Patriot Missile Floating Point Software Problem Led to Deaths of 28 Americans





next up previous
Next: Backward and Forward
Up: No Title
Previous: Floating Point Number


A report from the United States General Accounting Office begins “On
February 25, 1991, a Patriot missile defense system operating at
Dhahran, Saudi Arabia, during Operation Desert Storm failed to track and
intercept an incoming Scud. This Scud subsequently hit an Army barracks,
killing 28 Americans”. More details can be found in the following
reference:

Patriot missile defense: Software problems led to system failure at Dhahran,
Saudi Arabia. Report GAO/IMTEC-92-26, Information Management and Technology
Division, US General Accounting Office, Washington DC, Feb. 11992, 16 pp.

The report finds that the failure to track the Scud missile was
caused by a precision problem in the software.

The computer used to control the Patriot missile is based on a 1970s design
and uses 24-bit arithmetic. The Patriot system tracks its target by
measuring the time it takes for radar pulses to bounce back from them. Time
is recorded by the system clock in tenths of a second, but is stored as
an integer. To enable tracking calculations the time is converted to
a 24-bit floating point number. Rounding errors in the time conversions
cause shifts in the system’s “range gate”, which is used to track the target.

  

Table 1: Effect of extended run time on Patriot Missile Operation

On Feb. 11, 1991, the Patriot Project Office received field data identifying
a shift in the Patriot system’s range gate after the system had been
running continuously for 8 hours. This data implied that after 20
consecutive hours of use the system would fail to track and intercept a
Scud. Modified software that compensated for the inaccurate time calculation
was released on Feb. 16 by army officials. On Feb. 25, Alpha Battery,
which was protecting the Dhahran Air Base, had been in continuous operation
for over 100 hours. The inaccurate time calculations caused the range
gate to shift so much that the system could not track the incoming Scud.
On Feb. 26, the next day, the modified software arrived in Dhahran. Table
1, taken from the report cited above, shows clearly how, with
increasing time of operation, the Patriot lost track of its target. Note
that the numbers in Table 1 are consistent with a relative error
of in the computer’s representation of , this constant
being used to convert from the system’s clock tenths of a second to a
second ( is the relative error introduced by chopping
to 23 bits after the binary point).

[1]For continuous operation exceeding 20 hours is outside target range.

[2]Alpha battery ran continuously for 100 hours.

  

Figure 3: Backward and Forward Errors for . The thick line corresponds
to exact and the thin line is the computed value.


next up previous
Next: Backward and Forward
Up: No Title
Previous: Floating Point Number



Dinesh Manocha
Wed Jan 8 00:43:08 EST 1997

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *