From: "Robert I. Eachus" <eachus@mitre.org>
Subject: Re: Ada and Java. different behaviour. casting long to int problem.
Date: 1999/06/22
Date: 1999-06-22T00:00:00+00:00 [thread overview]
Message-ID: <37700CFC.94862F1C@mitre.org> (raw)
In-Reply-To: 376E87D3.FA9FD42C@hso.link.com
"Samuel T. Harris" wrote:
> As has been said in this thread a couple of times, no feature
> of the language was at fault either by it usage or by is
> avoidance. The analysis, design, and implementation were all
> based on the Ariane 4 flight trajectory and performance
> characteristics. The practices employed are common and accepted
> within the industry performed with due diligence as applied
> to the Ariane 4. The problem was simply one of not reverifying
> reused code in a new situation.
Amen! Perfect software is no longer perfect if used outside its
design envelope.
> After reading the report, the only software bug I could discern
> was the improper interpretation of diagnostic information provided
> by the failed units to the central processer as _real_ attitude data.
> That strikes me as a design/implementation flaw.
But it was a deliberate design decision made for good and sufficient
reasons. Since both processors output was covered by telemetry, dumping
the internal state of the "failed" and ignored processor wouldn't hurt.
The possibility of both processors getting to the same point was
discussed at length. Because, on the Arianne 4, the only way to get
there was either dual hardware failures, or the rocket being way outside
its intended trajectory, the decision was made that capturing the data
was fine, because the vehicle was about to be destroyed anyway. So it
was known that the data dump would cause the missle to possibly go
further off course, and it was accepted.
And as I keep pointing out, none of this destroyed the Arainne 5.
What did was that other reused software had the Arianne 4 center of
gravity, moments, and structural data built in. The guidance computer
sent data indicating that the Arianne 5 was off course. The correction
applied was too great for the Arainne 5 stack (rocket stack not call
stack ;-), and the stack came apart. This could have happened even if
the guidance computer was operating "correctly." For example upper
atmosphere winds could have caused the computers to apply a correction
which was too big for the Arianne 5 with the same result.
The single and only point of failure was that not only did
management decide not to test the software or check it against Arianne 5
requirements, they even refused to let the original programming team SEE
the Arianne 5 engineering specs.
--
Robert I. Eachus
with Standard_Disclaimer;
use Standard_Disclaimer;
function Message (Text: in Clever_Ideas) return Better_Ideas is...
next prev parent reply other threads:[~1999-06-22 0:00 UTC|newest]
Thread overview: 120+ messages / expand[flat|nested] mbox.gz Atom feed top
1999-06-12 0:00 Ada and Java. different behaviour. casting long to int problem nabbasi
1999-06-12 0:00 ` Tucker Taft
1999-06-12 0:00 ` PPAATT
1999-06-12 0:00 ` Keith Thompson
1999-06-12 0:00 ` kirck
1999-06-13 0:00 ` Robert Dewar
1999-06-12 0:00 ` Fred
1999-06-14 0:00 ` Mark Hood
1999-06-15 0:00 ` mike
1999-06-15 0:00 ` Samuel Mize
1999-06-15 0:00 ` jerry
1999-06-16 0:00 ` Richard D Riehle
1999-06-16 0:00 ` jerry
1999-06-15 0:00 ` Marin David Condic
1999-06-15 0:00 ` Mike Silva
1999-06-15 0:00 ` rich
1999-06-15 0:00 ` tmoran
1999-06-15 0:00 ` David Botton
1999-06-16 0:00 ` Samuel Mize
1999-06-16 0:00 ` Richard D Riehle
1999-06-15 0:00 ` Marin David Condic
1999-06-15 0:00 ` D'Arcy Smith
1999-06-15 0:00 ` Keith Thompson
1999-06-16 0:00 ` bill
1999-06-16 0:00 ` George W. Bayles
1999-06-16 0:00 ` Fraser Wilson
1999-06-17 0:00 ` Aidan Skinner
1999-06-17 0:00 ` David Botton
1999-06-18 0:00 ` Dale Stanbrough
1999-06-18 0:00 ` David Botton
1999-06-18 0:00 ` Pascal Obry
1999-06-18 0:00 ` Matthew Heaney
1999-06-17 0:00 ` Chris Dollin
1999-07-20 0:00 ` Geoff Bull
1999-06-16 0:00 ` D'Arcy Smith
1999-06-16 0:00 ` Mike Silva
1999-06-16 0:00 ` D'Arcy Smith
1999-06-16 0:00 ` kirk
1999-06-16 0:00 ` D'Arcy Smith
1999-06-17 0:00 ` Markus Kuhn
1999-06-17 0:00 ` D'Arcy Smith
1999-06-17 0:00 ` john
1999-06-17 0:00 ` Ed Falis
1999-06-18 0:00 ` Aidan Skinner
1999-06-16 0:00 ` Hyman Rosen
1999-06-17 0:00 ` Robert I. Eachus
1999-06-17 0:00 ` Hyman Rosen
1999-06-17 0:00 ` Marin David Condic
1999-06-17 0:00 ` bob
1999-06-18 0:00 ` Hyman Rosen
1999-06-18 0:00 ` mike
1999-06-18 0:00 ` Hyman Rosen
1999-06-19 0:00 ` Dale Stanbrough
1999-06-21 0:00 ` Marin David Condic
1999-06-19 0:00 ` Samuel Mize
1999-06-21 0:00 ` Marin David Condic
1999-06-21 0:00 ` Mike Silva
1999-06-17 0:00 ` Markus Kuhn
1999-06-17 0:00 ` Jean-Pierre Rosen
1999-06-17 0:00 ` Marin David Condic
1999-06-17 0:00 ` Samuel Mize
1999-06-17 0:00 ` Marin David Condic
1999-06-22 0:00 ` Hyman Rosen
1999-06-22 0:00 ` Keith Thompson
1999-06-23 0:00 ` Marin David Condic
1999-06-24 0:00 ` Robert A Duff
1999-06-24 0:00 ` Marin David Condic
1999-06-23 0:00 ` Marin David Condic
1999-06-18 0:00 ` Aidan Skinner
1999-06-20 0:00 ` Sera Hirasuna
1999-06-19 0:00 ` Kio
1999-06-20 0:00 ` Vladimir Olensky
1999-06-21 0:00 ` Hyman Rosen
1999-06-21 0:00 ` Samuel T. Harris
1999-06-22 0:00 ` Robert I. Eachus [this message]
1999-06-23 0:00 ` Aidan Skinner
1999-06-23 0:00 ` Richard D Riehle
1999-06-22 0:00 ` Richard D Riehle
1999-06-17 0:00 ` Jean-Pierre Rosen
1999-06-16 0:00 ` Marin David Condic
1999-06-16 0:00 ` George W. Bayles
1999-06-16 0:00 ` D'Arcy Smith
1999-06-16 0:00 ` Tucker Taft
1999-06-17 0:00 ` George W. Bayles
1999-06-17 0:00 ` Tucker Taft
1999-06-17 0:00 ` bob
1999-06-16 0:00 ` D'Arcy Smith
1999-06-17 0:00 ` Larry Kilgallen
1999-06-22 0:00 ` Robert Dewar
1999-06-23 0:00 ` Marin David Condic
1999-06-23 0:00 ` Vladimir Olensky
1999-06-23 0:00 ` Marin David Condic
1999-06-23 0:00 ` Roedy Green
1999-06-23 0:00 ` Marin David Condic
1999-06-23 0:00 ` Keith Thompson
1999-06-24 0:00 ` Mike Silva
1999-06-24 0:00 ` Marin David Condic
1999-06-15 0:00 ` Samuel Mize
1999-06-16 0:00 ` Mark Hood
1999-06-17 0:00 ` Jean-Pierre Rosen
1999-06-17 0:00 ` Robert I. Eachus
1999-06-17 0:00 ` Marin David Condic
1999-06-15 0:00 ` D'Arcy Smith
1999-06-16 0:00 ` George W. Bayles
1999-06-16 0:00 ` D'Arcy Smith
1999-06-17 0:00 ` Matthew Heaney
1999-06-17 0:00 ` Aidan Skinner
1999-06-17 0:00 ` Markus Kuhn
1999-06-17 0:00 ` David Botton
1999-06-13 0:00 ` Robert Dewar
1999-06-14 0:00 ` tmoran
1999-06-30 0:00 ` John Merryweather Cooper
1999-07-01 0:00 ` Chad R. Meiners
1999-07-02 0:00 ` Robert Dewar
1999-07-02 0:00 ` John Merryweather Cooper
1999-07-03 0:00 ` Robert Dewar
1999-06-12 0:00 ` nabbasi
1999-06-12 0:00 ` jerry
1999-06-12 0:00 ` Robert Dewar
1999-06-14 0:00 ` Marin David Condic
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox