SlideShare ist ein Scribd-Unternehmen logo

CS5032 Case study Ariane 5 launcher failure

Als PPTX, PDF herunterladen
Ian Sommerville
Ian Sommerville
Technologie
1 von 12
The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its maiden flight Ariane launcher failure, Case study, 2013 Slide 1
Ariane 5 • A European rocket designed to launch commercial payloads (e.g.communications satellites, etc.) into Earth orbit • Successor to the successful Ariane 4 launchers • Ariane 5 can carry a heavier payload than Ariane 4 Ariane launcher failure, Case study, 2013 Slide 2
Launcher failure • Appoximately 37 seconds after a successful lift-off, the Ariane 5 launcher lost control • Incorrect control signals were sent to the engines and these swivelled so that unsustainable stresses were imposed on the rocket • It started to break up and self-destructed • The system failure was a direct result of a software failure. However, it was symptomatic of a more general systems validation failure Ariane launcher failure, Case study, 2013 Slide 3
The problem • The attitude and trajectory of the rocket are measured by a computer-based inertial reference system. This transmits commands to the engines to maintain attitude and direction • The software failed and this system and the backup system shut down • Diagnostic commands were transmitted to the engines which interpreted them as real data and which swivelled to an extreme position Ariane launcher failure, Case study, 2013 Slide 4
Software failure • Software failure occurred when an attempt to convert a 64- bit floating point number to a signed 16-bit integer caused the number to overflow. • There was no exception handler associated with the conversion so the system exception management facilities were invoked. These shut down the software. • Redundant but not diverse software – The backup software was a copy and behaved in exactly the same way. Ariane launcher failure, Case study, 2013 Slide 5
Avoidable failure? • The software that failed was reused from the Ariane 4 launch vehicle. The computation that resulted in overflow was not used by Ariane 5. • Decisions were made – Not to remove the facility as this could introduce new faults – Not to test for overflow exceptions because the processor was heavily loaded. For dependability reasons, it was thought desirable to have some spare processor capacity Ariane launcher failure, Case study, 2013 Slide 6
Why not Ariane 4? • The physical characteristics of Ariane 4 (A smaller vehicle) are such that it has a lower initial acceleration and build up of horizontal velocity than Ariane 5 • The value of the variable on Ariane 4 could never reach a level that caused overflow during the launch period. Ariane launcher failure, Case study, 2013 Slide 7
Validation failure • As the facility that failed was not required for Ariane 5, there was no requirement associated with it. • As there was no associated requirement, there were no tests of that part of the software and hence no possibility of discovering the problem. • During system testing, simulators of the inertial reference system computers were used. These did not generate the error as there was no requirement! Ariane launcher failure, Case study, 2013 Slide 8
Review failure • The design and code of all software should be reviewed for problems during the development process • Either – The inertial reference system software was not reviewed because it had been used in a previous version – The review failed to expose the problem or that the test coverage would not reveal the problem – The review failed to appreciate the consequences of system shutdown during a launch Ariane launcher failure, Case study, 2013 Slide 9
Lessons learned • Don’t run software in critical systems unless it is actually needed • As well as testing for what the system should do, you may also have to test for what the system should not do • Do not have a default exception handling response which is system shut-down in systems that have no fail-safe state Ariane launcher failure, Case study, 2013 Slide 10
Lessons learned • In critical computations, always return best effort values even if the absolutely correct values cannot be computed • Wherever possible, use real equipment and not simulations • Improve the review process to include external participants and review all assumptions made in the code Ariane launcher failure, Case study, 2013 Slide 11
Avoidable failure • The designer’s of Ariane 5 made a critical and elementary error. • They designed a system where a single component failure could cause the entire system to fail Ariane launcher failure, Case study, 2013 Slide 12

Empfohlen

Ariane-5 shuttle Case study fault tollerance
Ariane-5 shuttle Case study fault tolleranceAriane-5 shuttle Case study fault tollerance
Ariane-5 shuttle Case study fault tolleranceDharshana Kasun Warusavitharana
 
Ariane 5 launcher failure - why did it happen
Ariane 5 launcher failure - why did it happenAriane 5 launcher failure - why did it happen
Ariane 5 launcher failure - why did it happensoftware-engineering-book
 
Ariane 5 launcher failure
Ariane 5 launcher failure Ariane 5 launcher failure
Ariane 5 launcher failure sommerville-videos
 
Concept of Failure, error, fault and defect
Concept of Failure, error, fault and defectConcept of Failure, error, fault and defect
Concept of Failure, error, fault and defectchaklee191
 
Stub Testing and Driver Testing
Stub Testing and Driver TestingStub Testing and Driver Testing
Stub Testing and Driver TestingPopescu Petre
 
Java Class Loading
Java Class LoadingJava Class Loading
Java Class LoadingSandeep Verma
 
A Bug Tracking System Is A Software Application
A Bug Tracking System Is A Software ApplicationA Bug Tracking System Is A Software Application
A Bug Tracking System Is A Software ApplicationAbhishek Pasricha
 
Hazards in pipeline
Hazards in pipelineHazards in pipeline
Hazards in pipelineSnehalataAgasti
 

Empfohlen

Ariane-5 shuttle Case study fault tollerance
Ariane-5 shuttle Case study fault tolleranceAriane-5 shuttle Case study fault tollerance
Ariane-5 shuttle Case study fault tolleranceDharshana Kasun Warusavitharana
 
Ariane 5 launcher failure - why did it happen
Ariane 5 launcher failure - why did it happenAriane 5 launcher failure - why did it happen
Ariane 5 launcher failure - why did it happensoftware-engineering-book
 
Ariane 5 launcher failure
Ariane 5 launcher failure Ariane 5 launcher failure
Ariane 5 launcher failure sommerville-videos
 
Concept of Failure, error, fault and defect
Concept of Failure, error, fault and defectConcept of Failure, error, fault and defect
Concept of Failure, error, fault and defectchaklee191
 
Stub Testing and Driver Testing
Stub Testing and Driver TestingStub Testing and Driver Testing
Stub Testing and Driver TestingPopescu Petre
 
Java Class Loading
Java Class LoadingJava Class Loading
Java Class LoadingSandeep Verma
 
A Bug Tracking System Is A Software Application
A Bug Tracking System Is A Software ApplicationA Bug Tracking System Is A Software Application
A Bug Tracking System Is A Software ApplicationAbhishek Pasricha
 
Hazards in pipeline
Hazards in pipelineHazards in pipeline
Hazards in pipelineSnehalataAgasti
 
McCall Software Quality Model in Software Quality Assurance
McCall Software Quality Model in Software Quality Assurance McCall Software Quality Model in Software Quality Assurance
McCall Software Quality Model in Software Quality Assurance sundas Shabbir
 
6.distributed shared memory
6.distributed shared memory6.distributed shared memory
6.distributed shared memoryGd Goenka University
 
Producer consumer
Producer consumerProducer consumer
Producer consumerMohd Tousif
 
Direct linking loaders
Direct linking loadersDirect linking loaders
Direct linking loadersSatyamevjayte Haxor
 
Non Functional Testing
Non Functional TestingNon Functional Testing
Non Functional TestingNishant Worah
 
Software Testing
Software TestingSoftware Testing
Software TestingVishal Singh
 
Software testing
Software testingSoftware testing
Software testingssusere50573
 
Java Presentation
Java PresentationJava Presentation
Java Presentationpm2214
 
Basics of JAVA programming
Basics of JAVA programmingBasics of JAVA programming
Basics of JAVA programmingElizabeth Thomas
 
Training on Core java | PPT Presentation | Shravan Sanidhya
Training on Core java | PPT Presentation | Shravan SanidhyaTraining on Core java | PPT Presentation | Shravan Sanidhya
Training on Core java | PPT Presentation | Shravan SanidhyaShravan Sanidhya
 
32 dynamic linking nd overlays
32 dynamic linking nd overlays32 dynamic linking nd overlays
32 dynamic linking nd overlaysmyrajendra
 
Error Detection & Recovery
Error Detection & RecoveryError Detection & Recovery
Error Detection & RecoveryAkhil Kaushik
 
Software testing
Software testingSoftware testing
Software testingOmar Al-Bokari
 
CNIT 127: Ch 18: Source Code Auditing
CNIT 127: Ch 18: Source Code AuditingCNIT 127: Ch 18: Source Code Auditing
CNIT 127: Ch 18: Source Code AuditingSam Bowne
 
Black Box Testing
Black Box TestingBlack Box Testing
Black Box TestingMariamKhan120
 
Software Testing
Software TestingSoftware Testing
Software TestingMousmi Pawar
 
operating system question bank
operating system question bankoperating system question bank
operating system question bankrajatdeep kaur
 
Unit 3 Control Flow Testing
Unit 3 Control Flow TestingUnit 3 Control Flow Testing
Unit 3 Control Flow Testingravikhimani
 
Black box & white-box testing technique
Black box & white-box testing techniqueBlack box & white-box testing technique
Black box & white-box testing techniqueSivaprasanthRentala1975
 
Functional Testing vs Non-Functional Testing | Edureka
Functional Testing vs Non-Functional Testing | EdurekaFunctional Testing vs Non-Functional Testing | Edureka
Functional Testing vs Non-Functional Testing | EdurekaEdureka!
 
Top Ten Reasons Why Projects Fail
Top Ten Reasons Why Projects FailTop Ten Reasons Why Projects Fail
Top Ten Reasons Why Projects Failjpstewar
 
Security case buffer overflow
Security case buffer overflowSecurity case buffer overflow
Security case buffer overflowIan Sommerville
 

Weitere ähnliche Inhalte

Was ist angesagt?

McCall Software Quality Model in Software Quality Assurance
McCall Software Quality Model in Software Quality Assurance McCall Software Quality Model in Software Quality Assurance
McCall Software Quality Model in Software Quality Assurance sundas Shabbir
 
Producer consumer
Producer consumerProducer consumer
Producer consumerMohd Tousif
 
Non Functional Testing
Non Functional TestingNon Functional Testing
Non Functional TestingNishant Worah
 
Java Presentation
Java PresentationJava Presentation
Java Presentationpm2214
 
Basics of JAVA programming
Basics of JAVA programmingBasics of JAVA programming
Basics of JAVA programmingElizabeth Thomas
 
Training on Core java | PPT Presentation | Shravan Sanidhya
Training on Core java | PPT Presentation | Shravan SanidhyaTraining on Core java | PPT Presentation | Shravan Sanidhya
Training on Core java | PPT Presentation | Shravan SanidhyaShravan Sanidhya
 
32 dynamic linking nd overlays
32 dynamic linking nd overlays32 dynamic linking nd overlays
32 dynamic linking nd overlaysmyrajendra
 
Error Detection & Recovery
Error Detection & RecoveryError Detection & Recovery
Error Detection & RecoveryAkhil Kaushik
 
CNIT 127: Ch 18: Source Code Auditing
CNIT 127: Ch 18: Source Code AuditingCNIT 127: Ch 18: Source Code Auditing
CNIT 127: Ch 18: Source Code AuditingSam Bowne
 
operating system question bank
operating system question bankoperating system question bank
operating system question bankrajatdeep kaur
 
Unit 3 Control Flow Testing
Unit 3 Control Flow TestingUnit 3 Control Flow Testing
Unit 3 Control Flow Testingravikhimani
 
Functional Testing vs Non-Functional Testing | Edureka
Functional Testing vs Non-Functional Testing | EdurekaFunctional Testing vs Non-Functional Testing | Edureka
Functional Testing vs Non-Functional Testing | EdurekaEdureka!
 

Was ist angesagt? (20)

McCall Software Quality Model in Software Quality Assurance
McCall Software Quality Model in Software Quality Assurance McCall Software Quality Model in Software Quality Assurance
McCall Software Quality Model in Software Quality Assurance
 
6.distributed shared memory
6.distributed shared memory6.distributed shared memory
6.distributed shared memory
 
Producer consumer
Producer consumerProducer consumer
Producer consumer
 
Direct linking loaders
Direct linking loadersDirect linking loaders
Direct linking loaders
 
Non Functional Testing
Non Functional TestingNon Functional Testing
Non Functional Testing
 
Software Testing
Software TestingSoftware Testing
Software Testing
 
Software testing
Software testingSoftware testing
Software testing
 
Java Presentation
Java PresentationJava Presentation
Java Presentation
 
Basics of JAVA programming
Basics of JAVA programmingBasics of JAVA programming
Basics of JAVA programming
 
Training on Core java | PPT Presentation | Shravan Sanidhya
Training on Core java | PPT Presentation | Shravan SanidhyaTraining on Core java | PPT Presentation | Shravan Sanidhya
Training on Core java | PPT Presentation | Shravan Sanidhya
 
32 dynamic linking nd overlays
32 dynamic linking nd overlays32 dynamic linking nd overlays
32 dynamic linking nd overlays
 
Error Detection & Recovery
Error Detection & RecoveryError Detection & Recovery
Error Detection & Recovery
 
Software testing
Software testingSoftware testing
Software testing
 
CNIT 127: Ch 18: Source Code Auditing
CNIT 127: Ch 18: Source Code AuditingCNIT 127: Ch 18: Source Code Auditing
CNIT 127: Ch 18: Source Code Auditing
 
Black Box Testing
Black Box TestingBlack Box Testing
Black Box Testing
 
Software Testing
Software TestingSoftware Testing
Software Testing
 
operating system question bank
operating system question bankoperating system question bank
operating system question bank
 
Unit 3 Control Flow Testing
Unit 3 Control Flow TestingUnit 3 Control Flow Testing
Unit 3 Control Flow Testing
 
Black box & white-box testing technique
Black box & white-box testing techniqueBlack box & white-box testing technique
Black box & white-box testing technique
 
Functional Testing vs Non-Functional Testing | Edureka
Functional Testing vs Non-Functional Testing | EdurekaFunctional Testing vs Non-Functional Testing | Edureka
Functional Testing vs Non-Functional Testing | Edureka
 

Andere mochten auch

Top Ten Reasons Why Projects Fail
Top Ten Reasons Why Projects FailTop Ten Reasons Why Projects Fail
Top Ten Reasons Why Projects Failjpstewar
 
Security case buffer overflow
Security case buffer overflowSecurity case buffer overflow
Security case buffer overflowIan Sommerville
 
10 reasons why projects fail or common mistakes to avoid
10 reasons why projects fail or common mistakes to avoid10 reasons why projects fail or common mistakes to avoid
10 reasons why projects fail or common mistakes to avoidMarianna Semenova
 
EclipseCon 2010 Bugs and How to Get Heard
EclipseCon 2010 Bugs and How to Get HeardEclipseCon 2010 Bugs and How to Get Heard
EclipseCon 2010 Bugs and How to Get Heardmoberhuber
 
Human failure (LSCITS EngD 2012)
Human failure (LSCITS EngD 2012)Human failure (LSCITS EngD 2012)
Human failure (LSCITS EngD 2012)Ian Sommerville
 
Software Errors Funny and Fatal
Software Errors Funny and Fatal Software Errors Funny and Fatal
Software Errors Funny and Fatal Rahul Tiwari
 
Designing software for a million users
Designing software for a million usersDesigning software for a million users
Designing software for a million usersIan Sommerville
 
Smd aug13 d_vbrief
Smd aug13 d_vbriefSmd aug13 d_vbrief
Smd aug13 d_vbriefLsquirrel
 
Polish CanSat Launcher
Polish CanSat LauncherPolish CanSat Launcher
Polish CanSat LauncherSpaceUpPoland
 
Critical Success Factors Affecting Project Performance in Turkish IT Sector -...
Critical Success Factors Affecting Project Performance in Turkish IT Sector -...Critical Success Factors Affecting Project Performance in Turkish IT Sector -...
Critical Success Factors Affecting Project Performance in Turkish IT Sector -...systred
 
Space/Rocket Launching Park, Wenchang, Hainan Island, China 2012
Space/Rocket Launching Park, Wenchang, Hainan Island, China 2012Space/Rocket Launching Park, Wenchang, Hainan Island, China 2012
Space/Rocket Launching Park, Wenchang, Hainan Island, China 2012Walter Bone, RLA ASLA
 
Failure of Mars Climate Orbiter
Failure of Mars Climate OrbiterFailure of Mars Climate Orbiter
Failure of Mars Climate OrbiterMaharsh17
 
CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013Ian Sommerville
 
CS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachCS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachIan Sommerville
 
Projet 2013
Projet 2013Projet 2013
Projet 2013nassriro
 
Social Media: Delivering for Project Management?
Social Media: Delivering for Project Management?Social Media: Delivering for Project Management?
Social Media: Delivering for Project Management?Trevor Roberts
 
CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013Ian Sommerville
 
Software Disasters
Software DisastersSoftware Disasters
Software DisastersArno Huetter
 

Andere mochten auch (20)

Top Ten Reasons Why Projects Fail
Top Ten Reasons Why Projects FailTop Ten Reasons Why Projects Fail
Top Ten Reasons Why Projects Fail
 
Security case buffer overflow
Security case buffer overflowSecurity case buffer overflow
Security case buffer overflow
 
10 reasons why projects fail or common mistakes to avoid
10 reasons why projects fail or common mistakes to avoid10 reasons why projects fail or common mistakes to avoid
10 reasons why projects fail or common mistakes to avoid
 
EclipseCon 2010 Bugs and How to Get Heard
EclipseCon 2010 Bugs and How to Get HeardEclipseCon 2010 Bugs and How to Get Heard
EclipseCon 2010 Bugs and How to Get Heard
 
Human failure (LSCITS EngD 2012)
Human failure (LSCITS EngD 2012)Human failure (LSCITS EngD 2012)
Human failure (LSCITS EngD 2012)
 
Software Errors Funny and Fatal
Software Errors Funny and Fatal Software Errors Funny and Fatal
Software Errors Funny and Fatal
 
Ariane 5
Ariane 5Ariane 5
Ariane 5
 
Hw for la
Hw for laHw for la
Hw for la
 
Designing software for a million users
Designing software for a million usersDesigning software for a million users
Designing software for a million users
 
Smd aug13 d_vbrief
Smd aug13 d_vbriefSmd aug13 d_vbrief
Smd aug13 d_vbrief
 
Polish CanSat Launcher
Polish CanSat LauncherPolish CanSat Launcher
Polish CanSat Launcher
 
Critical Success Factors Affecting Project Performance in Turkish IT Sector -...
Critical Success Factors Affecting Project Performance in Turkish IT Sector -...Critical Success Factors Affecting Project Performance in Turkish IT Sector -...
Critical Success Factors Affecting Project Performance in Turkish IT Sector -...
 
Space/Rocket Launching Park, Wenchang, Hainan Island, China 2012
Space/Rocket Launching Park, Wenchang, Hainan Island, China 2012Space/Rocket Launching Park, Wenchang, Hainan Island, China 2012
Space/Rocket Launching Park, Wenchang, Hainan Island, China 2012
 
Failure of Mars Climate Orbiter
Failure of Mars Climate OrbiterFailure of Mars Climate Orbiter
Failure of Mars Climate Orbiter
 
CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013
 
CS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachCS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breach
 
Projet 2013
Projet 2013Projet 2013
Projet 2013
 
Social Media: Delivering for Project Management?
Social Media: Delivering for Project Management?Social Media: Delivering for Project Management?
Social Media: Delivering for Project Management?
 
CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013
 
Software Disasters
Software DisastersSoftware Disasters
Software Disasters
 

Mehr von Ian Sommerville

Ultra Large Scale Systems
Ultra Large Scale SystemsUltra Large Scale Systems
Ultra Large Scale SystemsIan Sommerville
 
Dependability requirements for LSCITS
Dependability requirements for LSCITSDependability requirements for LSCITS
Dependability requirements for LSCITSIan Sommerville
 
Conceptual systems design
Conceptual systems designConceptual systems design
Conceptual systems designIan Sommerville
 
Requirements Engineering for LSCITS
Requirements Engineering for LSCITSRequirements Engineering for LSCITS
Requirements Engineering for LSCITSIan Sommerville
 
An introduction to LSCITS
An introduction to LSCITSAn introduction to LSCITS
An introduction to LSCITSIan Sommerville
 
Internet worm-case-study
Internet worm-case-studyInternet worm-case-study
Internet worm-case-studyIan Sommerville
 
CS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterCS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterIan Sommerville
 
CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1Ian Sommerville
 
CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2Ian Sommerville
 
L17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureL17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureIan Sommerville
 
CS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsCS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsIan Sommerville
 
CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013Ian Sommerville
 
CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013Ian Sommerville
 
CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013Ian Sommerville
 
CS 5032 L6 reliability and security specification 2013
CS 5032 L6 reliability and security specification 2013CS 5032 L6 reliability and security specification 2013
CS 5032 L6 reliability and security specification 2013Ian Sommerville
 
CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013Ian Sommerville
 

Mehr von Ian Sommerville (20)

Ultra Large Scale Systems
Ultra Large Scale SystemsUltra Large Scale Systems
Ultra Large Scale Systems
 
Resp modellingintro
Resp modellingintroResp modellingintro
Resp modellingintro
 
Resilience and recovery
Resilience and recoveryResilience and recovery
Resilience and recovery
 
LSCITS-engineering
LSCITS-engineeringLSCITS-engineering
LSCITS-engineering
 
Requirements reality
Requirements realityRequirements reality
Requirements reality
 
Dependability requirements for LSCITS
Dependability requirements for LSCITSDependability requirements for LSCITS
Dependability requirements for LSCITS
 
Conceptual systems design
Conceptual systems designConceptual systems design
Conceptual systems design
 
Requirements Engineering for LSCITS
Requirements Engineering for LSCITSRequirements Engineering for LSCITS
Requirements Engineering for LSCITS
 
An introduction to LSCITS
An introduction to LSCITSAn introduction to LSCITS
An introduction to LSCITS
 
Internet worm-case-study
Internet worm-case-studyInternet worm-case-study
Internet worm-case-study
 
CS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterCS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disaster
 
CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1
 
CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2
 
L17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureL17 CS5032 critical infrastructure
L17 CS5032 critical infrastructure
 
CS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsCS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systems
 
CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013
 
CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013
 
CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013
 
CS 5032 L6 reliability and security specification 2013
CS 5032 L6 reliability and security specification 2013CS 5032 L6 reliability and security specification 2013
CS 5032 L6 reliability and security specification 2013
 
CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013CS 5032 L5 safety specification 2013
CS 5032 L5 safety specification 2013
 

Kürzlich hochgeladen

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Kürzlich hochgeladen (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

CS5032 Case study Ariane 5 launcher failure

  • 1. The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its maiden flight Ariane launcher failure, Case study, 2013 Slide 1
  • 2. Ariane 5 • A European rocket designed to launch commercial payloads (e.g.communications satellites, etc.) into Earth orbit • Successor to the successful Ariane 4 launchers • Ariane 5 can carry a heavier payload than Ariane 4 Ariane launcher failure, Case study, 2013 Slide 2
  • 3. Launcher failure • Appoximately 37 seconds after a successful lift-off, the Ariane 5 launcher lost control • Incorrect control signals were sent to the engines and these swivelled so that unsustainable stresses were imposed on the rocket • It started to break up and self-destructed • The system failure was a direct result of a software failure. However, it was symptomatic of a more general systems validation failure Ariane launcher failure, Case study, 2013 Slide 3
  • 4. The problem • The attitude and trajectory of the rocket are measured by a computer-based inertial reference system. This transmits commands to the engines to maintain attitude and direction • The software failed and this system and the backup system shut down • Diagnostic commands were transmitted to the engines which interpreted them as real data and which swivelled to an extreme position Ariane launcher failure, Case study, 2013 Slide 4
  • 5. Software failure • Software failure occurred when an attempt to convert a 64- bit floating point number to a signed 16-bit integer caused the number to overflow. • There was no exception handler associated with the conversion so the system exception management facilities were invoked. These shut down the software. • Redundant but not diverse software – The backup software was a copy and behaved in exactly the same way. Ariane launcher failure, Case study, 2013 Slide 5
  • 6. Avoidable failure? • The software that failed was reused from the Ariane 4 launch vehicle. The computation that resulted in overflow was not used by Ariane 5. • Decisions were made – Not to remove the facility as this could introduce new faults – Not to test for overflow exceptions because the processor was heavily loaded. For dependability reasons, it was thought desirable to have some spare processor capacity Ariane launcher failure, Case study, 2013 Slide 6
  • 7. Why not Ariane 4? • The physical characteristics of Ariane 4 (A smaller vehicle) are such that it has a lower initial acceleration and build up of horizontal velocity than Ariane 5 • The value of the variable on Ariane 4 could never reach a level that caused overflow during the launch period. Ariane launcher failure, Case study, 2013 Slide 7
  • 8. Validation failure • As the facility that failed was not required for Ariane 5, there was no requirement associated with it. • As there was no associated requirement, there were no tests of that part of the software and hence no possibility of discovering the problem. • During system testing, simulators of the inertial reference system computers were used. These did not generate the error as there was no requirement! Ariane launcher failure, Case study, 2013 Slide 8
  • 9. Review failure • The design and code of all software should be reviewed for problems during the development process • Either – The inertial reference system software was not reviewed because it had been used in a previous version – The review failed to expose the problem or that the test coverage would not reveal the problem – The review failed to appreciate the consequences of system shutdown during a launch Ariane launcher failure, Case study, 2013 Slide 9
  • 10. Lessons learned • Don’t run software in critical systems unless it is actually needed • As well as testing for what the system should do, you may also have to test for what the system should not do • Do not have a default exception handling response which is system shut-down in systems that have no fail-safe state Ariane launcher failure, Case study, 2013 Slide 10
  • 11. Lessons learned • In critical computations, always return best effort values even if the absolutely correct values cannot be computed • Wherever possible, use real equipment and not simulations • Improve the review process to include external participants and review all assumptions made in the code Ariane launcher failure, Case study, 2013 Slide 11
  • 12. Avoidable failure • The designer’s of Ariane 5 made a critical and elementary error. • They designed a system where a single component failure could cause the entire system to fail Ariane launcher failure, Case study, 2013 Slide 12