OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   Re: [xml-dev] The Airplane Example (was Re: [xml-dev] StreamingXML)

[ Lists Home | Date Index | Thread Index ]

i'm staying with c. at least my compiler with correct function 
prototypes would have forced me to explicitly coerce the value (and in 
the process make me think about the silliness of in general trying to 
put a 64bit float into an int - probablity of failure in this case is 
very high). (and i know you it's an opt in system - but a project like 
ariane i'm assuming would have the money, skill, and motivation to opt 
in correctly)

all that aside, this says a lot about a language designed as a standards 
exercise from the start on the assumption that these sorts of things 
could be completely averted (remember some of the strong typing in ada 
was a direct response to the more lax typing in c and friends). sort of 
cobol tries to become a structured language (don't flame me i know that 
was agressive)

there may be more lessons in that for the xml community and all the 
strct schema checking things happening.

rick

Amelia A Lewis wrote:

>Actually, according to the full report:
>
>http://sunnyday.mit.edu/accidents/Ariane5accidentreport.html
>
>1) the code was written in Ada
>2) the data wasn't type-cast, but converted
>3) the value of the float was out of range for the sixteen-bit integer
>target
>4) the software (ada, remember?) attempted to throw an exception, and
>couldn't
>5) faced with this exceptional condition, the software tried to shut
>down
>6) the redundant unit couldn't do so, because:
>
>Although the source of the Operand Error has been identified, this in
>itself did not cause the mission to fail. The specification of the
>exception-handling mechanism also contributed to the failure. In the
>event of any kind of exception, the system specification stated that:
>the failure should be indicated on the databus, the failure context
>should be stored in an EEPROM memory (which was recovered and read out
>for Ariane 501), and finally, the SRI processor should be shut down.
>
>In other words, because of strong typing and exception handling in Ada,
>Ariane 5 crashed.  Which is perhaps not the argument that you wished to
>support by introducing this example?
>
>Especially as the code in question *had no function during flight for
>Ariane 5*.
>
>Amy!
>On Tue, 04 Jan 2005 16:27:38 -0800
>Daniela Florescu <dflorescu@mac.com> wrote:
>
>  
>
>>  I don't
>>    
>>
>>>think I can recall having *ever* had a program fail because someone
>>>passed a float to a routine that expected an int.  
>>>      
>>>
>>Really !?
>>
>>For an impressive example, just take a look at this:
>>
>>http://www.ima.umn.edu/~arnold/disasters/ariane.html
>>
>>$7 billion dollars lost in an explosion after only a couple of seconds
>>
>>in flight. More then 10 years of work for tens of thousands of people.
>>Fortunately no human loses.
>>
>>My lab at that time (INRIA) was tasked to read the millions of lines
>>of code. There were many problems found, but the cause of the
>>explosion was an unfortunate type conversion implicit in a function
>>call if I recall correctly.
>>
>>That was enough to deviate the rocket.
>>
>>Best regards,
>>Dana
>>
>>
>>-----------------------------------------------------------------
>>The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
>>initiative of OASIS <http://www.oasis-open.org>
>>
>>The list archives are at http://lists.xml.org/archives/xml-dev/
>>
>>To subscribe or unsubscribe from this list use the subscription
>>manager: <http://www.oasis-open.org/mlmanage/index.php>
>>
>>    
>>
>
>
>  
>

begin:vcard
fn:Rick  Marshall
n:Marshall;Rick 
email;internet:rjm@zenucom.com
tel;cell:+61 411 287 530
x-mozilla-html:TRUE
version:2.1
end:vcard





 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS