New Jaguar XJ Suffers Blue Screen of Death

An anonymous reader writes "CNET UK is reporting that it crashed a £90,000 Jaguar XJ Super Sport — one of the most technologically advanced cars on the planet today. It's not the sort of crash you'd imagine, however — An unforseen glitch somewhere within the car's dozens of separate onboard computers, hundreds of millions of lines of code, or its internal vehicular network, led to the dramatic BSOD, which had to be resolved with the use of a web-connected laptop."

Re:Not that surprising.

[localman57]

Nobody said it was the Linux system. It could have been whatever ECM monitored the Power Button. Normally, you hit the button, and it sends out a message across a bus, typically CAN (or FlexRay in the most modern systems) which tells the other systems to "wake up", and typically also energizes the ignition wire for non-connected systems. If that one ECM was locked up, the car is pretty much hosed until you can reset it. Could well have been a $5 microcontroller imbedded in the dash, and running a fore-ground/background loop, and no real OS.

Should have used QNX.

[LikwidCirkel]

It's a Bosch dash running Linux for the infotainment. I much prefer Harman dashes that run QNX like Audi, BMW, and a number of other car makers use... totally more reliable IMO. I've actually worked hands-on with some of this stuff, and I must admit, I trust QNX much more for mission-critical applications, like automobiles.

Re:Should have used QNX.

[LoRdTAW]

That is pretty much the realm of QNX, a real-time embedded mission critical operating system. I once met a guy who wrote software for QNX used on communications satellites. So yea its pretty damn reliable. They used to offer a free desktop OS (Neutrino RTOS) around the same time Be Inc released BeOS R5 PE. I still have a download kicking around too. Before that (1999 ish) they offered a single floppy image that booted your PC and even provided a few small and simple demo programs and even a game. Its amazing feature was a web browser and Ethernet card drivers. Pretty amazing stuff for its time.

Insufficient paranoia

[Animats]

Many years ago, I was at Ford Aerospace, where we had some slight involvement with the Ford EEC IV engine control module. The designers of that were paranoid about a failure of the module making the car immobile. So they did the following:

• The device was designed for a 30 year life span. (Many 1980s Fords are still running with EEC IV modules, so they did it.)
• The program for the device was etched into the silicon of the CPU. There is no way to change it without replacing the entire module. Huge amounts of effort were put into getting this small program right, including some proof of correctness work. It was successful; there's never been a recall.
• There is a removable module with a ROM that has engine parameters. (The format is known; people have made their own for racing purposes.) It's just tables, no code. It's a bulky metal-cased plug-in module, hard to damage.
• The device starts from a clean ground state at power-up. There is no persistent state that can prevent startup.
• There's a dumb backup mode in the program. If the complex engine control algorithm fails, it reverts to a simple backup mode. Performance isn't very good.
• There's a second hardware backup mode in the ignition controller. This was referred to internally as "limp-home mode". If a timer in the ignition controller detects that the EEC isn't responding, it drops into a mode where the spark fires each time a pulse from the crankshaft position sensor comes in. In this mode, there's no spark advance, no smart fuel injection, no active emissions control, no engine/transmission coordination, and top speed is about 25MPH. You can still drive the car.

Designers today are not being sufficiently paranoid. They're assuming that the entire system stays up and that tow trucks are easily available.