From: Keith Thompson <kst-u@mib.org>
Subject: Re: How would Ariane 5 have behaved if overflow checking were notturned off?
Date: Sat, 19 Mar 2011 10:55:40 -0700
Date: 2011-03-19T10:55:40-07:00 [thread overview]
Message-ID: <lnr5a3dmg3.fsf@nuthaus.mib.org> (raw)
In-Reply-To: 1nc34bs4fccnm.zkmhfmyk46ep$.dlg@40tude.net
"Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> writes:
> On Fri, 18 Mar 2011 09:49:17 -0700 (PDT), KK6GM wrote:
>> However, (and this is
>> the case you and robin have been arguing, while ignoring the existence
>> of the redundant hardware in the first place), the last control system
>> in the chain (the 2nd one in this case) should obviously never shut
>> down, but should fall back to a limp-along mode, which of course may
>> or may not be good enough for the mission to succeed.
>
> I disagree. In the case of unrecoverable hardware malfunction you should
> bring the system into a safe state and if there is no one to a least
> damaging state.
>
> For an unmanned rocket self-destruction is likely such a procedure, because
> you don't want it falling upon your head.
That's a good point. For an unmanned rocket, blowing it up is not
the worst-case outcome, to be avoided at all costs. The worst-case
outcome is the rocket continuing to operate and crashing, intact
and almost fully fuelled, into a populated area.
If the software detects a condition that can only occur due to
hardware failure (as determined by engineering analysis), attempting
to continue operating with inaccurate information (say by storing
32767 rather than 33000 in a 16-bit signed integer) could conceivably
lead to a worst-case outcome. (Imagine everything continuing to
operate except the self-destruct mechanism.) Blowing up the rocket
could be the safest course of action at that point.
If the condition in question had shown up on the Ariane 4, it
probably *would* have indicated a hardware failure. The real cause
of the problem, of course, was taking software that works correctly
on the Ariane 4 and running it on the Ariane 5 without modification.
--
Keith Thompson (The_Other_Keith) kst-u@mib.org <http://www.ghoti.net/~kst>
Nokia
"We must do something. This is something. Therefore, we must do this."
-- Antony Jay and Jonathan Lynn, "Yes Minister"
next prev parent reply other threads:[~2011-03-19 17:55 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-14 15:49 How would Ariane 5 have behaved if overflow checking were not turned off? Elias Salomão Helou Neto
2011-03-14 16:17 ` KK6GM
2011-03-14 19:25 ` Yannick Duchêne (Hibou57)
2011-03-14 19:28 ` Vinzent Hoefler
2011-03-14 20:28 ` KK6GM
2011-03-15 4:02 ` Yannick Duchêne (Hibou57)
2011-03-15 4:53 ` Shark8
2011-03-14 18:29 ` Vinzent Hoefler
2011-03-16 10:41 ` How would Ariane 5 have behaved if overflow checking were notturned off? robin
2011-03-16 15:16 ` Simon Wright
2011-03-17 11:48 ` robin
2011-03-16 16:58 ` Martin Krischik
2011-03-16 23:39 ` How would Ariane 5 have behaved if overflow checking werenotturned off? robin
2011-03-17 18:48 ` Vinzent Hoefler
2011-03-18 12:06 ` Alex R. Mosteo
2011-03-18 21:15 ` How would Ariane 5 have behaved if overflow checking were not turned off? robin
2011-03-20 10:42 ` Vinzent Hoefler
2011-03-20 17:06 ` How would Ariane 5 have behaved if overflow checking werenotturned off? Martin Krischik
2011-03-20 17:11 ` Martin Krischik
2011-03-20 18:10 ` Dmitry A. Kazakov
2011-03-21 13:24 ` Leif Roar Moldskred
2011-03-20 13:07 ` How would Ariane 5 have behaved if overflow checking were notturned off? Florian Weimer
2011-03-20 17:00 ` Martin Krischik
2011-03-20 20:17 ` Florian Weimer
2011-03-20 20:37 ` Vinzent Hoefler
2011-03-20 20:14 ` Vinzent Hoefler
2011-03-16 18:20 ` Vinzent Hoefler
2011-03-16 18:29 ` Hyman Rosen
2011-03-16 18:55 ` Vinzent Hoefler
2011-03-16 19:40 ` KK6GM
2011-03-16 20:52 ` Hyman Rosen
2011-03-16 21:02 ` KK6GM
2011-03-16 21:09 ` Shark8
2011-03-16 21:13 ` Hyman Rosen
2011-03-16 21:35 ` Shark8
2011-03-16 22:27 ` Vinzent Hoefler
2011-03-16 21:04 ` Shark8
2011-03-16 21:10 ` Hyman Rosen
2011-03-16 21:27 ` KK6GM
2011-03-16 21:31 ` Shark8
2011-03-16 22:32 ` Vinzent Hoefler
2011-03-18 21:14 ` How would Ariane 5 have behaved if overflow checking were not turned off? robin
2011-03-16 23:46 ` How would Ariane 5 have behaved if overflow checking werenotturned off? robin
2011-03-17 0:26 ` Simon Wright
2011-03-17 11:01 ` Georg Bauhaus
2011-03-17 11:04 ` robin
2011-03-17 13:36 ` Niklas Holsti
2011-03-18 21:13 ` How would Ariane 5 have behaved if overflow checking were not turned off? robin
2011-03-19 10:12 ` Niklas Holsti
2011-03-17 22:51 ` How would Ariane 5 have behaved if overflow checking werenotturned off? Vinzent Hoefler
2011-03-18 21:13 ` How would Ariane 5 have behaved if overflow checking were not turned off? robin
2011-03-20 10:42 ` Vinzent Hoefler
2011-03-15 6:28 ` Stephen Leake
2011-03-15 17:32 ` Keith Thompson
2011-03-15 17:40 ` KK6GM
2011-03-15 19:44 ` Robert A Duff
2011-03-15 19:12 ` Florian Weimer
2011-03-15 19:45 ` KK6GM
2011-03-15 19:57 ` Vinzent Hoefler
2011-03-20 13:00 ` Florian Weimer
2011-03-20 20:13 ` Vinzent Hoefler
2011-03-15 19:42 ` John B. Matthews
2011-03-17 11:44 ` robin
2011-03-17 18:37 ` Vinzent Hoefler
2011-03-17 23:04 ` How would Ariane 5 have behaved if overflow checking were notturned off? robin
2011-03-18 15:55 ` Vinzent Hoefler
2011-03-17 21:37 ` How would Ariane 5 have behaved if overflow checking were not turned off? Vinzent Hoefler
2011-03-16 10:33 ` robin
2011-03-16 15:08 ` Simon Wright
2011-03-17 12:39 ` robin
2011-03-17 13:41 ` Georg Bauhaus
2011-03-17 23:34 ` How would Ariane 5 have behaved if overflow checking were notturned off? robin
2011-03-18 12:57 ` Hyman Rosen
2011-03-18 16:49 ` KK6GM
2011-03-18 17:18 ` Dmitry A. Kazakov
2011-03-19 17:55 ` Keith Thompson [this message]
2011-03-20 18:39 ` Robert A Duff
2011-03-17 18:43 ` How would Ariane 5 have behaved if overflow checking were not turned off? Vinzent Hoefler
2011-03-17 20:58 ` Simon Wright
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox