Posts Tagged ‘safety’

« Older Entries
Newer Entries »

Firmware Wall of Shame: Welch Allyn Defibrillator Recall

Tuesday, March 17th, 2009 Michael Barr

The FDA has just announced a Class I (the most serious human risk category) recall of the Welch Allyn AED 10 automatic external defibrillator (shown).

Among the reasons for the recall are the following problems that are either caused by embedded software bugs or hardware problems able to be fixed entirely through a firmware upgrade:

  • “Units serviced in 2007 and upgraded with software version 02.06.00 have a remote possibility of shut down during use in cold environmental conditions. There are no known injuries or deaths associated with this issue. The units will be updated with the current version of software.”
  • “All of the recalled units will be upgraded with software that corrects [another] unexpected shutdown problem. In the meantime … it is vital to follow the step 1-2-3 operating procedure which directs attachment of the pads after the device has been turned on. This procedure is described on the back of your device and also in the Quick Reference material inside the AED 10 case. Some pages in the user’s manual may erroneously describe or show illustrations of [a different] operating procedure… Please disregard these erroneous instructions.”

There has been at least one death at a time when the second type of unexpected software shutdown occurred. Are bugs in the embedded software to blame? Of what sort? Could the authors of that firmware be sued in relation to the death? Were they negligent? Are they sure that there are Zero Bugs (or even just fewer bugs) in the “current version of the software”?

Expect more of this type of firmware-involved death as embedded systems continue to proliferate.

Tags: , , ,
Posted in Uncategorized | No Comments »

Embedded Systems Conference 25% Discount Code CTDSS15

Monday, February 23rd, 2009 Michael Barr

As a speaker and track chair for the “Designing Safer Systems” track at the Embedded Systems Conference Silicon Valley, I am able to offer conference attendees a 25% registration discount. To receive the discount you must register with the promotional code CTDSS15.

The complete conference program can be found at http://esc-sv09.techinsightsevents.com/conference.

Tags: , ,
Posted in Uncategorized | No Comments »

Programming as Profession

Wednesday, January 14th, 2009 Michael Barr

Doing my daily reading around the embedded systems press, I happened across this gem in an article by Jim Turley:

Programming is often treated as a creative endeavor, undertaken by spirited and talented artistes who cannot or should not be shackled to convention, regulations, or reasonable hygiene. Get over it. Programming is a job like any other, and an employer’s responsibility is to ship a profitable product, not coddle and babysit self-indulgent hackers.

I couldn’t agree with Jim more. It is especially unfortunate when a lack of professionalism shows itself in the realm of embedded systems, such as medical devices, that put human lives at risk. I regret to inform the reader that from Netrino‘s vantage point as consultants we see everyday the train wreck that results from poorly managed and unprofessional programmers working in the embedded systems space.

You need a license from the state to to be a barber. To write embedded software, you simply need to be able to spell ‘C’. But I’m on a mission to change that.

Tags: , , , , ,
Posted in Uncategorized | No Comments »

RTOS Myth #2: RMA is for Academics

Thursday, March 6th, 2008 Michael Barr

The Myth: The Rate Monotonic Algorithm (RMA) is an interesting theory but it has no practical meaning for users of real-time operating systems.

The Truth: For starters,

  • All of the popular real-time operating systems (e.g., VxWorks, ThreadX, and uC/OS-II) feature fixed-priority preemptive schedulers
  • RMA is the optimal fixed-priority scheduling algorithm (and note that dynamic-priority algorithms do not degrade gracefully)
  • Unless you use RMA to assign priorities to RTOS tasks, there are no task-specific performance guarantees; if the processor becomes overly busy in a brief period of time, a critical task may miss its deadline

In a nutshell, RMA is the one and only proper way to assign relative priorities to RTOS tasks with deadlines. (Shock of shocks: Deferring to your boisterous colleague Bill’s insistence that his task is the most important isn’t guaranteed to work!) There’s a nice introduction to the RMA technique at http://www.netrino.com/Embedded-Systems/How-To/RMA-Rate-Monotonic-Algorithm/.

The principal benefit of RMA is that the performance of a set of tasks thus prioritized degrades gracefully. Your key “critical set” of tasks can be guaranteed (even proven a priori) to always meet its deadlines–even during periods of transient overload. Dynamic-priority operating systems cannot make this guarantee. Nor can static-priority RTOSes running tasks prioritized in other ways.

Too many of today’s real-time systems built with an RTOS are working by accident. Excess processing power can mask a lot of design sins. But if you haven’t used RMA to assign priorities, it could just be a matter of time before you get burned.

Go back to RTOS Myth #1 or forward to RTOS Myth #3.

Tags: , , ,
Posted in RTOS Multithreading | 2 Comments »

Firmware Wall of Shame: Oceanic Versa Pro 2A Dive Computer

Monday, December 31st, 2007 Michael Barr

Here’s an example of a bug in an embedded system (a dive computer for use in Scuba) that might have killed http://www.cpsc.gov/cpscpub/prerel/prhtml06/06194.html

Oceanic Versa Pro 2A Digital Dive Computer

The design of bridges and roads and the engineers who work on them are regulated by states and the federal government. The modern equivalent of bridges and roads are often embedded computers, but there is little regulation outside of medical devices (FDA) and avionics (FAA). Sooner or later, this unregulated posture may get us into big trouble as a society.

Tags: ,
Posted in Uncategorized | No Comments »

« Older Entries
Newer Entries »