From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,fee8802cc3d8334d X-Google-Attributes: gid103376,public From: "Mike Silva" Subject: Re: Ada and Java. different behaviour. casting long to int problem. Date: 1999/06/21 Message-ID: <7klng6$7df$1@its.hooked.net>#1/1 X-Deja-AN: 492142763 References: <7jt2c0$vrb@drn.newsguy.com> <7k57vb$1ipf@drn.newsguy.com> <3766650F.705125B7@pwfl.com> <7k64t7$igo$1@its.hooked.net> <7k689a$ci2@drn.newsguy.com> <3766C842.E1EAB60A@pwfl.com> <3766D1CC.D712895E@itools.symantec.com> <7k8nn5$qcb$1@its.hooked.net> <3767E8A2.EF1A0570@itools.symantec.com> <7k8tv3$3gm@drn.newsguy.com> <3769506F.157411C0@mitre.org> <7kbujm$1kb@drn.newsguy.com> <7ke2dg$2a7a@drn.newsguy.com> Organization: Whole Earth Networks News X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Newsgroups: comp.lang.ada Date: 1999-06-21T00:00:00+00:00 List-Id: I'm curious -- have you actually written safety-critical code with this approach? I can't imagine getting such code approved, internally or externally. Just because the Ariane people got it wrong doesn't mean a value range analysis can't be done correctly. Assuming the offending Horizontal Bias value was derived from some input sensor or sensors, these certainly should have been range-checked and bounded in the code -- sensors do fail... Once your inputs (from any source) are properly constrained the problem becomes much more manageable. Mike Hyman Rosen wrote in message ... >I'm saying that in the field, especially in software which must work the >first time, that such an exception will do more harm than good. It's quite >possible that code will produce the externally correct effect even after >it has stepped out of the bounds of an array. It's usually not possible >for code to produce the externally correct effect when it throws an >exception. > >Such exceptions help the programmer during the test and debug phase of the >programming cycle. If the delivered code is not mission-critical, then it's >even OK to let the exceptions happen where the customers can see them, so >that they can report back unforseen problems. But when the code must do its >job correctly, always, even the first time, then overflow and bounds checking >should be turned off in the field, because that way, it's more likely that >the program will be able to complete its job.