From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,d901a50a5adfec3c X-Google-Attributes: gid103376,public X-Google-Thread: 1094ba,9f0bf354542633fd X-Google-Attributes: gid1094ba,public From: jbs@yktvmv.watson.ibm.com Subject: Re: Fortran or Ada? Date: 1998/10/03 Message-ID: <19981002.222045.439@yktvmv.watson.ibm.com>#1/1 X-Deja-AN: 397242883 References: <36068E73.F0398C54@meca.polymtl.ca> <6u8r5o$aa4$1@nnrp1.dejanews.com> <360A3446.8AD84137@lmco.com> <6udre0$ha1$1@nnrp1.dejanews.com> <19980925.185359.250@yktvmv.watson.ibm.com> <6uifdr$dog$1@nnrp1.dejanews.com> <19980928.184428.604@yktvmv.watson.ibm.com> <19981002.190123.114@yktvmv.watson.ibm.com> <36156677.7566@lanl.gov> Organization: IBM Newsgroups: comp.lang.fortran,comp.lang.ada Date: 1998-10-03T00:00:00+00:00 List-Id: In article <36156677.7566@lanl.gov>, on Fri, 02 Oct 1998 17:49:11 -0600, William Clodius writes: >jbs@yktvmv.watson.ibm.com wrote: >> >> The report I have says nothing like this. What report are >> you referring to? >> James B. Shearer > >Robert Eachus's comments are "mostly" inferable from the report. He is >correct that the report says (in equivalent words) that "the stack was >destroyed when the engine deflection exceeded the physical stress limits >of the stack (booster and payload)." He is also correct that this >implies that the software did not properly check that such an engine >deflection was safe at that thrust. I suspect that he infers from >presummed best practices that the software would make such a check, and >that it failed because the physical parameters were wrong, and that the >most likely reason that they were wrong was because the Ariane 4 >parameters were used. However, the number of steps used in that >inference are long and while the individual steps are plausible >collectively they are less plausible. Further, whether any other system >malfunction could have caused the software to command that that >deflection is unknown. Actually what the report says is: ! f) Approx. 0.05 seconds later the active inertial reference system, ! identical to the back-up system in hardware and software, failed for the ! same reason. Since the back-up inertial system was already inoperative, ! correct guidance and attitude information could no longer be obtained and ! loss of the mission was inevitable. ! ! g) As a result of its failure, the active inertial reference system ! transmitted essentially diagnostic information to the launcher's main ! computer, where it was interpreted as flight data and used for flight ! control calculations. ! ! h) On the basis of those calculations the main computer commanded the ! booster nozzles, and somewhat later the main engine nozzle also, to make a ! large correction for an attitude deviation that had not occurred. ! ! i) A rapid change of attitude occurred which caused the launcher to ! disintegrate at 39 seconds after H0 due to aerodynamic forces. ! ! j) Destruction was automatically initiated upon disintegration, as ! designed, at an altitude of 4 km and a distance of 1 km from the launch ! pad. I don't see anything in there about the engine deflection being unsafe in itself, it just pointed the rocket in the wrong direction. Presumedly a less extreme deflection (error) would just have delayed the accident a few seconds. James B. Shearer