From mboxrd@z Thu Jan 1 00:00:00 1970 To: 9fans@cse.psu.edu From: Anssi Porttikivi Message-ID: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit References: <3EB1E0F1.6060908@null.net>, <2c48f76cc19c912eb71595a28defda34@mightycheese.com> Subject: Re: [9fans] exception handling caused the Ariane 5 rocket accident Date: Wed, 14 May 2003 08:57:04 +0000 Topicbox-Message-UUID: aacdac0c-eacb-11e9-9e20-41e7f4b1d025 rob@mightycheese.com (rob pike, esq.) wrote in message news:<2c48f76cc19c912eb71595a28defda34@mightycheese.com>... [About "exceptions":] > > Basically, it's a way to impose order on chaos. > > and replace it with a mysterious, hard to understand > mechanism with a tendency to overlay a program's > structure with confusing, noisy error-handling > details. > > i'm not a fan of exceptions. good programming > can trump them every time; bad exception handling > can destroy a program. they're an interesting idea > but i judge them a failure. > > -rob Lack of understanding and too much reliance on the existence of upper level exception handling in the Ada language caused the blow up of the Ariane 5 rocket in 1996: "The internal SRI software exception was caused during execution of a data conversion from 64-bit floating point to 16-bit signed integer value. The floating point number which was converted had a value greater than what could be represented by a 16-bit signed integer. This resulted in an Operand Error. The data conversion instructions (in Ada code) were not protected from causing an Operand Error, although other conversions of comparable variables in the same place in the code were protected." (Google, "ariane 5 failure") C.A.R Hoare talked about this in his 1980 Turing award lecture: "...Gradually, these [Ada design] objectives have been been sacrificed in favor of power, supposedly achieved by a plethora of features and notational conventions, many of them unnecessary and some of them, like exception handling, even dangerous..." "...Do not allow this language (Ada) in its present state to be used in applications where reliability is critical, i.e., nuclear power stations, cruise missiles, early warning systems, anti-ballistic missile defense systems. The next rocket to go astray as a result of a programming language error may not be an exploratory space rocket on a harmless trip to Venus: It may be a nuclear warhead exploding over one of our cities..." (Google, "hoare turing")