Although the source of the Operand Error has been
identified, this in itself did not cause the mission to
fail. The specification of the exception-handling
mechanism also contributed to the failure. In the event
of any kind of exception, the system specification
stated that: the failure should be indicated on the
databus, the failure context should be stored in an
EEPROM memory (which was recovered and read out for
Ariane 501), and finally, the SRI processor should be
shut down.
In any case, I'd argue that converting a 64-bit float into a 16-bit integer is a much different class of problem from mixing up assignment and comparison operators. But yes, you're right, even Ada is not perfect.
"Besides, they do rockets in C just as well (with certain rules)."
Yes, they do. Those "certain rules" are codified in the MISRA C standard (or derivatives thereof, like with the JPL and JSF coding standards). Said standard is way more strict than the sort of thing normally implied by "C programming".
>In any case, I'd argue that converting a 64-bit float into a 16-bit integer is a much different class of problem from mixing up assignment and comparison operators.
Is it though? Because in the end it's the same issue of conversion between types (coercion vs casting, but still).
"Besides, they do rockets in C just as well (with certain rules)."
Yes, they do. Those "certain rules" are codified in the MISRA C standard (or derivatives thereof, like with the JPL and JSF coding standards). Said standard is way more strict than the sort of thing normally implied by "C programming".