Incident: SpaceX Falcon 9 Launch Aborted Due to Faulty Valve

Published Date: 2012-05-21

Postmortem Analysis
Timeline 1. The software failure incident happened on May 19, 2012. Explanation: Step 1: The article mentions that the first launch attempt was unsuccessful early Saturday morning, which would be May 19, 2012. Step 2: The article was published on May 21, 2012. Step 3: Using the information from Step 1 and Step 2, we can determine that the software failure incident occurred on May 19, 2012.
System 1. Check valve in the Merlin engine of the Falcon 9 rocket [12053]
Responsible Organization 1. The software failure incident was caused by a faulty valve that led to the aborted launch attempt by SpaceX [Article 12053].
Impacted Organization 1. SpaceX [Article 12053]
Software Causes 1. unknown
Non-software Causes 1. A faulty valve that controls the flow of nitrogen used to purge the engine before ignition [Article 12053]. 2. A stuck check valve that allowed liquid oxygen to flow into the gas generator injector, leading to high pressure in the combustion chamber of engine five [Article 12053]. 3. Issues with the turbopumps, specifically related to the impellers on a shaft and the high-pressure kerosene used as hydraulic fluid for actuators [Article 12053].
Impacts 1. The software failure incident led to the aborted launch attempt of the Falcon 9 rocket, causing a delay in the mission schedule [Article 12053]. 2. The high pressure detected in the combustion chamber of engine five due to the stuck valve resulted in the flight computer shutting down the engines, ultimately leading to the launch abort [Article 12053].
Preventions 1. Implementing more rigorous testing procedures for the valves and control systems to detect and address any potential issues before launch [12053]. 2. Conducting regular maintenance and inspections on the rocket engines and associated components to ensure proper functioning and identify any anomalies early on [12053]. 3. Enhancing the redundancy and fail-safe mechanisms in the software controlling the rocket engines to mitigate the impact of a single valve failure [12053].
Fixes 1. Replacing the faulty valve that led to the aborted launch attempt [12053].
References 1. SpaceX engineers 2. Elon Musk via Twitter 3. NASA

Software Taxonomy of Faults

Category Option Rationale
Recurring unknown a) The article does not mention any previous incidents of a similar nature happening again within SpaceX or with its products and services. Therefore, there is no information available to suggest that this specific software failure incident has happened again at SpaceX or with its products and services. b) The article does not provide any information about similar incidents happening at other organizations or with their products and services. Hence, there is no data available to indicate that this specific software failure incident has occurred again at multiple organizations.
Phase (Design/Operation) design, operation (a) The software failure incident related to the design phase can be attributed to a faulty valve in the Falcon 9 rocket's Merlin engine. The issue was traced back to a valve that controls the flow of nitrogen used to purge the engine before ignition. This valve was stuck open, allowing liquid oxygen to flow into the gas generator injector, leading to higher pressure in the combustion chamber of engine five [12053]. (b) The software failure incident related to the operation phase occurred during the first launch attempt of the Falcon 9 rocket. The problem with the stuck valve during operation caused the liquid oxygen to flow into the gas generator injector, resulting in high pressure in the combustion chamber of engine five. This led to the flight computer shutting down the engines and aborting the launch [12053].
Boundary (Internal/External) within_system (a) within_system: The software failure incident described in the article is primarily within the system. The failure was attributed to a faulty valve within the Falcon 9 rocket's Merlin engine, specifically a check valve that allowed liquid oxygen to flow into the gas generator injector, leading to higher pressure in the combustion chamber of engine five [12053]. The issue with the valve causing the high pressure and subsequent shutdown of the engines was an internal system component failure.
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident in the article was not directly related to non-human actions. The failure was attributed to a faulty valve that led to the aborted launch attempt of the Falcon 9 rocket by SpaceX. The issue was specifically traced back to a stuck valve that allowed liquid oxygen to flow into the gas generator injector, resulting in higher pressure in the combustion chamber of one of the Merlin rocket engines [Article 12053]. (b) The software failure incident in the article was primarily due to human actions. SpaceX engineers identified the problem with the valve that caused the high-pressure issue in the combustion chamber of the rocket engine. The decision to abort the launch and replace the faulty valve was made by human operators and engineers involved in the launch attempt [Article 12053].
Dimension (Hardware/Software) hardware (a) The software failure incident in the article is related to hardware. The incident was caused by a faulty valve in the rocket engine, specifically a check valve that controls the flow of nitrogen used to purge the engine before ignition. This stuck valve allowed liquid oxygen to flow into the gas generator injector, resulting in higher pressure in the combustion chamber of engine five, leading to the aborted launch attempt [12053]. (b) There is no information in the article indicating that the software failure incident was due to contributing factors originating in software.
Objective (Malicious/Non-malicious) non-malicious (a) The software failure incident described in the article is non-malicious. The failure was attributed to a faulty valve in the rocket engine that led to the aborted launch attempt by causing higher than acceptable pressure in the combustion chamber of one of the Falcon 9's Merlin rocket engines. SpaceX engineers identified the issue with a valve that controls the flow of nitrogen used to purge the engine before ignition, which resulted in the turbopumps operating at a slightly higher power level, leading to the high pressure detected in the combustion chamber [Article 12053]. (b) There is no indication in the article that the software failure incident was malicious.
Intent (Poor/Accidental Decisions) unknown The articles do not mention any software failure incident related to poor decisions or accidental decisions.
Capability (Incompetence/Accidental) unknown (a) The articles do not mention any software failure incident related to development incompetence. (b) The software failure incident mentioned in the articles was not accidental but rather due to a specific technical issue with a valve that led to the aborted launch attempt by SpaceX [12053].
Duration unknown The articles do not mention any software failure incident related to permanent or temporary duration.
Behaviour crash, omission, value, other (a) crash: The software failure incident in the article can be categorized as a crash. The Falcon 9 launch was aborted due to a last-half-second shutoff caused by a high-pressure issue in the combustion chamber of one of the Merlin rocket engines. This resulted in the flight computer shutting down the engines, leading to the launch being aborted [Article 12053]. (b) omission: The software failure incident can also be linked to an omission. The problem was traced back to a stuck valve that allowed liquid oxygen to flow into the gas generator injector, causing the high pressure in the combustion chamber. This omission of the valve to function correctly led to the failure of the launch attempt [Article 12053]. (c) timing: The timing of the software failure incident is crucial. The issue with the stuck valve causing the high pressure in the combustion chamber occurred just before the launch attempt. This timing was critical as it led to the last-half-second shutoff of the engines, resulting in the launch being aborted [Article 12053]. (d) value: The software failure incident can also be attributed to a value failure. The valve that malfunctioned and caused the high-pressure problem in the combustion chamber was not providing the correct value in terms of controlling the flow of nitrogen used to purge the engine before ignition. This incorrect functioning of the valve led to the failure of the launch attempt [Article 12053]. (e) byzantine: There is no indication in the article that the software failure incident exhibited behaviors characteristic of a byzantine failure. (f) other: The software failure incident can be further described as a failure due to a hardware-software interaction issue. The malfunctioning valve, which was a hardware component, directly impacted the software-controlled systems by allowing liquid oxygen to flow into the gas generator injector, leading to the high pressure in the combustion chamber and subsequent shutdown of the engines [Article 12053].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence delay, non-human (delay) The consequence of the software failure incident was a delay in the launch attempt of the Falcon 9 rocket. The first launch attempt had to be aborted due to the faulty valve issue, causing a delay in the planned launch schedule. SpaceX engineers worked on replacing the faulty valve and planned a second launch attempt [Article 12053].
Domain transportation, knowledge (a) The failed system was intended to support the space exploration industry. The incident involved SpaceX's Falcon 9 rocket, which was set to launch the Dragon capsule into orbit to rendezvous with the International Space Station [Article 12053].

Sources

Back to List