From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM
	autolearn=ham autolearn_force=no version=3.4.4
X-Google-Thread: 103376,7d3cb5920e882220
X-Google-Attributes: gid103376,public,usenet
X-Google-Language: ENGLISH,ASCII-7-bit
Path: 
 g2news1.google.com!news4.google.com!out01b.usenetserver.com!news.usenetserver.com!in02.usenetserver.com!news.usenetserver.com!feeder.news-service.com!newsfeed.freenet.de!news.germany.com!zen.net.uk!dedekind.zen.co.uk!peer.news.zetnet.net!peer-uk.news.demon.net!kibo.news.demon.net!news.demon.co.uk!demon!not-for-mail
From: Simon Wright <simon.j.wright@mac.com>
Newsgroups: comp.lang.ada
Subject: Re: Contracted exceptions for Ada
Date: Mon, 10 Dec 2007 20:25:34 +0000
Organization: Pushface
Message-ID: <m2prxeguv5.fsf@mac.com>
References: 
 <5947aa62-2547-4fbb-bc46-1111b4a0dcc9@x69g2000hsx.googlegroups.com>
 <KoSdnYQKWIUB9cXanZ2dnUVZ_oytnZ2d@comcast.com>
 <uvkiadiwrfh2.wi288ebeq18y.dlg@40tude.net> <fjd2t9$hkg$1@jacob-sparre.dk>
 <7m9wkymyi5h7.1235e72is9mp9.dlg@40tude.net>
 <1355376.ahPdGlRDJW@linux1.krischik.com>
 <1bvj0n3ana6zj.1b1q7na2q2i0a.dlg@40tude.net> <m23aubiufw.fsf@mac.com>
 <5tw4p3ydoalt$.eyhp82hd04ch.dlg@40tude.net>
NNTP-Posting-Host: pogner.demon.co.uk
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: news.demon.co.uk 1197318336 15230 62.49.19.209 (10 Dec 2007 20:25:36
 GMT)
X-Complaints-To: abuse@demon.net
NNTP-Posting-Date: Mon, 10 Dec 2007 20:25:36 +0000 (UTC)
Cancel-Lock: sha1:SjVMOnjG2sF/C7IWVoaSAacmQmI=
User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.1 (darwin)
Xref: g2news1.google.com comp.lang.ada:18866
Date: 2007-12-10T20:25:34+00:00
List-Id: <comp.lang.ada>

"Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> writes:

> On Sun, 09 Dec 2007 18:39:31 +0000, Simon Wright wrote:
>>     In Ariane IV the maximum horizontal velocity is X.
>> 
>>     Therefore we can convert the hardware input to this-type without
>>     worrying about overflow.
>
> Hardware input had a type different from one used later in the
> control circle, because it needed to be converted. So what was the
> contract of that conversion?

The Ariane IV system engineers said to themselves, and probably in the
design documentation, "The maximum horizontal velocity is X. Therefore
the conversion to the fixed-point type _Whatever_ cannot
overflow. Therefore we do not need to handle exceptions for this
conversion, so (given we are short of CPU power) we will not do any
extra processing to avoid exceptions."

Not sure they would have recognised "contract" in that context.

> My point is that the fault could be detected (assuming that
> conversion was in Ada), under the condition that the compiler vendor
> would not make the same mistake while porting the compiler... (:-))

Not if there was no port, and the exact same hardware with the exact
same software was reused! (I'm not sure if that was in fact the case)