Software and runaway acceleration

On October 24th of 2013, a state-court jury in Oklahoma determined that software in the electronic throttle system was defectively designed.

I had surmised that the cases of runaway acceleration in some Toyota cars resembled a situation I have encountered a number of times in testing software. The problem is called spinning; the symptom is when a software program consumes a lot of CPU cycles but is unresponsive to external inputs and causes the whole computer to run slow or become completely unusable. Typically, the only remedy is to somehow stop the program or power cycle the computer.

There are a few reasons that a program can get into the state of spinning, but the actual behavior is very similar in every case. The program reaches a point in which it tries to do something and because it is unsuccessful, it tries to do it again. This particular situation is a common one in software and in most cases, a program can handle the situation without a problem.

But in the case of a spinning program, the algorithm to deal with the unsuccessful attempt provides no path for reporting or backing off. Instead the program retries the attempt time and time again with a very short interval between. It is from this situation that the name spinning derives. Think of the logical flow of software in which a test is made and the result is negative; the subsequent branch is to go back up and try again. Software that is prone to spinning falls into the same loop and repeats it.

What are some algorithmic reasons for a spinning process? Here are two I have seen: a program does a check for a status that is "always there," but something occurs so that it is not. There are two sections of a program which update the same memory element, one locks the element so that it can update it but it is then interrupted, leaving the second section of code unable to proceed but continuing to check anyway.

Unlike an animal, software will not tire of this. And if the loop is sufficiently unencumbered, the program will consume all available CPU time. This tightly looping section of software then precludes other activity on the processor. In an automobile, the throttle controls how much gasoline is sent to the engine. If it gets in a predicament in which it only has a signal to send more and there is nothing to change this, a car will run without restraint.

I once came upon a Toyota car that had charged out of control in a parking lot. It had hit a parking brick, leapt over it, then crashed through a line of bushes and stopped when it hit a tree. The driver was a woman of about 60 years. She said she had pulled into the lot and turned the car in a half circle to pull into a spot facing the street. But as she straightened the car to enter the space it lurched forward uncontrollably until it hit the tree.

It would not have been unreasonable to ascribe the situation to a panicked driver who mistakenly pushed down on the accelerator instead of the brake as she pulled into the parking space. However, there was one factor which suggested to me that was not the case. If you have ever been in a vehicle that has rammed and then bounced over an obstruction you will know what I mean. It is hard to keep a foot on the accelerator pedal when a car makes such violent movements.

Based on these assumptions and observations, how can software be blamed for this situation? In modern automobiles, there are hundreds of thousands if not millions lines of code. A good portion is given over to the control of gas and air that is sent to the engine. This type of control provides a powerful mechanism to regulate not only the amount of gas, but also the timing for when it reaches the cylinders of the engine. Normally, one would expect some kind of feedback mechanism to provide an indication to limit the input of gasoline.

But consider a situation in which a car is turning and changing speed while it attempts to park. As a car turns each wheel spins at a different speed. It is conceivable that software helps to synchronize and control the rate of tire rotation through the turn. In the case witnessed, it is possible that the timing of the change from acceleration to braking may be different from what is normally encountered during driving.

Here is how it may happen. Presuppose a state exists in which only the software controls acceleration and braking; or one that is initially triggered by a driver's action, such as applying pressure on the brake pedal, but then makes detailed adjustments which involve minute increases in acceleration to ensure an even, smooth stop. These are likely very short bursts that are countered by feedback from sensors measuring the rotational speed of the wheels. While in the mode of acceleration even though the brake pedal is being pushed and acceleration is indicated by the software, a change occurs in the state representing the pedal. This occurs in an incredibly short interval of time and interrupts the signal that normally ends acceleration, but because the other change has arrived the software cannot exit the routine and it begins applying acceleration with no way to counteract it.

As mentioned earlier, this mode of failure resembled situations encountered during testing of other software applications. With the ever increasing reliance on computation in the function of an automobile, it will be no surprise when other failures only seen in less mechanized applications show themselves. This type of failure is also an indication of the increasing movement away from human control over mechanical devices and the difficulty in separating the human responsibility from the machine malfunction.

Allegory in Two Works by Stephen King

Stephen King wrote the Green Mile, except that I only saw the movie. But I did recently read a short story he wrote called, Ayana. The stories are similar in that unlikely characters have an incredible power to remove serious illness from other people. In the movie, it is a large black man who cures a (white) man's urinary tract infection, heals a woman dying of cancer and saves a mouse from an untimely demise. The short story's title is the name of a small, blind black girl whose kiss of the narrator's dying father immediately brings recovery.

I can imagine that Stephen King chose black people as the medium for transmitting miracles because most whites had no trouble imagining blacks as having a mystery about them. There was, and to an extent still is, a separation between life as experienced by whites and that experienced by black folk. Therefore, it becomes natural to consider something not known well in a fanciful way.

But I also see his choice as part of an allegory that matches the societal intention to squeeze the members of the black race of their lives. That discriminatory laws, customs and implementations existed is not in dispute. What carried further beyond a legal framework was a willingness to not only discount the experience of black life but to also descend into a repudiation of its existence.

An act like this is fundamentally violent, but when it is transposed into literature the focus is on the life-giving aspect rather than the taking away of it. This is natural when written from the perspective of the economically dominant race. It is not entirely untrue, but it does downplay the diminishing aspect to the giving up of life. And it completely ignores the devastating impact of this discount when cast upon one people by another.

I have no idea if this perspective captures what the author had in mind when writing these tales. But I do think it is reflective of a theme played out in our society and when it is expressed as literature the portrayal is of beneficence rather than exploitation. I see this differed rendering as symbolic of a societal cleft that may or may not have been the author's intent to depict.

The Downside of Forced Ranking

"Microsoft Abandons 'Stack Ranking' of Employees"

A large company with a high number of employees is in a business in which the market and technology that drives it is changing. There is a need to keep employee costs under control, reward prized workers who are the best performers and make room for younger ones. To keep the company competitive, there is pressure put on the profit centers to stay productive which translates into identifying and ranking employees by their relative value in the organization.

As stated, this may resemble the method for assessing and compensating employees that occurs in most businesses with more than 50 employees or so. However, an added twist that came about was to assign a quota, or number, to each level of rank. It was meant to be a way to identify top performers but also those who were below average. Imagine the attitude of an arborist chopping the branches of a tree, "by cutting away I am ultimately making what remains stronger and more likely to survive."

This approach to personnel management was adopted and implemented by General Electric. Because that company showed financial wherewithal that others could not replicate, its method for trimming under performing workers was popularized as a key factor propelling the company's success. Without a view into the internal processes, others could only believe when GE touted forced ranking and the associated culling as the real deal.

Other large American companies, such as Motorola and Microsoft, adopted schemes similar to what worked at GE. At Motorola, it was initially called RPA, Relative Performance Assessment, while Microsoft's is referred to as Stack Ranking. I have also heard the term, "Rank and Yank" used to describe a similar method. The key element in all of these programs is a requirement to identify a certain number of employees for each layer of the stack, including those deemed under performing.

But when it is a policy in place during a downturn and layoffs have already trimmed a team, a manager is forced to be creative when coming up with reasons for assigning poor rankings. In situations like these, the justification for a Did Not Meet Expectations is often less than convincing. Perhaps this is due to the inarticulateness of the manager or because the choice of this individual to be ranked in this way was not theirs.

One other factor is that the criteria for measurement become retrospective; that is, because objective measures are not useful, the solution is to look back and see if there are other behaviors which can be examined. This breaks the link of relevance between what the stated goals were at the start for the individual or organization and how ranking ended up.

During my early days at Motorola, a firm was hired to examine communication within our team. One overarching aspect of an organization, they said, was the natural tendency for team members to gravitate away from cooperation their work and toward isolation. Because the firm was hired, it would follow that techniques used to improve communication and foster teamwork would be in the best interests of the company. Over time, however, this atmosphere of teamwork began to fade. And when forced ranking was adopted its impact was to remove the motivation that many workers may have had to assist coworkers. The feeling became more like every man for himself.

Through the first couple of years of its use at Motorola, forced ranking was, at least in name, a means to distinguish the top performers and justify differentiated compensation. A corresponding feature is that it was also somewhat punitive toward those consigned to the lower echelon of performance. But despite this, in these early days, it was seen as more a scolding, albeit a financially painful one, than a target.

But even during this time, the process for determining ranking was not always fair. Similarly, the outcomes were not necessarily convincing and could reflect not so much a deficiency to be corrected as a suggestion for making your work better known among the other managers. And the financial cost was painful: no raise for those given the lowest ranking and a much below average share of the variable pay given based on company and personal performance for the prior year.

In later years, when the company was honing their skills at letting people go, a low ranking was a near guarantee for a later dismissal. In retrospect, it made perfect sense from the company's perspective; it created a ready supply of headcount to be offered when cutbacks were announced and these were individuals already identified as poor performers. In essence, it became a way to hide things like age discrimination or even personal vendettas. These could be embodied in the ranking process which remained hidden from outside view.

In a larger sense, these actions are part of the prerogative a company has in how they want to run their business. Illinois is an "at will employment" state, so just as an employee is not bound to stay at a company, they are not compelled, except for some notification regulations, to provide excessive justification for laying off an employee.

One other point regarding Motorola, is that they did provide severance payments and job training. Ironically, at least from the perspective as one let go more than once from Motorola, the provision of this money toward employee dismissals and the placement service made the whole process seem part of a normal business practice.

But despite the right of a company to lay off an employee because of economics and the efforts made to soften the landing of discarded workers, the process of ranking was disruptive and exacerbated the negative tendencies inherent in humans. This came about mostly because of the need to find candidates for the lowest echelon when no one objectively merits such a ranking.

Faced with such a situation, I have known managers who have resorted to citing a measure of productivity which was not a stated metric for the department, impugning someone for the way they spoke, claiming ineffective communication and blaming an employee for not being voluble in meetings when a goal of the department was to have more effective ones.

My take on the increased disuse of forced ranking is that it may have started with a veneer of effectiveness that was glossed by the favorable economics of the time but over the years fell into being a device favored by the managers of resources whose compensation was predominantly in stock and who had little regard for the human toll and concurrent disruption of morale and teamwork it spawned. In other words, I am glad to see it go.