From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,f039470e8f537101 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2003-07-29 09:24:03 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!headwall.stanford.edu!newshub.sdsu.edu!elnk-nf2-pas!newsfeed.earthlink.net!wn14feed!wn13feed!wn12feed!worldnet.att.net!204.127.198.203!attbi_feed3!attbi_feed4!attbi.com!sccrnsc03.POSTED!not-for-mail Message-ID: <3F269F90.2090706@attbi.com> From: "Robert I. Eachus" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01 X-Accept-Language: en-us, en MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: Ariane5 FAQ References: <1058968422.225561@master.nyc.kbcfp.com> <3F200AD0.94F79098@adaworks.com> <7u9Ua.13412$634.10307@nwrdny03.gnilink.net> <3F215120.1040706@attbi.com> <1059151910.357790@master.nyc.kbcfp.com> <3F248CEE.5050709@attbi.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit NNTP-Posting-Host: 66.31.71.243 X-Complaints-To: abuse@comcast.net X-Trace: sccrnsc03 1059495842 66.31.71.243 (Tue, 29 Jul 2003 16:24:02 GMT) NNTP-Posting-Date: Tue, 29 Jul 2003 16:24:02 GMT Organization: Comcast Online Date: Tue, 29 Jul 2003 16:24:02 GMT Xref: archiver1.google.com comp.lang.ada:40954 Date: 2003-07-29T16:24:02+00:00 List-Id: Alexander Kopilovitch wrote: > Just after the above two paragraphs I understand, at last, all the meaning > of those unfortunate 40 seconds. Yes, you told about that earlier, and perhaps > several times, but still it did not seem essential -- until you said that this > part was deliberately excluded from the simulator at the contract level. > > >>But as we know, no one was ever in a position to do a diff between the >>Ariane 4 and Ariane 5 requirements, and then apply that to reused >>subsystems. > > > No, this contradicts (although indirectly) your previous statement. How can > one exclude anything from the simulator's contract if nobody can see differences > between the Ariane 4 and Ariane 5? No knowledge of the difference between the Ariane 4 and Ariane 5 was involved. The perfectly reasonable assumption was made that there was no need to simulate the alignment functions which ran before takeoff, because there was nothing to be learned there. (This is a case where the Araine 4 and 5 really were identical. Sitting on the pad, the accelerometers and gyros were identical and the launch site was identical.) Again what slipped through was that there was a requirement in the Ariane 4 to continue running the alignment software after MEI (main engine ignition), even though those results were "thrown away" if MEI resulted in a launch. This is one of those very hard to understand things until you have that Aha! moment. On some launchers, such as the Space Shuttle MEI occurs several seconds before liftoff. In the shuttle, and Ariane 4, SRB (solid rocket booster) ignition is the point of no return, where you can't stop the takeoff. In Ariane 5, as I understand it, MEI is the commit point. Oh, and as an aside to Hyman: You keep harping on the fact that the overflow for BH wasn't a computed limit. But you are wrong. What was computed as that limit was the T plus forty second shutdown of the alignment process. That number was chosen so that BH and several other variables would not overflow on any mission which the Ariane 4 was capable of flying. It was chosen longer than "necessary" to reset the SRI after an expected abort, but short enough that no further checking was required. It is that calculation in the SRI documentation for the Ariane 4 that is the smoking gun in the whole incident. But as I say, this is all irrelevant. There have now been FIVE Ariane 5 launch failures out of 14 attempts. All except the most recent one were indirectly due to the flaws in managing the requirements process during the Ariane 5 development process. And only the first one involved software. That is because after the Ariane 501 disaster the necessary review of all the software was done. However there were other engineering decisions where failure to track requirements resulted in failure. (You could argue that the most recent Ariane 5 failure was also due to poor requirements tracking, and I wouldn't disagree. But it is better to say that it resulted from poor requirements generation rather than tracking.) -- "As far as I'm concerned, war always means failure." -- Jacques Chirac, President of France "As far as France is concerned, you're right." -- Rush Limbaugh