Ariane5 FAQ, second draft

Ariane5 FAQ, second draft

[Alexandre E. Kopilovitch]

Below is the second draft of the Ariane 5 FAQ. Two new Q-A pairs (4 and 5)
were added (no other changes were made).

----------------------------------------------------------------------------

Q. Was Ada language somehow related to Ariane 5 crash in 1996?

A. Yes, at least some components of the Ariane 5 software was written
in Ada language.

Q. Did that software cause the crash?

A. Yes and No. They simply put the software written for previous model --
Ariane 4 (where it worked well) -- to new Ariane 5, and did not bother
themselves with testing it on the new rocket before the launch. So, when
the Ariane 4 software appeared (in the flight) incompatible with new Ariane 5
they became very surprised -- and blamed the software.

Q. But media told us that there was an error in the software that caused
that crash. Is it right?

A. No, it is wrong. There was no such an error in the software. The software
worked perfectly for the purpose, for which it was created, that is, for
Ariane 4. The software was not created for Ariane 5, and there were no reasons
to expect that it should work for this new rocket. So, the error, which caused
the crash was blinded use of a software created for another job. And this
error was severely aggravated by subsequent error -- skipping mandatory test
procedure before the first flight.

Q. But why on earth they expected that it should work if they have no reasons
for it? Are you implying that they were idiots? (No conspiracy theories please.)

A. No. There was an unfortunate collision of popular expectations about modern
high-tech devices with real difficult issues of international collaboration
in sensitive technologies.
  Ariane 5 was an international project (within European Union), and at the
same time it naturally belonged to an area of high secrecy (which is, as you
probably know, traditionally maintained within strictly national frame).
This created a difficult issue and dictated too heavy involvement of persons
with political, diplomatic, economical etc. rather than technical background
and/or experience into the high management of the project.
  Those persons naturally have mostly consumer-like expectations about modern
high-tech devices. This means that while they may be quite clever and strong
persons, and generally may be able to adapt themselves to the requirements of
large technical project, nevertheless they have different (from an engineer)
default assumptions about many technical issues.
  So they dealt with one critical part of the equipment as if it was some
regular consumer market product from a reliable vendor: they assumed that they
may use the device in all circumstances that aren't explicitly and clearly
prohibited in its documentation. Because of their insufficient engineering
background and/or experience they weren't aware of the difference in this
respect between a complete product and its part -- they did not know well
enough that for the latter the defaults are opposite, that is, you should not
use the device in any circumstances that aren't explicitly and clearly allowed.

Q. Can you explain in several words what was the actual cause of the crash,
technically?

A. There are several points which are different for Ariane 5 vs. Ariane 4,
one of which was instrumental to the events: Ariane 4 is a vertical launch
vehicle where as Ariane 5 is slightly tilted.
  Ariane 4 software was developed to tolerate certain amount of inclination
but not as much as required by Ariane 5. The chain of events were as follows:

- The on-board software detects that one of the accelerometers is out of range,
this was interpreted as hardware error and caused the alternate processor to
take over;
- The alternate processor also detects that one of the accelerometers is out
of range, which caused the system to advice an auto destruction.

Q. Where I can find official report for the investigation of the Ariane 5
crash?

A. At the moment of writing this FAQ this report was, for example. at:
 http://www.dcs.ed.ac.uk/home/pxs/Book/ariane5rep.html
But read it to the end, because your overall impression will probably be
different (and wrong) if you stop in the middle of it, deciding that you
got it all clear enough.

Q. Where this topic was discussed in depth?

A. For example, in comp.lang.ada newsgroup (several times). Search that
newsgroup for "Ariane 5", and you'll find several threads discussing this
topic (most recent at the moment of writing this FAQ was quite long thread
with subject line "Boeing and Dreamliner").

----------------------------------------------------------------------------

Re: Ariane5 FAQ, second draft

[Alexander Kopilovitch]

Just 2 local editorial changes of words (in answers 4 and 5) relative to
recently posted version.

----------------------------------------------------------------------------

Q. Was Ada language somehow related to Ariane 5 crash in 1996?

A. Yes, at least some components of the Ariane 5 software was written
in Ada language.

Q. Did that software cause the crash?

A. Yes and No. They simply put the software written for previous model --
Ariane 4 (where it worked well) -- to new Ariane 5, and did not bother
themselves with testing it on the new rocket before the launch. So, when
the Ariane 4 software appeared (in the flight) incompatible with new Ariane 5
they became very surprised -- and blamed the software.

Q. But media told us that there was an error in the software that caused
that crash. Is it right?

A. No, it is wrong. There was no such an error in the software. The software
worked perfectly for the purpose, for which it was created, that is, for
Ariane 4. The software was not created for Ariane 5, and there were no reasons
to expect that it should work for this new rocket. So, the error, which caused
the crash was blinded use of a software created for another job. And this
error was severely aggravated by subsequent error -- skipping mandatory test
procedure before the first flight.

Q. But why on earth they expected that it should work if they have no reasons
for it? Are you implying that they were idiots? (No conspiracy theories please.)

A. No. There was an unfortunate collision of popular expectations about modern
high-tech devices with real difficult issues of international collaboration
in sensitive technologies.
  Ariane 5 was an international project (within European Union), and at the
same time it naturally belonged to an area of high secrecy (which is, as you
probably know, traditionally maintained within strictly national frame).
This created a difficult issue and caused uncommonly massive involvement of
persons with political, diplomatic, economical etc. rather than technical
background and/or experience into the high management of the project.
  Those persons naturally have mostly consumer-like expectations about modern
high-tech devices. This means that while they may be quite clever and strong
persons, and generally may be able to adapt themselves to the requirements of
large technical project, nevertheless they have different (from an engineer)
default assumptions about many technical issues.
  So they dealt with one critical part of the equipment as if it was some
regular consumer market product from a reliable vendor: they assumed that they
may use the device in all circumstances that aren't explicitly and clearly
prohibited in its documentation. Because of their insufficient engineering
background and/or experience they weren't aware of the difference in this
respect between a complete product and its part -- they did not know well
enough that for the latter the defaults are opposite, that is, you should not
use the device in any circumstances that aren't explicitly and clearly allowed.

Q. Can you explain in several words what was the actual cause of the crash,
technically?

A. There are several points which are different for Ariane 5 vs. Ariane 4,
one of which was instrumental to the events: Ariane 4 is a vertical launch
vehicle where as Ariane 5 is slightly tilted.
  Ariane 4 software was developed to tolerate certain amount of inclination
but not as much as required by Ariane 5. The chain of events were as follows:

- The on-board software detects that one of the accelerometers is out of range,
this was interpreted as hardware error and caused the backup processor to take
over;
- The backup processor also detects that one of the accelerometers is out of
range, which caused the system to advice an auto destruction.

Q. Where I can find official report for the investigation of the Ariane 5
crash?

A. At the moment of writing this FAQ this report was, for example. at:
 http://www.dcs.ed.ac.uk/home/pxs/Book/ariane5rep.html
But read it to the end, because your overall impression will probably be
different (and wrong) if you stop in the middle of it, deciding that you
got it all clear enough.

Q. Where this topic was discussed in depth?

A. For example, in comp.lang.ada newsgroup (several times). Search that
newsgroup for "Ariane 5", and you'll find several threads discussing this
topic (most recent at the moment of writing this FAQ was quite long thread
with subject line "Boeing and Dreamliner").

----------------------------------------------------------------------------