|
Server : Apache/2.4.62 System : FreeBSD fbsdweb2.web.rcn.net 14.1-RELEASE FreeBSD 14.1-RELEASE releng/14.1-n267679-10e31f0946d8 GENERIC amd64 User : www ( 80) PHP Version : 8.3.8 Disable Function : NONE Directory : /domains/srakitin/OLD/newsletter/vol7/no1/ |
Upload File : |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Food for Thought: Running On Code</title>
<link href="/newsletter/StyleSheet.css" rel="stylesheet" type="text/css">
</head>
<OpenTracking/>
<!-- Do NOT delete previous line if you want to get statistics on the number of opened emails -->
<body>
<table width="600" border="0" align="center" cellpadding="0" cellspacing="0">
<tr align="center" valign="top">
<td colspan="2"><img src="/newsletter/images/FoodForThoughtLogo.gif" alt="Food for Thought" width="600" height="105"></td>
</tr>
<tr class="Reference">
<td align="left" valign="top"><p>An e-newsletter published by<br>
Software Quality Consulting, Inc. </p>
</td>
<td align="right" valign="top"><p>February 2010 , Vol. 7 No. 1 <br>
[<a href="/newsletter/vol7/no1/vol7no1.txt" target="_blank">Text-only Version</a>]</p>
</td>
</tr>
</table>
<br>
<table width="600" border="0" align="center" cellpadding="0" cellspacing="0" class="BodyText">
<tr>
<td align="left" valign="top">
<p>Welcome to <em><strong>Food for Thought™</strong></em>, an e-newsletter from <strong><a href="/index.html?Intro" target="_blank">Software Quality Consulting</a></strong>. I've created free subscriptions for my valued business contacts. If you find this newsletter informative, I encourage you to continue reading. Feel free to pass this newsletter along to colleagues by clicking on the <strong>Forward Email</strong> link at the bottom of this email. If you’ve received this newsletter from a colleague and would like to subscribe, please click this <strong><a href="/newsletter/Subscribe.htm?Newsletter" target="_blank">Enter New Subscription</a></strong> link. If you don't wish to receive this newsletter, click the <strong><a href="#bottom">SafeUnSubscribe</a></strong>™ link at the bottom of this newsletter, and you won’t be bothered again.</p>
<p>Your continued feedback on this newsletter is most welcome. Please send your comments and suggestions to <strong><a href="mailto:[email protected]">[email protected]</a></strong>.</p></td>
</tr>
</table>
<br>
<table width="600" border="0" align="center" cellpadding="0" cellspacing="0" class="BodyText">
<tr>
<td width="114" align="right" valign="top" background="/newsletter/images/RedSpacer.gif"><img src="/newsletter/images/InThisIssue.gif" alt="In This Issue" width="114" height="37"></td>
<td width="15"> </td>
<td align="left" valign="top"><p>In <a href="#article"><strong>This Months’ Topic</strong></a>, I discuss software quality issues in the automotive industry.<br>
<br>
Regular features to look for each month are:</p>
<ul>
<li> <a href="#morsel"><strong>Monthly Morsels</strong></a><br>
Hints, tips, techniques and reference info related to this month’s topic</li>
</ul>
<ul>
<li> <a href="#calendar"><strong>Calendar</strong></a><br>
Conferences, workshops, and meetings of interest to software engineers, QA engineers and anyone interested in software development</li>
</ul>
</td>
</tr>
</table>
<br>
<br>
<a name="article"></a>
<table width="600" border="0" align="center" cellpadding="0" cellspacing="0" class="BodyText">
<tr>
<td width="114" align="left" valign="top" background="/newsletter/images/RedSpacer.gif"><img src="/newsletter/images/ThisMonthsTopic.gif" alt="This Month's Topic" width="114" height="37"></td>
<td width="15"> </td>
<td width="471" align="left" valign="top" class="BodyText"><p align="center" class="Headline">Running On Code</p>
<p align="center" class="Headline"><em>Fly-by-wire Controls Expose a Host<br>
of Automotive Software Quality Problems</em></p>
<blockquote>
<p>“For over half a century the automobile has brought death, injury, and the most inestimable sorrow and deprivation to millions of people. With Medea-like intensity, this mass trauma began rising sharply four years ago, reflecting new and unexpected ravages by the motor vehicle. A 1959 Department of Commerce report projected that 51,000 persons would be killed by automobiles in 1975. That figure will probably be reached in 1965, a decade ahead of schedule.” [1] </p>
</blockquote>
<p>Ralph Nader’s infamous attack on the US automotive industry was highly controversial when it was first published in 1965. Back then, most cars lacked basic safety features we take for granted today – things like seat belts, air bags, safety glass, collapsible steering columns, crumple zones, anti-lock brakes, child restraints, strong door locks, etc.</p>
<p>The automotive industry was arrogant back then (remember “planned obsolescence”?) and style was more important than safety. For example, many 1960’s era cars had dashboards and instrument panels designed using shiny chrome parts and glossy paint, all which reflected sunlight directly into the drivers’ eyes. Dashboards also were not padded and had protrusions, which often caused severe injuries.</p>
<p>For many years, the automotive industry resisted calls from within the industry as well as from outside the industry to design safer cars. It wasn’t until Congress passed laws mandating basic safety features that the automotive industry relented.</p>
</td>
</tr>
<tr>
<td align="left" valign="top" background="/newsletter/images/RedSpacer.gif"><br>
<img width="110" height="161" src="/newsletter/vol7/no1/vol7no1_clip_image001.gif"></td>
<td> </td>
<td align="left" valign="top" class="BodyText"><p>Since Nader’s book was published, mandatory safety features in cars have resulted in dramatic decreases in the fatality rate - highway deaths per 100 million vehicle miles travelled. In fact, for 2008, the fatality rate was at the lowest level since 1961. [7]</p>
<p> So why are so many people concerned about the safety of their cars now? In the 1960’s, cars didn’t have one more thing we take for granted today –<strong> software</strong>.</p>
<p> In my <a href="/newsletter/vol4/no6/vol4no6.html" target="_blank">June 2007 e-newsletter</a>, I reported that 2010 model year cars were expected to have upwards of <strong>100 million lines of code</strong> running on as many as <strong>100 different microcomputers </strong>(called Electronic Control Units or ECUs)<strong></strong>all networked together. Today, projections are that cars will soon have 2-3 times that amount of code – <strong>300 million lines of code!</strong> [6]</p>
<p> By comparison, software that controls the <strong>Space Shuttle</strong> is less than a <strong>half-million lines of code. </strong>Even with the vagaries of counting lines of code, the difference between the amount of code in a car and the Space Shuttle is mind-boggling.</p>
<p> Lately, several problems with Toyotas have been in the news, including</p>
<ul>
<li><strong> Rapid acceleration</strong></li>
</ul>
<blockquote>
<p>Rapid acceleration issues have been reported in 8 different Toyota models. Initially Toyota blamed floor mats, then sticking gas pedals. What has frustrated many owners is that Toyota and the National Highway Traffic Safety Administration (NHTSA) have known about this problem since at least 2002. [11] And the problem is not limited to Toyota. Other manufacturers such as Ford and Audi have had similar problems. </p>
<p>John Liu, a professor of electronics and computer engineering at Wayne State University, has consulted on fly-by-wire technology for automakers and recently said:</p>
<blockquote>
<p>“Each electronic throttle control component determines the appropriate position based on signals from three or four sensors. That communication can be disrupted by signals from a nearby Blackberry, a microwave or radio transmission tower.” [2] </p>
</blockquote>
<p>Most engines today are fly-by-wire – that is, they are sensor-driven throttle systems controlled by software. Engineers believe these systems can be adversely affected by signals from cell phones or microwave towers.</p>
<p>Toyota has so far refused to acknowledge that software could be the real root cause.</p>
</blockquote>
<ul>
<li><strong> Anti-lock brakes</strong></li>
</ul>
<blockquote>
<p>Toyota just announced a recall of about 400,000 Prius and Lexus hybrid models. Under certain conditions, like an especially bumpy or slippery road, there may be a brief momentary delay in the brake response. The car will still stop but the distance required could increase slightly. This problem is due to a software defect and Toyota has begun installing a software fix on Prius models in Japan.</p>
</blockquote>
<ul>
<li><strong> Electronic Power Steering</strong></li>
</ul>
<blockquote>
<p>An analysis by <em>Automotive News</em> [8] found that the Corolla has been the subject of 83 power-steering complaints to NHTSA since April 2008. Seventy-six of those reports note that the vehicle unexpectedly veers to the left or right at 40 miles an hour and up. </p>
<p>Read what a Corolla owner recently reported:</p>
<blockquote>
<p>"[I] notice the steering wheel sometimes pulses only when my cell phone is docked to the right of the steering wheel. It's strange, I can sometimes tell if my Blackberry is going to ring or get an email. The steering wheel seems to shake or try to steer on its own. This is similar to my other 2009 Toyota Corolla that I resold to the dealer. I wonder if more shielding is needed to reduce any interference." [9]</p>
</blockquote>
</blockquote>
<p> There have been many automotive <strong>software recalls</strong> in the recent past:</p>
<ul>
<li> 2008 - Chrysler recalled 24,535 of its 2006 Jeep Commanders because of a problem in the automatic-transmission software. </li>
</ul>
<ul>
<li> 2008 - Volkswagen recalled about 4,000 of its 2008 Passats and Passat Wagons and about 2,500 Tiguans for a problem in the engine-control-module software that could cause an unexpected increase in engine revolutions per minute when the A/C is turned on. </li>
</ul>
<ul>
<li> 2008 - GM recalled 12,662 of its 2009 Cadillac CTS vehicles for a software problem within the passenger-sensing system that could disable the front passenger air bag when it should be enabled or enable it when it should be disabled. </li>
</ul>
<ul>
<li> 2005 - Toyota recalled 160,000 Prius hybrids due to a software defect where the engine would suddenly turn off at highway speeds. </li>
</ul>
<ul>
<li> 2004 - Mercedes-Benz faced the largest recall in its history for problems with its highly touted "Sensotronic" braking system, which relies on sensors to calculate the optimum brake pressure for each wheel. The German carmaker recalled 680,000 vehicles, saying bubbles in the system's hydraulic tank may cause braking failure. </li>
</ul>
<ul>
<li> 2004 - Jaguar recalled 67,798 cars after discovering a defect in an electronic module that could inadvertently cause cars to slip into reverse gear. </li>
</ul>
<ul>
<li> 2003 - A man was trapped inside his BMW for several hours after the on-board computer crashed. The door locks, power windows, and A/C were inoperable. Responders had to smash the windshield to get him out. </li>
</ul>
<ul>
<li> 2002 - BMW recalled the 745i because the fuel pump would shut off if the gas tank was less than 1/3 full. </li>
</ul>
<p><strong> How did we get here?</strong></p>
<p> The first production automotive microcomputer was a single-function controller used for electronic spark timing in the 1977 General Motors Oldsmobile Toronado. In 1978, GM offered an optional Trip Computer on the Cadillac Seville. The computer was a modified Motorola 6802 microprocessor chip and displayed speed, fuel, trip, and engine information.</p>
<p> By 1981, GM was using microprocessor-based engine controls executing about 50,000 lines of code across its entire domestic passenger car production. Other car companies quickly followed suit as automotive engineers realized that they could use software to measure and control engine functions in order to meet increasingly strict emissions and safety regulations.</p>
<p> Software soon found its way into audio systems. High-end audio companies like Bose now have more software engineers than audio engineers. And then came GPS navigation systems. Alfred Katzenbach, the director of IT management at Daimler, has reportedly said that</p>
<blockquote>
<p> “…the radio and navigation system in the current S-class Mercedes-Benz requires over 20 million lines of code alone and that the car contains nearly as many ECUs as the new Airbus A380 (excluding the plane’s in-flight entertainment system). Software in cars is only going to grow in both amount and complexity.” [6]</p>
</blockquote>
<p><strong> What can be done to improve automotive software safety?</strong></p>
<p> Automotive software engineers need to adapt techniques successfully used to develop safety-critical software in other industries. For example, some of the techniques used to develop software for the Space Shuttle can be easily adapted to automotive software development:</p>
<ul>
<li><strong> Good requirements are essential to produce reliable software</strong></li>
</ul>
<blockquote>
<p>To develop safety-critical software, we need to start with clearly written, unambiguous requirements.</p>
</blockquote>
<ul>
<li><strong> Use historical data to predict your defect injection rate</strong></li>
</ul>
<blockquote>
<p>Knowing your organization’s defect injection rate is critical. You need this data to accurately predict the number of defects injected in every release. By subtracting the number of defects found, you can estimate the number not found. </p>
<p>We know that the best, most highly skilled software developers inject on average 120 defects/KLOC or one defect for every 8 lines of code they write. [5] We also have anecdotal information suggesting that through peer reviews and testing, we typically find about 95% of the injected defects. The result is on average, released software has a defect density in the range of 5-6 defects per thousand lines of code (KLOC).</p>
<p>So for a car that has <strong>100 million lines of code</strong> here’s what we’d expect: </p>
<ul>
<li><strong> Defects injected</strong> using 1 defect/8 lines of code = ~12,000,000 defects<br>
<br>
</li>
<li><strong> Defects removed</strong> assuming 95% found = 11,400,000 defects<br>
<br>
</li>
<li><strong> Defects remaining</strong> (defects injected - defects removed) = <strong>600,000</strong></li>
</ul>
<p>This means that there can be as many as <strong>600,000 defects remaining</strong> in the software running in our cars!</p>
</blockquote>
<ul>
<li><strong> Development and Test need to be viewed as peers - each with an equal stake in the outcome</strong></li>
</ul>
<blockquote>
<p>Developers and testers must be able to work cooperatively. Developers should be expected to deliver code that is as defect-free as humanly possible. Testers should be expected to find defects developers don’t find. </p>
You should know about how many defects there are in a given release. And for mission critical software, you’re not done until you’ve found as many of them as humanly possible.</blockquote>
<ul>
<li><strong> Blame the process and not people for failures and trust process to be self-correcting</strong></li>
</ul>
<blockquote>
<p>People will always make mistakes. We need effective processes that help us find most of them and then help identify what aspects of the process need to be changed to ensure that more problems are detectable…</p>
</blockquote>
<p> Researchers [4] have proposed approaches for improving software safety based on:</p></td>
</tr>
<tr>
<td align="left" valign="top" background="/newsletter/images/RedSpacer.gif"><br>
<img width="110" height="171" src="/newsletter/vol7/no1/vol7no1_clip_image002.jpg"> </td>
<td> </td>
<td align="left" valign="top" class="BodyText"><ul>
<li><strong> Make Explicit Safety Claims</strong></li>
</ul>
<blockquote>
<p>“No system can be ‘dependable’ in all aspects and under all conditions. So to be useful, a claim of dependability must be explicit. It must articulate precisely the properties the system is expected to exhibit and the assumptions about the system’s environment upon which the claim is contingent. The claim should also indicate explicitly the level of dependability claimed, preferably in quantitative terms.” [4]</p>
</blockquote>
<ul>
<li><strong> Provide Evidence</strong></li>
</ul>
<blockquote>
<p>“For a system to be regarded as dependable, concrete evidence must be presented that substantiates the dependability claim. Because testing alone is insufficient to establish properties, the [dependability] case will typically combine evidence from testing with evidence from analysis.” [4]</p>
</blockquote>
<ul>
<li><strong> Expertise</strong></li>
</ul>
<blockquote>
<p>“Expertise - in software development, in the domain under consideration, and in the broader systems context, among other things - is necessary to achieve dependable systems.” [4]</p>
</blockquote>
<p> The researchers then identified the following <strong>recommendations</strong>: [4]</p>
<ul>
<li> Make the most of effective software development technologies and formal methods.</li>
<li>Follow proven principles of software development - take a systems perspective and exploit simplicity.</li>
<li>Make a dependability case for a given system and context: evidence, explicitness, and expertise.</li>
<li>Demand more transparency, so that customers and users can make informed judgments about dependability.</li>
<li>Make use of but do not rely solely on process and testing.</li>
<li>Base certification on inspection and analysis of the dependability claim and the evidence offered in its support. </li>
</ul>
<p><strong> And this just in…</strong></p>
<ul>
<li> Honda has just announced a recall of 640,000 cars to fix faulty power windows. </li>
</ul>
<ul>
<li> Citroën and Peugeot are considering recalls since they use the same Toyota gas pedal, which is the subject of Toyota recalls, in some of their models. </li>
</ul>
<p> It’s going to get a lot worse before it gets better. The current Toyota problems are just the proverbial tip of the iceberg… </p>
<p><strong> The Bottom Line....</strong></p>
<p> Have you had this experience?</p>
<blockquote>
<p> “Last year I bought a new car and was staggered to discover a 500-page manual explaining its operations, along with a 200-page companion manual for the GPS and radio systems. One of the new features touted was the much larger glove compartment, a size probably dictated by that of the required manuals.” [6]</p>
</blockquote>
<p> If it takes over 700 pages to explain how to operate the features of your car, maybe it’s just too complex. We need to reduce complexity in order to improve safety. If we don’t change how we develop and test automotive software, then pretty soon Ralph can publish a sequel: <strong>Software Unsafe at Any Speed.</strong></p>
<p>‘Til next time... </p></td>
</tr>
</table>
<br>
<br>
<a name="morsel"></a>
<table width="600" border="0" align="center" cellpadding="0" cellspacing="0" class="BodyText">
<tr>
<td width="114" align="right" valign="top" background="/newsletter/images/RedSpacer.gif"><img src="/newsletter/images/MonthlyMorsels.gif" alt="Monthly Morsels" width="114" height="37"></td>
<td width="15"> </td>
<td align="left" valign="top"><p> Every month in this space, you’ll find additional information related to this month’s topic.</p>
<p><strong> References</strong></p>
<ol>
<li> Nader, R. <em>Unsafe at Any Speed: The Designed-In Dangers of the American Automobile</em>, Grossman Publishers, New York LC # 65-16856, 1965.<br>
<br>
</li>
<li> Gardner, Greg, “<a href="http://www.freep.com/article/201002010300/BUSINESS01/2010368" target="_blank">Toyota’s Problem in Other Vehicles</a>”, Detroit Free Press, posted Feb 1, 2010.<br>
<br>
</li>
<li> Robert L. Mitchell, “<a href="http://blogs.computerworld.com/15547/toyotas_lesson_software_can_be_unsafe_at_any_speed" target="_blank">Toyota’s Lesson: Software can be Unsafe at any Speed</a>”, <em>ComputerWorld</em> Blog, posted Feb 5, 2010.<br>
<br>
</li>
<li> Jackson, D., <em>et. al.</em>, <em>Software for Dependable Systems - Sufficient Evidence?</em>, National Research Council, National Academies Press, 2007.<br>
<br>
</li>
<li> Humphrey, W., “The Quality Attitude”, <em>news@sei newsletter</em>, Number 3, 2004.<br>
<br>
</li>
<li> Robert Charrett, “<a href="http://news.discovery.com/tech/toyota-recall-software-code.html" target="_blank">This Car Runs on Code</a>”, <em>Discovery News</em>, posted Feb 5, 2010.<br>
<br>
</li>
<li> US DOT NHSTA Press Release, “<a href="http://www.nhtsa.dot.gov/portal/site/nhtsa/template.MAXIMIZE/menuitem.f2217bee37fb302f6d7c121046108a0c/?javax.portlet.tpst=1e51531b2220b0f8ea14201046108a0c_ws_MX&javax.portlet.prp_1e51531b2220b0f8ea14201046108a0c_viewID=detail_view&itemID=9a5070ff7fc22210VgnVCM1000002fd17898RCRD&pressReleaseYearSelect=2009" target="_blank">Overall Traffic Fatalities Reach Record Low</a>”, July 2, 2009.<br>
<br>
</li>
<li> Neil Roland, “<a href="http://www.autonews.com/apps/pbcs.dll/article?AID=/20100209/RETAIL05/100209863/1290#ixzz0f9fo8GxW" target="_blank">NHTSA fielding complaints about 2009-10 Toyota Corolla steering</a>”, <em>Automotive News</em>, posted Feb 9 2010.<br>
<br>
</li>
<li> Reilly Brennan, “<a href="http://autos.aol.com/article/toyota-corolla-power-steering-investigation" target="_blank">Are Toyota Steering Problems Next?</a>”, Aol autos, posted Feb 9, 2010.<br>
<br>
</li>
<li> Julia Scheeres, “<a href="http://www.wired.com/cars/coolwheels/news/2004/06/63846?currentPage=all" target="_blank">Teched-Out Cars Bug Drivers</a>”, posted on Wired.com on June 29, 2004.<br>
<br>
</li>
<li> Harry Stoffer, “<a href="http://www.autosafety.org/again-nhtsa-probes-sudden-acceleration-march-22-2004" target="_blank">Again NHTSA Probes Sudden Acceleration - March 22, 2004</a>”, <em>Automotive News</em>, March 22, 2004.</li>
</ol></td>
</tr>
</table>
<br>
<br>
<a name="calendar"></a>
<table width="600" border="0" align="center" cellpadding="0" cellspacing="0" class="BodyText">
<tr>
<td width="114" align="right" valign="top" background="/newsletter/images/RedSpacer.gif"><img src="/newsletter/images/Calendar.gif" alt="Calendar" width="114" height="37"></td>
<td width="15"> </td>
<td align="left" valign="top"><p> Every month you’ll find news here about local and national events that are of interest to the software community…</p>
<ul>
<li><strong> Software Quality Calendar</strong></li>
</ul>
<blockquote>
<p>There are many organizations that sponsor monthly meetings, workshops, and conferences of interest to software professionals. <strong><a href="/links/upcoming.html" target="_blank">Find out what’s happening…</a></strong></p>
</blockquote>
<ul>
<li><strong> Workshops Offered by Software Quality Consulting</strong></li>
</ul>
<blockquote>
<p>Software Quality Consulting offers workshops in many topics related to software process improvement. <strong><a href="/seminars/courses.html" target="_blank">Get more info…</a></strong></p>
</blockquote></td>
</tr>
</table>
<br>
<br>
<table width="600" border="0" align="center" cellpadding="0" cellspacing="0" class="BodyText">
<tr>
<td width="114" align="right" valign="top" background="/newsletter/images/RedSpacer.gif"><img src="/newsletter/images/AboutSQC.gif" alt="About SQC" width="114" height="37"></td>
<td width="15"> </td>
<td align="left" valign="top"><p> Software Quality Consulting provides consulting, training, and auditing services tailored to meet the specific needs of clients. We help clients fine-tune their software development processes and improve the quality of their software products. The overall goal is to help clients achieve Predictable Software Development™ – so that organizations can consistently deliver quality software with promised features in the promised timeframe. </p>
To learn more about how we can help your organization, <strong><a href="/index.html?AboutSQC" target="_blank">visit our web site</a></strong> or <strong><a href="mailto:[email protected]">send us an email</a></strong>.</td>
</tr>
</table>
<br>
<br>
<table width="600" border="0" align="center" cellpadding="0" cellspacing="0" class="BodyText">
<tr>
<td align="left" valign="top"><p> I hope this newsletter has been informative and helpful. Your comments and feedback are most welcome. <strong><a href="mailto:[email protected]">Send me your feedback…</a></strong></p>
<p>Thanks,</p>
<p> <img src="/newsletter/images/BusinessCard.gif" width="270" height="121" align="right"><img src="/newsletter/images/Signature.gif" width="90" height="68"><br>
Steve Rakitin<br>
<br>
<strong><a href="mailto:[email protected]">[email protected]</a></strong></p></td>
</tr>
</table>
<div align="center"><br>
<FONT class="Reference">Food for Thought, Predictable Software Development, Act Like a Customer,<br>
and ALAC are trademarks of Software Quality Consulting, Inc.<br>
Copyright 2010. Software Quality Consulting, Inc. All rights reserved.<br>
Graphic design by <a href="http://www.sarahcoledesign.com/" target="_blank"><strong>Sarah Cole Design</strong></a>.</FONT></div>
<a name="bottom"> </a></body>
</html>