From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 101deb,f96f757d5586710a X-Google-Attributes: gid101deb,public X-Google-Thread: f43e6,5ac12f5a60b1bfe X-Google-Attributes: gidf43e6,public X-Google-Thread: 103376,5ac12f5a60b1bfe X-Google-Attributes: gid103376,public From: jsa@alexandria (Jon S Anthony) Subject: Re: Ariane 5 - not an exception? Date: 1996/08/01 Message-ID: #1/1 X-Deja-AN: 171461647 sender: news@organon.com (news) references: <4t9vdg$jfb@goanna.cs.rmit.edu.au> organization: Organon Motives, Inc. newsgroups: comp.software-eng,comp.lang.ada,comp.lang.pl1 Date: 1996-08-01T00:00:00+00:00 List-Id: In article <4totv7$o9f@goanna.cs.rmit.edu.au> rav@goanna.cs.rmit.edu.au (++ robin) writes: > ---The choice of language is indeed very relevant. > What I wrote in an earlier posting on this topic is highly > apt: Not in this particular case. It could have been written in anything and it would not have made a difference (assuming it was "correctly" written, i.e., conforming to spec. > >Had the designers of the system allowed the > >implementors to use Ada exception mechanisms fully > >and properly they could have localized the failure > >to, at worst, the alignment function > > ---But all it needed was a check that the value was in range. > Such checks had been included on other similar conversions in > the vicinity! Irrelevant. The point is that the requirements stated that the program was to proceed as it did. As several have pointed out this was not a "programming" error. > >(which > >was not necessary at the time of the failure anyway) > > ---what? The OBC was using the attitude information to > direct the nozzles. It was their [the nozzles] sudden change The point is the particular system in question was only relevant _prior_ to launch. Since it was clearly after launch that the failure happened it should have been irrelevant. > "This project might well have been written in PL/I, which First, PL/I has nothing "extra" here at all. Second, if the thing had been written in PL/I and it had been in conformance with the requirements, the thing would have failed. Of course, you could claim that were it written in PL/I it would not likely be in conformance and then it might not have failed. Shrug. /Jon -- Jon Anthony Organon Motives, Inc. 1 Williston Road, Suite 4 Belmont, MA 02178 617.484.3383 jsa@organon.com