Another Microsoft Triumph, 2007-09-30

CLOates
30 September 2007
Norman, Oklahoma, USA.

Another Microsoft Triumph

Lanny Grade, a fellow alumnus of Organon Teknika Corp. / bioMérieux USA, sent me news of Microsoft's latest computational triumph this afternoon. You can check out the Excel spreadsheet's latest arithmetic blunder at http://www.foxnews.com/story/0,2933,298510,00.html . Doubtless there will be a No Goofyware Left Behind program instituted soon.

The problem reminded me of a similar, but somewhat more explosive situation I encountered ages ago when I worked for the Air Force as a silly-vilian Industrial/Systems Engineer and automated test equipment programmer. My reply to Lanny's news is quoted below.
____________________________

Lanny,

Ah, the joy of Gates' Goofyware!

If I had a nickel for every time somebody's done something stupid at 65,535 [2 to the 16^th power – 1 , all ones in a 16-bit electronic register], I'd retire and count my nickels. Back in the dinosaur days, c. 1976, the good folks in the engine test cells at a local Air Force facility burned up a very serviceable $3 megabuck Allison/Rolls-Royce TF-41 turbojet engine by using an automated throttle control that didn't know the difference between -0.1° power lever angle and +6,5535.0°PLA. The Air Force, for some reason, usually takes a very dim view of burning up its jet engines, particularly while they're being calibrated and tested following overhaul. This incident was no exception.

The cause: test operators took over a test manually and hit the Chop Power [emergency shutdown] button on an automated throttle control for an engine they correctly believed to be in thermal runaway. Unbeknownst to the operators, the Control Data computer (my baby) that was monitoring the test had already detected the over-temperature condition and had executed the command "decrement [subtract 1 from] the PLA until it reads 0°, FAST." Alas, the hapless automated throttle responded to the Chop Power button by issuing one more decrement PLA command to itself and, seeing 0.0° PLA decremented by one (tenth of a degree), set an internal register to all ones, a proper representation of -1 (-0.1° PLA) in signed binary. The module of the government–supplied throttle controller that actually issued the pulses to the engine's throttle stepper motor took "all ones" to be an unsigned binary integer, meaning "set thePLA to +6,5535.0°." Before anyone could intervene, the power lever went all the way to the top (military power), and the engine's temperature went through the roof, as did a good many pieces of the engine itself after a few seconds. Fortunately, the very thick reinforced concrete walls of the test cell contained the resulting chaos quite well, and no one was hurt.

The incident investigation lasted two or three years. I didn't know the Air Force HAD that many colonels and generals, but I found out in a hurry. We reached a point where we didn't even look up if a blue-suit colonel came in the office, and weren't really too impressed until at least a major general (Air Logistics Center Commander and/or his peers or superiors) showed up. You've never lived until you've tried explaining the above to a very senior Air Force officer. Fortunately, those guys and gals didn't get birds and stars on their shoulders by being stupid, and it was possible—but not easy—to communicate enough information for them to understand what had gone on.

Epilog. The investigation board correctly determined that the incident was caused by multiple interpretations of the same data within the automated throttle control. The device was reprogrammed by its butter-bar lieutenant, cub-engineer progenitor at San Antonio (Kelly AFB , R.I.P.) and returned to service. We all lived fairly happily thereafter.

For once, I think I actually sympathize a little with Rich Billy Gates and his galaxy of Goofyware.

Yours for more correct-er computation,

Chuck
(a.k.a. Prof. Oates)