If you’ve been around Irreal for a while, you know that I spent the majority of my software career writing C code. I love C and don’t have a lot of patience for snark about it from those who have never bothered to master it or even use it non-trivially.
Still, I can promise you that given 500,000 lines of C you’re going to find errors. Probably lots of them. Who would want to put their safety or even their lives in the care of such a monster? Yet that’s exactly what we all do everyday. Modern automobiles are run almost entirely by computers running probably millions of lines of code. If you’re a software developer, this should terrify you.
Here’s a case in point. Toyota’s cars have—or at least had—an acceleration system run by over 500,000 lines of C code. After more than a decade of “sudden unintended acceleration” incidents and several recalls in which Toyota blamed floor mats getting stuck under the accelerators, one victim hired a couple of embedded system engineers to examine the code. Toyota, of course, vigorously objected but the review took splace anyway. I’ll let you watch the video to see what they found.
In some ways, the video is an advertisement for Rust. At the end, the narrator says that these problems could be ameliorated by using a “safe” language like Rust. Those of us who have been around for a while know there’s no such thing. On the other hand, C probably isn’t the best choice for this sort of application.
NASA famously uses C safely but they have an extraordinarily comprehensive review and testing process and very strict coding standards. No automobile manufacturer is going to—or probably could afford to—run a similar program. It makes you yearn for the old days of mechanical interfaces.
It’s an interesting video. It’s 10 minutes, 6 seconds long so it should be easy to fit in.