.Kendelbacher@erno.de newsgroups: comp.software-eng,comp.lang.ada,comp.lang.pl1 Date: 1996-08-03T00:00:00+00:00 List-Id: In article <3201D8EC.45E4@lmtas.lmco.com>, Ken Garlington writes: >If the software design is judged to be sufficiently reliable, and _sufficient_ >analysis is done to show that input data cannot cause an exception, then the remaining >exception possibilities are things such as hardware failures. In this case, there may >not be an adequate internal response, and shutting down _with an appropriate failure >indication_ may be the best choice, if continued operation might cause adverse system >impacts. For example, if a system fails such that it is saturating a communications >channel with garbage data, you may want the system to shut down so that other >communications can continue. Wouldn't that be "shut up" instead of "shut down", in that case? :-D Sorry, couldn't resist. -- Thomas Kendelbacher | email : Thomas.Kendelbacher@erno.de DASA RI / Abt. RIT14 | voice : +49 421 539 5492 (working hours) Postfach 28 61 56 | or : +49 421 57 04 37 (any other time) D-28361 Bremen | fax : +49 421 539 4529 (any time) Germany