From: rgilbert@unconfigured.xvnews.domain (Bob Gilbert)
Subject: Re: Ariane 5 - not an exception?
Date: 1996/08/23
Date: 1996-08-23T00:00:00+00:00 [thread overview]
Message-ID: <4vk8r4$2r7@zeus.orl.mmc.com> (raw)
In-Reply-To: 4vgmit$124@goanna.cs.rmit.edu.au
In article <4vgmit$124@goanna.cs.rmit.edu.au>, rav@goanna.cs.rmit.edu.au (++ robin) writes:
>
> ---No, the specification wasn't faulty.
I disagree, I think the specification was faulty, and is the
primary cause of the problem.
> The implementation
> was. Because of a programming error, a data conversion from
> double precision floating-point to a 16-bit integer
> overflowed. In the absence of a check, an exception occurred,
> the immediate action of which was to shut down the processor.
Exactly as the requirements specified, and the software performed
exactly to the specification, including saving into PROM the
current state. It is the specification which wrongly assumed that
a data overflow would indicate a probably hardware failure, and if
a hardware failure occurred the action was to shut down the allegedly
failed equipment.
> That shutdown resulted in the inevitable and almost immediate
> destruction of the project. Read the report.
> If you had read the report, you would have notected that
> the committee could not find any explanation in the code
> as to why this & 2 other conversions did not have checks,
> while all the other similar conversions in the vicinity
> did. There is the suggestion that the checks were overlooked.
Actually I think they suggested that there was weak documentation
in the code noting that an analysis of the conversions was
performed. It is my impression that they concluded that an
analysis of the conversions was done, and a conscious decision to
omit them was (wrongly) made, in part to meet their 80% processor
utilization goal (something some have suggested should have been
waived in this circumstance).
> john@assen.demon.co.uk (John McCabe) writes:
> >The important point being that the analysis was done and the
> >checks removed, _not_ that they weren't there in the first place.
>
> ---On the contrary, if you read the report, it states
> clearly and unequivocally that the analysis was done
> and the checks *added* where they felt that they were
> needed (NOT removed from ones that they felt did not
> need it).
I think the above poster meant that the checks were removed from the
requirements specification, maybe?
As you say, an analysis was done and checks added where they felt it
was necessary. Sounds like the analysis, which determined the
requirements, was in error. The code was written and performed
per the faulty specification, that's not a programming error, and
certainly not a language issue.
-Bob
next prev parent reply other threads:[~1996-08-23 0:00 UTC|newest]
Thread overview: 194+ messages / expand[flat|nested] mbox.gz Atom feed top
1996-07-25 0:00 Ariane 5 - not an exception? Simon Bluck
1996-07-25 0:00 ` Multiple reasons for failure of Ariane 5 (was: Re: Ariane 5 - not an exception?) Kirk Beitz
1996-07-26 0:00 ` ++ robin
1996-08-05 0:00 ` Darren C Davenport
1996-08-06 0:00 ` U32872
1996-08-07 0:00 ` Robert Dewar
1996-08-08 0:00 ` Pascal Martin @lone
1996-08-09 0:00 ` Robert Dewar
1996-08-10 0:00 ` dwnoon
1996-08-11 0:00 ` Robert Dewar
1996-08-15 0:00 ` dwnoon
1996-08-16 0:00 ` Robert Dewar
1996-08-20 0:00 ` dwnoon
1996-08-12 0:00 ` Ken Garlington
1996-08-15 0:00 ` Richard Riehle
1996-08-22 0:00 ` ++ robin
1996-08-23 0:00 ` Ken Garlington
1996-08-31 0:00 ` Ada versus PL/I " Richard Riehle
1996-09-02 0:00 ` ++ robin
1996-09-02 0:00 ` Richard A. O'Keefe
1996-09-03 0:00 ` ++ robin
1996-09-03 0:00 ` Robb Nebbe
1996-09-17 0:00 ` shmuel
1996-09-17 0:00 ` Jay McFadyen
1996-09-18 0:00 ` John McCabe
1996-09-20 0:00 ` shmuel
1996-09-03 0:00 ` ++ robin
1996-09-04 0:00 ` Robert Dewar
1996-09-07 0:00 ` ++ robin
1996-09-06 0:00 ` PL/I or PL/1 Larry Hazel
1996-09-03 0:00 ` Ada versus PL/I (was: Re: Ariane 5 - not an exception?) J. Kanze
1996-09-07 0:00 ` Robert Dewar
1996-09-09 0:00 ` ++ robin
1996-09-09 0:00 ` Robert Dewar
1996-09-09 0:00 ` Ken Garlington
1996-09-11 0:00 ` Multiple reasons for failure of Ariane 5 " J.Worringen
1996-09-12 0:00 ` Ken Garlington
1996-09-14 0:00 ` Use DejaNews to retrieve Ariane discussion David Alex Lamb
1996-09-19 0:00 ` Earl H. Kinmonth
1996-09-14 0:00 ` Multiple reasons for failure of Ariane 5 (was: Re: Ariane 5 - not an exception?) David Alex Lamb
1996-08-11 0:00 ` ++ robin
[not found] ` <4uibvh$References: <Dv45EJ.8r@fsa.bris.ac.uk>
1996-08-16 0:00 ` A. Grant
1996-08-08 0:00 ` bohn
1996-07-26 0:00 ` Robert I. Eachus
1996-08-23 0:00 ` Jon S Anthony
1996-08-23 0:00 ` ++ robin
1996-08-23 0:00 ` Richard A. O'Keefe
1996-08-23 0:00 ` Ken Garlington
1996-08-26 0:00 ` ++ robin
1996-08-27 0:00 ` Ken Garlington
1996-08-28 0:00 ` Larry Kilgallen
1996-08-29 0:00 ` Ken Garlington
1996-08-30 0:00 ` ++ robin
1996-08-30 0:00 ` David Weller
1996-09-04 0:00 ` Ken Garlington
1996-09-06 0:00 ` Sandy McPherson
1996-09-09 0:00 ` Ken Garlington
1996-08-30 0:00 ` Jon S Anthony
1996-08-26 0:00 ` Ken Garlington
1996-08-26 0:00 ` Dave Jones
1996-08-27 0:00 ` Ken Garlington
1996-08-30 0:00 ` ++ robin
1996-09-04 0:00 ` Ken Garlington
1996-09-06 0:00 ` ++ robin
1996-09-18 0:00 ` Merlin Dorfman
1996-09-20 0:00 ` John McCabe
1996-08-30 0:00 ` ++ robin
1996-08-30 0:00 ` John McCabe
1996-09-06 0:00 ` Jon S Anthony
1996-09-06 0:00 ` Robert Dewar
1996-08-23 0:00 ` Jon S Anthony
1996-08-26 0:00 ` ++ robin
1996-07-26 0:00 ` Ariane 5 - not an exception? Bob Gilbert
1996-07-29 0:00 ` Martin Tom Brown
1996-07-30 0:00 ` John McCabe
1996-07-31 0:00 ` Greg Bond
1996-08-03 0:00 ` John McCabe
1996-07-26 0:00 ` ++ robin
1996-07-29 0:00 ` Bill Angel
1996-07-29 0:00 ` Paul_Green
1996-07-30 0:00 ` Bob Kurtz
1996-07-30 0:00 ` Richard Shetron
1996-07-30 0:00 ` ++ robin
1996-07-30 0:00 ` Nancy Mead
1996-07-31 0:00 ` Tucker Taft
1996-07-31 0:00 ` Steve O'Neill
1996-08-01 0:00 ` root
1996-08-01 0:00 ` Tucker Taft
1996-07-30 0:00 ` Ken Garlington
1996-07-30 0:00 ` Lloyd Fischer
1996-08-04 0:00 ` Richard Riehle
1996-08-05 0:00 ` Fergus Henderson
1996-08-05 0:00 ` Nigel Tzeng
1996-08-06 0:00 ` John McCabe
1996-08-05 0:00 ` John McCabe
1996-08-13 0:00 ` ++ robin
1996-08-13 0:00 ` Darren C Davenport
1996-08-13 0:00 ` Ken Garlington
1996-08-13 0:00 ` Kirk Bradley
1996-08-14 0:00 ` Ken Garlington
1996-08-18 0:00 ` PL/I Versus Ada (Was: Arianne ...) Richard Riehle
1996-08-19 0:00 ` Robert Dewar
1996-08-20 0:00 ` Lon Amick
1996-08-21 0:00 ` Tim Dugan
1996-08-21 0:00 ` Tony Konashenok
1996-08-28 0:00 ` Richard Riehle
1996-08-29 0:00 ` Lon D. Gowen, Ph.D.
1996-08-30 0:00 ` Tony Konashenok
1996-08-30 0:00 ` Adam Beneschan
1996-08-30 0:00 ` John McCabe
1996-08-21 0:00 ` Lon D. Gowen, Ph.D.
1996-08-23 0:00 ` arbuckj
1996-08-22 0:00 ` Ariane 5 - not an exception? ++ robin
1996-08-22 0:00 ` Ken Garlington
1996-08-14 0:00 ` John McCabe
1996-08-19 0:00 ` Chris Papademetrious
1996-08-22 0:00 ` ++ robin
1996-08-22 0:00 ` John McCabe
1996-08-23 0:00 ` Ken Garlington
1996-08-24 0:00 ` John McCabe
1996-08-26 0:00 ` Byron B. Kauffman
1996-08-27 0:00 ` John McCabe
1996-08-28 0:00 ` Byron B. Kauffman
1996-08-28 0:00 ` Robert Dewar
1996-08-29 0:00 ` Ted Dennison
1996-08-30 0:00 ` John McCabe
1996-08-22 0:00 ` Martin Tom Brown
1996-08-23 0:00 ` Bob Gilbert [this message]
1996-08-24 0:00 ` Robert I. Eachus
1996-08-25 0:00 ` John McCabe
1996-08-27 0:00 ` Tom Speer
1996-08-26 0:00 ` Jon S Anthony
1996-08-20 0:00 ` Richard Riehle
1996-07-30 0:00 ` Ken Garlington
1996-08-02 0:00 ` Craig P. Beyers
1996-07-30 0:00 ` Steve O'Neill
1996-07-31 0:00 ` Martin Tom Brown
1996-07-31 0:00 ` Nigel Tzeng
1996-08-02 0:00 ` Ken Garlington
1996-08-03 0:00 ` Thomas Kendelbacher
1996-08-01 0:00 ` ++ robin
1996-08-01 0:00 ` Ken Garlington
1996-08-05 0:00 ` John McCabe
1996-08-06 0:00 ` Ken Garlington
1996-08-06 0:00 ` Mark van Walraven
1996-08-06 0:00 ` Ken Garlington
1996-08-02 0:00 ` Pascal Martin @lone
1996-08-03 0:00 ` Dr. Richard Botting
1996-08-05 0:00 ` system
1996-08-06 0:00 ` ++ robin
1996-08-08 0:00 ` Darius Blasband
1996-08-10 0:00 ` dwnoon
1996-08-12 0:00 ` Thomas Kendelbacher
1996-08-13 0:00 ` ++ robin
1996-08-13 0:00 ` Roy Gardiner
1996-08-13 0:00 ` Ken Garlington
1996-08-13 0:00 ` Lance Kibblewhite
1996-08-13 0:00 ` ++ robin
1996-08-15 0:00 ` Richard Riehle
1996-08-05 0:00 ` Steve O'Neill
1996-08-06 0:00 ` Francis Lipski
1996-08-07 0:00 ` Martin Tom Brown
1996-08-09 0:00 ` Ken Garlington
1996-08-06 0:00 ` Frank Manning
1996-08-08 0:00 ` Steve O'Neill
1996-08-09 0:00 ` Pat Rogers
1996-08-09 0:00 ` JP Thornley
1996-08-13 0:00 ` ++ robin
1996-08-13 0:00 ` Steve O'Neill
1996-08-01 0:00 ` Jon S Anthony
1996-08-02 0:00 ` James Kanze US/ESC 60/3/141 #40763
1996-08-06 0:00 ` Robert I. Eachus
1996-08-06 0:00 ` Stefan 'Stetson' Skoglund
1996-07-26 0:00 ` JP Thornley
1996-07-29 0:00 ` JP Thornley
1996-07-29 0:00 ` Nigel Tzeng
1996-07-29 0:00 ` Ken Garlington
1996-07-30 0:00 ` Robert I. Eachus
1996-07-31 0:00 ` JP Thornley
1996-08-01 0:00 ` Alan Brain
1996-08-02 0:00 ` JP Thornley
1996-08-01 0:00 ` Ken Garlington
1996-07-26 0:00 ` Theodore E. Dennison
1996-07-29 0:00 ` Ken Garlington
1996-07-27 0:00 ` Bill Angel
1996-07-30 0:00 ` Dr. Richard Botting
1996-07-30 0:00 ` David Weller
1996-07-30 0:00 ` Robert Dewar
-- strict thread matches above, loose matches on Subject: below --
1996-08-08 0:00 Marin David Condic, 407.796.8997, M/S 731-93
1996-08-09 0:00 ` John McCabe
1996-08-13 0:00 Marin David Condic, 407.796.8997, M/S 731-93
1996-08-15 0:00 ` John McCabe
1996-08-13 0:00 Marin David Condic, 407.796.8997, M/S 731-93
1996-08-15 0:00 ` John McCabe
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox