From: Richard Riehle <rriehle@nunic.nu.edu>
Subject: Re: Ariane 5 - not an exception?
Date: 1996/08/04
Date: 1996-08-04T00:00:00+00:00 [thread overview]
Message-ID: <Pine.GSO.3.92.960804145456.23377A-100000@nunic.nu.edu> (raw)
In-Reply-To: 4tiu6e$kpm@news2.cais.com
On 29 Jul 1996, Bill Angel wrote:
> I am under the impression that for the US manned spaceflight
> program (to get to the moon) ,an on-board computer that was serving as a
> backup to the primary computer would have been performing its computations
> using completely different software than the primary computer. By
> utilizing this methodology, the same software "glitch" would not halt both
> systems simultaneously. Perhaps a group of software developers could be
> tasked with producing a version of the on-board software for Ariane in a
> different computer language than that used by the primary processor. The
> two processors, running simultaneously, would serve to check each other's
> results with greater independence that they apparently do now.
I have been following this thread with interest. I am no expert on
Ariane, but lack of expertise has not an obstacle to others who have
posted on this topic.
1) redundant processors
The idea of using different processor architectures is a good
one and often employed for other systems such as the Boeing 777.
However, if I recall correctly, Ariane has a "rad-hard" requirement
(right or wrong) and uses Mil-Std 1750A processors to satisfy that
requirement. This would not permit using multiple processors of
differing architectures.
2) Pl/I
a) There is no Pl/I compiler for the 1750A
b) Ada is far more suitable for safety-sensitive software than Pl/I
c) This failure was not a language issue. It is a management issue.
Specifically, it is a failure of engineering management.
d) Given the incorrect specifications against which the program was
designed, the same failure would have occurred in Pl/I or any
other language.
3) Turning off the Computer
Not always an incorrect decision in embedded computing. This time
it clearly was.
4) Software Reuse
If one intends to "reuse" software, such as Ariane 4xx software in
Ariane 5xxx, in a significantly different architecture, there is some
virtue in extensive testing.
5) Unchecked Conversion
Ada practitioners have been preaching for years that this should not
be done without substantial examination and testing. One more example
of why unchecked_conversion is usually not a good idea. Sometimes it
is unavoidable, I know.
6) Exception Handling
Anyone remember C.A.R Hoare's Turing Lecture?
7) Ada
This is still the best language for doing this kind of system. But
stupid management is something no programming language can change.
Given other engineering constraints on this project, Ada is really
the only reasonable language to choose.
Richard Riehle
next prev parent reply other threads:[~1996-08-04 0:00 UTC|newest]
Thread overview: 194+ messages / expand[flat|nested] mbox.gz Atom feed top
1996-07-25 0:00 Ariane 5 - not an exception? Simon Bluck
1996-07-25 0:00 ` Multiple reasons for failure of Ariane 5 (was: Re: Ariane 5 - not an exception?) Kirk Beitz
1996-07-26 0:00 ` ++ robin
1996-08-05 0:00 ` Darren C Davenport
1996-08-06 0:00 ` U32872
1996-08-07 0:00 ` Robert Dewar
1996-08-08 0:00 ` Pascal Martin @lone
1996-08-09 0:00 ` Robert Dewar
1996-08-10 0:00 ` dwnoon
1996-08-11 0:00 ` Robert Dewar
1996-08-15 0:00 ` dwnoon
1996-08-16 0:00 ` Robert Dewar
1996-08-20 0:00 ` dwnoon
1996-08-12 0:00 ` Ken Garlington
1996-08-15 0:00 ` Richard Riehle
1996-08-22 0:00 ` ++ robin
1996-08-23 0:00 ` Ken Garlington
1996-08-31 0:00 ` Ada versus PL/I " Richard Riehle
1996-09-02 0:00 ` ++ robin
1996-09-02 0:00 ` Richard A. O'Keefe
1996-09-03 0:00 ` ++ robin
1996-09-03 0:00 ` Robb Nebbe
1996-09-17 0:00 ` shmuel
1996-09-17 0:00 ` Jay McFadyen
1996-09-18 0:00 ` John McCabe
1996-09-20 0:00 ` shmuel
1996-09-03 0:00 ` ++ robin
1996-09-04 0:00 ` Robert Dewar
1996-09-07 0:00 ` ++ robin
1996-09-06 0:00 ` PL/I or PL/1 Larry Hazel
1996-09-03 0:00 ` Ada versus PL/I (was: Re: Ariane 5 - not an exception?) J. Kanze
1996-09-07 0:00 ` Robert Dewar
1996-09-09 0:00 ` ++ robin
1996-09-09 0:00 ` Robert Dewar
1996-09-09 0:00 ` Ken Garlington
1996-09-11 0:00 ` Multiple reasons for failure of Ariane 5 " J.Worringen
1996-09-12 0:00 ` Ken Garlington
1996-09-14 0:00 ` David Alex Lamb
1996-09-14 0:00 ` Use DejaNews to retrieve Ariane discussion David Alex Lamb
1996-09-19 0:00 ` Earl H. Kinmonth
1996-08-11 0:00 ` Multiple reasons for failure of Ariane 5 (was: Re: Ariane 5 - not an exception?) ++ robin
[not found] ` <4uibvh$References: <Dv45EJ.8r@fsa.bris.ac.uk>
1996-08-16 0:00 ` A. Grant
1996-08-08 0:00 ` bohn
1996-07-26 0:00 ` Robert I. Eachus
1996-08-23 0:00 ` Jon S Anthony
1996-08-26 0:00 ` ++ robin
1996-08-23 0:00 ` Jon S Anthony
1996-08-23 0:00 ` ++ robin
1996-08-23 0:00 ` Richard A. O'Keefe
1996-08-23 0:00 ` Ken Garlington
1996-08-26 0:00 ` ++ robin
1996-08-27 0:00 ` Ken Garlington
1996-08-28 0:00 ` Larry Kilgallen
1996-08-29 0:00 ` Ken Garlington
1996-08-30 0:00 ` ++ robin
1996-08-30 0:00 ` David Weller
1996-09-04 0:00 ` Ken Garlington
1996-09-06 0:00 ` Sandy McPherson
1996-09-09 0:00 ` Ken Garlington
1996-08-30 0:00 ` Jon S Anthony
1996-08-26 0:00 ` Ken Garlington
1996-08-26 0:00 ` Dave Jones
1996-08-27 0:00 ` Ken Garlington
1996-08-30 0:00 ` ++ robin
1996-09-04 0:00 ` Ken Garlington
1996-09-06 0:00 ` ++ robin
1996-09-18 0:00 ` Merlin Dorfman
1996-09-20 0:00 ` John McCabe
1996-08-30 0:00 ` ++ robin
1996-08-30 0:00 ` John McCabe
1996-09-06 0:00 ` Jon S Anthony
1996-09-06 0:00 ` Robert Dewar
1996-07-26 0:00 ` Ariane 5 - not an exception? Theodore E. Dennison
1996-07-29 0:00 ` Ken Garlington
1996-07-26 0:00 ` JP Thornley
1996-07-29 0:00 ` JP Thornley
1996-07-29 0:00 ` Nigel Tzeng
1996-07-29 0:00 ` Ken Garlington
1996-07-30 0:00 ` Robert I. Eachus
1996-07-31 0:00 ` JP Thornley
1996-08-01 0:00 ` Alan Brain
1996-08-02 0:00 ` JP Thornley
1996-08-01 0:00 ` Ken Garlington
1996-07-26 0:00 ` Bob Gilbert
1996-07-29 0:00 ` Martin Tom Brown
1996-07-30 0:00 ` John McCabe
1996-07-31 0:00 ` Greg Bond
1996-08-03 0:00 ` John McCabe
1996-07-26 0:00 ` ++ robin
1996-07-29 0:00 ` Bill Angel
1996-07-29 0:00 ` Paul_Green
1996-07-30 0:00 ` Ken Garlington
1996-07-30 0:00 ` Lloyd Fischer
1996-07-30 0:00 ` Richard Shetron
1996-07-30 0:00 ` ++ robin
1996-07-30 0:00 ` Nancy Mead
1996-07-31 0:00 ` Tucker Taft
1996-07-31 0:00 ` Steve O'Neill
1996-08-01 0:00 ` root
1996-08-01 0:00 ` Tucker Taft
1996-07-30 0:00 ` Bob Kurtz
1996-08-04 0:00 ` Richard Riehle [this message]
1996-08-05 0:00 ` Fergus Henderson
1996-08-05 0:00 ` John McCabe
1996-08-05 0:00 ` Nigel Tzeng
1996-08-06 0:00 ` John McCabe
1996-08-13 0:00 ` ++ robin
1996-08-13 0:00 ` Ken Garlington
1996-08-13 0:00 ` Kirk Bradley
1996-08-14 0:00 ` Ken Garlington
1996-08-18 0:00 ` PL/I Versus Ada (Was: Arianne ...) Richard Riehle
1996-08-19 0:00 ` Robert Dewar
1996-08-20 0:00 ` Lon Amick
1996-08-21 0:00 ` Tim Dugan
1996-08-21 0:00 ` Lon D. Gowen, Ph.D.
1996-08-21 0:00 ` Tony Konashenok
1996-08-28 0:00 ` Richard Riehle
1996-08-29 0:00 ` Lon D. Gowen, Ph.D.
1996-08-30 0:00 ` Tony Konashenok
1996-08-30 0:00 ` Adam Beneschan
1996-08-30 0:00 ` John McCabe
1996-08-23 0:00 ` arbuckj
1996-08-22 0:00 ` Ariane 5 - not an exception? ++ robin
1996-08-22 0:00 ` Ken Garlington
1996-08-13 0:00 ` Darren C Davenport
1996-08-14 0:00 ` John McCabe
1996-08-19 0:00 ` Chris Papademetrious
1996-08-22 0:00 ` ++ robin
1996-08-22 0:00 ` Martin Tom Brown
1996-08-22 0:00 ` John McCabe
1996-08-23 0:00 ` Ken Garlington
1996-08-24 0:00 ` John McCabe
1996-08-26 0:00 ` Byron B. Kauffman
1996-08-27 0:00 ` John McCabe
1996-08-28 0:00 ` Byron B. Kauffman
1996-08-28 0:00 ` Robert Dewar
1996-08-29 0:00 ` Ted Dennison
1996-08-30 0:00 ` John McCabe
1996-08-23 0:00 ` Bob Gilbert
1996-08-24 0:00 ` Robert I. Eachus
1996-08-25 0:00 ` John McCabe
1996-08-27 0:00 ` Tom Speer
1996-08-26 0:00 ` Jon S Anthony
1996-08-20 0:00 ` Richard Riehle
1996-07-30 0:00 ` Steve O'Neill
1996-07-31 0:00 ` Martin Tom Brown
1996-07-31 0:00 ` Nigel Tzeng
1996-08-02 0:00 ` Ken Garlington
1996-08-03 0:00 ` Thomas Kendelbacher
1996-08-01 0:00 ` ++ robin
1996-08-01 0:00 ` Ken Garlington
1996-08-05 0:00 ` John McCabe
1996-08-06 0:00 ` Ken Garlington
1996-08-06 0:00 ` Mark van Walraven
1996-08-06 0:00 ` Ken Garlington
1996-08-02 0:00 ` Pascal Martin @lone
1996-08-03 0:00 ` Dr. Richard Botting
1996-08-05 0:00 ` system
1996-08-06 0:00 ` ++ robin
1996-08-08 0:00 ` Darius Blasband
1996-08-10 0:00 ` dwnoon
1996-08-12 0:00 ` Thomas Kendelbacher
1996-08-13 0:00 ` ++ robin
1996-08-13 0:00 ` ++ robin
1996-08-13 0:00 ` Roy Gardiner
1996-08-13 0:00 ` Lance Kibblewhite
1996-08-13 0:00 ` Ken Garlington
1996-08-15 0:00 ` Richard Riehle
1996-08-05 0:00 ` Steve O'Neill
1996-08-06 0:00 ` Frank Manning
1996-08-08 0:00 ` Steve O'Neill
1996-08-09 0:00 ` Pat Rogers
1996-08-09 0:00 ` JP Thornley
1996-08-06 0:00 ` Francis Lipski
1996-08-07 0:00 ` Martin Tom Brown
1996-08-09 0:00 ` Ken Garlington
1996-08-13 0:00 ` ++ robin
1996-08-13 0:00 ` Steve O'Neill
1996-07-30 0:00 ` Ken Garlington
1996-08-02 0:00 ` Craig P. Beyers
1996-08-01 0:00 ` Jon S Anthony
1996-08-02 0:00 ` James Kanze US/ESC 60/3/141 #40763
1996-08-06 0:00 ` Robert I. Eachus
1996-08-06 0:00 ` Stefan 'Stetson' Skoglund
1996-07-27 0:00 ` Bill Angel
1996-07-30 0:00 ` Dr. Richard Botting
1996-07-30 0:00 ` David Weller
1996-07-30 0:00 ` Robert Dewar
-- strict thread matches above, loose matches on Subject: below --
1996-08-08 0:00 Marin David Condic, 407.796.8997, M/S 731-93
1996-08-09 0:00 ` John McCabe
1996-08-13 0:00 Marin David Condic, 407.796.8997, M/S 731-93
1996-08-15 0:00 ` John McCabe
1996-08-13 0:00 Marin David Condic, 407.796.8997, M/S 731-93
1996-08-15 0:00 ` John McCabe
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox