Breaking News
Comments
Newest First | Oldest First | Threaded View
<<   <   Page 2 / 11   >   >>
ARabold
User Rank
Rookie
Re: Single bit flip
ARabold   11/20/2013 9:55:45 AM
NO RATINGS
There is an extensive literature on the question 'how safe is safe enough', and you might start with the early chapters of Nancy Leveson's book 'Safeware: System Safety and Computers' (though it is somewhat dated, and she has a new book in the works.)

Forcing a hardware / software dichotomy on the safety question is unwise, as a significant subset of risk involves aspects of both domains, and their interaction. 

One issue is 'what are the alternatives?' In the case of anti-lock braking, we add a system that could potentially interfere disastrously with braking, but which, when it works, reduces the frequency and severity of accidents. In the case of a car's throttle, I don't know if there are any compelling reasons for full-authority digital control, from a safety perspective.

It is well established that redundancy can effectively mitigate random physical errors to the point where it is no longer the dominant risk (it is not, however, effective for software errors, as different developers tend to make related mistakes, so the errors in independently-developed implementations of the same requirements tend to be somewhat correlated.)

You quoted Larry comment, "If you look at modern automotive control systems, they are beginning to introduce redundant voting controls" (emphasis added.) This suggests, disturbingly, that the designers of automotive control systems are far behind the state of the art with regard to digital systems safety.

 

 

ARabold
User Rank
Rookie
Re: Single bit flip
ARabold   11/20/2013 9:06:11 AM
NO RATINGS
I don't know if you replied to my post by mistake, but nothing in what I wrote could be properly construed as indicating that I doubt the potential lethality of some software, or that I doubt it has actually happened. I read Nancy Leveson's highly informative report on the Therac-25 when it was first published, and I was appalled by the fact that the development of this safety-critical software was entrusted to an unqualified person, and deployed without effective rik analysis, review and testing.

This quote should have made my position clear:

 "These risks can be effectively mitigated, if and ony if you make a serious effort to do so." (emphasis added.)

Effective mitigation does not mean 'eliminate all risk' for software any more than it does for any other technology.

 

KGround
User Rank
Rookie
Re: Single bit flip
KGround   11/18/2013 2:42:16 PM
NO RATINGS
You question that a software bug can kill ??

There are many, many examples. Here:

http://en.wikipedia.org/wiki/Therac-25

is one of my favorites.

We trust machines with our lives every day, and that is fine, but we should also remember that a machine is heartless and relentless and will kill you in the blink of an eye if it gets the chance (and this applies to simple mechanical equipment as well as complex software driven systems), it will feel no regret later, and suffer no consequences. 

Trust your life to a machine if you wish, but it should be conscious decision and not just force of habit.

ARabold
User Rank
Rookie
Re: Single bit flip
ARabold   11/4/2013 9:45:11 AM
NO RATINGS
Frank Eory wrote:

"It makes one wonder how blame can be attributed to software in a system in which the source of the error may have been a random SRAM bit that was flipped by an alpha particle or other natural radiation event."

If that were an unavoidable problem, the undavoidable conclusion would be that digital equipment is unsuitable for safety-critical purposes, especially for things such as a car's throttle, where mechanical linkages have worked well for decades, and so where it's particularly hard to make a case for any additional risk.

The point here, however, is that these risks can be effectively mitigated, if and ony if you make a serious effort to do so. If you are unable or unwilling to do that, do not use digital electronics where peoples' well-being is at risk.

"Is the failure being blamed on software, or is it an overall laxity of hardware plus software..."

None of the above. The blame is being placed on the people of Toyota who, in their complacent ignorance, failed to take reasonable steps to reduce the risk.

I find Mr. Eory's "things break, that's just the way it is" attitude disturbing. No-one with that attitude should have any responsibility in the development or deployment of safety-critical systems, or the policies that govern their use.

 

 

Antony Anderson
User Rank
Rookie
Transcript of evidence
Antony Anderson   11/1/2013 5:47:47 PM
NO RATINGS
Dear Mark,


e-mail me and I might know of someone who could help you

Antony Anderson

e-mail: antony.anderson@onyxnet.co.uk

Tel +44 191 2854577

website:www.antony-anderson.com

William Miller
User Rank
CEO
Re: Interesting reading
William Miller   11/1/2013 11:01:59 AM
NO RATINGS
Being killed for someone's code mistake is very-very sad and tragical!

Toyota engineers must have felt very sorry for that person and its relatives.

I thought this is a trustful car company. Now I'm not sure!

markgoespop
User Rank
Rookie
Re: Interesting reading
markgoespop   10/31/2013 1:53:29 PM
NO RATINGS
> On the internet, nothing is ever lost!

I suspected as much -- Thanks!


- M

SSDWEM
User Rank
Rookie
Re: Interesting reading
SSDWEM   10/31/2013 1:43:19 PM
NO RATINGS
Mark,

 

On the internet, nothing is ever lost!


From the reddit discussion, I found this link:

 

http://cybergibbons.com/wp-content/uploads/2013/10/Bookout_v_Toyota_Barr_REDACTED.pdf

 

Good reading - enjoy!

markgoespop
User Rank
Rookie
Re: Interesting reading
markgoespop   10/31/2013 12:43:31 PM
NO RATINGS
I'm trying to get hold of the court transcript, that is Bookout_v_Toyota_Barr_REDACTED.pdf,but the links I have found so far are dead. Would anyone be able to send me a link, or a copy?

Thanks,

Mark

Etmax
User Rank
Rookie
Re: Toyota's culpability here is the tip of the iceberg for everyone
Etmax   10/31/2013 10:41:23 AM
NO RATINGS
@JCreasy I agree, proactive recalls are much better than after the fact. I heard from amate that BMW had issues in the US that they didn't want to recall, and Mazda here did something similar. Buyers should vote with their feet, not necessarily for the car with the least problems but rather the best after sales care

<<   <   Page 2 / 11   >   >>


Flash Poll
EE Life
Frankenstein's Fix, Teardowns, Sideshows, Design Contests, Reader Content & More
Engineer's Bookshelf
Caleb Kraft

The Martian: A Delightful Exploration of Math, Mars & Feces
Caleb Kraft
3 comments
To say that Andy Weir's The Martian is an exploration of math, Mars, and feces is a slight simplification. I doubt that the author would have any complaints, though.

The Engineering Life - Around the Web
Caleb Kraft

Surprise TOQ Teardown at EELive!
Caleb Kraft
Post a comment
This year, for EELive! I had a little surprise that I was quite eager to share. Qualcom had given us a TOQ smart watch in order to award someone a prize. We were given complete freedom to ...

Design Contests & Competitions
Caleb Kraft

Join The Balancing Act With April's Caption Contest
Caleb Kraft
54 comments
Sometimes it can feel like you're really performing in the big tent when presenting your hardware. This month's caption contest exemplifies this wonderfully.

Engineering Investigations
Caleb Kraft

Frankenstein's Fix: The Winners Announced!
Caleb Kraft
8 comments
The Frankenstein's Fix contest for the Tektronix Scope has finally officially come to an end. We had an incredibly amusing live chat earlier today to announce the winners. However, we ...

Top Comments of the Week
Like Us on Facebook
EE Times on Twitter
EE Times Twitter Feed

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)