From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM
	autolearn=ham autolearn_force=no version=3.4.4
X-Google-Thread: 103376,7e8cebf09cf80560
X-Google-NewGroupId: yes
X-Google-Attributes: gida07f3367d7,domainid0,public,usenet
X-Google-Language: ENGLISH,UTF8
Path: 
 g2news1.google.com!news1.google.com!goblin1!goblin2!goblin.stu.neva.ru!aioe.org!.POSTED!not-for-mail
From: =?utf-8?Q?Yannick_Duch=C3=AAne_=28Hibou57?=
 =?utf-8?Q?=29?=
 <yannick_duchene@yahoo.fr>
Newsgroups: comp.lang.ada
Subject: Re: How would Ariane 5 have behaved if overflow checking were not
 turned off?
Date: Mon, 14 Mar 2011 20:25:04 +0100
Organization: Ada @ Home
Message-ID: <op.vsclj2zhule2fv@index.ici>
References: 
 <a8387564-0835-467d-a461-60a093c38133@k15g2000prk.googlegroups.com>
 <2442baf5-d53e-4e9a-bbe6-6803feead512@r19g2000prm.googlegroups.com>
NNTP-Posting-Host: zo4Vlr7joBQdpxPXBbdFJA.user.speranza.aioe.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes
Content-Transfer-Encoding: Quoted-Printable
X-Complaints-To: abuse@aioe.org
User-Agent: Opera Mail/11.01 (Linux)
X-Notice: Filtered by postfilter v. 0.8.2
Xref: g2news1.google.com comp.lang.ada:18188
Date: 2011-03-14T20:25:04+01:00
List-Id: <comp.lang.ada>

Le Mon, 14 Mar 2011 17:17:10 +0100, KK6GM <mjsilva@scriptoriumdesigns.co=
m>  =

a =C3=A9crit:
> It really all comes back to the essential question, if variable X is
> known, PROVEN, to never exceed the range A..B, and suddenly it does
> exceed that range, what is the correct action?  You can't just throw
> it away and read it again, since in the Ariane 5 case it would have
> continued to exceed its proven valid range.  So what do you do?
Seems the proof was rather weak there ;)

I suppose the =E2=80=9Cproven=E2=80=9D here mean =E2=80=9Cphysically pro=
ven=E2=80=9D (by some physic  =

properties of the engine) and not =E2=80=9Clogically proven=E2=80=9D as =
impossible to  =

happen in the driver software. Defensive programming may have been an  =

option here; if there was something wrong in the input, may be that was =
 =

because the engine behave unexpectedly. Such a case (just like erroneous=
  =

human input would be) should be caught by defensive programming. What to=
  =

do next ? Well, first raise an alarm (to the control center), then trigg=
er  =

some automatic urgency sequence.

Any way, the way this happened, that seems unlikely the ship could be  =

saved (any urgency sequence could perhaps attempt to avoid collateral  =

damages, no more)

Seems relevant or not ?

-- =

Si les chats miaulent et font autant de vocalises bizarres, c=E2=80=99es=
t pas pour  =

les chiens.

=E2=80=9CI am fluent in ASCII=E2=80=9D [Warren 2010]