UUCP@ofa123.fidonet.org (UUCP) (05/02/90)
From: karl@sugar.hackercorp.com
The following is extracted from RISKS-Forum Digest Volume 9 Issue 88
------------------------------
Subject: Software Bug Causes Shuttle Countdown Hold at T-31 Seconds
According to Aviation Week (April 30, 1990, pg. 24), a software problem
caused a three minute hold at T-31 during the launch countdown of the
shuttle mission that orbited the Hubble Space Telescope on April 24th.
At T-48 seconds, newly written software detected that the outboard
external tank liquid oxygen fill and drain valve was open when it
should have been closed. The ground launch sequencer (GLS) stopped
the countdown clock at T-31 seconds.
George T. (Ted) Sasseen, director of shuttle engineering, said that
the software changes were made after an incident that occurred on April
2nd, where a pipe burst and sprayed water over a 4,000 volt motor
control assembly, shorting it and causing the launch processing system
(LPS) control room to go down, prompting concern that the LPS could
lose power in the last few seconds of the countdown. Sasseen said that
unless oxygen is drained within nine minutes after the flow is stopped,
a phenomenon called "geysering" could rupture plumbing and destroy the
tank.
"So the fix was to put a purge in that [liquid oxygen] line
and to put a small gas pad in it. We did that by hand after
the inboard valve was closed and before the outboard valve
was closed. The GLS sent its 'close outboard' command at
48 sec."
He said that about 10 sec. after this happened, "everyone
looked around and said, 'Oh boy. We were dumb.'..."
Sasseen said the processing team violated one of its own
cardinal rules that says: Never make a software change
unless you can run it many, many times in simulations and
tests. He said, "There are oddities about software changes
that you don't always get the first time through. And the
basic rule we violated is that it wasn't tested enough."
He said the purge/gas pad software may be removed because it
is unlikely that there would be a total launch processing
system launch between T-31 sec. and T-0. "But I want to
emphasize that the software safed the system as it was
supposed to."
To their credit, the system engineers were able to determine what the
problem was and fix it within three minutes. A more cautious approach
might have been to scrub the launch until a more careful analysis and
review was performed.
------------------------------
Comments from our usually well informed contributors?
--- Opus-CBCS 1.12
* Origin: Universal Electronics, Inc. (1:103/302.0)
--
uucp: UUCP
Internet: UUCP@ofa123.fidonet.org
BBS: 714 544-0934 2400/1200/300