From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: f43e6,5ac12f5a60b1bfe X-Google-Attributes: gidf43e6,public X-Google-Thread: 103376,5ac12f5a60b1bfe X-Google-Attributes: gid103376,public X-Google-Thread: 101deb,f96f757d5586710a X-Google-Attributes: gid101deb,public From: rav@goanna.cs.rmit.edu.au (++ robin) Subject: Re: Ariane 5 - not an exception? Date: 1996/07/30 Message-ID: <4tkenu$ce0@goanna.cs.rmit.edu.au>#1/1 X-Deja-AN: 170989178 references: <4t9vdg$jfb@goanna.cs.rmit.edu.au> <4tiu6e$kpm@news2.cais.com> <4tjrit$m8b@news.wizvax.net> organization: Comp Sci, RMIT, Melbourne, Australia newsgroups: comp.software-eng,comp.lang.ada,comp.lang.pl1 nntp-posting-user: rav Date: 1996-07-30T00:00:00+00:00 List-Id: multics@wizvax.wizvax.net (Richard Shetron) writes: >In article <4tiu6e$kpm@news2.cais.com>, >Bill Angel wrote: >>In article <4t9vdg$jfb@goanna.cs.rmit.edu.au>, >>++ robin wrote: >>>In Ariane, both the active processor and the backup failed at >>>the same time, because it was a *programming* error that was >>>encountered at the same time in both processors, and both >>>processors were shut down at the same time by their respective >>>error handlers. >> I am under the impression that for the US manned spaceflight >>program (to get to the moon) ,an on-board computer that was serving as a >>backup to the primary computer would have been performing its computations >>using completely different software than the primary computer. By >>utilizing this methodology, the same software "glitch" would not halt both >>systems simultaneously. Perhaps a group of software developers could be >>tasked with producing a version of the on-board software for Ariane in a >>different computer language than that used by the primary processor. The >>two processors, running simultaneously, would serve to check each other's >>results with greater independence that they apparently do now. >I've been told that the shuttle uses 5 computers with software developed >by 3 independent programming groups. A best 2 out of 3 is used to >determine which software/hardware is operating properly. ---Ariane's SRI computer (for processing sensor inputs) had a backup running an identical program. That's why they both experienced the same fixed-point overflow in the same place at the same time, with the same data. And that's why both shut down almost simultaneously. (As you now know, any trivial error resulted in "sudden death". No room to maneuver.) The main computer (the OBC = On-Board Computer) also had a backup. That's 4 computers. It's all in the report.