Cart
|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: The Airplane Example (was Re: StreamingXML)
 i'm staying with c. at least my compiler with correct function prototypes would have forced me to explicitly coerce the value (and in the process make me think about the silliness of in general trying to put a 64bit float into an int - probablity of failure in this case is very high). (and i know you it's an opt in system - but a project like ariane i'm assuming would have the money, skill, and motivation to opt in correctly) all that aside, this says a lot about a language designed as a standards exercise from the start on the assumption that these sorts of things could be completely averted (remember some of the strong typing in ada was a direct response to the more lax typing in c and friends). sort of cobol tries to become a structured language (don't flame me i know that was agressive) there may be more lessons in that for the xml community and all the strct schema checking things happening. rick Amelia A Lewis wrote: >Actually, according to the full report: > >http://sunnyday.mit.edu/accidents/Ariane5accidentreport.html > >1) the code was written in Ada >2) the data wasn't type-cast, but converted >3) the value of the float was out of range for the sixteen-bit integer >target >4) the software (ada, remember?) attempted to throw an exception, and >couldn't >5) faced with this exceptional condition, the software tried to shut >down >6) the redundant unit couldn't do so, because: > >Although the source of the Operand Error has been identified, this in >itself did not cause the mission to fail. The specification of the >exception-handling mechanism also contributed to the failure. In the >event of any kind of exception, the system specification stated that: >the failure should be indicated on the databus, the failure context >should be stored in an EEPROM memory (which was recovered and read out >for Ariane 501), and finally, the SRI processor should be shut down. > >In other words, because of strong typing and exception handling in Ada, >Ariane 5 crashed. Which is perhaps not the argument that you wished to >support by introducing this example? > >Especially as the code in question *had no function during flight for >Ariane 5*. > >Amy! >On Tue, 04 Jan 2005 16:27:38 -0800 >Daniela Florescu <dflorescu@m...> wrote: > > > >> I don't >> >> >>>think I can recall having *ever* had a program fail because someone >>>passed a float to a routine that expected an int. >>> >>> >>Really !? >> >>For an impressive example, just take a look at this: >> >>http://www.ima.umn.edu/~arnold/disasters/ariane.html >> >>$7 billion dollars lost in an explosion after only a couple of seconds >> >>in flight. More then 10 years of work for tens of thousands of people. >>Fortunately no human loses. >> >>My lab at that time (INRIA) was tasked to read the millions of lines >>of code. There were many problems found, but the cause of the >>explosion was an unfortunate type conversion implicit in a function >>call if I recall correctly. >> >>That was enough to deviate the rocket. >> >>Best regards, >>Dana >> >> >>----------------------------------------------------------------- >>The xml-dev list is sponsored by XML.org <http://www.xml.org>, an >>initiative of OASIS <http://www.oasis-open.org> >> >>The list archives are at http://lists.xml.org/archives/xml-dev/ >> >>To subscribe or unsubscribe from this list use the subscription >>manager: <http://www.oasis-open.org/mlmanage/index.php> >> >> >> > > > > begin:vcard fn:Rick Marshall n:Marshall;Rick email;internet:rjm@z... tel;cell:+61 411 287 530 x-mozilla-html:TRUE version:2.1 end:vcard 
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! 
Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||
