From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,FROM_LOCAL_HEX, FROM_STARTS_WITH_NUMS autolearn=no autolearn_force=no version=3.4.4 X-Google-Thread: 103376,7e8cebf09cf80560 X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,UTF8 Path: g2news2.google.com!news4.google.com!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: "Vinzent Hoefler" <0439279208b62c95f1880bf0f8776eeb@t-domaingrabbing.de> Newsgroups: comp.lang.ada Subject: Re: How would Ariane 5 have behaved if overflow checking were notturned off? Date: Wed, 16 Mar 2011 19:20:00 +0100 Message-ID: References: <4d80b140$0$43832$c30e37c6@exi-reader.telstra.net> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes Content-Transfer-Encoding: Quoted-Printable X-Trace: individual.net UahJ4lQc8q7STkqn2AgHFwYh7T0rDMopJ8ZLMe2Gy9h8zfEox3 Cancel-Lock: sha1:BurjYJZxKT7A6Vu8saZZsfzr4gQ= User-Agent: Opera Mail/11.01 (Win32) Xref: g2news2.google.com comp.lang.ada:19219 Date: 2011-03-16T19:20:00+01:00 List-Id: robin wrote: > Vinzent Hoefler <0439279208b62c95f1880bf0f8776eeb@t-domaingrabbing.de>= wrote in message ... >> Elias Salom=C3=83=C2=A3o Helou Neto wrote: > >>> Since then I have been wondering. If compiler checking where actuall= y >>> turned on, what would have happened? > >> The same, according to the specification. > >>> How could it avoid the disaster? > >> Not at all. > > On the contrary., an error handler would have performed > something useful. Precisely what? The _only_ reasonable action at that point was to assume= a hardware error and shutdown the computer. For Ariane 4, that is. > The crux of the matter is that the data bus would not have been > loaded with an error number [which was then treated as guidance data].= AFAIK this was required in case both systems died. And as we know, they did exactly that. I'd assume the possibility of two hardware errors at the same time were considered remote. >> By handling it exactly the way it was supposed to be: > >> Assuming a hardware error and leave control to the redundant subsyste= m. > > That was the major blunder that they made, > namely, treating a programming error as a hardware error. > By doing that, they guaranteed failure of the mission. Again. In the Ariane 4 it would have been exactly that. A hardware error= . There was no freaking way, Ariane 4 could have exceeded the safe range. >>> Which one, if any, is close to reality? > >> As it has been mentioned here many times before, the software behaved= >> exactly as specified and it is very unlikely that _any_ error handlin= g >> could have avoided the problem > > An error handler would have rescued the mission. Only if were not behaving according to the specification. That means if it were buggy - and that's exactly what you snipped from my previous response. Vinzent. -- = A C program is like a fast dance on a newly waxed dance floor by people = carrying razors. -- Waldi Ravens