Mars Polar Lander fault identification using model-based testing

Author

Blackburn, Mark ; Busser, Robert ; Nauman, Aaron ; Knickerbocker, Robert ; Kasuda, Richard

Author_Institution

Software Productivity Consortium, Herndon, VA, USA

fYear

2002

fDate

2-4 Dec. 2002

Firstpage

163

Lastpage

169

Abstract

This paper describes the application of the Test Automation Framework on the Mars Polar Lander (MPL) software. The premature shutdown of the descent engine on the MPL spacecraft is believed to be the most likely cause for the mission failure. It is believed that the engine shutdown occurred when the three landing legs were extended into their deployed position. This event created an unanticipated transient touchdown indication from the legs, causing the software to inadvertently shutdown the descent engines prior to reaching the surface of Mars. This spurious indication should have been ignored by the Touchdown Monitor (TDM) software, but due to a design flaw, was actually stored in program variable thus causing the premature engine shutdown. The TAF approach was used to model the TDM software requirements. The associated TAF tools generated tests that identified a TDM fault that is the most likely cause of the mission failure.

Keywords

aerospace computing; aerospace engines; program testing; software fault tolerance; space vehicles; MPL spacecraft; Mars Polar Lander fault identification; Test Automation Framework; Touchdown Monitor software; descent engine premature shutdown; mission failure; model-based testing; program variable; Application software; Automatic testing; Automation; Engines; Fault diagnosis; Leg; Mars; Software testing; Space vehicles; Time division multiplexing;

fLanguage

English

Publisher

ieee

Conference_Titel

Engineering of Complex Computer Systems, 2002. Proceedings. Eighth IEEE International Conference on

Conference_Location

Greenbelt, MD, USA

Print_ISBN

0-7695-1757-9

Type

conf

DOI

10.1109/ICECCS.2002.1181509

Filename

1181509