[SystemSafety] The VW Saga

Andy Ashworth andy at the-ashworths.org
Wed Oct 14 05:24:44 CEST 2015 

My first post-graduate job was in the auto industry working on engine management systems for an auto manufacturer that is no longer in business. 

 

The level of specification of what needed to be achieved was expressed in broad terms at a high level. The degree of independent checking and formal review of detailed design documentation was very low… it would be very easy in such an environment for middle management to direct technical staff to detect emissions tests (how about looking for a characteristic ambient temperature AND vehicle coolant temperature = ambient +/- 1 deg C followed by no pedal actuation after engine start for a defined period…  this would indicate that that car has stood for some time at an ambient temperature typical of emissions tests; the initial idle period where no pedal input is received is in the pre-test phase).  On a car from the 80s fitted with a carburetter such an algorithm would have limited impact on overall emission levels, however, with today’s fuel injection systems the impact would be far greater.

 

With the lack of detail in the software design documentation coupled with the lack of formal V&V at the intermediate levels of abstraction, this defeat software could be included relatively easily at the behest of management who should not have the authority to make such decisions.

 

Yes, engineers should have the ability to refuse such direction on ethical grounds, however, ethical stands can become a short-cut to the employment line L

 

Andy Ashworth

 

 

 

From: systemsafety-bounces at lists.techfak.uni-bielefeld.de [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of Matthew Squair
Sent: October 13, 2015 10:46 PM
To: Les Chambers <les at chambers.com.au>
Cc: Martyn Thomas <martyn at 72f.org>; The System Safety List <systemsafety at techfak.uni-bielefeld.de>
Subject: Re: [SystemSafety] The VW Saga

 

The counter argument is that it is so chaotic and messy in the VW design department that a) normalisation of deviant behavior could thrive undetected, and b) such a change could be inserted undetected (and untested, specified or documented). 

 

I wouldn't be surprised if when the lid gets lifted back we see a software development regime as dysfunctional as Toyota's was found to be in the wake of it's unintended acceleration problems. 

 

There's definitely the makings of a good sociology of engineering paper in this. :)

Matthew Squair

 

MIEAust, CPEng

Mob: +61 488770655

Email; Mattsquair at gmail.com <mailto:Mattsquair at gmail.com> 

Web: http://criticaluncertainties.com


On 14 Oct 2015, at 8:45 AM, Les Chambers <les at chambers.com.au <mailto:les at chambers.com.au> > wrote:

500 years on, Shakespeare evokes real life in the VW drama. 

 

"... Light thickens, and the crow

Makes wing to th' rooky wood.

Good things of day begin to droop and drowse; ..."

 

Volkwagen's top executive in the U.S. tells U.S. lawmakers, "This was a couple of software engineers who put this in for whatever reason."

http://www.nbcnews.com/business/autos/vw-scandal-top-u-s-exec-offers-sincere-apology-cheating-n440971

 

"... The lady doth protest too much, methinks ..." 

 

And the bounds of credibility are pushed even further. 

 

"... Whiles night’s black agents to their preys do rouse. ..."

 

For at some point VW will have to answer the following questions:

Who wrote the requirements specification that required a cheat mode?

Who reviewed and approved that specification?

Who performed the high level design and the detailed design?

Who had visibility of these specifications for the purposes of safety, V&V, standards compliance and logistic support?

Who implemented the code? It could not have been a one or two line mod as suggested by some stunningly misinformed journalists. The vehicle was put into a new mode which would have required integration of many sensors to determine the vehicle was on a rolling road. Just the code required to detect that the steering wheel was not deflecting could run into hundreds of lines. Then there is the state transition logic and ultimately the control software would be unique for cheat mode.

Who did the code reviews?

Who wrote the test specifications and what precursor documents did they use in their composition?

Who unit/integration tested the software (probably on some kind of simulator)

Who was the build manager?

Who integrated the software into the vehicle and performed hardware integration, system and performance testing?

Where are the test results?

Who signed off on safety?

Who approved the final release?

Where is the configuration register?

 

And so it goes on as the drama extends to a cast of thousands and is beginning to look like a very sad tale.

And VW's continued protestations of being sinned against by a couple of rogue programmers will in the future only compound their pain.

 

Macbeth was right:

" ... Thou marvel’st at my words: but hold thee still.

Things bad begun make strong themselves by ill. "

 

Cheers

Les

 

PS: Even worse. If we are looking at an honest man in the above video, it would mean that none of the above steps were taken. Could VW really be that agile? If so, and you own one of these vehicles, take it to the squasher and walk away.

 

From: systemsafety-bounces at lists.techfak.uni-bielefeld.de <mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de>  [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of Matthew Squair
Sent: Tuesday, October 13, 2015 6:41 PM
To: Martyn Thomas
Cc: The System Safety List
Subject: Re: [SystemSafety] The VW Saga

 

Not to mention that's work, which requires funding from someone's budget. So unless they're running a complete slush fund there'll be some level of financial line item accountability somewhere. 

 

Unless VW has a black bag budget of course. :)

Matthew Squair

 

MIEAust, CPEng

Mob: +61 488770655

Email; Mattsquair at gmail.com <mailto:Mattsquair at gmail.com> 

Web: http://criticaluncertainties.com


On 13 Oct 2015, at 7:15 PM, Martyn Thomas <martyn at 72f.org <mailto:martyn at 72f.org> > wrote:

I'd like to see what the software configuration management system records about the reasons for the "defeat device".  No software change gets implemented without explanation and approval. 

Regards

 

Martyn


On 12 Oct 2015, at 20:47, Chuck_Petras at selinc.com <mailto:Chuck_Petras at selinc.com>  wrote:

In opening I will say that I am the owner of a '12 VW Jetta TDI. 

To me the issue isn't the NOx emission levels. Its the fact that VW had (has) a corporate culture that would condone this sort of thing. What other systems have been compromised? Is there an Easter egg in the stability control system? Airbags? This really is the issue. 

Regulators Investigating 2nd VW Computer Program on Emissions 
< <http://www.nytimes.com/2015/10/09/business/international/vw-diesel-emissions-scandal-congressional-hearing.html> http://www.nytimes.com/2015/10/09/business/international/vw-diesel-emissions-scandal-congressional-hearing.html> 

​VW sets January for diesel emissions recall 
< <http://www.cbsnews.com/news/vw-sets-january-for-diesel-emissions-recall/> http://www.cbsnews.com/news/vw-sets-january-for-diesel-emissions-recall/> 
"Mueller said 'according to current information, a few developers interfered in the engine management.' He said he doesn't think the management board made the decision to use the manipulated software."

Chuck Petras, PE
Schweitzer Engineering Laboratories, Inc
Pullman, WA  99163  USA
 <http://www.selinc.com/> http://www.selinc.com
Tel: +1.509.332.1890

SEL Synchrophasors - A New View of the Power System < <http://synchrophasor.selinc.com/> http://synchrophasor.selinc.com>

Making Electric Power Safer, More Reliable, and More Economical (R)

_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE <mailto:systemsafety at techfak.uni-bielefeld.de> 

_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE <mailto:systemsafety at techfak.uni-bielefeld.de> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20151013/cbb1129f/attachment-0001.html>

More information about the systemsafety mailing list