embedded software boot camp

Breathalyzer Source Code Analysis

Thursday, November 5th, 2009 by Michael Barr

Firmware bugs seem to be everywhere these days. So much so that firmware source code analysis is even entering the courtroom in criminal cases involving data collection devices with software inside. Consider the precedent-setting case of the Alcotest 7110. After a two-year legal fight, seven defendants in New Jersey DUI cases successfully won the right to have their experts review the source code for the Alcotest firmware.

The state and the defendants both ultimately produced expert reports evaluating the quality of the firmware source code. Though each side’s experts reached divergent opinions as to the overall code quality, several facts seem to have emerged as a result of the analysis:

– Of the available 12-bits of A/D precision, just 4-bits (most-significant) are used in the actual calculation. This sorts each raw blood-alcohol reading into one of 16 buckets. (I wonder how they biased the rounding on that.)
– Out of range A/D readings are forced to the high or low limit. This must happen with at least 32 consecutive readings before any flags are raised.
– There is no feedback mechanism for the software to ensure that actuated devices, such as an air pump and infrared sensor, are actually on or off when they are supposed to be.
– The software first averages the initial two readings. Then it averages the third reading with that average. Then the fourth reading is averaged in, etc. No comments or documentation explains the use of this formula, which causes the final reading to have a weight of 0.5 in the final value and the one before that to have a weight of 0.25, etc.
– Out of range averages are forced to the high or low limit too.
– Static analysis with lint produced over 19,000 warnings about the code (that’s about three errors for ever five lines of source code).

What would you infer about the reliability of a defendant’s blood-alcohol level if you were on that jury? If you’re so inclined you can read the full expert reports for yourself: at defendants and state.

Tags: , , ,

6 Responses to “Breathalyzer Source Code Analysis”

  1. PParkBoltFan says:

    I love lint, it is a great tool, however, I not sure I agree completely with the context in which it is being used here. For my projects I configure and restrict the rules of lint in such a way it makes sense for the project. For example, macros and #defines common in embedded apps are never by default included with lint analysis and will causes a lot or warnings. I also have a series of rules I turn off when running lint for embedded apps because compilers limitations and for optimization reasons. 19,000 is not a fair metric to present out of context. That said, I still feel even applying many of my relaxed rules this app would still have a large amount of potential issues. The flawed averaging logic, a common mistake unfortunately, clearly demonstrates a lack of peer review, unit testing, and reasonable system level testing.

  2. Anonymous says:

    "There is no doubt that the Supreme Court should declare this machine to be unreliable"It's tragic to see this in print. It's true that the device has its flaws— as would virtually any embedded system subjected to such scrutiny. But did those flaws actually render the device _unreliable_? Probably not.Individual jurisdictions determine the specifications for breath alcohol analysis devices, and those same jurisdictions conduct continuous testing and calibration to make sure that all the devices in service are meeting those requirements. Thus, "unreliable" devices can— and are— detected and removed from service immediately.Did any of the "flaws" detected by the analysis contribute in any meaningful way to the measurements at issue? That's the critically important question, one that nobody seems to be asking or attempting to answer.

  3. Ram C says:

    If the device complied with NHTSA’s Model Specifications for Evidential Breath Testers, could this be a case of the standard/process not being stringent enough? The company's marketing folks seem to have quickly exploited the case :). From the company website:The Alcotest® 7110 MK III-C is proven evidential breath analyzer. It is the only evidential breath tester on the market whose source code has been reviewed by independent third parties and approved by a Supreme Court decision.

  4. Anonymous says:

    i would love to see an analysis of the speed camera software.michael, any chance you can get hold of that stuff too? how about the radar gun software the police use?

  5. […] the motivation for today’s post, is actually Michael Barr’s latest blog posting concerning analysis of the source code for a breathalyzer. Since I do expert witness work, as well […]

  6. bony says:

    i need alcohol detection valid source code in embedded c

Leave a Reply to Eye, Aye I! « Stack Overflow