|
| Michel OLAGNON wrote in message <43329DDC.8080702@ifremer-a-oter.fr>...
>
>robin wrote:
>It was not what I call a programming error. The acceleration value
>that did not fit into the 16-bit integer was physically impossible
>with Ariane IV, so during code specification, when that overflow
>possibility was considered (and it was indeed, it is documented),
>it was decided that no exception handling was to be provided since
>a sensor malfunction should have been detected by other tests and
>else no reasonable action could be thought of to deal with a
>physically impossible value.
>
>When people tell me that it was a programming/specification
>error, I ask them: "If you had been in the project software
>specification panel, what course of action would you have suggested
>to handle the exception 'acceleration value does not fit
>into the 16-bit integer range' when you know that the sensor
>works correctly and that the physical upper bound must fit ?"
Ever heard of Roberts' Law ? -- Even if it can't go wrong, it will.
|
|