From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,FREEMAIL_FROM, INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,74b55538385b7366 X-Google-Attributes: gid103376,public From: "Vladimir Olensky" Subject: Re: Ada safety road Was: Which is right ... Date: 1999/06/07 Message-ID: <928783635.953.42@news.remarQ.com>#1/1 X-Deja-AN: 486776817 References: <928083159.436.79@news.remarQ.com> <928174549.336.98@news.remarQ.com> <7iuqkc$ln6$1@nnrp1.deja.com> <928529202.956.79@news.remarQ.com> <928569312.951.42@news.remarQ.com> <7jb1l9$694$1@nnrp1.deja.com> <928703068.617.98@news.remarQ.com> <7jf1ik$8v6$1@nnrp1.deja.com> X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 X-Complaints-To: newsabuse@remarQ.com X-Trace: 928783635.953.42 K3TLTKYJOA5C9C7F8C qube-02.us-ca.remarq.com Organization: Posted via RemarQ Communities, Inc. NNTP-Posting-Date: Mon, 07 Jun 1999 19:27:15 GMT Newsgroups: comp.lang.ada Date: 1999-06-07T00:00:00+00:00 List-Id: Pascal F. Martin wrote in message ... >In article <7jf1ik$8v6$1@nnrp1.deja.com>, > Robert Dewar writes: >> In article <928703068.617.98@news.remarQ.com>, >> "Vladimir Olensky" wrote: >> >>> I was just thinking about different aspects of providing some >>> general kind of "foolproofness" to program written in Ada in >> places where RM >>> define program behavior as erroneous. >>> I think nobody would like to be on a plane that performed >>> erroneous flight >>> """' ' ' ^~\_+. >>> Anyone would prefer to be accidentally on board of the wrong >>> flight instead. >> >> [...] >> >> I don't want to be on a plane that executes erroneous code, >> but I also don't want the captain to get a message saying >> that Constraint_Error was raised at such and such a location :-) > >I remember that the first Ariane 5 rocket had been lost when >an Ada program did hit a runtime check ! The exception was not >the cause of the problem (it was a design error), but it made >the rocket crash. > >Sometime, it make sense to ignore errors and continue on. >Constraint_Error is for developpers, not for users, and >a program cannot be in "debug mode" forevever. I remember that report. Some parameters went out of the limits that were set for Ariane 4. These limits were not changed for Ariane 5 though it was equipped with the new engines and operation conditions during launch time were quite different. But needed software tests for new operational conditions were not performed properly and we have seen the results. I fully agree that most of the run time checks are usually used in debug mode and they serve for application testing. In release mode most of them are usually turned off. So most of the developing systems provide ability to set parameters for each mode independently and create any additional configuration profile if needed. The more could be done in debug mode the less possibility that something could sneak into release mode. Anyway it was just a joke with some hyperbolic meaning. Record extracted from the plane black box just confirms that: """' ' ' ^~\_+. Regards, Vladimir Olensky.