The report issued by the Inquiry Board in charge of inspecting the Ariane 5 flight 501 failure concludes that causes of the failure are rooted in poor S/W Engineering practice. From the failure scenario described in the Inquiry Board report, it is possible to infer what, in our view, are the real causes of the 501 failure. We develop arguments to demonstrate that the real causes of the 501 failure are neither S/W specification errors nor S/W design errors. Real causes of the failure are faults in the capture of the overall Ariane 5 application/environment requirements, and faults in the design and the dimensioning of the Ariane 5 on-board computing system. These faults result from not following a rigorous system engineering approach, such as applying a proof-based System Engineering method. A definition of proof-based System Engineering for Computing Systems is also presented.
[1]
Jerzy W. Rozenblit,et al.
Engineering of Computer-Based Systems: Current Status and Technical Activities
,
1995
.
[2]
Mathai Joseph,et al.
Real-time systems - specification, verification and analysis
,
1995,
Prentice Hall International series in computer science.
[3]
Gerard Le Lann.
The Ariane 5 Flight 501 Failure - A Case Study in System Engineering for Computing Systems
,
1996
.
[4]
Nancy A. Lynch,et al.
Distributed Algorithms
,
1992,
Lecture Notes in Computer Science.
[5]
Leslie Lamport,et al.
The Byzantine Generals Problem
,
1982,
TOPL.
[6]
Daniel P. Siewiorek,et al.
High-availability computer systems
,
1991,
Computer.