From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,7e8cebf09cf80560 X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII Path: g2news2.google.com!postnews.google.com!fx23g2000vbb.googlegroups.com!not-for-mail From: KK6GM Newsgroups: comp.lang.ada Subject: Re: How would Ariane 5 have behaved if overflow checking were notturned off? Date: Wed, 16 Mar 2011 14:02:47 -0700 (PDT) Organization: http://groups.google.com Message-ID: <6ae10c4a-0333-40fb-8243-91a08ec7af0e@fx23g2000vbb.googlegroups.com> References: <4d80b140$0$43832$c30e37c6@exi-reader.telstra.net> <4d810172$0$4954$a8266bb1@postbox2.readnews.com> <4d81231d$0$4966$a8266bb1@postbox2.readnews.com> NNTP-Posting-Host: 12.35.64.226 Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Trace: posting.google.com 1300309367 17046 127.0.0.1 (16 Mar 2011 21:02:47 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Wed, 16 Mar 2011 21:02:47 +0000 (UTC) Complaints-To: groups-abuse@google.com Injection-Info: fx23g2000vbb.googlegroups.com; posting-host=12.35.64.226; posting-account=qZVz2QoAAAAN9WxYp-9jYb7jORc4Zqwt User-Agent: G2/1.0 X-HTTP-Via: 1.1 barracudaweb.tritool.rancho:8080 (http_scan/4.0.2.6.19) X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MDDR; .NET4.0C; .NET4.0E; InfoPath.1),gzip(gfe) Xref: g2news2.google.com comp.lang.ada:19228 Date: 2011-03-16T14:02:47-07:00 List-Id: On Mar 16, 1:52=A0pm, Hyman Rosen wrote: > On 3/16/2011 3:40 PM, KK6GM wrote: > > > Here's the alternative, for the Ariane situation. =A0A float value gets > > converted to a 16-bit integer. =A0The float value is too big to fit > > (let's say it's 33000). =A0What 16-bit int will that get converted to? > > -31000? =A0Some random value? =A0How does continuing along with bogus d= ata > > make the situation better? =A0Will the control loops really work OK wit= h > > bogus feedback data? > > Why are we converting floats to 16-bit integers? It's hard to tell > from the report, but was this a result of using an Ada fixed type? > Or the result of similar scaling based on knowing the range? I have no idea why they were doing that. > > > If you have determined via thorough analysis that the variable in > > question can only _ever_ have a valid range of e.g. -20000 to 20000, > > and it goes to 33000, what _is_ the right action? > > > Recommendation R3 says "Do not allow any sensor, such as the inertial > reference system, to stop sending best effort data." So if your sensor > can report data over a certain range, you should probably not use a > restrictive subtype that represents what you believe the possible > observed range will be. Otherwise, when Scotty is trying to nudge a > fraction more warp factor out of the engines, the Enterprise is going > to shut down and doom the Federation. You're still not seeing the issue. You may have a 0-200psi transducer, but if you have _proven_ that the actual pressure can never be over 70psi, what are you supposed to _do_ with a reading of 150psi? Is it a true reading? If so, your control algorithm will almost certainly choke on it. Is it a hardware error? Then do what you would do in the event of a hardware error. Which is what Ariane did.