Skip to content
Tech News
← Back to articles

We found an undocumented bug in the Apollo 11 guidance computer code

2026-04-07 | original
read original get NASA Apollo 11 Model Kit → more articles
Why This Matters

Researchers uncovered a previously unknown bug in the Apollo 11 guidance computer code, which had gone unnoticed for over five decades despite extensive scrutiny. This discovery highlights the importance of modern analysis tools and formal verification methods in ensuring the reliability of critical legacy systems, with implications for both space exploration and other safety-critical industries.

Key Takeaways

The Apollo Guidance Computer (AGC) is one of the most scrutinised codebases in history. Thousands of developers have read it. Academics have published papers on its reliability. Emulators run it instruction by instruction. We found a bug in it that had been missed for fifty-seven years: a resource lock in the gyro control code that leaks on an error path, silently disabling the guidance platform's ability to realign.

We used Claude and Allium, our open-source behavioural specification language, to distil 130,000 lines of AGC assembly into 12,500 lines of specs. The specs were derived from the code itself, and the process signposted us directly to the defect.

Charting the code

The source code has been publicly available since 2003, when Ron Burkey and a team of volunteers began painstakingly transcribing it by hand from printed listings at the MIT Instrumentation Laboratory. In 2016, former NASA intern Chris Garry’s GitHub repository went viral, topping the trending page. Thousands of developers scrolled through the assembly language of a machine with 2K of erasable RAM and a 1MHz clock.

The AGC’s programs were stored in 74KB of core rope: copper wire threaded by hand through tiny magnetic cores in a factory (a wire passing through a core was a 1; a wire bypassing it was a 0). The women who wove it were known internally as the “Little Old Ladies”, and the memory itself was called LOL memory. The program was physically woven into the hardware. Ken Shirriff has analysed it down to individual gates, and the Virtual AGC project runs the software in emulation, having confirmed the recovered source byte-for-byte against the original core rope dumps.

As far as we can determine, no formal verification, model checking or static analysis has been published against the flight code. The scrutiny has been deep, but it has been a particular kind of scrutiny: reading the code, emulating the code, verifying the transcription.

We took a different approach. We used Allium to distil a behavioural specification from the Inertial Measurement Unit (IMU) subsystem, the gyroscope-based platform that tells the spacecraft which way it is pointing. The specification models the lifecycle of every shared resource: when it is acquired, when it must be released, and on which paths.

It surfaced a flaw that reading and emulation had missed.

Losing the reference

The AGC manages the IMU through a shared resource lock called LGYRO . When the computer needs to torque the gyroscopes (to correct platform drift or perform a star alignment), it acquires LGYRO at the start and releases it when all three axes have been torqued. The lock prevents two routines from fighting over the gyro hardware at the same time.

... continue reading

Explore topics: apollo guidance computer agc assembly ron burkey nasa mit
Related:
Protect Your Shed
Celebrating Excellence: 2025 IEEE Transactions on Mobile Computing Awards
Artemis II Astronauts Name Moon Crater After Commander Reid Wiseman's Late Wife
Artemis II Astronauts Are Using iPhones to Capture Stunning Space Images
5 Things We Noticed During NASA’s Historic Lunar Flyby

© 2026 GoKawiil

About | Editorial Policy | Contact