Ariane 5 Flight 501 Robustness Failure _

• June, 1996 loss of inaugural flight

  • Lost $400 million scientific payload (the rocket was extra)

• Efforts to reduce system costs led to the failure

  • Re-use of Inertial Reference System software from Ariane 4
  • Improperly handled exception caused by variable overflow during new flight profile (that wasn’t simulated because of cost/schedule)
    • 64-bit float converted to 16-bit int assumed not to overflow
    • Exception caused dual hardware shutdown (because it wasassumed software doesn’t fail)

• What really happened here?

  • The narrow view: it was a software bug -- fix it
    • Things like this have been happening for decades -- Apollo 11LEM computer crashed during lunar descent
  • The broad view: the loss was caused by a lack of system robustness in an exceptional (unanticipated) situation

• Our research goal: improved system robustness

Previous slide

Next slide

Back to first slide

View graphic version