ESA's Schiaparelli Mars probe crashed because of integer overflow

Fri Nov 25 09:06:14 PST 2016

On Friday, 25 November 2016 at 09:19:26 UTC, Alix Pexton wrote:
> On 25/11/2016 07:14, Patrick Schluter wrote:
>> On Thursday, 24 November 2016 at 20:22:00 UTC, Timon Gehr 
>> wrote:
>>> On 24.11.2016 20:49, qznc wrote:
>>>> Although, the article [0] does not say that literally, it 
>>>> sounds like an
>>>> integer overflow:
>>>>
>>>>> After trawling through mountains of data, the European 
>>>>> Space Agency
>>>>> said Wednesday that while much of the mission went 
>>>>> according to plan,
>>>>> a computer that measured the rotation of the lander hit a 
>>>>> maximum
>>>>> reading, knocking other calculations off track.
>>>>
>>>>> That led the navigation system to think the lander was much 
>>>>> lower than
>>>>> it was, causing its parachute and braking thrusters to be 
>>>>> deployed
>>>>> prematurely.
>>>>
>>>>> "The erroneous information generated an estimated altitude 
>>>>> that was
>>>>> negative—that is, below ground level," the ESA said in a 
>>>>> statement.
>>>>
>>>> That is why we need CheckedInt, folks. Reminder End. ;)
>>>>
>>>>
>>>> [0] 
>>>> http://phys.org/news/2016-11-glitch-blamed-european-mars-lander.html
>>>
>>> I don't think overflow is what happened. Rather, the 
>>> statistical model
>>> they used to filter the sensor data didn't match reality. It 
>>> put too
>>> much trust into a malfunctioning sensor -- I assume the sensor
>>> readings were extremely implausible.
>>
>> Hey, sounds suspicously similar to Ariane 5 explosion. Does 
>> ESA not
>> learn from its errors or am I only reading too much in it 
>> (probably)?
>
> I thought Ariane was caused by errorcodes from one module being 
> sent on the same bus as telemetry and interpreted as 
> instructions by another module?
>
> A...

Nope it was an oveflowing down cast
https://around.com/ariane.html
The irony was that the specific module that had made the wrong 
calculation was even formally proved to be correct.
This accident also gave Bertrand Meyer (Eiffel) a lot of wind for 
his sails about design by contract
https://archive.eiffel.com/doc/manuals/technology/contract/ariane/
in that context it might be even interesting for the D language, 
as it is one of the few languages that have (inbuilt) contracts.