Flying With Python (Strong versus Weak Typing)

Bengt Richter bokr at oz.net
Sun Mar 16 14:59:03 EST 2003 

On Wed, 12 Mar 2003 15:53:45 -0600, Matthew Knepley <knepley at mcs.anl.gov> wrote:

>>>>>> ">" == Peter Hansen <peter at engcorp.com> writes:
>
>  >> Dennis Lee Bieber wrote:
>  >> 
>  >> laotseu fed this fish to the penguins on Tuesday 11 March 2003 06:41 pm: > Second thing : > Ariane crashed because
>  >> of a bug in an ADA module. ADA is very strongly > *and* statically typed.
>  >> >
>  >> The module was fine -- for the previous generation of Ariane.
>  >> 
>  >> If I read correctly, one of the reports available on-line, the closest one can come to is that the module which
>  >> failed was not coded to trap an exception condition and recover.
>
>  >> There was a lengthy discussion of this in the Extreme Programming mailing list at one point.  I can't recall the
>  >> conclusion, but after rereading your quotations it seems to me that this is a case where adequate testing could
>  >> have "easily" identified the problem.
>
>  >> It would be interesting to know what tests where actually done, but my guess is that unit tests for the individual
>  >> routines involved was not one of them, or that those tests where quite inadequate (not checking behaviour in the
>  >> case of an out-of-bounds value, for example).
>  If you read the report cited closely, you will see that they did in fact identify
>  this location in their tests as something that could throw an out-of-bounds
>  exception (along with about 100 others), but chose not to protect it since the
>  cost of recoding was high. Some bets lose.
>
I find it surprising that (apparently, from what you describe) the software was not
tested in a context accurately simulating the intended launch and perturbations around
expected performance. I.e., it should be possible to build a computer-driven test stand
where you could plug in the on-board computers and not have them "know" that they are
not in an actually launched rocket, so you could have real-time virtual
system dress rehearsals.

Ditto for unit testing the culprit module.

Regards,
Bengt Richter

More information about the Python-list mailing list