May 30, 2017

Perhaps They Should Have Tested More - The Schiaparelli Mars Lander

Schiaparelli Lander


Bugs have consequences! 

The wrong bugs can crash your Mars lander, cost you a lot of money and cost you a lot of confidence in your planned Mars missions, as the European Space Agency found out.

Back in October 2016, the ESA attempted to land the Schiaparelli lander on the surface of Mars. But software bugs caused the craft to crash and to produce a rather impressive crater.

Here lies Schiaparelli

Recently, an independent investigation has concluded that insufficient parachute modeling, inadequate handling of alerts, and an “insufficient approach to Failure Detection, Isolation and Recovery and design robustness" were to blame for the failure. #copyrightjoestrazzere

Essentially, the software thought the spacecraft was closer to the ground than it actually was, and released the parachute and shell early. When the control system shut down, the craft was still 3.7 km in the air - oops! This resulted in a 34 second free-fall, subsequent crash at a speed of 540 km/h, and the destruction of Schiaparelli.

In spite of the failure in the planned soft landing, the Europoean Space Agency declared the mission "a success". Maybe they were just really excited about the brand new Martian crater they discovered?


Perhaps the European Space Agency should have tested more.


See Also:


This article originally appeared in my blog: All Things Quality
My name is Joe Strazzere and I'm an experienced Quality Assurance professional.
I like to lead, to test, and occasionally to write about leading and testing.
Find me at http://AllThingsQuality.com/.

2 comments:

  1. Joe - definitely agree with the sentiment here. I concur that additional software was probably in order but how would you go about doing so? While we can of course model everything was there not a point where the models worked ok? We have to assume that some of the testing must have passed. All good points to think about indeed.

    ReplyDelete
    Replies
    1. I'm imagining a bug report titled "Unhandled Saturation Alert". I'm also imagining a developer thinking "that will never happen" and marking the bug report as LATER. In actuality, we'll never know for sure.

      Delete