Re: Ariane Failure

["Michael Feathers" <mfeathers@objectmentor.com>]

"Bill" <wclodius@lanl.gov> wrote in message
news:3CA50E9A.CBF24F1B@lanl.gov...
>
> Michael Feathers wrote:<snip>
>
> > IIRC, there's also the issue of casting integers across sizes.  It is
great
> > when you can hide representation and promote or demote its size as
needed.
>
> <snip>
> Promoting and demoting size as needed was part of the problem. Because of
> limitations of typical launch vehicals, in particular their down link
> capabilities to ground operations, but also limitted on board storage and
> central processing, it is often necessary to reduce the size of a value
from
> larger storage representations to a smaller storage representations,
typically
> from floats or doubles to 8 or 16 bit integers. In order to ensure that
the
> real time constraints of the system are met, there has to be an explicit
> decision as to what information needs to be communicated, at what rate,
and
> precision. It is tempting to maintain more precision than you need, just
to be
> certain you haven't misjudged the need, by applying an offset and scale
factor
> prior to the conversion to an integer, such that all possible values of
the
> rescaled number just fit within the range of values of the integer.
However,
> that decision is subject to the error of underestimating the range of
possible
> values of the original number before rescaling. In particular, a velocity
scale
> factor that was valid for the Ariane IV, for the actual and planned
operating
> conditions of the Ariane V, resulted in a value that exceeded the integer
range
> of the desired integer size, because the Ariane V has a larger
acceleration and
> more horizontal trajectory than the Ariane IV.
>
> Note that information hiding per se doesn't help with this. If the writer
of
> the software has made the explicit decision to rescale and the rescale
factor
> to use, but doesn't communicate that information to others so they can
make no
> decisions based on a knowledge of the rescale factor, the rescale factor
could
> still be inappropriate and cause breakage. Also designing the software to
> automatically rescale using more global heuristcs, can cause other
problems as
> additional information about its decisions then needs to be communicated
to the
> ground station so that it can interpret the rescaled data.

Yes.  It seems like the error prone part is going back to integers at all.
Since it is a safety consideration it seems like it would be great to
revisit that as processing and communications speeds increase.

Michael Feathers
www.objectmentor.com