Home > Archive > Fortran > September 2005 > Re: Ariane (was: What about NANs)
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Re: Ariane (was: What about NANs)
|
|
|
| Michel OLAGNON wrote in message <43315B62.9030105@ifremer-a-oter.fr>...
>
>The famous Ariane V crash was due to an exception in a part of the launch
>software that was a remnant of Ariane IV and whose results were not used
>at all, nor sensible indeed, for Ariane V...
Rather, it was the requirement that for any kind of error,
the error # was to be placed on the data bus and the system halt.
They had considered that the conversion of floating-point to 16 bit integer
couldn't overflow, and so it wasn't protected by exception handling.
Other code in the vicinity was protected by exception handling.
It was a silly programming error.
| |
| Michel OLAGNON 2005-09-22, 7:57 am |
|
robin wrote:
> Michel OLAGNON wrote in message <43315B62.9030105@ifremer-a-oter.fr>...
>
>
>
> Rather, it was the requirement that for any kind of error,
> the error # was to be placed on the data bus and the system halt.
> They had considered that the conversion of floating-point to 16 bit integer
> couldn't overflow, and so it wasn't protected by exception handling.
> Other code in the vicinity was protected by exception handling.
> It was a silly programming error.
>
It was not what I call a programming error. The acceleration value
that did not fit into the 16-bit integer was physically impossible
with Ariane IV, so during code specification, when that overflow
possibility was considered (and it was indeed, it is documented),
it was decided that no exception handling was to be provided since
a sensor malfunction should have been detected by other tests and
else no reasonable action could be thought of to deal with a
physically impossible value.
When people tell me that it was a programming/specification
error, I ask them: "If you had been in the project software
specification panel, what course of action would you have suggested
to handle the exception 'acceleration value does not fit
into the 16-bit integer range' when you know that the sensor
works correctly and that the physical upper bound must fit ?"
|
|
|
|
|