[SystemSafety] Schiaparelli Incident Investigation - "Very Preliminary" Results

paul_e.bennett at topmail.co.uk paul_e.bennett at topmail.co.uk
Thu Nov 24 12:26:10 CET 2016 

On 24/11/2016 at 9:47 AM, "Martyn Thomas"  wrote:                   On
24/11/2016 06:10, Peter Bernard       Ladkin wrote:
	As Schiaparelli descended under its parachute, its radar Doppler
altimeter functioned correctly and the measurements were included in
the guidance, navigation and control system. However, saturation –
maximum measurement – of the Inertial Measurement Unit (IMU) had
occurred shortly after the parachute deployment. The IMU measures the
rotation rates of the vehicle. Its output was generally as predicted
except for this event, which persisted for about one second – longer
than would be expected. When merged into the navigation system, the
erroneous information generated an estimated altitude that was
negative – that is, below ground level.          
	This looks like an overflow into the         sign bit. But, whatever
caused the program to generate a         negative altitude, the
possibility could have been found by         static analysis if they
had used a suitable programming language         with analysis tools
(such as SPARK). 
	I hope that the investigation will         report on why the software
used engineering methods that failed         to prevent this error,
and that it will make appropriate         recommendations.     

	Martyn
	In my, Forth based, systems using the term '0 MAX' will limit the
value 
on the stack to only positive integers. In this way, only valid
positive 
integers are presented to the next Forth word to be called, thus, if
the following code would run haywire on a negative number, such an
incidence is eliminated.

I am sure we should all know enough about motion physics to be able
to specify the maxima and minima of expected values that would be
managed by the system and be able to test that these are not exceeded.

As for Schiaparelli, I will await the publishing of the official
investigation.
It sounds like it should be an interesting read.

Regards
 Paul E. Bennett IEng MIET
 Systems Engineer
 -- 
 ********************************************************************
 Paul E. Bennett IEng MIET.....
 Forth based HIDECS Consultancy.............
 Mob: +44 (0)7811-639972
 Tel: +44 (0)1392-426688
 Going Forth Safely ..... EBA. www.electric-boat-association.org.uk..
 ********************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20161124/86563f33/attachment.html>

More information about the systemsafety mailing list