You may be wondering what this article is about, and you may have caught the reference to Kendrick Lamar’s How Much A Dollar Cost.
So, what do Kendrick’s song and bytes have in common? Nothing, to be honest.
This whole article’s merely a storytelling experiment.
Without further ado, let’s begin with our story.
An Expensive Lesson
How much a byte really cost?
The question is detrimental, paralyzin’ my thoughts
It was 1996 — June the 4th precisely — and the European Space Agency was ready to launch a brand new rocket named Ariane 5 from its base in Kourou, French Guiana. It was Ariane 5 maiden flight, named without much fantasy Flight 501.
There were some clouds in the sky, a light breeze, good weather for a launch.
The Ariane 5, a beast more than 40 meters in height, was towering in the air, ready to fulfill its duty to escape gravity.
The tension was palpable among the technical operators, scientists, engineers preparing for the launch, and spectators on the seashore.
The countdown started.
Engineers’ emotions rapidly faded away as the blood began rushing to aliment the logic networks in their brains.
Ten.
Nine.
Eight.
Casual tourists and space enthusiasts on the seashore were waiting, watching in the direction of the Kourou Space Centre, for the rocket to begin its struggles to escape gravity. They couldn’t tell if it was seconds or minutes before launch.
They had been wavering from moments of increased tension whenever a new sound, or smoke, emerged from the launch platform to moments of seeming calm for the past few minutes.
Seven.
Six.
Five.
Halfway through.
So far, so good — glimpsed inside the mind of everyone in the mission control room, like they were telepathic.
Four.
Three.
Two.
One.
The hearth of everyone skipped a beat.
Go.
It was lifting-off. The rocket was lifting-off!
It was too early to relax, but the first big step went smoothly.
Was it a good sign, no?
Unfortunately, no. Ariane 5’s maiden flight wasn’t a success, quite the opposite indeed.
The Failure
People were starin’ at their monitors in disbelief.
Ten seconds from takeoff had passed.
Everything was going smoothly.
The seconds became twenty, and then thirty.
The mission was proceeding as planned.
Operators’ muscles finally started to relax a bit.
Another seven seconds passed.
Many in the mission control room began moving frantically towards their monitors, mouses, and keyboards in a desperate attempt to restore the Ariane 5 trajectory. It was already too late. There was nothing they could do.
Few more tenths of a second passed.
The Ariane 5 exploded at an altitude of 3700 meters.
Mission operators were astonished.
Why? What? How?
Why the rocket exploded?
What was the mistake?
How could an error with this catastrophic outcome be missed?
The Cause
Guilt trippin’ and feelin’ resentment
Following the disaster, ESA started an inquiry to find what caused the rocket to swerve off course and explode.
The inquiry board found a surprisingly trivial programming error to be the root of the snowball of events that eventually caused the Ariane 5 loss.
The error happened to be in a well-tested component, the inertial reference platform, inherited from the Ariane 4, its older sibling.
The Ariane 5’s higher horizontal acceleration, compared to its sibling, caused a data conversion from a 64-bit float number to a 16-bit signed integer.
The conversion ultimately caused the integer’s overflow and raised an exception.
Put in simple terms, think of it as trying to fit a bottle of water in a glass: everything goes smoothly for a while before, suddenly, it doesn’t, and water starts to overflow the glass, spilling onto the table.
Flight 501’s turning point, when water starts to overflow, has been at about 3700 meters.
Although this is commonly accredited to be the single cause of the failure, there are at least three other concurrent causes.
The overflow alone wouldn’t be enough to explain the loss of the space rocket.
A dominant role in the chain of events leading to the disaster accredits to poorly written exception handlers.
Handlers are specific pieces of code responsible for handling errors and exceptional circumstances. If properly designed, they can preserve correct execution in dangerous situations. They put “code execution back on track.”
It is plausible that better-designed error handlers would have lead to a thoroughly different outcome.
Code errors aside, many suggest the Software Design process as the real responsible.
The overflow — result of an unprotected float-integer cast — was due to optimization assumptions that were right for the Ariane 4 but not for its younger sibling.
Id est, Ariane 4 previous launches never resulted in a horizontal acceleration big enough to result in an overflow. Due to this, to speed up code execution, IRS programmers didn’t bother putting a horizontal acceleration’s overflow check.
Unfortunately, it was the same IRS acquired by the Ariane 5. But the rocket differences from its predecessor didn’t result in a review of the assumptions and new tests. As a consequence, there was no test for an overflow.
Conclusions
The lessons to learn from this story are:
- software isn’t a joke, and good Software Design is a fundamental requisite in critical environments
- proper error handling is crucial to avoid disasters
- tests for the same component may differ in different scenarios.
To conclude, we can now answer our original question: how much a byte cost?
How much a byte cost?
The estimated cost for the loss of rocket and cargo was around 370 million dollars.
The cast tried to fit an 8 bytes variable into 2 bytes, so there were six missing bytes.
Under these premises, the rough cost-per-byte was around:
60 million dollars.
That’s an unbelievable amount if you think you can buy a 128GB USB for less than 20 bucks.
[1] Stack Overflow. type conversion — How is it possible, in Ada, to have a code failure from assigning a 64bit floating point number to a 16bit integer? — Stack Overflow
Top comments (0)