From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,c617ae447ca32f2f
X-Google-Attributes: gid103376,public
X-Google-Thread: ff121,3ae3fa74ecb04ab8
X-Google-Attributes: gidff121,public
X-Google-ArrivalTime: 2002-04-09 12:08:05 PST
Path: 
 archiver1.google.com!news1.google.com!newsfeed.stanford.edu!canoe.uoregon.edu!news.uoregon.edu!not-for-mail
From: Bill <wclodius@lanl.gov>
Newsgroups: comp.lang.ada,comp.software.extreme-programming
Subject: Re: Ariane Failure
Date: Tue, 09 Apr 2002 13:07:55 -0600
Organization: University of Oregon
Message-ID: <3CB33C0A.9125A6A7@lanl.gov>
References: <ee2a195b.0203260725.a02dbfe@posting.google.com>
 <a82kea$blp$1@slb0.atl.mindspring.net> <3CA50E9A.CBF24F1B@lanl.gov>
 <a84f5p$nlm$1@slb5.atl.mindspring.net> <a8oo51$tsk$2@slb2.atl.mindspring.net>
 <a8s7nu$ibo$1@nh.pace.co.uk>
NNTP-Posting-Host: clodius.lanl.gov
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii; x-mac-type="54455854";
 x-mac-creator="4D4F5353"
Content-Transfer-Encoding: 7bit
X-Trace: pith.uoregon.edu 1018379404 18978 128.165.58.113 (9 Apr 2002 19:10:04
 GMT)
X-Complaints-To: news@news.uoregon.edu
NNTP-Posting-Date: Tue, 9 Apr 2002 19:10:04 +0000 (UTC)
X-Mailer: Mozilla 4.79C-CCK-MCD {C-UDP; EBM-APPLE} (Macintosh; U; PPC)
X-Accept-Language: en
Xref: archiver1.google.com comp.lang.ada:22282
 comp.software.extreme-programming:13045
Date: 2002-04-09T13:07:55-06:00
List-Id: <comp.lang.ada>



Marin David Condic wrote:

> <snip>This was not
> without analysis that examined the possible valid ranges for various numbers
> and mathematically reasoning about it & coming to the conclusion that any
> values that would possibly generate a hardware overflow error could not be
> in the valid flight path of the Ariane 4 - hence it was likely to be a
> sensor failure and the proper accommodation would be to transfer control to
> the other channel. The ISR for that overflow error did just that. So the
> design was valid and correct for the Ariane 4.

<snip>

Are you sure this was their reasoning? My interpretation of the reasoning was
that it had to be a hardware failure, but the only hardware they could do
anything about  was the processor interpretting the sensor data, wo they
transferred control to another processor handling the same sensor data. with
the same program.