Ian sommerville 2004 slide 21 software engineering

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ailure occurred when an attempt to convert a 64-bit floating point number to a signed 16-bit integer caused the number to overflow. There was no exception handler associated with the conversion so the system exception management facilities were invoked. These shut down the software. The backup software was a copy and behaved in exactly the same way. Ian Sommerville 2004 Slide 22 Software Engineering Case Studies Avoidable failure? The software that failed was reused from the Ariane 4 launch vehicle. The computation that resulted in overflow was not used by Ariane 5. Decisions were made Not to remove the facility as this could introduce new faults; Not to test for overflow exceptions because the processor was heavily loaded. For dependability reasons, it was thought desirable to have some spare processor capacity. Ian Sommerville 2004 Slide 23 Software Engineering Case Studies Why not Ariane 4? The physical characteristics of Ariane 4 (A smaller vehicle) are such that it has a lower initial acceleration and build up of horizontal velocity than Ariane 5. The value of the variable on Ariane 4 could never reach a level that caused overflow during the launch period. Ian Sommerville 2004 Slide 24 Software Engineering Case Studies Validation failure As the facility that failed was not required for Ariane 5, there was no requirement associated with it. As there was no associated requirement, there were no tests of that part of the software and hence no possibility of discovering the problem. During system testing, simulators of the inertial reference system computers were used. These did not generate the error as there was no requirement! Ian Sommerville 2004 Slide 25 Software Engineering Case Studies Review failure The design and code of all software should be reviewed for problems during the development process Either The inertial reference system software was not reviewed because it had been used in a previous version; The review failed to expose the problem or that the test coverage would not reveal the problem; The review failed to appreciate the consequences of system shutdown during a launch. Ian Sommerville 2004 Slide 26 Software Engineering Case Studies Lessons learned Don't run software in critica...
View Full Document

Ask a homework question - tutors are online