From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,7e8cebf09cf80560 X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,UTF8 Path: g2news2.google.com!news1.google.com!npeer01.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!post01.iad.highwinds-media.com!news.flashnewsgroups.com-b7.4zTQh5tI3A!not-for-mail From: Stephen Leake Newsgroups: comp.lang.ada Subject: Re: How would Ariane 5 have behaved if overflow checking were not turned off? References: Date: Tue, 15 Mar 2011 02:28:40 -0400 Message-ID: <82d3lsvqw7.fsf@stephe-leake.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (windows-nt) Cancel-Lock: sha1:2Qq8Sv62mlReA19Ae85RN80rqXU= MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Complaints-To: abuse@flashnewsgroups.com Organization: FlashNewsgroups.com X-Trace: eecd64d7f0718e029e66103262 Xref: g2news2.google.com comp.lang.ada:19172 Date: 2011-03-15T02:28:40-04:00 List-Id: Elias Salomão Helou Neto writes: > I have followed the (quite lenghty) on a topic, IIRC, about bitwise > operators, which eventually lead to people mentioning the Ariane 5 > case. > > Since then I have been wondering. If compiler checking where actually > turned on, what would have happened? How could it avoid the disaster? Just to remind people; the real problem was that Ariane 4 code was reused on Ariane 5, without carefully considering the design, also without adequate testing. Ariane 5 is a bigger rocket; it has bigger accelerations. The range for accelerations in the code, which was correct for Ariane 4, was incorrect for Ariane 5. No amount of "defensive programming" can handle such a fundamental design error. -- -- Stephe