On Jan 17, 1:43 pm, Paul Rubin <http://phr...@nospam.invalid> wrote: > Bruno Desthuilliers <bdesth.quelquech...@free.quelquepart.fr> writes: > > Once again, there's quite a lot to learn from > > the story of Ariane 5. > > Do you know what actually happened with Ariane 5? The failure was > because "smart" humans overrode the language enforced protection by > casting a floating point number down to a 16-bit integer, which worked > ok in Ariane 4, but failed with an overflow on Ariane 5 where bigger
So this turns out to be an example of a failure due, not to the *rigidity* of Ada, but to its *permissiveness* in allowing such a cast. Had such a cast not been allowed, the people who complain about the "rigidity" of Ada would have complained that much more. I don't know which variant of Ada was used here, but something called the "Ravenscar Profile" is a reduced subset of Ada that might have prevented this error (though I haven't verified this). Then there is Spark Ada, which supposed to be much safer than even Ada. > numbers were involved. The actual code fragment is here, and you can > see where the error is suppressed: > > http://www-aix.gsi.de/~giese/swr/ariane5.html > > This is one thing that Python gets right, automatically using bignums > rather than allowing int overflow. In that sense, Python has more > enforced protection than Ada. True, but Ada does not have the luxury of just using doubles and "bignums" everywhere, because it needs to work on cheap processors too. But perhaps it could somehow be configured to do so by the user if sufficiently powerful computers are being used. -- http://mail.python.org/mailman/listinfo/python-list
