Re: Ariane-5: can you clarify? (Re: Please do not start a

["Marin David Condic, 561.796.8997, M/S 731-93" <condicma@PWFL.COM>]

David Starr <david.starr@ANALOG.COM> writes:
>I say the crash was caused by the requirement for the inertial nav
>software to shut down and enter hardware test mode upon exception.  In
>other words, the program did what it was asked to do, and it was asked to
>destroy the rocket upon any kind of unforseen problem.  Be careful what
>you ask for, you might get it.

    Be a bit careful here. Remember that the software ran just fine
    and dandy on the Ariane 4. Hence the requirements, design,
    implementation, etc, must have been adequate to get the job done.
    (One of many possible "right answers") What caused the crash was
    more a case of lifting software out of Ariane 4 and making the
    assumption that it would be sufficient for Ariane 5.

>   If the inertial nav software had been required to press on regardless
>there is an excellent chance the mission would have flown.
>   I don't think a clever programming language could be so good as to
>guarantee no exceptions ever.  The software was required to shut down
>upon exeception.  It got an exception and it shut down.
>
    Pressing on in the face of an exception is probably better than a
    shutdown because on a dual redundant system the software design is
    common and you can presume that if you divided by zero on your
    side, your partner probably did as well. But you'll note my
    favoring the word "probably". I could easily imagine a situation
    where the rocket is flying along, divides by zero, and continues
    to fly along right into a schoolyard full of kids. You might want
    to presume that if you're seeing an exception in software that you
    didn't see in test, that you've got either broke hardware causing
    the exception or crazy software which is real dangerous to run.
    Design philosophies such as this can be debated right up until the
    project is cancelled. Sooner or later, you have to pick one and
    fly with it.

    Your point is well taken. The software did exactly what it was
    designed to do. It just didn't do what you wanted it to do.

    MDC

Marin David Condic, Senior Computer Engineer    ATT:        561.796.8997
M/S 731-96                                      Technet:    796.8997
Pratt & Whitney, GESP                           Fax:        561.796.4669
P.O. Box 109600                                 Internet:   CONDICMA@PWFL.COM
West Palm Beach, FL 33410-9600                  Internet:   CONDIC@FLINET.COM
===============================================================================
        In Vegas, I got into a long argument with the man at the
        roulette wheel over what I considered to be an odd number.

            --  Steven Wright
===============================================================================