CRASH AND BURN ARIANE 5 Kristen Hieronymus SYSM6309 Advanced Requirements Engineering 20130803.

Slides:



Advertisements
Similar presentations
CSCI 5230: Project Management Software Reuse Disasters: Therac-25 and Ariane 5 Flight 501 David Sumpter 12/4/2001.
Advertisements

T. E. Potok - University of Tennessee Software Engineering Dr. Thomas E. Potok Adjunct Professor UT Research Staff Member ORNL.
PERTEMUAN - 2 SOFTWARE QUALITY. OBJECTIVES After completing this chapter, you will be able to: ■ Define software, software quality and software quality.
Syllabus Case Histories WW III Almost Medical Killing Machine
Rocket Trajectories By Jan-Erik Rønningen Norwegian Rocket Technology [ [ ]
Software Quality Assurance Inspection by Ross Simmerman Software developers follow a method of software quality assurance and try to eliminate bugs prior.
23/05/2015Dr Andy Brooks1 FOR0383 Software Quality Assurance Lecture 2 ESA Ariane 5 Rocket Flight 501.
1 COMS 161 Introduction to Computing Title: Numeric Processing Date: November 10, 2004 Lecture Number: 31.
Figures – Chapter 17. Figure 17.1 Component characteristics Component characteristic Description StandardizedComponent standardization means that a component.
INFORMATION TECHNOLOGIES SAFETY AND QUALITY THROUGH INFORMATION TECHNOLOGY WSRS Ulm – 20 Sept St. Ramberger / Th.Gruber 1 Experience Report: Error.
©Ian Sommerville 2000CS 365 Ariane 5 launcher failureSlide 1 The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its.
Highlight of Lockheed’s Shuttle Software Group. Mission Critical Software Controls every aspect of the space shuttles flight. Controls every aspect of.
ARIANE 5 FAILURE ► BACKGROUND:- ► European space agency’s re-useable launch vehicle. ► Ariane-4 was a major success ► Ariane -5 was developed for the larger.
What is software engineering?
1 CMSC 132: Object-Oriented Programming II Software Development I Department of Computer Science University of Maryland, College Park.
1 Software Engineering Software has some special characteristics –Software is “developed” and not “manufactured”
06/12/2007SE _6_12_Design.ppt1 Design Phase Outputs: Completed & Inspected SDS & Integration Test Plan Completed & Inspected System Test Plan.
Testing Components in the Context of a System CMSC 737 Fall 2006 Sharath Srinivas.
Reusability and Portability Chapter 8 CSCI Reusability and Portability  The length of the development process is critical.  No matter how high.
Software Quality Assurance
©Ian Sommerville 2004Software Engineering Case Studies Slide 1 The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its.
CPSC 372 John D. McGregor Module 0 Session 1 Introduction.
Rockets Read and follow along. On your journals, draw the rockets and label. Draw and label the parts of the rockets and answer the questions listed.
Rockets and Satellites A Power Point Presentation About Rockets and Satellites By: Rebecca Bacon.
Scientific Computing Algorithm Convergence and Root Finding Methods.
USS Yorktown (1998) A crew member of the guided-missile cruiser USS Yorktown mistakenly entered a zero for a data value, which resulted in a division by.
Software Quality Assurance & Testing Mistake in coding is called error, Error found by tester is called defect, Defect accepted by development team then.
Requirements Engineering
Dr Mark Cresswell Satellite Sensors EG5503.
Chapter 2 What is software quality ?. Outline What is software? Software errors, faults and failures Classification of the causes of software errors Software.
What is Software Engineering? the application of a systematic, disciplined, quantifiable approach to the development, operation, and maintenance of software”
The Ariane 5 Launcher Failure
1 Samara State Aerospace University (SSAU) Modern methods of analysis of the dynamics and motion control of space tether systems Practical lessons Yuryi.
Uncontrolled copy not subject to amendment Rocketry Revision 1.00.
CRASH AND BURN ARIANE 5 Kristen Hieronymus SYSM6309 Advanced Requirements Engineering
IMPROVING SOFTWARE QUALITY FOR THE MODERN WEB EUAN GARDEN MICROSOFT
CPSC 871 John D. McGregor Module 0 Session 1 Introduction.
The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its maiden flight.
Archiving 40+ years of Planetary Mission Data - Lessons Learned and Recommendations K. E. Simmons LASP, University of Colorado, Boulder, CO
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 4 1 Chapter 4: Basics of Preventive Maintenance and Troubleshooting IT.
B. Todd AB/CO/MI 30 th January 2008 Safety in Mind…
What does it take to LAND on Mars? Whitney Eggers Emmett, Idaho Aaron McKinnon, Boise, Idaho Mentors: Behzad Raiszadeh, Eric Queen Whitney Eggers Emmett,
INVARIANTS EEN 417 Fall When is a Design of a System “Correct”? A design is correct when it meets its specification (requirements) in its operating.
AAE 450- Propulsion LV Stephen Hanna Critical Design Review 02/27/01.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 4 1 Chapter 4: Basics of Preventive Maintenance and Troubleshooting IT.
Chapter 1 Quality terminology Error: human mistake Fault: result of mistake, evidenced in some development or maintenance product Failure: departure from.
Create your futurewww.utdallas.edu Office of Communications create your futurewww.utdallas.edu Columbia Disaster Robiel Ghebrekidan SYSM 6309: Advanced.
Cmpe 589 Spring 2006 Lecture 2. Software Engineering Definition –A strategy for producing high quality software.
Software Defects.
“I am not in the office at the moment. Send any work to be translated.”
1 Software Quality Assurance COMP 4004 Notes Adapted from S. Som é, A. Williams.
Dr Mohamed Menacer College of Computer Science and Engineering, Taibah University CE-321: Computer.
CSC 480 Software Engineering Test Planning. Test Cases and Test Plans A test case is an explicit set of instructions designed to detect a particular class.
Software Engineering Issues Software Engineering Concepts System Specifications Procedural Design Object-Oriented Design System Testing.
CptS 401 Adam Carter. Final Review  Similar structure to the midterm: Multiple choice Matching (probably quotes from Daemon) Essay  Most questions will.
Chapter 5 How are software packages developed?. What are the main steps in software project development? Writing Specifications - Analysis Phase Developing.
How to Build Test Inventory Test inventory is built and updated as the software project moves from phase to phase –Start with Requirements List the actual.
Chapter 3 System Buses.  Hardwired systems are inflexible  General purpose hardware can do different tasks, given correct control signals  Instead.
CSCI 3428: Software Engineering Tami Meredith Chapter 11 Maintaining the System.
CSHenrik Bærbak Christensen1 Flexibility and Maintainability And their metrics: coupling and cohesion.
EMCS Facility Status Thomas Niedermaier. This document is the property of Astrium. It shall not be communicated to third parties without prior written.
Topic 10Summer Ariane 5 Some slides based on talk from Sommerville.
Software Testing Introduction CS 4501 / 6501 Software Testing
Fault Tolerant Computing
Ariane 5 Software error Integer overflow.
Section 8 Discussion Points
ECE 103 Engineering Programming Chapter 2 SW Disasters
Development and Principles of Rocketry
BIC 10503: COMPUTER ARCHITECTURE
Rocketry Trajectory Basics
Presentation transcript:

CRASH AND BURN ARIANE 5 Kristen Hieronymus SYSM6309 Advanced Requirements Engineering

TABLE OF CONTENTS  The Rocket  The Payload  37 Seconds After Launch  Video  Root Cause Analysis  Result  Irony  Recommendations  Historical Context  Continuing Spin Story

ARIANE 5 ROCKET  June 4, 1996 launch  European Space Agency rocket  $7Billion development cost  10 years development time

PAYLOAD  “Cluster” payload  European Space Agency program, in cooperation with NASA  4 satellites on-board  To fly in tetrahedral formation  To study Earth’s magnetosphere

37 SECONDS AFTER LAUNCH…  Rocket self-destructed

VIDEO   7.ogg 7.ogg

ROOT CAUSE ANALYSIS  Trying to put a 64-bit value in a 16-bit register caused an overflow condition, which led to…

ROOT CAUSE ANALYSIS 2  The guidance system shut down, which led to…

ROOT CAUSE ANALYSIS 3  The backup (identical) guidance system shutting down after encountering the same error, which led to…

ROOT CAUSE ANALYSIS 4  A diagnostic bit pattern being sent to the steering system, which the steering system interpreted as flight data from the guidance system, rather than an error code indicating it was shutting down, which led to…

ROOT CAUSE ANALYSIS 5  The steering system making an unnecessary and abrupt course correction of 20 degrees, which led to…

ROOT CAUSE ANALYSIS 6  Aerodynamic forces ripping off the boosters from the rocket, which led to…

ROOT CAUSE ANALYSIS 7  Self-destruction sequence for the rocket, which led to…

RESULT  Complete loss of the rocket and the four expensive, and uninsured satellites on-board

IRONY  The system which produced the overflow was not needed on the Ariane 5!  Leftover from Ariane 4, due to reuse of entire subsystem (cost savings)  Different launch preparation sequence from Ariane 4  Velocity on Ariane 5 higher than Ariane 4

MORE IRONY  Ariane 4 had requirement to not use more than 80% of memory  So, 4 variables had error protection code, but 3 others didn’t  Horizontal Bias (Velocity) variable was one which didn’t have protection code

RECOMMENDATIONS - REQUIREMENTS  Include trajectory in requirements  Include the diagnostic bit pattern in the Interface document  Change assumptions from “software never encounters an error, except due to CPU failure, so shutdown and failover” to “handle software exceptions in the code which encounters them”

RECOMMENDATIONS - REQUIREMENTS  Add requirement to shut down software which is not useful anymore at that phase of launch  Add requirement to include actual SRI – not just simulator – in system test

RECOMMENDATIONS - PROCESS  Review all flight software for implicit assumptions  Better communication among participants:  Specification reviews  Code reviews  “Justification document” reviews  Maintenance of “justification documentation”

RECOMMENDATIONS - PROCESS  Requirement prioritization due to potential impact  Treat “reused” modules more carefully  Review for assumptions about system context  Include thorough interface tests, rather than treating as “previously verified”  Include error conditions in interface tests, not just “happy path”

RECOMMENDATIONS - CODE  Document assumptions clearly in code  Add error protection code to report “best estimate” rather than shutting down

HISTORICAL CONTEXT  Military expenditures falling  Commercial use “exploding”  Internationalization of competition for business  Aerospace responsible for 5% of France’s economy

ON-GOING SPIN STORY  Wikipedia lists as a “test launch”  Test launches do not carry expensive payloads

LINKS  /aerospace_study_en.pdf /aerospace_study_en.pdf      

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.