From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,c4cb2c432feebd9d X-Google-Thread: 1094ba,c4cb2c432feebd9d X-Google-Attributes: gid103376,gid1094ba,public X-Google-Language: ENGLISH,ASCII Path: g2news2.google.com!news3.google.com!border1.nntp.dca.giganews.com!border2.nntp.dca.giganews.com!nntp.giganews.com!peer01.cox.net!cox.net!news-out.ntli.net!newsrout1-gui.ntli.net!ntli.net!news.highwinds-media.com!newspeer1-win.ntli.net!newsfe2-gui.ntli.net.POSTED!53ab2750!not-for-mail From: "Dr. Adrian Wrigley" Subject: Re: Ada vs Fortran for scientific applications User-Agent: Pan/0.14.2 (This is not a psychotic episode. It's a cleansing moment of clarity.) Message-Id: Newsgroups: comp.lang.ada,comp.lang.fortran References: <0ugu4e.4i7.ln@hunter.axlog.fr> <%P_cg.155733$eR6.26337@bgtnsc04-news.ops.worldnet.att.net> <6H9dg.10258$S7.9150@news-server.bigpond.net.au> <1hfv5wb.1x4ab1tbdzk7eN%nospam@see.signature> <4e078qF1cb6frU1@individual.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Date: Mon, 29 May 2006 13:47:20 GMT NNTP-Posting-Host: 82.10.238.153 X-Trace: newsfe2-gui.ntli.net 1148910440 82.10.238.153 (Mon, 29 May 2006 14:47:20 BST) NNTP-Posting-Date: Mon, 29 May 2006 14:47:20 BST Organization: NTL Xref: g2news2.google.com comp.lang.ada:4581 comp.lang.fortran:10425 Date: 2006-05-29T13:47:20+00:00 List-Id: On Mon, 29 May 2006 14:21:16 +0200, Jan Vorbr�ggen wrote: >> The adverse consequences of exceeding bounds can be seen to >> outweigh the (usually) modest costs in code size and performance that >> even mature code should ship with checks enabled, IMO. > > I am of the opinion that the Ariane 5 exprience shows that this is not > true in general. Had that exception been caught and dismissed by a last- > chance exception handler, the flight would have succeeded. The point is > that while some exceptions could be generated, there was no clear way of > handling them in any useful way, so ignoring them at least gives a chance > of success in such a situation, while just shutting down by default will > guarantee failure. An operational weather forecast is a similar situation: > I'd rather have at least some results _now_, instead of restarting the > prediction (after the bug has been fixed) and getting them just after the > storm surge has drowned a lot of people. I think you're saying code shouldn't check for serious errors if the system shuts down when they're found! Surely this is application dependent? Banking software users might prefer the program to be stopped, while critical flight control software users might prefer to pray. I am comparing code compiled with array bounds and range checks against code with no such checks. With no checks, reading and writing of completely unrelated data sometimes occurs causing unbounded errors. With checks, exceptions can be raised, and the failure is bounded. Usually, a system can be designed to do something better than scribbling over unrelated memory! You seem to be comparing different ways of handling unanticipated exceptions. Shutting down the system vs. dismissal by a last-chance handler. I agree with you on this point, for certain applications. Making a generalisation on error detection from Araine 5 seems a bit rash though. Most software is not fail-deadly. And if it is, it gets some testing at the task in hand. And if it can't be tested, execution errors are checked and handled usefully. Clearly, Ariane 5's case is not representative of the vast bulk of real-world code. -- Adrian