From: Robert A Duff <bobduff@shell01.TheWorld.com>
Subject: Re: How would Ariane 5 have behaved if overflow checking were not turned off?
Date: Tue, 15 Mar 2011 15:44:15 -0400
Date: 2011-03-15T15:44:15-04:00 [thread overview]
Message-ID: <wcclj0g9njk.fsf@shell01.TheWorld.com> (raw)
In-Reply-To: lnei68i92e.fsf@nuthaus.mib.org
(Sorry for emailing this, Keith. I meant to post. Oops.)
Keith Thompson <kst-u@mib.org> writes:
> Stephen Leake <stephen_leake@stephe-leake.org> writes:
>> Just to remind people; the real problem was that Ariane 4 code was
>> reused on Ariane 5, without carefully considering the design, also
>> without adequate testing.
>>
>> Ariane 5 is a bigger rocket; it has bigger accelerations. The range for
>> accelerations in the code, which was correct for Ariane 4, was incorrect
>> for Ariane 5.
>>
>> No amount of "defensive programming" can handle such a fundamental
>> design error.
>
> As I recall, the problem was that an exception message was sent
> and interpreted as binary data, because it was incorrectly assumed
> that the exception could never happen. The exception occurred in
> a subsystem that wasn't even needed at the time.
I wouldn't call that "the problem" -- I'd call it a symptom of
the problem. The problem was using (correct!) Ariane 4 software
to control an Ariane 5 rocket, as Stephen Leake says above.
The assumption you mention above was correct! For Ariane 4,
of course -- that's what they analyzed the assumption for.
>... (It's entirely
> possible I've got this wrong.)
I don't think so -- your memory (of the symptom!) matches mine.
> What if the subsystem had handled the exception and quietly
> terminated?
I've no idea. Maybe it would have worked, but that would have
been purely accidental. All the details of how the exception
or whatever led to the crash seem irrelevant, to me. You can't
expect software designed for one rocket to work for another
rocket without changing it to meet the new specs. Apparently,
they didn't even bother to look at it to see if it needed changing.
- Bob
next prev parent reply other threads:[~2011-03-15 19:44 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-14 15:49 How would Ariane 5 have behaved if overflow checking were not turned off? Elias Salomão Helou Neto
2011-03-14 16:17 ` KK6GM
2011-03-14 19:25 ` Yannick Duchêne (Hibou57)
2011-03-14 19:28 ` Vinzent Hoefler
2011-03-14 20:28 ` KK6GM
2011-03-15 4:02 ` Yannick Duchêne (Hibou57)
2011-03-15 4:53 ` Shark8
2011-03-14 18:29 ` Vinzent Hoefler
2011-03-16 10:41 ` How would Ariane 5 have behaved if overflow checking were notturned off? robin
2011-03-16 15:16 ` Simon Wright
2011-03-17 11:48 ` robin
2011-03-16 16:58 ` Martin Krischik
2011-03-16 23:39 ` How would Ariane 5 have behaved if overflow checking werenotturned off? robin
2011-03-17 18:48 ` Vinzent Hoefler
2011-03-18 12:06 ` Alex R. Mosteo
2011-03-18 21:15 ` How would Ariane 5 have behaved if overflow checking were not turned off? robin
2011-03-20 10:42 ` Vinzent Hoefler
2011-03-20 17:06 ` How would Ariane 5 have behaved if overflow checking werenotturned off? Martin Krischik
2011-03-20 17:11 ` Martin Krischik
2011-03-20 18:10 ` Dmitry A. Kazakov
2011-03-21 13:24 ` Leif Roar Moldskred
2011-03-20 13:07 ` How would Ariane 5 have behaved if overflow checking were notturned off? Florian Weimer
2011-03-20 17:00 ` Martin Krischik
2011-03-20 20:17 ` Florian Weimer
2011-03-20 20:37 ` Vinzent Hoefler
2011-03-20 20:14 ` Vinzent Hoefler
2011-03-16 18:20 ` Vinzent Hoefler
2011-03-16 18:29 ` Hyman Rosen
2011-03-16 18:55 ` Vinzent Hoefler
2011-03-16 19:40 ` KK6GM
2011-03-16 20:52 ` Hyman Rosen
2011-03-16 21:02 ` KK6GM
2011-03-16 21:09 ` Shark8
2011-03-16 21:13 ` Hyman Rosen
2011-03-16 21:35 ` Shark8
2011-03-16 22:27 ` Vinzent Hoefler
2011-03-16 21:04 ` Shark8
2011-03-16 21:10 ` Hyman Rosen
2011-03-16 21:27 ` KK6GM
2011-03-16 21:31 ` Shark8
2011-03-16 22:32 ` Vinzent Hoefler
2011-03-18 21:14 ` How would Ariane 5 have behaved if overflow checking were not turned off? robin
2011-03-16 23:46 ` How would Ariane 5 have behaved if overflow checking werenotturned off? robin
2011-03-17 0:26 ` Simon Wright
2011-03-17 11:01 ` Georg Bauhaus
2011-03-17 11:04 ` robin
2011-03-17 13:36 ` Niklas Holsti
2011-03-18 21:13 ` How would Ariane 5 have behaved if overflow checking were not turned off? robin
2011-03-19 10:12 ` Niklas Holsti
2011-03-17 22:51 ` How would Ariane 5 have behaved if overflow checking werenotturned off? Vinzent Hoefler
2011-03-18 21:13 ` How would Ariane 5 have behaved if overflow checking were not turned off? robin
2011-03-20 10:42 ` Vinzent Hoefler
2011-03-15 6:28 ` Stephen Leake
2011-03-15 17:32 ` Keith Thompson
2011-03-15 17:40 ` KK6GM
2011-03-15 19:44 ` Robert A Duff [this message]
2011-03-15 19:12 ` Florian Weimer
2011-03-15 19:45 ` KK6GM
2011-03-15 19:57 ` Vinzent Hoefler
2011-03-20 13:00 ` Florian Weimer
2011-03-20 20:13 ` Vinzent Hoefler
2011-03-15 19:42 ` John B. Matthews
2011-03-17 11:44 ` robin
2011-03-17 18:37 ` Vinzent Hoefler
2011-03-17 23:04 ` How would Ariane 5 have behaved if overflow checking were notturned off? robin
2011-03-18 15:55 ` Vinzent Hoefler
2011-03-17 21:37 ` How would Ariane 5 have behaved if overflow checking were not turned off? Vinzent Hoefler
2011-03-16 10:33 ` robin
2011-03-16 15:08 ` Simon Wright
2011-03-17 12:39 ` robin
2011-03-17 13:41 ` Georg Bauhaus
2011-03-17 23:34 ` How would Ariane 5 have behaved if overflow checking were notturned off? robin
2011-03-18 12:57 ` Hyman Rosen
2011-03-18 16:49 ` KK6GM
2011-03-18 17:18 ` Dmitry A. Kazakov
2011-03-19 17:55 ` Keith Thompson
2011-03-20 18:39 ` Robert A Duff
2011-03-17 18:43 ` How would Ariane 5 have behaved if overflow checking were not turned off? Vinzent Hoefler
2011-03-17 20:58 ` Simon Wright
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox