Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!aioe.org!eternal-september.org!feeder.eternal-september.org!.POSTED!not-for-mail
From: markspace <-@.>
Newsgroups: comp.lang.java.programmer,comp.lang.c
Subject: Re: Arithmetic overflow checking
Date: Wed, 13 Jul 2011 13:21:43 -0700
Organization: A noiseless patient Spider
Lines: 20
Message-ID: <ivkuor$9sc$1@dont-email.me>
References: <e7b7711c-93d5-477e-a470-21386854ff6f@j15g2000yqf.googlegroups.com> <s15p17t8vlv6sd9jknplh1eknmq7jnsgts@4ax.com> <jOSdnUKE6ZMiP4HTnZ2dnUVZ_sCdnZ2d@earthlink.com> <iviaa2$52u$1@dont-email.me> <36bp17tf79bhbd6hovf9srhmcs1jh1c040@4ax.com> <ivid4r$34o$1@localhost.localdomain> <693db00d-83be-4830-a1fc-262d9d34d672@z15g2000pre.googlegroups.com> <naip179apc4bmtnmlm3mb6t3ru9o179qi0@4ax.com> <9d33ce51-1f6a-4782-8098-a051456532ca@m6g2000prh.googlegroups.com> <8vlr17d90u9cb63hf64hhstaoamdgsb5je@4ax.com> <b8a1386b-9325-4333-a978-7f7eb2c4254f@g3g2000prf.googlegroups.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Wed, 13 Jul 2011 20:21:47 +0000 (UTC)
Injection-Info: mx04.eternal-september.org; posting-host="5HSAJfqnDjjLFxXZ6WBWEw"; logging-data="10124"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1+Rm7PT014EqRMAIR0ljGiYjpHfCzntAt4="
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20110624 Thunderbird/5.0
In-Reply-To: <b8a1386b-9325-4333-a978-7f7eb2c4254f@g3g2000prf.googlegroups.com>
Cancel-Lock: sha1:8YMbbB4IOHh93Ltc1yClWDeB9t0=
Xref: x330-a1.tempe.blueboxinc.net comp.lang.java.programmer:6171 comp.lang.c:8257

On 7/13/2011 12:16 PM, lewbloch wrote:

> The lesson I derive is that nothing is too simple, trivial or obvious
> to overlook.


What I got from reading that is that the root problem was that the range 
of values that the sensor was capable of producing was not understood. 
Either or both physically producing, or would produce under normal (or 
abnormal) system operation.

It was a failure to understand the the design, and its parameters.  That 
failure of understanding was then propagated down to the code level. 
"We don't need to protect this because an out of range can't happen."

Somewhere, somehow, somebody has to ultimately understand what the 
system does, and when.  If you don't have that, then no amount of 
general wolf-fencing (i.e., catching exceptions) will help, because you 
won't know that the exception even means, let alone what to do about it.