logo slogan

Phaedsys Logo

Embedded Systems Engineering
Standards Column
vol 15.1 January/February 2008

January Sales: Safety First

By Chris Hills

Chris Hills

 

These are my own personal views and not those of my company Phaedrus Systems see www.phaedsys.com which is where the full version of this column, with links etc, resides under the Technical Papers button.

 

It is a bit late for Happy New Year by the time you read this and we are over a 10th of the way through 2008… Time flies even if some aircraft don’t.  The recent Boeing 777 that glided into Heathrow is going to be interesting.  As far as I can tell from the news both engines were still mechanically sound and running when it landed. What appears to have failed is the control between the pilots hand on the leaver and the mechanical bits of the engines…. much of which is going to be electronic or software.  Unlike military aircraft accidents which by nature are generally less open, civil accidents are publicly investigated and as many of us fly one those aircraft daily the press are going to be very inquisitive. The news papers have already dug up “lots” of reports of other Boeing 777 engine problems in the last year to the point one might wonder how any of them ever got of the ground!  

 

Software for use on safety critical systems is going to be under the spotlight again and we will have new programs with various IT and “computer” experts to inform us.    Well it makes a change from terrorism experts even if the message is the same: “You’re all doomed!” and “We told you so!”   Whilst I am in position of some “facts” about the crash, it would be wrong to speculate. I was on line when it happened and the reports were it was a Boeing and or an Airbus at Heathrow (or Beijing) landing or taking off with or without the UK PM on board…   Instant news can get you into a mess real fast. Best public article found so far is http://www.timesonline.co.uk/tol/news/uk/article3216746.ece

Ironically only a couple of weeks before The Telegraph had a fascinating article on a crash proof car
http://www.telegraph.co.uk/earth/main.jhtml;jsessionid=5QYSTK0HNLS2NQFIQMGCFFWAVCBQUIV0?view =DETAILS&grid=&xml=/earth/2007/12/30/scitech130.xml

Collision avoidance radar for cars so there will be no more collisions. Oh really?  Well I have seen terrain following radar for cars, yes it works 99.9999% of the time but would you really want your life to depend on software in a consumer item in a competitive market when we can’t, allegedly, even get airborne software 100%?    However it is not the system that worries me so much.  Pilots are trained to a high degree and car drivers are well... in some cases no license or insurance let alone a road worthy car.  Aircraft may fly in crowded skies but air lanes don’t have solid sides and drunk pilots playing chicken on Saturday nights.

 

One item that surprised me was "Since October 2007, IEC 60335-1 [HOUSEHOLD AND SIMILAR ELECTRICAL APPLIANCES - SAFETY - PART 1: GENERAL REQUIREMENTS] requires the software of MCU-based appliances to be evaluated according to its impact on overall consumer and application safety. When some of the fault detection relies on the microcontroller, the embedded code must contain self-test routines, and must be evaluated under the so-called Class B requirements for its ability to detect safety critical failures."  I wonder if a Boeing 777 counts as a “household and similar electrical appliance”.  It does seem that with software to check itself the game keeper is the poacher.   

 

Talking of standards MISRA www.misra-c.com   had it’s conference in late November.
A great success, it marked the launch of the Safety Analysis Document, two parts of the MISRA-Autocode series, and update on the imminent release of MISRA C++ and the start of MISRA –C version three. However MISRA is, as many of you will have realised no longer just the “Motor Industry” it has escaped to be a major influence on embedded and high integrity systems in general. As the UK automotive industry has declined the numbers at the MISRA conferences have grown numbers and in the range of delegates from many disciplines.  This was highlighted by the keynote presentation being on Do-178C by Nick Tudor of QinetiQ.   He gave an insight into where Do178-C was going which was news to most of the delegates. Do178-C will not be ready for at least two more years.

 

Over the last couple of weeks I have had conflicting information from two parties that should both know what they are talking about. One said that safety related software cost them three times the cost/time to do as “normal“software, because of the process involved.  The other said that having looked at all their experience and other investigations they thought that high integrity software cost no more to develop than “normal” software. It is just that the costs are in different places.  

 

That is for high integrity software you tie down the requirement and coding (with subsets, static analysis and a decent process etc) is a minor part.  Whereas “normal” software has a lower cost start up but more expense in both time and people in the code/test/debug cycle.  “normal” code also has a longer history of maintenance and feature fixes.

 

From personal experience I am more inclined to think that  high integrity software should be as easy to produce (as long as the requirements are not constantly changing) as “normal” software.  I will have to look out some evidence of this. Does anyone have any to share?

 

Talking of “normal” software, for those of you who have MS Windows Vista here is a very good upgrade guide you should read… So should users of XP http://dotnet.org.za/codingsanity/archive/2007/12/14/review-windows-xp.aspx  XP is still outselling VISTA without taking into account that many people with VISTA business have taken up the offer of moving back(?) to XP  I have discovered that MS will supply XP for at least another 6 months and the VISTA replacement is due out in 2 years (OK three if it goes the way of other launches).  Do we need to keep changing our operating systems so often other than the incremental upgrades to make things tighter and faster and of course work with, not use up, more memory? 

 

I was at a BCS lecture a few nights ago and the presenter mentioned the US National Archive used some half a million terabytes of digital storage. This didn’t phase the younger members of the audience, university students, who could not understand the big problem was organising/creating the file system and being able to search it.  They needed reminding that it was only a few years ago (less than 10?) MS Windows had a 2 gigabyte limit on addressing a single partition and many pc’s in use now still have that limit. 

 

It is astounding the speed of change.  The Times (December 26) was saying that already many of the gadgets bought for Christmas will be out of date by the time you read this.  Though there was also a nice item by Mathew Paris 

 

http://www.timesonline.co.uk/tol/comment/columnists/matthew_parris/article3075580.ece   referencing a web site that http://www.nokia6310i.co.uk/index.htm  that sells reconditioned Nokia 6310i phones…. This is an obsolete mobile phone that well… makes phone calls and will act as a modem and not a lot else. No camera, video player, fm radio.   It is also not too small and has sensible buttons. An ideal business phone: makes calls no frills.  So not everyone is rushing headlong into the latest what ever.  Perhaps it will change the landscape a bit where better things are produced with more thought than just rushing out new gadgets. It is time to slow things down?

 

On the amusing side I have a wonderful quote from a colleague working on some of the more esoteric projects “You have to admire Americans. We read Marvel Comics and watch Sci-Fi Channel and are momentarily entertained. Americans do the same then write up an R&D budget request.” Perhaps we have just lost our imagination (or the accountants have lost theirs).    Mind you the quote was attached to an article on getting UAV’s (unmanned airborne vehicles) mainly military surveillance drones to land on power lines to recharge by using the field around the power lines.  Some of the logic behind it is er… unusual. The only problem is it will take three hours to recharge and there are problems with interference power lines are not exactly known for their EMI shielding!

 

The other one that came my way, was a government plan insist parents to give every child a computer with high speed internet access they are doing this with some of the countries leading IT companies (who think it is still Christmas) http://politics.guardian.co.uk/publicservices/story/0,,2235297,00.html   however just think back to the new laws on paedophiles grooming children in chat rooms and why responsible parents should limit children’s access to the internet, then the vast amount of unsuitable material out there that children might find…  Is it my paranoia but after the children get the internet access the government is going to have to control what is visible in the UK to save the Children?

 

The final thing that caught my eye I am not sure what I think if is  it a clever and novel idea or half arsed ? http://worsethanfailure.com/Articles/Desperate-Recruitment.aspx  Apparently it is genuine.   You decide.   

 

Author Details and contact

 

Eur Ing Chris Hills BSc CEng MIET MBCS MIEEE  FRGS   FRSA is a Technical Specialist and can be reached at This Contact

 

Copyright Chris A Hills  2003 -2008
The right of Chris A Hills to be identified as the author of this work has been asserted by him in accordance with the Copyright, Designs and Patents Act 1988