Floating-point pitfalls: the Patriot missile failure

What you are seeing: Dhahran, 25 February 1991. A Patriot battery counts time in 0.1 s ticks and multiplies by a 24-bit fixed-point copy of $0.1$. Since $0.1$ is not exact in binary, chopping it to 24 bits gives $209715/2097152 = 0.0999999046\ldots$, so every tick is short by $\approx 9.5\times10^{-8}$ s. The error is never reset while the battery is powered, so it accumulates linearly. After about 100 hours of uptime the clock is off by $\approx 0.34$ s.

The radar places its range gate (where it expects the tracked target on the next sweep) using that clock. Multiply the time error by the Scud closing speed ($\approx 1676$ m/s, Mach 5) and the gate is displaced by roughly half a kilometre. The incoming Scud falls outside the gate, the track is dropped, no interceptor is fired. Drag uptime up and watch the gate walk off the target; toggle the patched software to see the drift vanish.