From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=BAYES_00,INVALID_MSGID, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,d901a50a5adfec3c X-Google-Attributes: gid103376,public X-Google-Thread: 1094ba,9f0bf354542633fd X-Google-Attributes: gid1094ba,public From: molagnon@ifremer.fr (Michel OLAGNON) Subject: Re: Fortran or Ada? Date: 1998/10/05 Message-ID: <6v9s4t$egn$1@ys.ifremer.fr>#1/1 X-Deja-AN: 397843165 References: <3617AA49.340A5899@icon.fi> Organization: Ifremer Reply-To: molagnon@ifremer.fr Newsgroups: comp.lang.fortran,comp.lang.ada Date: 1998-10-05T00:00:00+00:00 List-Id: In article <3617AA49.340A5899@icon.fi>, Niklas Holsti writes: >Toon Moene wrote: >> >> In my mind, an exception is a sign that the assumptions behind the >> (physics/mathematics) of your model is wrong, and - even though that pertains >> to a large extent also to rocket ascent - this would not lead to a reasonably >> safe procedure here. > >Yes, this is one category of exceptions (the other category is where >exception handling is used to catch rare but foreseeable situations, >such >as errors in input data files -- END= and ERR= labels, for example). > >It seems that the designers of the Ariane 4 guidance system had this >view, except that their "model" included the processing hardware in >addition to the models encoded in the software. To decide how to handle >the overflow exception, they had to guess which part of their model was >at fault -- whether the hardware or the software was wrong. They guessed >"hardware error". In the context of Ariane 4, it hasn't been shown that >this was the wrong thing to do. > At the time of writing the software, it might not have been wrong. But later on, the launch procedure was changed for Ariane 4, and the computation no longer needed. IMHO, not removing unnecessary computations that may have side effects IS a "software error". The designers failed, IMHO, to note that even if hardware might be more likely to be wrong than software at time T0, over the whole expected service life of the system, it was software that had the highest probability to end up wrong. >The odds in this guess must depend on how well the software models were >verified and validated. I haven't seen any claims that the software >models were not correct for Ariane 4. > >Niklas Holsti >Space Systems Finland Ltd >(This comment expresses personal opinion and not Space Systems Finland >policy.) Michel -- | Michel OLAGNON email : Michel.Olagnon@ifremer.fr| | IFREMER: Institut Francais de Recherches pour l'Exploitation de la Mer| | Centre de Brest - B.P. 70 phone : +33-2-9822 4144| | F-29280 PLOUZANE - FRANCE fax : +33-2-9822 4650| | http://www.ifremer.fr/ditigo/molagnon/molagnon.html |