From: "Marin David Condic" <dont.bother.mcondic.auntie.spam@[acm.org>
Subject: Re: Ariane Failure
Date: Mon, 8 Apr 2002 09:59:25 -0400
Date: 2002-04-08T13:59:26+00:00 [thread overview]
Message-ID: <a8s7nu$ibo$1@nh.pace.co.uk> (raw)
In-Reply-To: a8oo51$tsk$2@slb2.atl.mindspring.net
"Dennis Lee Bieber" <wlfraed@ix.netcom.com> wrote in message
news:a8oo51$tsk$2@slb2.atl.mindspring.net...
>
> I do have to confess to having only the general explanation of the
> problem, not details of the code internals -- it does sound, from a quick
> perusal of this message thread, that some sort of overflow in integer
> processing occurred. This is new to me; the general report tended to the
> concept that the measured rates were accurate, but exceeded what the
> Ariane IV code deemed proper, and attempts to correct this "faulty rate"
> led to vehicle instability...
>
Yes and no. The report was clearly not written by software guys since it
otherwise would have explained in more accurate terms exactly what happened
at the software level. Hence, you kind of have to read between the lines and
interpret it some from the perspective of a more generalized engineer's
view.
The software module in question was originally analyzed on Ariane 4 with a
veiw toward improving speed. They had a shortage of CPU cycles and had
identified this one module as a major consumer of resources. They changed
the code to eliminate all the range checking and other "safety features"
(not at all uncommon in this business) in order to speed it up. This was not
without analysis that examined the possible valid ranges for various numbers
and mathematically reasoning about it & coming to the conclusion that any
values that would possibly generate a hardware overflow error could not be
in the valid flight path of the Ariane 4 - hence it was likely to be a
sensor failure and the proper accommodation would be to transfer control to
the other channel. The ISR for that overflow error did just that. So the
design was valid and correct for the Ariane 4.
The problem for Ariane 5 was that nobody tested or checked the assumptions
on the software intended to run on a different rocket. Had they run the unit
through the flight profile, they would have spotted the error in a cocaine
heartbeat.
MDC
--
Marin David Condic
Senior Software Engineer
Pace Micro Technology Americas www.pacemicro.com
Enabling the digital revolution
e-Mail: marin.condic@pacemicro.com
next prev parent reply other threads:[~2002-04-08 13:59 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <ee2a195b.0203260725.a02dbfe@posting.google.com>
2002-03-29 18:56 ` Ariane Failure Richard Riehle
2002-03-29 20:56 ` Michael Feathers
2002-03-30 1:02 ` Bill
2002-03-30 3:20 ` Keith Ray
2002-03-30 12:12 ` John Roth
2002-03-30 13:36 ` Michael Feathers
2002-04-01 15:22 ` Marin David Condic
[not found] ` <a8oo51$tsk$2@slb2.atl.mindspring.net>
2002-04-08 13:59 ` Marin David Condic [this message]
2002-04-09 12:49 ` John Roth
2002-04-09 14:58 ` Steve O'Neill
2002-04-09 15:04 ` Steve O'Neill
2002-04-09 23:00 ` John Roth
2002-04-10 12:52 ` Steve O'Neill
2002-04-10 12:59 ` Marin David Condic
2002-04-11 0:48 ` Steve O'Neill
2002-04-11 13:17 ` Marin David Condic
2002-04-11 13:47 ` Ted Dennison
2002-04-11 14:15 ` Marin David Condic
2002-04-11 12:12 ` fdebruin
2002-04-11 14:33 ` Larry Kilgallen
2002-04-11 18:16 ` Ted Dennison
2002-04-11 18:30 ` Marin David Condic
2002-04-09 19:07 ` Bill
2002-04-09 19:44 ` Marin David Condic
2002-04-01 15:08 ` Marin David Condic
2002-04-02 18:32 ` Wes Groleau
2002-04-02 18:42 ` Marin David Condic
1996-06-28 0:00 Robert B. Love
1996-07-01 0:00 ` Ken Garlington
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox