|
Server : Apache/2.4.62 System : FreeBSD fbsdweb2.web.rcn.net 14.1-RELEASE FreeBSD 14.1-RELEASE releng/14.1-n267679-10e31f0946d8 GENERIC amd64 User : www ( 80) PHP Version : 8.3.8 Disable Function : NONE Directory : /domains/srakitin/OLD/newsletter/vol7/no2/ |
Upload File : |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Food for Thought: Running On Code - Part II</title>
<link href="/newsletter/StyleSheet.css" rel="stylesheet" type="text/css">
</head>
<OpenTracking/>
<!-- Do NOT delete previous line if you want to get statistics on the number of opened emails -->
<body>
<table width="600" border="0" align="center" cellpadding="0" cellspacing="0">
<tr align="center" valign="top">
<td colspan="2"><img src="/newsletter/images/FoodForThoughtLogo.gif" alt="Food for Thought" width="600" height="105"></td>
</tr>
<tr class="Reference">
<td align="left" valign="top"><p>An e-newsletter published by<br>
Software Quality Consulting, Inc. </p>
</td>
<td align="right" valign="top"><p>March 2010 , Vol. 7 No. 2<br>
[<a href="/newsletter/vol7/no2/vol7no2.txt" target="_blank">Text-only Version</a>]</p>
</td>
</tr>
</table>
<br>
<table width="600" border="0" align="center" cellpadding="0" cellspacing="0" class="BodyText">
<tr>
<td align="left" valign="top">
<p>Welcome to <em><strong>Food for Thought™</strong></em>, an e-newsletter from <strong><a href="/index.html?Intro" target="_blank">Software Quality Consulting</a></strong>. I've created free subscriptions for my valued business contacts. If you find this newsletter informative, I encourage you to continue reading. Feel free to pass this newsletter along to colleagues by clicking on the <strong>Forward Email</strong> link at the bottom of this email. If you’ve received this newsletter from a colleague and would like to subscribe, please click this <strong><a href="/newsletter/Subscribe.htm?Newsletter" target="_blank">Enter New Subscription</a></strong> link. If you don't wish to receive this newsletter, click the <strong><a href="#bottom">SafeUnSubscribe</a></strong>™ link at the bottom of this newsletter, and you won’t be bothered again.</p>
<p>Your continued feedback on this newsletter is most welcome. Please send your comments and suggestions to <strong><a href="mailto:[email protected]">[email protected]</a></strong>.</p></td>
</tr>
</table>
<br>
<table width="600" border="0" align="center" cellpadding="0" cellspacing="0" class="BodyText">
<tr>
<td width="114" align="right" valign="top" background="/newsletter/images/RedSpacer.gif"><img src="/newsletter/images/InThisIssue.gif" alt="In This Issue" width="114" height="37"></td>
<td width="15"> </td>
<td align="left" valign="top"><p>In <a href="#article"><strong>This Months’ Topic</strong></a>, I discuss continuing problems with software in the automotive industry.<br>
<br>
Regular features to look for each month are:</p>
<ul>
<li> <a href="#morsel"><strong>Monthly Morsels</strong></a><br>
Hints, tips, techniques and reference info related to this month’s topic</li>
</ul>
<ul>
<li> <a href="#calendar"><strong>Calendar</strong></a><br>
Conferences, workshops, and meetings of interest to software engineers, QA engineers and anyone interested in software development</li>
</ul>
</td>
</tr>
</table>
<br>
<br>
<a name="article"></a>
<table width="600" border="0" align="center" cellpadding="0" cellspacing="0" class="BodyText">
<tr>
<td width="114" align="left" valign="top" background="/newsletter/images/RedSpacer.gif"><img src="/newsletter/images/ThisMonthsTopic.gif" alt="This Month's Topic" width="114" height="37"></td>
<td width="15"> </td>
<td width="471" align="left" valign="top" class="BodyText"><p align="center" class="Headline">Running On Code - Part II </p>
<p align="center" class="Headline"><em>Finding the Root Cause of<br>
Toyota�s Sudden Acceleration Issue
</em></p>
<p>In my <a href="/newsletter/vol7/no1/vol7no1.html" target="_blank">last newsletter</a>, I discussed problems associated with complex software used to control cars. Late model cars have over <strong>100 million lines of code </strong>and are likely to have as many as <strong>600,000 defects</strong> that haven’t been found.</p>
<p> This on-going problem serves to illustrate that <a href="/newsletter/vol2/no11/vol2no11.html" target="_blank">all software is defective</a> and defective software <em>could be</em> one of the underlying root causes of Toyota’s sudden acceleration problem.</p>
<p> For reasons that are unclear, Toyota has been unable to find the <strong>real root cause</strong> of the sudden acceleration problem. While there is clearly a lot at stake here – lawsuits, recall and repair costs, and lost sales are estimated at $5 billion – this problem has escalated to become a major safety issue for Toyota and the automotive industry in general.</p>
<p> Here’s a recap of Toyota’s attempts at finding the <strong>root cause:</strong></p>
<ul>
<li> First, Toyota announced late last fall that the root cause was <strong>improperly installed floor mats</strong> that became wedged behind the gas pedal. This claim was promptly dismissed by several customers who reported sudden acceleration in cars that didn’t have floor mats or had floor mats that were clearly not wedged behind the gas pedal. </li>
</ul>
<ul>
<li> Then, on February 1 st, Toyota announced the root cause was the <strong>gas pedal assembly</strong> and they quickly came up with a re-designed gas pedal assembly as shown below: </li>
</ul>
<blockquote>
<p> <img width="381" height="299" src="/newsletter/vol7/no2/vol7no2_clip_image001_0002.jpg" alt="toyota_gas_pedal_recall_fix.top.jpg"> </p>
<p>Toyota then began replacing gas pedals on several million recalled vehicles and they denied that electronics or software was involved. Toyota owners of vehicles affected by the recalls dutifully brought their cars in for the required repairs.</p>
</blockquote>
<ul>
<li> Within the past week, however, there has been increasing evidence that the gas pedal assembly is <strong>not</strong> the root cause. There have been at least seven unconfirmed reports from Toyota owners who have had the prescribed recall repairs performed on their vehicles and have since reported further episodes of sudden acceleration. Both Toyota and the National Highway Traffic Safety Administration (NHTSA) are currently investigating these events. </li>
</ul>
<p>Making the problem worse, there is now evidence that the sudden acceleration problem is not confined to models Toyota originally identified. A Prius owner in California has recently reported his car exhibited sudden acceleration. His car sped up to 94 MPH with “both feet on the brake.” The man was able to call 911 while this was happening and a state trooper managed to position his cruiser in front of the Prius and helped slow the car down. Fortunately, no one was injured.</p>
<p> As can be seen from these events, <strong>Toyota</strong><strong> has not yet found the real root cause</strong> or causes of the sudden acceleration problem – or if they have, they are not saying what it is. A key aspect of performing an effective root cause analysis is collecting as much information about the problem as possible and using that information to lead you to the real root cause. More on this in a bit…</p>
<p> Other recent events have raised more concerns with the approach Toyota has taken to find the root causes of this issue and the response (or lack thereof) from NHSTA:</p>
<ul>
<li><strong> Event Data Recorders</strong></li>
</ul>
<blockquote>
<p>Many late model cars have an airplane-like black box called an event data recorder (EDR). An EDR is a small, virtually indestructible box similar to black boxes used on commercial airplanes. The EDR records vehicle and engine speed as well as brake, accelerator and throttle position and other data that can help determine causes of accidents.</p>
<p>Up until this week, Toyota has refused to provide access to the encrypted information captured by the event data recorder and there was only one computer in North America that was able read data from these event recorders. “Last week, Toyota acknowledged it has only a single laptop available in the U.S. to download its data recorder information because it is still a prototype, despite being in use since 2001 in Toyota vehicles. Three other laptops capable of reading the devices were delivered this week to NHTSA for training in their use, Toyota said, and 150 more will be brought to the U.S. for commercial use by the end of April.” [2]
</p>
<p>According to an Associated Press report [2], Toyota has frequently refused to provide key information sought by crash victims and survivors and only provides this information when requested by legal means. In fact, the company policy “… is to download data only at the direction of law enforcement, NHTSA or a court order." When EDR information is provided, much of it is redacted. Toyota has in the past chosen to settle lawsuits out of court rather than provide EDR information. A reasonable conclusion one can draw from this behavior is that they are hiding something.</p>
<p>Honda also refuses to make their black box data available while GM, Ford, Chrysler, and Nissan do make their event data recorder information routinely available.</p>
</blockquote>
<ul>
<li><strong> Refuting Independent Investigations</strong></li>
</ul>
<blockquote>
<p>Toyota has publically refuted allegations by Prof. David Gilbert of Southern Illinois University aired on ABC News on February 22, 2010. Prof. Gilbert demonstrated how a Toyota Avalon and a Lexus could experience sudden acceleration by intentionally short-circuiting specific signals. </p>
<p>Toyota recently issued a press release [4] which stated:</p>
<blockquote>
<p>“Toyota and Exponent [an engineering consulting firm hired by Toyota] have provided Professor David Gilbert of Southern Illinois University with the results of their thorough evaluations of his demonstration of apparent ‘unintended acceleration’ in Toyota and Lexus vehicles as described in his Preliminary Report and in his testimony at recent Congressional hearings. In evaluating Professor Gilbert’s claims, Exponent also analyzed the footage of Professor Gilbert’s appearance on ABC News on February 22, 2010.” </p>
<p>“Toyota has also supplied the results of these evaluations to the appropriate Congressional Committees. The analysis of Professor’s Gilbert’s demonstration establishes that he has reengineered and rewired the signals from the accelerator pedal. This rewired circuit is highly unlikely to occur naturally and can only be contrived in a laboratory. There is no evidence to suggest that this highly unlikely scenario has ever occurred in the real world. As shown in the Exponent and Toyota evaluations, with such artificial modifications, similar results can be obtained in other vehicles.” [1]</p>
</blockquote>
<p>The fact that Prof. Gilbert was able to cause sudden acceleration provides one very important piece of information – <strong>electronics can cause the event</strong>. Prof. Gilbert also demonstrated that when this event happens, the event does not appear in the car’s diagnostic code.</p>
</blockquote>
<ul>
<li><strong> Ineffective Oversight by NHSTA</strong></li>
</ul>
<blockquote>
<p>NHTSA is the agency in the US that regulates the automobile industry and investigates safety issues. It was recently learned that NHSTA <strong>does not have any software engineers on their staff. </strong>Given the widespread use of software in cars today, much of it safety-critical, it seems that NHSTA should:</p>
</blockquote>
<ul>
<ul>
<li> hire software engineers and SQA staff as soon as possible, </li>
</ul>
</ul>
<ul>
<ul>
<li> require all auto manufacturers to have event data recorders, just like airplanes, and </li>
</ul>
</ul>
<ul>
<ul>
<li>require EDR information to be stored in a manner that is readily accessible, so that data can be used to identify the potential root causes of future accidents </li>
</ul>
</ul>
<blockquote>
<p>Representative Gene Green (D-TX) plans to introduce legislation requiring NHSTA to mandate EDRs on all new cars and trucks. This legislation also should require that information not be encrypted as Toyota’s presently is.</p>
</blockquote>
<p><strong> Performing Root Cause Analysis </strong></p>
<p>Root cause analysis has been used to investigate and understand dozens of major disasters including airplane crashes, the Space Shuttle Challenger explosion, and many other catastrophic accidents. </p>
<p>It is a relatively straightforward task to create a fault tree (also call a Why Tree) for the sudden acceleration problem. Using only information available on-line and in published reports, a fault tree for the problem might look like this…</p>
<p align="center"><img width="471" height="306" src="/newsletter/vol7/no2/vol7no2_clip_image003_0001.jpg"></p> <p>The trick in learning how to apply this tool effectively is to:</p>
<ul>
<li> focus on what is physically possible, rather than what seems reasonable </li>
<li> use qualitative and quantitative data to rule things out or rule them in </li>
<li> assume reports submitted by customers are reliable and accurate </li>
</ul>
<p> If Toyota engineers are to be successful in finding the real root causes, they need to be pursuing every branch of this fault tree as well as identifying additional branches. Once they do this, they can then drill down each branch and identify ways in which events and/or failures may cause sudden acceleration. With this information, the engineers can develop solutions to prevent the problem from occurring again.</p>
<ul>
<li><strong><a href="/training/root.html" target="_blank">Learn how to perform Root Cause Analysis for customer-reported problems.</a></strong></li>
</ul>
<p><strong>Creating a Safety Case </strong></p>
<p>A safety case is an effective tool for demonstrating that an organization has taken all reasonable steps to ensure their software is safe for its intended use. A simple safety case has three parts:</p>
<blockquote>
<table border="0" cellpadding="10" cellspacing="0" class="BodyText">
<tr align="left" valign="top">
<td><strong>Claim:</strong></td>
<td>A statement about the software you are making</td>
</tr>
<tr align="left" valign="top">
<td><strong>Arguments:</strong></td>
<td>Why you believe the claim is true</td>
</tr>
<tr align="left" valign="top">
<td><strong>Evidence:</strong></td>
<td>Information that directly supports the arguments</td>
</tr>
</table>
</blockquote>
<p>Safety cases are routinely used in mass transit systems primarily in Europe and are often used to provide confidence that software systems are safe.</p> <p> If a safety case were prepared for Toyota’s throttle control software, it might look something like this:</p>
<table width="471" border="1" cellpadding="10" cellspacing="0" bordercolor="#000000" class="BodyText">
<tr bgcolor="#FFFF99">
<td height="25" valign="top"><p><strong> Claim: </strong></p></td>
<td height="25" valign="top"><p><strong> Throttle control software is safe.</strong></p>
</td>
</tr>
<tr>
<td valign="top"><p><strong> Arguments: </strong></p></td>
<td valign="top"><ol>
<li> The throttle control software was developed to meet the following safety requirements [enumerate them] and complies with the following international standards [enumerate them]. </li>
<li> The throttle control software requirements have been documented, reviewed, and approved [cite document #] </li>
<li> The throttle control software design specifications have been documented, reviewed and approved. [cite document #s] </li>
<li> The throttle control software has been thoroughly tested according to a documented and approved test specification. [cite document#] </li>
<li> The throttle control software test results have been reviewed and approved and the software is determined to be acceptable for use. [cite document #] </li>
<li> A Risk Assessment of the throttle control software was performed and the results documented [cite document #] </li>
</ol></td>
</tr>
<tr>
<td valign="top"><p><strong> Evidence: </strong></p></td>
<td valign="top"><ol>
<li> The Requirements Trace Matrix shows that every requirement in the throttle control software SRS has been tested. </li>
<li> The Validation Report shows the results of validation testing of the throttle control software. </li>
<li> The Risk Management Report for the throttle control software shows what risks were considered and how they were resolved. </li>
</ol></td>
</tr>
</table>
<p><strong>The Bottom Line....</strong></p>
</td>
</tr>
<tr>
<td align="left" valign="top" background="/newsletter/images/RedSpacer.gif"><strong><img src="/newsletter/vol7/no2/vol7no2_clip_image002.jpg" width="110" height="68" border="0"></strong> </td>
<td> </td>
<td align="left" valign="top" class="BodyText"><p>The unfolding Toyota saga is far from over. The inability or unwillingness to find or admit to the real root cause is fostering doubt and fear among loyal Toyota owners and among all consumers. While this problem is affecting Toyota right now, it is very likely that similar problems will appear in other cars, just based on the amount of software embedded in today’s cars.</p>
<p> If nothing else, this episode has served to shed light on the fact that some of the <strong>100 million lines of code </strong>in today’s cars are potentially safety-critical. Safety-critical software used in regulated industries such as medical devices, nuclear power, and avionics is generally safe mostly because that software is developed using rigorous development processes.</p>
<p> Perhaps Congress needs to require that safety-critical automotive software be regulated... </p>
<p>‘Til next time...</p></td>
</tr>
</table>
<br>
<br>
<a name="morsel"></a>
<table width="600" border="0" align="center" cellpadding="0" cellspacing="0" class="BodyText">
<tr>
<td width="114" align="right" valign="top" background="/newsletter/images/RedSpacer.gif"><img src="/newsletter/images/MonthlyMorsels.gif" alt="Monthly Morsels" width="114" height="37"></td>
<td width="15"> </td>
<td align="left" valign="top"><p> Every month in this space, you’ll find additional information related to this month’s topic.</p>
<p><strong> References</strong></p>
<ol>
<li><a href="http://pressroom.toyota.com/pr/tms/toyota/toyota-consumer-safety-advisory-102572.aspx" target="_blank">http://pressroom.toyota.com/pr/tms/toyota/toyota-consumer-safety-advisory-102572.aspx</a>.<br>
<br>
</li>
<li><a href="http://www.google.com/hostednews/ap/article/ALeqM5hcIYhXE9h4CnUkhDIQrfIC4MLN-wD9E83O9G0" target="_blank">AP IMPACT: Toyota secretive on 'black box' data By CURT ANDERSON and DANNY ROBBINS (AP), March 5 2010</a>.<br>
<br>
</li>
<li> Bensinger, K. and Vartabedian, R., <a href="http://articles.latimes.com/2010/mar/03/business/la-fi-toyota3-2010mar03" target="_blank">“Toyota's fix is a bust, owners claim”</a>, LA Times, March 03, 2010.<br>
<br>
</li>
<li><a href="http://pressroom.toyota.com/pr/tms/electronic-throttle-control-154300.aspx" target="_blank">Toyota Press Release - Comprehensive Analysis Raises Concerns About Gilbert Congressional Testimony, ABC News Segment</a>.</li>
</ol></td>
</tr>
</table>
<br>
<br>
<a name="calendar"></a>
<table width="600" border="0" align="center" cellpadding="0" cellspacing="0" class="BodyText">
<tr>
<td width="114" align="right" valign="top" background="/newsletter/images/RedSpacer.gif"><img src="/newsletter/images/Calendar.gif" alt="Calendar" width="114" height="37"></td>
<td width="15"> </td>
<td align="left" valign="top"><p> Every month you’ll find news here about local and national events that are of interest to the software community…</p>
<ul>
<li><strong> Software Quality Calendar</strong></li>
</ul>
<blockquote>
<p>There are many organizations that sponsor monthly meetings, workshops, and conferences of interest to software professionals. <strong><a href="/links/upcoming.html" target="_blank">Find out what’s happening…</a></strong></p>
</blockquote>
<ul>
<li><strong> Workshops Offered by Software Quality Consulting</strong></li>
</ul>
<blockquote>
<p>Software Quality Consulting offers workshops in many topics related to software process improvement. <strong><a href="/seminars/courses.html" target="_blank">Get more info…</a></strong></p>
</blockquote></td>
</tr>
</table>
<br>
<br>
<table width="600" border="0" align="center" cellpadding="0" cellspacing="0" class="BodyText">
<tr>
<td width="114" align="right" valign="top" background="/newsletter/images/RedSpacer.gif"><img src="/newsletter/images/AboutSQC.gif" alt="About SQC" width="114" height="37"></td>
<td width="15"> </td>
<td align="left" valign="top"><p> Software Quality Consulting provides consulting, training, and auditing services tailored to meet the specific needs of clients. We help clients fine-tune their software development processes and improve the quality of their software products. The overall goal is to help clients achieve Predictable Software Development™ – so that organizations can consistently deliver quality software with promised features in the promised timeframe. </p>
To learn more about how we can help your organization, <strong><a href="/index.html?AboutSQC" target="_blank">visit our web site</a></strong> or <strong><a href="mailto:[email protected]">send us an email</a></strong>.</td>
</tr>
</table>
<br>
<br>
<table width="600" border="0" align="center" cellpadding="0" cellspacing="0" class="BodyText">
<tr>
<td align="left" valign="top"><p> I hope this newsletter has been informative and helpful. Your comments and feedback are most welcome. <strong><a href="mailto:[email protected]">Send me your feedback…</a></strong></p>
<p>Thanks,</p>
<p> <img src="/newsletter/images/BusinessCard.gif" width="270" height="121" align="right"><img src="/newsletter/images/Signature.gif" width="90" height="68"><br>
Steve Rakitin<br>
<br>
<strong><a href="mailto:[email protected]">[email protected]</a></strong></p></td>
</tr>
</table>
<div align="center"><br>
<FONT class="Reference">Food for Thought, Predictable Software Development, Act Like a Customer,<br>
and ALAC are trademarks of Software Quality Consulting, Inc.<br>
Copyright 2010. Software Quality Consulting, Inc. All rights reserved.<br>
Graphic design by <a href="http://www.sarahcoledesign.com/" target="_blank"><strong>Sarah Cole Design</strong></a>.</FONT></div>
<a name="bottom"> </a></body>
</html>