Monday, April 16, 2007

To err is human

Image credit: NASA/JPL-Caltech
But what should we think when human errors doom a spacecraft?

On Friday, NASA issued the final report on last November's loss of the Mars Global Surveyor spacecraft. The probe had been studying Mars for seven and a half years, almost four times longer than its planned lifetime of two years, when it fell silent.

NASA's report finds that a series of software errors (human programming errors) led to the Mars Global Surveyor's loss. If it hadn't been for these errors, MGS would probably still be working just fine! Yet I don't think it is right to get very upset about these mistakes. The mission was only designed for two years. Software updates are going to be necessary beyond that. Some electronics are damaged by radiation, so workarounds need to be devised. Also, as robotic spacecraft get older, mission planners allow for riskier operations, if such risks will net us science that cannot be done otherwise. Again, new software is needed to allow for those operations. And eventually some bugs are going to slip through. Most importantly, though, no human lives were endangered. Human errors are often the cause of death of spacecraft. In many cases, the spacecraft have far exceeded their lifetimes, and the current programmers were not even out of school when the spacecraft was launched. An example of this is the ROSAT X-ray telescope, which operated from 1990 to 1999. Its mission ended when, down to one gyroscope (which made pointing very hard), it was accidentally commanded to slew the camera over the sun.

Other times, human errors are less forgivable, because they occur before a spacecraft has completed its mission (or even started). These errors should have been caught, as the early parts of missions are thoroughly scripted and tested time and time again. Errors in this case include the losses of the Mars Climate Orbiter when it tried to go into orbit around Mars, which happened when NASA was using standard metric units (kilograms, kilometers, etc.) to run the spacecraft, but the spacecraft's builder, Lockheed Martin, used imperial units (pounds, inches, etc.), and nobody caught the mismatch. The Mars Polar Lander was lost when it was landing on Mars because software told the engine it had landed when it really was tens of feet above the surface and just extending its landing gear. Existing checks should have caught both of these errors before the spacecraft were even launched; instead, hundreds of millions of dollars were lost.

NASA is hoping to learn from the mistakes that doomed the Mars Global Surveyor in order to prevent such errors in the future. My guess is that human error will result in the loss of more spacecraft, but if we can learn from these mistakes, perhaps we can eke out more science from each robot before it is lost.

No comments:

Post a Comment