Le 04/07/2016 17:20, Rainer Weikusat a écrit :
Didier Kryn <[email protected]> writes:
Le 03/07/2016 23:17, Hendrik Boom a écrit :
On Fri, Jun 24, 2016 at 01:36:14PM -0400, Peter Olson wrote:
Can I download your compiler that fixes all my mistakes? I could really use
such a tool.
Yes, as a matter of fat you can -- almost.
Two languages I use have the property that once the program gets
through the compiler, almost all the bugs are gone.
Modula 3.
OCaml.
Algol 68 is another one, but lgol 68 compilers are as scarce as hen's
teeth nowdays.
Ada also.
That's why Ada has been used successfully for the most sensational
fireworks:
Thanks Rainer for this very interesting link. Let me extract the
root of the explanation:
<<The internal SRI software exception was caused during execution of a
data conversion from 64-bit floating point to 16-bit signed integer
value. The floating point number which was converted had a value greater
than what could be represented by a 16-bit signed integer. This resulted
in an Operand Error. The data conversion instructions (in Ada code) were
not protected from causing an Operand Error, although other conversions
of comparable variables in the same place in the code were protected.>>
So there were functions in this program to convert 64-bit floating
point to 16-bit integer. This isn't something built in the language not
even in the compiler. This is something which should obviously be
programmed with great care and considering the range of possible values.
Think of it: the function is not the same if you want to convert numbers
in the range [10**99, +10**99] or [-10**3, 10**3]. The function
explicitely assumes that the floating point value is in a known range.
The range was decided for Ariane4 and the same code was reused for
Ariane5, for which the input value given by the sensor is different.
Logically an exception was raised at run time.
First error: reuse the code with a different hardware; second
error: neglect to intercept the exception. Not sure giving an absurd
result would do a better job than raising an exception, though. The
company in charge has done a very bad job. If the code was written in
Ada, it is probably because it was a requirement, otherwise they would
have saved even more money by writing it in wtf language.
I doubt any of the experts who have read this report has concluded
it should better be written in another language. But even the best
language doesn't protect against all human misbehaviours.
Didier
_______________________________________________
Dng mailing list
[email protected]
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
