From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,f039470e8f537101
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2003-07-29 14:52:32 PST
Path: 
 archiver1.google.com!news1.google.com!newsfeed.stanford.edu!logbridge.uoregon.edu!arclight.uoregon.edu!wn13feed!worldnet.att.net!204.127.198.203!attbi_feed3!attbi.com!sccrnsc04.POSTED!not-for-mail
Message-ID: <3F26EC89.4030205@attbi.com>
From: "Robert I. Eachus" <rieachus@attbi.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
 rv:1.0.2) Gecko/20021120 Netscape/7.01
X-Accept-Language: en-us, en
MIME-Version: 1.0
Newsgroups: comp.lang.ada
Subject: Re: Ariane5 FAQ
References: <mailman.26.1058753354.24167.comp.lang.ada@ada.eu.org>
 <wqkTa.18742$0F4.18264@nwrdny02.gnilink.net>
 <pan.2003.07.23.00.31.01.14991@mail.utexas.edu>
 <1058968422.225561@master.nyc.kbcfp.com> <3F200AD0.94F79098@adaworks.com>
 <e2e5731a.0307241721.a6eae4e@posting.google.com>
 <7u9Ua.13412$634.10307@nwrdny03.gnilink.net> <3F215120.1040706@attbi.com>
 <1059151910.357790@master.nyc.kbcfp.com>
 <e2e5731a.0307251844.7ea4dab4@posting.google.com>
 <bDTUa.6456$AO6.976@nwrdny02.gnilink.net>
 <e2e5731a.0307271419.4390a02c@posting.google.com> <ud6fvzbzc.fsf@xsol.com>
 <3F248CEE.5050709@attbi.com> <uoezdjff2.fsf@xsol.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
NNTP-Posting-Host: 66.31.71.243
X-Complaints-To: abuse@comcast.net
X-Trace: sccrnsc04 1059515548 66.31.71.243 (Tue, 29 Jul 2003 21:52:28 GMT)
NNTP-Posting-Date: Tue, 29 Jul 2003 21:52:28 GMT
Organization: Comcast Online
Date: Tue, 29 Jul 2003 21:52:32 GMT
Xref: archiver1.google.com comp.lang.ada:40970
Date: 2003-07-29T21:52:32+00:00
List-Id: <comp.lang.ada>

Berend de Boer wrote:

> The point is that the requirements should be *in the code*. That's
> where they belong. Not sure if this would have made a difference, but
> if you want to reuse code, you should now the conditions under which
> it should work. If programmers just grab code and reuse it without
> looking at those preconditions, well, you're not doing your job right.

Software requirements may belong in the software, but I don't buy the 
idea that the SYSTEM requirements belong in the software.  Managing 
system requirements is a process similar to managing software 
development, which often, as Dave Emery says, makes software engineers 
the system engineers of last resort.

But system requirements belong in the system spec.  There also needs to 
be a mapping from those requirements to subcomponents and subsystems 
(including software).  There also needs to be a mapping from the system 
requirements to how testing to meet each requirement will be done.

I am a big believer in designing software to not only meet requirements, 
but to make it easy to test/validate that those requirements are met. 
But putting hardware requirements in the software is a waste of time and 
effort.  Since most often SYSTEM requirements are met by a combination 
of software and hardware, the requirements in the software are usually 
derived requirements.

But I don't think the mapping from system requirements to software 
requirements belongs in the code.  And that was where the disconnect was 
here.  Even if every software module had a block comment that 
indentified the requirements it met, in this case the disconnect still 
would have occurred.  The software requirement for the alignment 
software to run for 40 seconds after MEI could have been perfectly 
documented in the software.  But only by accident would someone notice 
that the requirement it was derived from only applied to the Ariane 
4--unless someone who had the overall systems engineering responsibility
found that the software did not match the (actual Ariane 5) system 
requirements.

As it was, the fact that the alignment software did run for 40 seconds 
after MEI was noted, but the decision was made not to change it as it 
would require revalidating the software.  Duh!  See my previous posts. 
You can never reuse system level tests, so the testing should have been 
done whether or not the software was modified.  It is this retest that 
would have discovered that the control laws did not match the Ariane 5, 
and probably that the alignment software running after MEI was no longer 
required.  (But whether that was noticed or not, the NEED to actually do 
the "hardware in the loop" full-up flight systems simulation would have 
found it.)
-- 
"As far as I'm concerned, war always means failure." -- Jacques Chirac, 
President of France
"As far as France is concerned, you're right." -- Rush Limbaugh