The Embedded Systems Problem

The Embedded Systems Problem

We have decided not to waste time and space in explaining the generic Year 2000 bug as there is ample written about it on the net. If you need information about it we have included some URL's in our links page.

The embedded Systems problem is, not surprisingly, still a black hole. The reason that the identification of the compliancy of devices and their affect on the environment in which they operate is complicated is as a result of a number of factors. These include

lack of standards and documentation
few or no firmware upgrades
the permutational effect of :

-the components used within the device
-the configuration of the components within the device
-the way these components have been asked to react by the developer of the device
-the data received by the device from external sources, electronic or manual
-the way the data transmitted by the device is read and interpreted by other devices

lack of understanding by manufacturers of the Y2K bug
Equipment often consists of many layers of bought out sub-assemblies from many suppliers

It is only after many years of experience in this project that we have been able to identify a large number of areas in which devices are exposed to the turn of the century.

There are for example devices in which the design engineer ingeniously uses a static RAM to component cross check after a device has had had an unscheduled power down. This crosscheck ensures that the Static Ram has not been corrupted and that the integrity of the components has not been compromised in which case it reverts to a fail safe routine. One of these crosschecks is to ensure that the date in RAM is older than the date being read from the component structure such as the RTC or EPROM. What the engineer was not to know was that the component structure reaction to the turn of the century varies from assuming a date back a century or to the EPROM's earliest understood date through to generating #0, ??, and a number of other faulty year identifications. This fault is one of the better known incidences among Engineers concentrating on this problem but what is often overlooked is that the device itself might not use a date for any of its primary or subsidiary functions and just happens to have a component which is supplied with a date function which the design engineer decided to take advantage of. This error is unlikely to reveal itself before the Year 2000 in normal usage.

Another insidious problem is one often referred to as a "Register overflow" although it is not restricted to date data reads in registers alone but in all the data read and storage facilities available to the engineer. This results when an incremental year counter moving from 99 to 100 results in an extra character which if not discarded "corrupts" all the other stored and manipulated data by 1 character. Again the device itself might not appear to have any date usage as part of its primary or subsidiary functions but the engineer in his foresight decided to make the date readily available in the event that a future upgrade to the device might make use of the date function supplied with one of the components.

These are examples of errors which result in a device being classified as a category "A" device on our database, which is essentially a device which experiences a primary function failure as a result of its non-compliance and without any external influence. These types of failure are relatively rare and of the 650,000 tested devices on our database only +-7000 devices or 1% are category "A" devices. Examples of these types of devices are a Telxon hand held scanner and a Aircomp 3/884D Compressor.

By far the greatest problem is a category "B" device which as a result of its interaction with other devices experiences or induces a primary function failure. The difficulty with this fault is that it can often only be identified by examining a restricted or non-compliant device in its environment.

Devices where this error is more noticeable are the Programmable Logic Contollers such as a Siemens S5/115 PLC interacting with any other device or program. The Siemens executive (Operating System) on these PLC'S simulates an RTC function (time and date) as there is no on board RTC on this device. When this executive runs through the turn of the century it returns ?? (2 question marks) when reading the date back as it does not recognise a year with a leading 0 (zero). Any device, SCADA System, equipment or MES system reading this date will be confused resulting in reaction which is in certain circumstances a fail safe routine.

The INTOUCH SCADA system has configureable tags to display certain functions in PLC's connected to itself. When it reads a date from a Texas Instruments TI 545 or TI 555 PLC at the century rollover, the read and displayed date and time on the reading tag stops! If it is obtaining a reading from 1(one) PLC the time function displayed in the tag continues to operate 1 hour after midnight. If reading from 2 or more PLC's the time and date function does not resume without human intervention.

The ABB PLC 260/1, although supplied with a compliance certificate and manufactured according to an ISO9000 rating happily accepts and returns a date of 31/02/2000. This is not however restricted to PLC's as an investigation of a Milltronics Level Transmitter (an Analogue device !! with data capabilities) will reveal.