From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 1108a1,5da92b52f6784b63 X-Google-Attributes: gid1108a1,public X-Google-Thread: 103376,a48e5b99425d742a X-Google-Attributes: gid103376,public X-Google-Thread: fac41,a48e5b99425d742a X-Google-Attributes: gidfac41,public X-Google-Thread: f43e6,a48e5b99425d742a X-Google-Attributes: gidf43e6,public From: WhiteR@CRPL.Cedar-Rapids.lib.IA.US (Robert S. White) Subject: Re: Please do not start a language war (was Re: Papers on the Ariane-5 crash and Design by Contract Date: 1997/03/20 Message-ID: <5gq97v$iks@flood.weeg.uiowa.edu>#1/1 X-Deja-AN: 226856438 References: <332B5495.167EB0E7@eiffel.com> <5giu3p$beb$1@news.irisa.fr> <332ED8AB.21E7@lmtas.lmco.com> <199703190839.JAA02652@stormbringer.irisa.fr> <33302A36.7434@lmtas.lmco.com> Organization: ... Newsgroups: comp.lang.eiffel,comp.object,comp.software-eng,comp.lang.ada Date: 1997-03-20T00:00:00+00:00 List-Id: In article <33302A36.7434@lmtas.lmco.com>, GarlingtonKE@lmtas.lmco.com says... ...snip... >We have exactly the same coupling of inertials to flight controls on a >current project, and >we are able to test the coupled system in a black box environment in our >labs, with pilots in the loop, performing the same flight profiles we >expect to see in operation. ...snip... I agree with Ken. At work, we also test inertial systems with simulated IMU (IRU) inputs to the INS (IRS) along with GPS satellite RF signals. We do NOT consider our GPS/INS software qualified unless it exhibits correct behaviour under all specified high dynamic flight profile conditions. I fail to understand statements that it was not possible to test the IRS under normal Ariane-5 launch dynamics. Just model the delta velocities and delta angles as a function of time, feed them into the INS (IRS) software and flight control software and see if the system performs to spec. I'll bet you could pay for developing several simulation labs (with hardware in the loop) for the cost of the failed Ariane 5 launch. Any explicit conversions from wide range to narrow range MUST be thoroughly tested with simulations if one is going to avoid simple run time checks (which checks Ada makes very easy to do). I fail to grasp how Eiffel (or PL/1) does a better job at this than Ada. Ada makes you work extra hard to force such a conversion causing the coders to always question them. It seems in this case they were explicitly told by the systems engineers that there would not be a problem...which proved to be wrong for the case of the Ariane 5 flight dynamics. In my experience I would have required that inertial alignment stop immediately upon rocket release. Still don't understand why alignment was deliberatly continued for the early part of the flight. Once you are moving. stop aligning, simple as that. _______________________________________________________________________ Robert S. White -- an embedded sys software engineer