We normally think of software bugs as minor problems. If your laptop crashes, so what? You might lose a few sentences in a document you are typing. That is about the worst thing that can happen if you are saving your work and backing up regularly.

But there are some places where software bugs are more problematic. For example, if an X-ray machine contains a piece of software that miscalculates the power of the X-ray beam, patients can get an overdose of radiation that has real consequences.

Nowhere is the problem of “fatal bugs” more obvious than in the space program. Here a bug can kill people or destroy billion-dollar satellites. One of the most famous space bugs occurred in a computer controlling the Mars Climate Orbiter, as described here. Another famous bug can be found in this article:

A bug and a crash – Sometimes a Bug Is More Than a Nuisance

From the article:

It took the European Space Agency 10 years and $7 billion to produce Ariane 5, a giant rocket capable of hurling a pair of three-ton satellites into orbit with each launch and intended to give Europe overwhelming supremacy in the commercial space business.

All it took to explode that rocket less than a minute into its maiden voyage last June, scattering fiery rubble across the mangrove swamps of French Guiana, was a small computer program trying to stuff a 64-bit number into a 16-bit space.

One bug, one crash. Of all the careless lines of code recorded in the annals of computer science, this one may stand as the most devastatingly efficient. From interviews with rocketry experts and an analysis prepared for the space agency, a clear path from an arithmetic error to total destruction emerges…

Obviously there is a huge incentive to avoid bugs like this, so how does NASA go about writing perfect code when it creates the programs for the space shuttle computers? Here’s the answer:

They Write the Right Stuff

The right stuff is the software. The software gives the orders to gimbal the main engines, executing the dramatic belly roll the shuttle does soon after it clears the tower. The software throttles the engines to make sure the craft doesn’t accelerate too fast. It keeps track of where the shuttle is, orders the solid rocket boosters to fall away, makes minor course corrections, and after about 10 minutes, directs the shuttle into orbit more than 100 miles up. When the software is satisfied with the shuttle’s position in space, it orders the main engines to shut down — weightlessness begins and everything starts to float.

But how much work the software does is not what makes it remarkable. What makes it remarkable is how well the software works. This software never crashes. It never needs to be re-booted. This software is bug-free. It is perfect, as perfect as human beings have achieved. Consider these stats : the last three versions of the program — each 420,000 lines long-had just one error each. The last 11 versions of this software had a total of 17 errors. Commercial programs of equivalent complexity would have 5,000 errors.

[[[Jump to previous question - Why didn't this window break?]]]