[SystemSafety] Comparing reliability predictions with reality

[Prof. Dr. Peter Bernard Ladkin]

Bob,

it sounds to me as if you worked on exactly the sensitive spot. About a decade ago I was in touch 
with the R&D manager for a major Tier 1 supplier of automotive electronics. He used to be an 
academic (and still was/is, in the sense of being Honorary Prof at the Uni Tübingen) and worked in 
what some of us like to call Formal Methods, that is the use of mathematics and logic to try to 
ensure that software works correctly.

He gave an impressive public talk in which he said that almost all the glitches that the company 
encountered were "below" the level of what was traditionally called software, but above the 
hardware. He didn't go into specifics (they are presumable proprietary). He might well have been 
saying that the problems occur in the mismatch between firmware and what the hardware does, but he 
didn't phrase it quite like that.

I found it particularly interesting, in that I know that parts of the company extensively used 
Matlab Simulink for modelling and for generating pseudocode that acted as very low level 
specification for the code that would actually run the boxes they sold. And of course Simulink is 
notorious for not being an unambiguous language. He was essentially saying that they'd not actually 
encountered many, if any, problems with that process.

That was a decade ago. I don't where they are now with their developments.

PBL

Prof. Dr. Peter Bernard Ladkin
Causalis Limited/Causalis IngenieurGmbH, Bielefeld, Germany
Tel: +49 (0)521 3 29 31 00