Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Jaguar XJ Suffers Blue Screen of Death

Posted by CmdrTaco on from the i-meant-to-do-that dept.

An anonymous reader writes "CNET UK is reporting that it crashed a £90,000 Jaguar XJ Super Sport — one of the most technologically advanced cars on the planet today. It's not the sort of crash you'd imagine, however — An unforseen glitch somewhere within the car's dozens of separate onboard computers, hundreds of millions of lines of code, or its internal vehicular network, led to the dramatic BSOD, which had to be resolved with the use of a web-connected laptop."

8 of 301 comments (clear)

  1. Why? by Pentium100 · · Score: 3, Interesting

    I still don't get it - why cars need so much software? Older cars worked quite well with just mechanical controls, so why there are so many computers in new cars?

    Non-essential systems do not count - if the radio/usb player fails, I'll be annoyed (and I can replace the player with a simpler tape deck if I want to), if the steering or brakes fail, I'll be injured or dead.

    So, why the millions of lines of code? Are they really necessary for the system to do the job what simpler (and more reliable) mechanical linkages did in the past (steering, brakes, throttle, clutch, gear selector)? Mechanical devices fail, but they usually give "notice" before doing so - you can see the rusty rod or the cracked link before it fails. Oh, and you still need the mechanical device (the wheels somehow have to turn in the direction that the user turned the steering wheel). Also, people seem to be able to design mechanical devices that work as intended, while software is almost always buggy.

    My 28 year old car somehow seems to be able to work and get me from point A to point B even though the tape deck has more complex electronics (well, it has a RDS decoder, Dolby B and C NR, logic controls, LCD display, ability to control CD and MD changers etc) and the electronics of the car itself consist of a few relays.

    1. Re:Why? by KwKSilver · · Score: 3, Interesting

      I still don't get it - why cars need so much software?

      To drive up the price and profit margins. Silly goose.

      --
      If you want your life to be different, live it differently.
  2. Re:Not that surprising. by localman57 · · Score: 4, Interesting

    Nobody said it was the Linux system. It could have been whatever ECM monitored the Power Button. Normally, you hit the button, and it sends out a message across a bus, typically CAN (or FlexRay in the most modern systems) which tells the other systems to "wake up", and typically also energizes the ignition wire for non-connected systems. If that one ECM was locked up, the car is pretty much hosed until you can reset it. Could well have been a $5 microcontroller imbedded in the dash, and running a fore-ground/background loop, and no real OS.

  3. Should have used QNX. by LikwidCirkel · · Score: 4, Interesting

    It's a Bosch dash running Linux for the infotainment. I much prefer Harman dashes that run QNX like Audi, BMW, and a number of other car makers use... totally more reliable IMO. I've actually worked hands-on with some of this stuff, and I must admit, I trust QNX much more for mission-critical applications, like automobiles.

    1. Re:Should have used QNX. by LoRdTAW · · Score: 4, Interesting

      That is pretty much the realm of QNX, a real-time embedded mission critical operating system. I once met a guy who wrote software for QNX used on communications satellites. So yea its pretty damn reliable. They used to offer a free desktop OS (Neutrino RTOS) around the same time Be Inc released BeOS R5 PE. I still have a download kicking around too. Before that (1999 ish) they offered a single floppy image that booted your PC and even provided a few small and simple demo programs and even a game. Its amazing feature was a web browser and Ethernet card drivers. Pretty amazing stuff for its time.

  4. Insufficient paranoia by Animats · · Score: 5, Interesting

    Many years ago, I was at Ford Aerospace, where we had some slight involvement with the Ford EEC IV engine control module. The designers of that were paranoid about a failure of the module making the car immobile. So they did the following:

    • The device was designed for a 30 year life span. (Many 1980s Fords are still running with EEC IV modules, so they did it.)
    • The program for the device was etched into the silicon of the CPU. There is no way to change it without replacing the entire module. Huge amounts of effort were put into getting this small program right, including some proof of correctness work. It was successful; there's never been a recall.
    • There is a removable module with a ROM that has engine parameters. (The format is known; people have made their own for racing purposes.) It's just tables, no code. It's a bulky metal-cased plug-in module, hard to damage.
    • The device starts from a clean ground state at power-up. There is no persistent state that can prevent startup.
    • There's a dumb backup mode in the program. If the complex engine control algorithm fails, it reverts to a simple backup mode. Performance isn't very good.
    • There's a second hardware backup mode in the ignition controller. This was referred to internally as "limp-home mode". If a timer in the ignition controller detects that the EEC isn't responding, it drops into a mode where the spark fires each time a pulse from the crankshaft position sensor comes in. In this mode, there's no spark advance, no smart fuel injection, no active emissions control, no engine/transmission coordination, and top speed is about 25MPH. You can still drive the car.

    Designers today are not being sufficiently paranoid. They're assuming that the entire system stays up and that tow trucks are easily available.

  5. Re:Not a BSOD by paeanblack · · Score: 3, Interesting

    Exactly. A less sensational headline could have been "XJ Power button kinda flakey". This kinda stuff is what drives technical support people nuts.

    I stopped at "hundreds of millions of lines of code"

    # find /usr/src/linux/ -name "*.[ch]" -exec cat {} \;|wc -l
    11561604

    A car OS beats that by twentyfold?

  6. Re:But from a Use Case perspective ... by dgatwood · · Score: 3, Interesting

    My guess would be a separate power management controller somewhere that was wedged with everything in a powered down state. They couldn't talk to the main computer (ECU, maybe?) to reset it, which probably means that the main computer itself wasn't getting properly powered up by the power button. You wouldn't typically leave a computer system running off the car battery (even with the displays powered down) while the car is shut off. It would consume too much power.

    Either way, I agree that it probably can't have been the button itself, or else the power cycle wouldn't have fixed it. Well, I suppose it could be a self-resetting fuse somewhere, or (maybe) a stuck latching relay, but odds are, it's a power management controller or similar.

    In the grand scheme of things, this probably calls for the addition of a power management reset feature, e.g. two extra sets of switch contacts and a 555 timer IC wired up as a pulse delay circuit so that if you hold the power button down for ten seconds, the chip's power gets momentarily interrupted by a depletion-mode MOSFET. You know, something so simple that it is almost guaranteed not to fail in the lifetime of the vehicle.

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.