From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,f948976d12c7ee33 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2003-06-22 11:23:03 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!logbridge.uoregon.edu!arclight.uoregon.edu!wn13feed!wn12feed!worldnet.att.net!204.127.198.203!attbi_feed3!attbi_feed4!attbi.com!sccrnsc01.POSTED!not-for-mail Message-ID: <3EF5F3F3.6000806@attbi.com> From: "Robert I. Eachus" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01 X-Accept-Language: en-us, en MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: Boeing and Dreamliner References: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit NNTP-Posting-Host: 24.62.164.137 X-Complaints-To: abuse@attbi.com X-Trace: sccrnsc01 1056306169 24.62.164.137 (Sun, 22 Jun 2003 18:22:49 GMT) NNTP-Posting-Date: Sun, 22 Jun 2003 18:22:49 GMT Organization: AT&T Broadband Date: Sun, 22 Jun 2003 18:22:50 GMT Xref: archiver1.google.com comp.lang.ada:39573 Date: 2003-06-22T18:22:50+00:00 List-Id: Hyman Rosen wrote: > Ada made the Ariane 5 crash! No, stupid management decisions made Ariane 5 crash. This is one of those stories where the truth really needs to catch up to the rumor. Some brilliant management type had the idea that reusing the flight control software from the Arianne 4 on Ariane 5 would save lots of money on testing and verification. As a result, and for political reasons, there was no Ariane 5 contractor who even got to see the Ariane 4 source code. And awful lot of analysis has been written looking at the chain of events that caused the Ariane 5 failure. But what is usually missed happened way downstream of the unhandled exception. The engines were commanded to deflect beyond what the stack could take, and the Arianne 5 broke up. How could THAT happen? The reuse included the flight dynamics profile for the Arianne 4! Since the Arianne 4 had smaller moments and a larger tolerance for guidance inputs, ANY significant correction sent to the engines, such as hitting wind shear, would have pushed the software into a regime where errors would build up. Eventually the commanded input would exceed the stack's structural limits and destroy everything. There was some indication that such errors had occured during the 39 seconds of flight, but all had been small enough errors to be damped out by other deviations. Or to vastly simplify, the Arianne 5 would have been better off with no guidance system than with an Arianne 4 guidance system. In that case, there would have been some small chance that it would actually perform as expected. Or if the profile for the first flight had been slightly different so that the error that did occur would have been pushed from 39+ seconds to 40, and thus safe, the launch would have failed anyway. There was no way the actual guidance system could achieve a working orbit.