A report from the United States General Accounting Office begins ``On February 25, 1991, a Patriot missile defense system operating at Dhahran, Saudi Arabia, during Operation Desert Storm failed to track and intercept an incoming Scud. This Scud subsequently hit an Army barracks, killing 28 Americans". More details can be found in the following reference:
Patriot missile defense: Software problems led to system failure at Dhahran, Saudi Arabia. Report GAO/IMTEC-92-26, Information Management and Technology Division, US General Accounting Office, Washington DC, Feb. 11992, 16 pp.
The report finds that the failure to track the Scud missile was caused by a precision problem in the software.
The computer used to control the Patriot missile is based on a 1970s design and uses 24-bit arithmetic. The Patriot system tracks its target by measuring the time it takes for radar pulses to bounce back from them. Time is recorded by the system clock in tenths of a second, but is stored as an integer. To enable tracking calculations the time is converted to a 24-bit floating point number. Rounding errors in the time conversions cause shifts in the system's ``range gate", which is used to track the target.
Table 1: Effect of extended run time on Patriot Missile Operation
On Feb. 11, 1991, the Patriot Project Office received field data identifying a shift in the Patriot system's range gate after the system had been running continuously for 8 hours. This data implied that after 20 consecutive hours of use the system would fail to track and intercept a Scud. Modified software that compensated for the inaccurate time calculation was released on Feb. 16 by army officials. On Feb. 25, Alpha Battery, which was protecting the Dhahran Air Base, had been in continuous operation for over 100 hours. The inaccurate time calculations caused the range gate to shift so much that the system could not track the incoming Scud. On Feb. 26, the next day, the modified software arrived in Dhahran. Table 1, taken from the report cited above, shows clearly how, with increasing time of operation, the Patriot lost track of its target. Note that the numbers in Table 1 are consistent with a relative error of in the computer's representation of , this constant being used to convert from the system's clock tenths of a second to a second ( is the relative error introduced by chopping to 23 bits after the binary point).
For continuous operation exceeding 20 hours is outside target range.
Alpha battery ran continuously for 100 hours.
Figure 3: Backward and Forward Errors for . The thick line corresponds to exact and the thin line is the computed value.