----- Original Message -----
From: "Robin" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Sunday, February 29, 2004 10:11 AM
Subject: Re: Stir it up again?
> > Date: Sat, 28 Feb 2004 15:19:40 -0500
> > From: Peter Shenkin <[log in to unmask]>
>
> > On Sat, 28 Feb 2004, 8:03pm -0000, [log in to unmask] wrote:
> > > On Fri, 27 Feb 2004, Richard Maine wrote:
> >
> > > > > ADA still being seriously used?
> > > > Yes. Very much so. Mostly in a pretty limited application
domain...
> >
> > > Indeed. You may recall the failure of ESA's first Ariane-5 rocket:
the
> > > failure to handle an overflow exception properly in ADA was one of
the
> > > chain of mistakes which caused the rocket to blow up.
> >
> > Of course, that never would have happened had they written it
> > in Fortran. :-)
>
> Unlikely, because Fortran then did not include error-handling facilities
> (though in some systems as an extension).
> What was required was a specific software test for overflow.
> Such a test was omitted because they considered that it was unnecessary.
> This was the blunder that they made.
>
Fortunately the Ariane crash didn't involve loss of life.
The Therac-25 fiasco, a cascade of calamities that included undetected
integer overflow (in PDP-11 assembler and not from fp to integer conversion
but a straight wrap around of an integer counter on overflow), resulted in
the death of several cancer victims. Like Conrad Black, Atomic Energy of
Canada Limited tried to shirk responsibility but happily the courts ruled
otherwise.
Even F2003 doesn't have provision for detecting integer overflow.
Ciao,
Gerry T.
______
"Things are not what they seem; or, to be more accurate, they are not only
what they seem, but very much else besides." -- Aldous Huxley.
|