dynamic allocation

[tmoran@acm.org]

"during testing, an exception was made"

From ACM Tech News:

>"NASA: DOS Glitch Nearly Killed Mars Rover"
>Extreme Tech (08/23/04); Hachman, Mark
>
>NASA scientist Robert Denise said at this week's Hot Chips conference that
>the real cause of a glitch on the Mars Spirit rover early this year was
>not corruption in the flash memory, but rather an embedded DOS file system
>that grew out of control.  An undisclosed software vendor had required the
>flash memory that stored the directory structure in RAM, which was only
>half the size of the flash memory and eventually ran out of space.  In
>addition, there was only 128 MB of DRAM compared to 256 MB of flash
>memory, virtually guaranteeing an eventual crash.  The problem with the
>file system was that the DOS directory structure was stored as a file that
>did not reduce in size even when files were deleted from the directory
>tree, since special characters indicated where new data could come in.
>While that aspect alone was not dangerous, the Wind River embedded OS used
>a piece of third-party software that required the mirroring of flash
>memory in RAM.  Denise admitted that during testing, an exception was made
>for the dynamic allocation feature, which is usually not allowed in
>embedded systems.  When the system finally generated a memory allocation
>command to a nonexistent memory address, it crashed.  The error did not
>manifest itself until Jan. 21, when Spirit fell into a continuous reboot
>cycle and could not transmit data through its antenna.  After five days,
>NASA Jet Propulsion Laboratory's Flight Software Development Team solved
>the problem by using system RAM as simulated flash and then isolating the
>error.  After flash memory was erased, the NASA team installed a
>file-system monitoring utility that tracked memory as a consumable resource.