From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: * X-Spam-Status: No, score=1.1 required=5.0 tests=BAYES_00,INVALID_MSGID, TO_NO_BRKTS_PCNT autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,5ac12f5a60b1bfe X-Google-Attributes: gid103376,public From: "Marin David Condic, 407.796.8997, M/S 731-93" Subject: Re: Ariane 5 - not an exception? Date: 1996/08/08 Message-ID: <96080810134941@psavax.pwfl.com>#1/1 X-Deja-AN: 172984378 sender: Ada programming language comments: Gated by NETNEWS@AUVM.AMERICAN.EDU x-vms-to: SMTP%"INFO-ADA@VM1.NODAK.EDU" newsgroups: comp.lang.ada x-vms-cc: CONDIC Date: 1996-08-08T00:00:00+00:00 List-Id: Francis Lipski writes (with deletions): >> > "A PL/I programmer >> > experienced with real time systems, would have CHALLENGED >> > such a stupid requirement that the computer be shut down by the >> > error-handler in the event of a fixed-point overflow. He would >> > have had it changed. > > Not always possible. If you are in the minority and are unsuccessful >to argue others to your point, what do you do? > That's not always the case. Sometimes, the issue is "Either we do the project with runtime checks supressed or we don't do it at all because we don't have the CPU margin to make it work." Often what you do is turn off most or all of the runtime checks, then implement interrupt service routines to saturate math results on overflows, etc. and hope that will do the trick for any unanticipated errors. If they were running at 80% utilization without runtime checks, including the checks might have left an unacceptable risk. If they had run with checks in place and were at 98% utilization and hit a "corner case" in the software which drove them over 100%, we'd be able to sit here now and criticize them for failing to remove the checks to leave a safety margin on utilization. There's always tradeoffs in engineering. You have to weigh risks and rewards. Risk: public humiliation, billions of $ lost, thousands of casualties. Reward: a certificate with your name on it in a plastic frame. The Ariane 5 engineers have no doubt learned this lesson. With respect to the earlier poster's comments about "experienced PL/I programmers" I'd have to say that smacks of language bigotry. It would be the same sort of thing as saying "experienced German speaking engineers wouldn't have made such a stupid mistake. It's because the engineers were speaking French that the rocket went down." MDC Marin David Condic, Senior Computer Engineer ATT: 407.796.8997 M/S 731-96 Technet: 796.8997 Pratt & Whitney, GESP Fax: 407.796.4669 P.O. Box 109600 Internet: CONDICMA@PWFL.COM West Palm Beach, FL 33410-9600 Internet: CONDIC@FLINET.COM =============================================================================== "Some people say the rainforests must be saved because the cure for cancer might be there. Why aren't these same people worried that the scientist who would have found that cure might be aborted?" -- John Switzer ===============================================================================