Python from Wise Guy's Viewpoint

[Joachim Durchholz]

Pascal Bourguignon wrote:
> AFAIK, while this  parameter was out  of range,  there was  no
> instability  and the rocket was not uncontrolable.

Actually, the rocket had started correcting its orientation according to
the bogus data, which resulted in uncontrollable turning. The rocket
would have broken into parts in an uncontrollable manner, so it was
blewn up.
(The human operator decided to press the emergency self-destruct button
seconds before the control software would have initiated self destruct.)

> My point.  This "can't possibly happen" failure did happen, so
> clearly it was not a "can't  possibly happen" physically, which means
> that the problem was with the software. We know it, but what I'm
> saying is that a smarter software could have deduced it on fly.

No. The smartest software will not save you from human error. It was a
specification error.
The only way to detect this error (apart from more testing) would have
been to model the physics of the rocket, in software, and either verify
the flight control software against the rocket model or to test run the
whole thing in software. (I guess neither of these options would have
been cheaper than the simple test runs that were deliberately omitted,
probably on the grounds of "we /know/ it works, it worked in the Ariane 4".)

> We  all agree that  it would  be better  to have  a perfect  world
> and perfect,  bug-free, software.   But  since that's  not  the case,
> I'm saying that instead of having software that behaves like simple
> unix C tools, where  as soon  as there is  an unexpected situation,
> it calls perror() and exit(), it would  be better to have smarter
> software that can  try and  handle UNEXPECTED  error situations,
> including  its own bugs.  I would feel safer in an AI rocket.

This all may be true, but you're solving problems that didn't cause the
Ariane crash.

Regards,
Jo