I was watching a TV program that mentioned the AES cluster mission June 4, 1996. They indicated the rocket blew up shortly after launch but provided no other details so I check Wikipedia. What I found is interesting and contains a lesson for anyone who write code, more so for firmware engineers.
The link
Know you data. Then test not only for expected values, but also unexpected values. Had this been done the problem would have been discovered during software testing, maybe as early as Ariane 4.
There is not such thing as bug free code for any but trivial applications. Using "solid" code in a new environment or application requires additional and substantial testing. Management never wants to here this.
There was no mechanism in place to deal with the exception. In this case it was a hard error and I have no concept of what could have been done to recover from it. But had it been a soft error the system should have had a mechanism in place to recover from the error.
"Efficiency considerations had led to the disabling of the software handler (in Ada code) for this error trap, " Without being there we can not know what screw up pushed the programmers so far into a corner that they turned off error checking.
The lesson we can learn is when choosing a processor it is best to have adequate head room. I like to work with a processor family that will easily allow moving the program between various family members. Do not start with the fastest family member as you will have no where to go if you find you need more speed or memory. If you know you can not switch processor pick one that is faster then you need.
The link
I see a few important lessons.
Know you data. Then test not only for expected values, but also unexpected values. Had this been done the problem would have been discovered during software testing, maybe as early as Ariane 4.
There is not such thing as bug free code for any but trivial applications. Using "solid" code in a new environment or application requires additional and substantial testing. Management never wants to here this.
There was no mechanism in place to deal with the exception. In this case it was a hard error and I have no concept of what could have been done to recover from it. But had it been a soft error the system should have had a mechanism in place to recover from the error.
"Efficiency considerations had led to the disabling of the software handler (in Ada code) for this error trap, " Without being there we can not know what screw up pushed the programmers so far into a corner that they turned off error checking.
The lesson we can learn is when choosing a processor it is best to have adequate head room. I like to work with a processor family that will easily allow moving the program between various family members. Do not start with the fastest family member as you will have no where to go if you find you need more speed or memory. If you know you can not switch processor pick one that is faster then you need.
Last edited: