1、Lessons Learned Entry: 0369Lesson Info:a71 Lesson Number: 0369a71 Lesson Date: 1995-01-24a71 Submitting Organization: JPLa71 Submitted by: B. LarmanSubject: Flight Software Deadly Embrace Description of Driving Event: During a walk-through of the Galileo Spacecraft System fault protection implementa
2、tion a possible “deadly embrace“ in the flight software was uncovered. A deadly embrace is a continuous software looping operation that may preclude the achievement of an acceptable spacecraft state. Refer to IOM GLL-BGL-85-003 for additional details.Lesson(s) Learned: A continuous software looping
3、operation, or “deadly embrace“, can occur undetected in the flight software.Recommendation(s): 1. A flight project should invoke a software policy which specifies that no single parameter error or single spacecraft malfunction can lead to a “deadly embrace“ in the flight software.2. There should be
4、a rigorous software verification and failure mode analysis conducted at the system level.3. One subsystem checking on another subsystems functions should be used only when absolutely necessary.4. “Try Again“ responses may be undesirable unless a recovery mode is incorporated.Evidence of Recurrence C
5、ontrol Effectiveness: N/ADocuments Related to Lesson: Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-N/AMission Directorate(s): N/AAdditional Key Phrase(s): a71 Softwarea71 Test & VerificationAdditional Info: Approval Info: a71 Approval Date: 1987-05-14a71 Approval Name: Carol Dumaina71 Approval Organization: 125-204a71 Approval Phone Number: 818-354-8242Provided by IHSNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-
