Ariane 5 Rocket Explosion Caused by a Software Integer‑Overflow Bug

On June 4 1996 the European Space Agency launched the Ariane 5 rocket, marking a significant milestone in space exploration.

However, the mission ended in a catastrophic explosion costing nearly €5 billion, traced to a single line of code.

Approximately 30 seconds after liftoff, at about 3 700 meters altitude, the rocket deviated from its planned trajectory and disintegrated.

The primary cause was a software defect in the guidance system responsible for adjusting the rocket’s heading.

This defect originated from a code segment originally written for the Ariane 4 rocket a decade earlier, which was neither properly updated nor removed in the Ariane 5 design.

During flight, the guidance system continuously monitored the rocket’s trajectory and transmitted speed data to the main computer, converting the measurements from a 64‑bit floating‑point format to a 16‑bit signed integer format.

While a 16‑bit unsigned integer can represent values from 0 to 65 535 and a 16‑bit signed integer from –32 768 to 32 767, a 64‑bit unsigned integer ranges up to 18 446 744 073 709 551 615 and a signed 64‑bit integer up to 9 223 372 036 854 775 807.

If the 64‑bit floating‑point speed value exceeds the range of a 16‑bit signed integer, an overflow occurs during conversion.

In this case, the speed data overflowed the 16‑bit integer’s capacity, causing the conversion to fail; the guidance system could not correctly transmit speed information to the main computer, leading to loss of navigation and the eventual explosion.

A robust system design would include error‑handling mechanisms to address such overflow situations, but the Ariane 5’s design lacked this safeguard.

Lessons:

Code reuse risk: Even code copied from older systems must undergo thorough review and testing to ensure suitability for the new system.

Exception handling: System designs should incorporate mechanisms to gracefully handle errors or anomalous data, preventing disastrous outcomes.

Data type conversion: Conversions must be performed safely, ensuring that values remain within target type ranges to avoid overflow or precision loss.

System testing: Comprehensive testing—including unit, integration, and stress tests—is essential to verify system behavior under varied conditions.

Code review: Regular reviews help identify and correct potential defects before deployment.

Documentation and comments: Clear documentation and inline comments aid understanding of code purpose and limitations, reducing misuse.

Backup and redundancy: Designing backup systems and redundancy mechanisms enhances reliability and fault tolerance.

Continuous learning and improvement: Learning from failures and iteratively improving processes helps prevent repeat incidents.

Cross‑team communication: Effective communication across teams ensures all stakeholders are aware of system aspects, risks, and constraints.