SlideShare une entreprise Scribd logo

CS5032 Case study Ariane 5 launcher failure

Télécharger en tant que PPTX, PDF
Ian Sommerville
Ian Sommerville
Technologie
1  sur  12
The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its maiden flight Ariane launcher failure, Case study, 2013 Slide 1
Ariane 5 • A European rocket designed to launch commercial payloads (e.g.communications satellites, etc.) into Earth orbit • Successor to the successful Ariane 4 launchers • Ariane 5 can carry a heavier payload than Ariane 4 Ariane launcher failure, Case study, 2013 Slide 2
Launcher failure • Appoximately 37 seconds after a successful lift-off, the Ariane 5 launcher lost control • Incorrect control signals were sent to the engines and these swivelled so that unsustainable stresses were imposed on the rocket • It started to break up and self-destructed • The system failure was a direct result of a software failure. However, it was symptomatic of a more general systems validation failure Ariane launcher failure, Case study, 2013 Slide 3
The problem • The attitude and trajectory of the rocket are measured by a computer-based inertial reference system. This transmits commands to the engines to maintain attitude and direction • The software failed and this system and the backup system shut down • Diagnostic commands were transmitted to the engines which interpreted them as real data and which swivelled to an extreme position Ariane launcher failure, Case study, 2013 Slide 4
Software failure • Software failure occurred when an attempt to convert a 64- bit floating point number to a signed 16-bit integer caused the number to overflow. • There was no exception handler associated with the conversion so the system exception management facilities were invoked. These shut down the software. • Redundant but not diverse software – The backup software was a copy and behaved in exactly the same way. Ariane launcher failure, Case study, 2013 Slide 5
Avoidable failure? • The software that failed was reused from the Ariane 4 launch vehicle. The computation that resulted in overflow was not used by Ariane 5. • Decisions were made – Not to remove the facility as this could introduce new faults – Not to test for overflow exceptions because the processor was heavily loaded. For dependability reasons, it was thought desirable to have some spare processor capacity Ariane launcher failure, Case study, 2013 Slide 6
Why not Ariane 4? • The physical characteristics of Ariane 4 (A smaller vehicle) are such that it has a lower initial acceleration and build up of horizontal velocity than Ariane 5 • The value of the variable on Ariane 4 could never reach a level that caused overflow during the launch period. Ariane launcher failure, Case study, 2013 Slide 7
Validation failure • As the facility that failed was not required for Ariane 5, there was no requirement associated with it. • As there was no associated requirement, there were no tests of that part of the software and hence no possibility of discovering the problem. • During system testing, simulators of the inertial reference system computers were used. These did not generate the error as there was no requirement! Ariane launcher failure, Case study, 2013 Slide 8
Review failure • The design and code of all software should be reviewed for problems during the development process • Either – The inertial reference system software was not reviewed because it had been used in a previous version – The review failed to expose the problem or that the test coverage would not reveal the problem – The review failed to appreciate the consequences of system shutdown during a launch Ariane launcher failure, Case study, 2013 Slide 9
Lessons learned • Don’t run software in critical systems unless it is actually needed • As well as testing for what the system should do, you may also have to test for what the system should not do • Do not have a default exception handling response which is system shut-down in systems that have no fail-safe state Ariane launcher failure, Case study, 2013 Slide 10
Lessons learned • In critical computations, always return best effort values even if the absolutely correct values cannot be computed • Wherever possible, use real equipment and not simulations • Improve the review process to include external participants and review all assumptions made in the code Ariane launcher failure, Case study, 2013 Slide 11
Avoidable failure • The designer’s of Ariane 5 made a critical and elementary error. • They designed a system where a single component failure could cause the entire system to fail Ariane launcher failure, Case study, 2013 Slide 12

Recommandé

Ariane 5 launcher failure
Ariane 5 launcher failure Ariane 5 launcher failure
Ariane 5 launcher failure sommerville-videos
 
Ariane 5 launcher failure - why did it happen
Ariane 5 launcher failure - why did it happenAriane 5 launcher failure - why did it happen
Ariane 5 launcher failure - why did it happensoftware-engineering-book
 
Chapter 4 software project planning
Chapter 4 software project planningChapter 4 software project planning
Chapter 4 software project planningPiyush Gogia
 
Introduction to loaders
Introduction to loadersIntroduction to loaders
Introduction to loadersTech_MX
 
Black box and white box testing
Black box and white box testingBlack box and white box testing
Black box and white box testingAWADHESH PRATAP SINGH UNIVERSITY, REWA (M.P.)
 
Chap1 slides
Chap1 slidesChap1 slides
Chap1 slidesBaliThorat1
 
Lec 4 (program and network properties)
Lec 4 (program and network properties)Lec 4 (program and network properties)
Lec 4 (program and network properties)Sudarshan Mondal
 
Hill climbing
Hill climbingHill climbing
Hill climbingMohammad Faizan
 

Recommandé

Ariane 5 launcher failure
Ariane 5 launcher failure Ariane 5 launcher failure
Ariane 5 launcher failure sommerville-videos
 
Ariane 5 launcher failure - why did it happen
Ariane 5 launcher failure - why did it happenAriane 5 launcher failure - why did it happen
Ariane 5 launcher failure - why did it happensoftware-engineering-book
 
Chapter 4 software project planning
Chapter 4 software project planningChapter 4 software project planning
Chapter 4 software project planningPiyush Gogia
 
Introduction to loaders
Introduction to loadersIntroduction to loaders
Introduction to loadersTech_MX
 
Black box and white box testing
Black box and white box testingBlack box and white box testing
Black box and white box testingAWADHESH PRATAP SINGH UNIVERSITY, REWA (M.P.)
 
Chap1 slides
Chap1 slidesChap1 slides
Chap1 slidesBaliThorat1
 
Lec 4 (program and network properties)
Lec 4 (program and network properties)Lec 4 (program and network properties)
Lec 4 (program and network properties)Sudarshan Mondal
 
Hill climbing
Hill climbingHill climbing
Hill climbingMohammad Faizan
 
3 Pipelining
3 Pipelining3 Pipelining
3 Pipeliningfika sweety
 
Concurrency
ConcurrencyConcurrency
ConcurrencySri Prasanna
 
Unit 1 ppt
Unit 1 pptUnit 1 ppt
Unit 1 pptGRajendra
 
Computer organization and architecture
Computer organization and architectureComputer organization and architecture
Computer organization and architectureSubesh Kumar Yadav
 
Pipeline hazard
Pipeline hazardPipeline hazard
Pipeline hazardAJAL A J
 
New software testing-techniques
New software testing-techniquesNew software testing-techniques
New software testing-techniquesFincy V.J
 
Software maintenance
Software maintenanceSoftware maintenance
Software maintenanceNancyBeaulah_R
 
Chapter 1 introduction
Chapter 1 introductionChapter 1 introduction
Chapter 1 introductionPiyush Gogia
 
Secondary storage management in os
Secondary storage management in osSecondary storage management in os
Secondary storage management in osSumant Diwakar
 
Agile development
Agile developmentAgile development
Agile developmentJoshuaU1
 
32 dynamic linking nd overlays
32 dynamic linking nd overlays32 dynamic linking nd overlays
32 dynamic linking nd overlaysmyrajendra
 
Loaders ( system programming )
Loaders ( system programming ) Loaders ( system programming )
Loaders ( system programming ) Adarsh Patel
 
Rational Unified Process
Rational Unified ProcessRational Unified Process
Rational Unified ProcessKumar
 
Linker and Loader
Linker and Loader Linker and Loader
Linker and Loader sonalikharade3
 
Swap space management and protection in os
Swap space management and protection in osSwap space management and protection in os
Swap space management and protection in osrajshreemuthiah
 
Pass Structure of Assembler
Pass Structure of AssemblerPass Structure of Assembler
Pass Structure of AssemblerInternational Institute of Information Technology (I²IT)
 
Debugging
DebuggingDebugging
DebuggingIndu Sharma Bhardwaj
 
Loop invariant computation
Loop invariant computationLoop invariant computation
Loop invariant computationReachLocal Services India
 
Function Oriented and Object Oriented Design,Modularization techniques
Function Oriented and Object Oriented Design,Modularization techniquesFunction Oriented and Object Oriented Design,Modularization techniques
Function Oriented and Object Oriented Design,Modularization techniquesnimmik4u
 
Heuristic Search Techniques {Artificial Intelligence}
Heuristic Search Techniques {Artificial Intelligence}Heuristic Search Techniques {Artificial Intelligence}
Heuristic Search Techniques {Artificial Intelligence}FellowBuddy.com
 
Ariane-5 shuttle Case study fault tollerance
Ariane-5 shuttle Case study fault tolleranceAriane-5 shuttle Case study fault tollerance
Ariane-5 shuttle Case study fault tolleranceDharshana Kasun Warusavitharana
 
Top Ten Reasons Why Projects Fail
Top Ten Reasons Why Projects FailTop Ten Reasons Why Projects Fail
Top Ten Reasons Why Projects Failjpstewar
 

Contenu connexe

Tendances

Computer organization and architecture
Computer organization and architectureComputer organization and architecture
Computer organization and architectureSubesh Kumar Yadav
 
Pipeline hazard
Pipeline hazardPipeline hazard
Pipeline hazardAJAL A J
 
New software testing-techniques
New software testing-techniquesNew software testing-techniques
New software testing-techniquesFincy V.J
 
Chapter 1 introduction
Chapter 1 introductionChapter 1 introduction
Chapter 1 introductionPiyush Gogia
 
Secondary storage management in os
Secondary storage management in osSecondary storage management in os
Secondary storage management in osSumant Diwakar
 
Agile development
Agile developmentAgile development
Agile developmentJoshuaU1
 
32 dynamic linking nd overlays
32 dynamic linking nd overlays32 dynamic linking nd overlays
32 dynamic linking nd overlaysmyrajendra
 
Loaders ( system programming )
Loaders ( system programming ) Loaders ( system programming )
Loaders ( system programming ) Adarsh Patel
 
Rational Unified Process
Rational Unified ProcessRational Unified Process
Rational Unified ProcessKumar
 
Swap space management and protection in os
Swap space management and protection in osSwap space management and protection in os
Swap space management and protection in osrajshreemuthiah
 
Function Oriented and Object Oriented Design,Modularization techniques
Function Oriented and Object Oriented Design,Modularization techniquesFunction Oriented and Object Oriented Design,Modularization techniques
Function Oriented and Object Oriented Design,Modularization techniquesnimmik4u
 
Heuristic Search Techniques {Artificial Intelligence}
Heuristic Search Techniques {Artificial Intelligence}Heuristic Search Techniques {Artificial Intelligence}
Heuristic Search Techniques {Artificial Intelligence}FellowBuddy.com
 

Tendances (20)

3 Pipelining
3 Pipelining3 Pipelining
3 Pipelining
 
Concurrency
ConcurrencyConcurrency
Concurrency
 
Unit 1 ppt
Unit 1 pptUnit 1 ppt
Unit 1 ppt
 
Computer organization and architecture
Computer organization and architectureComputer organization and architecture
Computer organization and architecture
 
Pipeline hazard
Pipeline hazardPipeline hazard
Pipeline hazard
 
New software testing-techniques
New software testing-techniquesNew software testing-techniques
New software testing-techniques
 
Software maintenance
Software maintenanceSoftware maintenance
Software maintenance
 
Chapter 1 introduction
Chapter 1 introductionChapter 1 introduction
Chapter 1 introduction
 
Secondary storage management in os
Secondary storage management in osSecondary storage management in os
Secondary storage management in os
 
Agile development
Agile developmentAgile development
Agile development
 
32 dynamic linking nd overlays
32 dynamic linking nd overlays32 dynamic linking nd overlays
32 dynamic linking nd overlays
 
Loaders ( system programming )
Loaders ( system programming ) Loaders ( system programming )
Loaders ( system programming )
 
Rational Unified Process
Rational Unified ProcessRational Unified Process
Rational Unified Process
 
Linker and Loader
Linker and Loader Linker and Loader
Linker and Loader
 
Swap space management and protection in os
Swap space management and protection in osSwap space management and protection in os
Swap space management and protection in os
 
Pass Structure of Assembler
Pass Structure of AssemblerPass Structure of Assembler
Pass Structure of Assembler
 
Debugging
DebuggingDebugging
Debugging
 
Loop invariant computation
Loop invariant computationLoop invariant computation
Loop invariant computation
 
Function Oriented and Object Oriented Design,Modularization techniques
Function Oriented and Object Oriented Design,Modularization techniquesFunction Oriented and Object Oriented Design,Modularization techniques
Function Oriented and Object Oriented Design,Modularization techniques
 
Heuristic Search Techniques {Artificial Intelligence}
Heuristic Search Techniques {Artificial Intelligence}Heuristic Search Techniques {Artificial Intelligence}
Heuristic Search Techniques {Artificial Intelligence}
 

En vedette

Top Ten Reasons Why Projects Fail
Top Ten Reasons Why Projects FailTop Ten Reasons Why Projects Fail
Top Ten Reasons Why Projects Failjpstewar
 
Security case buffer overflow
Security case buffer overflowSecurity case buffer overflow
Security case buffer overflowIan Sommerville
 
10 reasons why projects fail or common mistakes to avoid
10 reasons why projects fail or common mistakes to avoid10 reasons why projects fail or common mistakes to avoid
10 reasons why projects fail or common mistakes to avoidMarianna Semenova
 
EclipseCon 2010 Bugs and How to Get Heard
EclipseCon 2010 Bugs and How to Get HeardEclipseCon 2010 Bugs and How to Get Heard
EclipseCon 2010 Bugs and How to Get Heardmoberhuber
 
Human failure (LSCITS EngD 2012)
Human failure (LSCITS EngD 2012)Human failure (LSCITS EngD 2012)
Human failure (LSCITS EngD 2012)Ian Sommerville
 
Software Errors Funny and Fatal
Software Errors Funny and Fatal Software Errors Funny and Fatal
Software Errors Funny and Fatal Rahul Tiwari
 
Designing software for a million users
Designing software for a million usersDesigning software for a million users
Designing software for a million usersIan Sommerville
 
Smd aug13 d_vbrief
Smd aug13 d_vbriefSmd aug13 d_vbrief
Smd aug13 d_vbriefLsquirrel
 
Polish CanSat Launcher
Polish CanSat LauncherPolish CanSat Launcher
Polish CanSat LauncherSpaceUpPoland
 
Critical Success Factors Affecting Project Performance in Turkish IT Sector -...
Critical Success Factors Affecting Project Performance in Turkish IT Sector -...Critical Success Factors Affecting Project Performance in Turkish IT Sector -...
Critical Success Factors Affecting Project Performance in Turkish IT Sector -...systred
 
Space/Rocket Launching Park, Wenchang, Hainan Island, China 2012
Space/Rocket Launching Park, Wenchang, Hainan Island, China 2012Space/Rocket Launching Park, Wenchang, Hainan Island, China 2012
Space/Rocket Launching Park, Wenchang, Hainan Island, China 2012Walter Bone, RLA ASLA
 
Failure of Mars Climate Orbiter
Failure of Mars Climate OrbiterFailure of Mars Climate Orbiter
Failure of Mars Climate OrbiterMaharsh17
 
CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013Ian Sommerville
 
CS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachCS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachIan Sommerville
 
Projet 2013
Projet 2013Projet 2013
Projet 2013nassriro
 
Social Media: Delivering for Project Management?
Social Media: Delivering for Project Management?Social Media: Delivering for Project Management?
Social Media: Delivering for Project Management?Trevor Roberts
 
CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013Ian Sommerville
 

En vedette (20)

Ariane-5 shuttle Case study fault tollerance
Ariane-5 shuttle Case study fault tolleranceAriane-5 shuttle Case study fault tollerance
Ariane-5 shuttle Case study fault tollerance
 
Top Ten Reasons Why Projects Fail
Top Ten Reasons Why Projects FailTop Ten Reasons Why Projects Fail
Top Ten Reasons Why Projects Fail
 
Security case buffer overflow
Security case buffer overflowSecurity case buffer overflow
Security case buffer overflow
 
10 reasons why projects fail or common mistakes to avoid
10 reasons why projects fail or common mistakes to avoid10 reasons why projects fail or common mistakes to avoid
10 reasons why projects fail or common mistakes to avoid
 
EclipseCon 2010 Bugs and How to Get Heard
EclipseCon 2010 Bugs and How to Get HeardEclipseCon 2010 Bugs and How to Get Heard
EclipseCon 2010 Bugs and How to Get Heard
 
Human failure (LSCITS EngD 2012)
Human failure (LSCITS EngD 2012)Human failure (LSCITS EngD 2012)
Human failure (LSCITS EngD 2012)
 
Software Errors Funny and Fatal
Software Errors Funny and Fatal Software Errors Funny and Fatal
Software Errors Funny and Fatal
 
Ariane 5
Ariane 5Ariane 5
Ariane 5
 
Hw for la
Hw for laHw for la
Hw for la
 
Designing software for a million users
Designing software for a million usersDesigning software for a million users
Designing software for a million users
 
Smd aug13 d_vbrief
Smd aug13 d_vbriefSmd aug13 d_vbrief
Smd aug13 d_vbrief
 
Polish CanSat Launcher
Polish CanSat LauncherPolish CanSat Launcher
Polish CanSat Launcher
 
Critical Success Factors Affecting Project Performance in Turkish IT Sector -...
Critical Success Factors Affecting Project Performance in Turkish IT Sector -...Critical Success Factors Affecting Project Performance in Turkish IT Sector -...
Critical Success Factors Affecting Project Performance in Turkish IT Sector -...
 
Space/Rocket Launching Park, Wenchang, Hainan Island, China 2012
Space/Rocket Launching Park, Wenchang, Hainan Island, China 2012Space/Rocket Launching Park, Wenchang, Hainan Island, China 2012
Space/Rocket Launching Park, Wenchang, Hainan Island, China 2012
 
Failure of Mars Climate Orbiter
Failure of Mars Climate OrbiterFailure of Mars Climate Orbiter
Failure of Mars Climate Orbiter
 
CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013
 
CS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachCS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breach
 
Projet 2013
Projet 2013Projet 2013
Projet 2013
 
Social Media: Delivering for Project Management?
Social Media: Delivering for Project Management?Social Media: Delivering for Project Management?
Social Media: Delivering for Project Management?
 
CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013
 

Plus de Ian Sommerville

Ultra Large Scale Systems
Ultra Large Scale SystemsUltra Large Scale Systems
Ultra Large Scale SystemsIan Sommerville
 
Dependability requirements for LSCITS
Dependability requirements for LSCITSDependability requirements for LSCITS
Dependability requirements for LSCITSIan Sommerville
 
Conceptual systems design
Conceptual systems designConceptual systems design
Conceptual systems designIan Sommerville
 
Requirements Engineering for LSCITS
Requirements Engineering for LSCITSRequirements Engineering for LSCITS
Requirements Engineering for LSCITSIan Sommerville
 
An introduction to LSCITS
An introduction to LSCITSAn introduction to LSCITS
An introduction to LSCITSIan Sommerville
 
Internet worm-case-study
Internet worm-case-studyInternet worm-case-study
Internet worm-case-studyIan Sommerville
 
CS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterCS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterIan Sommerville
 
CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1Ian Sommerville
 
CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2Ian Sommerville
 
L17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureL17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureIan Sommerville
 
CS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsCS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsIan Sommerville
 
CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013Ian Sommerville
 
CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013Ian Sommerville
 
CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013Ian Sommerville
 
CS 5032 L6 reliability and security specification 2013
CS 5032 L6 reliability and security specification 2013CS 5032 L6 reliability and security specification 2013
CS 5032 L6 reliability and security specification 2013Ian Sommerville
 
CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013Ian Sommerville
 

Plus de Ian Sommerville (20)

Ultra Large Scale Systems
Ultra Large Scale SystemsUltra Large Scale Systems
Ultra Large Scale Systems
 
Resp modellingintro
Resp modellingintroResp modellingintro
Resp modellingintro
 
Resilience and recovery
Resilience and recoveryResilience and recovery
Resilience and recovery
 
LSCITS-engineering
LSCITS-engineeringLSCITS-engineering
LSCITS-engineering
 
Requirements reality
Requirements realityRequirements reality
Requirements reality
 
Dependability requirements for LSCITS
Dependability requirements for LSCITSDependability requirements for LSCITS
Dependability requirements for LSCITS
 
Conceptual systems design
Conceptual systems designConceptual systems design
Conceptual systems design
 
Requirements Engineering for LSCITS
Requirements Engineering for LSCITSRequirements Engineering for LSCITS
Requirements Engineering for LSCITS
 
An introduction to LSCITS
An introduction to LSCITSAn introduction to LSCITS
An introduction to LSCITS
 
Internet worm-case-study
Internet worm-case-studyInternet worm-case-study
Internet worm-case-study
 
CS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterCS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disaster
 
CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1
 
CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2
 
L17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureL17 CS5032 critical infrastructure
L17 CS5032 critical infrastructure
 
CS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsCS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systems
 
CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013
 
CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013
 
CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013
 
CS 5032 L6 reliability and security specification 2013
CS 5032 L6 reliability and security specification 2013CS 5032 L6 reliability and security specification 2013
CS 5032 L6 reliability and security specification 2013
 
CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013
 

Dernier

How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 

Dernier (20)

How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 

CS5032 Case study Ariane 5 launcher failure

  • 1. The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its maiden flight Ariane launcher failure, Case study, 2013 Slide 1
  • 2. Ariane 5 • A European rocket designed to launch commercial payloads (e.g.communications satellites, etc.) into Earth orbit • Successor to the successful Ariane 4 launchers • Ariane 5 can carry a heavier payload than Ariane 4 Ariane launcher failure, Case study, 2013 Slide 2
  • 3. Launcher failure • Appoximately 37 seconds after a successful lift-off, the Ariane 5 launcher lost control • Incorrect control signals were sent to the engines and these swivelled so that unsustainable stresses were imposed on the rocket • It started to break up and self-destructed • The system failure was a direct result of a software failure. However, it was symptomatic of a more general systems validation failure Ariane launcher failure, Case study, 2013 Slide 3
  • 4. The problem • The attitude and trajectory of the rocket are measured by a computer-based inertial reference system. This transmits commands to the engines to maintain attitude and direction • The software failed and this system and the backup system shut down • Diagnostic commands were transmitted to the engines which interpreted them as real data and which swivelled to an extreme position Ariane launcher failure, Case study, 2013 Slide 4
  • 5. Software failure • Software failure occurred when an attempt to convert a 64- bit floating point number to a signed 16-bit integer caused the number to overflow. • There was no exception handler associated with the conversion so the system exception management facilities were invoked. These shut down the software. • Redundant but not diverse software – The backup software was a copy and behaved in exactly the same way. Ariane launcher failure, Case study, 2013 Slide 5
  • 6. Avoidable failure? • The software that failed was reused from the Ariane 4 launch vehicle. The computation that resulted in overflow was not used by Ariane 5. • Decisions were made – Not to remove the facility as this could introduce new faults – Not to test for overflow exceptions because the processor was heavily loaded. For dependability reasons, it was thought desirable to have some spare processor capacity Ariane launcher failure, Case study, 2013 Slide 6
  • 7. Why not Ariane 4? • The physical characteristics of Ariane 4 (A smaller vehicle) are such that it has a lower initial acceleration and build up of horizontal velocity than Ariane 5 • The value of the variable on Ariane 4 could never reach a level that caused overflow during the launch period. Ariane launcher failure, Case study, 2013 Slide 7
  • 8. Validation failure • As the facility that failed was not required for Ariane 5, there was no requirement associated with it. • As there was no associated requirement, there were no tests of that part of the software and hence no possibility of discovering the problem. • During system testing, simulators of the inertial reference system computers were used. These did not generate the error as there was no requirement! Ariane launcher failure, Case study, 2013 Slide 8
  • 9. Review failure • The design and code of all software should be reviewed for problems during the development process • Either – The inertial reference system software was not reviewed because it had been used in a previous version – The review failed to expose the problem or that the test coverage would not reveal the problem – The review failed to appreciate the consequences of system shutdown during a launch Ariane launcher failure, Case study, 2013 Slide 9
  • 10. Lessons learned • Don’t run software in critical systems unless it is actually needed • As well as testing for what the system should do, you may also have to test for what the system should not do • Do not have a default exception handling response which is system shut-down in systems that have no fail-safe state Ariane launcher failure, Case study, 2013 Slide 10
  • 11. Lessons learned • In critical computations, always return best effort values even if the absolutely correct values cannot be computed • Wherever possible, use real equipment and not simulations • Improve the review process to include external participants and review all assumptions made in the code Ariane launcher failure, Case study, 2013 Slide 11
  • 12. Avoidable failure • The designer’s of Ariane 5 made a critical and elementary error. • They designed a system where a single component failure could cause the entire system to fail Ariane launcher failure, Case study, 2013 Slide 12