SlideShare una empresa de Scribd logo

Ariane 5 launcher failure

Descargar como PPTX, PDF
S
sommerville-videos

Explains the causes of the Ariane 5 launcher failure in 1996. Due to a failure in the software controlling the inertial navigation system Video: http://www.youtube.com/watch?v=W3YJeoYgozw

TecnologíaSalud y medicina
1 de 26
The Ariane 5 Launcher Failure Ian Sommerville Ariane launcher failure, Case study, 2013 Slide 1
June 4th 1996 Total failure of the Ariane 5 launcher on its maiden flight Ariane launcher failure, Case study, 2013 Slide 2
Ariane 5 • A European rocket designed to launch commercial payloads (e.g.communications satellites, etc.) into Earth orbit • Successor to the successful Ariane 4 launchers Ariane launcher failure, Case study, 2013 Slide 3
Ariane launcher failure, Case study, 2013 Slide 4
• Ariane 5 can carry a heavier payload than Ariane 4 • Now the standard launch vehicle for the European Space Agency Ariane launcher failure, Case study, 2013 Slide 5
Ariane launcher failure, Case study, 2013 Slide 6
Launcher failure • First test launch of Ariane 5 in June 1996 • Appoximately 37 seconds after a successful lift-off, the Ariane 5 launcher lost control Ariane launcher failure, Case study, 2013 Slide 7
Ariane launcher failure, Case study, 2013 Slide 8
• Incorrect control signals were sent to the engines and these swivelled so that unsustainable stresses were imposed on the rocket • The vehicle started to break up because of the stresses imposed and selfdestructed Ariane launcher failure, Case study, 2013 Slide 9
The problem • The attitude and trajectory of the rocket are measured by a computer-based inertial reference system. • The IRS transmits commands to the engines to maintain attitude (the angle to the vertical) and direction Ariane launcher failure, Case study, 2013 Slide 10
• The system failure was a direct result of a software failure. • However, it was symptomatic of a more general systems validation failure Ariane launcher failure, Case study, 2013 Slide 11
Sensors IRS 1 IRS 2 Instructions to engine control system Ariane launcher failure, Case study, 2013 Slide 12
• The IRS had both a primary and a backup computer • The backup computer was included to cope with hardware failure but both the primary and the backup system ran the same software. Ariane launcher failure, Case study, 2013 Slide 13
• The IRS software in both the primary and the backup computer shut itself down 37 seconds after take-off • Diagnostic data about the shutdown was sent to the engine control system • This system did not expect such data and interpreted these as real data • The values were such that the system swivelled the rocket engines to an extreme position Ariane launcher failure, Case study, 2013 Slide 14
Software failure • Software failure occurred when an attempt to convert a 64-bit floating point number representing the horizontal velocity to a signed 16-bit integer caused the number to overflow (become too big). Ariane launcher failure, Case study, 2013 Slide 15
0 111111111111111 Sign Ariane launcher failure, Case study, 2013 16-bit integer Max value (32768) Slide 16
• There was no exception handler associated with the conversion so the system exception management facilities were invoked. These shut down the software controlling the IRS. • Redundant but not diverse software • The backup software was a copy and behaved in exactly the same way i.e. the number overflowed and the system was shut down Ariane launcher failure, Case study, 2013 Slide 17
Avoidable failure? • The software that failed was reused from the Ariane 4 launch vehicle. The computation that resulted in overflow was not used by Ariane 5. • The calculations had been transferred to a ground-based system in Ariane 5 Ariane launcher failure, Case study, 2013 Slide 18
Implementation decisions • Decisions were made – Not to remove the facility as this could introduce new faults – Not to test for overflow exceptions because the processor was heavily loaded. – For dependability reasons, it was thought desirable to have some spare processor capacity Ariane launcher failure, Case study, 2013 Slide 19
Why not Ariane 4? • The physical characteristics of Ariane 4 (A smaller vehicle) are such that it has a lower initial acceleration and build up of horizontal velocity than Ariane 5 • The value of the variable on Ariane 4 could never reach a level that caused overflow during the launch period. • This calculation had been carried out during the development of Ariane 4 and it was therefore decided that no overflow check was required Ariane launcher failure, Case study, 2013 Slide 20
Validation failure • As the facility that failed was not required for Ariane 5, there was no requirement associated with it. • As there was no associated requirement, there were no tests of that part of the software and hence no possibility of discovering the problem. Ariane launcher failure, Case study, 2013 Slide 21
Simulator-based testing • During system testing, simulators of the inertial reference system computers were used. • These did not generate the error as there was no requirement for the unused code to be included in the simulator Ariane launcher failure, Case study, 2013 Slide 22
Review failure • Review failures? • The inertial reference system software was not reviewed because it had been used in a previous version • The review failed to expose the problem or that the test coverage would not reveal the problem • The review failed to appreciate the consequences of system shutdown during a launch Ariane launcher failure, Case study, 2013 Slide 23
Ariane launcher failure, Case study, 2013 Slide 24
Lessons learned • Don’t run software in critical systems unless it is actually needed • As well as testing for what the system should do, you may also have to test for what the system should not do • Do not have a default exception handling response which is system shut-down in systems that have no fail-safe state Ariane launcher failure, Case study, 2013 Slide 25
Lessons learned • In critical computations, always return best effort values even if the absolutely correct values cannot be computed • Wherever possible, use real equipment and not simulations • Improve the review process to include external participants and review all assumptions made in the code Ariane launcher failure, Case study, 2013 Slide 26

Recomendados

CS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureCS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureIan Sommerville
 
Ariane 5 launcher failure - why did it happen
Ariane 5 launcher failure - why did it happenAriane 5 launcher failure - why did it happen
Ariane 5 launcher failure - why did it happensoftware-engineering-book
 
Ariane-5 shuttle Case study fault tollerance
Ariane-5 shuttle Case study fault tolleranceAriane-5 shuttle Case study fault tollerance
Ariane-5 shuttle Case study fault tolleranceDharshana Kasun Warusavitharana
 
SOFTWARE TESTING UNIT-4
SOFTWARE TESTING UNIT-4 SOFTWARE TESTING UNIT-4
SOFTWARE TESTING UNIT-4 Mohammad Faizan
 
McCall's Quality Factors
McCall's Quality FactorsMcCall's Quality Factors
McCall's Quality FactorsUsman Khan
 
Eleven step of software testing process
Eleven step of software testing processEleven step of software testing process
Eleven step of software testing processHimanshu
 
Formal Methods lecture 01
Formal Methods lecture 01Formal Methods lecture 01
Formal Methods lecture 01Sidra Ashraf
 
Manual testing ppt
Manual testing pptManual testing ppt
Manual testing pptSantosh Maranabasari
 

Recomendados

CS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureCS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureIan Sommerville
 
Ariane 5 launcher failure - why did it happen
Ariane 5 launcher failure - why did it happenAriane 5 launcher failure - why did it happen
Ariane 5 launcher failure - why did it happensoftware-engineering-book
 
Ariane-5 shuttle Case study fault tollerance
Ariane-5 shuttle Case study fault tolleranceAriane-5 shuttle Case study fault tollerance
Ariane-5 shuttle Case study fault tolleranceDharshana Kasun Warusavitharana
 
SOFTWARE TESTING UNIT-4
SOFTWARE TESTING UNIT-4 SOFTWARE TESTING UNIT-4
SOFTWARE TESTING UNIT-4 Mohammad Faizan
 
McCall's Quality Factors
McCall's Quality FactorsMcCall's Quality Factors
McCall's Quality FactorsUsman Khan
 
Eleven step of software testing process
Eleven step of software testing processEleven step of software testing process
Eleven step of software testing processHimanshu
 
Formal Methods lecture 01
Formal Methods lecture 01Formal Methods lecture 01
Formal Methods lecture 01Sidra Ashraf
 
Manual testing ppt
Manual testing pptManual testing ppt
Manual testing pptSantosh Maranabasari
 
Software testing
Software testingSoftware testing
Software testingssusere50573
 
Software Testing Strategies
Software Testing StrategiesSoftware Testing Strategies
Software Testing StrategiesNayyabMirTahir
 
AutoPilot
AutoPilotAutoPilot
AutoPilotAbhay Garþhade
 
System testing
System testingSystem testing
System testingSifat Hossain
 
Requirements prioritization
Requirements prioritizationRequirements prioritization
Requirements prioritizationSyed Zaid Irshad
 
Chapter 01 software engineering pressman
Chapter 01 software engineering pressmanChapter 01 software engineering pressman
Chapter 01 software engineering pressmanRohitGoyal183
 
Ian Sommerville, Software Engineering, 9th Edition Ch 4
Ian Sommerville, Software Engineering, 9th Edition Ch 4Ian Sommerville, Software Engineering, 9th Edition Ch 4
Ian Sommerville, Software Engineering, 9th Edition Ch 4Mohammed Romi
 
Software Engineering- Crisis and Process Models
Software Engineering- Crisis and Process ModelsSoftware Engineering- Crisis and Process Models
Software Engineering- Crisis and Process ModelsNishu Rastogi
 
V Model and W Model
V Model and W ModelV Model and W Model
V Model and W ModelMuhammad Asim
 
Software Engineering - Ch1
Software Engineering - Ch1Software Engineering - Ch1
Software Engineering - Ch1Siddharth Ayer
 
Black box testing or behavioral testing
Black box testing or behavioral testingBlack box testing or behavioral testing
Black box testing or behavioral testingSlideshare
 
Software Testing
Software TestingSoftware Testing
Software TestingMousmi Pawar
 
CSPC/ PPS Full 5 unit ppt
CSPC/ PPS Full 5 unit pptCSPC/ PPS Full 5 unit ppt
CSPC/ PPS Full 5 unit pptAnkur Srivastava
 
Chapter 13 software testing strategies
Chapter 13 software testing strategiesChapter 13 software testing strategies
Chapter 13 software testing strategiesSHREEHARI WADAWADAGI
 
Hardware/Software Integration Testing
Hardware/Software Integration TestingHardware/Software Integration Testing
Hardware/Software Integration TestingJohan Hoberg
 
Chapter 1 introduction
Chapter 1 introductionChapter 1 introduction
Chapter 1 introductionPiyush Gogia
 
Virtual machines and their architecture
Virtual machines and their architectureVirtual machines and their architecture
Virtual machines and their architectureMrinmoy Dalal
 
EARS: The Easy Approach to Requirements Syntax
EARS: The Easy Approach to Requirements SyntaxEARS: The Easy Approach to Requirements Syntax
EARS: The Easy Approach to Requirements SyntaxTechWell
 
software project management
software project managementsoftware project management
software project managementdeep sharma
 
3. ch 2-process model
3. ch 2-process model3. ch 2-process model
3. ch 2-process modelDelowar hossain
 
Architectural patterns for real-time systems
Architectural patterns for real-time systemsArchitectural patterns for real-time systems
Architectural patterns for real-time systemssommerville-videos
 
Stakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernsStakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernssommerville-videos
 

Más contenido relacionado

La actualidad más candente

Software Testing Strategies
Software Testing StrategiesSoftware Testing Strategies
Software Testing StrategiesNayyabMirTahir
 
Requirements prioritization
Requirements prioritizationRequirements prioritization
Requirements prioritizationSyed Zaid Irshad
 
Chapter 01 software engineering pressman
Chapter 01 software engineering pressmanChapter 01 software engineering pressman
Chapter 01 software engineering pressmanRohitGoyal183
 
Ian Sommerville, Software Engineering, 9th Edition Ch 4
Ian Sommerville, Software Engineering, 9th Edition Ch 4Ian Sommerville, Software Engineering, 9th Edition Ch 4
Ian Sommerville, Software Engineering, 9th Edition Ch 4Mohammed Romi
 
Software Engineering- Crisis and Process Models
Software Engineering- Crisis and Process ModelsSoftware Engineering- Crisis and Process Models
Software Engineering- Crisis and Process ModelsNishu Rastogi
 
Software Engineering - Ch1
Software Engineering - Ch1Software Engineering - Ch1
Software Engineering - Ch1Siddharth Ayer
 
Black box testing or behavioral testing
Black box testing or behavioral testingBlack box testing or behavioral testing
Black box testing or behavioral testingSlideshare
 
Chapter 13 software testing strategies
Chapter 13 software testing strategiesChapter 13 software testing strategies
Chapter 13 software testing strategiesSHREEHARI WADAWADAGI
 
Hardware/Software Integration Testing
Hardware/Software Integration TestingHardware/Software Integration Testing
Hardware/Software Integration TestingJohan Hoberg
 
Chapter 1 introduction
Chapter 1 introductionChapter 1 introduction
Chapter 1 introductionPiyush Gogia
 
Virtual machines and their architecture
Virtual machines and their architectureVirtual machines and their architecture
Virtual machines and their architectureMrinmoy Dalal
 
EARS: The Easy Approach to Requirements Syntax
EARS: The Easy Approach to Requirements SyntaxEARS: The Easy Approach to Requirements Syntax
EARS: The Easy Approach to Requirements SyntaxTechWell
 
software project management
software project managementsoftware project management
software project managementdeep sharma
 

La actualidad más candente (20)

Software testing
Software testingSoftware testing
Software testing
 
Software Testing Strategies
Software Testing StrategiesSoftware Testing Strategies
Software Testing Strategies
 
AutoPilot
AutoPilotAutoPilot
AutoPilot
 
System testing
System testingSystem testing
System testing
 
Requirements prioritization
Requirements prioritizationRequirements prioritization
Requirements prioritization
 
Chapter 01 software engineering pressman
Chapter 01 software engineering pressmanChapter 01 software engineering pressman
Chapter 01 software engineering pressman
 
Ian Sommerville, Software Engineering, 9th Edition Ch 4
Ian Sommerville, Software Engineering, 9th Edition Ch 4Ian Sommerville, Software Engineering, 9th Edition Ch 4
Ian Sommerville, Software Engineering, 9th Edition Ch 4
 
Software Engineering- Crisis and Process Models
Software Engineering- Crisis and Process ModelsSoftware Engineering- Crisis and Process Models
Software Engineering- Crisis and Process Models
 
V Model and W Model
V Model and W ModelV Model and W Model
V Model and W Model
 
Software Engineering - Ch1
Software Engineering - Ch1Software Engineering - Ch1
Software Engineering - Ch1
 
Black box testing or behavioral testing
Black box testing or behavioral testingBlack box testing or behavioral testing
Black box testing or behavioral testing
 
Software Testing
Software TestingSoftware Testing
Software Testing
 
CSPC/ PPS Full 5 unit ppt
CSPC/ PPS Full 5 unit pptCSPC/ PPS Full 5 unit ppt
CSPC/ PPS Full 5 unit ppt
 
Chapter 13 software testing strategies
Chapter 13 software testing strategiesChapter 13 software testing strategies
Chapter 13 software testing strategies
 
Hardware/Software Integration Testing
Hardware/Software Integration TestingHardware/Software Integration Testing
Hardware/Software Integration Testing
 
Chapter 1 introduction
Chapter 1 introductionChapter 1 introduction
Chapter 1 introduction
 
Virtual machines and their architecture
Virtual machines and their architectureVirtual machines and their architecture
Virtual machines and their architecture
 
EARS: The Easy Approach to Requirements Syntax
EARS: The Easy Approach to Requirements SyntaxEARS: The Easy Approach to Requirements Syntax
EARS: The Easy Approach to Requirements Syntax
 
software project management
software project managementsoftware project management
software project management
 
3. ch 2-process model
3. ch 2-process model3. ch 2-process model
3. ch 2-process model
 

Destacado

Architectural patterns for real-time systems
Architectural patterns for real-time systemsArchitectural patterns for real-time systems
Architectural patterns for real-time systemssommerville-videos
 
Stakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernsStakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernssommerville-videos
 
Requirements engineering processes
Requirements engineering processesRequirements engineering processes
Requirements engineering processessommerville-videos
 
Requirements engineering challenges
Requirements engineering challengesRequirements engineering challenges
Requirements engineering challengessommerville-videos
 
Introduction to real time software systems script
Introduction to real time software systems scriptIntroduction to real time software systems script
Introduction to real time software systems scriptsommerville-videos
 
Agile and plan based development processes
Agile and plan based development processesAgile and plan based development processes
Agile and plan based development processessommerville-videos
 
Fundamental software engineering activities
Fundamental software engineering activitiesFundamental software engineering activities
Fundamental software engineering activitiessommerville-videos
 
Agile methods for large systems
Agile methods for large systemsAgile methods for large systems
Agile methods for large systemssommerville-videos
 
Introduction to systems of systems
Introduction to systems of systemsIntroduction to systems of systems
Introduction to systems of systemssommerville-videos
 
Introducing Software Engineering
Introducing Software EngineeringIntroducing Software Engineering
Introducing Software Engineeringsommerville-videos
 
System of systems classification
System of systems classificationSystem of systems classification
System of systems classificationsommerville-videos
 

Destacado (20)

Architectural patterns for real-time systems
Architectural patterns for real-time systemsArchitectural patterns for real-time systems
Architectural patterns for real-time systems
 
Stakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernsStakeholders, viewpoints and concerns
Stakeholders, viewpoints and concerns
 
User stories
User storiesUser stories
User stories
 
Airbus Flight Control System
Airbus Flight Control SystemAirbus Flight Control System
Airbus Flight Control System
 
Requirements engineering processes
Requirements engineering processesRequirements engineering processes
Requirements engineering processes
 
Requirements engineering challenges
Requirements engineering challengesRequirements engineering challenges
Requirements engineering challenges
 
Intro to requirements eng.
Intro to requirements eng.Intro to requirements eng.
Intro to requirements eng.
 
Introduction to real time software systems script
Introduction to real time software systems scriptIntroduction to real time software systems script
Introduction to real time software systems script
 
Availability and reliability
Availability and reliabilityAvailability and reliability
Availability and reliability
 
Agile and plan based development processes
Agile and plan based development processesAgile and plan based development processes
Agile and plan based development processes
 
Fundamental software engineering activities
Fundamental software engineering activitiesFundamental software engineering activities
Fundamental software engineering activities
 
Agile methods for large systems
Agile methods for large systemsAgile methods for large systems
Agile methods for large systems
 
Introduction to systems of systems
Introduction to systems of systemsIntroduction to systems of systems
Introduction to systems of systems
 
Reuse landscape
Reuse landscapeReuse landscape
Reuse landscape
 
Introducing Software Engineering
Introducing Software EngineeringIntroducing Software Engineering
Introducing Software Engineering
 
System of systems classification
System of systems classificationSystem of systems classification
System of systems classification
 
Warsaw airbus accident
Warsaw airbus accidentWarsaw airbus accident
Warsaw airbus accident
 
Scaling agile
Scaling agileScaling agile
Scaling agile
 
Critical systems engineering
Critical systems engineeringCritical systems engineering
Critical systems engineering
 
Why se script
Why se scriptWhy se script
Why se script
 

Similar a Ariane 5 launcher failure

Ariane 5 Failure Reason By Faisal Shahzad
Ariane 5 Failure Reason By Faisal ShahzadAriane 5 Failure Reason By Faisal Shahzad
Ariane 5 Failure Reason By Faisal ShahzadFaisal Shehzad
 
Western Iowa Tech Community College Fluke Connect Student Contest Presentation
Western Iowa Tech Community College Fluke Connect Student Contest PresentationWestern Iowa Tech Community College Fluke Connect Student Contest Presentation
Western Iowa Tech Community College Fluke Connect Student Contest Presentationflukecontests
 
Software-Testing.pdf
Software-Testing.pdfSoftware-Testing.pdf
Software-Testing.pdfSalim533277
 
Scientific disaster
Scientific disasterScientific disaster
Scientific disasterFahad Ameen
 
Dependable Systems - Introduction (1/16)
Dependable Systems - Introduction (1/16)Dependable Systems - Introduction (1/16)
Dependable Systems - Introduction (1/16)Peter Tröger
 
Mt s12 test_execution
Mt s12 test_executionMt s12 test_execution
Mt s12 test_executionTestingGeeks
 
Equipment Troubleshooting or Root Cause analysis? Is there a Difference?
Equipment Troubleshooting or Root Cause analysis? Is there a Difference?Equipment Troubleshooting or Root Cause analysis? Is there a Difference?
Equipment Troubleshooting or Root Cause analysis? Is there a Difference?Christopher Vallee
 
Failure Mode Effects & Analysis
Failure Mode Effects & AnalysisFailure Mode Effects & Analysis
Failure Mode Effects & AnalysisMuhammad Rezvani
 
Test automation engineer
Test automation engineerTest automation engineer
Test automation engineerSadaaki Emura
 
Fluke contest entry
Fluke contest entryFluke contest entry
Fluke contest entryChad Plante
 
Risk management and business protection with Coding Standardization & Static ...
Risk management and business protection with Coding Standardization & Static ...Risk management and business protection with Coding Standardization & Static ...
Risk management and business protection with Coding Standardization & Static ...Itris Automation Square
 
advanced industrial automation and robotics
advanced industrial automation and roboticsadvanced industrial automation and robotics
advanced industrial automation and roboticsKunal mane
 
What Aircrews Can Teach Testing Teams
What Aircrews Can Teach Testing TeamsWhat Aircrews Can Teach Testing Teams
What Aircrews Can Teach Testing TeamsPeter Varhol
 
Test Automation Improvement by Machine Learning Jasst'21 Tokyo
Test Automation Improvement by Machine Learning Jasst'21 TokyoTest Automation Improvement by Machine Learning Jasst'21 Tokyo
Test Automation Improvement by Machine Learning Jasst'21 TokyoSadaaki Emura
 
Software Testing - Sajid Sidi
Software Testing - Sajid SidiSoftware Testing - Sajid Sidi
Software Testing - Sajid SidiSajid Sidi
 
Goodman Final Presentation_French_Jeremy
Goodman Final Presentation_French_JeremyGoodman Final Presentation_French_Jeremy
Goodman Final Presentation_French_JeremyJeremy French
 

Similar a Ariane 5 launcher failure (20)

Ariane 5 Failure Reason By Faisal Shahzad
Ariane 5 Failure Reason By Faisal ShahzadAriane 5 Failure Reason By Faisal Shahzad
Ariane 5 Failure Reason By Faisal Shahzad
 
Ariane 5 failure
Ariane 5 failureAriane 5 failure
Ariane 5 failure
 
Western Iowa Tech Community College Fluke Connect Student Contest Presentation
Western Iowa Tech Community College Fluke Connect Student Contest PresentationWestern Iowa Tech Community College Fluke Connect Student Contest Presentation
Western Iowa Tech Community College Fluke Connect Student Contest Presentation
 
Software-Testing.pdf
Software-Testing.pdfSoftware-Testing.pdf
Software-Testing.pdf
 
Scientific disaster
Scientific disasterScientific disaster
Scientific disaster
 
Dependable Systems - Introduction (1/16)
Dependable Systems - Introduction (1/16)Dependable Systems - Introduction (1/16)
Dependable Systems - Introduction (1/16)
 
Mt s12 test_execution
Mt s12 test_executionMt s12 test_execution
Mt s12 test_execution
 
Equipment Troubleshooting or Root Cause analysis? Is there a Difference?
Equipment Troubleshooting or Root Cause analysis? Is there a Difference?Equipment Troubleshooting or Root Cause analysis? Is there a Difference?
Equipment Troubleshooting or Root Cause analysis? Is there a Difference?
 
Failure Mode Effects & Analysis
Failure Mode Effects & AnalysisFailure Mode Effects & Analysis
Failure Mode Effects & Analysis
 
Ariane 5 failure
Ariane 5 failureAriane 5 failure
Ariane 5 failure
 
Test automation engineer
Test automation engineerTest automation engineer
Test automation engineer
 
Fluke contest entry
Fluke contest entryFluke contest entry
Fluke contest entry
 
Ch23
Ch23Ch23
Ch23
 
Risk management and business protection with Coding Standardization & Static ...
Risk management and business protection with Coding Standardization & Static ...Risk management and business protection with Coding Standardization & Static ...
Risk management and business protection with Coding Standardization & Static ...
 
advanced industrial automation and robotics
advanced industrial automation and roboticsadvanced industrial automation and robotics
advanced industrial automation and robotics
 
What Aircrews Can Teach Testing Teams
What Aircrews Can Teach Testing TeamsWhat Aircrews Can Teach Testing Teams
What Aircrews Can Teach Testing Teams
 
Test Automation Improvement by Machine Learning Jasst'21 Tokyo
Test Automation Improvement by Machine Learning Jasst'21 TokyoTest Automation Improvement by Machine Learning Jasst'21 Tokyo
Test Automation Improvement by Machine Learning Jasst'21 Tokyo
 
Software Testing - Sajid Sidi
Software Testing - Sajid SidiSoftware Testing - Sajid Sidi
Software Testing - Sajid Sidi
 
pega unit testing
pega unit testingpega unit testing
pega unit testing
 
Goodman Final Presentation_French_Jeremy
Goodman Final Presentation_French_JeremyGoodman Final Presentation_French_Jeremy
Goodman Final Presentation_French_Jeremy
 

Más de sommerville-videos

Introducing sociotechnical systems
Introducing sociotechnical systemsIntroducing sociotechnical systems
Introducing sociotechnical systemssommerville-videos
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issuesommerville-videos
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causessommerville-videos
 
Cybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurityCybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecuritysommerville-videos
 

Más de sommerville-videos (10)

Emergent properties
Emergent propertiesEmergent properties
Emergent properties
 
Introducing sociotechnical systems
Introducing sociotechnical systemsIntroducing sociotechnical systems
Introducing sociotechnical systems
 
System success and failure
System success and failureSystem success and failure
System success and failure
 
System security
System securitySystem security
System security
 
System dependability
System dependabilitySystem dependability
System dependability
 
System safety
System safetySystem safety
System safety
 
Cybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issueCybersecurity 4 security is sociotechnical issue
Cybersecurity 4 security is sociotechnical issue
 
Cybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causesCybersecurity 3 cybersecurity costs and causes
Cybersecurity 3 cybersecurity costs and causes
 
Cybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacksCybersecurity 2 cyber attacks
Cybersecurity 2 cyber attacks
 
Cybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurityCybersecurity 1 intro to cybersecurity
Cybersecurity 1 intro to cybersecurity
 

Último

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 

Último (20)

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 

Ariane 5 launcher failure

  • 1. The Ariane 5 Launcher Failure Ian Sommerville Ariane launcher failure, Case study, 2013 Slide 1
  • 2. June 4th 1996 Total failure of the Ariane 5 launcher on its maiden flight Ariane launcher failure, Case study, 2013 Slide 2
  • 3. Ariane 5 • A European rocket designed to launch commercial payloads (e.g.communications satellites, etc.) into Earth orbit • Successor to the successful Ariane 4 launchers Ariane launcher failure, Case study, 2013 Slide 3
  • 4. Ariane launcher failure, Case study, 2013 Slide 4
  • 5. • Ariane 5 can carry a heavier payload than Ariane 4 • Now the standard launch vehicle for the European Space Agency Ariane launcher failure, Case study, 2013 Slide 5
  • 6. Ariane launcher failure, Case study, 2013 Slide 6
  • 7. Launcher failure • First test launch of Ariane 5 in June 1996 • Appoximately 37 seconds after a successful lift-off, the Ariane 5 launcher lost control Ariane launcher failure, Case study, 2013 Slide 7
  • 8. Ariane launcher failure, Case study, 2013 Slide 8
  • 9. • Incorrect control signals were sent to the engines and these swivelled so that unsustainable stresses were imposed on the rocket • The vehicle started to break up because of the stresses imposed and selfdestructed Ariane launcher failure, Case study, 2013 Slide 9
  • 10. The problem • The attitude and trajectory of the rocket are measured by a computer-based inertial reference system. • The IRS transmits commands to the engines to maintain attitude (the angle to the vertical) and direction Ariane launcher failure, Case study, 2013 Slide 10
  • 11. • The system failure was a direct result of a software failure. • However, it was symptomatic of a more general systems validation failure Ariane launcher failure, Case study, 2013 Slide 11
  • 12. Sensors IRS 1 IRS 2 Instructions to engine control system Ariane launcher failure, Case study, 2013 Slide 12
  • 13. • The IRS had both a primary and a backup computer • The backup computer was included to cope with hardware failure but both the primary and the backup system ran the same software. Ariane launcher failure, Case study, 2013 Slide 13
  • 14. • The IRS software in both the primary and the backup computer shut itself down 37 seconds after take-off • Diagnostic data about the shutdown was sent to the engine control system • This system did not expect such data and interpreted these as real data • The values were such that the system swivelled the rocket engines to an extreme position Ariane launcher failure, Case study, 2013 Slide 14
  • 15. Software failure • Software failure occurred when an attempt to convert a 64-bit floating point number representing the horizontal velocity to a signed 16-bit integer caused the number to overflow (become too big). Ariane launcher failure, Case study, 2013 Slide 15
  • 16. 0 111111111111111 Sign Ariane launcher failure, Case study, 2013 16-bit integer Max value (32768) Slide 16
  • 17. • There was no exception handler associated with the conversion so the system exception management facilities were invoked. These shut down the software controlling the IRS. • Redundant but not diverse software • The backup software was a copy and behaved in exactly the same way i.e. the number overflowed and the system was shut down Ariane launcher failure, Case study, 2013 Slide 17
  • 18. Avoidable failure? • The software that failed was reused from the Ariane 4 launch vehicle. The computation that resulted in overflow was not used by Ariane 5. • The calculations had been transferred to a ground-based system in Ariane 5 Ariane launcher failure, Case study, 2013 Slide 18
  • 19. Implementation decisions • Decisions were made – Not to remove the facility as this could introduce new faults – Not to test for overflow exceptions because the processor was heavily loaded. – For dependability reasons, it was thought desirable to have some spare processor capacity Ariane launcher failure, Case study, 2013 Slide 19
  • 20. Why not Ariane 4? • The physical characteristics of Ariane 4 (A smaller vehicle) are such that it has a lower initial acceleration and build up of horizontal velocity than Ariane 5 • The value of the variable on Ariane 4 could never reach a level that caused overflow during the launch period. • This calculation had been carried out during the development of Ariane 4 and it was therefore decided that no overflow check was required Ariane launcher failure, Case study, 2013 Slide 20
  • 21. Validation failure • As the facility that failed was not required for Ariane 5, there was no requirement associated with it. • As there was no associated requirement, there were no tests of that part of the software and hence no possibility of discovering the problem. Ariane launcher failure, Case study, 2013 Slide 21
  • 22. Simulator-based testing • During system testing, simulators of the inertial reference system computers were used. • These did not generate the error as there was no requirement for the unused code to be included in the simulator Ariane launcher failure, Case study, 2013 Slide 22
  • 23. Review failure • Review failures? • The inertial reference system software was not reviewed because it had been used in a previous version • The review failed to expose the problem or that the test coverage would not reveal the problem • The review failed to appreciate the consequences of system shutdown during a launch Ariane launcher failure, Case study, 2013 Slide 23
  • 24. Ariane launcher failure, Case study, 2013 Slide 24
  • 25. Lessons learned • Don’t run software in critical systems unless it is actually needed • As well as testing for what the system should do, you may also have to test for what the system should not do • Do not have a default exception handling response which is system shut-down in systems that have no fail-safe state Ariane launcher failure, Case study, 2013 Slide 25
  • 26. Lessons learned • In critical computations, always return best effort values even if the absolutely correct values cannot be computed • Wherever possible, use real equipment and not simulations • Improve the review process to include external participants and review all assumptions made in the code Ariane launcher failure, Case study, 2013 Slide 26