From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 101deb,f96f757d5586710a X-Google-Attributes: gid101deb,public X-Google-Thread: f43e6,5ac12f5a60b1bfe X-Google-Attributes: gidf43e6,public X-Google-Thread: 103376,5ac12f5a60b1bfe X-Google-Attributes: gid103376,public From: nrm@sei.cmu.edu (Nancy Mead) Subject: Re: Ariane 5 - not an exception? Date: 1996/07/30 Message-ID: <4tl5og$p2s@news.sei.cmu.edu>#1/1 X-Deja-AN: 171091896 distribution: world references: <4t9vdg$jfb@goanna.cs.rmit.edu.au> <4tiu6e$kpm@news2.cais.com> organization: The Software Engineering Institute newsgroups: comp.software-eng,comp.lang.ada,comp.lang.pl1 Date: 1996-07-30T00:00:00+00:00 List-Id: In article <4tiu6e$kpm@news2.cais.com>, wtangel@cais3.cais.com (Bill Angel) writes: |> |> In article <4t9vdg$jfb@goanna.cs.rmit.edu.au>, |> ++ robin wrote: |> >In Ariane, both the active processor and the backup failed at |> >the same time, because it was a *programming* error that was |> >encountered at the same time in both processors, and both |> >processors were shut down at the same time by their respective |> >error handlers. |> |> I am under the impression that for the US manned spaceflight |> program (to get to the moon) ,an on-board computer that was serving as a |> backup to the primary computer would have been performing its computations |> using completely different software than the primary computer. By |> utilizing this methodology, the same software "glitch" would not halt both |> systems simultaneously. Perhaps a group of software developers could be |> tasked with producing a version of the on-board software for Ariane in a |> different computer language than that used by the primary processor. The |> two processors, running simultaneously, would serve to check each other's |> results with greater independence that they apparently do now. |> |> -- Bill Angel The Space Shuttle software has 4 computers running the same software, and a 5th running different software (same function, different development team). I'm not sure about the Apollo software, although I think there were some calculations that could be done on-board as well on the primary computer. You may recall that one of the early shuttle launches was cancelled because of a timing difference between the 4 computers and the single computer. This was indeed an intermittent software error that caused the problem, and the glitch resulted in cancellation of the launch in that particular case. Of course, error recovery was a lot less sophisticated in those days, and it was probably impossible to isolate the cause of the discrepancy in real time and proceed with the launch. I was not one of the developers, but I was at IBM Federal Systems HQ at the time, and IBM FSD was one of the development organizations. I believe Rockwell (the prime contractor) developed the software that ran on the single computer, but it might have been another subcontractor.