Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why Computers Suck At Math

Posted by Soulskill on from the must-be-lit-majors dept.

antdude writes "This TechRadar article explains why computers suck at math, and how simple calculations can be a matter of life and death, like in the case of a Patriot defense system failing to take down a Scud missile attack: 'The calculation of where to look for confirmation of an incoming missile requires knowledge of the system time, which is stored as the number of 0.1-second ticks since the system was started up. Unfortunately, 0.1 seconds cannot be expressed accurately as a binary number, so when it's shoehorned into a 24-bit register — as used in the Patriot system — it's out by a tiny amount. But all these tiny amounts add up. At the time of the missile attack, the system had been running for about 100 hours, or 3,600,000 ticks to be more specific. Multiplying this count by the tiny error led to a total error of 0.3433 seconds, during which time the Scud missile would cover 687m. The radar looked in the wrong place to receive a confirmation and saw no target. Accordingly no missile was launched to intercept the incoming Scud — and 28 people paid with their lives.'"

85 of 626 comments (clear)

  1. Poor QA by slifox · · Score: 5, Insightful

    It's pretty pathetic and negligent that software that controls explosive missles was not tested for over 100 hours of operation. That's a standard Quality Assurance procedure for even the simplest low-budget hardware...

    It's also pretty pathetic that the system designers implemented a broken design and did not foresee this problem. High-resolution timekeeping has been accomplished pretty successfully already...

    I wonder how much time and money was spent in research and development for this thing
    It doesn't seem like we're getting a quality product for the likely huge sum that was paid for it...

    1. Re:Poor QA by Anonymous Coward · · Score: 5, Informative

      What Every Computer Scientist Should Know About Floating-Point Arithmetic

    2. Re:Poor QA by Anonymous Coward · · Score: 5, Informative

      This particular story took place in 1991, and most of the code for Patriot was written in the 70s - needless to say, software QA was a little more lax back then. The fix for this problem was out a couple days after the incident.

    3. Re:Poor QA by betterunixthanunix · · Score: 2, Informative

      I want to know who programmed a system that allowed floating point errors to accumulate over time in a critical calculation. I hope they did not receive a degree in computer science, or that if they did, it was not from my alma mater.

      Seriously, what programmer has not heard of floating point errors? That has to be one of the most common phrases I have ever heard in relation to programming; even the EEs and MEs I have met are familiar with the concept.

      --
      Palm trees and 8
    4. Re:Poor QA by commodore64_love · · Score: 4, Informative

      >>>It's also pretty pathetic that the system designers implemented a broken design and did not foresee this problem. High-resolution timekeeping has been accomplished pretty successfully already...

      I sorry.

      j/k.

      We had a similar problem with an Aegis design, and it was a major headache for us Hardware engineers to try to convince the Systems Engineers that counting in Binary time was more logical than counting in 0.1 second increments. The SEs kept insisting that their computers at home accurately count in seconds and we hardware engineers should be able too. The HE manager and the SE manager were butting heads for about a month over this issue, until finally an upper-level manager handed-down a decision in favor of the HE manager and binary-based counting/requirements documentation.

      I guess in the Patriot situation, the decision went in the opposite direction. Hence errors we introduced.

      --
      "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
    5. Re:Poor QA by Stele · · Score: 4, Funny

      I guess in the Patriot situation, the decision went in the opposite direction. Hence errors we introduced.

      Ah, so you're the one responsible!

    6. Re:Poor QA by Anonymous Coward · · Score: 5, Interesting

      Hindsight is almost 20/20. Except that the original purpose of the Patriot was to shoot down much slower aircraft, flying parallel to the earth, not ballistic missles. This new use for Patriot was essentially experimental and had had been rushed to war - and in war you run into alot of unexpexcted circumstances. For example, conventional doctrine in the 1980's required Patriots to move constantly on the battlefield to avoid air attack. The clock would then reset when repositioned. No one expected a Patriot in air defense mode to stay stationary for 10 hours let alone 100. But in a missle defense role they did. There is a good GAO report on this.

    7. Re:Poor QA by Rising+Ape · · Score: 3, Insightful

      Seriously, what programmer has not heard of floating point errors?

      I had a similar issue with some code of mine for physics analysis. While I had heard of floating point errors, they're a lot more subtle than it first appears, and I ended up falling victim to one. Fortunately I discovered it before it actually let to any serious problems, it just resulted in wasted time.

      Not everyone with a need for programming has a CS background and enough experience to be aware of all the potential problems. You'd hope that someone working on a missile system would have though.

    8. Re:Poor QA by dbIII · · Score: 4, Insightful

      Oh really? The problem with these systems is that they have never worked in anything other than rigged tests and are just silicon snake oil.
      I remember having this same discussion where there was a story here about some sort of Israeli space lasers that could apparently even shoot down artillery shells. Only a few months after that a very large number of thirty year old rockets dumped at discount price by Iran for being obsolete came flying over the border from Lebanon. Since then a lot of even slower rockets came out of Gaza. The success rate of this amazing new space toy matches that of the Patriot - zero.

    9. Re:Poor QA by OeLeWaPpErKe · · Score: 5, Insightful

      Mod parent up ! This idiotic article blames computers for programmers using numerical approximation algorithms illadvisedly.

      which is stored as the number of 0.1-second ticks since the system was started up. Unfortunately, 0.1 seconds cannot be expressed accurately as a binary number, so when it's shoehorned into a 24-bit register — as used in the Patriot system — it's out by a tiny amount. But all these tiny amounts add up. At the time of the missile attack, the system had been running for about 100 hours, or 3,600,000 ticks to be more specific. Multiplying this count by the tiny error led to a total error of 0.3433 seconds, during which time the Scud missile would cover 687m. The radar looked in the wrong place to receive a confirmation and saw no target. Accordingly no missile was launched to intercept the incoming Scud — and 28 people paid with their lives.'"

      So in a system that should have clocks synchronized to less than a microsecond nobody bothered to run "ntpdate" even once in hundred days ? And surely the military has better clock synch than a stupid home pc ? This is stupidity, also known as "human error", causing those deaths. It's a case of "the correct answer to the wrong question".

      What is always brought up as a "computer problem" is the crash in Paris of a jet due to infighting between the human pilot and the autopilot. Of course, there the ultimate mistake was the pilot's : he had forgotten to turn off the autopilot to land. It was set for cruising altitude (3km), and the pilot was trying to land. This resulted in ever more desperate attempts by the autopilot to get the plane to gain height, which eventually resulted in a total loss of lift for the plane, which naturally resulted in the plane hitting the ground nose-down and a big fireball. The computer did exactly as instructed, it's just that the pilot's (unintentionally given) instructions were stupid, and the fact that it took the pilot over 3 minutes to realize just how stupid he had been.

    10. Re:Poor QA by TheRaven64 · · Score: 4, Informative

      Everybody knows that they exist, fewer people know how to avoid them. Lots of early multimedia frameworks, for example, were written using floating point timestamps and developed this exact problem (add some fraction repeatedly for each audio and each video frame, and after an hour the two tracks are noticeably out of sync). Now, they use a numerator-and-denominator form which is simple to add without rounding errors and so you only get them when you convert to floating point for comparison.

      Even fewer people realise how compiler and hardware dependent they can be. For example, if you do a sequence of floating point operations on x86 then the values will stay in 80-bit registers until they are stored out to a variable. If you compile the same code for a newer machine with SSE or for another architecture then you will get 32-bit operations on your 32-bit floats and so you'll have less precision. A lot of compilers will even generate different precision between debug and release builds.

      --
      I am TheRaven on Soylent News
    11. Re:Poor QA by OeLeWaPpErKe · · Score: 5, Interesting

      The Iron dome system works perfectly. It's just not capable of protecting any kind of large area. It can, however, make a military base invulnerable to rocket fire, and they're working on making the system mobile, to protect tanks. The only real problem left for doing this is the power requirements.

      For ships, another such system exists, and protected the ships perfectly well from those same rockets fired by hizbullah. It's "protection range" ? In the largest deployment about 200 square meters.

      There is also the problem that a downed missile presents. What is a "downed missile" ? Well it's a large collection of very-high speed pieces of metal that have been heated up by a large explosion that's about to crash into the ground. So far so good.

      So what is "the ground" in the case of a hizbullah or hamas missile launch ? Well it's the center of the city that's controlled by the terrorists. It's their human shields. Markets, schools, you name it. So a successfull missile intercept is reported in the press as "Israel fires a rocket into a palestinian kindergarten". That is, by the way, the literal truth, even if the rather important detail of a rocket's presence above said kindergarten is left out. In the deployed missile intercept installations "the ground" is chosen to be something else, like the ocean surface.

      Missile intercept systems are no solution for terrorism. Most unfortunately, the only solution for those rocket attacks is preventing they're fired in the first place. Which obviously requires either palestinians police their own terrorists, or someone does it for them (that's called "occupation").

      These systems work, they are deployed successfully in the field. They're no silver bullets, and any bullet that's fired, whether a missile or a missile-intercept-missile, will eventually hit the ground at rather high speeds. Which makes their use above urban environments result in civilian casualties.

    12. Re:Poor QA by Uzik2 · · Score: 2, Interesting

      Agreed completely!

      Why did this thing not get designed with continuous feedback on position instead of a closed loop with cumulative errors?

      Also, it's not the computer that sucks at math. It's the guy who decided a cheaper programmer was more cost effective than a good one. Turned out not to be a very wise decision.

      --
      -- Programming with boost is like building a house with lego. It's a cool but I wouldn't want to live in it
    13. Re:Poor QA by Hal_Porter · · Score: 5, Insightful

      There is a good GAO report on this.

      This one?

      http://www.fas.org/spp/starwars/gao/im92026.htm

      Wow. People complain about the US government. Still look at the transparency. The GAO wrote a very readable report for the House Of Representatives and now we can all read it on the web. It's not unreasonable to think that the US's vast military superiority over everyone else on the planet is at least in part due to this sort of thing. I don't think any other government would do this - mistakes in the military would just get covered up as state secrets and anyone who tried to talk about them would get locked up or worse.

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
    14. Re:Poor QA by Shinobi · · Score: 4, Insightful

      To be honest, from working in two specialist fields(HPC system level programming and embedded applications(particularly sensor stuff), I've experienced that CompSci grads are more likely than CompEng or EE grads to make errors like this. A large part of it is simply that CompSci nowadays is too high-level and abstract, many of them don't know very much about how computers ACTUALLY work other than as a theoretical model.

      A common remark is "Why should I need to know that, the compiler will take care of it better than I will anyway", completely forgetting that the compiler is only as smart as the programmer who coded it is. So you can get what I ran into with an odd appliance based around the SH-4 processor I was hired to fix some performance problems with. It ran fixed point integer and decimal math, and was ported over from ARM. But it only reached about 25% of maximum theoretical performance, while the ARM reached around 80%. Turns out GCC was at fault, using a generic method that wasn't suitable for the Super-H architecture. And the CompSci had no clue about such things.

    15. Re:Poor QA by dave420 · · Score: 2, Informative

      There was no evidence of them hitting a single target. None.

    16. Re:Poor QA by TCPhotography · · Score: 4, Interesting

      1. The Patriot version used in the Gulf War (round 1) was not designed to be used against Tactical Ballistic Missiles (like SCUDs), but against opposition aircraft. A fighter isn't going to be flying as fast, and thus the error is going to be much smaller, which means the missile would probably still find the plane.

      2. The Patriot has a quite good record against SCUDs (after the software upgrades). Much better than the Soviet SA-2s did against B-52 raids in Vietnam.

      3. Systems don't always work right the first time, and if you do a full on test to start with, and something goes wrong, it's a lot harder to find where the error is than if you test one part at a time.

    17. Re:Poor QA by Alef · · Score: 2, Insightful

      Even if a flawed design would have worked in the intended usage scenarios as you speculate, given the option of writing a correct program and an incorrect program with no significant difference in effort, why would you ever consciously consider choosing the broken solution from the start? This sounds more like plain and simple incompetence to me.

    18. Re:Poor QA by Alef · · Score: 4, Insightful

      I don't think any other government would do this - mistakes in the military would just get covered up as state secrets and anyone who tried to talk about them would get locked up or worse.

      Eh. Forgive me, but do you have any basis whatsoever for this claim, or are you just being arrogant?

    19. Re:Poor QA by Jeppe+Salvesen · · Score: 2, Insightful

      I think the guy has a point (altough he's being a bit nationalistic about it): Transparancy is key in order to learn from mistakes. You can say many different things about the US of A, but the US of A is good at open hearings.

      --

      Stop the brainwash

    20. Re:Poor QA by noidentity · · Score: 3, Interesting

      Even fewer people realise how compiler and hardware dependent they can be. For example, if you do a sequence of floating point operations on x86 then the values will stay in 80-bit registers until they are stored out to a variable. If you compile the same code for a newer machine with SSE or for another architecture then you will get 32-bit operations on your 32-bit floats and so you'll have less precision. A lot of compilers will even generate different precision between debug and release builds.

      I ran into this when someone was using my library with DirectX. I was initializing a filter kernel and using double-precision calculations, but apparently DirectX put the processor in single-precision mode, so all my double-precision calculations weren't done as such. Same compiled code, just a run-time difference. I took the opportunity to improve the algorithm to work even with single-precision floats, which was probably good to do anyway.

    21. Re:Poor QA by SpinyNorman · · Score: 3, Informative

      Someone posted the actual GAO report on this, which makes a bit more sense than the gibberish TechRadar arcticle.

      http://www.fas.org/spp/starwars/gao/im92026.htm

      The way the system is sure it's tracking the target it was given is by predicting where it should be seen next based on speed and diretion, and then only looking for it in a window ("range gate") around that predicted position. The window is a point in space-time and therefore has time coordinates as well as space coordinates, and the problem was that the Patriot system apparently used absolute time since power on to specify the time coordinate, hence the error accumulation. The problem could have been avoided simply by using a time coordinate relative to the last tracked postion rather than an absolute one.

      The GAO report also blames the 24 bit registers of the 1970's era hardware as limiting accuracy which is just garbage. A good excuse to a politician perhaps, but there was nothing stopping them from using a 64 bit, or whatever, math library if that would have helped.

      Of course the Patriot was being used outside of it's original requirements spec when being used to target SCUDs, so it seems someone really screwed up in not reviewing the design beforehand and determining it's limitations (and fixing them) rather than finding out after the fact when 28 people are dead as a result.

    22. Re:Poor QA by Hal_Porter · · Score: 2, Informative

      I think the guy has a point (altough he's being a bit nationalistic about it)

      I'm actually English and I live in Taiwan. I've got no plans to ever live in the US, so it's not really about nationalism.

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
    23. Re:Poor QA by Jeremi · · Score: 5, Insightful

      The computer did exactly as instructed, it's just that the pilot's (unintentionally given) instructions were stupid, and the fact that it took the pilot over 3 minutes to realize just how stupid he had been.

      Sounds like a user interface problem to me. Given the potential consequences of that particular user error, the fact that the autopilot was still engaged should have been made more obvious to the pilot. (e.g. when the plane computer sees that a struggle is going on between the autopilot and the manual controls, it should prompt a loud, un-maskable synthesized voice shouting "THE AUTOPILOT IS ENGAGED, YOU IDIOT!")

      --


      I don't care if it's 90,000 hectares. That lake was not my doing.
    24. Re:Poor QA by Hal_Porter · · Score: 2, Informative

      I don't think any other government would do this - mistakes in the military would just get covered up as state secrets and anyone who tried to talk about them would get locked up or worse.

      Eh. Forgive me, but do you have any basis whatsoever for this claim, or are you just being arrogant?

      In the UK people have been locked up for breaching the official secrets act. Fair enough you may say, but many of them seem to have been guilty more of embarrassing the government than releasing information which hurt national security.

      http://news.bbc.co.uk/2/hi/uk_news/216868.stm

      Now the UK is not particularly bad at this sort of thing. In far less free societies like China people have been executed because they "might" have commented on the health of senior leaders and quoted information which was publicly available. In fact most of the charges against them are never even released -

      http://fairuse.100webcustomers.com/itsonlyfair/latimes0243.html

      The nonconfidential version of the verdict released to the family March 24 reveals only two of eight "top secret" charges, any of which could result in the death penalty. One relates to charges from a witness that Wo "might" have intentionally passed on information about the health of senior leaders to Taiwan, Chen and Michael Rolufs said.

      A second alleges that Wo collected technical information on missiles for the Taiwanese. The other six such charges were not revealed. The verdict also claims Wo received $400,000 from Taiwan.

      Chen seriously doubts that Wo had access to confidential information on senior leaders' health status and notes that the verdict's use of "might" suggests a lack of certainty. On the more serious charge of obtaining technical information on Chinese missiles, the verdict suggests Wo got information from magazines. But these were all from a publicly accessible library, Chen said.

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
    25. Re:Poor QA by Anonymous Coward · · Score: 4, Insightful

      So in a system that should have clocks synchronized to less than a microsecond nobody bothered to run "ntpdate" even once in hundred days ?

      Do you want to be the one to explain to the generals why their stand-alone, truck-based mobile air protection system needs a hard-line network connection to work?

      The real idiocy is here:

      Unfortunately, 0.1 seconds cannot be expressed accurately as a binary number, so when it's shoehorned into a 24-bit register

      Taken charitably, the article writer has oversimplified to the point of obscuring the point. It's perfectly possible to represent a 0.1-second tick in a 24-bit register. There's an overflow about once every 19 days. The problem is doing calculations *with* that number, and that takes knowing what the hell you're doing. Given the problem the system designers were trying to solve with Patriot, this should not have been a problem.

      And surely the military has better clock synch than a stupid home pc ?

      You'd be surprised how hard clock accuracy is to get right, *especially* under military conditions. A drift of 0.3433 seconds over 100 hours works out as an accuracy of 1 part in a million, give or take. Besides, the problem here wasn't clock drift, so it's a irrelevant.

    26. Re:Poor QA by Tacvek · · Score: 4, Informative

      Yes. The issue here sounds like they had a system clock counter that was an integer, that counted the number of 0.1 second clock ticks. Then they wanted to convert this to a floating point number in 24 bit IEEE format, They simply multiplied 0.1 by the integer in the register. Of course, that still sounds like too large an error top have occured from just that, but lets pretend it did.

      There are several issues here. For missiles travelling at such speeds, using a system clock counter based on 0.1 second ticks sounds terribly coarse to me. Second, since 0.1 seconds are the baseline resolution of the system, the system should have been using floating point numbers where '1' corresponds to a decisecond rather than a second. Then the time counter would be exactly expressible in the floating point format.

      Lastly, if the floating point format really needed to be in units of seconds, rather than deciseconds, the time counter should have been loaded in, having an exact representation, then it should be divided by 10, which has an exact representation. This is all prety basic to anybody who has even a limited understanding of floating point. If you understand the inherent precision of every operation even better than I do, even more improvements would be possible.

      But to be honest, I'm not sure why floating point was used at all here. It sounds to me like fixed point may have worked just fine for most of these problems. (Of course, fixed point has its own set of rules ensuring maximal accuracy. )

      --
      Stylish sheet to fix many problems in Slashdot's D3: https://gist.github.com/801524
    27. Re:Poor QA by Entropius · · Score: 2, Insightful

      The US's "vast military superiority over everyone else on the planet" is due to us spending an equally vast amount of cash on our military.

    28. Re:Poor QA by OeLeWaPpErKe · · Score: 4, Insightful

      You missed the third option, which is for the motivation behind the firing of rockets to be removed.

      http://www.youtube.com/watch?v=iNrCMdFoZqQ

      So who do we allow to settle there ?

      The "kingdom of Egypt" (the state of the Farao's) ? (exterminated to the last man by muslims)
      The Hittite Emptre ? (exterminated by the Greeks, Romans, Persians)
      The kingdom of Israel ?
      The Assyrian Empire ?

      Which of these do we restore ? (note that the palestinians, or to be more exact, the arabs only come into play about 4500 years after the Assyrian Empire)

      Which do we restore ? And why do they have more rights than all the others who conquered that piece of land ?

      Note the obvious truth : the Jews controlled Israel about 4300 years before the arabs even left their tiny province ...

      What if some Greek starts firing rockets at the Arabs ? Will you tell them to leave ? He has at least as much right to Israel as they do ? What if the Jews start firing rockets into Jordan (territory that was part of the kingdom of Israel) ?

      And of course, you shouldn't count out yourself. You're an Indo-European living in America. It seems hypocritical in the extreme to tell others to leave conquered lands. Your province of origin is northwestern Iran, every other place on this earth indoeuropeans live (including Europe), is obviously conquered from someone else.

      So when will you give the good example ?

    29. Re:Poor QA by 19thNervousBreakdown · · Score: 2, Informative

      Yup. This, combined with the parent's note about high-resolution timing shouldn't have even gotten past the first programmer to write the code. The instant they wrote a line of code that depended on timekeeping that precise, there should have been a review of the time system, or rather before, that should have been thought of in the design phase. And as for floating-point errors, any programmer that isn't aware of those issues needs to be writing ... fuck, I don't even know. Something that doesn't use floating-point numbers I guess. Why the Christ they were repeatedly adding floating-point numbers is beyond me, 99.1% of the time it's possible to either do a direct calculation or do a "resync" of some sort, and for the 0.899999998% of the rest of the time, you can use an arbitrary-precision number library, or a rational number library, or (very) carefully look at the rounding algorithm, or any number of other ways around the issue.

      Anyway, this should have been caught at pretty much every layer, and whoever missed it shouldn't be in the business. Blech.

      --
      <xml><I><am><so><damn>Web 2.0</damn></so></am></I></xml>
    30. Re:Poor QA by Jeremy+Erwin · · Score: 2, Insightful

      Are you sure that the computer was even capable of IEEE floating point? wikipedia suggests that the computer used a 24 bit word.

      Although IEEE 854 float uses a 23 bit mantissa, 8 bit exponent and a sign bit, the wcc might well have used a proprietary scheme.

    31. Re:Poor QA by Neoprofin · · Score: 3, Informative

      One of the other results (the first one that comes up for me actually) claims that in testimony presented to Congress Postol's methodology was called out as flawed based on the fact that three or eight Patriots were launched at every incoming missle and his video analysis is done per interceptor fired completely ignoring the massive odds against more than one interceptor making a hit. The Isreali's independent analysis puts the success rate at 50%.

    32. Re:Poor QA by danlip · · Score: 4, Insightful

      The computer did exactly as instructed, it's just that the pilot's (unintentionally given) instructions were stupid, and the fact that it took the pilot over 3 minutes to realize just how stupid he had been.

      Sounds like a user interface problem to me. Given the potential consequences of that particular user error, the fact that the autopilot was still engaged should have been made more obvious to the pilot. (e.g. when the plane computer sees that a struggle is going on between the autopilot and the manual controls, it should prompt a loud, un-maskable synthesized voice shouting "THE AUTOPILOT IS ENGAGED, YOU IDIOT!")

      Or if the pilot is pushing hard on the stick the autopilot should disengage (with loud alarms).
      If I tap on the breaks in my car the cruise control disengages, it does not fight me.
      - Dan

    33. Re:Poor QA by OeLeWaPpErKe · · Score: 2, Insightful

      If you knew more about the Middle Ages, maybe you'd understand that the population did not move so much as changed religion over the centuries.

      No offence, but you really should read a bit about Arab history, and pay attention to just how much ethnic cleansings these people comitted. The population of Europe, you are correct, did indeed merely change religion ("mostly", as there was certainly no shortage of armed conflicts, though they declined over time. Slowly). The population of the middle east was eradicated, several times in fact. Everywhere, muslims have always created conflicts along ethnic lines, even with "fellow muslims" (google "Sudan" or "Darfur", and note just how racist any brotherhood islam supposedly provides really is. And to tell the truth, just walk into a European city and look for a few Turks and a few Moroccans, and note how much they like eachother. See for yourself).

      After researching arab/islamic history, any reasonable person would seriously ask himself what exactly is so terribly remarkable about this German guy from WWII (and don't google "aymin al-husseini", it will not improve your view of these people).

    34. Re:Poor QA by Shihar · · Score: 2, Interesting

      The problem with the Palestine / Israel issue is that Israel is not working towards any solution. What is Israel's long term solution? Have sovereign absolute rule over a few million people in a prison that their citizens can, at will, and with army backing, snatch up pieces for settlement? Oh yeah, that is going to work out. Palestinians either need to be sovereign or citizens of Israel. Israel needs to pick one because the keeping a ghetto of nationless people method isn't working.

      Don't get me wrong. I am sympathetic to Israel in many regards, but they have fucked up the Palestinian issue with epic skills since 1967 onwards. Instead of immediate developing and executing a plan to 'deal with' the conquered land either through integration or by creating a sovereign democracy they opted to basically imprison a few million people form now until the end of time. It should come as a "no shit Sherlock" that 40+ years later these nationless people are pissed.

      Israel needs to rip a page out of the American handbook on imperil power. If your flatten another nation you have three options.

      1) You can integrate them into your nation as citizens and give them some level of enfranchisement as they did to Native Americans, Hawaiians, and Mexicans. This is not a basket of roses method, but as pissed as Hawaiians might occasionally be, I haven't seen many draw weapons or plant bombs.

      2) You could commit to rebuilding a conquered nation more or less in your own image, as the US did in Germany, Japan, South Korea, and Bosnia. This is expensive, but when it works everyone leaves the table more or less happy.

      3) Leave, stop trying to kick over their government with bombs, and accept the fact that these people are going to hate you for what you have done for a while and that only time is going to heal. This was done with Mexico, Vietnam, Haiti, North Korea, Lebanon, half of south America, etc.

    35. Re:Poor QA by Idiomatick · · Score: 4, Interesting

      Uhh hezbolah was created to defend lebanon in the 80s after israel killed thousands of lebanese and occupied a good chunk of it.

      The last fight between them happened in 2006. Hezbolah kidnapped a few SOLDIERs to trade for PoWs (a common thing since israel has a shit ton of prisoners).

      Israel responded by sending in an army many 100s of times larger than lebanon's they bombed many buildings including hospitals, school, UN bunkers and apartment buildings. Hezbolah fired rockets back to show resistance.

      In the end Israel killed 1200 civilians, 300soldiers, and a significant percentage of the countries economy. Hezbolah killed 120soldiers, 40civilians. Notice the fucking difference in ratios. Oh and the whole time hezbolah conducted rescue missions, gave out food and helped transport people to safety. So fuck off.

      Also: "Hezbollah is now also a major provider of social services, which operate schools, hospitals, and agricultural services for thousands of Lebanese Shiites, and plays a significant force in Lebanese politics.".

      Also hezbolah states that they distinguish between zionists and jewish. Their stated reason for firing rockets is continued resistance against israeli attacks and to put an end to any colonial entity within lebanon. NOT kill jews.

      How the fuck parent got modded up is beyond me. Every single point is a verifiable falsehood.

    36. Re:Poor QA by ckaminski · · Score: 2, Interesting

      What I find deplorable is how the US propagadizes about supporting Democratic regimes, but when the Palestinians elected Hamas to power, we refused to have any dealings with them. Talk about fucking hypocritical (spoken as a lifelong US citizen).

  2. Curse of binary floating point by Carewolf · · Score: 5, Insightful

    Use decimal floating point or simple swich to fixed point. Fixed point not used as often as it should, and many developers don't know how difficult ordinary floiting point really is.

    1. Re:Curse of binary floating point by RichardJenkins · · Score: 2, Insightful

      Indeed, this seems more like naive design decisions than computers sucking at math.

    2. Re:Curse of binary floating point by Carewolf · · Score: 5, Informative

      Fixed point never rounds when operating in the range and precision for which it is designed. In this case they needed a precision of .1, using INT/10 would be 100% accurate and never give them any rounding errors for this use case.

      So, in other words: You are wrong, and should probably considering using fixed point more.

    3. Re:Curse of binary floating point by Carewolf · · Score: 3, Informative

      With fixed point you can choice the basis of the fraction part. A binary fixed point would not help them, but a decimal fixed point of /10 or /100 would. The algrebra of fixed point is the same no matter what base you choice. This means it is fastest way to get decimal based fraction instead of binary fractions (decimal floating point is best with hardware support).

    4. Re:Curse of binary floating point by noidentity · · Score: 4, Insightful

      Unfortunately, 0.1 seconds cannot be expressed accurately as a binary number, so when it's shoehorned into a 24-bit register -- as used in the Patriot system -- it's out by a tiny amount.

      Sorry, 0.1 seconds can be represented EXACTLY in such a system. It doesn't even need floating-point. Here is how such a system could represent the durations of 0.1 seconds, 25.7 seconds, and 123.4 seconds: 1, 257, and 1234. So like you say, fixed-point works here. No need for anything beyond integers in this case.

    5. Re:Curse of binary floating point by PhilHibbs · · Score: 4, Informative

      Well, in this specific instance a decimal system would have been ok, but it isn't a general answer. The general answer is "make sure your increments are divisible into your number base", if they had used 1/8th or 1/16ths of a second, or even 3/32 of a second, as their timer increment then they would not have had this problem. There's no reason why 1/10th of a second has any magic properties.

      In general terms, all number bases have other number bases with which they are incompatible. The inability of binary to represent 1/10 accurately is just the same as the inability of decimal to represent 1/3 accurately. It's only because we use decimal all the time that we overlook decimal's shortcomings (or instinctively compensate for or avoid them) and then blame computers for binary's incompatibility with decimal.

    6. Re:Curse of binary floating point by ceoyoyo · · Score: 2, Interesting

      Or just keep track of things in increments that make sense in binary. 0.1 seconds is arbitrarily chosen to be nice number in decimal. They should have chosen an arbitrary time interval that is a nice interval in binary, the base they were actually using.

      This article isn't about how computers suck at math, it's about how people suck at math.

    7. Re:Curse of binary floating point by pz · · Score: 2, Insightful

      Well, in this specific instance a decimal system would have been ok, but it isn't a general answer. The general answer is "make sure your increments are divisible into your number base" . . .

      Close. Very close. The general answer is no matter what base you select for time, distance, or any other metric that might accumulate errors, be certain to (a) perform a careful error analysis, (b) include some additional safeguard to control the error if there are potentially large downstream effects.

      Just because these computers counted in, say INT/10, and therefore could represent 0.1 seconds exactly does not mean, for example, that the timebase used to drive that counting was accurate and stable. Errors could still accumulate, although probably in a different modality.

      Kids, long-term error analysis is HARD. Errors creep in through unlikely paths, even when you think you've been super careful as suggested by the parent post. While selecting a good numeric representation helps in controlling error accumulation, it is not a panacea.

      --

      Put my fist through my alarm clock with its ding-dong death inside my ear. - The Blackjacks.
    8. Re:Curse of binary floating point by sulimma · · Score: 3, Interesting

      I believe that the problem was not that 0.1s could not be represented. After all, the article states that there were 0.1s ticks and they likely counted ticks as integers. No problem there.
      However, I gues that 0.1s was no integer multiple of the system clock. If for example the tick should occur after 6,666,666.67 clock cycles, the system likely emitted a tick after 6,666,667 clock cycles. Such a system would accumulate 3.3 clock cycles of error each second.

      The solution is to keep an explicit error term: Use Bresenhams line drawing algorithm. Imagine drawing a line where X are the clock cycles and Y are the ticks. Minimum error integer algorithms are known for decades for this problem and Bresenham is a very elegant one.

    9. Re:Curse of binary floating point by RegularFry · · Score: 2, Informative

      Ok, now go and read the article. The Patriot bug was a problem with fixed point maths. The Ariane bug was integer overflow. The Intel FPU bug was caused by a production error with nothing to do with the arithmetic actually being performed.

      --
      Reality is the ultimate Rorschach.
  3. Fixed point numbers? by Big_Mamma · · Score: 5, Insightful

    Use fixed point numbers? You know, in financial apps, you never store things as floating points, use cents or 1/1000th dollars instead!

    Computers don't suck at math, those programmers do. You can get any precision mathematics on even 8 bit processors, most of the time compilers will figure out everything for you just fine. If you really have to use 24 bits counters with 0.1s precision, you *know* that your timer will wrap around every 466 hours, just issue a warning to reboot every 10 days or auto reboot when it overflows.

    1. Re:Fixed point numbers? by DarkOx · · Score: 2, Insightful

      yea because the missile counter measures failed to fire because the system was doing its scheduled reboot is so much better than the missile counter measures failed to fire because of timer precision

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    2. Re:Fixed point numbers? by dr_wheel · · Score: 2, Interesting

      yea because the missile counter measures failed to fire because the system was doing its scheduled reboot is so much better than the missile counter measures failed to fire because of timer precision

      The OP's suggestion for scheduled reboots could be solved by having redundant systems, no? System X comes up at 0 hour mark, System Y comes up at 233 hour mark. System X switches to System Y and reboots at 466 hour mark; System Y only has 233 hours uptime.

  4. Stupid article, too by hellfire · · Score: 5, Insightful

    Translation: computers are only as smart as the people programming them... and there's plenty of stupid people out there.

    We knew this. This is no great revelation. So why is this news?

    --

    "All great wisdom is contained in .signature files"

  5. What?! by jointm1k · · Score: 5, Insightful

    of 0.1-second ticks since the system was started up. Unfortunately, 0.1 seconds cannot be expressed accurately as a binary number, so when it's shoehorned into a 24-bit register

    All they had to do is use integers, where a value of 1 represents 0.1 s.

    --
    You know it makes sense, a little reminder from jointm1k.
  6. Practical Analysis by mseeger · · Score: 2, Informative

    The problem seems to be right out of the textbook for "Practical Analysis" (not sure if this is the correct translation for the german "Praktische Analysis"). This was a nandatory course for every computer science degree during my university time (20 years ago). Don't know if this is still the case. It was an eye opener to see how correct formulas and a perfectly working computer could yield absurd results. Several times i was asked for help by people claiming their Excel was broken due to such mistakes.

    CU, Martin

  7. "User error"? by wisebabo · · Score: 4, Informative

    I actually read about this specific incidence once; I seem to remember (though honestly not sure) that the design flaw was known and the user manual indicated that the computer needed to be reset every 36 hours. However, in wartime, under attack (there were frequent Scud intercepts), the crew controlling the missile battery opted against shutting it down if even for short time. Maybe even though the manual said it SHOULD be rebooted it did not explain WHY or what the consequences would be.

    1. Re:"User error"? by betterunixthanunix · · Score: 5, Insightful

      So they designed a system that accumulated rounding errors over time, and their solution was to ask the system's users to reboot the system every so often? Somehow, that does not add to my sympathy for these programmers...

      --
      Palm trees and 8
    2. Re:"User error"? by Joce640k · · Score: 4, Insightful

      I'm calling "Horsepoo" on the whole story.

      a) If they knew enough about it to put "reboot every 36 hours" in the manual they knew enough to fix it.

      b) According to the summary, 36 hours would still be a complete miss (a third of 687 meters is still 229)

      c) A fixed point integer (32 bits) can mark tenths of seconds with complete accuracy for over 13 years.

      d) Leaving aside a,b and c, the story still doesn't make any sense. The system would start the calculation the moment it saw the missile, not 100 hours before it appeared on the radar.

      Now ... at the speed of a scud missile (mach 5 if google serves me), it may be that an accuracy of 1/10th second isn't enough to compute the trajectory accurately enough to intercept it. At that speed you might need 10,000th second resolution or whatever. *That* would be believable (but unlikely - the designers would have to be complete idiots).

      The rest of the article? Yawn. It's the same old recycled story we've been seeing since the 1970s (those of us who are old enough).

      --
      No sig today...
    3. Re:"User error"? by Dr.+Evil · · Score: 2, Interesting

      When you write programs which deal with time like this, you never use floating point math. If your required precision is 1/10 of a second, your units are in 1/10 of a second. You do not resort to floating point. I'd probably use 1/100 or go to 64 bit and use 1/10000 of a second. With a high level language, there are better ways to do it of course.

      The reboot hack is a reasonable workaround in the field, as long as the downtime is documented and understood by leadership, and as somebody mentioned, the severity of the problem needs to be communicated to the field. Ship an alarm clock with the launcher, with clear instructions to reboot it and reset the unit when the alarm clock says so.

      The *requirement* of this kind of field maintenance from overstressed people in the field is a bad idea. When writing disaster recovery instructions for fieldwork in normal systems, I like to remind my coworkers...

      "...these instructions are for the *least* qualified admin, three years from now, at 2:00 in the morning, on Christmas, to be able to do this without assistance, with second line management yelling at them, while everyone else is on vacation, partying, or utterly unreachable. They need to be able to find the instructions, and execute them, with a minimum of stress or doubt as to the accuracy of the documentation."

      I've never done military work, but I can just imagine...

      ...the new guy doing shift rotation on the Patriot system at 2am on Christmas, he never got proper training, isn't sure if the last guy rebooted the system, realizes his cell is dead... now there's been talk of heightened awareness. An alarm goes off. There's a sticker next to it. "For the love of all that is holy, Press this button when this alarm goes off!" Does he hit the button?

    4. Re:"User error"? by Sir_Lewk · · Score: 3, Insightful

      Integer arithmetic does not accumulate error, only floating point does that. Now they may have been using floating point, but his point is they should have been using integer arithmetic.

      Had they been doing so, it could have run for 13 years with absolutely no accumulated error.

      --
      "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
  8. don't blame the computer for bad programming by frovingslosh · · Score: 5, Insightful
    It is absurd to blame the computer (or worse, all computers) for what is bad programming. Computers can store a 1/10 of a second perfectly accurately, as long as it is stored in a variable that counts tenths of seconds rather than seconds. It can easily be stored as an integer that way, avoiding any floating point rounding errors.

    There certainly are cases of bad math in computers, particularly Intel computers. But this isn't such an example. This is just a lazy and stupid programmer who didn't understand what he was really doing who should take the blame for the failure that killed people, not the computer.

    --
    I'm an American. I love this country and the freedoms that we used to have.
  9. This problem has been solved since the 1960s by tjstork · · Score: 3, Informative

    I remember this from a numerical methods class in the 1980s. To deal with situations like this, you can do one of three things :

    a) Have a function that you sample as a function of t, so you don't get accumulated error.
    b) Have enough bits so that error won't be an issue. This is actually hard to do because floating point errors do stack up pretty quick if you are not careful.
    c) Or, you can have an error term which you can use to make adjustments along the way to account for a lack of precision. Bresenham's line does that more or less exactly when he does his lines. That's why you had "stair stepping" as the algorithm corrected itself along the way.

    If the OP was correct, then PATRIOT failed because it did none of them. My bet is in reality, they simply underestimated the actual error term, but did everything else correct. This could be because of discrepancies in flight control instrumentation or some sensor, or, they were simply trying to save money on bits and didn't really do the calculation as to how far the missile could be off in an error term length seconds of flight at a particular phase in its flight profile.

    Bottom line is, the engineering discipline exists to solve this problem and is really no different than error handling in any guidance system. Putting a man on the moon, launching an ICBM at target, shooting down a missile, are all essentially the same computer science problem from an error management perspective. The Phd's already nailed this decades ago. There's not a fundamental limitation to computing, in this case, merely, a failure or inability of engineers on this project to apply the correct known answer to this problem.

    --
    This is my sig.
  10. Your tax dollars at work by Herger · · Score: 2, Insightful

    This is not an example of computers sucking at math.

    This is an example of engineers and developers failing to draw up valid requirements, failing to develop to specification, and failing to test against real-world use cases.

    Management undoubtedly shares an equal if not greater portion of the blame here. This is typical military-industrial complex, lowest-bidder contractor mentality at work, just another form of corporate welfare if the government doesn't turn around and punish shortfalls like this.

  11. Re:Didn't read TFA but... by peragrin · · Score: 3, Interesting

    because military computers are 20 years out of date to start with. Heck even the awesome modern land warrior hardware, is 10 years out of tech date. Heck they could probably shave 5 pounds off of the hardware by using modern chips, and displays.

    Military Spec is only good at rugged. up to date with the best is far behind.

    --
    i thought once I was found, but it was only a dream.
  12. Re:retrospective technological excuses by david+duncan+scott · · Score: 5, Insightful

    Regardless, what isn't possible is is to design a system that can accurately track and shoot down missiles in flight. As the Patriot defence system so patently demonstrated.

    You're right. Just as the failure of Samuel Langley's aircraft demonstrated that man would never fly, the failure of an anti-aircraft missile to destroy only half of the ballistic missiles (targets moving at what, twice the speed of the targets it was designed to destroy?) demonstrates that ABM's will never work.

    --

    This next song is very sad. Please clap along. -- Robin Zander

  13. Kind of old news isn't it? by Interoperable · · Score: 2, Insightful

    The article contains some interesting examples but all of which have been in programming texts and courses for years. I'm not really sure why it's on /.

    --
    So if this is the future...where's my jet pack?
  14. Ridiculous. Patriots always win. by writermike · · Score: 3, Funny

    Look, you guys can talk trash all you want, but when you say this:

    >>Patriot defense system failing to take down a Scud missile attack

    You're just lying to yourself. The Patriots defense is awesome this year. I mean, was there really ANY point for the Titans offense to show up a couple of weeks back?

    And the Scuds? C'mon man. They let go their best man two seasons ago. The QB can't hit the broadside of a barn and their entire wide-receiver corp has Jello hands anyway. The missile attack is a gadget play, pure and simple. Belichick sees right through that and you know it.

    Haters need to stop all the hatin' and get on the Pats bus!!!!! GO PATRIOTS!

    --
    If Nalgene water bottles are outlawed, only outlaws will have Nalgene water bottles.
  15. They do exactly that! by gbutler69 · · Score: 2, Interesting

    Each battery has overlapping coverage with its nearest neighbors. A proper deployment has overallping fields of fire in both depth and breadth. Surface-to-Air missile defense involves multiple layers of different systems, each specializing in different ranges: Short Range - things like stingers, Medium Range - things like HAWK, Long-Range - things like Patriot. A proper tactical deployment never relies upon a single battery to provide the sole coverage. The problem here was primarily on of tactical deployment. The technical issues can be argued, but, the real failure was a failure to deploy in tactically correct fashion. They sent a battery or two as a "Show of Force", probably overriding the tactical expertise of the officers involved for political expediency. You have jack-asses like Rumsfeld and Cheney (and their ilk) making military tactical decisions when they are not qualified to do so. The REAL failure here is one of politics.

    --
    Over-the-top Response Guy! Giving "Over-the-Top Responses" since 1970.
  16. Re:Computers are great... when used correctly. by noidentity · · Score: 2, Insightful

    2.0/2.0 != 1 on almost all FPU's today.

    Say what? Citations please. Me thinks one of those 2.0 values isn't really 2.0. Hint: printing a value isn't a good way to get its actual value, because the printing function most likely rounds it to fewer digits than it's actually stored as.

  17. Seriously flawed reporting by SpinyNorman · · Score: 3, Interesting

    There's no way a real-time missile tracking system is going to be dealing with time at an accuracy of 0.1 sec.

    A Patriot missile travels at about Mach 3 (~1000 m/sec) so a rounding error of 0.05, even without any error accumulation, means you'd be off by 50m in position.

    Who knows what the real story is vs the garbage that was reported, but even if there was a cumulative error that's the fault of the programmer rather than a lack of a computers ability to do math. You do your error analysis and use whatever accuracy needed to keep the errors in a tolerable range.

    The part about the system running for 100 hours was pure gibberish. Yes, we can all divide that by 0.1 sec, but what on earth does that have to do with a real-time tracking system tracking a target is acquired a few minutes ago?!

    A better title for the story rather than "computers can't do math" would be "we can't do tech reporting".

    1. Re:Seriously flawed reporting by mybecq · · Score: 2, Insightful

      A Patriot missile travels at about Mach 3 (~1000 m/sec) so a rounding error of 0.05, even without any error accumulation, means you'd be off by 50m in position.

      Perhaps the tracking radar has a 500m field of view at a range of X km (enough distance to launch a Patriot missile). It doesn't look at the target through a keyhole and just has to be in the general vicinity to detect/confirm the incoming Scud.

      How about if you realized that there are two systems in this story?
      1) Radar (0.1 s accuracy)
      2) Patriot missile (launched after target confirmation by Radar)

  18. Re:And this is why... by SpinyNorman · · Score: 4, Insightful

    It's the reporting that's garbage. It makes no sense at all. A system tracking missiles travelling at Mach 3 is keeping track of time to 0.1 sec accuracy?! Do you really believe that? Wanna buy a bridge?

    0.1 sec at Mach 3 is 100m, so you'd have a hope in hell of ever hitting a 3m long target.

    The problem isn't the people working for the defence company, who are hard-core PhDs with some very serious domain knowledge. The problem is people like yourself who are so math illiterate as not to be able to fact check a piece-of-shit story!

  19. Fixed-point math by ArsenneLupin · · Score: 2, Informative

    We had a similar problem with an Aegis design, and it was a major headache for us Hardware engineers to try to convince the Systems Engineers that counting in Binary time was more logical than counting in 0.1 second increments. The SEs kept insisting that their computers at home accurately count in seconds and we hardware engineers should be able too.

    And the software engineers would have been right. The error was not about counting in 0.1 second increments versus 1 second increments or whatever, but it was in using floating point representation where fixed point (basically, scaled integer) would have been more appropriate.

    And come to think of it, that is more or less what most desktop and server OSes do: they count number of milli, micro, or nanoseconds, and store that as an integer.

    Similar issue arises in finance: you don't encode dollar amounts as floating point. Instead you store number of cents (or mils) as integer. Every programmer of financial software knows about this (... or should know about this...)

    Floating point is really only appropriate to represent values which are not known precisely anyways (measurement results), where the little additional rounding error wouldn't matter. For all else, used fixed-point.

  20. Technically.... by CFD339 · · Score: 2, Funny

    ....I believe the aerobatic maneuver you describe is called the "Lawn Dart", and while it has been done many times in aviation history, few pilots have ever succeeded in doing it twice.

    --
    The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
  21. Patriot success rate was likely extremely inflated by neapolitan · · Score: 4, Informative

    I know that I'm arguing with a trolling AC, but for the other readers of slashdot, you should know that the grandparent's post refers to the controversy regarding the analysis of the Patriot system during the first Gulf war. There was a huge propaganda machine behind the Patriot's "successes" which turned out to be very near zero indeed. This was covered in a series of hearings in the early 90's...

    http://www.fas.org/spp/starwars/docops/pl920908.htm

    You can also read up on this from transcripts from the hearings after the war.

    In the interests of fairness, here is a rebuttal / review.

    http://www.fas.org/spp/starwars/docops/zimmerman.htm

    I remain unconvinced -- from reading this (almost 20 years ago) I concluded that at best, the military did not know for sure that these worked well.

    --
    Slashdotter, ID #101. UIDs are in binary, right?
  22. Re:The entire purpose is killing. by publiclurker · · Score: 3, Insightful

    Actually the main purpose is a cost plus fixed profits contract for the weapons manufacturer. Even if no one ever dies on either side of the gun, it's still a success to them.

  23. Re:And this is why... by pruss · · Score: 3, Interesting

    I could see designing the system to synchronize both launch times and observations with a timer tick (it wouldn't be surprising if the whole system was driven by the timer interrupt), and then you're not going to have an error due to the spacing between ticks.

    I am more bit dubious about the 24 bit thing, though. Was it fixed-point or floating-point?

    I don't think it was a float. What would that be? Maybe 16 bit mantissa, 1 bit sign and 7 bit exponent would seem to be the likeliest bet for a 24 bit float. If so, then after about two hours doing t += 0.1 would stop changing t, and the error would be much bigger.

    So presumably it was fixed point. But if you're doing it fixed point, instead of storing x, you store nx in an int, for some appropriate scaling factor n. But if you're going to do that, surely you'll choose n in a smart way, and in this case the obvious choice, as pointed out by many posters, is n=10. This is not only the obvious choice because it gets you more precision, but it's the obvious choice because the easiest, most obvious and most standard way of coding timers is to just increment a register with each tick. It would be silly, for instance, to let n=2^8, and then increment a register with 0.1*2^8 = 0x20. It would be a very unlikely assembly language programmer who would have put an add reg,20h opcode in interrupt hander code when inc reg would have worked.

    Now maybe at some point the timer value would get converted to a float for computations. But that surely wouldn't be a 24-bit float.

    So maybe the article has mangled things and it was not a 24-bit register, but a 32-bit float, with 24-bit mantissa, 7 bit exponent and 1 bit sign, and the "24" in the article came from the mantissa. That's a much more realistic choice. Still, the standard way to handle timers is to just increment a timer variable. So what I could see happening is this. There is a timer system variable t at full 0.1 second precision incremented on interrupt. (That's how PCs used to work--maybe still do--except the timer resolution was 1/30 sec.) Then for their launch calculations, they do: (float32)t / 10. And now they're going to get nasty roundoff errors as the mantissa gets filled up. At the 36 hour point, t is already about 23 bits long. So when you do a float divide by 10, you'll certainly have roundoff problems. But you're still not going to be more than one tick (0.1 sec) off, because each tick still adjusts the mantissa, while the article says they were 0.36 seconds off.

    So I think something got mangled in the article. Or we had a really unlikely assembly language programmer who had floating point code executed with every tick of a timer interrupt. But even if the interrupt is only at 10hz, that's just completely contrary to the instincts of an assembly language programmer. And this would have been done back in the hey-day of assembly language programming, when one would try to optimize every clock cycle one could. (And, yes, I've worked with timer interrupt handlers, both on the Z80 and the 8086.)

  24. READ THE GD ARTICLE by ToasterMonkey · · Score: 4, Insightful

    FTFA:
    "So computers might suck at maths, but there's always a solution available to circumvent their inherent weaknesses. And in that case, it's probably more accurate to say that computer programmers suck at maths - or at least some of them do."

    Thank you, come again.

    So in a system that should have clocks synchronized to less than a microsecond nobody bothered to run "ntpdate" even once in hundred days ?

    Yes, obviously they just needed to ssh into their patriot missile air defense system, edit a few lines in /etc/inet/ntp.conf and svcadm restart ntp.

    The obvious problem in the article, if you read it, is computer's finite precision, and how it is dealt with. By 'computer', the author could have easily included the system libraries that are actually doing all the rounding and overflows instead of implementing arbitrary precision in software.

    Everyone defending the way 'computers' is used in this article, and conflating it with 'processor' is a complete idiot.

    1. Re:READ THE GD ARTICLE by Jane+Q.+Public · · Score: 3, Insightful

      The obvious problem in the article, if you read it, is computer's finite precision, and how it is dealt with. By 'computer', the author could have easily included the system libraries that are actually doing all the rounding and overflows instead of implementing arbitrary precision in software.

      Not at all, since correcting an inappropriate hardware design with software is like fixing an automobile that was designed with square wheels by manually sawing off the corners to make them octagonal instead. You could create a recursive software routine to continue sawing until the wheels were a good approximation of round, but that's an awful lot of sawing to fix something that should have been right in the first place.

      The clock in modern systems is nothing but a hardware register that gets incremented periodically (as correctly described in the article). The ONLY rounding error introduced by software is in converting that number to decimal. But rounding had nothing to do with the problem described. The appropriate solution is a better hardware design, not attempting to patch or correct it in software.

      The problem was error accumulated in the clock register itself due to the imprecision of the clock, and overflows due to the inappropriately small size of the register. Both are hardware issues and represent bad design decisions. They way to fix them is to design the hardware properly in the first place so that it is appropriate for the job at hand.

    2. Re:READ THE GD ARTICLE by Jane+Q.+Public · · Score: 4, Insightful

      I'm obviously not a hardware designer? That's funny. I am not the cluless one here. How about some simple math? Maybe you would learn something.

      A 24-bit register, with clock ticks every 0.1 second, would overflow in less than 20 days. And if the clock ticks were faster, then it would overflow even sooner. No wonder they recommended rebooting the system every few days.

      Of course I do not recommend an infinitely large register. Simply one that is large enough for the job at hand. This one obviously isn't. Further, a 0.1-second resolution clock is obviously not adequate to a job requiring this kind of precision.

      If the hardware clock is off (not overflowed but INACCURATE, which was the real situation here), no amount of software tweaking will properly fix the problem. The article did not state but implied -- incorrectly -- that the clock register was accumulating rounding errors; that is not the case. Nobody makes system clocks that way, nor did they in the 90s or even the 80s. The system clock is nothing but a counter that is incremented every clock tick. The actual problem was that the clock ticks were not sufficiently precise, so over time the count was off. Math libraries and rounding errors played no part whatsoever in that error.

      Finally, I would like to point out that today's standard PC-type system clocks are large enough that they won't overflow for 100 years or so; that is the obvious and proper solution to the overflow problem. The problem of clock ticks that are sufficiently precise for timing of missile navigation, as far as I know, has not been addressed on standard PCs, however, and they do not try to correct for that in software because the adequate precision in the clock simply does not exist. It would amount to tilting at windmills. Keeping a count in software of the number of times the register overflows is also NOT an appropriate solution for a system clock, nor is any software tweak, because software by definition is volatile while the hardware clock is not. In other words, nobody does it that way, dude, because it's just plain the wrong answer.

      As for your final comment, most Unix programmers know what epoch time is, when it started (00:00:00 UTC on 1 January 1970 according to ISO 8601), and when that date will roll over in the counter (approximately 65 YEARS later, so it isn't much of an issue). Nobody is arguing that we should make a missile system that needs to last, unmodified, for over 65 years. But proper hardware design in the first place, which was certainly possible at that time using ASICs if not straight-up custom chips, would have eliminated the problem.

    3. Re:READ THE GD ARTICLE by smallfries · · Score: 2, Informative

      The problem described is not overflow, it is repeated rounding on the imprecise representation of 0.1. The systems failed after 3.6M ticks. In a 24-bit register overflow is not a problem until at least 16.7M ticks. The lowest bound is because this is not an integer register and the article does not describe the size of the exponent. If you check the figures in the article, when the system failed it was out by about three ticks in 3.6M. Overflow causes the representation to suddenly shift to a completely wrong value. Subtle shifts to nearby values are symptomatic of rounding error.

      Rounding is an issue. This particular example is classic textbook stuff and been used in many a software engineering course. Using a 24-bit floating point representation store 0.1. The error will be roughly 1/(2^23). Now repeatedly accumulate this value. The problem occurs because each time the values goes past a power of two boundary in magnitude we need to round the accumulator causing a slight loss of accuracy. Then for each subsequent addition we are adding a less precise representation of 0.1 until they are more likely to round up rather than down.

      The system has three sources of accuracy that anybody with experience in floating arithmetic could have pointed out easily:
      1. The initial representation of 0.1 is off by a tiny amount (very small impact on the final value)
      2. As the accumulator increases in magnitude it's exponent rises, in this case by log_2(3.6M) = 22 places.
      3. The subsequents additions of the small value to the much larger value become increasingly imprecise.

      The problem is not the clock itself, nor some integer accumulation of the time: it is a designer who chose to use a floating point accumulator. Multiplying the representation of 0.1 by the integer number of ticks at each stage would have eliminated the problem. Accumulating 1/8 ticks in floating point would have worked fine. Doing what they did was stupid.

      --
      Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
  25. Re:God yes by symbolic · · Score: 3, Funny

    We even have a modern analog for this - the shift-lock key.

  26. Re:retrospective technological excuses by david+duncan+scott · · Score: 2, Insightful
    OK, we'll go with 0% success. My point is that the failure of any one implementation does not invalidate the concept. Edison tried hundreds of wrong ways to make a light bulb, none of which demonstrated that the light bulb was unworkable.

    Oh, and the Scud hunting in Gulf One was largely an air exercise, as I recall, and of course they went after the launchers. It's always preferable to destroy the enemy on the ground (or in harbor, or asleep in barracks) then when they're incoming. The Japanese didn't bomb Pearl Harbor because it's impractical to sink ships at sea--it's just easier to hit slow- or non-moving targets.

    --

    This next song is very sad. Please clap along. -- Robin Zander

  27. Paid with their lives by sochdot · · Score: 5, Insightful

    I'd just like to point out here that the 28 people were not killed by the failure of the intercept system. They were killed by the nice folks who launched the missile in the first place.

    --
    If at first you don't succeed, destroy all evidence that you tried.
  28. Still alive and well by cdn-programmer · · Score: 3, Interesting

    Crap like this was alive and well when I was in uni and its still alive and well.

    Witness: Limits to Growth written by Meadows et al: http://en.wikipedia.org/wiki/The_Limits_to_Growth

    Consider that book was written in 1972. I was programming computers in 1972. I actually did a course in numerical analysis in 1972 and just re-read the first 10 pages or so. I happen to have read a masters thesis that came out of the Colorado School of Mines where the author stated Meadows' Runge Kutta Numerical Integrations did not converge.

    Yet that book is still often quoted. Its been flawed from the get go. So consider something else! How fast were the machines that Meadows used? How big? What would be the MOST SOPHISTICATED model he could use at the time. How could _anyone_ take seriously predictions made by a primitive model run on such a machine?

    Witness: The current discussion about Global Warming and Climate Change. The change in CO2 over the last 100 years is about 100 ppm if you can believe the data. This is 100/1,000,000 = 0.0001. Now the thing is this. A 32 bit float holds about 6.9 digits of precision. Lets call it 7 digits. If one were to add a whole number of some kind to the fractional change of the CO2 as measured relative to the total gases in the atmosphere then one has 7-4 = 3 digits or less to work with.

    Of course one can use a double precision float. That isn't my point. One has to be an EXPERT in order to avoid huge problems with propagating rounding errors.

    Its not just about pretending computers use base 10 when they don't, its about knowing the actual properties of a number of type float and what the consequences are when we use it.

    In the case of that rocket I suspect the rounding error can be solved by normalizing everything so the time line is not in seconds but is actually in clock ticks... as accurately as they can be determined of course.

    But in my career I have seen so few programmers who can do this that I've never even needed to look at a finger or a toe for something to count on. Nada - never met one.

    I'll give another example. More than one project team that I worked with had no idea how floats even work! To sit there and try to use floats for their Accounts Payable and Accounts Receivable and then say they can't understand why nothing will balance? Arrghh! IMHO its downright incompetence. They needed to use comp which COBOL supported which is base 10 or normalize all their money into pennies and handle the decimal when the data was read in and printed.

  29. "Why most programming languages suck at maths" by DamnStupidElf · · Score: 2, Informative

    LISP, Scheme, Haskell, Mathematica, Maple, and plenty of other languages support arbitrary precision rational numbers as built in types. This fixes all rounding errors involving rational numbers (including fractions). If irrational numbers like pi, e, or transcendental functions are necessary, then there will always be inherent error in the representation and the programmer has to know how to do with that error and calculate the expected error of a sequence of operations. If you want to get fancy, you can use an algebraic language like Mathematica to symbolically solve your equations and maintain perfect accuracy with symbolic representations of irrational and transcendental numbers.

  30. Is this about the incident in the first Iraq war? by RichiH · · Score: 2, Informative

    While I agree that the design decisions which lead to this were poorly made, this error was common knowledge.

    The Patriot system _must_ be restarted every X days, exactly due to this bug. This is documented and everything.

    While the initial error was with the people who created the Patriot system, the soldiers who were assigned to the system were the ones who made sure that a documented bug with a known-good work-around became a loss of life.