From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Thread: 103376,7e8cebf09cf80560
X-Google-NewGroupId: yes
X-Google-Attributes: gida07f3367d7,domainid0,public,usenet
X-Google-Language: ENGLISH,ASCII-7-bit
Path: 
 g2news2.google.com!news4.google.com!feeder.news-service.com!85.214.198.2.MISMATCH!eternal-september.org!feeder.eternal-september.org!.POSTED!not-for-mail
From: "Alex R. Mosteo" <alejandro@mosteo.invalid>
Newsgroups: comp.lang.ada
Subject: Re: How would Ariane 5 have behaved if overflow checking
 werenotturned off?
Followup-To: comp.lang.ada
Date: Fri, 18 Mar 2011 13:06:44 +0100
Organization: A noiseless patient Spider
Message-ID: <ilvhsl$abd$1@news.eternal-september.org>
References: 
 <a8387564-0835-467d-a461-60a093c38133@k15g2000prk.googlegroups.com>
 <op.vscizsqqlzeukk@jellix.jlfencey.com>
 <4d80b140$0$43832$c30e37c6@exi-reader.telstra.net>
 <op.vsf33xi3z25lew@macpro-eth1.krischik.com>
 <4d81491c$0$43833$c30e37c6@exi-reader.telstra.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7Bit
Injection-Date: Fri, 18 Mar 2011 12:06:45 +0000 (UTC)
Injection-Info: mx03.eternal-september.org;
 posting-host="GTXwwBF3FOlS510nQf8qvQ";
	logging-data="10605"; mail-complaints-to="abuse@eternal-september.org";
	posting-account="U2FsdGVkX1/aKZE2Icr+QSQ14RkpC/Bh"
User-Agent: KNode/4.4.9
Cancel-Lock: sha1:9XOExNkSxNc5zxAbaDA93h/G0K8=
Xref: g2news2.google.com comp.lang.ada:19269
Date: 2011-03-18T13:06:44+01:00
List-Id: <comp.lang.ada>

robin wrote:

> Martin Krischik wrote in message ...
>>Am 16.03.2011, 11:41 Uhr, schrieb robin <robin51@dodo.com.au>:
>>
>>> That was the major blunder that they made,
>>> namely, treating a programming error as a hardware error.
>>
>>Let me repeat: There was no programming error.
> 
> Let me repeat:  The major blunder made was in treating
> a programming error as a hardware error.
> The error was in assuming that there was no possibility of a
> programming error, and therefore it must be hardware error.
> This error was made in the Ariadne 4.
> 
> This attitide that "it can't happen" therefore there's no need to test for
> it is responsible for run-time failures from the early days of
> programming.
> 
> Remember Robert's Law: "Even if it can't go wrong, it will".
> 
> In a real-time system, EVERY possibility must be tested for.

IIRC there was the extra factor of limited CPU budget; not checking this 
conversion (that, again, for Ariane IV would mean a hardware error) would be 
even more justified.

> 
>> The software was correct
>>for the Ariane 4.
> 
> No it wasn't.
> It had unchecked overflow.
> 
>> If at all it was a deployment or management error in
>>installing Ariane 4 software on the Ariane 5.
>>
>>> By doing that, they guaranteed failure of the mission.
> 
> Quite so.