NASA Office of Logic Design

A scientific study of the problems of digital engineering for space flight systems,
with a view to their practical solution.

2003 MAPLD International Conference

Ronald Reagan Building and International Trade Center
Washington, D.C.

September 9-11, 2003

Panel Session

Wednesday Evening, September 10, 2003

Last year we discussed "Why is Mars So Hard?"
and a question that arose was ...

Why Is Software So Hard?

A Discussion of the Technical, Programmatic, and Political Factors
That Have Lead To Failures Over the Last 40 Years and Its Impact for Future Systems

Some Examples ...

• FGB Launch for ISS	Mariner 1 - "Typo"
  Voyager 2 Software Faults at Launch	Gemini V
  Mars Polar Lander	Mars Climate Orbiter
  Ariane501	Titan CT-2 (Intelsat V6 F3)
  Titan IV B32/Centaur (MILSTAR II-1)	Patriot Missile
  Sea Launch F3	SOHO
  Clementine	NEAR
  Phobos 1	Terriers
  STRV-1c; STRV-1d	Windows NT Cripples US Navy Cruiser
  Collection of Software Bugs	Software Horror Stories

---

Panel Moderator: Dr. Rod Barto (Bio)
Spacecraft Digital Electronics 

Introduction:
Dr. James Tomayko, Carnegie Mellon University (bio)
Dr. Paul Cerruzi, Smithsonian National Air and Space Museum (bio)

Opening Case Studies: Magellan and Mars Pathfinder
Tony Spear, Jet Propulsion Laboratory (bio)
 

Panel Member	Organization
Dr. Nancy Leveson (bio)	Professor of Aeronautics and Astronautics Massachusetts Institute of Technology
Jack Garman (bio)	Lockheed-Martin (NASA, retired)
Fred Martin (bio)	Averstar/Intermetrics
Steven S. Scott (bio)	Chief Engineer, NASA Goddard Space Flight Center
John P. Dimtroff (bio)	Federal Aviation Administration Aircraft Certification Engineer - Avionics Systems
Jim Lewis (bio)	SynthWorks Design Inc.

Note: All panel members at this time are tentative, as the Panel is in the process of formation.

Two Examples of One Failure Type: Garbage In, Garbage Out

Program A Anomaly IMU parameters had to be entered just prior to launch Could not be verified in a test bed Procedure required a second operator to verify manual entries against factory printout A supervising engineer copied data from the factory printout and gave it to operators, saying that it was suitable. Flight was degraded because the engineer wrote down the wrong sign!

Program B Anomaly A roll rate filter constant, manually entered into the upper stage’s avionics database missed an exponent - in effect misplaced a decimal point. Error was not spotted due to data format complication Flight tape not checked against software test bed – thought test bed could only be used for default values IV&V only used default constants, not the flight database Independent simulations deemed not fully capable Would have caught the gross error

• Modern hardware design is relying on:

  • Increasingly complex computer aided engineering software

  • Increasing use of hardware design languages

  Is This Hardware or Software?

     Begin
       GC: Process ( Clock, Reset_N )
           Begin
             If ( Reset_N = '0' )
               Then IQ <= s0;
               Else If Rising_Edge ( Clock )
                      Then Case IQ Is
                             When s0 => IQ <= s1;
                             When s1 => IQ <= s2;
                             When s2 => IQ <= s3;
                                    ...
                             When s14 => IQ <= s15;
                             When s15 => IQ <= s0;
                             When Others => IQ <= s0;
                             End Case;
                      End If;
               End If;
           End Process GC;
       Q <= IQ;
     End Architecture FSM;

• Will hardware design reliability drop to software reliability levels, with "bug rates" of order 1 error per 1,000 lines of code?

• "The price of reliability is the pursuit of the utmost simplicity.  It is a price which the very rich find most hard to pay."  -- Sir Antony Hoare, 1980.

Highlights from the 2002 MAPLD International Conference Panel

"Why Is Mars So Hard?"

A Discussion of the Technical, Programmatic, and Political Factors
That Have Lead To Failures at Mars over the Last 40 Years

		Panel Moderator Dr. Rod Barto (Bio) Spacecraft Digital Electronics
		Dr. Roger Launius (Bio) Chair, Dept. of Space History, National Air and Space Museum "A Historical Perspective"
		Dr. Ed Euler Lockheed Martin Astronautics Operations
		Dr. James Garvin NASA Headquarters, Mars Exploration Program Office
		Dr. Stamatios M. (Tom) Krimigis (bio) Head, Space Department Johns Hopkins University/Applied Physics Lab
		Anthony Spear (bio) JPL; Chair, NASA Faster, Better, Cheaper (FBC) Task Force; Mars Pathfinder Project Manager, Magellan Project Manager
		James Oberg (bio) Soaring Hawk Productions, Inc. (Consultant and Author)
		Ken Ledbetter (bio) Executive Director for Programs in the Office of Space Science (OSS) at NASA Headquarters

Some reference material:

• The end of Computing Science? EW Dijkstra, November 2000

• "Go To Statement Considered Harmful," EW Dijkstra, Comm. of the ACM, March 1968.

• Computers Take Flight; A History of NASA's Pioneering Fly-By-Wire Project, James E. Tomayko

Acknowledgements:

• Dr. Paul Cheng, The Aerospace Corporation

• Kevin Willoughby, Sentillion

We invite your participation in our Panel Session.

Thanks,

Richard B. Katz
NASA Goddard Space Flight Center
mapld2003@klabs.org

Home - NASA Office of Logic Design
Last Revised: February 03, 2010
Digital Engineering Institute
Web Grunt: Richard Katz