From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Thread: 103376,7e8cebf09cf80560
X-Google-NewGroupId: yes
X-Google-Attributes: gida07f3367d7,domainid0,public,usenet
X-Google-Language: ENGLISH,ASCII
Path: 
 g2news2.google.com!postnews.google.com!n1g2000yqm.googlegroups.com!not-for-mail
From: KK6GM <mjsilva@scriptoriumdesigns.com>
Newsgroups: comp.lang.ada
Subject: Re: How would Ariane 5 have behaved if overflow checking were
 notturned off?
Date: Wed, 16 Mar 2011 12:40:00 -0700 (PDT)
Organization: http://groups.google.com
Message-ID: <d6e065fb-7271-42d5-812c-83912c8721a5@n1g2000yqm.googlegroups.com>
References: 
 <a8387564-0835-467d-a461-60a093c38133@k15g2000prk.googlegroups.com>
 <op.vscizsqqlzeukk@jellix.jlfencey.com>
 <4d80b140$0$43832$c30e37c6@exi-reader.telstra.net>
 <op.vsf7vmtblzeukk@jellix.jlfencey.com>
 <4d810172$0$4954$a8266bb1@postbox2.readnews.com>
NNTP-Posting-Host: 12.35.64.226
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Trace: posting.google.com 1300304400 15967 127.0.0.1 (16 Mar 2011 19:40:00
 GMT)
X-Complaints-To: groups-abuse@google.com
NNTP-Posting-Date: Wed, 16 Mar 2011 19:40:00 +0000 (UTC)
Complaints-To: groups-abuse@google.com
Injection-Info: n1g2000yqm.googlegroups.com; posting-host=12.35.64.226;
 posting-account=qZVz2QoAAAAN9WxYp-9jYb7jORc4Zqwt
User-Agent: G2/1.0
X-HTTP-Via: 1.1 barracudaweb.tritool.rancho:8080 (http_scan/4.0.2.6.19)
X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
 Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30;
 .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MDDR; .NET4.0C; .NET4.0E;
 InfoPath.1),gzip(gfe)
Xref: g2news2.google.com comp.lang.ada:19224
Date: 2011-03-16T12:40:00-07:00
List-Id: <comp.lang.ada>

On Mar 16, 11:29=A0am, Hyman Rosen <hyro...@mail.com> wrote:
> How about this for the essential flaw: Does it really make
> sense to create data types in your program that are so closely
> tied to external factors like rocket speed limits and angles?
> Why not use data types that could handle the full range of
> values from the sensor? The approach used seems incredibly
> brittle, and in fact turned out to be so.

Here's the alternative, for the Ariane situation.  A float value gets
converted to a 16-bit integer.  The float value is too big to fit
(let's say it's 33000).  What 16-bit int will that get converted to?
-31000?  Some random value?  How does continuing along with bogus data
make the situation better?  Will the control loops really work OK with
bogus feedback data?

If you have determined via thorough analysis that the variable in
question can only _ever_ have a valid range of e.g. -20000 to 20000,
and it goes to 33000, what _is_ the right action?