Epic Fails in Engineering – Ariane 5
On June 4th, 1996, following 10 years of engineering development and an expenditure of $7 billion, the European Space Agency launched the Ariane 5 on its maiden voyage from the Guiana Space Center in French Guiana. On board were four, expensive–and uninsured–satellites. At 36.7 seconds into the flight, the inertial guidance system computer shut down, at which point the on-board flight control computer attempted to pass control to an identical, redundant backup unit…..which, unfortunately, had already shut down 50 milliseconds earlier.
When the primary guidance system shut down, it sent a diagnostic error message to the flight computer, which the computer interpreted as actual flight data….wildly impossible flight data, but flight data nevertheless. In response to what the computer perceived as a severe, 90-degree, off course trajectory, it directed the booster nozzles and the main engine nozzle to swivel to their extreme position….which they dutifully did…..causing the launch vehicle to veer severely off course (for real, this time), whereupon it immediately began to disintegrate due to aerodynamic forces….which automatically triggered the vehicle to self-destruct. Thus ended the maiden voyage….with a financial loss of $370 million.
So, what had happened? A portion of the guidance system software on Ariane 5 was the same software that had previously been used successfully for 20 years on Ariane 5’s predecessor, Ariane 4. The problem was that Ariane 5 was considerably more powerful than Ariane 4 and as a result, its trajectory, and in particular, its horizontal (downrange) velocity was considerably higher…..higher to the extent that it exceeded the upper range of values that the software was designed to handle. So when the guidance system computer attempted to convert the velocity data into usable instructions, the system was unable to perform the conversion and instead, returned an error message….which caused the system to shut down. So what about the backup system? You guessed it….it was an identical system and was attempting to process the same data, so it too had been unable to make the conversion and consequently, it too had shut down.
Ironically, the software that ultimately triggered the failure wasn’t actually serving a purpose during that phase of the flight, but instead, had simply been designed to align the system prior to launch. However, engineers had allowed it to remain active for the first 40 seconds of flight so that in the event of a brief hold in the countdown, the system would be easier to restart.
Following the failure of its maiden flight, Ariane 5 has gone on to accumulate a remarkable overall record, with 80 successful launches—the most recent one on January 27, 2016—and only two failures—the maiden flight in 1996 and a flight in 2002, when the nozzle on one the boosters overheated due to a coolant leak, causing the rocket to veer off course, forcing its self-destruction. Two other launches were deemed partial failures: the second flight, which occurred in October 1997, during which the core stage shut down prematurely….after which, the upper stage operated successfully but the vehicle failed to reach the intended orbit, and a subsequent launch in 2001, where again, the engines shut down prematurely and the vehicle again failed to reach the intended orbit.
Bob Hodel
Pictures courtesy of Wikimedia Commons.
