:: Re: [DNG] Studying C as told. (For …
Top Page
Delete this message
Reply to this message
Author: Didier Kryn
Date:  
To: dng
Subject: Re: [DNG] Studying C as told. (For help)
Le 04/07/2016 17:20, Rainer Weikusat a écrit :
> Didier Kryn <kryn@???> writes:
>> Le 03/07/2016 23:17, Hendrik Boom a écrit :
>>> On Fri, Jun 24, 2016 at 01:36:14PM -0400, Peter Olson wrote:
>>>
>>>> Can I download your compiler that fixes all my mistakes? I could really use such a tool.
>>> Yes, as a matter of fat you can -- almost.
>>>
>>> Two languages I use have the property that once the program gets
>>> through the compiler, almost all the bugs are gone.
>>>
>>> Modula 3.
>>> OCaml.
>>>
>>> Algol 68 is another one, but lgol 68 compilers are as scarce as hen's
>>> teeth nowdays.
>>>
>>>
>>      Ada also.
> That's why Ada has been used successfully for the most sensational
> fireworks:


     Thanks Rainer for this very interesting link. Let me extract the 
root of the explanation:


<<The internal SRI software exception was caused during execution of a
data conversion from 64-bit floating point to 16-bit signed integer
value. The floating point number which was converted had a value greater
than what could be represented by a 16-bit signed integer. This resulted
in an Operand Error. The data conversion instructions (in Ada code) were
not protected from causing an Operand Error, although other conversions
of comparable variables in the same place in the code were protected.>>

     So there were functions in this program to convert 64-bit floating 
point to 16-bit integer. This isn't something built in the language not 
even in the compiler. This is something which should obviously be 
programmed with great care and considering the range of possible values. 
Think of it: the function is not the same if you want to convert numbers 
in the range  [10**99, +10**99] or [-10**3, 10**3]. The function 
explicitely assumes that the floating point value is in a known range. 
The range was decided for Ariane4 and the same code was reused for 
Ariane5, for which the input value given by the sensor is different. 
Logically an exception was raised at run time.


     First error: reuse the code with a different hardware; second 
error: neglect to intercept the exception. Not sure giving an absurd 
result would do a better job than raising an exception, though. The 
company in charge has done a very bad job. If the code was written in 
Ada, it is probably because it was a requirement, otherwise they would 
have saved even more money by writing it in wtf language.


     I doubt any of the experts who have read this report has concluded 
it should better be written in another language. But even the best 
language doesn't protect against all human misbehaviours.


     Didier