[cap-talk] Ariane 5 meme

David-Sarah Hopwood david.hopwood at industrial-designers.co.uk
Fri Apr 11 13:56:41 CDT 2008

Jed Donnelley wrote:
> On 4/11/2008 8:30 AM, David-Sarah Hopwood wrote:
>> Jed Donnelley wrote:
>>> Ariane 5 story (floating overflow and how it caused rocket
>>> to fail).
>> Just to avoid spreading inaccurate memes:
>> The arithmetic was fixed point (that kind of system rarely uses
>> floating point). The overflow *was* detected, but not handled
>> correctly: the resulting error was reported in-band and confused
>> for legitimate data (not that detecting it as an error would
>> necessarily have been sufficient to save the mission at that point).
>> The problem was not discovered in advance because it was incorrectly
>> assumed that the testing of that part of the system done for Ariane 4
>> was sufficient, even though the range of the parameter that overflowed
>> was known to be greater in Ariane 5.
>> <http://en.wikipedia.org/wiki/Ariane_5_Flight_501>
>> <http://sunnyday.mit.edu/accidents/Ariane5accidentreport.html>
> Butler was discussing how there is well understood technology
> for increasing dependability through redundancy.  He was noting,
> however, that you need independence of the failure mechanisms
> which is often difficult to achieve with software.  Since I was
> just taking notes, here is what Butler said literally about
> Ariane 5:
> _____
> The reason for that <destruction of Ariane 5> was that
> there was an overflow in the floating point to integer
> conversion inside a module that was actually not being
> used for anything.

As I said, it was fixed point, not floating point (and that distinction
does matter). The module was being used for something -- just something
that *could* have been designed out. I agree that there's not much point
in discussing this on cap-talk, though.

David-Sarah Hopwood

More information about the cap-talk mailing list