From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,f948976d12c7ee33 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2003-06-23 19:13:39 PST Path: archiver1.google.com!postnews1.google.com!not-for-mail From: aek@vib.usr.pu.ru (Alexander Kopilovitch) Newsgroups: comp.lang.ada Subject: Re: Boeing and Dreamliner Date: 23 Jun 2003 19:13:39 -0700 Organization: http://groups.google.com/ Message-ID: References: <3EF5F3F3.6000806@attbi.com> NNTP-Posting-Host: 62.152.82.57 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 1056420819 4368 127.0.0.1 (24 Jun 2003 02:13:39 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: 24 Jun 2003 02:13:39 GMT Xref: archiver1.google.com comp.lang.ada:39629 Date: 2003-06-24T02:13:39+00:00 List-Id: Robert I. Eachus wrote: >Hyman Rosen wrote: > > > Ada made the Ariane 5 crash! > >No, stupid management decisions made Ariane 5 crash. No, simple "stupid management" is not enough here. Something more technical was rotten. There was not single decision (or couple of decisions) taken by top level manager at the last moment - there was nothing like ordering a launch despite inappropiate weather. It was a long project with many presumably competent people involved; and it is important to investigate more deeply: why consequences of initial wrong decision (which was made by incompetent people) were not recognized by scientific and technical staff before the actual failure happened. >This is one of >those stories where the truth really needs to catch up to the rumor. It must be not so simple, because the "truth" position is vulnerable - I think that I'd feel myself rather comfortable in devil's advocate role for that dispute (despite of my ignorance - your excellent description/explanation of the case is enough for me -:) . >Some brilliant management type had the idea that reusing the flight >control software from the Arianne 4 on Ariane 5 would save lots of money >on testing and verification. As a result, and for political reasons, >there was no Ariane 5 contractor who even got to see the Ariane 4 source >code. Beautiful decision. But engines were new, so there was a contractor for them, right? And that contractor probably has own scientists and engineers, right? Were those scientists and engineers interested in successful flights? Probably yes. Were they informed about the decision to use old flight control software unchanged and untested for their new engines? If yes then how can they agree to that decision? If not, why they were not alarmed by the absence of combined testing? >... >The engines were >commanded to deflect beyond what the stack could take, and the Arianne 5 >broke up. How could THAT happen? The reuse included the flight >dynamics profile for the Arianne 4! Since the Arianne 4 had smaller >moments and a larger tolerance for guidance inputs, ANY significant >correction sent to the engines, such as hitting wind shear, would have >pushed the software into a regime where errors would build up. >Eventually the commanded input would exceed the stack's structural >limits and destroy everything. > >There was some indication that such errors had occured during the 39 >seconds of flight, but all had been small enough errors to be damped out >by other deviations. Obviously, all that would be caught during the tests (even if engines were simulated, those errors would be caught)... Perhaps this is (in)famous "culture barrier", but I can't get how can one even think about avoiding combined system testing for such complex and costly systems. Alexander Kopilovitch aek@vib.usr.pu.ru Saint-Petersburg Russia