Breaking News
News & Analysis

Toyota Case: Inside Camry’s Electronic Control Module

10/30/2013 05:15 PM EDT
45 comments
NO RATINGS
1 saves
Page 1 / 6 Next >
More Related Links
View Comments: Oldest First | Newest First | Threaded View
Page 1 / 5   >   >>
Frank Eory
User Rank
CEO
Is all hope lost?
Frank Eory   10/30/2013 6:48:34 PM
NO RATINGS
So to summarize, he seems to be saying:

1. Complex software always has bugs, even latent ones that might rarely if ever show up.

2. No matter how imaginative the team is, they will never be able to think of all those bugs. Some bugs and their consequences will simply never occur to the team members.

3. Safety critical systems should follow standards, but even if they do, random events can still activate latent software bugs and take out the fail safe systems designed to protect against those latent bugs.

Is all hope lost?

LarryM99
User Rank
CEO
Re: Is all hope lost?
LarryM99   10/30/2013 8:12:10 PM
NO RATINGS
It is possible to reduce errors to effectively zero, but it is very hard. Complex will always be less reliable than simple, unless that complexity is focused on reliability (for example, overlapped and crosschecked operation of independent systems). The system (hardware and software) has to be independently verified, since developers have blind spots around their own work. The real issue is that it can't be rushed. Making reliability trump schedule would avoid many problems of this type, but especially recently that is a hard case for engineers to make to management.

rick merritt
User Rank
Author
Re: Is all hope lost?
rick merritt   10/31/2013 12:25:23 AM
NO RATINGS
@Larry: Agreed

vasanth kumar d
User Rank
Manager
Re: Is all hope lost?
vasanth kumar d   10/31/2013 1:26:12 AM
NO RATINGS
Is all hope lost?

Yes.

Infact, the right question must be "Do we really need to hope anything?".

Because, even if we could write a perfect firmware that has zero bugs and failures that results in a perfect car, it ceases to be perfect until some other driver lost control of his vehicle and hits us. If so, the best answer, according to me, is to not hope perfection. The only thing we could do is to try writing better firmware that would result in better systems than that was previously.

cd2012
User Rank
Manager
software for self-driving
cd2012   10/31/2013 7:45:46 AM
NO RATINGS
On a tangent, seeing how difficult it is to write flawless software for a ECU, is there any hope of writing good software for a self-driving car, which is an immensely more difficult problem?

 

Kinnar
User Rank
CEO
Virtually all the cars has this now a days
Kinnar   10/31/2013 8:10:12 AM
NO RATINGS
All the ECU controlled cars has this kind of automated control with manual control provided for the driver, but we can not say that it totally manual. Where ever automation is there these kind of malfunctions are possible. We should be ready for these kind of accidents as now the time is coming up for driver-less autonomous vehicles. God knows about the dependency on machines then afterwards.

KB3001
User Rank
CEO
Re: Is all hope lost?
KB3001   10/31/2013 9:41:14 AM
NO RATINGS
There is no perfect world, all we can do is to make it better and better over time. Complexity is a problem yes, but modular/reuse-based design, agile software development, and continuous improvements can reduce the risk of bugs dramatically.

Jason Cove
User Rank
Rookie
Re: Is all hope lost?
Jason Cove   10/31/2013 9:44:22 AM
NO RATINGS
Exactly there is no perfect things in this world and even though the leading and the finest can do mistakes, the important thing is that they are able to do their best to resolve it. - Aldo Disorbo

rruss
User Rank
Rookie
Responsibility of the DRIVER.
rruss   10/31/2013 10:40:59 AM
NO RATINGS
This article (and all discussions on this subject) seem to ignore the number one safety system in place in all of these fly-by-wire cars, and that is the DRIVER.

For decades, drivers had to deal with the possibility of a stuck throttle.  Were cables worry free?

In all of these supposed run-away cars, there was a transmission which could be mechanically shifted to neutral, and an independent hydraulic braking system which could stop the car, even if the engine was buzzing away at redline.

That doesn't mean the manufacturers shouldn't do their best to build a car that is bug free - but the ultimate responsibility lies with the driver.  If the car does something unexpected, shift it to neutral and stop, period.  If a stuck throttle is something you can't cope with, you probably shouldn't be behind the wheel of a 4,000 lb projectile.

MS243
User Rank
Manager
Re: Responsibility of the DRIVER.
MS243   10/31/2013 11:32:27 AM
NO RATINGS
Driver Responsibility

I think with the event of electronicly controlled transmissions and brakes and a common bus that connects these to the ECU(throttle) in the event of cascading failures this may not be feasible. 

I have personally experienced two ABS failures and one other failure of Mechanical brakes - I walked away from all of these by pretty much using the transmission to shift into low, combined with the emergency brake to do this.  Had this mechanical backup not functioned I would likely be in much worse shape medically than I am now.

Aircraft systems typically use three independent channels be they mechanical or eletro-mechanical -- any one of which will maintain control of the aircraft in the event of the loss of the other two.

Page 1 / 5   >   >>
Flash Poll
Radio
LATEST ARCHIVED BROADCAST
Join our online Radio Show on Friday 11th July starting at 2:00pm Eastern, when EETimes editor of all things fun and interesting, Max Maxfield, and embedded systems expert, Jack Ganssle, will debate as to just what is, and is not, and embedded system.
Like Us on Facebook

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)
EE Times on Twitter
EE Times Twitter Feed
Top Comments of the Week