Python from Wise Guy's Viewpoint
Kenny Tilton
ktilton at nyc.rr.com
Mon Oct 20 13:04:46 EDT 2003
Markus Mottl wrote:
> In comp.lang.functional Kenny Tilton <ktilton at nyc.rr.com> wrote:
>
>>Dennis Lee Bieber wrote:
>>
>>> Short version: The software performed correctly, to specification
>>>(including the failure mode) -- ON THE ARIANE 4 FOR WHICH IT WAS
>>>DESIGNED.
>
>
>>Nonsense. From: http://www.sp.ph.ic.ac.uk/Cluster/report.html
>
>
> Dennis is right: it was indeed a specification problem. AFAIK, the coder
> had actually even proved formally that the exception could not arise
> with the spec of Ariana 4. Lisp code, too, can suddenly raise unexpected
> exceptions. The default behaviour of the system was to abort the mission
> for safety reasons by blasting the rocket. This wasn't justified in this
> case, but one is always more clever after the event...
>
>
>>"supposed to" fail? chya.
>
>
> Indeed. Values this extreme were considered impossible on Ariane 4 and
> taken as indication of such a serious failure that it would justify
> aborting the mission.
Yes, I have acknowledged in another post that I was completely wrong in
my guesswork: everything was intentional and signed-off on by many.
A small side-note: as I now understand things, the idea was not to abort
the mission, but to bring down the system. The thinking was that the
error would signify a hardware failure, and with any luck shutting down
would mean either loss of the backup system (if that was where the HW
fault occurred) or correctly falling back on the still-functioning
backup system if the supposed HW fault had been in the primary unit. ie,
an HW fault would likely be isolated to one unit.
kenny
--
http://tilton-technology.com
What?! You are a newbie and you haven't answered my:
http://alu.cliki.net/The%20Road%20to%20Lisp%20Survey
More information about the Python-list
mailing list