[SystemSafety] Schiaparelli Incident Investigation - "Very Preliminary" Results
paul_e.bennett at topmail.co.uk
paul_e.bennett at topmail.co.uk
Thu Nov 24 12:26:10 CET 2016
On 24/11/2016 at 9:47 AM, "Martyn Thomas" wrote: On
24/11/2016 06:10, Peter Bernard Ladkin wrote:
As Schiaparelli descended under its parachute, its radar Doppler
altimeter functioned correctly and the measurements were included in
the guidance, navigation and control system. However, saturation –
maximum measurement – of the Inertial Measurement Unit (IMU) had
occurred shortly after the parachute deployment. The IMU measures the
rotation rates of the vehicle. Its output was generally as predicted
except for this event, which persisted for about one second – longer
than would be expected. When merged into the navigation system, the
erroneous information generated an estimated altitude that was
negative – that is, below ground level.
This looks like an overflow into the sign bit. But, whatever
caused the program to generate a negative altitude, the
possibility could have been found by static analysis if they
had used a suitable programming language with analysis tools
(such as SPARK).
I hope that the investigation will report on why the software
used engineering methods that failed to prevent this error,
and that it will make appropriate recommendations.
Martyn
In my, Forth based, systems using the term '0 MAX' will limit the
value
on the stack to only positive integers. In this way, only valid
positive
integers are presented to the next Forth word to be called, thus, if
the following code would run haywire on a negative number, such an
incidence is eliminated.
I am sure we should all know enough about motion physics to be able
to specify the maxima and minima of expected values that would be
managed by the system and be able to test that these are not exceeded.
As for Schiaparelli, I will await the publishing of the official
investigation.
It sounds like it should be an interesting read.
Regards
Paul E. Bennett IEng MIET
Systems Engineer
--
********************************************************************
Paul E. Bennett IEng MIET.....
Forth based HIDECS Consultancy.............
Mob: +44 (0)7811-639972
Tel: +44 (0)1392-426688
Going Forth Safely ..... EBA. www.electric-boat-association.org.uk..
********************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20161124/86563f33/attachment.html>
More information about the systemsafety
mailing list