Just the thing for your autonomous car

Don't know about you, but when I finally get a car that does all the driving for me, I'm going to become very lazy, very fast. Which means I'll be super unhappy every time my car needs a fill-up. Think about it: I will have to haul my butt out of the car and fill the tank myself. The horror!

But you know what? It turns out my fears are groundless. Because Husky Corporation and Fuelmatics AB have collaborated on a — you guessed it — automatic refueling system:

Kidding aside, this system could be of benefit long before autonomous vehicles become ubiquitous. According to Husky, it can cut 30% off the time it takes to refuel, so gas stations could sell more gas in the same amount of time, and with fewer lineups.

Also, this could be just the thing for any region where winter has the upper hand — virtually all of Canada, for instance. If you're ever stepped out of your car in -30 C temperatures to gas up, you know of which I speak.


What do you mean, you haven't read the latest QNX newsletter?

Seriously, folks, there's no excuse. All you have to do is subscribe. It's easy, it's painless, and it's free of clauses asking for your first-born child.

What's that, you say? You're not the subscribing type? Hey, no worries, I'm cool with that. In fact, you can be cool with it, too, since you can also access the newsletter (aka "The Source") by visiting this QNX webpage. So bookmark it in your browser. And don't go another month without keeping track of what's happening at QNX.


What has the QNX auto team been up to?

Well, let's see...


Striking a balance between reliability and availability

Can you achieve one without
sacrificing the other?
Maybe it's just me, but a lot of people seem to use reliability and availability interchangeably. I often hear people say 99.999% reliability when, in fact, they are referring to availability.

So what is the difference between the two? And why is that difference important? I'm glad you asked. :-)

In a software-based system, availability refers to how often the system responds to events or stimuli in a timely manner; reliability, on the other hand, refers to how often the responses are correct. The distinction can be a matter of life or death. For instance, in some medical devices, it is preferable to have no response (where little or nothing happens to the patient) than a wrong response (where the device harms the patient irreparably). Whereas in other systems, any response of sufficient accuracy or quality may be preferable to no response at all.

But here's the thing. Regardless of whether a system is more sensitive to availability or reliability, it should still take pre-defined (and carefully considered) actions when a dangerous condition arises. For instance, if the control system for a high-speed train fails, it will move to its design safe state, which will probably involve applying the brakes.

So far, so good. The problem is, many systems are components of larger systems. So even when a component is avoiding a genuinely dangerous situation, its behavior may put stress on the larger system and lower that system's availability.

Moreover, the behavior of an overall system when an unanticipated condition occurs can be very difficult to predict, for the simple reason that the system depends on multiple, largely independent, components moving to their design safe states. None of those components, and their safe states, can be considered in isolation. For instance, in 1993, Lufthansa Flight 2904 overran a runway because the reverse thrust deployment system operated exactly to specification. Unfortunately, the system designers hadn't anticipated conditions during a cross-wind landing.

Enough from me. I invite you read the ECN article "Balancing reliability and availability", written by my colleague and senior software developer Chris Hobbs. Chris discusses how it's possible to strike a balance between reliability and availability — and why designing safe software can require the ability and willingness to think from the outside in.

QNX announces support for new Intel Atom E3800 processor family

In 2008, the Intel Intelligent Systems Alliance presented QNX Software Systems with an "Award of Excellence, Most Innovative Software" for its fastboot support of the Intel Atom Processor. Fast forward to this morning, when QNX announced that it will extend its Atom support to include the new Intel Atom E3800 product family, which was created to address the high performance-per-watt demands of medical devices, building automation panels, industrial control systems, in-car infotainment systems, and other smart devices.

Said Sam Cravatta, product line manager at Intel, "Stellar graphics support is crucial for application and intelligent system development. The Atom processor E3800 product family is the first to take advantage of Intel’s Gen 7 graphics, complementing QNX Software Systems’ graphics framework, tools, and runtime components for creating sophisticated displays that feature improved 2D and 3D graphics rendering with little CPU overhead.”

Highlights of the Intel Atom E3800 family include high I/O connectivity, an integrated memory controller, virtualization, error correcting code (ECC), and a thermal design power range of 5W to 10W2.

Read the QNX press release and read more about the E3800 product family.


Time to blast some space debris!

If you're the proud owner of a BlackBerry 10 smartphone, here's a new game that you won't find on any other platform. It involves space debris, the International Space Station, and some quick thinking on your part — because unless you act fast, the space station will rapidly become an ex-station. And we don't want that, do we?

The game is called Ablative Air. To be honest, the name threw me off at first, as it would anyone who has studied Latin, a language in which "ablative" is just one of six noun cases (and people wonder why it's a dead language). But in the context of the game, ablative refers to the verb "ablate" — you know, vaporizing something to kingdom come. Which is what you get to do to the space debris.

The game's author is none other than Andy Gryc, whom many of you know through the QNX auto blog. Now here's the thing: some of you may assume, incorrectly, that the game was inspired by the new movie Gravity, which involves more space debris than you can shake a shuttle at. But, in fact, the near-simultaneous releases of the game and the movie are pure serendipity — or, if you prefer, synchronicity. Andy was at work on Ablative Air long before Gravity made its debut, and he didn't even hear about the movie until after he posted the game on BlackBerry World.

Enough of my blather. Check out this review, posted by the folks at CrackBerry. Then check out the links below to learn more about (and purchase!) Ablative Air.

Download Ablative Air from BlackBerry World, check out Andy's Facebook page, and visit his developer blog.


As I was finishing this post, Andy Gryc sent me a message, saying that Ablative Air has just been granted "Built for BlackBerry" status. This signifies that an app or game satisfies a number of criteria, including user experience, performance, security, localization, and service integration. Congratulations, Andy!

Adding sound to eliminate sound: a new solution for noisy engines

Car engines have been getting noisier.
But chances are, you haven't noticed. That's because automakers have been taking measures to mask the noise.

So where is the noise coming from? Automakers need to reduce fuel consumption. And to do that, they are employing techniques such as variable cylinder management and operating the engine at lower RPM. These techniques can result in more "boom" that permeates the car's interior.

So how are automakers masking the noise? Well, it's not by adding damping materials. In fact, many automakers are removing such materials to help make their cars lighter and more fuel efficient — a practice that can allow more engine sound to reach the driver and passengers.

The weapon of choice is, paradoxically, sound. By playing “anti-noise” (i.e. sound that is directly proportional but inverted to the offending engine tones) over the car’s speakers, automakers can, in effect, make engine noise disappear. This approach is similar to noise-cancelling headphones, but targeted specifically at engine sounds. It's also more complicated, as it must take into account the unique acoustic properties of each vehicle model — properties that change when you open and close windows, add or remove passengers, and so on.

Now here's the thing: The active noise control (ANC) systems currently used by automakers require dedicated hardware. This adds cost and complexity. So the acoustics engineers at QNX have come up with a different approach: a software-based solution that can run on existing infotainment or audio hardware. The result is significantly lower Bill of Materials costs and an ANC solution that integrates better with other audio tasks, including hands-free calling.

Mind you, there are other benefits as well. But don't take it from me. Check out this blog post from my inestimable colleague Tina Jeffrey, who provides the full skinny on the new QNX Acoustics for Active Noise Control product and why it offers a better approach to traditional solutions.


Garmin taps QNX technology to create K2 infotainment platform

Complete digital cockpit delivers navigation, diagnostics, streaming media, smartphone integration, and voice recognition

Most people are familiar with Garmin's many portable GPS devices, from sports watches to action cameras to PNDs. But Garmin has also created the K2, a next-generation infotainment solution that's built for automakers and based on the QNX CAR platform.

The K2 is a complete “digital cockpit” that comprises multiple digital displays, on- and off-board voice recognition, smartphone integration, and optional embedded 4G connectivity. It's designed to give drivers simple, intuitive access to navigation, vehicle diagnostics, streaming media, and realtime Web information. It's also designed with scalability in mind, so automakers can use it to address diverse market requirements and cost targets.

According to Matt Munn, managing director of Garmin’s automotive OEM group, “the QNX CAR platform has played a major role in helping us to achieve our goal of providing both world-class software reliability and flexible access to emerging consumer applications. From the proven stability and performance of the QNX architecture to the company’s worldwide industry recognition, QNX was the logical choice.”

Other key features of the K2 include a 3D-enhanced city model, a predictive services calendar, and remote personalization and control via a web portal or smartphone.

Here's the K2 at a glance:

Source: Garmin

And here's a demo of the system, filmed by Engadget at 2013 CES:

For more information on this announcement, read the press release. And for more on the K2 itself, visit the Garmin blog.

A version of this article was originally posted on the QNX auto blog.


Foryou Electronics, leading infotainment supplier in China, makes the shift to QNX CAR platform

A Foryou infotainment system.
Source: Foryou
This just in: Foryou General Electronics, a global supplier of in-car infotainment systems, has chosen the QNX CAR platform to develop infotainment and navigation systems for automakers in China.

Said Steven Chen, CTO of Foryou General Electronics, ”we appreciate the modular, pre-integrated approach that the QNX CAR platform offers because it allows us to develop highly reliable, differentiated infotainment solutions for entry-level to high-end vehicles.”

Foryou chose the QNX CAR platform after comprehensive testing of competing infotainment platforms, including open source solutions.

Established in September 2002, Foryou General Electronics is a subsidiary of Foryou Group Ltd., one of the top 100 electronic information enterprises of China. Its products are sold in more than 80 countries and regions worldwide; company sales were more than US$300 million in 2012.

For more information on this announcement, read the press release.

20 million points of interest
In related news, QNX has also announced that it is partnering with AutoNavi, a leading provider of digital map content and navigation solutions in China, to integrate AutoNavi’s technology into the QNX CAR platform.

AutoNavi offers a digital map database that covers approximately 3.6 million kilometers of roadway and over 20 million points of interest across China. By supporting this database, the QNX CAR platform will enable automotive companies to create navigation systems optimized for the Chinese market and users.

Said Yongqi Yang, executive vice president of automotive business, AutoNavi, “as a leading global provider of vehicle infotainment software platforms, QNX is not only a technology leader, but also a design concept innovator in enhancing vehicle flexibility — infotainment designs based on the QNX CAR Platform can be quickly customized.”

For more information on this partnership, read the press release. And to learn more about AutoNavi, visit their website.

This article was originally posted on the QNX auto blog.


Panasonic goes global with QNX CAR platform

In the automotive market — or any market, for that matter — a product platform must be judged by its flexibility. After all, the whole point of a platform is to help you create multiple products or product lines, each with its own distinguishing features, while reusing as many components as possible. Done right, a platform lets you target multiple price points, multiple consumer segments, and multiple geographies, in the least time and at the least cost. If that doesn’t define flexibility, I don’t know what does.

Which brings me to Panasonic Automotive Systems Company of America. They’re an international supplier of infotainment systems — Chevy MyLink and Chrysler Uconnect are just two of their products — and they need this kind of flexibility to deliver localized solutions  to their OEM customers in North America, Europe, and Japan. To help achieve it, they use the QNX CAR platform.

Flexible by design: MyLink supports
a touchscreen, voice commands,
and steering-wheel buttons.
To quote Scott Kirchner, vice president and CTO of Panasonic Automotive Systems, “we wanted a platform that would let us quickly customize our infotainment systems for a variety of markets and customer requirements — the QNX CAR platform, with its modular architecture and support for mobile connectivity standards, provides the inherent flexibility we were looking for.”

That quote comes from a press release issued just a few minutes ago. To read the release in its entirety, visit the QNX website. But before you click, remember also to visit the Chevy website, where you can find out more about the MyLink system. And did I mention? MyLink has been building quite the trophy case, what with the Best of CES 2013 Award it won in January and the CTIA Emerging Technology (E-Tech) Award it won in May.

Chevy MyLink system.
Images: Chevrolet

This post originally appeared on the QNX auto blog


Six QNX videos more people ought to see

Looking for examples of how people use QNX? You've come to the right place. From outer space to the automotive space, these six videos demonstrate the sheer flexibility and dynamic range of QNX technology. Better yet, you get to hear five users describe, in their own words, why QNX is important to what they do.

QNX in space
First up is Iain Christie of Neptec, the company responsible for creating the SVS and LCS camera systems on the NASA space shuttle. Highlight: when Ian explains the importance of QNX to the shuttle program (1:46). For more on the QNX-based LCS system, see my previous post.

QNX in the clinic
Next up is Vladimir Derenchuk of the Indiana University Health Proton Therapy Center, which uses proton beams to blast difficult-to-treat tumors. Highlight: it's all good, but listen to Vladimir explain why they chose QNX, and how it has helped with FDA approvals (1:34).

QNX in the HVAC
Next up is Hans Symanczik of Kieback & Peter, a German firm that has used QNX in building automation systems for more than 20 years. Highlight: when Hans explains the ultimate benefit of the QNX OS (2:07).

QNX on the air
Next up is Mikael Vest of NTP, a Danish company that supplies QNX-based audio routers to the global television and radio broadcasting industry. Highlight: Mikael himself, who gladly did this interview despite suffering from a flu to end all flus. A real trooper.

QNX on the road
Next up is Rick Kreifeldt of Harman International, a company known in the automotive industry for its ability to push the technology envelope. Highlight: the section where Rick's respect for the QNX team shines through (2:14).

QNX in flight
And last but not least is Thomas Allen from Mechtronix, a company that has developed an innovative, software-based approach to building flight simulators. Highlight: when Allen states that Mechtronix simulators effectively use the same software architecture as the QNX OS (0:45). Years, ago, someone explained to me how the QNX OS isn't simply a well-designed, modular OS; it also encourages well-designed, modular systems. In Mechtronix, we have an example.


Putting faces to names at the UOIT Faculty Summit for Mobile Computing

Jin Xu
A guest post from my colleague Jin Xu, Global Education Program Manager, QNX Software Systems

I always enjoy the experience of putting faces to names. And that’s exactly what happened to me on May 30 at the University of Ontario Technology Institute (UOIT) in Oshawa.

As manager of the QNX in Education program, I had spoken to many of institute’s professors over email or the phone, but never had the chance to meet them in person. So I was thrilled to greet and meet so many of them during a single event.

Fifty-five university faculties from 22 universities across Canada got together on May 30 in OUIT for a two-day mobile computing summit held in partnership with the BlackBerry Academic Program. The universities attending this event included:

      Albert Campbell C.I. — Toronto, ON
      Bucks County Community College— Newton, PA, US
      Centennial College — Toronto, ON
      Conestoga College — Guelph, ON
      Dalhousie University — Halifax, NS
      Georgian College — Barrie, ON
      McMaster University — Hamilton, ON
      Queens University — Kingston, ON
      Ryerson University — Toronto, ON
      Seneca College — Toronto, ON
      Sheridan College — Oakville, ON
      Simon Fraser University — Burnaby, BC
      University of Calgary — Calgary
      University of Guelph — Guelph, ON
      University of New Brunswick — NB
      University of Ottawa — Ottawa, ON
      University of Toronto — Toronto, ON
      University of Waterloo — Waterloo,ON
      UOIT — Oshawa, ON
      Western University — London, ON
      Youth Science Canada

Long story short, the event was very successful. As one professor commented, “I found the summit to be extremely valuable… the first day’s talks were very informative, especially having some of the professors share their experiences… it provided a great opportunity to get an overview of the BlackBerry platform, and the hands-on session demonstrated how quickly we can have students create a mobile application from scratch in BlackBerry 10.”

As you know, QNX has deep experience in the embedded market. That, together with a long history of supporting academic research, makes the QNX in Education program an ideal complement to the BlackBerry Academic Program, which provides free curriculum resources and mobile hardware to qualified professors and instructors.

During the first day of the summit, QNX delivered a presentation on the history of the QNX in Education Program and on the various offerings that QNX makes available to academics, and consequently, to students. A demonstration of QNX-based reference designs was very well received. On day 2 of the event, QNX provided a hands-on training session focused on the reference designs.

Another successful cooperation between the QNX in Education and BlackBerry Academic programs since the BlackBerry student competition in China last year!

Did you know…
… that the QNX in Education program has been active since the 1980s? And that Harvard University has been a program member for 23 years? Find out how in Harvard has been using QNX technology to investigate the ozone hole.

Find out more about the QNX in Education program and BlackBerry Academic Program.


What are the 5 all-time most popular QNX videos?

Geez, I thought you'd never ask. Seriously, the question came to mind earlier this week, so I decided to find out. A quick trip to the QNX YouTube channel provided the answer.

What that trip didn't tell me is why these videos are the most popular. I can think of several reasons, but the most obvious is that the videos all hint at a future in which driving is more connected, more convenient, more enjoyable — and also a little safer. But don't take my word for it. Check out the videos, if you haven't already, and judge for yourself.

Without further ado, here are the top five, along with my favorite scene from each one.

First up, at more than 525,000 views, is Imagined: Your car in the not-so-distant future. Best part: the augmented reality-enhanced stop sign (1:10).

Next, at more than 230,000 views, is QNX seamless connectivity. Best part: John Wall speaking on the real challenge of making a connected car (:50).

Close behind #2, at more than 213,000 views, is The QNX secret to making hands-free noise-free. Best part: The marching band (1:21).

Next, at more than 85,000 views, is QNX HTML5 series - Interview with Pandora's Tom Conrad. Best part: It's all good, but I love the bloopers (3:00).

And last, at more than 34,000 views, is QNX technology concept car - Bentley Continental. Best part: the couches.

One that didn't make it...
And, finally, here's my current favorite. It's not one of the top five... yet. But I think it should be:


What has the QNX auto team been up to?

Well, let's see...

What, you haven't read the latest issue of the QNX Source newsletter?

It always pays to get your information straight from the source. I'm speaking, of course, about the Source newsletter, which QNX publishes 10 times a year.

If you want to keep track of the latest QNX videos, webinars, whitepapers, press releases, product updates, and board support packages, subscribing to the Source is the way to go. But if your inbox is already crammed with too many newsletters, meeting requests, and advertisements for fake Rolexes, there is an alternative: you can bookmark your browser to the Source newsletter archive.

Here, for example, is a screen cap of part of the June edition, which is available now on the archive.


Solar Impulse plane completes final leg of cross-America trek

It has the wingspan of a Boeing 777, but weighs only as much as a family car. It has four propellers, but doesn’t sip an ounce of fuel. It's called the Solar Impulse, and it is the first plane designed to fly round the clock using only solar power.

In early May, the Solar Impulse took off from Mountain View, California on the first leg of its journey across America. Last night, it completed the trek, landing at New York's JFK Airport. In between, the plane made stopovers at Phoenix, Dallas, St. Louis, and Washington DC, allowing the Solar Impulse team to meet the public, show off the plane, and promote their vision of renewal energy. (In New York next weekend? If so, you're in luck: you can see the plane in person at JFK.)

Along the way, the plane set a new distance record for solar-powered flight: 1541 kilometers. The previous record was 1116 kilometers, set by — you guessed it — the Solar Impulse team.

QNX Software Systems is the official realtime OS partner for the Solar Impulse project, which uses QNX technology for several of the plane's control and data management functions. For more on the project and the people behind it, see the Solar Impulse website.

But before you go, check out this video, which starts off with some inspiring clips of the Solar Impulse in flight — followed by a cameo appearance by Larry Page wearing Google Glass.


Space-grade technology... in the palm of your hand

What does your phone have in common with planes, trains, automobiles, and space stations? If it's a BlackBerry 10 smartphone, plenty.

When you pick up a BlackBerry Z10 or BlackBerry Q10 phone, you are tapping into OS technology like no other. Technology that hospitals use to defeat cancer. Technology that power plants use to create energy. Technology that skyscrapers use to save energy. Technology that movie studios use to create mind-blowing special effects. And technology that calls for help if your car gets into an accident. In short, technology that makes a difference in my life, your life, everyone's life.

But enough from me. Especially when the video says it so much better...


Solar Impulse plane launches cross-America trek — with QNX on board

It isn't always easy being green. But it can be really cool. Case in point: the Solar Impulse HB-SIA, a one-of-a-kind airplane powered only by the sun. Earlier this morning, the HB-SIA took off from an airfield in Mountain View, California, to start the first leg of its journey across America.

QNX is the official (and mighty proud) realtime OS partner for the Solar Impulse project. For more on the project and its goal of promoting green energy, see my previous posts and the Solar Impulse website.

Meanwhile, here is footage of this morning's take-off, courtesy of CNET:


The first website ever is back online

I just stumbled on a cool blog post from Dan Noyes, the web manager for the CERN communications group. Dan tells us that the very first Web URL is now back online, and it looks just the way it did in 1992. Cool, that.

Without further ado, here is the URL: http://info.cern.ch/hypertext/WWW/TheProject.html

For the story behind this project, visit CERN's aptly named "Restoring the first website" project page. And while you're at it, check out this article on BBC News.


Successful beyond imagining

Hey, do you remember the "Imagined" video that QNX released back in November? You know, the one that takes a sneak peak at what cars might be like a few years from now? Well, I have a couple of updates.

First, the video has logged more than 518,000 views. Impressive, that. Second, it's
been named an honoree in the annual Webby Awards. Which puts it in the same company as videos from Disney, HBO, and Coca-Cola. Doubly impressive, that!

If you aren't familiar with the Webby Awards, they've been dubbed by the New York Times as the “Internet’s highest honor.” You can find out more about them here. And while you're at it, check out the blog post from Mike Edgell, the creative director at Thornley Fallis, the company that helped us realize our vision of tomorrow's car.

The winners of the Webby Award winners will be announced tomorrow, April 30. Just one more day...


Canon unveils 8D, first DSLR with 4G connectivity

April Fools' is over, folks — and yes, this post is a hoax. Some of the features, such as 4G connectivity, are indeed plausible, but can you detect the one truly anachronistic feature?

This just in: Canon Inc. has unveiled the new Canon 8D, a 42-megapixel APS-C digital SLR equipped with a 4G LTE antenna.

Outwardly, the new camera is almost identical to the existing 7D, which has been Canon's flagship APS-C DSLR since 2009. In fact, the only visible differences are a slightly larger LCD, a control button dedicated to the camera's 4G function, and an auto-telescoping built-in flash that uses a combination of high-intensity magnesium filaments and oxygen gas to achieve a guide number of 148 (in meters).

Most of the real changes have occurred inside. Aside from the new integrated LTE antenna, the megapixel count has jumped from 18 to 42, without any attendant increase in chroma or luminance noise, thanks a new generation backlit CMOS sensor. (Yes, you'll have to invest in expensive glass to take full advantage of the higher resolution.) And in a surprise move, Canon has decided to part with its well-regarded DIGIC processor technology — the new camera uses tandem processors, each based on a quad-core ARM Cortex A9 chip.

For details, vist the Canon website.


What has the QNX auto team been up to?

Well, let's see...


Why does all the cool stuff happen while I'm away?

Now appearing in both 
Fortune and Daily Planet
Do you ever get the feeling that the party starts the minute you leave the room? Well, it just happened to me. I was on vacation only a few days last week, but while I was away, Fortune magazine and Daily Planet both did pieces on QNX. What's up with that?

But seriously, this is cool. The Fortune article covers several bases: the history of QNX in mission-critical embedded systems, the leadership that QNX enjoys in automotive, and the new QNX concept car that made its debut at 2013 CES. Meanwhile, the Daily Planet video puts you in the front seat of the concept car for a tour of its many features — from voice control and video conferencing to the virtual mechanic. (Is it just me, or do the coolest features all start with the letter 'v'?)

Read the Fortune article here (you'll need a subscription to access it). And view the Daily Planet video here.


The isolation imperative: protecting software components in an ISO 26262 system

Software components can be impolite, if not downright delinquent. For instance, a component might:

  • rob other components of CPU time
  • rob other components of file descriptors and other system resources
  • access the private memory of other components
  • corrupt data shared with other components
  • create a deadlock or livelock situation with other components

Shameful, I know. But in all seriousness, this sort of behavior can wreak havoc in a safety-critical system. For instance, let's say that a component starts to perform a CPU-intensive calculation just as the system enters a failure condition. Will that component hog the CPU and prevent an alarm process from running?

The answer, of course, is that it damn well better not.

It becomes important, then, to prevent components from interfering with one another. In fact, this principle is baked into the ISO 26262 functional safety standard for road vehicles, which defines interference as:

    "...the presence of cascading failures from a sub-element with no ASIL [Automotive Safety Integrity Level] assigned, or a lower ASIL assigned, to a sub-element with a higher ASIL assigned leading to the violation of a safety requirement of the element”

To put it crudely, less important stuff can't stop more important stuff from happening.

So how do you prevent interference? One approach is through isolation. For instance, a system may implement spatial isolation between application processes. This would include mechanisms for interprocess communication and interprocess locking that prevent one process from inadvertently affecting another.

Mind you, there are multiple types of interference, so you need to implement multiple forms, or axes, of isolation. Time for a picture:

In general, you need to determine what does, and what doesn't, need to be isolated. You also need to identify which components are apt to be delinquent and build a cage around them to protect more critical components. Which brings me to a recent paper by my inestimable colleagues Chris Hobbs and Yi Zheng. It's titled "Protecting Software Components from Interference in an ISO 26262 System," and it explores techniques that can help you:

  • implement the component isolation required by ISO 26262
  • demonstrate that such isolation has been implemented

And while you're at it, check out the other titles in our "safe" whitepaper series. These include "The Dangers of Over-Engineering a Safe System" and "Ten Truths about Building Safe Embedded Software Systems."

And don't worry: there's nothing delinquent about downloading all of them.

This post originally appeared in the QNX auto blog.


Can a safety-critical system be over-engineered?

Too much of a good thing?
It's a rhetorical question, of course. But hear me out.

As you can imagine, many safe systems must be designed to handle scenarios outside their intended scope. For instance, in many jurisdictions, passenger elevators must be capable of handling 11 times more weight than their recommended maximum — you just never know what people will haul into an elevator car. So, if the stated limit for a passenger elevator is 2000 pounds, the actual limit is closer to 22,000 pounds. (Do me a favor and avoid the temptation to test this for yourself.)

Nonetheless, over-engineering can sometimes be too much of a good thing. This is especially true when an over-engineered component imposes an unanticipated stress on the larger system. In fact, focusing on a specific safety issue without considering overall system dependability can sometimes yield little or no benefit — or even introduce new problems. The engineer must always keep the big picture in mind.

Case in point: the SS Eastland. In 1915 this passenger ship rolled over, killing more than 840 passengers and crew. The Eastland Memorial Society explains what happened:

    "...the Eastland's top-heaviness was largely due to the amount and weight of the lifeboats required on her... after the sinking of the Titanic in 1912, a general panic led to the irrational demand for more lifesaving lifeboat capacity for passengers of ships.
    Lawmakers unfamiliar with naval engineering did not realize that lifeboats cannot always save all lives, if they can save any at all. In conformance to new safety provisions of the 1915 Seaman’s Act, the lifeboats had been added to a ship already known to list easily... lifeboats made the Eastland less not more safe..."

There you have it. A well-intentioned safety feature that achieved the very opposite of its intended purpose.

Fast forward to the 21st century. Recently, my colleague Chris Hobbs wrote a whitepaper on how a narrow design approach can subtly work its way into engineering decisions. Here's the scenario he uses for discussion:

    "The system is a very simple, hypothetical in-cab controller (for an equally hypothetical) ATO system running a driverless Light Rapid Transit (LRT) system...
    Our hypothetical controller has already proven itself in Rome and several other locations. Now a new customer is considering it for an LRT ATO in the La Paz-El Alto metropolitan area in Bolivia. La Paz-El Alto has almost 2.5 million inhabitants living at an elevation that rises above 4,100 meters (13,600 ft.—higher than Mount Erebus). This is a significant change in context, because the threat of soft and hard memory errors caused by cosmic rays increases with elevation. The customer asks for proof that our system can still meet its safety requirements when the risk of soft memory errors caused by radiation is included in our dependability estimates..."

So where should the engineer go from here? How can he or she ensure that the right concerns are being addressed? That is what Chris endeavours to answer. (Spoiler alert: The paper determines that, in this hypothetical case, software detection of soft memory errors isn't a particularly useful solution.)

Highly recommended.


All roads lead to QNX at embedded world 2013

Montreal, my home town, was once known as a city of churches. So much so that Mark Twain famously quipped, "this is the first time I was ever in a city where you couldn't throw a brick without breaking a church window."

If Mr. Twain were alive today and able to visit embedded world 2013, he might make a similar comment about QNX. Because it seems that, wherever you turn at embedded world, someone is demonstrating a QNX-based system.

Multimedia and wireless demos
First stop is the QNX booth, where you'll find a natty new demo designed to showcase our support for wireless, video, and HMI technologies. Among other things, the demo shows how QNX lets you work with a mix of application and graphics environments, including Qt 5.0, OpenGL ES 2.0, and Crank Software’s Storyboard Suite.

Power up the demo, and you'll see several applications, including a medical monitor:

and a speedometer:

You'll also find games, a digital thermostat, a photo viewer, an audio meter, and several other demo apps. And did I mention? You can find two of these demo systems in the QNX booth, one based on a Freescale i.MX 6 SABRE Lite board and the other on a TI AM335 Starter Kit board.

PLC demos
If you're a hard-core industrial developer, be sure to catch the two programmable logic controller (PLC) platforms in the QNX booth. These platforms were a group effort: QNX provided the OS; companies like IsaGRAF, KW-Software, and koenig-pa provided the ladder logic and EtherCAT software; and Freescale and TI provided the hardware — one platform is based on a Freescale QorIQ TWR-P1025 Tower System Module, the other on a TI Sitara AM335x ARM Cortex-A8 processor.

The purpose of these platforms is simple: to reduce the time and cost of developing PLCs and other industrial systems. If you're interested, the eval software for the platform based on the Freescale module is now available for download from the QNX website.

QNX CAR platform demo
No, we didn't drive the new QNX concept car to embedded world. But we did bring a demo of the QNX CAR application platform, and from what I hear, it's driving lots of booth traffic (pun fully intended). Here's a snap of the demo, taken on the show floor:

Lotsa partner demos
Take a walk down the aisle, and you'll soon come across several other vendors showing QNX-based systems. Here are the ones we've identified so far:

Acontis is demonstrating its EC-Motion EtherCAT motion library running on the QNX Neutrino RTOS and a TI Sitara AM335x ARM Cortex-A8 processor. Hall 1/1-538.

Crank Software is demonstrating an automotive demo based on the QNX CAR application platform. Hall 4/4-330.

Digia is demonstrating “Qt 5 on the QNX platform – a Cinematic Experience,” which will show many new features in Qt 5 Qt Quick 2. Hall 4/4 – 520.

Freescale and koenig-pa are demonstrating a PLC reference platform that integrates koenig-pa EtherCAT protocol software, ISaGRAF PLC firmware, and the QNX Neutrino RTOS on a Freescale dual-core QorIQ P1025 processor. Hall 4A/4A-206 and Hall 5/5-425.

KDAB is showcasing an IP camera demo written in Qt5 and QML, and running on the QNX Neutrino RTOS and a Freescale i.MX 6 SABRE Lite ARM Cortex-A9 platform. Hall 4/4-622.

KW-Software is demonstrating a PLC development platform developed in collaboration with QNX Software Systems, TI, and koenig-pa. Hall 1/1-446.

MPC Data, a Bsquare Company, is showcasing a high-performance graphics demo based on OpenGL and the QNX Neutrino RTOS. Hall 4A/4A-108.

Xilinx is showcasing a high-precision, low-noise, multi-motor electrical drive demo running on the QNX Neutrino RTOS. Hall 1/1-205.

For more details on these demos, check out the press release that QNX issued this morning.

The joy of talking
Several QNX experts are presenting technical talks at embedded world:
  • Clear SOUP and COTS Software for Safety-Critical Systems — Tues, Feb 26, 14:00 - 14:45, Session 03
  • The Joy of Scheduling — Thurs, Feb 28, 10:00 - 10:30, Session 19
  • Ten Truths about Building Safe Software — Thurs, Feb 28, 14:15 - 15:00, Session 21
  • Issues in M2M Communication for Software and Firmware Updates — Thurs, Feb 28, 16:30 - 17:00, Session 24

So, if for some strange and inexplicable reason, you want to avoid all things QNX, don't go to embedded world this week. Because once you arrive, there will be no escape. :-)


Acontis releases new EtherCAT motion library for QNX Neutrino operating system

This just in: Acontis, a leading provider of EtherCAT software and realtime hypervisor technology, has announced that its new EC-Motion product is now available for the QNX Neutrino operating system.

So what, exactly, is EC-Motion? In a nutshell, it's a C/C++ motion control library for EtherCAT drives (i.e. the electronic systems that control industrial motors).

According to Acontis, the EC-Motion library supports all of the single-axis movement commands specified in the PLCopen standard, eliminating the need for additional (and costly) hardware. It also allows the developer to:

  • implement applications for multi-axis coordinated movements
  • operate EtherCAT drives in cyclic synchronous position mode (CSP) or cyclic synchronous velocity (CSV) mode
  • easily integrate the EC-Motion library into custom motion applications as well as into a programmable logic controller (PLC) runtime environment

Here's the EC-Motion architecture at a glance:

Demo on BeagleBone computer
Acontis also announced that it will demonstrate EC-Motion for QNX at the embedded world conference, from February 26 to 28 in Nuremberg. The demo will run on a BeagleBone, a credit-card-sized computer based on Sitara ARM AM335x Cortex-A8 processors from Texas Instruments. The demo will show a Yaskawa Sigma-5 EtherCAT drive running in cyclic synchronous velocity mode.

If you plan to attend embedded world, you can catch the demo at the IXXAT Automation GmbH stand, Hall 1/1-538.

For more details, read the Acontis press release.


10 truths about building safe embedded software systems

I wish I could remember his exact words. But it has been a long time — 20 years — and my memory has probably added words that he never wrote and removed words that he did write. That said, this is how I remember it:

    "We all strive to write bug-free code. But in the real world, bugs can and do occur. Rather than pretend this isn't so, we should adopt a mission-critical mindset and create software architectures that can contain errors and recover from them intelligently."

The "he" in question is my late (and great) colleague Dan Hildebrand. I'm sure that Dan's original sentences were more nuanced and to the point. But the important thing is that he grokked the importance of "culture" when it comes to designing software for safety-critical systems. A culture in which the right attitudes and the right questions, not just the right techniques, are embraced and encouraged.

Which brings me to a paper written by my colleagues Chris Hobbs and Yi Zheng. It's titled "Ten truths about building safe embedded software systems" and, sure enough, the first truth is about culture. I quote:

    "A safety culture is not only a culture in which engineers are permitted to raise questions related to safety, but a culture in which they are encouraged to think of each decision in that light..."

I was particularly delighted to read truth #5, which echoes Dan's advice with notable fidelity:

    "Failures will occur: build a system that will recover or move to its design safe state..."

I also remember Dan writing about the importance of software architectures that allow you to diagnose and repair issues in a field-deployed system. Which brings us to truth #10:

    "Our responsibility for a safe system does not end when the product is released. It continues until the last device and the last system are retired."

Dan argued for the importance of these truths in 1993. If anything, they are even more important today, when so much more depends on software. If you care about safe software design, you owe it to yourself to read the paper.

Using dynamic code analysis to support FDA approval

Making a safety case for what goes
in the case
It isn’t enough to create a medical device that is safe to use. You must also demonstrate that it meets safety requirements. Otherwise, how do you know that it is indeed safe? And how can you have it approved by the FDA, MDD, MHRA, or any other regulatory agency?

If you’re familiar with such agencies, you’ll know that they approve the device as a whole, not its constituent parts. And yet, the device manufacturer must still present evidence to demonstrate the dependability of the device software. Hence, close attention to software development practices — together with appropriate validation tools and techniques — is key to securing regulatory approval.

Enter dynamic code analysis. Unlike static analysis, which analyzes source or object code without executing it, dynamic analysis examines compiled code while it is running. As a result, it tests not only the source code, but also the compiler, the linker, the development environment, and, potentially, the target hardware. Dynamic analysis generally involves code coverage analysis and unit testing; together, these can provide an effective way to detect software errors and to demonstrate what software has been exercised.

If you’re interested in how dynamic code analysis can support demonstrations of compliance with safety requirements, look no further than the recent paper, Using Dynamic Software Analysis to Support Medical Device Approval, written by Chris Ault of QNX and Mark Pitchford of LRDA. Among other things, it reviews the key capabilities of dynamic analysis tools and provides tables that map development activities with requirements in the IEC 62304 standard for medical device software.


The world's first computer art?

The year is 1956. You are a mainframe programmer writing software for a U.S. military computer. You have the opportunity to create the first art to be displayed on a computer screen. What would you draw?

I love nature, so I'd probably choose a tree or a flower or a mountain — something that would be seen as a universal symbol of beauty. As it turns out, the programmer who created the first computer art chose a somewhat different form of beauty: a pin-up girl.

I kid you not.

You can read the entire story on the Atlantic website.


Prefer your whitepapers in German? Have I got a link for you

Germany has long been a strong market for QNX technology, particularly in the industrial, medical, and automotive sectors. Consider, for example, the many cars from Audi, BMW, Mercedes, and Porsche that ship with QNX technology on board.

It's no surprise, then, we've been redoubling our efforts to publish our latest technical whitepapers in German. So if you sprechen sie Deutsch (I hope I said that right) better than you speak English, I invite you to visit the German section of our whitepapers page.

Papers include:

  • Wann genau benötigt man ein Echtzeitbetriebssystem?
  • Funktionale Sicherheit komplexer Software-Systeme – Teil 1
  • HTML5 – die Zukunft des In-Car Infotainment?

    For the full list of papers, click here.

  • 1/16/2013

    New wallpaper for your BlackBerry PlayBook — QNX concept car 2013

    Our good friend (and ace graphics designer) Michael Ball took some excellent photos of the new QNX technology concept car, just before it was shipped to 2013 CES. I thought this photo looked especially cool when displayed on my PlayBook tablet, so I converted it into a wallpaper that you can download from my Flickr page:

    To download the wallpaper to your PlayBook:
    1. Go to http://www.flickr.com/photos/paulleroux
    2. Tap the wallpaper.
    3. A larger image will appear. Tap Actions, then tap View all sizes.
    4. An even larger image will appear! Tap Download the Large size of this photo.
    5. Your PlayBook will ask you to enter a file name. Type something meaningful, such as concept_car_wallpaper.jpg, and tap Save.
    6. From the PlayBook home screen, tap Pictures, then tap Downloads.
    7. Tap the wallpaper you want, swipe from the top of the screen and tap Set as Wallpaper.

      You're done!

    Using Crank Storyboard to create an automotive user interface

    Just how adept is the QNX CAR application platform at supporting a variety of user interface technologies and toolkits?

    From the beginning, we've promoted flexibility as a key quality of the QNX CAR application platform. For instance, the platform lets you work with a variety of user interface technologies, including HTML5, Qt, OpenGL ES, and others. What's more, it lets you blend UI components built with different technologies on the same display, at the same time. You're not forced into using a single API or toolkit.

    When it came time to build our new technology concept car, we decided to put this flexibility to the test. After all, the whole point of the concept car is to demonstrate the capabilities of the QNX CAR platform. So, for the first time, we tried building a user interface with the Storyboard Suite from Crank Software.

    How well did the QNX CAR platform and Storyboard work together? I think the results speak for themselves. For instance:

    Of course, this photo can't demonstrate the smooth animations and snappy performance of the car's user interface. For that, I recommend one of the videos shot at CES, including the excellent video from TI.

    So why did we choose Storyboard? For one thing, it allowed our concept team to take UI components created in Photoshop and import them directly into their live design. Rather than spend days or weeks recreating the UI in code, the team's engineers were able to start with what the UI designer provided. Which made prototyping and fine-tuning the UI a lot easier.

    Mind you, that wasn't the only reason the team used StoryBoard. But instead of listening to me blather about it, check out this video:

    Key takeaway: If you're building a UI for your QNX-based system, you owe it to yourself to check out Crank's Storyboard Suite. You can learn more on the Crank website.


    Missed the latest QNX Source newsletter? No worries!

    If you follow this blog, you may have noticed that I encourage everyone to sign up for the QNX Source newsletter. It is, in my humble opinion, the best way to keep tabs on the latest QNX videos, press releases, products, software updates, webinars, and whitepapers. (Mind you, I write the newsletter, so perhaps I'm not so humble after all. :)

    Seriously, though, I encourage you to subscribe today. If you want to know what you're missing — or if you missed a recent edition — no problem. We're now archiving past issues on the QNX website.

    Just click here to visit the newsletter archive, and you can catch up on a whole years' worth of news. (You'll notice that we didn't issue a newsletter in December — but believe me, January will be a doozy.)


    QNX at 2013 CES: The media's take

    The show ain't over yet, but already, media coverage of the QNX concept car at 2013 CES is pouring in faster than my modest brain can handle. I'm still catching up, but here, in no particular order, are my favorite stories so far.

    I'd love to hear what you think of what the media is saying. So before you go, let me know!

    Car Design NewsQNX Car 2 at CES 2013 (video)

    TechnoBuffalo — Chevy, Ford, and QNX at CES 2013 (video)

    That's it for now. I aim to post some more stories and videos early next week. Stay tuned.

    This post originally appeared on the QNX auto blog.