From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID
	autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 101deb,241992ffadd65110,start
X-Google-Attributes: gid101deb,public
X-Google-Thread: 103376,885dab3998d28a4
X-Google-Attributes: gid103376,public
From: rav@goanna.cs.rmit.edu.au (robin)
Subject: Re: Ariane 5 failure
Date: 1996/10/23
Message-ID: <54jv79$gtv$1@goanna.cs.rmit.edu.au>#1/1
X-Deja-AN: 191385444
expires: 1 February 1997 00:00:00 GMT
references: <96100111162774@psavax.pwfl.com>
 <mheaney-ya023180000210962238070001@news.ni.net>
 <32555A39.E38@lmtas.lmco.com> <dewar.844518011@schonberg>
 <mheaney-ya023180001410962319550001@news.ni.net>
 <326506D2.1E40@lmtas.lmco.com>
organization: Comp Sci, RMIT, Melbourne, Australia
newsgroups: comp.lang.ada,comp.lang.pl1
nntp-posting-user: rav
Date: 1996-10-23T00:00:00+00:00
List-Id: <comp.lang.ada>


	Ken Garlington <garlingtonke@lmtas.lmco.com> writes:

	>Matthew Heaney wrote:
	>> 
	>> As you stated, exceptions are only a tool.  They don't replace the need for
	>> (mental) reasoning about the correctness of my program, nor should they be
	>> used to guard against sloppy programming.  Exceptions don't correct the
	>> problem for you, but at least they let you know that a problem exists.
	>> 
	>> And in spite of all the efforts of the Ariane 5 developers, a problem did
	>> exist, significant enough to cause mission failure.  Don't you think an
	>> exception was justified in this case?

	>Not necessarily. Keep in mind that an exception _was_ raised -- a predefined 
	>exception (Operand_Error according to the report). There was sufficient telemetry 
	>to determine where the error occured (obviously, otherwise we wouldn't know what 
	>happened!). If the real Ariane 5 trajectory had been tested in an integrated 
	>laboratory enviroment, then (assuming the environment was realistic enough to 
	>trigger the problem), the fault would have been seen (and presumably analyzed and 
	>fixed) prior to launch. So, the issue is not the addition of a user-defined 
	>exception to find the error -- the issue is the addition of a new exception 
	>_handler_ to _recover_ from the error in flight.

---The issue was not the addition of a new exception handler.
The issue was that a magnitude check should have been
performed on a conversion from double precision floating
point to 16-bit integer, but it wasn't.
Of course, having an exceptin handler for this specific purpose
would have helped, and should have been included as a fallback.

	>Assuming that a new exception _handler_ had been added, then it _might_ have made 
	>a difference.

You can be absolutely certain that it would have helped.