"John R. Strohm" a �crit dans le message de news: > This is from memory, twelve years ago. > > Operation Desert Storm, near the end of the party, when Saddam Hussein was > lobbing Scuds and the U.S. was going crazy trying to find all of his Scud > launchers. Incoming Scud detected, Patriot failed to engage, missile hit, > destroying (as I recall) a warehouse tent or a barracks tent, killing some > twenty troops. Investigation showed that a timer had overflowed. The > Patriot system designers assumed that the system would never be operated for > more than a few hours at a time, and the timer couldn't overflow in that > time. This particular one had been up for several days. > My memory is slightly different. I think the problem was that time was represented as a floating point value, not fixed point. As a consequence, the absolute error increased as time went by, leading to more and more imprecise trajectory computations. The engineers were aware of the problem, and hence required a daily reboot of the system, but of course it was a bit hard to understand for a military on-the-field... The main error (IMHO) was to represent time as a floating point, I always argue it must always be represented as a fixed point. It is possible even if your language does not provide predefined fixed points, it's just more work. Now, it can be argued that this error would have been less likely in Ada, since Ada provides fixed point types, and the programmers would have been less tempted of using floats. -- --------------------------------------------------------- J-P. Rosen (rosen@adalog.fr) Visit Adalog's web site at http://www.adalog.fr