From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,f039470e8f537101
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2003-07-27 19:39:55 PST
Path: 
 archiver1.google.com!news1.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!wn14feed!worldnet.att.net!204.127.198.203!attbi_feed3!attbi.com!sccrnsc02.POSTED!not-for-mail
Message-ID: <3F248CEE.5050709@attbi.com>
From: "Robert I. Eachus" <rieachus@attbi.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
 rv:1.0.2) Gecko/20021120 Netscape/7.01
X-Accept-Language: en-us, en
MIME-Version: 1.0
Newsgroups: comp.lang.ada
Subject: Re: Ariane5 FAQ
References: <mailman.26.1058753354.24167.comp.lang.ada@ada.eu.org>
 <wqkTa.18742$0F4.18264@nwrdny02.gnilink.net>
 <pan.2003.07.23.00.31.01.14991@mail.utexas.edu>
 <1058968422.225561@master.nyc.kbcfp.com> <3F200AD0.94F79098@adaworks.com>
 <e2e5731a.0307241721.a6eae4e@posting.google.com>
 <7u9Ua.13412$634.10307@nwrdny03.gnilink.net> <3F215120.1040706@attbi.com>
 <1059151910.357790@master.nyc.kbcfp.com>
 <e2e5731a.0307251844.7ea4dab4@posting.google.com>
 <bDTUa.6456$AO6.976@nwrdny02.gnilink.net>
 <e2e5731a.0307271419.4390a02c@posting.google.com> <ud6fvzbzc.fsf@xsol.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
NNTP-Posting-Host: 66.31.71.243
X-Complaints-To: abuse@comcast.net
X-Trace: sccrnsc02 1059359995 66.31.71.243 (Mon, 28 Jul 2003 02:39:55 GMT)
NNTP-Posting-Date: Mon, 28 Jul 2003 02:39:55 GMT
Organization: Comcast Online
Date: Mon, 28 Jul 2003 02:39:55 GMT
Xref: archiver1.google.com comp.lang.ada:40885
Date: 2003-07-28T02:39:55+00:00
List-Id: <comp.lang.ada>

Berend de Boer wrote:

> Except requirements it seems. And I think you should have a look at
> Design By Contract and in particular Eiffel.

No.  And that is what all the sound and fury has been about.  The 
mapping from requirements to actual code was perfectly done.  The 
problem was that the requirements which were perfectly filled were for 
the Ariane 4, not the Ariane 5.

The nature of the political/management problem at Arianespace was such 
that no one ever saw both the Ariane 5 requirements and the SRI 
documentation until after the disaster.  The red herring dragged about 
of documenting requirements in the source code is just that, a red 
herring.  The programmers simulating the SRI for the flight guidance 
simulator did not see the alignment function code--because simulating it 
was not part of their contract.

Of course, if anyone involved in letting that contract had known that 
the alignment function on the Ariane 4 was required to run for 40 
seconds after engine start, simulation of it might have been included in 
the simulator.  Or something else might have happened that resulted in 
an engineer learing of this requirements mismatch.

But as we know, no one was ever in a position to do a diff between the 
Ariane 4 and Ariane 5 requirements, and then apply that to reused 
subsystems.  Did everyone miss the point of the SECOND Ariane 5 failure 
investigation?  Diffferent launch, different subsystem, very different 
failure mode. But the thing both failures had in common was systems 
reused from Ariane 4 without checking that they met the new requirements.

If you missed it, here it is again.  The failure didn't get nearly the 
press that the first one did, but the result was the same, a launch 
failure: http://spaceflightnow.com/ariane/v142/010713followup.html and
http://www.arianespace.com/site/news/03_06_19_release_index.html

There was also a FOURTH Ariane 5 failure (out of 14 tries) on flight 
157: http://www.esa.int/export/esaCP/ESA7198708D_index_0.html  This was 
due to failure of the cooling of the Vulcain 2 engine, new to the Ariane 
5 ECA.  Although this failue had nothing to do with Ariane 4 reuse, or 
Ada, what do we find under contributing factors?  "non-exhaustive 
definition of the loads to which the Vulcain 2 engine is subjected 
during flight"

Translation, ANOTHER requirements definition failure.  The first three 
launch failures were all due to the failure of change mananagement and 
requirements tracking during the original Ariane 5 development.  But 
this latest failure involves a design subsequent to the first two Ariane 
5 failures.  You have to wonder...

In any case, focusing on the particular details of the first failure and 
not the overall programmatic issues is a mistake.  In Arianespace's 
case, so far a multi-billion Euro mistake.

-- 
"As far as I'm concerned, war always means failure." -- Jacques Chirac, 
President of France
"As far as France is concerned, you're right." -- Rush Limbaugh