Presentation is loading. Please wait.

Presentation is loading. Please wait.

©Ian Sommerville 2004Software Engineering Case Studies Slide 1 The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its.

Published byEzra Bradford Modified over 8 years ago

Similar presentations

Presentation on theme: "©Ian Sommerville 2004Software Engineering Case Studies Slide 1 The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its."— Presentation transcript:

1 ©Ian Sommerville 2004Software Engineering Case Studies Slide 1 The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its maiden flight

2 ©Ian Sommerville 2004Software Engineering Case Studies Slide 2 Ariane 5 l A European rocket designed to launch commercial payloads (e.g.communications satellites, etc.) into Earth orbit l Successor to the successful Ariane 4 launchers l Ariane 5 can carry a heavier payload than Ariane 4

3 ©Ian Sommerville 2004Software Engineering Case Studies Slide 3 Launcher failure l Approximately 37 seconds after a successful lift-off, the Ariane 5 launcher lost control. l Incorrect control signals were sent to the engines and these swivelled so that unsustainable stresses were imposed on the rocket. l It started to break up and was destroyed by ground controllers. l The system failure was a direct result of a software failure. However, it was symptomatic of a more general systems validation failure.

4 ©Ian Sommerville 2004Software Engineering Case Studies Slide 4 The problem l The attitude and trajectory of the rocket are measured by a computer-based inertial reference system. This transmits commands to the engines to maintain attitude and direction. l The software failed and this system and the backup system shut down. l Diagnostic commands were transmitted to the engines which interpreted them as real data and which swivelled to an extreme position resulting in unforeseen stresses on the rocket.

5 ©Ian Sommerville 2004Software Engineering Case Studies Slide 5 Software failure l Software failure occurred when an attempt to convert a 64-bit floating point number to a signed 16-bit integer caused the number to overflow. l There was no exception handler associated with the conversion so the system exception management facilities were invoked. These shut down the software. l The backup software was a copy and behaved in exactly the same way.

6 ©Ian Sommerville 2004Software Engineering Case Studies Slide 6 Avoidable failure? l The software that failed was reused from the Ariane 4 launch vehicle. The computation that resulted in overflow was not used by Ariane 5. l Decisions were made Not to remove the facility as this could introduce new faults; Not to test for overflow exceptions because the processor was heavily loaded. For dependability reasons, it was thought desirable to have some spare processor capacity.

7 ©Ian Sommerville 2004Software Engineering Case Studies Slide 7 Why not Ariane 4? l The physical characteristics of Ariane 4 (A smaller vehicle) are such that it has a lower initial acceleration and build up of horizontal velocity than Ariane 5. l The value of the variable on Ariane 4 could never reach a level that caused overflow during the launch period.

8 ©Ian Sommerville 2004Software Engineering Case Studies Slide 8 Validation failure l As the facility that failed was not required for Ariane 5, there was no requirement associated with it. l As there was no associated requirement, there were no tests of that part of the software and hence no possibility of discovering the problem. l During system testing, simulators of the inertial reference system computers were used. These did not generate the error as there was no requirement!

9 ©Ian Sommerville 2004Software Engineering Case Studies Slide 9 Review failure l The design and code of all software should be reviewed for problems during the development process l Either The inertial reference system software was not reviewed because it had been used in a previous version; The review failed to expose the problem or that the test coverage would not reveal the problem; The review failed to appreciate the consequences of system shutdown during a launch.

10 ©Ian Sommerville 2004Software Engineering Case Studies Slide 10 Lessons learned l Don’t run software in critical systems unless it is actually needed. l As well as testing for what the system should do, you may also have to test for what the system should not do. l Do not have a default exception handling response which is system shut-down in systems that have no fail-safe state.

11 ©Ian Sommerville 2004Software Engineering Case Studies Slide 11 Lessons learned l In critical computations, always return best effort values even if the absolutely correct values cannot be computed. l Wherever possible, use real equipment and not simulations. l Improve the review process to include external participants and review all assumptions made in the code.

12 ©Ian Sommerville 2004Software Engineering Case Studies Slide 12 Avoidable failure l The designer’s of Ariane 5 made a critical and elementary error. l They designed a system where a single component failure could cause the entire system to fail. l As a general rule, critical systems should always be designed to avoid a single point of failure.

Download ppt "©Ian Sommerville 2004Software Engineering Case Studies Slide 1 The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its."

Similar presentations

Software testing.

Software testing.
CSCI 5230: Project Management Software Reuse Disasters: Therac-25 and Ariane 5 Flight 501 David Sumpter 12/4/2001.

CSCI 5230: Project Management Software Reuse Disasters: Therac-25 and Ariane 5 Flight 501 David Sumpter 12/4/2001.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development 2.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development 2.
EECE499 Computers and Nuclear Energy Electrical and Computer Eng Howard University Dr. Charles Kim Fall 2013 Webpage: www.mwftr.com/CNE.html.

EECE499 Computers and Nuclear Energy Electrical and Computer Eng Howard University Dr. Charles Kim Fall 2013 Webpage:
CERTIFICATION OBJECTIVES Use Class Members Develop Wrapper Code & Autoboxing Code Determine the Effects of Passing Variables into Methods Recognize when.

CERTIFICATION OBJECTIVES Use Class Members Develop Wrapper Code & Autoboxing Code Determine the Effects of Passing Variables into Methods Recognize when.
CMSC 330: Organization of Programming Languages Exceptions.

CMSC 330: Organization of Programming Languages Exceptions.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development.
Syllabus Case Histories WW III Almost Medical Killing Machine

Syllabus Case Histories WW III Almost Medical Killing Machine
Chapter 8 Representing Information Digitally.

Chapter 8 Representing Information Digitally.
23/05/2015Dr Andy Brooks1 FOR0383 Software Quality Assurance Lecture 2 ESA Ariane 5 Rocket Flight 501.

23/05/2015Dr Andy Brooks1 FOR0383 Software Quality Assurance Lecture 2 ESA Ariane 5 Rocket Flight 501.
1 COMS 161 Introduction to Computing Title: Numeric Processing Date: November 10, 2004 Lecture Number: 31.

1 COMS 161 Introduction to Computing Title: Numeric Processing Date: November 10, 2004 Lecture Number: 31.
Figures – Chapter 17. Figure 17.1 Component characteristics Component characteristic Description StandardizedComponent standardization means that a component.

Figures – Chapter 17. Figure 17.1 Component characteristics Component characteristic Description StandardizedComponent standardization means that a component.
INFORMATION TECHNOLOGIES SAFETY AND QUALITY THROUGH INFORMATION TECHNOLOGY WSRS Ulm – 20 Sept. 2004 St. Ramberger / Th.Gruber 1 Experience Report: Error.

INFORMATION TECHNOLOGIES SAFETY AND QUALITY THROUGH INFORMATION TECHNOLOGY WSRS Ulm – 20 Sept St. Ramberger / Th.Gruber 1 Experience Report: Error.
©Ian Sommerville 2000CS 365 Ariane 5 launcher failureSlide 1 The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its.

©Ian Sommerville 2000CS 365 Ariane 5 launcher failureSlide 1 The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
Software Reuse Building software from reusable components Objectives

Software Reuse Building software from reusable components Objectives
© Copyright 1992–2004 by Deitel & Associates, Inc. and Pearson Education Inc. All Rights Reserved. Chapter 5 - Functions Outline 5.1Introduction 5.2Program.

© Copyright 1992–2004 by Deitel & Associates, Inc. and Pearson Education Inc. All Rights Reserved. Chapter 5 - Functions Outline 5.1Introduction 5.2Program.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
ARIANE 5 FAILURE ► BACKGROUND:- ► European space agency’s re-useable launch vehicle. ► Ariane-4 was a major success ► Ariane -5 was developed for the larger.

ARIANE 5 FAILURE ► BACKGROUND:- ► European space agency’s re-useable launch vehicle. ► Ariane-4 was a major success ► Ariane -5 was developed for the larger.
1 Software Engineering Software has some special characteristics –Software is “developed” and not “manufactured”

1 Software Engineering Software has some special characteristics –Software is “developed” and not “manufactured”

Similar presentations

Ads by Google