Space Shuttle Analogies

First, congratulations to everybody who contributed to the successful launch of the space shuttle Discovery this evening. I watched online via. NASA TV and it's been a long time since I've watched a "live" liftoff.

In some recent meetings people have been making analogies between the space shuttle and complex software such as Windows and Internet Explorer. Whenever this happens I can't help but think of Richard P. Feynman's observations about the Challenger accident. A detailed account is part of the book What Do You Care What Other People Think?, which, along with Surely You're Joking, Mr. Feynman!, I highly recommend reading.

The summary of his investigation is available online and definitely worth a read. An interesting excerpt:

    The usual way that such engines are designed (for military or civilian aircraft) may be called the component system, or bottom-up design. First it is necessary to thoroughly understand the properties and limitations of the materials to be used (for turbine blades, for example), and tests are begun in experimental rigs to determine those. With this knowledge larger component parts (such as bearings) are designed and tested individually. As deficiencies and design errors are noted they are corrected and verified with further testing. Since one tests only parts at a time these tests and modifications are not overly expensive. Finally one works up to the final design of the entire engine, to the necessary specifications. There is a good chance, by this time that the engine will generally succeed, or that any failures are easily isolated and analyzed because the failure modes, limitations of materials, etc., are so well understood. There is a very good chance that the modifications to the engine to get around the final difficulties are not very hard to make, for most of the serious problems have already been discovered and dealt with in the earlier, less expensive, stages of the process.

    The Space Shuttle Main Engine was handled in a different manner, top down, we might say. The engine was designed and put together all at once with relatively little detailed preliminary study of the material and components. Then when troubles are found in the bearings, turbine blades, coolant pipes, etc., it is more expensive and difficult to discover the causes and make changes. For example, cracks have been found in the turbine blades of the high pressure oxygen turbopump. Are they caused by flaws in the material, the effect of the oxygen atmosphere on the properties of the material, the thermal stresses of startup or shutdown, the vibration and stresses of steady running, or mainly at some resonance at certain speeds, etc.? How long can we run from crack initiation to crack failure, and how does this depend on power level? Using the completed engine as a test bed to resolve such questions is extremely expensive. One does not wish to lose an entire engine in order to find out where and how failure occurs. Yet, an accurate knowledge of this information is essential to acquire a confidence in the engine reliability in use. Without detailed understanding, confidence can not be attained.

    A further disadvantage of the top-down method is that, if an understanding of a fault is obtained, a simple fix, such as a new shape for the turbine housing, may be impossible to implement without a redesign of the entire engine.

Comments (3)

  1. Jerry Mead says:

    You can throw up all sorts of analogies between Trident and the shuttle main engine – or more likely, with a bowl of spahetti – but there’s no comparison in terms of the ‘fix-it’ cost.

    A few years ago I posted a bunch of comments across time here:

    to which I’d probably now want to add a current requirement for a small (but very smart and well-informed) group doing something ‘ground up’ in terms of IE-future with absolutely *no* limits as far as ship dates, technical politics or customer expectations are concerned, and – importantly – with permission to fail.

    Ring a bell?

  2. Hi Jerry,

    Note that I wasn’t trying to call IE spaghetti code in my post. The whole article is a good read, but in selecting this passage I was reflecting on the pros and cons of top-down vs. bottom-up design, and as part of that I do think that heavily  schedule-driven projects (whether it’s software or the Space Shuttle) run the risk of being too top-down.

    Overall I think we’re in complete agreement that it was a bad thing that IE development stagnated until recently, but IMHO the turnaround has been quite remarkable. We still have much more to do of course.

  3. Jerry Mead says:

    I wasn’t pointing up those old comments in order to criticize, so please don’t take it that way. The last of those short pieces was posted nearly three years ago and – I agree – a great deal that’s productive and positive has happened since then.

    I was simply hoping out loud (and probably unnecessarily) that the bottom-up ‘IE-future’ group I described already exists.

Skip to main content