Space Shuttle uses 2-version programming

Peter G Neumann risko at csl.sri.com
Mon Jul 16 13:38:40 PDT 2007


As I understand it, the following is true: the FIFTH computer is not fully
functional -- it is intended to have just enough programming to land the
shuttle in the event that the four main computers all fail.  Testing it
safely under live conditions where the first four computers are inoperable
is essentially undesirable, if not practically impossible.  The fifth system
has never been invoked.  Worse yet, it has most likely not been maintained
for compatibility with the other four.  That is not what is generally
thought of as N-version programming for N=2 in the realistic sense of the
word, although it might be considered so for the stark subset of the
functionality.  It is more like a hot standby fail-safe mechanism.

------------------------------



More information about the cypherpunks-legacy mailing list