Building safer automotive electronics systems
In this week’s Embedded Tech Focus newsletter, the topic is “Toyota and the challenge of safer auto software.” In it I have pulled together a roundup of the news, analysis and technical coverage of this topic as it relates to Toyota’s troubles not only recently but over the last two or more years.
Included is the just published report on the Camry case from Junko Yoshida that has a partial transcript of testimony from one of the expert witnesses in the case, Michael Barr, former editor-in-chief of Embedded.com and a regular contributor of blogs to the site, including several relating to the ongoing Toyota software problems including: ”Toyota’s accelerator stuck on a soft bug?” and “Unintended acceleration and other embedded software bugs.”
It is somewhat ironic that automotive software safety is being questioned in the wake of the successive Toyota problems, as this is the industry that has made the most serious efforts in that direction, developing such standards as AUTOSAR and MISRA C/C++ to ensure that code development for use in vehicles is as safe as can be.
As noted by Mark Pitchford and Bill St. Clair in “A coding standards survey,” almost every industry that is developing standards for software safety has looked to what the automotive industry is doing as far as safety standards is concerned.
What makes the case all the more puzzling is that there are a number of powerful tools and methods to help developers. In addition to some of the design articles included in the newsletter about some of these tools and methodologies, several others that I recommend include:
Is it time for another look at how we build safety-critical embedded systems?
Applying Bayesian belief networks to fault tree analysis of safety critical software
Moving model-based development into safety-critical embedded applications
Build Safety-Critical Designs with UML-based Fault Tree Analysis
Despite the continuing introduction of tools and standards to make development of software for use in the automobile safer, there are many doubts that the challenge is even achievable. Jack Ganssle, for one, in “Safety is hard,” is rather pessimistic: “Building a safe system requires a level of systems thinking that may be impossible.” Dean Psiropoulos in “Does computer overload threaten automotive safety?” takes the point of view that there is not only too much software, but too much computer-based functionality in the auto. He states flatly that in any auto he drives there are three things that should NOT be controlled by computer: throttle, steering and brakes.
“If I were a greedy, sadistic person, I would be egging the auto companies on, just waiting for the carnage so that I could make a bunch of money testifying in court against their obsession with the embedded computer controller,” he writes. “But I'm not. I'd much rather see them come to their senses before lots of folks get hurt. Enough is enough.”
Compared to either of them, I am probably an extreme case. Based on my experience writing about the bloodbath of accidents on the highways each week while covering the California Highway Patrol early in my life as a journalist I have not purchased any automobile later than about 1995 precisely because of the concerns raised by Dean. I am also not all that enthused about automotive infotainment systems.
All my truck has in the way of infotainment is a knob controlled radio, which is so underused that the knob has fallen off the dial and I have not replaced it. The reason: when driving even at a safe 30 or 60 miles an hour, the combination of the weight of the car and the forces of momentum will turn the slightest mistake in judgment into a bloody mess.
And the fact that the automobile has become the newest consumer electronics opportunity does not make me optimistic about their safety even if we eliminate computer control from the throttle, steering and brakes.
Embedded.com Site Editor Bernard Cole is also editor of the twice-a-week Embedded.com newsletters as well as a partner in the TechRite Associates editorial services consultancy. He welcomes your feedback. Send an email to firstname.lastname@example.org, or call 928-525-9087.