Presentation is loading. Please wait.

Presentation is loading. Please wait.

Topic 10Summer 2003 1 Ariane 5 Some slides based on talk from Sommerville.

Published byMaude Moody Modified over 8 years ago

Similar presentations

Presentation on theme: "Topic 10Summer 2003 1 Ariane 5 Some slides based on talk from Sommerville."— Presentation transcript:

1 Topic 10Summer 2003 1 Ariane 5 Some slides based on talk from Sommerville

2 Topic 10Summer 2003 2 Ariane 5 l Capable of hurling 2 – 3 ton satellites into orbit l 10 years l $7 Billion l Would have given Europe supremacy in the commercial satellite business

3 Topic 10Summer 2003 3 Ariane 5 –On June 4, 1996, the Arianne 5 took off on its maiden flight. l Successor to the successful Ariane 4 launchers l Ariane 5 can carry a heavier payload than Ariane 4 l 40 seconds into its flight it veered off course and self- destructed

4 Topic 10Summer 2003 4 Launcher failure l 39 seconds after lift off Altitude reaches 2.5 miles - Ariane 5 goes into self destruct Along with 5 expensive and uninsured satellites l Why did it go into self destruct mode? Incorrect control signals were sent to the engines and these swivelled - Ariane 5 swerved Pressure in boosters and main engine l Why did it swerve? It was making a course correction that was not needed.

5 Topic 10Summer 2003 5 Launcher failure l Why the course correction? Steering controlled by onboard computer Thought course change was necessary because of numbers being displayed by the inertial guidance system The numbers looked like data – impossible data- but was actually an error message The guidance system had shutdown l Why did the guidance system shutdown? Tried to convert a 64-bit format velocity to a 16-bit format Overflow error l What about the backup? Backup system failed too.. »It was running the same software

6 Topic 10Summer 2003 6 General Problem l The system failure was a direct result of a software failure. However, it was symptomatic of a more general systems validation failure l No exception handler associated with the conversion The system exception management facilities were invoked. These shut down the software.

7 Topic 10Summer 2003 7 Avoidable failure? l The software that failed was reused from the Ariane 4 launch vehicle. The computation that resulted in overflow was not used by Ariane 5. l Decisions were made Not to remove the facility as this could introduce new faults Not to test for overflow exceptions because the processor was heavily loaded. For dependability reasons, it was thought desirable to have some spare processor capacity

8 Topic 10Summer 2003 8 Why not Ariane 4? l The physical characteristics of Ariane 4 (A smaller vehicle) are such that it has a lower initial acceleration and build up of horizontal velocity than Ariane 5 l The value of the variable on Ariane 4 could never reach a level that caused overflow during the launch period.

9 Topic 10Summer 2003 9 Validation failure l As the facility that failed was not required for Ariane 5, there was no requirement associated with it. l As there was no associated requirement, there were no tests of that part of the software and hence no possibility of discovering the problem. l During system testing, simulators of the inertial reference system computers were used. These did not generate the error as there was no requirement!

10 Topic 10Summer 2003 10 Review failure l The design and code of all software should be reviewed for problems during the development process l Either The inertial reference system software was not reviewed because it had been used in a previous version The review failed to expose the problem or that the test coverage would not reveal the problem The review failed to appreciate the consequences of system shutdown during a launch

11 Topic 10Summer 2003 11 Lessons learned l Don’t run software in critical systems unless it is actually needed l Test what the system should do l test what the system should not do l Do not have a default exception handling response which is system shut-down in systems that have no fail-safe state

12 Topic 10Summer 2003 12 Lessons learned l In critical computations, always return best effort values even if the absolutely correct values cannot be computed l Wherever possible, use real equipment and not simulations l Improve the review process to include external participants and review all assumptions made in the code

13 Topic 10Summer 2003 13 Avoidable failure l The designer’s of Ariane 5 made a critical and elementary error. l They designed a system where a single component failure could cause the entire system to fail

Download ppt "Topic 10Summer 2003 1 Ariane 5 Some slides based on talk from Sommerville."

Similar presentations

Software testing.

Software testing.
CSCI 5230: Project Management Software Reuse Disasters: Therac-25 and Ariane 5 Flight 501 David Sumpter 12/4/2001.

CSCI 5230: Project Management Software Reuse Disasters: Therac-25 and Ariane 5 Flight 501 David Sumpter 12/4/2001.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development 2.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development 2.
EECE499 Computers and Nuclear Energy Electrical and Computer Eng Howard University Dr. Charles Kim Fall 2013 Webpage: www.mwftr.com/CNE.html.

EECE499 Computers and Nuclear Energy Electrical and Computer Eng Howard University Dr. Charles Kim Fall 2013 Webpage:
CMSC 330: Organization of Programming Languages Exceptions.

CMSC 330: Organization of Programming Languages Exceptions.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.
Syllabus Case Histories WW III Almost Medical Killing Machine

Syllabus Case Histories WW III Almost Medical Killing Machine
23/05/2015Dr Andy Brooks1 FOR0383 Software Quality Assurance Lecture 2 ESA Ariane 5 Rocket Flight 501.

23/05/2015Dr Andy Brooks1 FOR0383 Software Quality Assurance Lecture 2 ESA Ariane 5 Rocket Flight 501.
1 COMS 161 Introduction to Computing Title: Numeric Processing Date: November 10, 2004 Lecture Number: 31.

1 COMS 161 Introduction to Computing Title: Numeric Processing Date: November 10, 2004 Lecture Number: 31.
Figures – Chapter 17. Figure 17.1 Component characteristics Component characteristic Description StandardizedComponent standardization means that a component.

Figures – Chapter 17. Figure 17.1 Component characteristics Component characteristic Description StandardizedComponent standardization means that a component.
1 Basic Definitions: Testing What is software testing? Running a program In order to find faults a.k.a. defects a.k.a. errors a.k.a. flaws a.k.a. faults.

1 Basic Definitions: Testing What is software testing? Running a program In order to find faults a.k.a. defects a.k.a. errors a.k.a. flaws a.k.a. faults.
INFORMATION TECHNOLOGIES SAFETY AND QUALITY THROUGH INFORMATION TECHNOLOGY WSRS Ulm – 20 Sept. 2004 St. Ramberger / Th.Gruber 1 Experience Report: Error.

INFORMATION TECHNOLOGIES SAFETY AND QUALITY THROUGH INFORMATION TECHNOLOGY WSRS Ulm – 20 Sept St. Ramberger / Th.Gruber 1 Experience Report: Error.
Software Development Methodology for Robotic and Embedded Systems (from drawing to coding) Presented by Iwan Setiawan for Robot and Technology Fair (01-12-09)-

Software Development Methodology for Robotic and Embedded Systems (from drawing to coding) Presented by Iwan Setiawan for Robot and Technology Fair ( )-
©Ian Sommerville 2000CS 365 Ariane 5 launcher failureSlide 1 The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its.

©Ian Sommerville 2000CS 365 Ariane 5 launcher failureSlide 1 The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
Portability Issues. The MPI standard was defined in May of 1994. This standardization effort was a response to the many incompatible versions of parallel.

Portability Issues. The MPI standard was defined in May of This standardization effort was a response to the many incompatible versions of parallel.
© Copyright 1992–2004 by Deitel & Associates, Inc. and Pearson Education Inc. All Rights Reserved. Chapter 5 - Functions Outline 5.1Introduction 5.2Program.

© Copyright 1992–2004 by Deitel & Associates, Inc. and Pearson Education Inc. All Rights Reserved. Chapter 5 - Functions Outline 5.1Introduction 5.2Program.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
ARIANE 5 FAILURE ► BACKGROUND:- ► European space agency’s re-useable launch vehicle. ► Ariane-4 was a major success ► Ariane -5 was developed for the larger.

ARIANE 5 FAILURE ► BACKGROUND:- ► European space agency’s re-useable launch vehicle. ► Ariane-4 was a major success ► Ariane -5 was developed for the larger.
1 Software Engineering Software has some special characteristics –Software is “developed” and not “manufactured”

1 Software Engineering Software has some special characteristics –Software is “developed” and not “manufactured”

Similar presentations

Ads by Google