Was it really just the software, or was there a system-level design problem?
There’s been a lot of speculation about what caused Toyotas in general, and the Prius in particular, to suddenly accelerate.
All across the electronics industry, this is big news because of the amount of electronics that now sits inside an automobile. The most advanced cars have complicated networks of processors, memory, logic, and basically everything that’s already built into the most complicated computer systems that run giant corporations.
What they also have, that computer enterprises do not, are extreme conditions based upon heat, cold, vibration, jarring—everything from accidents to large potholes—and unpredictable driving habits.
So what could have gone wrong? At the very least, it appears to be a far bigger problem than an individual component. In this case, it’s a system of systems, and finding the problems within those interlocking systems may take years to sort out.
Here are some perspectives offered by systems engineers:
1. Software. This is the kind of finger pointing you’d expect from hardware engineers—and, in fact, they are pointing fingers—but software may be a major contributor to the problem. Getting all the bugs out of millions of lines of software code is almost impossible. It takes time, and time isn’t a luxury for automotive software developers. Each model year for cars includes new features, more complex networks and more interactions that could never be envisioned when the software architecture was created.
2. Electromagnetic interference. While you’d expect much of this would be solved relatively simply, the problem is once again what happens when you start running components at levels for which they were never tested. An extremely hot SoC may have completely different properties than one run at normal temperatures—particularly when they’re crowded onto a board with other nearby boards that may interfere with signals. But whether that could actually force a car to accelerate without stopping may not be as likely as other possible problems.
3. State verification. Perhaps a more likely scenario has to do with functional verification of systems involving various states—something smart phone makers have been wrestling with for several generations. There are many states in a car besides just on and off, just as there are in a phone. But in a phone, a hardware glitch may simply keep a system on or off. In a car, it can have disastrous effects.
What do you think went wrong? And how do we prevent these problems in the future?
–Ed Sperling
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Leave a Reply