The code that exploded a rocket

Top Quark

2 Jan 201905:45

Summary

TLDROn June 4, 1996, the European Space Agency's Ariane 5 rocket experienced a catastrophic launch failure due to a software bug. The rocket, designed for heavy payloads, exploded shortly after liftoff. The error stemmed from a 64-bit to 16-bit integer conversion that overflowed, causing incorrect velocity data. The guidance system, lacking error handling, sent erroneous information to the main computer, which misinterpreted it as a severe course deviation. This led to the rocket's self-destruction, resulting from an avoidable coding oversight in the flight software that had been used in smaller Ariane rockets without issue.

Takeaways

🚀 The Ariane 5 rocket was launched by the European Space Agency (ESA) on June 4, 1996, marking a significant step for scientific and commercial space missions.
🔬 The rocket was designed to carry large, expensive scientific and commercial payloads into space, symbolizing a new era for the ESA after a decade of design, testing, and billions of euros invested.
💥 Less than a minute after launch, the Ariane 5 rocket exploded, scattering debris over the launch area in a catastrophic failure.
🖥️ The cause of the disaster was a simple coding bug related to data conversion from a 64-bit floating-point number to a 16-bit integer in the rocket’s onboard guidance system.
🧮 The bug caused an integer overflow error, where the 16-bit integer could not accommodate the larger 64-bit floating-point number, resulting in erroneous data being sent to the main flight computer.
⚠️ Both the primary and backup guidance systems encountered the same overflow error due to identical code, leading both systems to crash.
🛑 The flight computer received the overflow error as valid navigational data, misinterpreting it as a severe deviation in the rocket's trajectory, triggering a corrective action.
💨 The computer's response placed immense aerodynamic stress on the rocket, ultimately causing it to break apart and triggering the self-destruct mechanism.
🚫 The faulty code was originally written for the Ariane 4 and worked correctly there, but it failed in Ariane 5 due to the latter's higher speed, which led to the overflow error.
🤦 The problematic code, which was part of the launch pad alignment process, was unnecessarily running after liftoff, due to a programming decision to keep it active for 40 seconds post-launch to avoid resetting delays.

Q & A

What was the significance of the Ariane 5 rocket launch on the 4th of June 1996?
-The Ariane 5 rocket launch was significant because it was the first launch of the new rocket designed by the European Space Agency (ESA) to carry large, expensive scientific and commercial payloads into space, marking a new era for ESA.
What was the primary payload of the Ariane 5 rocket on its maiden flight?
-The primary payload of the Ariane 5 rocket on its maiden flight was very expensive scientific satellites to be delivered into orbit.
What happened to the Ariane 5 rocket shortly after its launch?
-Shortly after the launch, the Ariane 5 rocket abruptly changed direction, started to break apart, and exploded less than a minute after liftoff.
What was the root cause of the Ariane 5 rocket disaster on its first launch?
-The root cause of the disaster was a simple and avoidable coding bug that led to an integer overflow error in the guidance system's software.
How did the coding bug affect the rocket's guidance system?
-The coding bug caused the guidance system to convert a 64-bit floating-point velocity reading into a 16-bit integer, which resulted in an overflow error when the velocity exceeded the maximum value storable in a 16-bit integer.
What is an integer overflow in the context of the Ariane 5 disaster?
-An integer overflow occurs when a value exceeds the maximum limit that can be stored in a given number of bits, causing the value to wrap around to the beginning of the range for that bit size.
Why did the guidance system shut down after the overflow error?
-The guidance system shut down because it lacked proper error handling code for the overflow situation, and instead sent an error message to the main flight computer and then shut down.
What was the role of the backup guidance system in the Ariane 5 disaster?
-The backup guidance system was supposed to take over if the primary system failed, but it was running the same code and thus experienced the same overflow error, leading to its crash as well.
How did the main flight computer react to the overflow error?
-The main flight computer interpreted the overflow error as a wildly inaccurate velocity reading, indicating that the rocket was dangerously off course, which triggered its self-destruct mechanism.
Why was the flawed flight software not detected before the launch?
-The flawed flight software had been used previously on smaller Ariane rockets without issues, and the higher velocity of the Ariane 5 was not anticipated when the software was originally written.
What was the unnecessary part of the code that contributed to the disaster?
-The unnecessary part of the code was related to the launch pad alignment process, which was kept running for 40 seconds after liftoff to avoid resetting the system in case of launch delays.