From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=0.2 required=5.0 tests=BAYES_00,INVALID_MSGID,
	REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: f43e6,5ac12f5a60b1bfe
X-Google-Attributes: gidf43e6,public
X-Google-Thread: 103376,5ac12f5a60b1bfe
X-Google-Attributes: gid103376,public
From: JP Thornley <jpt@diphi.demon.co.uk>
Subject: Re: Ariane 5 - not an exception?
Date: 1996/07/29
Message-ID: <483202904wnr@diphi.demon.co.uk>#1/1
X-Deja-AN: 170944491
x-nntp-posting-host: diphi.demon.co.uk
references: <Dv45EJ.8r@fsa.bris.ac.uk> <285641259wnr@diphi.demon.co.uk>
x-mail2news-path: disperse.demon.co.uk!post.demon.co.uk!diphi.demon.co.uk
organization: None
reply-to: jpt@diphi.demon.co.uk
newsgroups: comp.lang.ada,comp.software-eng
Date: 1996-07-29T00:00:00+00:00
List-Id: <comp.lang.ada>


In article: <285641259wnr@diphi.demon.co.uk>  JP Thornley 
<jpt@diphi.demon.co.uk> writes:
> In article: <Dv45EJ.8r@fsa.bris.ac.uk>  simonb@pact.srf.ac.uk (Simon 
> Bluck) writes:
> > 
> > The Ariane 501 flight failure was due to the raising of an 
unexpected
> > Ada exception, which was handled by switching off the computer.  The
> > report on this:
> > 
> >    http://www.esrin.esa.it/htdocs/tidc/Press/Press96/ariane5rep.html
> > 
> > is clear and hard-hitting: it will result in much improved software.
> > But does it get right to the bottom of the issues, 
> 
> Don't know about that until I get to read the full report (the above 
> reference is to a press release about the report).
> 

Ah well, goofed on that one - the printed report has no more info than 
the reference above.  

To me the big lesson is not the various technical issues, but the 
statement that "the view had been taken that software should be 
considered correct until it is shown to be at fault".  This seems quite 
amazing.

The report also describes the software as "mission critical", which in 
my terminology suggests a much lower dependability of software than 
safety-critical.  Even though there were no crew at risk I would have 
expected the enormous financial cost of a failure to push the software 
into the safety-critical area.

Phil Thornley
-- 
------------------------------------------------------------------------
| JP Thornley    EMail jpt@diphi.demon.co.uk                           |
------------------------------------------------------------------------