Topic 10Summer 2003 1 Ariane 5 Some slides based on talk from Sommerville.

Slides:



Advertisements
Similar presentations
Software testing.
Advertisements

CSCI 5230: Project Management Software Reuse Disasters: Therac-25 and Ariane 5 Flight 501 David Sumpter 12/4/2001.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development 2.
EECE499 Computers and Nuclear Energy Electrical and Computer Eng Howard University Dr. Charles Kim Fall 2013 Webpage:
CMSC 330: Organization of Programming Languages Exceptions.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.
Syllabus Case Histories WW III Almost Medical Killing Machine
23/05/2015Dr Andy Brooks1 FOR0383 Software Quality Assurance Lecture 2 ESA Ariane 5 Rocket Flight 501.
1 COMS 161 Introduction to Computing Title: Numeric Processing Date: November 10, 2004 Lecture Number: 31.
Figures – Chapter 17. Figure 17.1 Component characteristics Component characteristic Description StandardizedComponent standardization means that a component.
1 Basic Definitions: Testing What is software testing? Running a program In order to find faults a.k.a. defects a.k.a. errors a.k.a. flaws a.k.a. faults.
INFORMATION TECHNOLOGIES SAFETY AND QUALITY THROUGH INFORMATION TECHNOLOGY WSRS Ulm – 20 Sept St. Ramberger / Th.Gruber 1 Experience Report: Error.
Software Development Methodology for Robotic and Embedded Systems (from drawing to coding) Presented by Iwan Setiawan for Robot and Technology Fair ( )-
©Ian Sommerville 2000CS 365 Ariane 5 launcher failureSlide 1 The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
Portability Issues. The MPI standard was defined in May of This standardization effort was a response to the many incompatible versions of parallel.
© Copyright 1992–2004 by Deitel & Associates, Inc. and Pearson Education Inc. All Rights Reserved. Chapter 5 - Functions Outline 5.1Introduction 5.2Program.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
ARIANE 5 FAILURE ► BACKGROUND:- ► European space agency’s re-useable launch vehicle. ► Ariane-4 was a major success ► Ariane -5 was developed for the larger.
1 Software Engineering Software has some special characteristics –Software is “developed” and not “manufactured”
Soft. Eng. II, Spr. 2002Dr Driss Kettani, from I. Sommerville1 CSC-3325: Chapter 9 Title : Reliability Reading: I. Sommerville, Chap. 16, 17 and 18.
Page 1 Building Reliable Component-based Systems Chapter 14 - Testing Reusable Software Components in Safety- Critical Real-Time Systems Chapter 14 Testing.
Testing Components in the Context of a System CMSC 737 Fall 2006 Sharath Srinivas.
Topic 10Summer London Ambulance System Some of the slides created by Sommerville.
DEBUGGERS For CS302 Data Structures Course Slides prepared by TALHA OZ (most of the text is from
©Ian Sommerville 2004Software Engineering, 7th edition. Insulin Pump Slide 1 An automated insulin pump.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 10 Slide 1 Critical Systems Specification 3 Formal Specification.
©Ian Sommerville 2004Software Engineering Case Studies Slide 1 The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
Software Reliability Categorising and specifying the reliability of software systems.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 1.
Scientific Computing Algorithm Convergence and Root Finding Methods.
USS Yorktown (1998) A crew member of the guided-missile cruiser USS Yorktown mistakenly entered a zero for a data value, which resulted in a division by.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 23 Slide 1 Software testing Slightly adapted by Anders Børjesson.
The Ariane 5 Launcher Failure
Uncontrolled copy not subject to amendment Rocketry Revision 1.00.
CRASH AND BURN ARIANE 5 Kristen Hieronymus SYSM6309 Advanced Requirements Engineering
CRASH AND BURN ARIANE 5 Kristen Hieronymus SYSM6309 Advanced Requirements Engineering
The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its maiden flight.
©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 8 Slide 1 Software Prototyping l Rapid software development to validate requirements.
© Copyright 1992–2004 by Deitel & Associates, Inc. and Pearson Education Inc. All Rights Reserved. C How To Program - 4th edition Deitels Class 05 University.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 3 Slide 1 Critical Systems 1.
Dr. Tom WayCSC Testing and Test-Driven Development CSC 4700 Software Engineering Based on Sommerville slides.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development 3.
AAE 450- Propulsion LV Stephen Hanna Critical Design Review 02/27/01.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 9 Slide 1 Critical Systems Specification 1.
“I am not in the office at the moment. Send any work to be translated.”
CSC 480 Software Engineering Test Planning. Test Cases and Test Plans A test case is an explicit set of instructions designed to detect a particular class.
Computer Simulation with Flight Simulator X Introduction to Flight Simulator – Level 1.
Interrupt driven I/O Computer Organization and Assembly Language: Module 12.
©Ian Sommerville 2000Dependability Slide 1 Chapter 16 Dependability.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
SENG521 (Fall SENG 521 Software Reliability & Testing Fault Tolerant Software Systems: Techniques (Part 4a) Department of Electrical.
Why study Software Design/Engineering ?
Software Testing Introduction CS 4501 / 6501 Software Testing
Chapter 17 - Component-based software engineering
Fault Tolerant Computing
Ariane 5 Software error Integer overflow.
Section 8 Discussion Points
ECE 103 Engineering Programming Chapter 2 SW Disasters
Development and Principles of Rocketry
Testing and Test-Driven Development CSC 4700 Software Engineering
Part B – Structured Exception Handling
Regression Testing.
System Start-Up and Shutdown
Chapter 17 - Component-based software engineering
Module 10: Creating Transactional Business Processes
Presentation transcript:

Topic 10Summer Ariane 5 Some slides based on talk from Sommerville

Topic 10Summer Ariane 5 l Capable of hurling 2 – 3 ton satellites into orbit l 10 years l $7 Billion l Would have given Europe supremacy in the commercial satellite business

Topic 10Summer Ariane 5 –On June 4, 1996, the Arianne 5 took off on its maiden flight. l Successor to the successful Ariane 4 launchers l Ariane 5 can carry a heavier payload than Ariane 4 l 40 seconds into its flight it veered off course and self- destructed

Topic 10Summer Launcher failure l 39 seconds after lift off Altitude reaches 2.5 miles - Ariane 5 goes into self destruct Along with 5 expensive and uninsured satellites l Why did it go into self destruct mode? Incorrect control signals were sent to the engines and these swivelled - Ariane 5 swerved Pressure in boosters and main engine l Why did it swerve? It was making a course correction that was not needed.

Topic 10Summer Launcher failure l Why the course correction? Steering controlled by onboard computer Thought course change was necessary because of numbers being displayed by the inertial guidance system The numbers looked like data – impossible data- but was actually an error message The guidance system had shutdown l Why did the guidance system shutdown? Tried to convert a 64-bit format velocity to a 16-bit format Overflow error l What about the backup? Backup system failed too.. »It was running the same software

Topic 10Summer General Problem l The system failure was a direct result of a software failure. However, it was symptomatic of a more general systems validation failure l No exception handler associated with the conversion The system exception management facilities were invoked. These shut down the software.

Topic 10Summer Avoidable failure? l The software that failed was reused from the Ariane 4 launch vehicle. The computation that resulted in overflow was not used by Ariane 5. l Decisions were made Not to remove the facility as this could introduce new faults Not to test for overflow exceptions because the processor was heavily loaded. For dependability reasons, it was thought desirable to have some spare processor capacity

Topic 10Summer Why not Ariane 4? l The physical characteristics of Ariane 4 (A smaller vehicle) are such that it has a lower initial acceleration and build up of horizontal velocity than Ariane 5 l The value of the variable on Ariane 4 could never reach a level that caused overflow during the launch period.

Topic 10Summer Validation failure l As the facility that failed was not required for Ariane 5, there was no requirement associated with it. l As there was no associated requirement, there were no tests of that part of the software and hence no possibility of discovering the problem. l During system testing, simulators of the inertial reference system computers were used. These did not generate the error as there was no requirement!

Topic 10Summer Review failure l The design and code of all software should be reviewed for problems during the development process l Either The inertial reference system software was not reviewed because it had been used in a previous version The review failed to expose the problem or that the test coverage would not reveal the problem The review failed to appreciate the consequences of system shutdown during a launch

Topic 10Summer Lessons learned l Don’t run software in critical systems unless it is actually needed l Test what the system should do l test what the system should not do l Do not have a default exception handling response which is system shut-down in systems that have no fail-safe state

Topic 10Summer Lessons learned l In critical computations, always return best effort values even if the absolutely correct values cannot be computed l Wherever possible, use real equipment and not simulations l Improve the review process to include external participants and review all assumptions made in the code

Topic 10Summer Avoidable failure l The designer’s of Ariane 5 made a critical and elementary error. l They designed a system where a single component failure could cause the entire system to fail

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.