Lessons from Toyota: Has software become too complex?

Is the unintended acceleration in Toyotas caused by faulty software? It doesn't matter when it comes to the question of software complexity. How massive can software systems become and still be safe?
Written by John Dodge, Contributor

As Toyota vehicles continue to experience so-called unintended acceleration and the electronics become increasingly suspect, think about this: the typical luxury automobile has 100 million lines of software code.

That's expected to double and triple in the not-too-distant future.

That's according to Spectrum magazine published by the Institute of Electrical and Electronics Engineers better known as the IEEE (I triple E). And it's virtually impossible to weed out all the bugs out of that much software.

Those lines of code drive an estimated 50-100 electronic control units found in today's automobiles. Compare that to modern day airplanes: an F-22 Raptor has a mere 1.7 million lines; F-35 Joint Strike Fighter will have 5.7 million lines and the Boeing 787 Dreamliner a mere 6.5 million lines, Spectrum reports.

Why does a car have so much more software? Because software development for airplanes is far more rigorous with more compact software systems kept separated depending on the levels of criticality. After all, you don't want unintended acceleration in a Boeing 787.

A passage in the Spectrum article captures the plane/car software conundrum.

"Unlike most commercial aircraft, which have strict firewalls between critical avionic systems and the in-flight entertainment systems, there is more commingling of information between the electronic systems used to operate the car and those for entertaining the driver and passengers. According to a Wharton Business School article entitled ”Car Trouble: Should We Recall the U.S. Auto Industry?,” a few years ago, some Mercedes drivers found that their seats moved if they pushed a certain button; the problem was that the button was supposed to operate the navigation system."

Could Toyotas experience unintended accelerator when the operator turns up the volume on the radio? This is absurd, of course, but the point is there's virtually no way to ferret out all the bugs out of the infinite number of combinations, branches and behaviors that is 100 million lines of co-mingled software (or should I say co-mangled?).

"There’s little software that is mathematically proven to be perfect. If you gave me a software system, I would never say it's bug free. There's always room for human error. Ruling out bugs is arguably is one hardest possible claims to make," says Coverity Inc. chief scientist and co-founder Andy Chou. Coverity analyzes software to weed out defects and vulnerabilities.

The upshot is that software behaves in unintended ways especially when there's more of it. "As the number of lines of code increase, it becomes harder to test it exhaustively. As it branches out, the more possibilities there are for the unexpected behaviors," says Chou.

We tend of think of integration as a highly efficient method to increase performance and functionality. Just look at everything a cell phone does. But the truth is co-mingling software creates serious problems, too.  "You can have two systems that are well tested, but when you connect them, there is more variance. That leaves lots of possibilities for unexpected behaviors," Chou explains.

Could such unexpected behaviors be causing crashes like the the latest reported runaway Toyota? A Prius unexpectedly lurched into a stone wall yesterday in Harrison, N.Y. That's a good question, but aren't software bugs really a metaphor for human error. Indeed they are and as such, driver error can't be ruled out either.

The fact is Toyota isn't telling us precisely what caused each one of these accidents so we are left to speculate about the electronics and the software that tells them what to do. Whether software is blame or not,  Toyota and other auto recalls have inadvertently raised a critical question: is software complexity out of control and what toll will its inherent bugginess exact when millions of lines turn into billions.

"This complexity is real problem and goes way beyond autos. It lives in every sector," says Coverity chief marketing and product officer Dave Peterson.

Previously on SmartPlanet:

Follow me on Twitter.

This post was originally published on Smartplanet.com

Editorial standards