From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,f948976d12c7ee33 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2003-06-26 19:21:27 PST Path: archiver1.google.com!postnews1.google.com!not-for-mail From: aek@vib.usr.pu.ru (Alexander Kopilovitch) Newsgroups: comp.lang.ada Subject: Re: Boeing and Dreamliner Date: 26 Jun 2003 19:21:26 -0700 Organization: http://groups.google.com/ Message-ID: References: <3EF5F3F3.6000806@attbi.com> <3EF7EE09.7040505@attbi.com> <3EFB4575.8050008@attbi.com> NNTP-Posting-Host: 62.152.82.216 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 1056680487 32471 127.0.0.1 (27 Jun 2003 02:21:27 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: 27 Jun 2003 02:21:27 GMT Xref: archiver1.google.com comp.lang.ada:39796 Date: 2003-06-27T02:21:27+00:00 List-Id: Robert I. Eachus wrote: >The "hunting" of the flight >guidance system was prior to that. Ten Hertz (cycles per second) is >almost certainly not due to any of the inertial moments of the system >but a multiple of the SRI clock. I don't get why you pay so much attention to that error. Yes, I fully argee, that most probably it was another incosistence, and that it alone guaranteed Ariane 5 mission overall failure. But it was just another inconsistence, and there might be several more, which just did not show themselves within initial 38 secons, so what? What does it add to the already established (and properly reflected in the report) fact that there were fatal inconsistences (at least one), which were certainly detectable within normal test procedure. (Obviously, that incostistence - "hunting" - is also certainly detectable within the same normal test procedure). Why do you think that that particular inconsistence deserved (or even still deserves) special investigation effort? >> First, there was protocol error, so the "bugs" weren't localized in SRI. >> Second, possibly there were other inconsistensies in SRI software. and those >> additional inconsistencies might influence that "diagnostic pattern". which >> was transmitted to OBC. > >Correct, the OBC did no validation or sanity checks on the information >sent from the SRI to the engine controls. Nothing wrong with that--if >you understand that the SRIs are category 1 systems. (Failure will cause >system failure.) I didn't like at all the idea of sending diagnostic >data over the bus from SRI to OBC, but it can be justified by this view >that failure of the SRIs leads to failure of the system, and you want to >get as much diagnostic information as possible before the telemetry >fails as the Ariane is blown up. Yes, but if the postmortem diagnostic status is sent to OBC then OBC must differentiate it from normal flight data -- it is part of the communication protocol. I don't know whether Ariane 4 OBC did that, but Ariane 5 OBC apparently failed to do that. So, there are 3 possibilities: 1) communication protocol between SRI and OBC was broken even for Ariane 4; 2) that communication protocol was designed and implemented for Ariane 4 correctly, but its OBC side was changed for Ariane 5, while its SRI side remains unchanged; 3) heavy damage of SRI software or memory (resulted from previous errors) caused improper protocol control data, which misguides OBC, The possibility 3 seems unlikely; I have no grounds for guessing between the possibilities 1 and 2, but I'd like to say that the possibility 2 is more interesting -;) . Overall, I see that communication protocol problem as probably more significant than "hunting" error problem. >But the other systemic mistake that I an nowhere near comfortable with >was the implicit idea that that the SRI software must be correct. But it was proved (by practice) to be correct for Ariane 4, so it should be correct for all subsequent Arianes -- the same logic, isn't it? >I would prefer in the first Ariane 5 launched to allow for the possibility >that the flight dynamics model doesn't perfectly match the actual >system. This would argue for a diagnostic data stream that shows the >deviations between the model and the system, while still continuing the >"best effort" to fly the Ariane. > >In other words, the SRI should send both engine deflection commands and >diagonstic data to the OBC. I don't see an actual need for that diagnostic stream from SRI to OBC -- the model may be duplicated inside OBC thus making OBC capable of all needed comparisons without additional data stream from SRI. (I assume that OBC knows actual flight data anyway... for telemetry etc. ... but I may be wrong here.) Alexander Kopilovitch aek@vib.usr.pu.ru Saint-Petersburg Russia