From: "Vinzent Hoefler" <0439279208b62c95f1880bf0f8776eeb@t-domaingrabbing.de>
Subject: Re: How would Ariane 5 have behaved if overflow checking were not turned off?
Date: Sun, 20 Mar 2011 11:42:57 +0100
Date: 2011-03-20T11:42:57+01:00 [thread overview]
Message-ID: <op.vsm1dvcolzeukk@jellix.jlfencey.com> (raw)
In-Reply-To: 4d8475d5$0$43834$c30e37c6@exi-reader.telstra.net
robin wrote:
> So the specification was to guarantee failure?
If you want to put it that way, yes. If Ariane 4 would have encountered
such a value in _both_ SRIs, the safest assumption at this point would
have been a complete failure. Mission aborted, all doomed.
> They chose not to protect three data conversions, thinking that it [overflow]
> couldn't happen.
NO. They did not protect it, because they knew if the overflow happened,
it must have been a hardware problem.
> Because those three data conversions [from floating-point to 16-bit signed integer]
> were not protected, they could raise an overflow exception.
> One of them did, and thus guaranteed failure of the mission.
Yes. What's your point?
>> Specwise the overflow could only be interpreted as a hardware fault
>> at that point. A reboot (what a lot of systems would try) would take
>> too long for the system, so the requirement was to cease operation.
>> And it did exactly that. _Any_ error handler would have been required
>> to do that -
>
> The job of the programmer was to prevent such an error occurring.
> The four other similar conversions HAD protection,
Because they were more likely to happen under certain circumstances.
> so it wasn't as you say, namely, that "overflow could only be
> interpreted as a hardware fault".
It was precisely that. If the digital speedometer in your car suddenly
jumps from say 100 mph to 32767 mph, what would you assume? A hardware
fault (in the sensor preferrably) or a real reading?
>> and the one in place (which was just the default handler)
>> did it quite as well as any other.
>>
>> You're trying to blame the software for following its specification?
>
> It wasn't following the specification. It was important that
> such a conversion error be protected, and not to shut down the system.
On the contrary. It was not specified to continue flight beyond operation
limits.
Vinzent.
--
A C program is like a fast dance on a newly waxed dance floor by people carrying
razors.
-- Waldi Ravens
next prev parent reply other threads:[~2011-03-20 10:42 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-14 15:49 How would Ariane 5 have behaved if overflow checking were not turned off? Elias Salomão Helou Neto
2011-03-14 16:17 ` KK6GM
2011-03-14 19:25 ` Yannick Duchêne (Hibou57)
2011-03-14 19:28 ` Vinzent Hoefler
2011-03-14 20:28 ` KK6GM
2011-03-15 4:02 ` Yannick Duchêne (Hibou57)
2011-03-15 4:53 ` Shark8
2011-03-14 18:29 ` Vinzent Hoefler
2011-03-16 10:41 ` How would Ariane 5 have behaved if overflow checking were notturned off? robin
2011-03-16 15:16 ` Simon Wright
2011-03-17 11:48 ` robin
2011-03-16 16:58 ` Martin Krischik
2011-03-16 23:39 ` How would Ariane 5 have behaved if overflow checking werenotturned off? robin
2011-03-17 18:48 ` Vinzent Hoefler
2011-03-18 12:06 ` Alex R. Mosteo
2011-03-18 21:15 ` How would Ariane 5 have behaved if overflow checking were not turned off? robin
2011-03-20 10:42 ` Vinzent Hoefler
2011-03-20 17:06 ` How would Ariane 5 have behaved if overflow checking werenotturned off? Martin Krischik
2011-03-20 17:11 ` Martin Krischik
2011-03-20 18:10 ` Dmitry A. Kazakov
2011-03-21 13:24 ` Leif Roar Moldskred
2011-03-20 13:07 ` How would Ariane 5 have behaved if overflow checking were notturned off? Florian Weimer
2011-03-20 17:00 ` Martin Krischik
2011-03-20 20:17 ` Florian Weimer
2011-03-20 20:37 ` Vinzent Hoefler
2011-03-20 20:14 ` Vinzent Hoefler
2011-03-16 18:20 ` Vinzent Hoefler
2011-03-16 18:29 ` Hyman Rosen
2011-03-16 18:55 ` Vinzent Hoefler
2011-03-16 19:40 ` KK6GM
2011-03-16 20:52 ` Hyman Rosen
2011-03-16 21:02 ` KK6GM
2011-03-16 21:09 ` Shark8
2011-03-16 21:13 ` Hyman Rosen
2011-03-16 21:35 ` Shark8
2011-03-16 22:27 ` Vinzent Hoefler
2011-03-16 21:04 ` Shark8
2011-03-16 21:10 ` Hyman Rosen
2011-03-16 21:27 ` KK6GM
2011-03-16 21:31 ` Shark8
2011-03-16 22:32 ` Vinzent Hoefler
2011-03-18 21:14 ` How would Ariane 5 have behaved if overflow checking were not turned off? robin
2011-03-16 23:46 ` How would Ariane 5 have behaved if overflow checking werenotturned off? robin
2011-03-17 0:26 ` Simon Wright
2011-03-17 11:01 ` Georg Bauhaus
2011-03-17 11:04 ` robin
2011-03-17 13:36 ` Niklas Holsti
2011-03-18 21:13 ` How would Ariane 5 have behaved if overflow checking were not turned off? robin
2011-03-19 10:12 ` Niklas Holsti
2011-03-17 22:51 ` How would Ariane 5 have behaved if overflow checking werenotturned off? Vinzent Hoefler
2011-03-18 21:13 ` How would Ariane 5 have behaved if overflow checking were not turned off? robin
2011-03-20 10:42 ` Vinzent Hoefler [this message]
2011-03-15 6:28 ` Stephen Leake
2011-03-15 17:32 ` Keith Thompson
2011-03-15 17:40 ` KK6GM
2011-03-15 19:44 ` Robert A Duff
2011-03-15 19:12 ` Florian Weimer
2011-03-15 19:45 ` KK6GM
2011-03-15 19:57 ` Vinzent Hoefler
2011-03-20 13:00 ` Florian Weimer
2011-03-20 20:13 ` Vinzent Hoefler
2011-03-15 19:42 ` John B. Matthews
2011-03-17 11:44 ` robin
2011-03-17 18:37 ` Vinzent Hoefler
2011-03-17 23:04 ` How would Ariane 5 have behaved if overflow checking were notturned off? robin
2011-03-18 15:55 ` Vinzent Hoefler
2011-03-17 21:37 ` How would Ariane 5 have behaved if overflow checking were not turned off? Vinzent Hoefler
2011-03-16 10:33 ` robin
2011-03-16 15:08 ` Simon Wright
2011-03-17 12:39 ` robin
2011-03-17 13:41 ` Georg Bauhaus
2011-03-17 23:34 ` How would Ariane 5 have behaved if overflow checking were notturned off? robin
2011-03-18 12:57 ` Hyman Rosen
2011-03-18 16:49 ` KK6GM
2011-03-18 17:18 ` Dmitry A. Kazakov
2011-03-19 17:55 ` Keith Thompson
2011-03-20 18:39 ` Robert A Duff
2011-03-17 18:43 ` How would Ariane 5 have behaved if overflow checking were not turned off? Vinzent Hoefler
2011-03-17 20:58 ` Simon Wright
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox