> Date: Sun, 29 Feb 2004 10:27:18 -0500
> From: Gerry Thomas <[log in to unmask]>
> Fortunately the Ariane crash didn't involve loss of life.
> The Therac-25 fiasco, a cascade of calamities that included undetected
> integer overflow (in PDP-11 assembler and not from fp to integer conversion
> but a straight wrap around of an integer counter on overflow), resulted in
> the death of several cancer victims. Like Conrad Black, Atomic Energy of
> Canada Limited tried to shirk responsibility but happily the courts ruled
> otherwise.
>
> Even F2003 doesn't have provision for detecting integer overflow.
But PL/I has had such provision since 1966 (it handles real-time
applications well)..
BTW, the Ariane integer overflow was not the first such
occurrence.
In 1981 the manned space shuttle STS-2 suffered from an integer
out of range used in a computed goto (the language was assembler).
Luckily the error was picked up by a chance event -- viz., launch
was delayed by a small accident.
The astronauts put in some extra practice for re-entry,
when they found that the code got stuck in a loop with the
operating system.
In the case of Ariane, one would have thought that they would
have put in a little extra effort to make sure that they
did not repeat the STS failure.
> Ciao,
> Gerry T.
