Lessons for software developers from Toyota's ABS safety alert

Toyota decision to recall 436,000 cars worldwide, including its latest Prius model, due to a problem with the anti-lock braking system (ABS), has highlighted...

Toyota decision to recall 436,000 cars worldwide, including its latest Prius model, due to a problem with the anti-lock braking system (ABS), has highlighted the problem of software quality in safety-critical embedded systems.

Toyota says that some 2010 Prius and 2010 HS 250h owners have reported inconsistent brake feel on rough or slick road surfaces when the ABS is activated to maintain tyre traction.

The company issued an urgent recall to update the ABS software last week. The update "improves the ABS system's response time, as well as the system's overall sensitivity to tyre slippage", said the company.

This recall has not only cost the company money, it has damaged its brand image.

"While electronics has increased efficiency and passenger comfort, it has also exposed the consumers to higher risk of accidents and vehicle manufacturers to painful recalls costing millions of dollars. It has also caused an inordinate blow to trust that countless consumers have bestowed on the car maker," says Krishnasami Rajagopalan, Frost & Sullivan's global program manager - Chassis, Safety & Driver Assistance Systems Group.

Embedded systems have become part of normal life. Domestic appliance like washing machines, set top boxes and toasters, have microprocessors controlled by embedded software. In some cases, like mobile phone operating systems, televisions and set top boxes, it is possible for manufacturers to update software remotely, "over the air", because these devices have built in receivers, which connect wirelessly to the manufacturer's servers. But many devices lack any form of network connectivity, which makes it impossible for the manufacturer to correct software problems once the product has been shipped, resulting in costly and brand-damaging product recalls.

The problem is more acute when the embedded software controls a safety-critical system, such as Toyota's ABS. This means the manufacturer must get the software 100% right before the first car rolls off the production line.

Danny Dresner, head of information assurance practice at the National Computing Centre, says, "With the Toyota software, if the brakes failed under a combination of circumstances, then the software has always been broken."

Only by testing embedded software in all scenarios can a manufacturer be sure the product will function correctly. Clearly there is a cost involved, and it is impossible to predict how a product will be used. But there is no excuse for a flaw in a safety-critical system like an ABS, which is only designed to operate a single function.

Read more on IT risk management