[SystemSafety] Comparing reliability predictions with reality

Robert P Schaefer rps at mit.edu
Wed Feb 26 16:15:46 CET 2025 

Hi Peter,

  I’d guess for the worse.
  If auto work is in house, they could correct their own problems as the discovered them (and I assume learn from the experience).
  Autos are becoming more like high-tech airplanes, distributed black boxes run by computers,
  provided by third parties, in house problems become vendor spec and vendor testing problems, and no ”official” learning.
  I’m not going to comment on how self-driving plays into complexity and diagnosing faults. 

  My 2004 Ford Maverick has a recall that has no solution, the backup camera glitches (declared unsafe enough for a recall).
  It works well enough most of the time.
  The 2005 model doesn’t have this problem. I’m guessing it's an expensive hardware fix that still needs to be worked out.
  The car's last recall was fixed by software patch administered by a Ford tech who drove out to my parked car and did whatever,
    I wasn’t paying attention but it could might have been done by wifi and not a cable into a port.

bob s.

> On Feb 26, 2025, at 9:58 AM, Prof. Dr. Peter Bernard Ladkin <ladkin at causalis.com> wrote:
> 
> Bob,
> 
> it sounds to me as if you worked on exactly the sensitive spot. About a decade ago I was in touch with the R&D manager for a major Tier 1 supplier of automotive electronics. He used to be an academic (and still was/is, in the sense of being Honorary Prof at the Uni Tübingen) and worked in what some of us like to call Formal Methods, that is the use of mathematics and logic to try to ensure that software works correctly.
> 
> He gave an impressive public talk in which he said that almost all the glitches that the company encountered were "below" the level of what was traditionally called software, but above the hardware. He didn't go into specifics (they are presumable proprietary). He might well have been saying that the problems occur in the mismatch between firmware and what the hardware does, but he didn't phrase it quite like that.
> 
> I found it particularly interesting, in that I know that parts of the company extensively used Matlab Simulink for modelling and for generating pseudocode that acted as very low level specification for the code that would actually run the boxes they sold. And of course Simulink is notorious for not being an unambiguous language. He was essentially saying that they'd not actually encountered many, if any, problems with that process.
> 
> That was a decade ago. I don't where they are now with their developments.
> 
> PBL
> 
> Prof. Dr. Peter Bernard Ladkin
> Causalis Limited/Causalis IngenieurGmbH, Bielefeld, Germany
> Tel: +49 (0)521 3 29 31 00
> 
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
> Manage your subscription: https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety

More information about the systemsafety mailing list