"Dmitry A. Kazakov" wrote in message news:10qtgfusyium5.1fe6t8kirrzbf$.dlg@40tude.net... > On Mon, 29 May 2006 16:17:06 +0200, Jan Vorbr�ggen wrote: > > >> Clearly, Ariane 5's case is not representative of the vast > >> bulk of real-world code. > > > > Quite to the contrary - almost all of the world's code is in embedded > > systems, Winwoes notwithstanding. > > > > But I believe you are overinterpreting what I said. What I wanted to say > > is that error detection without corrective action is not the panacea it > > is sometimes made out to be. > > I think one should clarify what was an error and what was a bug. Properly > detected, but improperly handled errors are bugs. Bugs cannot be handled. Bugs can be handled in many cases. Standard error handling can deal with them. > > In the case of Ariane 501, the correct approach > > IMO would have been to have a test mode (with detection) and a flight mode, > > which turns on the "let's hope and pray" handling of errors and is reserved > > for use only on actual launches. > > I don't think so. The problem (bug) wasn't in an inappropriate handling of > an error. It was a false positive in error detection. Handling was correct, > detection was wrong. ?? There was no handling of the unprotected error in the Ariane 5. The response was to shut down the processor.