From: rav@goanna.cs.rmit.edu.au (robin)
Subject: Re: Ariane 5 failure (Was: Size code Ada and C)
Date: 1998/07/03
Date: 1998-07-03T00:00:00+00:00 [thread overview]
Message-ID: <6ng8ua$1jp$1@goanna.cs.rmit.edu.au> (raw)
In-Reply-To: 359A53E2.41C6@lanl.gov
William Clodius <wclodius@lanl.gov> writes:
>robin wrote:
>> <snip>
>> It's never a good idea in a real-time system to
>> avoid run-time checks. A run-time check on the magnitude
>> would have caught the error and would not have caused
>> the total failure of Ariane 5.
>> <snip>
>But an implicit runtime check on the magnitude did catch the error.
You're stretching the meaning of run-time check a bit.
The report called it an "unchecked conversion".
By "run-time check" I mean a specific test in the code.
The interrupt was trapped by the OS, which then shut down the
SRI computer.
> It
>was the way the error was handled when caught, by turning off the
>computer(s), that caused the Ariane 5 to fail so rapidly.
No, it was the unchecked conversion. If the conversion
had undergone a magnitude check, the OS would have never
shut down the SRI. Any kind of error would cause the
SRI computer to shut down. Thus, the programmer should
have undertaken every proecaution to ensire that each and
every possible cause of an interrupt could not occur.
Nevertheless, it was foolosh not to include
some fail-safe mechanism to trap any unexpected interrupts.
Miss one, and it was sudden death to the mission.
> It was not
>clear to me that not handling the error in this case would have caused
>problems, because the software where the error occurred was intended for
>prelaunch (and early launch?) analysis and control and was not clearly
>useful for the operation of the system at the time the error occurred
>(tens of seconds into launch).
>William B. Clodius Phone: (505)-665-9370
next prev parent reply other threads:[~1998-07-03 0:00 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <35921271.E51E36DF@aonix.fr>
[not found] ` <3598358A.73FF35CC@pipeline.com>
[not found] ` <dewar.899298949@merv>
1998-07-03 0:00 ` Performance Ada and C, was Re: Size code Ada and C Van Snyder
1998-07-03 0:00 ` Performance " Markus Kuhn
1998-07-03 0:00 ` Robert Dewar
1998-07-03 0:00 ` Markus Kuhn
1998-07-04 0:00 ` ak
1998-07-07 0:00 ` Frank Klemm
1998-07-13 0:00 ` Daren Scot Wilson
[not found] ` <m3zpf1tyr8.fsf@zaphod.enst.fr>
[not found] ` <6mtiv0$9j3@gcsin3.geccs.gecm.com>
[not found] ` <dewar.898962846@merv>
[not found] ` <6n8393$hoi$2@platane.wanadoo.fr>
[not found] ` <6n84im$79q@gcsin3.geccs.gecm.com>
[not found] ` <m3u35470ds.fsf@zaphod.enst.fr>
[not found] ` <6n8b7u$9hm@gcsin3.geccs.gecm.com>
[not found] ` <m3vhpk5f0d.fsf@zaphod.enst.fr>
[not found] ` <3597db2d.1017430@news.demon.co.uk>
[not found] ` <EACHUS.98Jun30173656@spectre.mitre.org>
1998-07-03 0:00 ` Size code " John McCabe
1998-07-03 0:00 ` Larry Elmore
1998-07-03 0:00 ` John McCabe
1998-07-07 0:00 ` Robert I. Eachus
[not found] ` <dewar.899298821@merv>
1998-07-07 0:00 ` Robert I. Eachus
[not found] ` <6n7jut$al0$1@nnrp1.dejanews.com>
[not found] ` <6navqt$shc$1@goanna.cs.rmit.edu.au>
[not found] ` <359A53E2.41C6@lanl.gov>
[not found] ` <dewar.899334821@merv>
[not found] ` <6nfp0v$dgl@gcsin3.geccs.gecm.com>
1998-07-02 0:00 ` Ariane 5 failure (Was: Size code Ada and C) Jean-Pierre Rosen
1998-07-03 0:00 ` robin [this message]
1998-07-02 0:00 ` William Clodius
1998-07-09 0:00 ` Plenty of unnecessary contraint tests " Frank Klemm
1998-07-09 0:00 ` Robert Dewar
1998-07-10 0:00 ` Frank Klemm
1998-07-10 0:00 ` Ariane 5 failure " Dale Stanbrough
1998-07-10 0:00 ` John McCabe
1998-07-10 0:00 ` Pat Rogers
1998-07-10 0:00 ` Frank Klemm
1998-07-10 0:00 ` Plenty of unnecessary contraint tests " Robert S. White
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox