From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,82c2596e4584d057 X-Google-Attributes: gid103376,public From: Ken Garlington Subject: Re: Ariane 5 Failure - Summary Report Date: 1996/07/24 Message-ID: <31F629B8.5FFB@lmtas.lmco.com>#1/1 X-Deja-AN: 169968957 references: <31F60E8A.2D74@lmtas.lmco.com> content-type: text/plain; charset=us-ascii organization: Lockheed Martin Tactical Aircraft Systems mime-version: 1.0 newsgroups: comp.lang.ada x-mailer: Mozilla 2.02 (Macintosh; I; 68K) Date: 1996-07-24T00:00:00+00:00 List-Id: Ken Garlington wrote: Don't know what happened there, but I was just going to point out that the Ariane 5 report is at: http://www.esrin.esa.it/htdocs/tidc/Press/Press96/press33.html Be sure to read the full report, which is linked to this page. It goes into some length about the sequence of events (which includes an Ada exception I never heard of before, Operand Error? Maybe it's user defined, or there's a language difference at work). Definitely good "lessons learned" about: 1. The limits of exceptions (they are only as good as what you can do when they are raised). 2. The problems with reusing items outside their original environment. 3. The need to check inputs and outputs aggressively. 4. The pitfalls of assuming that testing all of the components of a system equates to testing the system, as well as the need to use realistic test scenarios. 5. The problems with isolating the safety-critical components of a system. So, anyway, we now have another software package written in Ada that caused the loss of a system, and again specification and design issues outside Ada's control are the culprit. -- LMTAS - "Our Brand Means Quality"