Gastkommentar Jack Ganssle

Expensive Software

05.11.14 | Autor / Redakteur: Jack Ganssle / Martina Hafner

Der Autor: Jack Ganssle ist ein international anerkannter Spezialist für Embedded-Systeme sowie gefragter Autor und Referent.
Der Autor: Jack Ganssle ist ein international anerkannter Spezialist für Embedded-Systeme sowie gefragter Autor und Referent. (Foto: J. Ganssle)

One wonders why we as an industry continue to flail around with poor practices that are ultimately expensive and even deadly, when there is a body of knowledge that is provably effective.

As everyone knows by now, Toyota has agreed to a $1.2 billion fine [1] to settle a criminal case over unintended acceleration. A jury in Oklahoma found that, in one case at least, the culprit was the firmware. This payout is on top of another $1B settlement for the same problem [2].

Bottom line: poor firmware has cost the company staggering amounts of cash. Testimony shows [3] that the firmware wasn’t just suffering from a bug; instead it was reeking with problems. One has to wonder what the engineers were thinking.

Everyone in this industry faces twin pressures: fast and cheap. Deliver now. Cut engineering costs. I have no insight into how many person-hours went into the Toyota code, nor do I know their delivery schedule. But let’s look at that most recent $1.2B payout. How does that compare to the engineering effort?

The NASA report [4] talks about a code base of “more than 280,000 lines” of code. Mike Barr tells me there were “over a million lines of C source code”. For argument’s sake, let’s figure on a million.

The most expensive code ever written is that of the Space Shuttle, which ran about $1000/LOC (201 Principles of Software Development, Alan M. Davis, 1995). With just the most recent settlement, Toyota’s code cost them over $1200 per line – without accounting for any engineering effort. The difference is that the Shuttle’s code is the best ever written, averaging about one bug per 400KLOC, and Toyota’s has been intensely litigated.

I am not suggesting that Shuttle development practices should be anyone’s goal. Perhaps a better benchmark is avionics. It’s largely believed that no one has been killed by defective firmware in commercial aircraft, yet that code controls pretty much everything. Sure, the pilots can take over, but modern planes are fly-by-wire. The pilot flies a computer. What does it cost to develop the fabulous software that mediates billions of passenger-miles per day in the air?

Commercial avionics is done to a standard called DO-178B (supplanted recently by DO-178C). Level E applies to software that won’t impact operations in any significant way. Level A is for code that can lead to the loss of the aircraft. How much does it cost to write code to level A?

Who knows? Data is sparse and proprietary. However, most pundits figure it’s about twice the cost of typical commercial firmware. Others (“DO-178B Costs Versus Benefits” by Vance Hilderman), in this case based on data from some 150 avionics programs, claim code written to level A is 65% more expensive than that to level E. That figure includes both the engineering effort and the certification process.

Inhalt des Artikels:

Kommentar zu diesem Artikel abgeben

Schreiben Sie uns hier Ihre Meinung ...
(nicht registrierter User)

Kommentar abschicken

Dieser Beitrag ist urheberrechtlich geschützt. Sie wollen ihn für Ihre Zwecke verwenden? Infos finden Sie unter (ID: 43052164 / Projektmanagement)

Embedded Software Engineering Report abonnieren

4 mal jährlich: Die kostenlose Pflichtlektüre für Embedded­-Software- und Systems-Entwickler, von Analyse bis Wartung und Betrieb

* Ich bin mit der Verarbeitung und Nutzung meiner Daten gemäß Einwilligungserklärung und AGB einverstanden.
Bitte geben Sie das Ergebnis der Rechenaufgabe (Addition) ein.