From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,f039470e8f537101 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2003-07-24 08:03:01 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!logbridge.uoregon.edu!fu-berlin.de!uni-berlin.de!adsl-213-200-246-247.cybernet.CH!not-for-mail From: Vinzent Hoefler Newsgroups: comp.lang.ada Subject: Re: Ariane5 FAQ Date: Thu, 24 Jul 2003 17:00:49 +0200 Organization: JeLlyFish software Message-ID: References: <1058813341.841940@master.nyc.kbcfp.com> <1058816605.566685@master.nyc.kbcfp.com> <1058969472.350716@master.nyc.kbcfp.com> <1058982513.114816@master.nyc.kbcfp.com> <1059054743.101946@master.nyc.kbcfp.com> Reply-To: v.hoefler@acm.org NNTP-Posting-Host: adsl-213-200-246-247.cybernet.ch (213.200.246.247) Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable X-Trace: news.uni-berlin.de 1059058980 17483883 213.200.246.247 (16 [175126]) X-Newsreader: Forte Agent 1.8/32.548 Xref: archiver1.google.com comp.lang.ada:40765 Date: 2003-07-24T17:00:49+02:00 List-Id: Hyman Rosen wrote: >Vinzent Hoefler wrote: >> It is supect. And what to do, if you *suspect* a wrong value? Pop up a >> window and let a human operator confirm, everything is still good? >> Please also take limited CPU-time into your considerations. > >I don't understand your point. It's a computer program - it's going >to do *something* under these circumstances. Yes, but it's still going to calculate a value that's at least mathematically ok, even *if* sometimes it might be out of the reasonable limits someone could think of at the time of this writing. I just cannot do a lot of decision graphs and perhaps keeping a history of previously read values if I don't have the horse-power to do that. What I mean is that: in the example of a temperature sensor, if I can keep a history, and the sensor says, the last five minutes the temperature raised 5 degrees, I can assume that this is still ok (even if the temperature is outside of the expected limits already), but if it suddenly jumps up from zero to hundred in just a matter of seconds it *must* be wrong. If you've got enough CPU-(and development-)time to implement such rather complex logic (it should work in *all* cases we could think of and even in those we could *not* think of, shouldn't it?) - that's fine. But in most cases I don't have this. My 8 MHz machine for instance is rather restricted to just do what it is supposed to do. Anything else is luxury, I simply can't afford. Oh, and yes, sometimes I'd really like to do a little bit more sanity checking than I actually can. >> But to decide when exactly a particular value is really wrong or not >> is indefinitely harder to make. There is a gray area and you really >> don't want to implement some fuzzy logic in such CPUs. > >It may be hard, but that does not absolve the designer from >deciding what it should do. Noone said this. >If you choose not to decide, you still have made a choice. I decide to say, *every* value that still results in mathematically correct results is useable in some particular algorithm. Any other value should be rejected, just because it is plain wrong, no matter how you look at it. What's left is the decision, *how* to do this then (exception, clamp to maximum, crash, ...). And that's what they did in Ariane 4. Perfectly reasonable, IMO. And please don't tell me, I'm doing something wrong if I say, my machine can drive a stepper motor about a distance of only 16 meters (an arbitrary limit of a 24-bit counter), anything more results in an error message. This is IMO absolutely reasonable and you know why? Because the largest machine is not longer than about 6 meters and if they later should decide to build another one with a length of twenty meters or so, I *have* to reconsider my decision and the implementation, of course. But until then *nobody* should have *any* fucking reason to expect that the old software simply works on a new machine, just because it worked well on the old one. Call me ignorant, but if I'd do what you seem to say, they could use my software at NASA to put it into a new space shuttle with expecting it to work properly, just because I thought of about "everything" someone could think of, even the possibility that someone puts a rocket booster on a 2-ton engraving machine just to send it into orbit. Vinzent. --=20 Parents strongly cautioned -- this posting is intended for mature audiences over 18. It may contain some material that many parents would not find suitable for children and may include intense violence, sexual situations, coarse language and suggestive dialogue.