Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.java.programmer > #7088
| From | Niklas Holsti <niklas.holsti@tidorum.invalid> |
|---|---|
| Newsgroups | comp.lang.java.programmer, comp.lang.c |
| Subject | Re: Arithmetic overflow checking |
| Date | 2011-08-13 21:54 +0300 |
| Organization | Tidorum Ltd |
| Message-ID | <9anviiF606U1@mid.individual.net> (permalink) |
| References | (6 earlier) <36bp17tf79bhbd6hovf9srhmcs1jh1c040@4ax.com> <ivid4r$34o$1@localhost.localdomain> <693db00d-83be-4830-a1fc-262d9d34d672@z15g2000pre.googlegroups.com> <naip179apc4bmtnmlm3mb6t3ru9o179qi0@4ax.com> <9d33ce51-1f6a-4782-8098-a051456532ca@m6g2000prh.googlegroups.com> |
Cross-posted to 2 groups.
lewbloch wrote:
> Gene Wirchenko wrote:
>> lewbloch wrote:
>>> Martin Gregorie wrote:
>> [snip]
>>
>>>> [1] The instrument causing the problem was an unmodified Ariane 4 SRI
>>>> which raised an out-of-limits exception when the normal Ariane 5
>>>> trajectory exceeded a permitted Ariane 4 horizontal velocity limit.
>> ...the Ariane 5 having more powerful engines.
>>
>>> In other words, this was a case where there *was* an out-of-range
>>> exception, thus it makes the exact opposite point to the one Gene
>>> presumably wanted to support.
>> The data I read was that the exception was not handled. IIRC,
>> debugging got interpreted as navigational data.
>>
>
> Precisely. There was an exception, and it was not handled. Having
> the exception was not enough.
There was an exception (overflow in a conversion instruction), and it
was handled. However, the handler was designed for the Ariane 4, where
the designers (after careful analysis of the data ranges for the Ariane
4) decided to assume that an overflow exception indicated a CPU HW
failure, and consequently the handler shut down the CPU. The same
overflow then occurred in the redundant CPU, which also shut down, so
the rocket was left with no guidance.
If the SW had been tested properly, the overflow exception would have
occurred during testing, which would have revealed the flawed
assumptions made in the reuse of the Ariane 4 SW on the Ariane 5. Surely
that would have been better than ignoring the overflow.
The Ariane 501 disaster is a poor guide for this discussion, because of
the difficulty of proper exception handling in that system: you cannot
abort the launch and return to the launch pad. In most applications, it
is much easier to design reasonable and safe exception handlers.
--
Niklas Holsti
Tidorum Ltd
niklas holsti tidorum fi
. @ .
Back to comp.lang.java.programmer | Previous | Next | Find similar
Re: Arithmetic overflow checking Niklas Holsti <niklas.holsti@tidorum.invalid> - 2011-08-13 21:54 +0300
csiph-web