From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=BAYES_00,MAILING_LIST_MULTI autolearn=unavailable autolearn_force=no version=3.4.4 X-Google-Thread: 103376,ac9405996d0dcb7f X-Google-Attributes: gid103376,public X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news2.google.com!proxad.net!usenet-fr.net!enst.fr!melchior!cuivre.fr.eu.org!melchior.frmug.org!not-for-mail From: "Alexander E. Kopilovich" Newsgroups: comp.lang.ada Subject: Re: Would You Fly an Airplane with a Linux-Based Control System? Date: Wed, 1 Dec 2004 05:51:34 +0300 (MSK) Organization: Cuivre, Argent, Or Message-ID: References: <20619edc.0411300720.13fa9d7b@posting.google.com> NNTP-Posting-Host: lovelace.ada-france.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: melchior.cuivre.fr.eu.org 1101869579 73148 212.85.156.195 (1 Dec 2004 02:52:59 GMT) X-Complaints-To: usenet@melchior.cuivre.fr.eu.org NNTP-Posting-Date: Wed, 1 Dec 2004 02:52:59 +0000 (UTC) To: comp.lang.ada@ada-france.org Return-Path: In-Reply-To: <20619edc.0411300720.13fa9d7b@posting.google.com>; from Mike Silva at 30 Nov 2004 07:20:01 -0800 X-Mailer: Mail/@ [v2.44 MSDOS] X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at ada-france.org X-BeenThere: comp.lang.ada@ada-france.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Gateway to the comp.lang.ada Usenet newsgroup" List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Xref: g2news1.google.com comp.lang.ada:6681 Date: 2004-12-01T05:51:34+03:00 Mike Silva wrote: > At least equally important is that they determined, through analysis, > that data for the variable in question that exceeded the range of a > 16-bit integer could only be due to a hardware problem, and that the > code should act accordingly (switch to backup hardware). They had > "protected" other similar conversions but determined that this > conversion should be left unprotected (capable of generating an > out-of-range exception). To quote from the report: > > "The reason for the three remaining variables, including the one > denoting horizontal bias, being unprotected was that further reasoning > indicated that they were either physically limited or that there was a > large margin of safety, a reasoning which in the case of the variable > BH turned out to be faulty. It is important to note that the decision > to protect certain variables but not others was taken jointly by > project partners at several contractual levels." > > Thus if one of these variable conversions produced an out-of-range > result it was considered to indicate a hardware failure, and that the > designated action for hardware failure was appropriate. Yes, they dealt with their data checks very selectively. And yes, this is important indeed to recognize that, if one studies the case to that depth, from a programmer's viewpoint. (But it is outside of FAQ's scope, I think... at least outside of the scope of Observer's version of the FAQ; anyway, I believe that those persons who are able to recognize that importance and are interested in it, can and should read Report from the beginning to the end and acquire that info from there.) Alexander Kopilovich aek@vib.usr.pu.ru Saint-Petersburg Russia