From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,CP1252 X-Google-Thread: 103376,f039470e8f537101 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2003-07-23 12:56:03 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!bloom-beacon.mit.edu!nycmny1-snh1.gtei.net!news.gtei.net!newsfeed.mathworks.com!wn13feed!worldnet.att.net!204.127.198.203!attbi_feed3!attbi_feed4!attbi.com!rwcrnsc53.POSTED!not-for-mail Message-ID: <3F1EE851.3070803@attbi.com> From: "Robert I. Eachus" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01 X-Accept-Language: en-us, en MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: Ariane5 FAQ References: <1058799152.775376@master.nyc.kbcfp.com> <20619edc.0307221036.196f2149@posting.google.com> <1058901827.202500@master.nyc.kbcfp.com> <3F1DB179.4020903@attbi.com> <1058970087.647230@master.nyc.kbcfp.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit NNTP-Posting-Host: 66.31.71.243 X-Complaints-To: abuse@comcast.net X-Trace: rwcrnsc53 1058990162 66.31.71.243 (Wed, 23 Jul 2003 19:56:02 GMT) NNTP-Posting-Date: Wed, 23 Jul 2003 19:56:02 GMT Organization: Comcast Online Date: Wed, 23 Jul 2003 19:56:02 GMT Xref: archiver1.google.com comp.lang.ada:40722 Date: 2003-07-23T19:56:02+00:00 List-Id: Hyman Rosen wrote: > Sigh. We're down do niggling on section titles now. > > 2.2 COMMENTS ON THE FAILURE SCENARIO > ... No reference to justification of this decision was found > directly in the source code. Given the large amount of > documentation associated with any industrial application, > the assumption, although agreed, was essentially obscured, > though not deliberately, from any external review. No, I am trying to explain the difference to you, and why you need to read the report carefully. First, read the next two paragraphs: "...It is important to note that the decision to protect certain variables but not others was taken jointly by project partners at several contractual levels. "There is no evidence that any trajectory data were used to analyse the behaviour of the unprotected variables, and it is even more important to note that it was jointly agreed not to include the Ariane 5 trajectory data in the SRI requirements and specification." It should be clear to you from the above that it WAS well documented in the SRI specifications. However, no one, prior to the failure, ever had access to both the SRI specification and the Ariane 5 requirements. What the part that you quoted is pointing out, is that there were people, those who wrote the software for the guidance system testing that simulated the SRI, who might have noticed the problem if it had been documented in the source code. Yes, this is an important point to include in the report because it shows another group of engineers, in this case test engineers, should be held blameless. If the "full up" tests using that software had been run, yes, the that problem would have shown up. As for that matter would the oscillations. But the decision to cancel those tests was not made by the engineers, it was made for financial reasons. But as I said, you should look at the findings. And the key finding IMHO are 18 and 20: "18. The specification of the inertial reference system and the tests performed at equipment level did not specifically include the Ariane 5 trajectory data... (The SRI specification did not include any Ariane 5 requirements.) "19. It would have been technically feasible to include almost the entire inertial reference system in the overall system simulations which were performed. For a number of reasons it was decided to use the simulated output of the inertial reference system, not the system itself or its detailed simulation. Had the system been included, the failure could have been detected. (IMHO, this is more important for the oscillation problem. But the key part in there is: "...not the system itself or its detailed simulation." There are technical reasons that argue against including the actual SRI. But the Ariane 4 project used a detailed simulation of the SRI in their group, and this detailed simulation was NOT reused in the Ariane 5 testing.) "20. Post-flight simulations have been carried out on a computer with software of the inertial reference system and with a simulated environment, including the actual trajectory data from the Ariane 501 flight. These simulations have faithfully reproduced the chain of events leading to the failure of the inertial reference systems." (In other words, if the tests in the original test plan had been run, the actual failure mode would have been detected before launch.) So three chances to catch the problem--ALL of which should have been done--and all missed due to the structure of the project management and its financing. Even though when the upgraded SRI for the Ariane 4 was contracted, it was known that it would be reused by the Ariane 5, the decision was to budget the development as Ariane 4 only. This is why the SRI developers did not have access to the Ariane 5 performance data, and the Ariane 5 project did not have access to the test software developed for the Ariane 4. -- Robert I. Eachus �In an ally, considerations of house, clan, planet, race are insignificant beside two prime questions, which are: 1. Can he shoot? 2. Will he aim at your enemy?� -- from the Laiden novels by Sharon Lee and Steve Miller.