On June 4, 1996, European heavy lift launch vehicle Ariane 5’s first test flight failed with the rocket self-destructing 37 seconds after launch because of a malfunction in the control software. A data conversion from 64-bit floating point value to 16-bit signed integer value to be stored in a variable representing horizontal bias caused a processor trap (operand error) because the floating point value was too large to be represented by a 16-bit signed integer.
The Ariane rocket family is used to deliver payloads into geostationary transfer orbit (GTO) or low Earth orbit (LEO). The Ariane 5 rockets are manufactured under the authority of the European Space Agency (ESA) and the Centre National d’Etudes Spatiales.
Cluster was a constellation of four European Space Agency spacecraft which were launched on the maiden flight of the Ariane 5 rocket, Flight 501, and subsequently lost when that rocket failed to achieve orbit. The launch on 4 June 1996 failed due to an error in the software design caused by assertions having been turned off, which in turn caused inadequate protection from integer overflow.
The spacecraft were to have flown in a tetrahedral formation, and were intended to conduct research into the Earth’s magnetosphere. The satellites would have been placed into highly elliptical orbits, 17,200 by 120,600 kilometres.
Ariane 5’s flight plan significantly differed from previous models. Its greater horizontal acceleration caused the computers in both the back-up and primary platforms to crash and emit diagnostic data misinterpreted by the autopilot as spurious position and velocity data. The error could not be discovered before launch because no pre-flight tests were performed on the inertial platform under simulated Ariane 5 flight conditions.
The greater horizontal acceleration caused a data conversion from a 64-bit floating point number to a 16-bit signed integer value to overflow and caused a hardware exception. The exception halted the reference platforms, resulting in the destruction of the flight. However, even though a software error was identified as the direct cause, it was considered to be made possible by everal system design failures and management issues.
After the failure, four replacement Cluster II satellites were built and launched in pairs aboard Soyuz-U/Fregat rockets in 2000. The launch failure brought the high risks associated with complex computing systems to the attention of the general public, politicians, and executives, resulting in increased support for research on ensuring the reliability of safety-critical systems. The subsequent automated analysis of the Ariane code was the first example of large-scale static code analysis by abstract interpretation.
References and Further Reading: