According to this article http://www.cnn.com/2000/TECH/space/03/28/lander.report.03/index.html
A software flaw probably caused the Mars Polar Lander to shut off its descent engines prematurely, sending it on a fatal plunge into the red planet, according to a report released Tuesday.
A likely story is that there was a false "landed" signal caused by deploying the landing legs. Two points struck me as interesting:
- Inadequate software design and testing.
- Test not rerun after wiring corrected.
These are just the technical causes. The root cause was too few people working too much OverTime
. People didn't have time to think, and they didn't have time to work together. From Mars Polar Lander/Deep Space 2 Loss — JPL Special Review Board Report
, page 17:
- LMA [Lockheed Martin Astronautics] used excessive overtime in order to complete the work on schedule and within the available workforce. Records show that much of the development staff worked 60 hours per week, and a few worked 80 hours per week, for extended periods of time. Another consequence of the tight funding constraint was that many key technical areas were staffed by a single individual. Although none of these individuals were lost to the project during its development, the effect of inadequate peer interaction was, in retrospect, a major problem. It is the Board's assessment that these conditions led to a breakdown in inter-group communications, and there was insufficient time to reflect on what may be the unintended consequences of day-to-day decisions. In short, there was insufficient time and workforce available to provide the levels of checks and balances normally found in JPL projects.
The official report is in 5 parts:
The reports have moved. They were found here:
An unnofficial account from an insider:
The root causes also include NASA's mantra of "smaller, cheaper, faster". My father was the MarsPolarLander
Project Manager at Lockheed Martin until he retired at about CDR time. He was also on Viking for 15 years in the 60s and 70s.
It is true that system testing on the next mission (Mars 2001, yet to be launched) revealed that the flight software failed to flush registers of possible false positives generated during landing leg deployment (which it should know to do because it knows where it is in the mission sequence of events), thereby potentially causing shutdown of the descent engines ten seconds too early, resulting in a descent rate at impact of 50 ft/sec instead of the desired 10 ft/sec (you want to shut down the descent engines immediately on landing to avoid dusting up all the instruments). And it is true that this is the only "likely" failure mode identified in the report. More pre-launch system testing in the MPL development schedule may have detected this condition as well, if it existed on MPL. Interplantary mission schedules are dictated by planetary motion - Mars and the Earth are aligned favorably for a launch every two years - so the only way to provide schedule relief is to start sooner.
But no one knows for sure whether this was the actual cause of the MPL mission failure. Another failure scenario is that the lander landed on a big rock, or a steep slope, etc. The resolution of the imagery used to select landing sites is insufficient to detect the presence of such things - it's generally a crap shoot, and we got lucky with Viking and Mars Rover. Although the image-recognition technology has existed since Viking-time for the lander to actively steer itself to a safe site during descent, NASA has never paid for the development and flight of such a system. We will never know for sure until we someday get a visual inspection of the lander at the landing site.
Furthermore, on Viking, the landers orbited the planet in a mated configuation with an orbiter, before separating and descending. Therefore, as with Apollo, the orbiter overflew the lander during descent in the same plane, and was able to receive and relay telemetry on the descent and landing status. Not so on MPL - the mission design called for the lander to descend directly on rendezvous with the planet, and there was no co-planar orbiter to receive telemetry. It was all done in the blind.
The reason for this is partly launch costs. The Vikings were launched on Titan III / Centaurs, at the time the nation's heaviest-lift launch vehicle, whereas MPL was launched on a Delta, a much lower-lift vehicle. Today it costs some $200M for a Titan IV / Centaur launch, compared to $60M for a Delta launch.
Such are the cost/capability/schedule tradeoffs, governed by the laws of physics and Congressionally-set budgets, that have to be made by NASA mission designers and program managers. I'm not attempting to excuse Lockheed Martin - they accepted responsibility for executing the contract, after all, and in hindsight there were citable omissions in software design and system test that might have caused the failure (or might not have). Interplanetary spaceflight is still a high-complexity, high-stakes, high-risk undertaking, and the inability to know conclusively what was the actual failure mode (or prevent it up front) is fundamentally a failure of the PlanningGame
, in which Business is complicit. -- RandyStafford
A joke related at the 1996 JavaOne
conference by a JPL employee:
Mars Polar Lander.
Mars Polar Lander who?