Information Technology Reference
In-Depth Information
Three expensive software errors
NASA's Mariner 1 Space Probe (1962)
A bug in the flight software for the Mariner 1 (
Fig. 4.14
)
mission caused the rocket to divert from its intended path on
launch. Mission control destroyed the rocket over the Atlantic
Ocean 293 seconds after launch. NASA's website says the problem
was caused by a combination of two factors. Improper operation
of the Atlas airborne beacon equipment resulted in a loss of the
rate signal from the vehicle. The airborne beacon used for obtain-
ing rate data was inoperative for four periods ranging from 1.5
to 61 seconds in duration. Additionally, the Mariner 1 Post Flight
Review Board determined that the omission of a hyphen in the
data-editing program allowed transmission of incorrect guidance
signals to the spacecraft. During the periods the airborne beacon
was inoperative, the missing hyphen in the data-editing program
caused the computer to incorrectly accept the sweep frequency
of the ground receiver as it sought the vehicle beacon signal and
combined this data with the tracking data sent to the guidance
computation. This caused the computer to automatically gener-
ate a series of unnecessary course corrections using the errone-
ous steering commands and these finally threw the spacecraft off
course. The science fiction author Arthur C. Clarke wrote several
years later that Mariner 1 was “wrecked by the most expensive
hyphen in history.”
30
Fig. 4.14. Mariner 1 Space probe to Venus was
the first interplanetary mission aiming to put a
satellite around Venus. There are various stories
about the reason why this mission had to be
aborted. Most of them firmly point at a bug
in the FORTRAN code of the guidance system
that unexpectedly changed the trajectory of
the rocket. A hyphen (overbar) missed in a
mathematical expression led to the $80 million
failure. Five months later the Mariner 2 was suc-
cessfully launched and completed the mission.
Ariane 5 Flight 501 Launch (1996)
In his Turing Award lecture, Tony Hoare warned of the dangers of the complexities of the ADA pro-
gramming language:
And so, the best of my advice to the originators and designers of ADA has been ignored. In this last resort, I
appeal to you, representatives of the programming profession in the United States, and citizens concerned
with the welfare and safety of your own country and of mankind: Do not allow this language in its present
state to be used in applications where reliability is critical, i.e., nuclear power stations, cruise missiles, early
warning systems, anti-ballistic missile defense systems. The next rocket to go astray as a result of a program-
ming language error may not be an exploratory space rocket on a harmless trip to Venus: It may be a nuclear
warhead exploding over one of our own cities. An unreliable programming language generating unreliable
programs constitutes a far greater risk to our environment and to our society than unsafe cars, toxic pesti-
cides, or accidents at nuclear power stations. Be vigilant to reduce that risk, not to increase it.
31
Some of the ADA code for the Ariane 4 rocket was reused in the Ariane 5's control software. The error was
in the code that converts a 64-bit floating-point number to a 16-bit signed integer. The faster engines caused
the 64-bit numbers to be larger in the Ariane 5 than in the Ariane 4. This triggered an overflow condition
that resulted in the flight computer crashing. The backup computer then also crashed, followed 0.05 seconds
later by a crash of the primary computer. As a result of these software crashes, the mission was terminated
thirty-seven seconds after launch (
Fig. 4.15
).
Search WWH ::
Custom Search