From: Marin David Condic <nobody@noplace.com>
Subject: Re: Ariane5 FAQ
Date: Tue, 22 Jul 2003 08:28:58 -0400
Date: 2003-07-22T12:29:03+00:00 [thread overview]
Message-ID: <3F1D2E0A.8060103@noplace.com> (raw)
In-Reply-To: 3F1CC443.FD2BA89D@adaworks.com
As a designer of realtime embedded systems that use sensors in a similar
manner, I'd dispute that it was a "design error". It was a deliberate
decision based on analysis of the flight path, etc., that arrived at a
conclusion that any data big enough to trigger the overflow would most
likely be caused by a bad sensor. We do this *all*the*time* when looking
at data coming across an A/D or F/D converter - we range check it and if
it is outside some expected range, we declare the sensor failed and
transfer to the other channel. Hence, it was working exactly as designed
- it detected what it thought was a bad sensor and took its
pre-programmed accommodation.
On systems with a little more compute horsepower and better data
communication links, it may have been possible to design alternative
detection/accommodation schemes that would have avoided a false-detect.
One might have cross-channeled the data and determined that *both* sides
were seeing the same thing - but what accommodation would you take for a
dual sensor failure? Shut down both units? It was built on a relatively
slow 1750a microprocessor and they had to live within the limits of the
compute power they had, so they devised a reasonable FDA scheme that
would work well in the context for which it was designed.
At the end of the day the only logical conclusion to come to is that the
software was properly designed for the Ariane 4 because it worked
successfully there and in that context *would*have* done the proper
thing had it seen the same data. (A ten amp fuse is *supposed* to blow
when it sees more than ten amps. If you plug it into a twenty amp
circuit, are you going to call that "bad design" on the part of the fuse
engineers because it didn't do what it was "supposed to do" in this
different application?) Putting it *untested* into the Ariane 5 was
wherein the fault originated.
MDC
Richard Riehle wrote:
> not have happened. While I don't agree that Eiffel would have
> been better for the job, a contract model such as that found in
> SPARK might have been successful in detecting the design
> error early on.
--
======================================================================
Marin David Condic
I work for: http://www.belcan.com/
My project is: http://www.jast.mil/
Send Replies To: m c o n d i c @ a c m . o r g
"In general the art of government consists in taking as
much money as possible from one class of citizens to give
to the other."
-- Voltaire
======================================================================
next prev parent reply other threads:[~2003-07-22 12:28 UTC|newest]
Thread overview: 158+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-07-21 2:10 Ariane5 FAQ Alexandre E. Kopilovitch
2003-07-21 14:52 ` Hyman Rosen
2003-07-21 15:54 ` Vinzent Hoefler
2003-07-21 18:01 ` Hyman Rosen
2003-07-21 18:10 ` Vinzent Hoefler
2003-07-21 18:49 ` Hyman Rosen
2003-07-21 19:13 ` Vinzent Hoefler
2003-07-21 19:43 ` Hyman Rosen
2003-07-21 20:46 ` Vinzent Hoefler
2003-07-22 2:04 ` Hyman Rosen
2003-07-22 5:12 ` Robert I. Eachus
2003-07-22 19:09 ` Hyman Rosen
2003-07-22 8:03 ` Leif Roar Moldskred
2003-07-22 9:00 ` Vinzent Hoefler
2003-07-23 0:13 ` Hyman Rosen
2003-07-23 0:31 ` Bobby D. Bryant
2003-07-23 13:53 ` Hyman Rosen
2003-07-24 16:35 ` Richard Riehle
2003-07-25 1:21 ` Alexander Kopilovitch
2003-07-25 4:26 ` Richard Riehle
2003-07-25 12:35 ` Hyman Rosen
2003-07-25 15:47 ` Robert I. Eachus
2003-07-25 16:51 ` Hyman Rosen
2003-07-25 18:44 ` Robert I. Eachus
2003-07-25 21:08 ` Simon Wright
2003-07-26 1:02 ` Robert I. Eachus
2003-07-26 2:44 ` Alexander Kopilovitch
2003-07-27 17:05 ` Hyman Rosen
2003-07-27 22:19 ` Alexander Kopilovitch
2003-07-28 1:17 ` Berend de Boer
2003-07-28 2:39 ` Robert I. Eachus
2003-07-28 3:16 ` Hyman Rosen
2003-07-28 17:34 ` Mike Silva
2003-07-28 18:03 ` Hyman Rosen
2003-07-29 0:41 ` Alexander Kopilovitch
2003-07-29 16:24 ` Robert I. Eachus
2003-07-30 0:53 ` Alexander Kopilovitch
2003-07-31 21:41 ` Robert I. Eachus
2003-08-01 20:19 ` Alexander Kopilovitch
2003-07-29 4:43 ` Richard Riehle
2003-07-29 6:06 ` Hyman Rosen
2003-07-29 8:06 ` Vinzent Hoefler
2003-07-29 19:42 ` Berend de Boer
2003-07-29 21:14 ` Robert I. Eachus
2003-07-30 1:13 ` Berend de Boer
2003-07-30 12:58 ` Richard Riehle
2003-07-30 15:04 ` Hyman Rosen
2003-07-29 19:46 ` Berend de Boer
2003-07-30 6:19 ` Richard Riehle
2003-07-30 7:31 ` Hyman Rosen
2003-07-30 13:03 ` Richard Riehle
2003-07-30 13:16 ` Vinzent Hoefler
2003-07-30 15:06 ` Hyman Rosen
2003-07-30 15:15 ` Vinzent Hoefler
2003-07-30 16:46 ` Hyman Rosen
2003-07-30 16:54 ` Vinzent Hoefler
2003-07-31 8:28 ` Dmitry A. Kazakov
2003-07-31 9:36 ` Vinzent Hoefler
2003-07-31 16:28 ` Warren W. Gay VE3WWG
2003-07-29 19:34 ` Berend de Boer
2003-07-29 20:49 ` Simon Wright
2003-07-29 21:52 ` Robert I. Eachus
2003-07-28 18:01 ` Non-philosophical definition of Eiffel? (was: Re: Ariane5 FAQ) Alexander Kopilovitch
2003-07-28 18:18 ` Non-philosophical definition of Eiffel? Hyman Rosen
2003-07-29 8:43 ` Dmitry A. Kazakov
2003-07-29 13:43 ` Hyman Rosen
2003-07-29 14:56 ` Dmitry A. Kazakov
2003-07-29 16:35 ` Hyman Rosen
2003-07-29 21:39 ` Jim Rogers
2003-07-29 22:33 ` Hyman Rosen
2003-07-30 8:48 ` Pascal Obry
2003-07-30 15:19 ` Hyman Rosen
2003-07-30 18:47 ` Frank J. Lhota
2003-07-30 19:24 ` Hyman Rosen
2003-08-04 18:15 ` Robert Spooner
2003-07-29 22:02 ` Matthew Woodcraft
2003-07-30 9:19 ` Dmitry A. Kazakov
2003-07-30 16:38 ` Hyman Rosen
2003-07-31 9:58 ` Dmitry A. Kazakov
2003-07-31 15:49 ` Hyman Rosen
2003-08-01 7:57 ` Dmitry A. Kazakov
2003-08-01 13:31 ` Hyman Rosen
2003-07-29 19:58 ` Berend de Boer
2003-07-29 20:33 ` Hyman Rosen
2003-07-30 1:20 ` Berend de Boer
2003-07-30 1:49 ` Hyman Rosen
2003-07-30 2:52 ` Berend de Boer
2003-07-30 4:33 ` Hyman Rosen
2003-07-30 4:40 ` Hyman Rosen
2003-07-30 13:16 ` Matthew Heaney
2003-07-30 20:08 ` Berend de Boer
2003-07-30 3:03 ` Berend de Boer
2003-07-30 4:31 ` Hyman Rosen
2003-07-30 20:20 ` Berend de Boer
2003-07-30 21:05 ` Hyman Rosen
2003-07-29 19:51 ` Berend de Boer
2003-07-28 2:11 ` Ariane5 FAQ Hyman Rosen
2003-07-25 17:39 ` Mike Silva
2003-07-25 21:53 ` John R. Strohm
2003-07-22 18:29 ` Mike Silva
2003-07-22 18:50 ` Hyman Rosen
2003-07-22 19:00 ` Bobby D. Bryant
2003-07-22 20:47 ` Mike Silva
2003-07-22 21:11 ` Hyman Rosen
2003-07-22 21:38 ` Bobby D. Bryant
2003-07-23 13:56 ` Hyman Rosen
2003-07-22 21:52 ` Larry Elmore
2003-07-23 14:11 ` Hyman Rosen
2003-07-23 15:08 ` Vinzent Hoefler
2003-07-23 17:48 ` Hyman Rosen
2003-07-23 18:42 ` Robert I. Eachus
2003-07-23 20:18 ` Hyman Rosen
2003-07-23 22:58 ` Robert I. Eachus
2003-07-24 1:42 ` Hyman Rosen
2003-07-24 5:24 ` Mike Silva
2003-07-24 9:57 ` Vinzent Hoefler
2003-07-24 13:52 ` Hyman Rosen
2003-07-24 15:00 ` Vinzent Hoefler
2003-07-23 20:33 ` Mike Silva
2003-07-23 21:35 ` Hyman Rosen
2003-07-23 23:10 ` Robert I. Eachus
2003-07-24 5:16 ` Mike Silva
2003-07-22 4:57 ` Richard Riehle
2003-07-22 9:00 ` Vinzent Hoefler
2003-07-22 9:03 ` John McCabe
2003-07-22 12:28 ` Marin David Condic [this message]
2003-07-23 19:40 ` Simon Wright
2003-07-22 3:11 ` Robert I. Eachus
2003-07-22 9:05 ` John McCabe
2003-07-22 9:38 ` Bobby D. Bryant
2003-07-22 16:38 ` Robert I. Eachus
2003-07-21 22:03 ` Bobby D. Bryant
2003-07-22 1:57 ` Hyman Rosen
2003-07-21 18:56 ` Francisco Malpartida
2003-07-22 2:22 ` Hyman Rosen
2003-07-22 7:19 ` Tarjei T. Jensen
2003-07-22 19:06 ` Hyman Rosen
2003-07-22 21:24 ` Robert I. Eachus
2003-07-23 11:55 ` Tarjei T. Jensen
2003-07-23 19:24 ` Robert I. Eachus
2003-07-24 0:36 ` Bobby D. Bryant
2003-07-21 22:00 ` Bobby D. Bryant
2003-07-22 1:59 ` Hyman Rosen
2003-07-22 9:07 ` John McCabe
2003-07-22 13:25 ` Hyman Rosen
2003-07-22 0:16 ` Alexander Kopilovitch
2003-07-22 1:45 ` Hyman Rosen
2003-07-22 7:21 ` Tarjei T. Jensen
2003-07-21 23:24 ` Alexander Kopilovitch
2003-07-22 1:53 ` Hyman Rosen
2003-07-22 16:35 ` Robert I. Eachus
2003-07-22 18:36 ` Mike Silva
2003-07-22 19:23 ` Hyman Rosen
2003-07-22 21:50 ` Robert I. Eachus
2003-07-23 14:21 ` Hyman Rosen
2003-07-23 19:56 ` Robert I. Eachus
2003-07-23 20:26 ` Hyman Rosen
2003-07-23 23:14 ` Robert I. Eachus
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox