Need informed opinion on embedded systems remediation

greenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread

On another BBS, in a thread on Y2K, a post of mine on the difficulty of locating and fixing all critical embedded systems was answered with this:
"a system needs a place to store its date when the power is shut down (CMOS RAM, or whatever). If it doesn't do this, the date will be set to default, and there will be no danger. If there is CMOS RAM and the date is stored there (here the amount of afected systems is getting smaller), then the only thing that has to happen is to clear this RAM with default values. This can be done most of the times with a soft or hardware method. A very simple procedure. No chip-replacement is necesary."

I've read Frautschi and a few others on embedded systems, and this post seemed a little naive to me. (The writer is a programmer in a European country.) But I'm no expert, not even a skilled amateur in this business. Could someone discuss the argument made in the post above?

-- Tom Carey (tomcarey@mindspring.com), December 21, 1998

Answers

I've posted on this before, so I'll keep it short this time.

There are only two ways an embedded system can get into Y2K trouble:

1. It contains a realtime-clock chip with battery backup AND A HARDWARE DESIGN FAULT that causes other functions to go awry come 2000. (Such chips do exist, sadly)

2. It performs operations based on reading the calendar date from a realtime clock, AND has a software Y2K bug, AND has battery backup or access to a timesource so that the clock holds the true date.

Very many embedded systems are neither. For example, they may use a realtime clock rather than a counter timer because the RTC chip was cheaper, but omit the battery because the system cares only about the passage ot time, not what date it is. Such a system will never reach Y2K provided it is powered down occasionally.

Unfortunately, it's very labour-intensive finding out which embedded systems ARE vulnerable, and in many cases if definitive information is no longer available one may have to replace just to be sure. So it's a really big problem, even though probably only a small percentage of systems have anything to go wrong!

-- Nigel Arnot (nra@maxwell.ph.kcl.ac.uk), December 21, 1998.


And the 'hidden date' systems must start on the factory default - so even if they have a battery backup (very unlikely) they are going to be running years behind.

Most of the numbers I have seen on affected PLC's seem to be taken just from estimates of how many PLC's have a dating function. They are way high.

-- Paul Davis (davisp1953@yahoo.com), December 21, 1998.


Moderation questions? read the FAQ