Ariane5 FAQ, 4th draft

Ariane5 FAQ, 4th draft

[Alexandre E. Kopilovitch]

In this 4th version of the FAQ one more Q-A pair is added - about avoiding
of testing. No other changes were made.

----------------------------------------------------------------------------

Q. Was Ada language somehow related to Ariane 5 crash in 1996?

A. Yes, at least some components of the Ariane 5 software was written
in Ada language.

Q. Did that software cause the crash?

A. Yes and No. They simply put the software written for previous model --
Ariane 4 (where it worked well) -- to new Ariane 5, and did not bother
themselves with testing it on the new rocket before the launch. So, when
the Ariane 4 software appeared (in the flight) incompatible with new Ariane 5
they became very surprised -- and blamed the software.

Q. But media told us that there was an error in the software that caused
that crash. Is it right?

A. No, it is wrong. There was no such an error in the software. The software
worked perfectly for the purpose, for which it was created, that is, for
Ariane 4. The software was not created for Ariane 5, and there were no reasons
to expect that it should work for this new rocket. So, the error, which caused
the crash was blinded use of a software created for another job. And this
error was severely aggravated by subsequent error -- skipping mandatory test
procedure before the first flight.

Q. But why on earth they expected that it should work if they have no reasons
for it? Are you implying that they were idiots? (No conspiracy theories please.)

A. No. There was an unfortunate collision of popular expectations about modern
high-tech devices with real difficult issues of international collaboration
in sensitive technologies.
  Ariane 5 was an international project (within European Union), and at the
same time it naturally belonged to an area of high secrecy (which is, as you
probably know, traditionally maintained within strictly national frame).
This created a difficult issue and caused uncommonly massive involvement of
persons with political, diplomatic, economical etc. rather than technical
background and/or experience into the high management of the project.
  Those persons naturally have mostly consumer-like expectations about modern
high-tech devices. This means that while they may be generally smart and able
to occupy some position within large technical project, nevertheless they have
different (from an engineer) default assumptions for many technical issues.
  So they dealt with one critical part of the equipment as if it was some
regular consumer market product from a reliable vendor: they assumed that they
may use the device in all circumstances that aren't explicitly and clearly
prohibited in its documentation. Because of their insufficient engineering
background and/or experience they weren't aware of the difference in this
respect between a complete product and its component part -- they did not know
well enough that for the latter the defaults are opposite, that is, you should
not use the component device in any circumstances that aren't explicitly and
clearly allowed.

Q. But certainly there were engineers also, who can see possible consequences
of that approach. So why they weren't alarmed enough?

A. This is difficult question indeed. An explanation exists, which tells that
the informational paths within the project were interspersed with those 
managers of non-engineering kind, and because of that no one of the engineers
can obtain enough information for recognition of the danger. It is up to you
to decide whether this explanation is sufficient enough.

Q. Still don't understand how they managed to avoid testing?

A. They did not entirely avoid testing. Actually they tested most of the
rocket equipment, except of the Inertial Reference System (which then caused
the crash). This device was excluded from the test procedure and replaced by
its simulator (for financial and perhaps schedule reasons). The simulator
was written within Ariane 5 project. The crucial thing was that the developers
were not given the documentation for the software, but source code only. By
that administrative restriction some limitations of the software (which were
clearly stated in the documentation) were obscured from the developers of the
simulator. As a result, the simulator worked differently from the real device.
(It helped to test other equipment, but no more -- the real device remained
untested for the new rocket.) Subsequently, after the crash, the original
programmers of the Ariane 4 device were blamed for not stating the limitations
by comments within the source code (additionally to the documentation).

Q. Can you explain in several words what was the actual cause of the launch
failure, technically?

A. There are several points which are different for Ariane 5 vs. Ariane 4,
one of which was instrumental to the events: Ariane 4 is a vertical launch
vehicle where as Ariane 5 is slightly tilted.
  Ariane 4 software was developed to tolerate certain amount of inclination
but not as much as required by Ariane 5. The chain of events were as follows:

- The on-board software detects that one of the accelerometers is out of range,
this was interpreted as hardware error and caused the backup processor to take
over;
- The backup processor also detects that one of the accelerometers is out of
range, which caused the system to advice an auto destruction.

Q. Where I can find official report for the investigation of the Ariane 5
crash?

A. At the moment of writing this FAQ this report was, for example. at:
 http://www.dcs.ed.ac.uk/home/pxs/Book/ariane5rep.html
But read it to the end, because your overall impression will probably be
different (and wrong) if you stop in the middle of it, deciding that you
got it all clear enough.

Q. Where this topic was discussed in depth?

A. For example, in comp.lang.ada newsgroup (several times). Search that
newsgroup for "Ariane 5", and you'll find several threads discussing this
topic (most recent at the moment of writing this FAQ was quite long thread
with subject line "Boeing and Dreamliner").

----------------------------------------------------------------------------

Re: Ariane5 FAQ, 4th draft

[David Gillon]

>   Ariane 5 was an international project (within European Union)

This may be incorrect as it implies Ariane 5 was an EU programme and I'm not
certain that there was a direct link. The European Space Agency and the
European Union are distinct and separate entities although they have a very
high degree of overlap in their member nations -- IIRC Austria and the
Nordic countries were ESA members without being EU members (though most are
now in both). At the same time Arianespace is a French commercial company,
but the Ariane programme was split in some way between ESA and Arianespace,
and to complicate things further, ISTR not all ESA members had opted into
the Ariane programme, probably the UK most prominently.

I'd run this past sci.space.tech or one of the other space newsgroups to get
an appreciation from people who will have a better view of the overall
programme structure and the way the work was divided.

                                            David

Re: Ariane5 FAQ, 4th draft

[Alexander Kopilovitch]

David Gillon wrote:

> >   Ariane 5 was an international project (within European Union)
> 
> This may be incorrect as it implies Ariane 5 was an EU programme and I'm not
> certain that there was a direct link. The European Space Agency and the
> European Union are distinct and separate entities although they have a very
> high degree of overlap in their member nations -- IIRC Austria and the
> Nordic countries were ESA members without being EU members (though most are
> now in both). At the same time Arianespace is a French commercial company,
> but the Ariane programme was split in some way between ESA and Arianespace,
> and to complicate things further, ISTR not all ESA members had opted into
> the Ariane programme, probably the UK most prominently.

Thanks for the correction, I'll change "European Union" to "ESA = European
Space Agency" in the next draft of the FAQ. Perhaps eventually I'll find a
proper place in the FAQ for desciption of the role of Arianspace.
 
> I'd run this past sci.space.tech or one of the other space newsgroups to get
> an appreciation from people who will have a better view of the overall
> programme structure and the way the work was divided.

Yes, that probably would be good for the FAQ to do that, but I think that I
personally can't afford such a deep research. Perhaps someone else will do that.



Alexander Kopilovitch                      aek@vib.usr.pu.ru
Saint-Petersburg
Russia