BoingBoing just posted about an analysis of the breathalyzer system written by AlcoTest where the following *stunning* failures were revealed in a report assessing the fitness of the code for a court case:

• Readings are Not Averaged Correctly: When the software takes a series of readings, it first averages the first two readings. Then, it averages the third reading with theaverage just computed. Then the fourth reading is averaged with the new average, and so on. There is no comment or note detailing a reason for this calculation, which would cause the first reading to have more weight than successive readings. Nonetheless, the comments say that the values should be averaged, and they are not.
• Catastrophic Error Detection Is Disabled: An interrupt that detects that the microprocessor is trying to execute an illegal instruction is disabled, meaning that the Alcotest software could appear to run correctly while executing wild branches or invalid code for a period of time. Other interrupts ignored are the Computer Operating Property (a watchdog timer), and the Software Interrupt.
• Code Does Not Detect Data Variations.
• Error Detection Logic: The software design detects measurement errors, but ignores these errors unless they occur a consecutive total number of times. For example, in the airflow measuring logic, if a flow measurement is above the prescribed maximum value, it is called an error, but this error must occur 32 consecutive times for the error to be handled and displayed. This means that the error could occur 31 times, then appear within range once, then appear 31 times, etc., and never be reported. The software uses different criteria values (e.g. 10 instead of 32) for the measurements of the various Alcotest components, but the error detection logic is the same as described.
• Defects In Three Out Of Five Lines Of Code: A universal tool in the open-source community, called Lint, was used to analyze the source code written in C. This program uncovers a range of problems from minor to serious problems that can halt or cripple the program operation. This Lint program has been used for many years. It uncovered that there are 3 error lines for every 5 lines of source code in C.

Reading the full report is a damning indictment on a piece of software which has failings in so many ways, it’s hard to believe it even actually got to production. As BoingBoing pointed out the software companies who develop these kinds of systems  (voting machines & breathalyzers) cry foul of ‘trade secrets’ at the mention of a review of the source.  This tactic is to software what Monsanto flexes in genetic engineering (interesting that open-source GM has been mooted).

This rare insight reminded me again why Agile methods, openness and transparency and holding oneself and one another to a high standard of quality are central to knowing you are delivering software which is fit for purpose (at the very least), and which ideally is well made, thoroughly tested and makes both the customer and the developers happy.