From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,7e8cebf09cf80560 X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news2.google.com!news1.google.com!news.glorb.com!feeder.erje.net!eternal-september.org!feeder.eternal-september.org!.POSTED!not-for-mail From: Simon Wright Newsgroups: comp.lang.ada Subject: Re: How would Ariane 5 have behaved if overflow checking were not turned off? Date: Wed, 16 Mar 2011 15:08:28 +0000 Organization: A noiseless patient Spider Message-ID: References: <4d80b13f$0$43832$c30e37c6@exi-reader.telstra.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Injection-Info: mx01.eternal-september.org; posting-host="dFCm8HWntFqmDIilBLqEJQ"; logging-data="22975"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+8jukGvo9N7kwKyoKJ/lt5ooYKgksNzuw=" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (darwin) Cancel-Lock: sha1:GASTI6rywQPXOyEQIqJq9l9MDns= sha1:vCLh9YAUbq1dHItNuEfc8mY4pQ4= Xref: g2news2.google.com comp.lang.ada:19215 Date: 2011-03-16T15:08:28+00:00 List-Id: "robin" writes: > Anyone competent in real-time programming would never have let the > software go with unhandled overflow, because such an event would > result in failure of the mission. The engineers, being competent in tightly-constrained real-time programming, found that installing exception handlers cost cpu cycles they could not afford, so looked at all the potential overflow sites and found that _this_ one could only occur if there was a hardware failure. Even if they had installed an exception handler, the only proper response would have been to shutdown this node and hand over to the alternate; and this was the action that would result from not having an exception handler in the first place. So, after considerable thought, they decided against having an exception handler. Sounds like good engineering to me.