Quote:
Originally Posted by fancyfl1ght
But this is an audio amp. Sure anything drive train related is a risk as it is mission critical. BMW usually gets this right because getting it wrong can kill people. An audio amp, meh, what as your taking an exit ramp at 75 mph, your favorite tunes stop working?
At least you'll make the turn and live. Not sure if that can happen if you wrote custom suspension, transmission, ABS, and engine tuning code.
It's still ridiculous to me how they engineered this. This to me is a teltall sign of sloppy software development in places where it is not critical. This is classic pre production code meant to be tested in real life by consumers. This is BMW business as usual. And a smart company spending money is the right places.
|
I work in engine embedded software (off road, not cars). would guess there is some calibration that goes on between one of the other controllers and the amp during programming. This is common on vehicles. The problem is that the programming code can't get the needed data from the amp and aborts, or that value simply doesn't get written to the other controller. Now there are two possible things happening. That value is missing on startup so the controller either goes into boot mode or logs a fault code and shuts down.
The other possibility is that if the programming failed in the middle, you may not have all the code programmed into the controller. Which still means that on startup, that controller fails to load its code and drops to boot mode.
Most people assume that automotive embedded software is just like the software on our PC or our phone, but it's not. One big challenge you have on embedded systems is very limited amounts of RAM and storage. On your PC, your computer can store old versions of files, data etc when it gets updates so if things go wrong, the OS just reloads those old files from memory or storage and you are where you started from. Most embedded controllers on cars have maybe 250kb of RAM and maybe 3-4 mb of storage. So in most of them you just don't have enough memory or storage to hold a backup of the old code in case something goes wrong during programming. It is an all or nothing event.
Now were this my team designing this, I would have pushed very hard to not have a failure mode where one non critical component in the system failing programming would make it so the car can't start. But since the failure only happens when the dealer is reprogramming at the shop, it is less of a problem. If they are doing over the air reprogramming of this controller and it happens while the car is sitting in your garage, the warranty costs and customer dis-satisfaction could be big.