From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID
	autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,885dab3998d28a4
X-Google-Attributes: gid103376,public
From: "Marin David Condic, 561.796.8997, M/S 731-93" <condicma@PWFL.COM>
Subject: Re: Ariane 5 failure
Date: 1996/10/28
Message-ID: <96102812145520@psavax.pwfl.com>#1/1
X-Deja-AN: 192835589
sender: Ada programming language <INFO-ADA@LISTSERV.NODAK.EDU>
comments: Gated by NETNEWS@AUVM.AMERICAN.EDU
x-vms-to: SMTP%"INFO-ADA@VM1.NODAK.EDU"
newsgroups: comp.lang.ada
x-vms-cc: CONDIC
Date: 1996-10-28T00:00:00+00:00
List-Id: <comp.lang.ada>


robin <rav@GOANNA.CS.RMIT.EDU.AU> writes:
>        >    Of course the truly important thing to remember is that compiler
>        >    generated runtime checks are not a panacea. They *may* have helped
>        >    with the Ariane 5,
>
>The Report said that it could have been done, and obviously,
>it should have.
>
    The point of my statement was in the part of my previous message
    which was inadvertently clipped: I do not disagree that the
    runtime checks should have been done (20/20 hindsight is a
    wonderful thing.) But failure detection is not, in and of itself,
    sufficient. Had the accommodation for the detected failure been
    "Shut down the channel and pass control to the other side", they
    would have been in *exactly* the same place they were without the
    runtime checks. (And this is a *VERY* common defined accommodation
    for dual redundant systems for large classes of errors.)

    procedure ARIANE_FIVE_OPERATION is
    begin
        DO_STUFF_THATS_COOL_TO_RUN_THE_ARIANE_FIVE_ROCKET ;
    exception
        when CONSTRAINT_ERROR | NUMERIC_ERROR => --Yup! Got them runtime checks!
            SHUT_DOWN_THE_CHANNEL_AND_PASS_CONTROL_TO_THE_OTHER_SIDE ; --Boom!
    end ARIANE_FIVE_OPERATION ;

    In other words, the most serious problems with software are bad
    engineering decisions - not the use, or lack thereof, of any given
    language attribute. It's a little like the company which makes
    concrete life-preservers getting ISO-9000 certification. By gum,
    they have a procedure and it's written down and it's adhered to
    with religious fervor by every single employee and they make an
    absolutely flawless concrete life-preserver. But there's still
    something fundamentally wrong with this picture, isn't there?

    MDC

Marin David Condic, Senior Computer Engineer    ATT:        561.796.8997
M/S 731-96                                      Technet:    796.8997
Pratt & Whitney, GESP                           Fax:        561.796.4669
P.O. Box 109600                                 Internet:   CONDICMA@PWFL.COM
West Palm Beach, FL 33410-9600                  Internet:   CONDIC@FLINET.COM
===============================================================================
    "If you don't say anything, you won't be called on to repeat it."

        --  Calvin Coolidge
===============================================================================