Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

Inquiry: ESA's Schiaparelli Spacecraft was "Ill-Prepared" for Mars Landing Attempt

posted by martyb on Thursday May 25 2017, @03:10PM   Printer-friendly
from the Actually,-breaking-up-is-NOT-hard-to-do dept.

takyon writes:

Europe's Mars lander failed due to hardware and software inadequacies, according to a new report:

The crashed European spacecraft Schiaparelli was ill-prepared for its attempt at landing on the surface of Mars. That's the conclusion of an inquiry into the failure on 16 October 2016.

The report outlines failings during the development process and makes several recommendations ahead of an attempt to land a rover on Mars in 2020. That mission will require more testing, improvements to software and more outside oversight of design choices.

[...] The report authors catalogue a series of necessary upgrades to onboard software, as well as suggesting improvements to the modelling of parachute dynamics. They also recommended a more stringent approach - including better quality control - during the procurement of equipment from suppliers.

One of the recommendations is that NASA's JPL should double-check ESA's work.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Inquiry: ESA's Schiaparelli Spacecraft was "Ill-Prepared" for Mars Landing Attempt | Log In/Create an Account | Top | 26 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Informative) by kaszz on Thursday May 25 2017, @07:26PM

    by kaszz (4211) on Thursday May 25 2017, @07:26PM (#515648) Journal

    In the investigation report. Page 14 "Failure tree" seems almost like a TD;LR..

    AOA - Angle Of Attack
    COG - Center Of Gravity
    EDM - Entry Demonstration Module
    FDIR - Failure Detection, Isolation and Recovery
    GNC - Guidance Navigation and Control
    IMU - Inertial Measurement Unit

    IMU Malfunctioning:
    — Wrong measurement caused by highly stressful environment.
    — Failure of an internal IMU component.

    System component failure:
    — Any major on-board anomaly e.g. bridle rupture.
    — Any possible mistake during AIT flow e.g. induced bridle asymmetry.

    High Angular Rate due to Natural Phenomenon:
    — Mach
    — Atmospheric dispersion
    — Propagation error on acceleration
    — AOA
    — Wind/gust
    — Inertia
    — CoG position
    — Propagation error on gyros
    — Relative velocity estimation
    — Delta Torque
    — Mortar axis/COG alignment
    — Bridle length
    — Unmodelled or unexpected parachute aerodynamics at the time of inflation

    Link between unexpected spin rate and unexpected transverse angular rate.

    Page 18, EDM Failure Root Causes Analysis Summary
    SIB members identified four main root causes that led to the Schiaparelli failure:
      - Insufficient conservative modelling of the parachute dynamic s which led to expect much lower dynamics than observed in flight
      - Inadequate persistence time of the IMU saturation flag and inadequate handling of IMU saturation by the GNC
      - Insufficient approach to FDIR and design robustness
      - Mishap in management of subcontractors and acceptance of hardware , (the persistence of IMU saturation time was not recorded at acceptance and instead believed to be 15 ms).

    Here's some really interesting comment:

    It should be borne in mind that if the persistence time of the IMU saturation flag would have been 15 ms the landing would probably have been successful, in which case the other root causes would probably never have been identified.

    Page 20, Mishap in management of subcontractors and acceptance of hardware

    The too long persistence of the saturation flag in the application software of the IMU, was the fundamental cause of the Schiaparelli landing mishap. This ambiguity was not identified, nor measured during acceptance of the unit and the saturation behaviour of the IMU was never tested after delivery. The mathematical model of the IMU used for simulations was established by the prime contractor. It is the SIB opinion that such intricate model is better established by the equipment supplier and must in all cases be formally validated by the supplier.

    So not testing equipment after delivery.

    Page 28 seems to have the final conclusions:

    The following root causes for the mishap have been identified:
    - Insufficient uncertainty and configuration management in the modelling of the parachute dynamics which led to expect much lower dynamics than observed in flight.
    - Inadequate persistence time of the IMU saturation flag and inadequate handling of IMU saturation by the GNC.
    - Insufficient approach to Failure Detection, Isolation and Recovery and design robustness.
    - Mishap in management of subcontractors and acceptance of hardware.

    This better work a lot better for manned missions!

    Starting Score:    1  point
    Moderation   +3  
       Informative=3, Total=3
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   5