“Kode Vicious Plays in Traffic”
Communications of the ACM, June 2020, Vol. 63 No. 6, Pages 25-26
By George V. Neville-Neil
There is a wealth of literature on safety-critical systems, much of which points in the same direction: toward simplicity.
I hear many cars today are built as distributed systems containing hundreds of CPUs that control the smallest bits of the car. These components, with millions of lines of code in them, seem to be very complicated—more so than a typical operating system. This does not sound like a terribly great idea, given that today we struggle to understand multicore behavior of systems in the presence of optimizing compilers, let alone the challenges posed by distributed systems that have no access to atomic operations. I hear they are even planning to use Ethernet moving forward. I am scared a car might malfunction or get exploited and run me over. What can we do to remedy this situation?
A Frightened Citizen Running from Cars
The only thing we have to fear is fear itself—and poorly written code that has kinetic side effects and off-by-one errors. In other words, we have much to fear. There is a very simple answer to all this car silliness, and it is, of course, bicycles. Nice, mechanical, muscle-driven machines with nary a processor anywhere near them.
Unfortunately, it is unlikely bicycles will replace automobiles anytime soon, and as you point out, automobiles are becoming increasingly automated. As people who work in software, we know this is a terrible idea because we see how much terrible code gets written and then foisted upon the world. At one point, KV might have suggested that more stringent requirements, such as those used in the aerospace industry, might have been one way to ameliorate the dangers of software in the four-wheeled killing machines all around us, but then Boeing 737s started falling out of the air and that idea went out the window as well.
There is no single answer to the question of how to apply software to systems that can, literally, kill us, but there are models to follow that may help ameliorate the risk. The risks involved in these systems come from three major areas: marketing, accounting, and management. It is not that it is impossible to engineer such systems safely, but the history of automated Systems shows us that it is difficult to do so cheaply and quickly. The old adage, “Fast, cheap, or correct—choose two,” really should be “Choose correct, and forget about fast or cheap.” But the third leg of the stool here, management, never goes for that.
About the Author:
George V. Neville-Neil is the proprietor of Neville-Neil Consulting and co-chair of the ACM Queue editorial board. He works on networking and operating systems code for fun and profit, teaches courses on various programming-related subjects, and encourages your comments, quips, and code snips pertaining to his Communications column.
- DNS Complexity
- Tom’s Top Ten Things Executives Should Know About Software
Thomas A. Limoncelli
- Programming Languages