Total failure of the. on its maiden flight. Ian Sommerville 2001 CS 365 Ariane 5 launcher failure Slide 1

Similar documents
Safety-Critical Systems

The organisation of the Airbus. A330/340 flight control system. Ian Sommerville 2001 Airbus flight control system Slide 1

ARIANE 5. Flight 501 Failure

Payload Adapters and Separation Systems

Successful Return to Flight of the H-IIA Launch Vehicle

LAUNCH KIT. November 2017 VV11. MOHAMMED VI A satellite

ADVANTAGES OF SIMULATION

LAUNCH KIT AUGUST 2018 VV12 AEOLUS

Spacecraft Avionics. Lecture #26 December 2, 2014 Avionics overview Shuttle systems Constellation systems MARYLAND U N I V E R S I T Y O F

LAUNCH KIT. September 2018 VA243. Horizons 3e. Azerspace-2/Intelsat 38

TEAM AMERICA ROCKETRY CHALLENGE 2017 RULES

Missions, Operations & Ground Infrastructure

December VA 221 DIRECTV-14 GSAT-16

LAUNCH KIT. December 2017 VA240. Galileo FOC-M7 SAT

September VA 226. Sky Muster ARSAT-2

Quality of service and reliability

September VA 218. MEASAT-3b OPTUS 10

LAUNCH KIT. January 2018 VA241 SES-14. Al Yah 3

LAUNCH KIT. December 2018 VA246 GSAT-11 GEO-KOMPSAT-2A

July VA 219. ATV Georges Lemaître

Two Telecom satellites

AIRBUS FlyByWire How it really works

TEAM AMERICA ROCKETRY CHALLENGE 2014 EVENT RULES

LAUNCHING TWO DIRECT BROADCAST TV SATELLITES

A satellite launch for Mexico and Thailand

April VA 222 THOR 7 SICRAL 2

HQ AFSVA/SVPAR. 1 May 2009

November VA 227 ARABSAT-6B (BADR -7) GSAT-15

Establishing a Risk-Based Separation Standard for Unmanned Aircraft Self Separation

Introducing. RUAG Space. From our Electronics portfolio: Antenna. From our Spacecraft portfolio: Thermal Insulation

SATELLITES FOR SPAIN AND SOUTH KOREA

HIGH SPEED FLIGHT DEMONSTRATION PROJECT

Boosting two communications satellites into orbit

ADS-B. Installation Challenges. July 13, Federal Aviation Administration. James Marks ADS-B Focus Team Lead FAA Flight Standards Service

LAUNCH KIT. February 2017 VA235. SKY Brasil-1 Telkom 3S

LAUNCH KIT. September 2017 VA239. Intelsat 37e. BSAT-4a

2018 RULES TEAM AMERICA ROCKETRY CHALLENGE

Multi/many core in Avionics Systems

D DAVID PUBLISHING. Development and Achievement of the T-50 Flight Control s Consolidated OFP. 1. Introduction. 2. Consolidated OFP s Needs

History of Sea Launch

Arianespace Launch Service Operator Policy for Space Safety

Efficiency has to be the key to success

Launch and Recovery Procedures and Flight Maneuvers

International Civil Aviation Organization

ultimate traffic Live User Guide

François CAHUZAC / Arnaud BIARD

MetroAir Virtual Airlines

Safety in prototype flight

F1 Rocket. Recurrent Training Program

Pseudo-Satellites and Their Use in Near Space

CONTENTS VS21 ARIANESPACE TO ORBIT THE FIRST SIX SATELLITES IN THE ONEWEB CONSTELLATION. OneWeb F6

NOVA Fall Camporee. Science in the woods. What could possibly go wrong? September 28-30, Camp Kikthawenund

Integrated Modular Avionics. The way ahead for aircraft computing platforms?

Troubleshooting Guide

Applicability / Compatibility of STPA with FAA Regulations & Guidance. First STAMP/STPA Workshop. Federal Aviation Administration

LAUNCH KIT. February 2019 VA247. Saudi Geostationary Satellite 1/Hellas Sat 4 GSAT-31

Post-Launch assessment Review

Advisory Circular. Automatic Dependent Surveillance - Broadcast

Garrecht TRX 1500 Traffic-Sensor

Technical Standard Order

PART XIII - AIR TRANSPORT SERVICES

Satellites launched for the USA and Asia

Bob Hawkins Deputy Lead Engineer SLS Integrated Avionics and Software

Appendices. Introduction to Appendices

ARIANESPACE LAUNCHES SATELLITES FOR TWO MAJOR EUROPEAN OPERATORS

April 16, Erik Larson

A launch for the International Space Station

Aviation List. Admitted Liability: In aviation insurance, payments to an injured passenger made without the need of establishing liability.

Evaluation of Alternative Aircraft Types Dr. Peter Belobaba

The Dangers of Interaction with Modular and Self-Healing Avionics Applications: Redundancy Considered Harmful

COCKPIT. resource management. Getting the most out of your avionics potential

NATIONAL PILOT LICENCING

VORCORE/STRATEOLE. VORCORE / STRATEOLE Workshop. September 16-17, Paris VORCORE SYSTEM DESCRIPTION VORCORE IMPLEMENTATION 1/10/02

Study and Reference Guide. Flight Instructor Rating

ESPANOL SANTILLANA PRACTICE WORKBOOK HIGH SCHOOL 1 TEACHER'S EDITION

INVESTIGATION REPORT. Incident to ATR registered F-GVZG on 11 September 2011 at Marseille

Flight 158 ARIANE 5. Follow the launch live on the internet broadband at (starting 20 minutes before lift-off)

Airmen s Academic Examination

(a) This part prescribes rules governing the operation in the United States, of the following:

Built-In Diagnostics

EMC Unisphere 360 for VMAX

SIMULATION TECHNOLOGY FOR FREE FLIGHT SYSTEM PERFORMANCE AND SURVIVABILITY ANALYSIS

USE OF RADAR IN THE APPROACH CONTROL SERVICE

Questionnaire on possible legal issues with regard to aerospace objects: replies from Member States

A Human Factors Approach to Preventing Tail Strikes. Captain Vern Jeremica Senior Safety Pilot Boeing Commercial Airplanes May 2004

SpaceWorks Commercial: Evolutional Launch Concept for Pico/Nano Satellites Template

Satellites launched for Europe and India

Discuss issues observed during the trial and implementation of ADS-B including review items from ADS-B Problem report database ADS-B ISSUES

Review of the Space Shuttle Program

Addendum: UAV Avionics

Sven Kaltenhäuser, Frank Morlang, Dirk-Roger Schmitt German Aerospace Center DLR

UNIQUE DEPENDABILITY ISSUES FOR COMMERCIAL AIRPLANE FLY BY WIRE SYSTEMS

IDG damage due to low oil level operation

TILOS & P3 DATA INTERFACE PAUL E HARRIS EASTWOOD HARRIS PTY LTD. 24 July 2007

An Automated Airspace Concept for the Next Generation Air Traffic Control System

TIMS & PowerSchool 2/3/2016. TIMS and PowerSchool. Session Overview

COntents. ~e a closer look. Take a closer look. 'Oldie but a goodie': but is it still airworthy? 2. Your aircraft, your responsibility 5

Navigation Instruction Manual Additional manual to the standard instruction manual

QuickSilver Controls, Inc. Application Note:QCI-AN034

Dell EMC Unisphere 360

Transcription:

The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its maiden flight Ian Sommerville 2001 CS 365 Ariane 5 launcher failure Slide 1

Ariane 5 A European rocket designed to launch commercial payloads (e.g.communications satellites, etc.) into Earth orbit Successor to the successful Ariane 4 launchers Ariane 5 can carry a heavier payload than Ariane 4 Ian Sommerville 2001 CS 365 Ariane 5 launcher failure Slide 2

Launcher failure Appoximately 37 seconds after a successful liftoff, the Ariane 5 launcher lost control Incorrect control signals were sent to the engines and these swivelled so that unsustainable stresses were imposed on the rocket It started to break up and self-destructed The system failure was a direct result of a software failure. However, it was symptomatic of a more general systems validation failure Ian Sommerville 2001 CS 365 Ariane 5 launcher failure Slide 3

The problem The attitude and trajectory of the rocket are measured by a computer-based inertial reference system. This transmits commands to the engines to maintain attitude and direction The software failed and this system and the backup system shut down Diagnostic commands were transmitted to the engines which interpreted them as real data and which swivelled to an extreme position Ian Sommerville 2001 CS 365 Ariane 5 launcher failure Slide 4

Software failure Software failure occurred when an attempt to convert a 64-bit floating point number to a signed 16-bit integer caused the number to overflow. There was no exception handler associated with the conversion so the system exception management facilities were invoked. These shut down the software. The backup software was a copy and behaved in exactly the same way. Ian Sommerville 2001 CS 365 Ariane 5 launcher failure Slide 5

Avoidable failure? The software that failed was reused from the Ariane 4 launch vehicle. The computation that resulted in overflow was not used by Ariane 5. Decisions were made Not to remove the facility as this could introduce new faults Not to test for overflow exceptions because the processor was heavily loaded. For dependability reasons, it was thought desirable to have some spare processor capacity Ian Sommerville 2001 CS 365 Ariane 5 launcher failure Slide 6

Why not Ariane 4? The physical characteristics of Ariane 4 (A smaller vehicle) are such that it has a lower initial acceleration and build up of horizontal velocity than Ariane 5 The value of the variable on Ariane 4 could never reach a level that caused overflow during the launch period. Ian Sommerville 2001 CS 365 Ariane 5 launcher failure Slide 7

Validation failure As the facility that failed was not required for Ariane 5, there was no requirement associated with it. As there was no associated requirement, there were no tests of that part of the software and hence no possibility of discovering the problem. During system testing, simulators of the inertial reference system computers were used. These did not generate the error as there was no requirement! Ian Sommerville 2001 CS 365 Ariane 5 launcher failure Slide 8

Review failure The design and code of all software should be reviewed for problems during the development process Either The inertial reference system software was not reviewed because it had been used in a previous version The review failed to expose the problem or that the test coverage would not reveal the problem The review failed to appreciate the consequences of system shutdown during a launch Ian Sommerville 2001 CS 365 Ariane 5 launcher failure Slide 9

Lessons learned Don t run software in critical systems unless it is actually needed As well as testing for what the system should do, you may also have to test for what the system should not do Do not have a default exception handling response which is system shut-down in systems that have no fail-safe state Ian Sommerville 2001 CS 365 Ariane 5 launcher failure Slide 10

Lessons learned In critical computations, always return best effort values even if the absolutely correct values cannot be computed Wherever possible, use real equipment and not simulations Improve the review process to include external participants and review all assumptions made in the code Ian Sommerville 2001 CS 365 Ariane 5 launcher failure Slide 11

Avoidable failure The designer s of Ariane 5 made a critical and elementary error. They designed a system where a single component failure could cause the entire system to fail Ian Sommerville 2001 CS 365 Ariane 5 launcher failure Slide 12

2024 © travelsdocbox.com Privacy Policy | Terms of Service | Feedback