From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID
	autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,267eec8ad557a7d0
X-Google-Attributes: gid103376,public
From: Ken Garlington <garlingtonke@lmtas.lmco.com>
Subject: Re: ARIANE-5 Failure
Date: 1996/06/12
Message-ID: <31BEA5F1.33FA@lmtas.lmco.com>#1/1
X-Deja-AN: 159860464
references: <834097751.22632.0@assen.demon.co.uk> <31B7A88D.446B@lri.fr>
 	<31B7DEDD.E2A@lmtas.lmco.com> <dewar.834172028@schonberg>
 <m2hgskr6lp.fsf@harvey.cyclic.com> <dewar.834362765@schonberg>
 <31bc75ed.1932371@news.cableol.net> <31BEBA98.167EB0E7@escmail.orl.mmc.com>
content-type: text/plain; charset=us-ascii
organization: Lockheed Martin Tactical Aircraft Systems
mime-version: 1.0
newsgroups: comp.lang.ada
x-mailer: Mozilla 2.02 (Macintosh; I; 68K)
Date: 1996-06-12T00:00:00+00:00
List-Id: <comp.lang.ada>


Theodore E. Dennison wrote:
> 
> Still, if thy had named their variables Radius.Velocity_Smoothed_N and
> Radius.Velocity_N (their language probably didn't even allow this), the
> odds of this error being discovered by someone before the failure would
> have been MUCH greater.

Well, this notation would have to have been used in the requirements to be
meaningful, and I don't think most systems engineers want to write
math equations in Ada!

There was a study a few years back by a Dr. Avezziani [sp] attempting to
show the worth of N-version programming. He had several teams use a high-quality
software development process to build a subset of a flight control system.
There was only one common-mode error found. Each team had been given a photocopy 
of the control law diagrams to implement. There was a number, something like
5.122, on one of the gains. However, the smudged photocopy made it look like 
5,122. Each team used the constant 5,122 in their code. (I'm not sure how this
proved the use of N-version programming, but that's another issue).

It's amazing how tiny changes in dense notations add up to big errors. Maybe the 
real lesson learned is to use better equation editors, and avoid the Xerox 
machine!

> 
> --
> T.E.D.
>                 |  Work - mailto:dennison@escmail.orl.mmc.com  |
>                 |  Home - mailto:dennison@iag.net              |
>                 |  URL  - http://www.iag.net/~dennison         |

-- 
LMTAS - "Our Brand Means Quality"