Safetycritical software is initialized, at first start and at restarts, to a known safe state. While the focus of this guidebook is on the development of software for. Example launch system with a launch abort capability, from nasa ames study. Nasa guidebook for safety critical software analysis and development. System safety steering group the nasa system safety steering group s 3 g develops agencywide plans and strategies to improve the content of the system safety discipline and competency of the system safety workforce, especially with regard to quantitative risk modeling and analysis, systems engineering, and risk management including riskinformed decision making. The software that controls a spacecraft is a good example of a safetycritical application. A safety critical system scs or life critical system is a system whose failure or malfunction may result in one or more of the following outcomes death or serious injury to people. Nasa launch vehicle certification requirements matrix. Architectural principles for safetycritical realtime. Launching orion 17,500 mph o mph 27,000 mph designing orion putting orion to the test sending orion through the atmosphere speed to propel to deep space orion separating from the launch vehicle orion on the launch pad at nasas multipurpose spaceport in florida. Launch complex 39 at the kennedy space center has served as the springboard for u. Although software safety is part of the launch vehicle. This guide is designed to aid reusable launch vehicle rlv and reentry vehicle rv operators in. Possible software issue forces nasa to cancel boeing starliners attempt to dock with space station the capsules launch was flawless, but then its thrusters failed to fire to put it in the.
Two software errors detected after launch of a boeing starliner crew ship during an unpiloted test flight last december, one of which prevented a planned docking with the international space. Approaches to validation and verification of safetycritical software and. That portion of the total nasa safety program dealing with safety of personnel and equipment during launch vehicle ground processing, normal industrial and laboratory operations, use of facilities, special high hazard tests and operations, aviation operations, use and handling of hazardous materials and chemicals from a. This document also discusses issues with contractordeveloped software. Case studies archive case studies take an indepth look at a particular topic or situation. The softwares purpose is to make realtime determinations of the presence of catastrophic failure conditions of that vehicle and react accordingly. From electronic voting to online shopping, a significant part of our daily life is mediated by software. Spacex and nasa to improve mission critical software systems. Boeings starliner test flight had a 2nd critical software.
Guide to reusable launch and reentry vehicle software and. Osma conducted oversight for 8 successful shuttle flights and 6 successful spacecraft launches. The focus of this document is on analysis, development, and assurance of safety critical software, including firmware e. System safety concepts, guidelines, and implementation examples. The space shuttle launch team kennedy space center. We did, however, identify deficiencies in safety operations that were related to nasa oversight of contractor performance, and poorly defined roles and responsibilities for nasa and its contractors. Nasa procedural requirements for mishap and close call reporting, investigating, recordkeeping.
Safety critical software is initialized, at first start and at restarts, to a known safe state. In order to perform these services safely, it is wffs policy to protect the public, the nasa workforce, highvalue equipment and property, and the. Possible software issue forces nasa to cancel boeing. Across the world, we provide our clients with technology they can trust. The first launch conducted from one of the two lc 39 pads was apollo 4 on nov. Back in 1998, we aimed for the stars and launched into orbit. Safety and dependability assessment of complex systems. Ensco supports critical range safety systems at the united states air forces usaf eastern and western ranges, at the alaska aerospace corporation aac kodiak launch complex, and at sites around the world.
Space launch system program moving forward with critical. Wallops flight facility wff provides a lowcost national resource for the purpose of launching, flying, landing, and testing space and aeronautical vehicles and associated technologies. We describe our development of a key portion of a safety case for a safetycritical piece of nasa software designed to operate on a nasa launch vehicle. A collection of wellknown software failures software systems are pervasive in all aspects of society. The purpose of this standard is to establish a consistent set of requirements to control risk and enhance reliability in nasa space flight hardware and critical ground support equipment, in part, by managing the selection, acquisition, traceability, testing, handling, packaging, storage, and application of eee parts as required by nasa policy directive npd 8730. The guidebook includes development approaches, safety analyses, and testing methodologies that lead to improved safety in the software product.
Nasa went on to chastise boeing for not identifying the critical and safety concerning software issues despite numerous instances where the boeing software quality processes either should have. Required to be regular in attendance per agreed to work hours schedule, consistently punctual and. Our engineers architect, build, test, and participate in range operations, specializing in launch range modernization efforts. By calculating from the design and workmanship failure rates during reacceptance tests, the program corrected or removed before launch approximately 65 potential spacecraft pilotsafety or missioncritical hardware failures per flight. Nasa briefed the aerospace safety advisory panel on the status of the investigation this week.
I will start with a study of economic cost of software bugs. For the nasa orion project, the space system includes the entire launch stack, that is, the ares1 launch vehicle and the orion crew vehicle. Building a safety case for a safetycritical nasa space. Safety critical software control errors radiation cancer therapy machine mishaps. Nasa moves up critical crew safety launch abort test. Ground intervention prevented loss of vehicle in both cases. Nasa software safety guidebook nasa technical standard. The role of software in the control and operation of flight systems has grown dramatically since the landmark apollo program which ended in 1972. The ksc team has developed systems on a range of technology platforms using. Since then, teams staffing the consoles in one of the launch control center firing rooms have sent into space astronauts. Regarding the first two anomalies, the team found the two critical software defects were not detected ahead of flight despite multiple safeguards. The saturn v launch vehicle was controlled by an early triply redundant ibm computer. Contribute to the safety and success of nasa missions by ensuring that programs have resolved all technical issues prior to flight. Contact safety critical avionics systems branch nasa langley research center mail stop hampton, va 236812199, usa a.
Nasa launch vehicle certification requirements matrix launch vehicle risk category category 1 high risk. Out in space, our software orbits the earth 247, 365 days a year. Nasas orion spacecraft is scheduled to undergo a design test in april 2019 of the capsules launch abort system las, which is a rocketpowered tower on top of. These elements that comprise the space system are to. Expendable launch vehicle elv payload safety program.
The two primary case studies produced by the nasa safety center are the safety and mission assurance sma focus and the system failure case study. All standards nasa technical standards system ntss. Weve been coding for the space industry since critical software began. November 14, 2017 a team of human factors researchers from nasa langley research center have completed a fourmonth study aimed at improving the user interface of the wallops flight facility wff safety critical range data display system rdds used to support armdestruct decisions during launch operations. The eastern space and missile center operates a range safety system for all department of defense and nasa launch activities in the cape canaveral area. By contrast, the command module and the lunar module each had a sim. Boeings starliner test flight had a 2nd critical software issue, nasa panel finds report.
Nasa, boeing managers admit problems with starliner. Guidance and navigation systems, science payloads, environmental control systems all critical interface with hardware and human to control almost every significant event in the flight profile. Use of digital computers in safetycritical applications was pioneered by nasa on the apollo missions to the moon. Paul hill, a member of nasas safety adviser panel, disclosed a separate software problem during a public meeting on thursday, saying it could. A safetycritical system scs or lifecritical system is a system whose failure or malfunction may result in one or more of the following outcomes death or serious injury to people. Nasa requirements for groundbased pressure vessels and pressurized systems pvs 20170809. When youre nasa, developing critical applications that lives literally depend on code that controls airplanes and spacecraft, for example, code quality and safety are paramount. Boeings starliner spacecraft faces new safety concerns. Safety critical software safely transitions between all predefined known states. Summary of space shuttle safetyrelated products from the. A safety related system or sometimes safety involved system comprises everything hardware, software, and human aspects needed to perform one. We believe these measures have proved themselves in the apollo program. Software assurance is defined as t he level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that the software functions in an intended manner the objective of nasa software assurance and software safety is to ensure that the processes, procedures and. In this page, i collect a list of wellknown software failures.
The software engineering team at kennedy space center ksc can support a full lifecycle of software development services, ranging from requirements gathering, to design and development, testing, deployment and maintenance. The primary responsibility of the range safety system, run by the u. Nasa general safety program requirements see paragraph 3. We work across some of the most demanding industries, providing software and system services for safety, mission and businesscritical applications. Ensuring safe, reliable, secure operation of safety. Nasa wallops flight facility code 803 safety office. Wyricks exemplary efforts span multiple decades and numerous programs, from pioneering the development of the ground launch sequencer, critical software used for 30 years until the space shuttle program was completed, to serving as launch orbiter test conductor otc for.
333 641 938 1645 284 1125 479 886 516 1319 822 279 1609 622 232 827 1248 157 754 320 744 1180 872 582 1335 327 982 859 470 1102 1047