Software Test Lapse May Have Killed 28 Americans in 1991
Twenty-eight Americans from the Pennsylvania National Guard killed on 25 February 1991 by a Scud missile in the Gulf War might still be alive today if it were not for a failure in the Patriot missile defense system that could have saved them. In a TechRadar.com story (via Slashdot), we are reminded that the Patriot's failure was at least in part caused by a software flaw. Hitting the incoming Iraqi Scud missile was within the capability of the Patriot system, yet it missed. As several reader comments pointed out, the error could be seen as a result of "boneheaded programming."
Not a new story, this software problem was exposed by Brian Hayes in his paper "A Lucid Interval," which appeared in American Scientist in 2003. As he explains, the issue had to do with the way the Patriot kept track of time. Though, as Hayes pointed out, the 1991 version of the Patriot was far from perfect, the Dahrahn, Saudi Arabia fatalities served as a sobering object lesson in software implementations of mathematical algorithms. Hayes goes on to make specific observations about calculating with intervals.
Yet to characterize this failure as a bug or programming lapse misses a larger point.
This failure can be seen as boneheaded software management. The case can be made that the problem is better traced to a framework flaw. As one reader of the recent article pointed out, the programming language ADA was designed to, among its other reliability objectives, specifically address this area of potential failure in embedded systems. More to the point, a suitable test framework would have detected the flaw, using the same compilers used in the Patriot and without impugning the skills of the Patriot developer team, who may we have excelled in other aspects of that complex software project.
An example of software that addresses the issue of precision directly is Mathematica. According to its manufacturer, "Mathematica keeps track of the precision of its numerical results automatically throughout each calculation and adjusts its internal algorithms as needed to provide the precision you require."
The body of software test knowledge is mature. It's ripe for picking by software and project managers, who deserve more of the derision from glitch reporters than they typically receive.
Patriot MIM-104 photo via Wikipedia Commons