From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,f948976d12c7ee33 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2003-06-25 04:50:56 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!feed2.news.rcn.net!rcn!elnk-nf1-atl!newsfeed.earthlink.net!stamper.news.atl.earthlink.net!harp.news.atl.earthlink.net!not-for-mail From: Marin David Condic Newsgroups: comp.lang.ada Subject: Re: Boeing and Dreamliner Date: Wed, 25 Jun 2003 07:50:53 -0400 Organization: MindSpring Enterprises Message-ID: <3EF98C9D.8000201@noplace.com> References: <20619edc.0306241001.14dbc0e@posting.google.com> NNTP-Posting-Host: d1.56.b4.5a Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Server-Date: 25 Jun 2003 11:50:54 GMT User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 (OEM-HPQ-PRS1C03) X-Accept-Language: en-us, en Xref: archiver1.google.com comp.lang.ada:39718 Date: 2003-06-25T11:50:54+00:00 List-Id: Precisely. The designers had looked at the range of possible inputs and concluded that if an input were to get beyond some point, this would indicate a sensor failure because the flight envelope could never contain that as valid data. That is the Failure Detection part. They further designed the unit to shut down the channel that had the presumed bad sensor. That was the accommodation part. It worked *exactly* as it was designed to work doing *precisely* what it was supposed to do. The software didn't fail. It didn't have a bug. It worked 100% according to plan. The problem was that in a different set of circumstances, this was not the desired behavior and nobody bothered to check. Its a little like these lawsuits against gun manufacturers when criminals use their products to kill someone. The argument from the gun manufacturer ought to be "Look, you pointed the thing at someone, squeezed the trigger and that person died. It worked exactly as designed and there was no manufacturing flaw. What's your problem???" :-) MDC Mike Silva wrote: > > > The difference is that the Ariane 4 software behaved *exactly* as > designed and intended for *all* ranges of inputs, for the Ariane 4. > Raising an exception was not "failing catasrophically" but was the > correct behavior, triggering the correct shutdown of the unit, for the > data in question. What data limitation is there to document, when the > software performs correctly for all data? > > Then the Ariane 5 people came along, and they had an unstated, and > apparently even unrecognized, requirement for *different* behavior > over a certain range of data. That certainly does not mean there was > a bug in the Ariane 4 software. > > Mike -- ====================================================================== Marin David Condic I work for: http://www.belcan.com/ My project is: http://www.jast.mil/ Send Replies To: m c o n d i c @ a c m . o r g "In general the art of government consists in taking as much money as possible from one class of citizens to give to the other." -- Voltaire ======================================================================