[erlang-questions] let it crash erlang/ada [[was: Time for OTP to be Renamed?]

Jarimatti Valkonen <>
Mon Feb 17 21:36:36 CET 2014


Cian Synnott <> kirjoitti 17.2.2014 kello 16.16:

> On Mon, Feb 17, 2014 at 12:44 PM, Miles Fidelman
> <> wrote:
>> More copies of the same hardware/software just means more copies of any
>> bugs!
>> 
> A famous direct example of this was the Ariane 5 disaster in 1996:
> 
> "When the guidance system shut down, it passed control to an
> identical, redundant unit, which was there to provide backup in case
> of just such a failure. But the second unit had failed in the
> identical manner a few milliseconds before. And why not? It was
> running the same software."
> 
> http://www.around.com/ariane.html

Apologies, this is a bit off topic.

On the other hand, having heterogenous implementations does not protect from invalid specifications or lack of proper testing.

AFAIK the SRI used (from Ariane 4) worked exactly as specified, for Ariane 4. Too bad that the Ariane 5 has a different trajectory. So having different implementations with Ariane 4 specs in Ariane 5 would have also failed.

http://sunnyday.mit.edu/accidents/Ariane5accidentreport.html

"o) In Ariane 4 flights using the same type of inertial reference system there has been no such failure because the trajectory during the first 40 seconds of flight is such that the particular variable related to horizontal velocity cannot reach, with an adequate operational margin, a value beyond the limit present in the software.

p) Ariane 5 has a high initial acceleration and a trajectory which leads to a build-up of horizontal velocity which is five times more rapid than for Ariane 4. The higher horizontal velocity of Ariane 5 generated, within the 40-second timeframe, the excessive value which caused the inertial system computers to cease operation.

q) The purpose of the review process, which involves all major partners in the Ariane 5 programme, is to validate design decisions and to obtain flight qualification. In this process, the limitations of the alignment software were not fully analysed and the possible implications of allowing it to continue to function during flight were not realised.

r) The specification of the inertial reference system and the tests performed at equipment level did not specifically include the Ariane 5 trajectory data. Consequently the realignment function was not tested under simulated Ariane 5 flight conditions, and the design error was not discovered."


br,
Jarimatti




More information about the erlang-questions mailing list