RE: Is Python your only programming language?

Discussion in 'Python' started by sismex01@hebmex.com, Aug 14, 2003.

  1. Guest

    [Nick Vargish]
    > > So what programming language actually does bridge the gap between
    > > "thousands of lives depend on the code working right" and "getting
    > > this up and running quickly"?


    [Van Gale]
    > I think that Ada is one of the few languages capable of being used on
    > "lives depend on it" systems. It's not anything special about the
    > language in particular, but rather the immense amount of
    > man-hours and time spent in writing checking and analysis tools.
    > That includes tools that can verify an Ada program will meet real-time
    > requirements. This kind of tool is really sophisticated (obviously)
    > and would probably be impossible to code for anything but a strong
    > static typed language.


    Coincidently, there's a thread like this on comp.lang.forth, and
    precisely Ada was brought out as an example of a created-for-correctness
    language; but one of the problems with this is brittleness.

    As an example, someone mentioned the Arianne accident, a few years
    back, which was "caused" by a Zero-division error caught by the
    code, which raised some kind of error condition (I don't do Ada).

    BUT, it seems that the segment of code being checked wasn't even
    going to be executed (something about horizontan acceleration),
    and since the rocket was already in the air, that code shouldn't
    have mattered; "if it was C, then the operation would have silently
    failed, and the rocket would have kept flying".

    It's not really a criticism against Ada, but bad systems design/
    implementation; for those cases where lives are at stake, or rocket
    sciences ;-) , you need code coverage tools, extensive unit tests,
    etc... so that absolutely NO untested code lines get into the system.

    anyhow...

    -gustavo


    Advertencia:La informacion contenida en este mensaje es confidencial y
    restringida, por lo tanto esta destinada unicamente para el uso de la
    persona arriba indicada, se le notifica que esta prohibida la difusion de
    este mensaje. Si ha recibido este mensaje por error, o si hay problemas en
    la transmision, favor de comunicarse con el remitente. Gracias.
     
    , Aug 14, 2003
    #1
    1. Advertising

  2. <> wrote in message news:...

    > As an example, someone mentioned the Arianne accident, a few years
    > back, which was "caused" by a Zero-division error caught by the
    > code, which raised some kind of error condition (I don't do Ada).


    No, it was an overflow converting a floating point to integer.
    The module was originally designed for Arianne 4, which had
    different flight characteristics.

    > BUT, it seems that the segment of code being checked wasn't even
    > going to be executed (something about horizontan acceleration),
    > and since the rocket was already in the air, that code shouldn't
    > have mattered; "if it was C, then the operation would have silently
    > failed, and the rocket would have kept flying".


    It was in a background task, that was unnecessary. However the
    exception handling was specified to be: write results to EEPROM
    and halt. It's true that in C one would likely have garbage values
    in the integer, and the error would have gone unnoticed. I'm not
    sure I find that a comforting thought though.

    The full text of the report is on the web, and should be required
    reading:

    http://www.mssl.ucl.ac.uk/www_plasma/missions/cluster/about_cluster/cluster1/ariane5rep.html
     
    Richard Brodie, Aug 14, 2003
    #2
    1. Advertising

  3. Terry Reedy Guest

    "Richard Brodie" <> wrote in message
    news:bhg9nc$...
    > The full text of the [Ariane 5 failure]report is on the web, and

    should be required
    > reading:


    http://www.mssl.ucl.ac.uk/www_plasma/missions/cluster/about_cluster/cluster1/ariane5rep.html

    Having just read this, I second the suggestion. What the report hints
    at is that the 'root' cause of the failure was pride leading to
    complacency -- a trap most anyone can fall into -- and one which one
    language can completely protect against.

    Terry J. Reedy
     
    Terry Reedy, Aug 14, 2003
    #3
  4. Peter Hansen Guest

    Terry Reedy wrote:
    >
    > "Richard Brodie" <> wrote in message
    > news:bhg9nc$...
    > > The full text of the [Ariane 5 failure]report is on the web, and

    > should be required
    > > reading:

    >
    > http://www.mssl.ucl.ac.uk/www_plasma/missions/cluster/about_cluster/cluster1/ariane5rep.html
    >
    > Having just read this, I second the suggestion. What the report hints
    > at is that the 'root' cause of the failure was pride leading to
    > complacency -- a trap most anyone can fall into -- and one which one
    > language can completely protect against.


    Which one?

    Ah, perhaps you meant the "language of humility"? ;-)

    Or maybe you meant "one which *no* language can completely protect against". :)

    -Peter
     
    Peter Hansen, Aug 14, 2003
    #4
  5. Tom Hanks Guest

    "Richard Brodie" <> wrote in message
    [snip]
    > It was in a background task, that was unnecessary. However the
    > exception handling was specified to be: write results to EEPROM
    > and halt. It's true that in C one would likely have garbage values
    > in the integer, and the error would have gone unnoticed. I'm not
    > sure I find that a comforting thought though.


    Yeah, I hate "fail-silently" - it's much simpler to find errors if you
    simply explode the rocket to draw attention to your typo. :)

    TTFN,
    Tom.
     
    Tom Hanks, Aug 15, 2003
    #5
  6. fed this fish to the penguins on Thursday 14 August
    2003 07:40 am:

    > As an example, someone mentioned the Arianne accident, a few years
    > back, which was "caused" by a Zero-division error caught by the
    > code, which raised some kind of error condition (I don't do Ada).
    >

    There's been a long thread on this on comp.lang.ada... But the short
    gist is that the code worked perfectly well -- FOR THE ARIANE 4 IT HAD
    BEEN WRITTEN FOR. The A-5 team was given this chunk of code and told to
    use, but the vagarities of management was such that 1) no cross check
    of requirement changes was made (on the A-4, any such out of range
    value /did/ mean the booster had lost it and a destruct was needed); no
    test simulations were performed.

    On the A-4, this section of code was designed to run for 40 seconds
    after (main engine ignition?) start; apparently the A-4 could still
    have been put into a hold state, and this code was meant to update
    position information to allow for a delayed launch. The A-5 equivalent
    was not hold-able, and the code would not be needed after launch -- so
    a requirement mismatch existed, combined with the higher performance of
    the A-5, which was also not tested against the code.

    This was a case of plugging a traction control system designed for a
    sports car (low CoG, high G tires) into an SUV (high CoG, low G
    capability) without adjusting the parameters, and then blaming the
    control system code when the SUV starts skidding and tipping over.

    --
    > ============================================================== <
    > | Wulfraed Dennis Lee Bieber KD6MOG <
    > | Bestiaria Support Staff <
    > ============================================================== <
    > Bestiaria Home Page: http://www.beastie.dm.net/ <
    > Home Page: http://www.dm.net/~wulfraed/ <
     
    Dennis Lee Bieber, Aug 16, 2003
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ben Finney
    Replies:
    33
    Views:
    803
    Tim Ottinger
    Aug 17, 2003
  2. Jimmy Retzlaff
    Replies:
    1
    Views:
    309
  3. DaveInSidney
    Replies:
    0
    Views:
    421
    DaveInSidney
    May 9, 2005
  4. Casey Hawthorne
    Replies:
    4
    Views:
    1,010
    Jarek Zgoda
    Aug 4, 2006
  5. Suganya
    Replies:
    0
    Views:
    450
    Suganya
    Apr 29, 2008
Loading...

Share This Page