081117slides_handouts

081117slides_handouts - Software Disasters Why Study...

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon
1 UVa CS205 Engineering Software 081117 Software Disasters Ariane 5 With thanks to Dave Evans UVa CS205 Engineering Software 081117 Why Study Software Disasters? UVa CS205 Engineering Software 081117 http:// www.vuw.ac.nz/staff/stephen_marshall/SE/Failures/media/Ariane.mov UVa CS205 Engineering Software 081117 Ariane 5 ± $500M rocket developed by European Space Agency ± June 4, 1996: first launch 37s after ignition: lost guidance 40s: exploded
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 UVa CS205 Engineering Software 081117 Ariane 5 Inquiry Board Report (Jacques-Louis Lions): http://esamultimedia.esa.int/docs/esa-x-1819eng.pdf UVa CS205 Engineering Software 081117 Flight Control System ± Inertial Reference System (SRI) ² Calculates angles and velocities from on-rocket sensors (gryos, accelerometers) ² Data sent to On-Board Computer that executes flight program (controls booster nozzles, valves) ± Redundancy in design to improve reliability ² Two separate computers running SRIs in parallel (same hardware and software) – one is “hot” stand-by used if OBC detects failure in “active” SRI ± Design based on Ariane 4 ² Software for SRI mostly reused from Ariane 4 implementation UVa CS205 Engineering Software 081117 Number Overflow Problems ± 16-bit signed integer ² 2 16 = 65536 different values (-32768 – 32767) ± Alignment code converted the horizontal velocity (64-bit floating point value from sensors = up to ~10 308 ) to a 16-bit signed integer ± Overflow produces exception (Operand Error) UVa CS205 Engineering Software 081117 Defensive Programming “The data conversion instructions were not protected from causing an Operand Error, although other conversions of comparable variables in the same place in the code were protected.”
Background image of page 2
3 UVa CS205 Engineering Software 081117 It has been stated to the Board that not all the conversions were protected because a maximum workload target of 80% had been set for the SRI computer. To determine the vulnerability of unprotected code, an analysis was performed on every operation which could give rise to an exception, including an Operand Error. In particular, the conversion of floating point values to integers was analysed and operations involving seven variables were at risk of leading to an Operand Error. This led to protection being added to four of the variables, evidence of which appears in the
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 4
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 8

081117slides_handouts - Software Disasters Why Study...

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online