SlideShare a Scribd company logo

CS5032 Case study Ariane 5 launcher failure

Download as PPTX, PDF
Ian Sommerville, profile picture
Ian Sommerville

The Ariane 5 rocket failed on its maiden flight 37 seconds after launch due to a software failure. The failure occurred when an attempt to convert a 64-bit number to a 16-bit integer caused an overflow, crashing the inertial reference system and backup system. The failed software was reused from the Ariane 4 without being properly tested or reviewed for the new rocket configuration. This led to an avoidable launch failure 37 seconds into the flight.

Technology
1 of 12
Downloaded 189 times
1
2
3
Most read
4
5
6
7
Most read
8
9
Most read
10
11
12
The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its maiden flight Ariane launcher failure, Case study, 2013 Slide 1
Ariane 5 • A European rocket designed to launch commercial payloads (e.g.communications satellites, etc.) into Earth orbit • Successor to the successful Ariane 4 launchers • Ariane 5 can carry a heavier payload than Ariane 4 Ariane launcher failure, Case study, 2013 Slide 2
Launcher failure • Appoximately 37 seconds after a successful lift-off, the Ariane 5 launcher lost control • Incorrect control signals were sent to the engines and these swivelled so that unsustainable stresses were imposed on the rocket • It started to break up and self-destructed • The system failure was a direct result of a software failure. However, it was symptomatic of a more general systems validation failure Ariane launcher failure, Case study, 2013 Slide 3
The problem • The attitude and trajectory of the rocket are measured by a computer-based inertial reference system. This transmits commands to the engines to maintain attitude and direction • The software failed and this system and the backup system shut down • Diagnostic commands were transmitted to the engines which interpreted them as real data and which swivelled to an extreme position Ariane launcher failure, Case study, 2013 Slide 4
Software failure • Software failure occurred when an attempt to convert a 64- bit floating point number to a signed 16-bit integer caused the number to overflow. • There was no exception handler associated with the conversion so the system exception management facilities were invoked. These shut down the software. • Redundant but not diverse software – The backup software was a copy and behaved in exactly the same way. Ariane launcher failure, Case study, 2013 Slide 5
Avoidable failure? • The software that failed was reused from the Ariane 4 launch vehicle. The computation that resulted in overflow was not used by Ariane 5. • Decisions were made – Not to remove the facility as this could introduce new faults – Not to test for overflow exceptions because the processor was heavily loaded. For dependability reasons, it was thought desirable to have some spare processor capacity Ariane launcher failure, Case study, 2013 Slide 6
Why not Ariane 4? • The physical characteristics of Ariane 4 (A smaller vehicle) are such that it has a lower initial acceleration and build up of horizontal velocity than Ariane 5 • The value of the variable on Ariane 4 could never reach a level that caused overflow during the launch period. Ariane launcher failure, Case study, 2013 Slide 7
Validation failure • As the facility that failed was not required for Ariane 5, there was no requirement associated with it. • As there was no associated requirement, there were no tests of that part of the software and hence no possibility of discovering the problem. • During system testing, simulators of the inertial reference system computers were used. These did not generate the error as there was no requirement! Ariane launcher failure, Case study, 2013 Slide 8
Review failure • The design and code of all software should be reviewed for problems during the development process • Either – The inertial reference system software was not reviewed because it had been used in a previous version – The review failed to expose the problem or that the test coverage would not reveal the problem – The review failed to appreciate the consequences of system shutdown during a launch Ariane launcher failure, Case study, 2013 Slide 9
Lessons learned • Don’t run software in critical systems unless it is actually needed • As well as testing for what the system should do, you may also have to test for what the system should not do • Do not have a default exception handling response which is system shut-down in systems that have no fail-safe state Ariane launcher failure, Case study, 2013 Slide 10
Lessons learned • In critical computations, always return best effort values even if the absolutely correct values cannot be computed • Wherever possible, use real equipment and not simulations • Improve the review process to include external participants and review all assumptions made in the code Ariane launcher failure, Case study, 2013 Slide 11
Avoidable failure • The designer’s of Ariane 5 made a critical and elementary error. • They designed a system where a single component failure could cause the entire system to fail Ariane launcher failure, Case study, 2013 Slide 12

More Related Content

PDF
Chapter 1 introduction
Piyush Gogia
 
PPTX
Layered Software Architecture
Lars-Erik Kindblad
 
PPTX
Ariane 5 launcher failure
sommerville-videos
 
PPTX
Ariane 5 launcher failure - why did it happen
software-engineering-book
 
PDF
Chapter 9 software maintenance
despicable me
 
PDF
Chapter 5 software design
despicable me
 
PDF
Chapter 7 software reliability
despicable me
 
PPTX
Debugging
Jonathan Holloway
 
Chapter 1 introduction
Piyush Gogia
 
Layered Software Architecture
Lars-Erik Kindblad
 
Ariane 5 launcher failure
sommerville-videos
 
Ariane 5 launcher failure - why did it happen
software-engineering-book
 
Chapter 9 software maintenance
despicable me
 
Chapter 5 software design
despicable me
 
Chapter 7 software reliability
despicable me
 
Debugging
Jonathan Holloway
 

What's hot (20)

ODP
Ariane-5 shuttle Case study fault tollerance
Dharshana Kasun Warusavitharana
 
PPTX
White Box Testing
MariamKhan120
 
PPTX
Fault tolerance techniques
ECEDepartmentJSREC
 
PPTX
Disk Scheduling Algorithm in Operating System
Meghaj Mallick
 
PPTX
Decision properties of reular languages
SOMNATHMORE2
 
PPTX
Game playing in AI
Dr. C.V. Suresh Babu
 
PPTX
Introduction to software testing
Hadi Fadlallah
 
PPTX
Software project management Software economics
REHMAT ULLAH
 
PPTX
Robot Software Architecture (Mobile Robots)
Satyanarayana Mekala
 
PPTX
Software testing & Quality Assurance
Webtech Learning
 
PPTX
strong slot and filler
BMS Institute of Technology and Management
 
PPT
Chapter 13 software testing strategies
SHREEHARI WADAWADAGI
 
PDF
FUZZING & SOFTWARE SECURITY TESTING
MuH4f1Z
 
PDF
Software Testing - Defect/Bug Life Cycle - Complete Flow Chart of Defect States
eVideoTuition
 
PPTX
Semaphore
LakshmiSamivel
 
PPTX
Software testing
Bhagyashree pathak
 
PPTX
Hill climbing algorithm
Dr. C.V. Suresh Babu
 
PPTX
Time advance mehcanism
Nikhil Sharma
 
PPTX
Introdution and designing a learning system
swapnac12
 
PPT
Software Verification & Validation
university of education,Lahore
 
Ariane-5 shuttle Case study fault tollerance
Dharshana Kasun Warusavitharana
 
White Box Testing
MariamKhan120
 
Fault tolerance techniques
ECEDepartmentJSREC
 
Disk Scheduling Algorithm in Operating System
Meghaj Mallick
 
Decision properties of reular languages
SOMNATHMORE2
 
Game playing in AI
Dr. C.V. Suresh Babu
 
Introduction to software testing
Hadi Fadlallah
 
Software project management Software economics
REHMAT ULLAH
 
Robot Software Architecture (Mobile Robots)
Satyanarayana Mekala
 
Software testing & Quality Assurance
Webtech Learning
 
strong slot and filler
BMS Institute of Technology and Management
 
Chapter 13 software testing strategies
SHREEHARI WADAWADAGI
 
FUZZING & SOFTWARE SECURITY TESTING
MuH4f1Z
 
Software Testing - Defect/Bug Life Cycle - Complete Flow Chart of Defect States
eVideoTuition
 
Semaphore
LakshmiSamivel
 
Software testing
Bhagyashree pathak
 
Hill climbing algorithm
Dr. C.V. Suresh Babu
 
Time advance mehcanism
Nikhil Sharma
 
Introdution and designing a learning system
swapnac12
 
Software Verification & Validation
university of education,Lahore
 
Ad

Viewers also liked (20)

PPTX
Top Ten Reasons Why Projects Fail
jpstewar
 
PPTX
Security case buffer overflow
Ian Sommerville
 
PPTX
10 reasons why projects fail or common mistakes to avoid
Marianna Semenova
 
PDF
EclipseCon 2010 Bugs and How to Get Heard
moberhuber
 
PPTX
Human failure (LSCITS EngD 2012)
Ian Sommerville
 
PPT
Software Errors Funny and Fatal
Rahul Tiwari
 
PPTX
Ariane 5
Fathima Mifra
 
ODP
Hw for la
school_work89
 
PPTX
Designing software for a million users
Ian Sommerville
 
PDF
Smd aug13 d_vbrief
Lsquirrel
 
PPT
Polish CanSat Launcher
SpaceUpPoland
 
PPTX
Critical Success Factors Affecting Project Performance in Turkish IT Sector -...
systred
 
PPT
Space/Rocket Launching Park, Wenchang, Hainan Island, China 2012
Walter Bone, RLA ASLA
 
PPTX
Failure of Mars Climate Orbiter
Maharsh17
 
PPTX
CS5032 L10 security engineering 2 2013
Ian Sommerville
 
PPTX
CS5032 Case study Maroochy water breach
Ian Sommerville
 
PDF
Projet 2013
nassriro
 
PPT
Social Media: Delivering for Project Management?
Trevor Roberts
 
PPTX
CS5032 L9 security engineering 1 2013
Ian Sommerville
 
PPTX
Software Disasters
Arno Huetter
 
Top Ten Reasons Why Projects Fail
jpstewar
 
Security case buffer overflow
Ian Sommerville
 
10 reasons why projects fail or common mistakes to avoid
Marianna Semenova
 
EclipseCon 2010 Bugs and How to Get Heard
moberhuber
 
Human failure (LSCITS EngD 2012)
Ian Sommerville
 
Software Errors Funny and Fatal
Rahul Tiwari
 
Ariane 5
Fathima Mifra
 
Hw for la
school_work89
 
Designing software for a million users
Ian Sommerville
 
Smd aug13 d_vbrief
Lsquirrel
 
Polish CanSat Launcher
SpaceUpPoland
 
Critical Success Factors Affecting Project Performance in Turkish IT Sector -...
systred
 
Space/Rocket Launching Park, Wenchang, Hainan Island, China 2012
Walter Bone, RLA ASLA
 
Failure of Mars Climate Orbiter
Maharsh17
 
CS5032 L10 security engineering 2 2013
Ian Sommerville
 
CS5032 Case study Maroochy water breach
Ian Sommerville
 
Projet 2013
nassriro
 
Social Media: Delivering for Project Management?
Trevor Roberts
 
CS5032 L9 security engineering 1 2013
Ian Sommerville
 
Software Disasters
Arno Huetter
 
Ad

Similar to CS5032 Case study Ariane 5 launcher failure (15)

PDF
Ariane 5 failure
Madushan Sandaruwan
 
PDF
Ariane 5 Failure Reason By Faisal Shahzad
Faisal Shehzad
 
DOC
The importance of quality software
Egrove Systems Corporation
 
PPTX
Scientific disaster
Fahad Ameen
 
PPT
Ariane 5 failure
Madushan Sandaruwan
 
PPTX
Major Blunder by Computer software Bugs
MUHAMMADMATEEN23
 
PPTX
Sqa l01 1
Seema Shah
 
PPTX
Ariane 5 failure (3)
Madushan Sandaruwan
 
PDF
Lecture 01 - 02 Introduction to Quality Assurance.pdf
mkhawar5
 
DOCX
software failures
Respa Peter
 
PDF
7 historical software bugs
Alexandre Uehara
 
PDF
Chapter 1 introduction
Nishit Kumar
 
PPTX
"Introduction to Software Engineering: concepts, processes, and methodologies."
RISABKUMAR4
 
PPTX
Fletcher risk vs_innovation_120220
NASAPMC
 
PDF
Colwell validation attitude
Obsidian Software
 
Ariane 5 failure
Madushan Sandaruwan
 
Ariane 5 Failure Reason By Faisal Shahzad
Faisal Shehzad
 
The importance of quality software
Egrove Systems Corporation
 
Scientific disaster
Fahad Ameen
 
Ariane 5 failure
Madushan Sandaruwan
 
Major Blunder by Computer software Bugs
MUHAMMADMATEEN23
 
Sqa l01 1
Seema Shah
 
Ariane 5 failure (3)
Madushan Sandaruwan
 
Lecture 01 - 02 Introduction to Quality Assurance.pdf
mkhawar5
 
software failures
Respa Peter
 
7 historical software bugs
Alexandre Uehara
 
Chapter 1 introduction
Nishit Kumar
 
"Introduction to Software Engineering: concepts, processes, and methodologies."
RISABKUMAR4
 
Fletcher risk vs_innovation_120220
NASAPMC
 
Colwell validation attitude
Obsidian Software
 

More from Ian Sommerville (20)

PPTX
Ultra Large Scale Systems
Ian Sommerville
 
PPTX
Resp modellingintro
Ian Sommerville
 
PPTX
Resilience and recovery
Ian Sommerville
 
PPTX
LSCITS-engineering
Ian Sommerville
 
PPTX
Requirements reality
Ian Sommerville
 
PPTX
Dependability requirements for LSCITS
Ian Sommerville
 
PPTX
Conceptual systems design
Ian Sommerville
 
PPTX
Requirements Engineering for LSCITS
Ian Sommerville
 
PPTX
An introduction to LSCITS
Ian Sommerville
 
PPTX
Internet worm-case-study
Ian Sommerville
 
PPTX
CS5032 Case study Kegworth air disaster
Ian Sommerville
 
PPTX
CS5032 L19 cybersecurity 1
Ian Sommerville
 
PPTX
CS5032 L20 cybersecurity 2
Ian Sommerville
 
PPTX
L17 CS5032 critical infrastructure
Ian Sommerville
 
PPTX
CS 5032 L18 Critical infrastructure 2: SCADA systems
Ian Sommerville
 
PPTX
CS5032 L11 validation and reliability testing 2013
Ian Sommerville
 
PPTX
CS 5032 L12 security testing and dependability cases 2013
Ian Sommerville
 
PPTX
CS 5032 L7 dependability engineering 2013
Ian Sommerville
 
PPTX
CS 5032 L6 reliability and security specification 2013
Ian Sommerville
 
PPTX
CS 5032 L5 safety specification 2013
Ian Sommerville
 
Ultra Large Scale Systems
Ian Sommerville
 
Resp modellingintro
Ian Sommerville
 
Resilience and recovery
Ian Sommerville
 
LSCITS-engineering
Ian Sommerville
 
Requirements reality
Ian Sommerville
 
Dependability requirements for LSCITS
Ian Sommerville
 
Conceptual systems design
Ian Sommerville
 
Requirements Engineering for LSCITS
Ian Sommerville
 
An introduction to LSCITS
Ian Sommerville
 
Internet worm-case-study
Ian Sommerville
 
CS5032 Case study Kegworth air disaster
Ian Sommerville
 
CS5032 L19 cybersecurity 1
Ian Sommerville
 
CS5032 L20 cybersecurity 2
Ian Sommerville
 
L17 CS5032 critical infrastructure
Ian Sommerville
 
CS 5032 L18 Critical infrastructure 2: SCADA systems
Ian Sommerville
 
CS5032 L11 validation and reliability testing 2013
Ian Sommerville
 
CS 5032 L12 security testing and dependability cases 2013
Ian Sommerville
 
CS 5032 L7 dependability engineering 2013
Ian Sommerville
 
CS 5032 L6 reliability and security specification 2013
Ian Sommerville
 
CS 5032 L5 safety specification 2013
Ian Sommerville
 

Recently uploaded (20)

PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
A Presentation on Artificial Intelligence
memembruh336
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Teaching material agriculture food technology
LiaRayya
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Cloud computing and distributed systems.
kkkkkhan
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 

CS5032 Case study Ariane 5 launcher failure

  • 1. The Ariane 5 Launcher Failure June 4th 1996 Total failure of the Ariane 5 launcher on its maiden flight Ariane launcher failure, Case study, 2013 Slide 1
  • 2. Ariane 5 • A European rocket designed to launch commercial payloads (e.g.communications satellites, etc.) into Earth orbit • Successor to the successful Ariane 4 launchers • Ariane 5 can carry a heavier payload than Ariane 4 Ariane launcher failure, Case study, 2013 Slide 2
  • 3. Launcher failure • Appoximately 37 seconds after a successful lift-off, the Ariane 5 launcher lost control • Incorrect control signals were sent to the engines and these swivelled so that unsustainable stresses were imposed on the rocket • It started to break up and self-destructed • The system failure was a direct result of a software failure. However, it was symptomatic of a more general systems validation failure Ariane launcher failure, Case study, 2013 Slide 3
  • 4. The problem • The attitude and trajectory of the rocket are measured by a computer-based inertial reference system. This transmits commands to the engines to maintain attitude and direction • The software failed and this system and the backup system shut down • Diagnostic commands were transmitted to the engines which interpreted them as real data and which swivelled to an extreme position Ariane launcher failure, Case study, 2013 Slide 4
  • 5. Software failure • Software failure occurred when an attempt to convert a 64- bit floating point number to a signed 16-bit integer caused the number to overflow. • There was no exception handler associated with the conversion so the system exception management facilities were invoked. These shut down the software. • Redundant but not diverse software – The backup software was a copy and behaved in exactly the same way. Ariane launcher failure, Case study, 2013 Slide 5
  • 6. Avoidable failure? • The software that failed was reused from the Ariane 4 launch vehicle. The computation that resulted in overflow was not used by Ariane 5. • Decisions were made – Not to remove the facility as this could introduce new faults – Not to test for overflow exceptions because the processor was heavily loaded. For dependability reasons, it was thought desirable to have some spare processor capacity Ariane launcher failure, Case study, 2013 Slide 6
  • 7. Why not Ariane 4? • The physical characteristics of Ariane 4 (A smaller vehicle) are such that it has a lower initial acceleration and build up of horizontal velocity than Ariane 5 • The value of the variable on Ariane 4 could never reach a level that caused overflow during the launch period. Ariane launcher failure, Case study, 2013 Slide 7
  • 8. Validation failure • As the facility that failed was not required for Ariane 5, there was no requirement associated with it. • As there was no associated requirement, there were no tests of that part of the software and hence no possibility of discovering the problem. • During system testing, simulators of the inertial reference system computers were used. These did not generate the error as there was no requirement! Ariane launcher failure, Case study, 2013 Slide 8
  • 9. Review failure • The design and code of all software should be reviewed for problems during the development process • Either – The inertial reference system software was not reviewed because it had been used in a previous version – The review failed to expose the problem or that the test coverage would not reveal the problem – The review failed to appreciate the consequences of system shutdown during a launch Ariane launcher failure, Case study, 2013 Slide 9
  • 10. Lessons learned • Don’t run software in critical systems unless it is actually needed • As well as testing for what the system should do, you may also have to test for what the system should not do • Do not have a default exception handling response which is system shut-down in systems that have no fail-safe state Ariane launcher failure, Case study, 2013 Slide 10
  • 11. Lessons learned • In critical computations, always return best effort values even if the absolutely correct values cannot be computed • Wherever possible, use real equipment and not simulations • Improve the review process to include external participants and review all assumptions made in the code Ariane launcher failure, Case study, 2013 Slide 11
  • 12. Avoidable failure • The designer’s of Ariane 5 made a critical and elementary error. • They designed a system where a single component failure could cause the entire system to fail Ariane launcher failure, Case study, 2013 Slide 12