Bookout v. Toyota Motor transcript continues
A. That is the very 2008 ECM that this photograph reflects.
Q. Would this be the general size of the board that contains these compute components with a 2005 Camry?
A. They are about the same. Correct.
Q. Let's talk about safety critical systems?
A. So a safety critical system is an embedded system, but it can also kill or injure someone. So my Nike fuel band is not going to kill or injure anyone. But a car is an example of an embedded system, at least some of the computers inside it, can cause injury. Now, it wouldn't be a case necessarily of the mirror control, but it would be the case of the engine control.
Q. So do you consider the electronic throttle control system to be a safety critical system?
A. I do.
Q. What sort of things can possibly go wrong with such a system?
A. Well, the risks in such a system are manyfold. The first is that these electronics are being driven around, bounced around, splashed around, and in a generally rough environment. A lot of embedded system designers don't have to worry about their products doing anything other than sitting on a desktop, but a car is a very harsh environment.
So it is a noisy environment, electrically noisy, there is a lot of vibrations. And so one of the things that can go wrong -- and this can happen in any electronics, but it can particularly happen in a car electronics -- is some sort of glitch in the electronics. And that means that momentarily one bit inside a chip flips or an electrical pain takes on the wrong value.
With a digital value, if you have an in-between number between zero and five volts, you might inadvertently get momentarily wrong signal, and that can affect what the software does. So that is one thing that can go wrong, a glitch in the hardware. You heard Dr. Koopman talk about the bit-flips. Another thing that can go wrong is that there could be a software bug and it can be activated at any time. So the software bug is latent, always there, but then you happen to be driving a car that day and the software bug suddenly, because of something the car did or a glitch in the electronics or something else, it suddenly activates, and now you have a malfunction.
And any reasonable -- any program of reasonable size is going to have bugs in it, so you have to, as a designer, expect random hardware faults and also there are software bugs in there.
Q. Let me ask you a question about that: In terms of software bugs, just because they're there will they always cause a malfunction?
A. Just because they're there doesn't mean they will always cause a malfunction. No.
Q. Are some bugs such that there has to be a specific condition met with the product, the car, whatever in order for them to manifest themselves?