Information Technology Reference
In-Depth Information
Software is playing an ever-larger role in system functionality [23]. There are several
reasons why hardware controllers are being replaced by microprocessors controlled by
software. Software controllers are faster. They can perform more sophisticated functions,
taking more input data into account. They cost less, use less energy, and do not wear out.
Unfortunately, while hardware controllers have a reputation for high reliability, the same
cannot be said for their software replacements.
Most embedded systems are also
real-time systems
: computers that process data
from sensors as events occur. The microprocessor that controls the air bags in a modern
automobile is a real-time system, because it must instantly react to readings from its
sensors and deploy the air bags at the time of a collision. The microprocessor in a cell
phone is another example of a real-time system that converts electrical signals into radio
waves and vice versa.
This section contains seven examples of computer system failures: the Patriot mis-
sile system used in the Gulf War, the Ariane 5 launch vehicle, AT&T's long-distance
network, NASA's robot missions to Mars, the automated baggage system at Denver In-
ternational Airport, the Tokyo Stock Exchange, and direct recording electronic voting
machines. These are all examples of embedded, real-time systems. In every case at least
part of the failure was due to errors in the software component of the system. Studying
these errors provides important lessons for anyone involved in the development of an
embedded system.
The Patriot missile system was originally designed by the US Army to shoot down air-
planes. In the 1991 Gulf War, the Army put the Patriot missile system to work defending
against Scud missiles launched at Israel and Saudi Arabia.
At the end of the Gulf War, the Army claimed the Patriot missile defense system had
been 95 percent effective at destroying incoming Scud missiles. Later analyses showed
that perhaps as few as 9 percent of the Scuds were actually destroyed by Patriot missiles.
As it turns out, many Scuds simply fell apart as they approached their targets—their
destruction had nothing at all to do with the Patriot missiles launched at them.
The most significant failure of the Patriot missile system occurred during the night
of February 25, 1991, when a Scud missile fired from Iraq hit a US Army barracks in
Dhahran, Saudi Arabia, killing 28 soldiers. The Patriot missile battery defending the area
never even fired at the incoming Scud.
Mississippi congressman Howard Wolpe asked the General Accounting Office
(GAO) to investigate this incident. The GAO report traced the failure of the Patriot
system to a software error (Figure 8.2). The missile battery did detect the incoming Scud
missile as it came over the horizon. However, in order to prevent the system from re-
sponding to false alarms, the computer was programmed to check multiple times for
the presence of the missile. The computer predicted the flight path of the incoming mis-
sile, directed the radar to focus in on that area, and scanned a segment of the radar
signal, called a range gate, for the target. In this case the program scanned the wrong
range gate. Since it did not detect the Scud, it did not fire the Patriot missile.
