From: firstname.lastname@example.org (Henry Spencer)
Subject: Re: Shuttle Backup Computers and "Diverse Design"
Date: Sun, 2 Apr 2000 18:29:02 GMT
In article <38E30508.F20CE859@nospam.erols.com>,
rk <email@example.com> wrote:
>Additionally, does anyone have any other examples of systems where
>diverse design was used and why?
There's no shortage of this in critical applications. One particularly
nice example was the software for a head-up display (which superimposes
digital flight data over the view out the window) for airliners. The key
requirement there is that the display is allowed to go blank, but it
*must* *not* lie. Two computers, two programs. The main program takes
the sensor readings and generates the display from them. The watchdog
program, on the other computer, starts with the *display* and works
backward from it, calculating what the sensor readings should be to
produce the displayed data. If the actual readings don't agree fairly
closely with the calculated ones, it shuts the display down. This is
particularly sweet because it reverses so many of the paths the main
program takes -- for example, where the main program uses trig functions,
the watchdog program uses inverse trig functions.
"Be careful not to step | Henry Spencer firstname.lastname@example.org
in the Microsoft." -- John Denker | (aka email@example.com)