Re: Ariane 5 Failure - Summary Report

[Ken Garlington <garlingtonke@lmtas.lmco.com>]

Ken Garlington wrote: <nothing!>

Don't know what happened there, but I was just going to point out
that the Ariane 5 report is at:

  http://www.esrin.esa.it/htdocs/tidc/Press/Press96/press33.html

Be sure to read the full report, which is linked to this page. It
goes into some length about the sequence of events (which includes
an Ada exception I never heard of before, Operand Error? Maybe it's user 
defined, or there's a language difference at work).

Definitely good "lessons learned" about:

1. The limits of exceptions (they are only as good as what you can do
when they are raised).

2. The problems with reusing items outside their original environment.

3. The need to check inputs and outputs aggressively.

4. The pitfalls of assuming that testing all of the components of a 
system equates to testing the system, as well as the need to use 
realistic test scenarios.

5. The problems with isolating the safety-critical components of a 
system.

So, anyway, we now have another software package written in Ada that
caused the loss of a system, and again specification and design issues 
outside Ada's control are the culprit. 

-- 
LMTAS - "Our Brand Means Quality"