|
|
|
|
|
|
by schwarrrtz
3706 days ago
|
|
|
Yup. > There are a large number of functions that are overly complex. By the standard industry metrics some of them are untestable, meaning that it is so complicated a recipe that there is no way to develop a reliable test suite or test methodology to test all the possible things that can happen in it. Some of them are even so complex that they are what is called unmaintainable, which means that if you go in to fix a bug or to make a change, you're likely to create a new bug in the process. Just because your car has the latest version of the firmware -- that is what we call embedded software -- doesn't mean it is safer necessarily than the older one….And that conclusion is that the failsafes are inadequate. The failsafes that they have contain defects or gaps. But on the whole, the safety architecture is a house of cards. It is possible for a large percentage of the failsafes to be disabled at the same time that the throttle control is lost. > Even a Toyota programmer described the engine control application as “spaghetti-like” in an October 2007 document Barr read into his testimony. http://www.safetyresearch.net/blog/articles/toyota-unintende... |
|
|
The priority seems to be reliable real-time computation, and the solution is to calculate everything as a continuous function. Anything that would be a branch is instead a binary mix of the conditions, triggered with a threshold function.
I can think of many ways of structuring programs which are spaghettiish in C, but would yield the desired results in an automotive ECM.