Re: [OT] Spirit - Software failure

[Stephen Leake <stephen_leake@acm.org>]

Kilgallen@SpamCop.net (Larry Kilgallen) writes:

>     Detailing the Spirit rover's problems.  From:
>     http://www.cnn.com/2004/TECH/space/01/26/mars.rovers/index.html
>     
>     "Trosper said the problem appeared to be that the rover's flash memory
>     couldn't handle the number of files it was storing. The jam-up, she
>     said, apparently kept Spirit from shutting down properly and performing
>     a number of functions that normally originated in its flash memory. 
>     
>     "Scientists are still analyzing the data, she said, but would begin
>     deleting unnecessary files to test that theory.
>     
>     "She pointed out that the scientists had thoroughly tested the rover's
>     systems on Earth, but that the longest trial for the file system was
>     nine days, half of the 18 days Spirit operated before running into the
>     problem."
>     --------------------
>     Perhaps this is the first time that a defrag actually fixes something?
>     <GRIN>

Deleting files isn't defrag. This report describes a plain old memory leak.

Which probably would have been checked for if they had called the
software managing the flash ram a "memory management system" rather
than a "file system"; JPL programmers know they need to check for
memory leaks. But apparently they don't know they need to check for
full disks?

How long does a test need to be to be "thorough"? Longer than 9 days,
apparently :).

I doubt using Ada would have fixed this. They'd have just mapped
Ada.Text_IO to the flash memory, and had the same problem :).

Hiding dynamic memory management under a file system metaphor is a bad
idea in so many ways ...

-- 
-- Stephe