Reading back, yes. If the trajectory prediction had been correct, the interceptor would have been launched, giving the dead a chance to have been saved.

Ok, now do that inside the time budget.

ABSOLUTE PILLOCK didn't design, implement or test their system properly.

Bear in mind that the system was engineered to require a reset once every 36 hours to eliminate arithmetic drift, but the operators failed to do so.

There's no excuse for this - it's basic, elementary mathematics and binary manipulation. Some pillock threw a cheap CPU clock and a standard library at a time-critical, life-dependent military problem without even thinking. The programmers should be sacked, the testing teams should be sacked and ANYTHING they've ever created or reviewed should be overhauled to make sure they haven't made even worse mistakes.

Um, no. At best, the trainers and manual writers need re-education. It's their fault for not passing on the equipment maintenance requirements to the end users, who through incorrect action caused the gear to silently fail.

If the OP was correct, then PATRIOT failed because it did none of them. My bet is in reality, they simply underestimated the actual error term, but did everything else correct.

Read this, and take into account that the Patriot system was designed to be reset once every 36 hours to protect against arithmetic drift, but the operators didn't want to switch them off in case a Scud flew over while they were rebooting.

The engineers didn't fail. The manual writers, or the trainers did.

Ariane was a management problem. Patriot was operator error. The Intel bug happened in production.

What was that about programmers again?

Well, it probably does in Patriot's case. I'm sure the designers would have liked not to insist on a reboot every 36 hours, and if they'd had a 32-bit register to do their time calculations in they probably would have been able to push it out to at least a couple of weeks (although I can't be bothered to work out the precise details right now).

The fact that they only had a 24-bit register to work in says a lot about how advanced the gear they were allowed to work with was.

Anyway, whoever manufactured the Patriot, I sort of doubt that the first cause was a bad programmer.

Amen to that. This strikes me as a conscious engineering decision followed by a failure to impress on the end users the consequence of not correctly mantaining their gear.

I would say to RTFA, but it's so badly written that it doesn't make it clear that this is precisely what they did.

The problem is that the system clock was counting in 0.1 second increments, but the targeting maths was being done in units of 1s, and the conversion from one to the other was done with insufficient precision for the operating conditions.

There are more details here.

Use fixed point numbers? You know, in financial apps, you never store things as floating points, use cents or 1/1000th dollars instead!

Computers don't suck at math, those programmers do. You can get any precision mathematics on even 8 bit processors, most of the time compilers will figure out everything for you just fine. If you really have to use 24 bits counters with 0.1s precision, you *know* that your timer will wrap around every 466 hours, just issue a warning to reboot every 10 days or auto reboot when it overflows.

The Patriot designers did precisely this (except it was supposed to be reset every 36 hours, not 10 days), and at least 28 people died as a direct result.

The systems should be redundant anyway, because routine maintenance needs to happen to every system every invented.

Besides, you're underestimating exactly how complicated this "little software fix" is, given the hardware constraints.

Ok, now go and read the article. The Patriot bug was a problem with fixed point maths. The Ariane bug was integer overflow. The Intel FPU bug was caused by a production error with nothing to do with the arithmetic actually being performed.

It's not really a hack so much as required maintenance. I'd be surprised if the tolerance wasn't designed in because processor A with its 24-bit fixed point unit came in under budget whereas processor B with its 48-bit (or whatever) unit didn't. There would still be a required reboot time for processor B, it would just be a longer period.

I should make that a little clearer, perhaps: no matter what the design, there would have to be a periodic resync, and if the quickest and easiest way to do that in the field is a reboot, then I don't see anything wrong with designing that in from the start as long as it's effectively communicated to the users.

The corollary to that is that the people making equipment to protect other people must be smarter. Guess which side of the line the Patriot system falls on?

Details here if you're interested.

Given that the Argentinians didn't actually have any launchers for the Exocets in the first place, it's a bloody miracle any got launched at all. There's no mention of a kill switch anywhere that I can find, and given that they launched all four they had, and all but one are accounted for, the kill switch story sounds unlikely.