From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,7e8cebf09cf80560 X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news4.google.com!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: Niklas Holsti Newsgroups: comp.lang.ada Subject: Re: How would Ariane 5 have behaved if overflow checking werenotturned off? Date: Thu, 17 Mar 2011 15:36:54 +0200 Organization: Tidorum Ltd Message-ID: <8ueh3mF3rgU1@mid.individual.net> References: <4d80b140$0$43832$c30e37c6@exi-reader.telstra.net><4d814af0$0$43831$c30e37c6@exi-reader.telstra.net> <4d8200cb$0$43837$c30e37c6@exi-reader.telstra.net> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Trace: individual.net kT7j5/5Y0js3+XgFUIrB/QZGU3oNZU/Bo+Xu6LN0m3Vm4jsPjv Cancel-Lock: sha1:usbdHDEzNyKAWvCx0bjA4pxV8E8= User-Agent: Mozilla-Thunderbird 2.0.0.24 (X11/20100328) In-Reply-To: <4d8200cb$0$43837$c30e37c6@exi-reader.telstra.net> Xref: g2news1.google.com comp.lang.ada:18280 Date: 2011-03-17T15:36:54+02:00 List-Id: robin wrote: > Simon Wright wrote in message ... >> "robin" writes: >> >>> But only if the error was hardware, which it wasn't. >> No, and it wasn't bloody software either!!! > > I'm afraid that it was (software). > Consider this: If just ONE unprotected overflow occurs, > the mission is lost. No. If the unprotected overflow occurs because of a hardware fault or noise in one computer only, the mission continues with the other computer. > Not a SINGLE unprotected conversion should have been included. You are being rather dogmatic about this, Robin... >> it was SYSTEM DESIGN!!! and >> no amount of faffing about at the edges of software will ever fix that. > > The fact remains that in that real-time system, > unprotected conversions were included. After analysis of their possible causes and effects. In the Ariane 4. > No-one experienced in real-time programming > would have permitted those unprotected conversions. Do you claim to know that the Ariane 4 software developers were inexperienced? The designers analysed the situation, decided what the software should do in case of overflow at this point, and built the software accordingly. When the overflow happened in the Ariane 501 launch the software did exactly what the designers had decided it should do in this case. The argument about what the software should have done instead can be endless, and perhaps useful for developing other programs, but does not make the Ariane 4 software incorrect. The ESA report makes several recommendations to increase robustness, for example to activate only those software functions that are needed in each phase of a mission. The Ariane 5 designers instead followed the KISS principle "if it isn't broken, don't fix it". Unfortunately "broken" is relative and depends on the environment. The software wasn't broken for the Ariane 4, but was broken for the Ariane 5. -- Niklas Holsti Tidorum Ltd niklas holsti tidorum fi . @ .