From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Thread: 103376,7d3cb5920e882220 X-Google-Attributes: gid103376,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news4.google.com!feeder1-2.proxad.net!proxad.net!feeder2-2.proxad.net!newsfeed.arcor.de!newsspool2.arcor-online.net!news.arcor.de.POSTED!not-for-mail From: "Dmitry A. Kazakov" Subject: Re: Contracted exceptions for Ada Newsgroups: comp.lang.ada User-Agent: 40tude_Dialog/2.0.15.1 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Reply-To: mailbox@dmitry-kazakov.de Organization: cbb software GmbH References: <5947aa62-2547-4fbb-bc46-1111b4a0dcc9@x69g2000hsx.googlegroups.com> <7m9wkymyi5h7.1235e72is9mp9.dlg@40tude.net> <1355376.ahPdGlRDJW@linux1.krischik.com> <1bvj0n3ana6zj.1b1q7na2q2i0a.dlg@40tude.net> Date: Mon, 10 Dec 2007 09:19:49 +0100 Message-ID: <5tw4p3ydoalt$.eyhp82hd04ch.dlg@40tude.net> NNTP-Posting-Date: 10 Dec 2007 09:12:06 CET NNTP-Posting-Host: cca9d206.newsspool2.arcor-online.net X-Trace: DXC=Z9Kbe]oJgdSFm0Y?OE@2^XA9EHlD;3YcR4Fo<]lROoRQ4nDHegD_]RU@?4h@PYde;VDNcfSJ;bb[UFCTGGVUmh?TLK[5LiR>kgRQa9In\@Pc7Q X-Complaints-To: usenet-abuse@arcor.de Xref: g2news1.google.com comp.lang.ada:18846 Date: 2007-12-10T09:12:06+01:00 List-Id: On Sun, 09 Dec 2007 18:39:31 +0000, Simon Wright wrote: > "Dmitry A. Kazakov" writes: > >> On Sun, 09 Dec 2007 16:11:13 +0100, Martin Krischik wrote: >> >>> Dmitry A. Kazakov wrote: >>> >>>> (Maybe a wild guess, but this could save Ariane V. A program assumed >>>> Constraint_Error exception free was recompiled for the hardware where that >>>> was not the case.) >>> >>> My understanding is that the system was brought down by an unexpected >>> hardware exception - i.E. one which the CPU's floating point unit >>> generated. >> >> Yes, and that would be detected by the compiler: >> >> function Integer (X : Float) return Integer; >> >> which was contracted as exception-free on one platform will not be on >> another. So the compiler would reject either its implementation that raises >> Constraint_Error or else its use contracted as Constraint_Error-free. So >> the idea. > > I don't see how the compiler/platform in use has anything to do with > this. > > In Ariane IV the maximum horizontal velocity is X. > > Therefore we can convert the hardware input to this-type without > worrying about overflow. Hardware input had a type different from one used later in the control circle, because it needed to be converted. So what was the contract of that conversion? > Therefore any exception will be caused by hardware error. The article mentioned by Martin talks about floating point to integer conversion. Was the conversion programmed in Ada? Probably it wasn't. Then I can only wonder why people keep on talking about "Ada fault"... > seems a proper analysis for Ariane IV; reusing precisely the same > software/platform in an environment where the maximum horizontal > velocity was much larger than X is an error that no amount of > *software* engineering is going to fix. My point is that the fault could be detected (assuming that conversion was in Ada), under the condition that the compiler vendor would not make the same mistake while porting the compiler... (:-)) -- Regards, Dmitry A. Kazakov http://www.dmitry-kazakov.de