From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Thread: 103376,ac9405996d0dcb7f
X-Google-Attributes: gid103376,public
X-Google-Language: ENGLISH,ASCII
Path: 
 g2news1.google.com!news2.google.com!proxad.net!freenix!oleane.net!oleane!skymaster!nobody
From: Jean-Pierre Rosen <rosen@adalog.fr>
Newsgroups: comp.lang.ada
Subject: Re: Would You Fly an Airplane with a Linux-Based Control System?
Date: Fri, 26 Nov 2004 13:21:45 +0100
Organization: Adalog
Message-ID: <g477oc.tgc.ln@skymaster>
References: <20619edc.0411251028.3e249bf3@posting.google.com>
 <oSFxff11_F@VB1162.spb.edu>
 <mailman.123.1101469316.10401.comp.lang.ada@ada-france.org>
NNTP-Posting-Host: mailhost.axlog.fr
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
X-Trace: s5.feed.news.oleane.net 1101474454 8105 195.25.228.57 (26 Nov 2004
 13:07:34 GMT)
X-Complaints-To: abuse@oleane.net
NNTP-Posting-Date: Fri, 26 Nov 2004 13:07:34 +0000 (UTC)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr-FR;
 rv:1.7.2) Gecko/20040803
X-Accept-Language: fr-fr, en-us, en
In-Reply-To: <mailman.123.1101469316.10401.comp.lang.ada@ada-france.org>
Xref: g2news1.google.com comp.lang.ada:6508
Date: 2004-11-26T13:21:45+01:00
List-Id: <comp.lang.ada>

Marius Amado Alves a =E9crit :

> No. This whole talk of hardware-generated exception sounds like "FUD". =

> Namely, it sounds like your trying to blame the hardware. The cause was=
=20
> a SOFTWARE enginering error. Yes, a BUG. In the Ada software. And=20
> because it's connected to exceptions, the hypothesis that if the thing =

> had been done in an exceptionless language like C the effect might have=
=20
> been different. And yes, maybe less bad. And none of the explanations=20
> I've seen so far (here, in books, and in the Internet) disprove this=20
> hypothesis.
>=20
Oh no, please...
There was a system design error. The software recognized the error and=20
behaved as required. Now, you are arguing that if the software had not=20
recognized the error, since it was in a module that shouldn't have been=20
running anyway, then it would have been OK.

This would have been a double error having less consequences than a=20
single one. Although it might have been the case, you cannot rely on=20
double errors for safety! Software should be correct "by construction" (t=
m)

--=20
---------------------------------------------------------
            J-P. Rosen (rosen@adalog.fr)
Visit Adalog's web site at http://www.adalog.fr