Michael Barr, an embedded software expert, talks about the perils of poorly designed software.
Michael Barr hates driving. He said that self-driving cars are the sort of progress he looks forward to. But he quickly adds, with a nervous laugh: "They also make me nervous."
Barr, an embedded software expert and co-founder and CTO of the Barr Group, led the team of engineers who found the software defects that are blamed for incidents of sudden unintended acceleration (SUA) in Toyota cars.
Automotive safety -- and embedded software safety -- is near and dear to Barr's heart.
Barr advises designers of safety-critical systems to not assume that testing can reliably prove absence of bugs or gaps in fail-safes. Conventional testing has proven undependable in spotting low-probability problems, "random events in the electronics, bugs latent in the software and unforeseen gaps through fail-safes."
System safety can't be an afterthought, Barr insists. It must be designed from the very beginning into a system.
Further, he says that "more sunshine" is needed for "informed oversight" and "code confidentiality."
Below is EE Times' interview with Barr. We caught up with him right after his keynote speech.
Agree that testing will only find those faults the test procedure author thought up. There may be any number of fault scenarios this person hadn't thought to test for.
And it's perhaps surprising that until 1975 or so, with the introduction of electronic ignition in cars, any electronics was confined to the car radio. Perhaps one could argue that the alternator, introduced ca. 1965, to replace the previous dynamo, had diodes to rectify the AC. I suppose that qualifies as electronics.
So yeah, obsessing over software safety, or eletronic fail-safe designs in general, is pretty new to the car industry.
One thing, though. I can just hear Toyota saying, "Well, no wonder!" when they read that Michael Barr hates driving. May be unjustifiable, but it seems like a reaction to be expected.
I like the suggestion that the insurance companies are the ones that can be trusted to find out the real bugs in the driverless systems when they are presented with the claims involving cars with such systems.
Since large sums of claim amount are involved the insurance companies will be keen to find out who was at fault .
@prabhakar, with all due respect, asking insurance companies to do the oversight for the automotive industry's complex software issues is misguided. It's like asking the insurance companies to disapprove the new drugs after the fact that the drugs come out and they kill a few people. That is the FDA's job, NOT the insurance companies' job.
@perl_geek, I appreciate your skepticism toward the government agencies. Because, yes, they aren't perfect. But here's the thing. You wouldn't say the same thing to the airline industry, would you? Let the industry build whatever aircrafts they like, and let's wait and see if something goes wrong with that aircraft? Insurance companies would not get involved in investigation of what has gone wrong with that airplane, nor would we want them to do that. Insurance companies might vote with their wallet, but they'd have no ability to probe the cause of any accident, recommend what needs to be fixed, and what procedures or testings need to be followed next.
@junko. Government agencies should be involved in "quality control", investigation and, in egregious cases, punishment.
Where there's an objective event, like a smoking crater, to be investigated, the NTSB and its equivalents are agencies which deserve unqualified admiration for their persistence and professionalism. That's only possible because they are at arm's length from any industry interests. Their sole job is to seek the truth. (One of the FAA's failings is a mixed responsibility to regulate and promote.)
In some cases, such as the nuclear industry, government explicitly protects the industry from financial consequences of disasters. If you are going to have unbiased records, the score-keeper can't have an interest in the results of a team.
An example of confused messages is GM's ignition-key problem. Arbitrary CAFE standards meant GM had to build cars that people didn't want to buy, cheaper than they could afford to sell them. Naturally, they pinched pennies, cut corners, (chose your cliche), and bad stuff happened.
A couple of sufficiently large bankruptcies related to safety deficiencies should concentrate minds wonderfully.
Another refreshing piece of journalism, daring to reveal the facts as the public now has good reason to wonder if a coverup of electronic defects was part of the agenda when Toyota handed over $1.2 billion in payola to end the federal criminal investigation. At least two attorneys, and a TV station in Orlando are saying things quite at odds with what the U.S. Department of Justice reported. It was my pleasure to reference this article in today's blog post, "Government the 'Toyota Way'" http://uc2.blogspot.com/2014/05/government-toyota-way.html
The companies investing for future some times lose their patience and in a way to earn quick buck on their product they release them to market before making the designs are completely safe. In general safe system design requires considering of fail safe mechanism at the blue print level where the system architecture is actually defined.