Design Con 2015
Breaking News
Comments
You must login to participate in this chat. Please login.

Bye all from Crusty

CEO

@embeddedbarr Thanks for your time!

Rookie

@All,

I must scoot.  Thanks, All.

Rookie

It seems like most FDA stuff goes through a few rounds of clinical trials prior to full approval --- so the Requirements, Test Cases, Coding etc, goes through several itterations - trouble is it may take so long that one is replacing knowlege with each round of funding and round of trials

Manager

@richadst: Posterior only covered if the audit on the implementation is acceptable, always feel the old saw is garbage in garabage out.

 

CEO

@Crusty1

Well, that is my summary of the 60601-1.  A copy is just above my desk.  Whether manufacturers stick to it is perhaps a dfferent matter, but it will help cover their posteriors if things ever come to court.

 

Rookie

Hi Max: Make sure you know when to stop laughing: LOL

CEO

@Barr -- Watson's real advantage, is one can feed it new medical literature (knowlege) all day long while it is working -- and it can graphically point the doctor to the items of interest given a set of medical records for a patient(most likely possibilities)  -- kind of expensive for a common cold type visit, but really vital for the rare stump the doctor conditions

Manager

@richardst: As an Ex Medical Laboratory technician only wish this was true

CEO

@embeddedbarr

Thank you for the discussion.

Richard

Rookie

@Crusty: How many software or hardware projects start out with a clear definition of what they want to achieve?

I'm rolling on the floor laughing

@Crusty1

Interestingly the Medical Standard says:

Write The Specification First

Write the tests against the spec.

Write the code and test.

Risk assess at all points.

Continually review.

Document EVERYTHING.

- and that is why it is so expensive, IMHO.

Rookie

Okay, folks.  I gotta run.  Thanks so much for joining in the discussion.  I hope to see some or all of you at the EELive! conference and keynote in a few weeks.

Rookie

Using government mandates have it's own risks.  FCC requires Faraday cage tests of phone handsets to get radiation certification.  But I bet they don't test all possible combinations of Rx/Tx setups, when we have phones with NFC/Bluetooth/WIFI/GSM/...  Not to mention emissions from the battery circuits and DC-DC converters (those inductors radiate "something").

Rookie

@TheOldTimer: Hopefully the lesson IBM learned was NOT that Watson didn't need to keep up to date.

Rookie

How many software or hardware projects start out with a clear definition of what they want to achieve?

CEO

@embeddedbarr

Someone who was right, I suppose!

Rookie

@embeddedbar. Great comment and so true.

Rookie

Who was it who said that if the real full cost of a software project was known at the outset, no one in their right mind would ever start the project?

Rookie

This fact will worry you. IBM was looking at WATSON to deterime how they could use it to advance medical research capabilities. IBM survyed doctors to determine their reading habits. It determine that less than 5% of the doctors read published documents in their field on a continuing basis. Plug that into the fact that 50% of all doctors are below average.

Rookie

@Michael

Yes, engineers should be better trained as speakers.  (I am pointing a big finger at myself.) But the thing is that engineers by nature tend to be folks who like building things - as well as possible - rather than  getting involved in political fights.  That is why Dilbert is so true.

 

Rookie

@MS243

Yes again.  What price safety? What price certification?  Somebody is going to make the implicit decision whater to keep the project alive without full certifation or take a huge loss on the development to date.  Such is the real, dog-eat-dog world.

Rookie

True -- in every industry the systems integration / validation technology seems like it is the runt of the litter when it comes to funding / available time

Manager

What about software proplems that do not become public for fear of law suits, so the malfunction sits there as a time bomb?

CEO

We are expecting way more detailed review and testing to earn the U.L. sticker on a hand-drill than we are getting from cars these days.

Rookie

General statement: Engineers should be better trained as public speakers, so that they can more easily convey their concerns and how they should be addressed.  And a bit of continuing education to keep up with evolving best practices should be in order as well.

Rookie

The best-of-all-cases that I can forsee, particularly with complex (and potentially lethal) consumer products is to create consumer expectation (and education) for some sort of independent certification of roadworthiness.  It troubles me that NTSB is spending way more money (and time) on vehicle crashes (which are valuable in of themselves), and hardly any proportional time on integration testing of complex control systems, such as the fuel throttles.

Rookie

It's hard to anonymously disclose a problem when there are only one or a handful of engineers in the company who could even understand it.

Rookie

@richardst: " - Shout at our managers?" WOW, you are a brave man!! ;-)

Maybe a bit of public spanking too would be nice too??

Blogger

Speaking out abot concerns needs a process that does not require the concern raiser to be known. English Railway sytems can have the whistle blow but to an uninterested third party arbitrator.

CEO

Yes.  Yes.  Yes.  But don't give up.

Rookie

So.  Things break because of design and implementation blunders. What do we do then, as engineers?

 - Force legislation?

 - Shout at our managers?

 - Continue to do our very best and hope?

 - Give up?

 

Rookie

Ah, Pathfinder... a huge success in the big scheme!

Rookie

It is always a sad situtation to tell some client the IP they had developed for 500 on the cheap would likely take another 90K to turn into a well written set of requirements, and a testbed, and verifiy and validate the IP for the industry they were targeting  -- Safe stuff that is complex costs quite a bit of money, and most of the errors that escape are traced indirectly to lack of time, tallent, or treasure

 

Manager

One mars mission I had something to do with involved a failure to activate the priority inversion feature of the RTOS prior to launch so that the lander became overwhelmed with the added cruise-mode photo (not in the original flight plan) clogging up the memory something fierce.

Rookie

@TheOldTimer And engineering culture impacts product safety.  Engineers need to, like pilots, be trained to speak up when they see something that is not right--regardless of years of experience.

Rookie

@embeddedbarr: It's amazing!! Some of my customers have had problems with understanding UTC, timezone and related issues in Linux, but nothing like this failure ;-)

Blogger

Evening from Crusty

 

CEO

One particularly troublesome aspect of multiple failure detection in aircraft has to do with each alarm, being required to be distinctive, combining to increase the stress and workload so much that the emergency checklist could not be completed in time to prevent the crash.  One other very infamous mission to mars failed because of a metric-imperial mismatch in dimensional units so the Mars Observer plowed the fields of mars instead of orbiting.

Rookie

Well, three sensors that failed near-simultaneously for a common cause.  It had happened before and been recognised by the aircrew.

Rookie

@Caleb A pilots culture inpacts their training. In America cockpit management is a major part of all pilots training. If you see somthing is not right speak up, regardless of your experience. In Asia the lower person never will speak up when they see a potential problem. That is the biggest problem American instructors have when teaching pilots outside of American carriers.

Rookie

this has been quite interesting folks, but I have to run

 

Blogger

@garcia-lasheras Check out what happened to a squadron of test F-22 fighters when they crossed the International Date-Line for the first time: http://www.defenseindustrydaily.com/f22-squadron-shot-down-by-the-international-date-line-03087/

Rookie

For the eyes one can warm a little dab  of honey on a spoon on the stove burner till it is liquid and then add a few drops of milk -- put a bit of this in each eye and the conjunctivitis is cleared up shortly

Manager

@richardst Software that fails to detect and/or communicate critical information about a failed sensor to the user?

Rookie

Our own Spanish version of the "Air Force One" is plagged of faulty bugs too... I don't want to imagine what's really happening with the regular planes!!

http://www.02b.com/en/notices/2014/01/prince_felipe_s_airbus_suffers_yet_another_breakdown_6429.php

Blogger

For me it is a cocktail of Benadryl and Zyrtec - better living through chemistry (I was trained as a chemist before landing this gig).

Rookie

Max -- on your allergies -- might be able to fix them with some locally farmed honey put over 1/4 teaspoon of black pepper -- down the hatch and the bee's resistance to the local pollen gets passed on to you

Manager

Arguably, the Air France South Atalantic crash was exacerbated by pilot interaction with a partially failed system.  If they had recognised the cause of the anomaly (frozen air data probes) then they could easily have manged the situation.  Instead the aircraft stalled with stick back and engines at idle all the way to the sea. Was this a software failure? Discuss.

Rookie

In the case of the Swiss air crash it was a combination of a mis-set altimeter alignment, plus poorly trained controllers misdirecting pilots into mountainous terrain when an opposite turn to an alternate downwind approach was required.  One other famous incident occurred when the automatic landing control was not disengaged, a corporate culture of requiring steep climbs out of this one airport for noise abatement, and an automatic misread of an updraft as if it was a landing flare stall, which cut out the engines during takeoff.

Rookie

@The Old Timer: that's interesting. It never occurred to me you'd have to swap out parts on plane like that.

Blogger

@Garcia: I hope you manage to get a better look for EELive! ;-)

Mee too -- as soon as this chat is over I'm running out to the pharmacy to get some benedroil or whatever it's called

I have thousand of hour flying airplanes. Batteries have always been a problem. There are many aftermarked products that are designed for aviation. They range from better cables and controllers to the batteries. Too many times the cheaper part was used by the company and we the user need to buy a more expensive part to fix the potential problem.

Rookie

@Caleb: I believe there was a chinese flight where the pilots changed the altitude warning...

I recall a Korean flight doing something like that -- and the junior pilots and engineer were trying to tell the pilot politely that he was doing the wrong thing, but they couldn't bring themselves to say it outright...

@Max: I hope you manage to get a better look for EELive! ;-)

Blogger

@mr_widget: I am truly feeling your pain Max, to within a gnat's crotchet.

I never used to have allergies in England -- they started up when I moved to Alabama (I came here for the night life LOL) -- but the last 3 days have been much worse than ever --  my left eye is completely closed and my right one is streaming -- I'm not wearing my happy face...

I believe there was a chinese flight where the pilots changed the altitude warning, and ended up crashing into some mountains

Blogger

I think it was an anti-allergen MTBF design fault.

Rookie

There have been instances where pilots have overridden on board systems to cause fatal crashes

Blogger

@Max: Do you have a bug in your anti-alergical system too? ;-)

Blogger

A little interesting reading here about the Patriot Missile Failure's root cause: http://embeddedgurus.com/barr-code/2014/03/lethal-software-defects-patriot-missile-failure/

Rookie

Except in the case for the 787, you can't unplug the APU's mid-flight, and so hence the fire hazard.  Speaking about that just how robust (and openly discussed) are the Li+ charging circuitry in these huge power storage arrays?  Is there any chance of independent review of these (The FAA could be the vehicle for certifying them for flightworthiness, except past experience with that process has been very problematic in detail).

 

Rookie

@TheOldTimer Tell that to the designers of HAL 9000!

Rookie

@Michael

I used to service Linacs (but not Theracs).  Yes, the safteys were well thought out, in my experience.

Rookie

wow, that is terrifying about the airbus

Blogger

@mexchip The solution, in my view, has three major components: Architecture, Process, and Culture. Architecture means that the system is designed so that when a software malfunction occurs the risks to people are minimized; but also that the software is designed so that malfunctions are rarer and more quickly detected.  Process means that the procedures around software development have a logical flow that is designed to keep out and detect as many bugs as possible as quickly as possible.  Just like the architecture, the pocesses should include multiple layers of defense.  For example, both peer code review and static analysis should be performed (and more, of course).  Culture means that the company helps the engineers make the correct architectural and process decisions and supports them in following through over time.  Safety culture is broken if shipping by a certain date drives decisions that could negatively affect safety.

Rookie

@Michael: I realize that Toyota could have done many, many things to improve their code. But I believe that the single thing that could have saved the day was liberal use of assertions. Would you agree?

@All: How many of you use assertions in the code and how many leave them enabled in the field?

Rookie

A side note. The Airbus allowed the computers to override the pilot. The Boeing 777 allowed the pilot to override the computers. There have been far more Airbus crashes than Boeing 777's. 

"When working with computers, something unplanned can happen and you need to unplug them"

Rookie

I am truly feeling your pain Max, to within a gnat's crotchet.  I truly hate Roseville in the springtime. :(

Rookie

Sorry for my scilence here chaps and chappesses -- I've been hit by an alergy attack -- sneezing my head off -- my eyes are streaming -- I can barely see the screen or keyboard (sad face)

By contrast, the system-level design of the Toyota ETCS allows a software malfunction, including a throttle held open against the driver's wishes, to put the vehicle as a whole into a hazardous condition.  Under certain scenarios, this cannot be mitigated by the driver--even use of the brakes cannot always overcome a full throttle event.

Rookie

I am sure that we have all beeen there where we wroted code that worked and was accepted. Then weeks or months later we thought that something outside our code could cause problems in a very rare case and wanted to correct out code to cover that rare occurane. Managements resposne was do not make the change, it will cost too much time and money.


Then months later the rare occurance happened and was going to cost much more in time and money to fix than an earlier fix. The fail to remember that they were warned. Then you were asked why you did not catch the potential problem.

Rookie

@richardst Thanks for bringing that up.  One of the critical FDA guidelines is that the system should be designed in such a way that even though the software can, and likely will eventually, go haywire, electrical and mechanical safeguards must be in place to protect the patient.  If that is done very well, the quality of the software can be lower and yet the user can be safe.

Rookie

@mexchip

What an excellent question!

Rookie

What kind of training should people in charge of the design of such critical systems receive? Where?

Rookie

So what aspect of this will you be discussing at EE Live?

Blogger

In similiar vein, how was it that Underwriters got bootstrapped into the essential and widespread product certification businesses?  Was there some sort of industry-wide assessment for funds to establish the lab?  Can the extra costs currently seen in retail prices for cars be transferred into assessment funding for an independent testing laboratory, so that there is no net increase in the car price?

 

Rookie

@All, for info

Partially in the light of the Therac case, programmable medical systems now have to comply with EN60601-1, which has a chapter (14) specifically on programmable systems.

Rookie

Here are some links that may be of interest to folks:

My blog post re: Toyota post-Oklahoma with other links to articles and testimony in it: http://embeddedgurus.com/barr-code/2013/10/an-update-on-toyota-and-unintended-acceleration/

A much earlier article about what could be learned from NASA's redacted public report (written before I was involved personally): http://www.embedded.com/electronics-blogs/barr-code/4214602/Unintended-acceleration-and-other-embedded-software-bugs

 

Rookie

@ssdwem In theory, that kind of dirty tricks could be played.  But that has not been tried AFAIK.  And there are other experts who can do code review.

Rookie

In the light of the Toyota case, I would be amazed if big car manufacturers were not performing rigorous and urgent private code reviews.  And also amazed if they admitted it to the public.

Rookie

Much of the NASA report's review of Toyota's source code ("Appendix A") was redacted.  Some entire pages were redacted.  I got to see the unredacted NASA report, but only in an RF-secure room with no Internet and no phones (and no metal, belts, watches, or paper in/out).  And I can't tell you what I saw there.  Little of that is proprietary but lots of it would be embarrasing to Toyota.

Rookie

@embeddedbarr: Curious from a legal perspective: if you were retained to review some code from firm "X" (e.g., GM, BMW, VW, Boston Scientific, Bayer...) - would that effectively make you ineligible as a witness on the plaintiff side in a lawsuit against said firm?  I could imagine many firms retaining Barr Group for a "nibble" of work, simply as a defensive tactic to one day facing you on the other side of the table.  Thoughts?

 

Rookie

Well, that put a damper on things.

Blogger

The secrecy surrounding Toyota's code was incredible.  And it still constrains what I can say.

Rookie

@TheOldTimer I think that's a strong possibility and I hope it's true.  Fundamentally, Tesla knew from the outset it was going into the millions of lines of embedded software business.  And hopefully hired and architected with that in mind.

Rookie

@All: My gut feeling is that companies use secrecy around their code for the wrong reasons, mostly because they KNOW that the code is lousy and they are embarrassed about it. Am I wrong?

Rookie

Similarly, once the deadly Therac-25 bug was found, a researcher with a Therac-20 discovered that the same bug was the reason his institution had often seen blown fuses.  The Therac-20 had better independent safety checks but the same underlying software defect.

Rookie

I would believe that Tesla would be better. They started out with a clean slate and did not have as many electro-mechanical  requirements as a major car company would need to support their old manfacturing processes

Rookie

well, in their short run, they've been reliable but time is the only way to tell, right?

Blogger

Having recently studied the Therac-25 and Patriot Missile Failure lethal software defects, I've noted that both have something in common with Toyota: safety systems and test protocols that didn't keep up with evolving/reused code.  For example, Patriot was late adapted to targeting Scud missiles that traveled at 2.5x the speed of earlier aircraft/cruise missile targets.  This exposed a bug that was always there.

Rookie

@Michael re: newbies

+ for newbies: thay can start with modern kit and hopefully include good practise from the start.

or oldies: they have lots of experience with their proven (if a bit ugly) kit.  It is said that the biggest error for a software company is to do a complete re-write.

Take your choice!

Rookie

@caleb Agreed that the UX of the Tesla code looks good, even in the face of danger.  Does that also speak to the reliability?  It is, unfortunately, so hard to say without actually reviewing the design/code.

Rookie

One trend I've observed, perhaps relevant to the Tesla question, is that companies that started out as mechanical goods and/or electrical goods (say decades ago) and happened into becoming embedded software companies, generally seem to have a lot better mechanical/electrical practices than software processes.

Rookie

The warning systems that were shown in action during the two reported fires were incredible. They were underplayed by many, but no other car is going to give you a heads up like that.

Blogger

I personally favor Tesla, but only based off what I have seen of their support and safety systems. Not necessarily due to their startup nature.

Blogger

I would expect better software as they have to have the highest possible quality to convince people to take a risk with a new vendor.

Staff

I'm curious if people think a startup automaker, such as Tesla, is likely to have better or worse software than the incumbents.  If so, why?

Rookie

@richardst, punitive lawsuits may be effective, but ultimately even those costs are passed along to the consumer, unless it targets executives personally rather than the corporation. But it still might help. I heard that with the Ford Pinto gas tank thing the execs compared the cost of the recall against the probable lawsuit costs, and chose to roll the dice on the lawsuits. Perhaps a history of punitive fines might tip the balance the other way next time.

Staff

@oh wow, good point richardst

Blogger

@msamek275 Independent design and code consulting and reviews are key parts of our business. However, I cannot say that I have seen any noteworthy trends yet relative to pre-/post- Oklahoma jury verdict.

Rookie

@Michael,

Well, yes.  Fair point. What price safety?

I am sure that big manufacturers would love more legislation as it tends to force out the little guy.  In medical, it is really expansive for a small research team to develop and qualify new kit.

Rookie

One noteworthy issue with voluntary standards is that one of the defenses automakers attempt to rely upon in litigation is that there is no public information about what their competitors are doing better, if anything.

Rookie

Note that MISRA has a lot more than the well-known MISRA-C coding guidelines.  Those are really just one small part of a 1000+ pages of guidance on process for safety in software for automobiles.

Rookie

@dunn and @rambo There are some volunatary automotive-industry standards that are international in nature.  For example, ISO 26262 is a functional safety standard aimed squarely at automotive.  This builds on the excellent work of MISRA (Motor Industry Software Reliability Association) and IEC 61508.

Rookie

@Michael: Do you see any impact from the Oklahoma trial in the industry, automotive and otherwise? For example, are companies approaching you to review their code and process?

Rookie

@richardst Maybe consumers are already paying for the defects and risks and costs of litigation and that is higher?

Rookie

Seems like there need to be international standards

Blogger

yeah, getting the companies to agree on ANYTHING seems quite difficult. hell, we still have different lug patterns on the wheels!

 

Blogger

@bberg950 There are some APIs that are widely used in the automotive industry.  For example, there is the OSEK RTOS API.  This is not one RTOS product but rather a marketplace of RTOS products that all conform to a published OSEK standard API.  However, this is not really at the hardware level like you are asking.

Rookie

@Michael and all,

I guess we could raise the issue of code reviews with our legislators.  They could legislate for reviews for safety-critical stuff.  But we, the consumer would have to pay for it.

Of course, the fear of punitive fines and/or improsonment under current fitness-for-use legislation just might be enough to make manufactureres think twice.

 

Rookie

@mr_widget It's interesting to look at what the FDA is doing re: software that could kill device users.  At a high-level, I understand that (1) They publish a set of software development guidelines. (2) They require device manufacturers to have similar processes in place and to provide paper trails. (3) They reserve the right to audit source code after an event and to pull the device off the market if their static analysis tools, e.g., can catch the flaw that caused the problem.

 

Unforunately, automotive industry is the wild west by comparison.

Rookie

Is there any chance of establishing some kind of API for automotive software's interface to the hardware?  My gut feeling is that would never happen.

Rookie

Are any SW standards MANDATORY in automotive?

Manager

@mr_widget I believe that external independent code audits of safety-critical and security-critical systems would be a good thing.  Not sure how to make this happen, unfortunately.

Rookie

@Michael

Ah yes, the long skid is pretty convincing.  I had not heard that bit.  Thanks.

Rookie

@caleb: ...with enough time and access, I could take over your purely mechanical car.

LOL

I don't even have powered doors or windows

Sorry that last was actually to Max.

Rookie

@richardst Incidents of car pwnership almost certainly lie in our future, as cars become more connected.

Rookie

@richardst It is customary, when an expert is doing an accident root cause analysis, to reach an opinion that a particular cause was "more likely than not" a primary cause of the accident.  This is because the full list of potential causes generally includes more than one that cannot be ruled out entirely.  However, in this Oklahoma case, the opinion I reached and testified to was that a failure of the engine controller was the only plausible root cause.  This was in large part because both side's accident reconstructions put the driver on her brake at the start of a 150 foot skid mark.  Even if the driver had confused the pedals earlier in the drive, this skid mark (apparently from additional use of the parking brake) was way too long for a Camry at that speed unless the throttle was being held open.

Rookie

@max, with enough time and access, I could take over your purely mechanical car.

Blogger

@Michael

Hmm. So if the cruise control was not engaged, do you think the ECU caued the accident?

Rookie

The way everything is becoming so connected -- is there any chance in the future that someone would be able to "take over" your car?

Oh, think about it.  Each tandem set is 8 wheels which have complex loading (lateral and otherwise).

Rookie

@richardst To date, I have not had the pleasure of examining any other manufacturer's engine control source code.

Rookie

They should wire them up like they do trains! if they have a fault of any kind, the brakes engage

 

Blogger

@EebeddedBarr: I am now in the building...

Hurray! :-)  Can you quickly skim the questions and comments below

@richardst The Bookout crash, in Oklahoma, did not involve the driver's use of cruise control.

Rookie

@mr_widget

Ah! I see. Thanks for your correction.  I did just occur to me that you could need local modulators for each wheel pair.

Rookie

It is still legal, in Nevada, to have triple-trailer rigs.  That's the independent tractor drive wheel brakes, the two dollys, and three tandem wheelsets.  Lots of moving parts to fail there :)

Rookie

Figuratively speaking, I am now in the building...

Rookie

Hi Susan -- we're just waiting for Mike Barr to join us -- I told him 1:00pm Eastern ... but the conversation kicked off early :-)

@richardst - not so much.  The largest cost of electronics in a tandem trailer (commercial) is the copper in the signal wiring.  So, in order to minimize that cost the controller is being put in the tandem axle assembly more and more, with pressure sensors to measure the positive air pressure in the airbrake lines.

Rookie

@Mr_widget: My guess is that the brake parts in a truck trailer are relatively simple: just the brakes and the rotation sensors

What about those mega tractor trailers they have in Australia -- almost like a train -- where you might have one tractor (caB) and two or three trailers linked together...

@ mr_widget

My guess is that the brake parts in a truck trailer are relatively simple: just the brakes and the rotation sensors.  The clever bit will be the ABS controller in the cab.  Just a guess, of course.

Rookie

it isn't exactly an accurate measurement, but it will be fun!

Blogger

I'm really looking forward to seeing your Apluase-O-Meter at the Gadget Smackdowns

Hi Caleb -- are you ready for EE Live! ?

 

@Richard: It looks like I am not the only one getting questions in early!

No, you are not alone LOL

 

richardst - I'm getting mine in early as the last chat I had to miss since we were kicking off a beta test cycle :)

Rookie

@Mr_widget: Our guest, Michael, hasn't joined us yet -- he'll be linking in shortly

My own personal bugbear in embedded transportation devices is three-fold: 1) Power management, especially in the charging controllers for the huge Li+ arrays; 2) Avionics - that should be obvious; and 3) trucking - the average cost of a tandem trailer is approx $2500.  Just how much scrutiny are the ABS brakes in the trailer wheels going to get when the cost margins are as thin as that?

Rookie

@Max and @mr_widget

(It looks like I am not the only one getting questions in early!)

 

Rookie

Since an ever-increasing proportion of vehicles on the road today are using MCU-regulated control systems (ABS brakes, traction control, throttle, fuel mixture, to name a few), do you think it time to have some clearinghouse of experts to examine the software operating in these things?  The Top Gear fan in me wants very much to assure myself that the next purchaser of a McLaren or Bugatti can be certain to be under safe operating conditions as much as possible, since these cars, especially, are running closer to the ragged edge than any other vehicles, other than professional racing cars.  I can assume the racing teams are closely scrutinising the code as a natural production process :-)

Rookie

@Richardst: The chat doesn't start for another 25 minutes (kick-off at 1:00pm Eastern Time) -- you're early! :-)

On the Toyota case, it is my understanding that (i) the ECU code was both ugly and buggy and (ii) uninteded, continuing, accelleration would occur if the Task X control bit happened to flip while the vehicle was accelerating under cruise control.  Please correct me if I am mistaken.

The jury decided that this must have happened.  What do you think is the chance that this actually happened?  Do we know if the plaintiff routinely used cruise control?

Have you been able to examine other manufacturer's and/or models' code to this level of detail?  If so, have you found it better or worse than the Toytoa code?

Rookie

Our next live online chat will commence on Friday 14 March 2014 at 10:00 a.m. Pacific Time (1:00 p.m. Eastern Time). You'll have to work out your local time from these clues (you can always use this handy-dandy Time Zone Converter).

Your host will be Max Maxfield, and our guest will be Michael Barr, CTO and Co-Founder of the Barr Group. As Michael says: "Embedded software can be dangerous, even lethal." In this week's live online chat, Michael will be available to answer questions on such topics as Therac-25 (a radiation therapy medical device that massively over-dosed 6 patients from 1985-87), the Patriot missile defense system's deadly failure to intercept a Scud on February 25, 1991, and Toyota's issues with unintended acceleration.



Flash Poll
Top Comments of the Week
Like Us on Facebook
EE Times on Twitter
EE Times Twitter Feed

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)
EE Life
Frankenstein's Fix, Teardowns, Sideshows, Design Contests, Reader Content & More
Max Maxfield

Want to Present a Paper at ESC Boston 2015?
Max Maxfield
7 comments
I tell you, I need more hours in each day. If I was having any more fun, there would have to be two of me to handle it all. For example, I just heard that I'm going to be both a speaker ...

Martin Rowe

No 2014 Punkin Chunkin, What Will You Do?
Martin Rowe
Post a comment
American Thanksgiving is next week, and while some people watch (American) football all day, the real competition on TV has become Punkin Chunkin. But there will be no Punkin Chunkin on TV ...

Rich Quinnell

Making the Grade in Industrial Design
Rich Quinnell
12 comments
As every developer knows, there are the paper specifications for a product design, and then there are the real requirements. The paper specs are dry, bland, and rigidly numeric, making ...

Martin Rowe

Book Review: Controlling Radiated Emissions by Design
Martin Rowe
1 Comment
Controlling Radiated Emissions by Design, Third Edition, by Michel Mardiguian. Contributions by Donald L. Sweeney and Roger Swanberg. List price: $89.99 (e-book), $119 (hardcover).