Imagine cruising down the highway, relying on your car’s infotainment system to guide you, only to have it suddenly glitch, leaving you in a state of confusion and frustration. It’s a scenario that many of us have experienced, and it raises an important question: Shouldn’t an infotainment system be considered as critical to our safety on the road as airbags and seatbelts? As someone who has architected software for an OEM, I never thought I’d be asking this question – my first thought is “no, they aren’t anywhere near the same”. However, recent experiences with my own infotainment system have led me to rethink the role of these seemingly innocuous car features in our overall safety.
Fixing the faults
I love my F-150’s infotainment system. It looks and works great, and I’ve come to depend on it being there. But one of the hazards of an “evergreen” and OTA-friendly software development workflow is that software validation isn’t going to be as thorough as it might have been when systems were “ship and forget”. Recently, my F-150 started exhibiting new issues. Like the navigation system giving an endless hourglass before showing the map the first time after booting – something that is usually remedied by switching screens away and back to the nav. More problematic is that several times within the last month, the infotainment system went haywire, usually hanging while booting or failing to boot at all. As a result, I’ve re-examined my perspective on functional safety in infotainment.
One time was when I was backing out of a parking spot in a town about 500km from home. Instead of booting to the map, the system got stuck on the 3D Ford logo. No backup camera, no map, no radio. I depend on the backup camera and the 360-degree bird’s-eye view to get me in and out of tight parking spots. (It is a truck, after all.) When the camera didn’t come on, I ended up doing a little dance with the park, reverse, and on/off, trying to reset the infotainment system. I wasn’t paying attention to anything but the malfunctioning infotainment system. Thankfully, I was only moving a few feet back and forth in the parking spot, but my attention was fully focused on the system – which did eventually come back to its senses.
The second time was a couple days after I’d gotten home from that trip. I took a quick trip to the grocery store and the screen remained black when I turned on the car. No infotainment, no map, no radio, no Ford logo even. The car drove perfectly fine, and I knew where I was (under 1 km from my house), so I didn’t need a map. But I was highly distracted by the system remaining dead. I turned the car on and off a couple times at a four-way stop sign, waving other people through while I fiddled with the truck’s controls. It did eventually reboot and come up properly, but again, I was very much focused on trying to get the thing back online rather than paying attention to driving.
Infotainment safety level
The infotainment system does not control the car’s safety systems or driving features so an automotive infotainment system is usually considered to fall under the ISO 26262 QM (Quality Management) safety level. If the system contains a backup camera, the infotainment system rating might be elevated to ASIL-A, the lowest functional-safety level.
Does an infotainment system have a functional safety aspect? Not solely based on its purpose, no. However, I’m not certain that’s the right question. Does the absence of a properly functioning infotainment system have a functional safety aspect? I think we can make a case that yes, it does. I’m sure I’m not the only one who has personal experience with a non-functioning infotainment system being a major contributor to driver distraction.
Are we thinking about ASIL wrong?
We’re pretty regularly used to rebooting our phones and laptops when things go awry. But it’s rarely a case where those reboots put us in a life-or-death situation. When our infotainment system – or any other in-car system – malfunctions, it’s a much more serious problem because of the driver distraction that it causes.
I readily admit that I’m not a functional safety expert. But it seems that the potential for driver distraction in any car system has an impact on those component ASIL ratings that as an industry we aren’t addressing. That’s especially true for things like the infotainment system that usually don’t merit an ASIL consideration yet can be a major source of distraction. It’s easy to imagine bugs or crashes that would have much more serious implications for driver distraction, such as malfunctioning media players blasting high volume noise or display-driver bugs scrambling the screen. Even if those type of situations are currently considered in safety assessments, maybe they aren’t weighted as heavily as they should be.
Am I totally off base here? Some of our Third Law audience are experts in this field – I’d love to hear your thoughts.