Developers and users are overconfident in the system reused system software may not work correctly in different environments. Case studies patriot missile antimissile system, dahran 1991 dahran failure 1991 1 launch of a scud missile 2 detection by the radars of the patriot system but failure to con. The purpose of this assignment is to interpret and analyze the need for extremely reliable faultless software in lifecritical situations, using the mim104 patriot tactical air defense missile system with its computercontrolled realtime operating system as an example. Patriot missile risk, patriot misled, patriot fails again patriots down iraqui missiles general problem. Failed intercept at dhahran caused by a software error in. Patriot missile software failure, 28 soldiers died. Only the search and track actions of the radar are digitally simulated. Patriot is an ad guided missile system designed to cope with the ad threat beyond the year 2000. A government investigation revealed that the failed intercept at dhahran had been caused by a software error in the systems handling of timestamps. Due to the missiles speed this was equivalent to a miss distance of 600 meters. Raytheons patriot is a missile defense system consisting of radars, commandandcontrol technology and multiple types of interceptors, all working together to detect, identify and defeat tactical ballistic missiles. Software was in place to filter out false missile detections of this very nature, but a bug in the software let the alerts through anyway.
I thought id see what would happen if i clipped out of. When patriot systems were brought into the gulf conflict, the software was modified several times to cope with the high speed of ballistic missiles, for which the system was not originally designed. Prior to the incident, army officials had fixed the software to improve the patriot systems accuracy. Most expensive software mistakes dcsl software ltd. S400 sa20 triumf supports that, as do the the websites mentioned in this article under external links by stating the maximum range at 200km.
On february 21, 1991, the patriot project office sent a message to patriot users stating that very long run times could cause a shift in the range gate, resulting in the target being offset. At least one of these software modifications was the introduction of a subroutine for converting clocktime more accurately into floatingpoint. The missile failed several times due to some software problem which led to system failure of the missile. Patriot missile system timing issue leads to 28 dead. On february 25, 1991, during the gulf war, an american patriot missile battery in dharan, saudi arabia, failed to track and intercept an incoming iraqi scud missile. Patriot missile failure february 1991, during first gulf war. A booster went off course during launch, resulting in the destruction of nasa mariner 1. Must have successfully completed the following courses. Report gaoimtec9226, information management and technology. The ert is used in both the institution and unit to train patriot missile crewmembers in transporting, handling, and unloading procedures of expended round canisters.
The patriot missile battery at dhahran had been in operation for 100 hours, by which time the systems internal clock had drifted by onethird of a second. The anmpq53 at the heart of the system is known as the phased array tracking radar to intercept on target. What are some famous bugs in the computer science world. The calculation was performed in 24 bit floating register. The mim104 patriot is a surfacetoair missile sam system, the primary of its kind used by the united states army and several allied nations. On the night of the 25th of february, 1991, a patriot missile system operating in dhahran, saudi arabia, failed to track and intercept an incoming scud. The software error wiki alludes to is that the patriot missile kept track of its internal clock with floating point numbers. While the patriot missile system was largely successful throughout the conflict, it failed to track and intercept a scud missile that would strike an american barracks. On february 25, 1991, a patriot missile defense system operating at. Only now does the truth about the tragedy begin to emerge. The patriot missile system consists of an advanced radar. Part of this technology was that of the patriot missile air defence system.
Software defects come in many forms, from those that cause a brief inconvenience to those that cause fatalities, with a wide range of consequences in between. The patriot defense system consists of an electronic detection device called the range gate. Results in brief sile because of a software problem in the systems weapons control com. Reservations, ticketing, and baggage handling causes. The combat element of the patriot missile system is the fire unit, which consists of a phased array radar set rs, an engagement control station ecs, an electric.
Errors, failures, and risks university of victoria. Rtos concepts part 1 embedded system tutorial, news. On the day of the incident, the system had been operating for more than 100 hours, and the inaccuracy was serious enough to cause the system to look in the wrong place for the incoming missile. At least countries are interested in buying a russian. Some of them cause uncomfortable work, more actions than expected, inconsistency, layout issues, etc. Due to patriots unique startup in the basement of a factory 3minute 1986 video, we have a huge respect for business owners. Before the heathrow airport in london launched its terminal 5, a new baggage handling system was built to carry large amounts of luggage. By far the most tragic computer software blunder on our list occurred on february 25, 1991, during the gulf war. The s400, a mobile longrange surfacetoair missile system, is the kremlins answer to americas patriot and thaad platforms. During the first gulf war, an american patriot missile system in saudi arabia failed to intercept an incoming iraqi scud missile. The patriot advanced capability3 pac3 system upgrade, along with the pac3 missile, will provide an advanced antitactical missile capability to the current fielded system.
Bush stated in the state of union message of january. The patriot system is comparable to the s300 missile system fielded by russia and many other countries in that both are modern, roadmobile, radarguided sam systems. Integer overflowunderflow and floating point imprecision. A congressional notification regarding a potential patriot sale to sweden has been completed. Software bug may cause patriot missile errors infoworld. Two weeks earlier, on february 11, 1991, the israelis had identified the problem and informed the u. Informative physically the light tower also has a blue light in addition to. The patriot missile failure in dharan, saudi arabia, on february 25, 1991 which resulted in 28 deaths, is ultimately attributable to poor handling of rounding errors. So, value of 110 th second is truncated in 24 bits where as exact value is 0.
Good engineering practice dictates that a system should be designed so that no single point of failure leads to catastrophe. Patriot missile batteries and the dangers of software errors. Mim104 patriot wikipedia on february 25, 1991, an iraqi scud hit the barracks in dhahran, saudi arabia, killing 28 soldiers from the u. The russian system instantly sent priority messages up saying that the united states had launched five ballistic missiles. As far as i could find the missile is at most compatible with the s300 system, but was developed as a part of the s400 program. It was tested using 12,000 bags and worked without a problem. Office in huntsville, alabama sent a message to patriot users stating that very long run times. Study 27 terms computer science flashcards quizlet. The tracking system relied upon getting signals from the. The calculation was supposed to be stopped 9 seconds before launch, but the inertial reference system had been reset during.
Lockheed martin makes the thaad, or terminal high altitude area defense, system, while raytheon makes the patriot. A report of the general accounting office, gaoimtec9226, entitled patriot missile defense. The iraqi missile impacted into an army barracks, killing 28 u. Embedded control systems designlearning from failure. A computer software glitch shut down the patriot s radar system, blinding dhahrans antimissile batteries. It calculates the area in the air space where it should look for the target such as a scud. Raytheon claims 100% success rate for patriot missiles in. False arrests due to similar names in the ncic software error. Patriot missile when the system turned on then it measure the time in 100 ms.
Patriot battery system technician sr field engineer i. Our philosophy is to go above and beyond to help you be successful. An operational patriot battery includes a missile launcher unit, a generator unit, an antennae mast group, a radar unit, and a number of other support components. Top 15 worst computer software blunders intertech blog. Top ten most infamous software bugs of all time sundog.
What computer programs have accidentally killed someone. Patriot missile system phased array tracking radar to intercept on target or patriot its initial purpose was as an antiaircraft system, but it quickly became used as antitactile ballistic missiles. Engineers tested the system thoroughly before opening the terminal to the public with over 12,000 test pieces of luggage. Explain the mistakes that led to the failure of the patriot missile system. The patriot missile was used in the gulf war on feb 25, 1991, as a defense from the iraqi scud missiles. Round off errors and the patriot missile the numerical. Summary software engineering issues numerical algorithm at an extremely low level led to total system failure and loss of human life. Software reliability is the probability of failurefree software operation for a specified period of time in a specified environment. It was updated several times to cope with the high speed of ballistic missiles, for which the system was not originally designed. This doesnt explain the deviation of the patriot missile, but there is a second problem. Software problem led to system failure at dhahran, saudi arabia reported on the cause of the failure. Little journey through the history of most critical software bugs with some code examples. It differs from hardware reliability in that it reflects the design perfection, rather than manufacturing perfection. The software used by the computer was written in assembly language 20 years ago.
World heritage encyclopedia, the aggregation of the largest online encyclopedias available, and the most. The software on this missile system converted clock time to more accurate floatingpoint figures for calculation. Army patriot operator and system mechanic course for mos. Looking through some of my favorite articles of all time, i came across this jewel from 2005 wired newss 10 worst bugs in history. It turns out that the cause was an inaccurate calculation of the time since boot due to computer arithmetic errors. However, due to a problem in the way it was designed, the timing became more and more inaccurate the longer it ran.
The single failure the president acknowledged was at a u. In the role of verifying that the pac3 missile components and software are properly integrated into the patriot system, the gtsf is the only facility that will have tactically configured computers and software in the system operating within a single hwil facility. This was the result of the failure of a transcriber to notice an overbar in a written specification for the guidance program, resulting in the coding of an incorrect formula in its fortran software. Software problems led to system failure at dhahran, saudi arabia. Patriot missile software problem, is software to blame. Software reliability is also an important factor affecting system reliability. Army and the patriot project office, the software manufacturer. Also, one of its failures also resulted in the scud to strike the american army base. Army air defense school or the patriot missile system contractor. Must be able to lift 50 lbs and work in extreme heat. When the machine had been booted in the recent past, such as every time in testing, the floating point number spent most of its precision to the right of the decimal point. After taking a look at 20 or so of the worst software failures in history, i have compiled my own. To find out where the patriot missile should be next, it calculates its location based on the velocity of the scud and the last time the radar detected the scud.
The problem with the therac25 system was the lack of software or hardware devices to detect and report overdoses and shut down the reactor immediately. The pentagon initially explained that patriot batteries had withheld their fire in the belief that dhahrans deadly scud had broken up in midflight. Patriot missile software problem unc computer science. The message also said a software change was being sent that would improve the systems targeting. The threat characteristically employs defense suppression tactics. The initial reporting of the cause of this bug was incorrect. Round off errors and the patriot missile a software bug led to killing of 28 soldiers twentyeight americans were killed on february 25, 1991 when an iraqi scud hit the army barracks in dhahran, saudi arabia. Software bug may cause patriot missile errors network world. I remember at the time i felt like their list was incomplete, and it has always bugged me a little bit yes, pun intended.
597 897 475 133 719 220 1431 31 5 35 1454 441 701 153 1612 823 603 1537 369 1122 9 389 370 261 1692 1294 1070 841 1696 1011 354 269 1103 1474 1064 166 1678 596 1354 580 787 261 942 1487 783