Breaking News
Automotive DesignLine Blog

NASA enlisted to study Toyota throttles

NO RATINGS
View Comments: Newest First | Oldest First | Threaded View
<<   <   Page 2 / 2
Eric Verhulst
User Rank
Rookie
re: NASA enlisted to study Toyota throttles
Eric Verhulst   4/1/2010 9:19:00 PM
NO RATINGS
It is clear that the automotive industry as a whole, not just one particular brand, is learning the hard way what it really means to replace mechanical parts with electronics and software. It saves fuel and weight, but the complexity is not for free as we are now in the discrete domain. Rigorous requirements/specifications analysis, formal modeling and verification and last but not least a clean architecture. For the safety critical parts like throttle and brakes, only fault-tolerance will do. Triplicate at mechanical, electronic and software level and vote. When there is a failure, it should still work but the next error will put the car in a fail-safe mode (this is now supposedily the standard). Formal development as well as formal verification is a must. Also, generate logs at runtime so that post-accident analysis becomes real and start a mandatory database where all incidents are recorded and analysed. Traffic can be made a lot faster and safer using automatisation but if these fundamental safety engineering principles are not understood, it makes more sense to gives control back to the driver. Beware, safety also means that we make the systems error resilient (introduce graceful degradation) contrary to the current static approach taken in some safety related domains. Eric Verhulst CEO/CTO Altreonic

willflanery
User Rank
Rookie
re: NASA enlisted to study Toyota throttles
willflanery   4/1/2010 4:55:12 PM
NO RATINGS
If it turns out to be an EMI glitch or ordinary software bug, then regulations need to be tightened to prevent such things. Car control systems need to be treated like airplanes' systems. I'm not in that niche, so I don't know what current requirements are, but I'm sure that hardware/software redundancy and coding standards are a good idea. Turning off the ignition will NOT work because the Prius does not have an ignition switch. It uses a "Power" button (computer controlled, obviously) which is disabled while driving. However, you can switch the car into neutral. This is still entirely electronic, but it works, even if fully depressing the gas pedal. Also, the Prius DOES allow the brake to override the gas pedal input. That is one reason that the recent San Diego runaway Prius incident looks like a hoax. Also, while his front brakes were very overheated, his rear brakes were fine, indicating that he wasn't pressing the pedal all the way. RE: Toyota/Citron/Peugeot, I believe the issue was sharing a parts supplier, not sharing a factory.

parkgate
User Rank
Rookie
re: NASA enlisted to study Toyota throttles
parkgate   4/1/2010 3:16:37 PM
NO RATINGS
I don?t believe Peugeot/Citroen share factories with Toyota so it?s unlikely to be the same problem. I?ve drive a Citroen where the accelerator stuck and all I had to do was pull the peddle up with my foot. A drop of oil fixed the problem long term. As I?m in Europe I drive a manual car so I?m not worried about sticking accelerators as all I need do is put my foot on the clutch to stop the car. This is much more of a problem in the US where automatic gear boxes are used. So what is the short term fix to stop people dying in the US? Will turning the ignition off do it? And I believe it?s a failure mode and effects problem and the long term fix is to change the firmware to give the brake pedal the highest priority and shut down the engine. Terry

Dr_T
User Rank
Rookie
re: NASA enlisted to study Toyota throttles
Dr_T   4/1/2010 2:02:50 PM
NO RATINGS
Firmware may not be the exclusive problem here! Here is the thing. NASA or anyone else who attempts to solve this problem will have to do the following. Construct a test station that will probe the firmware, throttle sensor, and any and all other sensors that are interfaced to the engine control unit including any coprocessor involved. A storage oscilloscope channel needs to be established and dedicated for each and every sensor and digital input to the ECU and its coprocessors, if any. Then, and only then will the test engineers put the driver controls through their paces consisting of every throttle and brake position combination possible. MOST LIKELY the problem may be this: during hard acceleration, then deceleration, with and without braking, when one or more hysteresis loops of the mechanical and electronic/electrical systems will be crossed providing an infinite control loop that is almost impossible to detect or reproduce. Every hot rod high performance engine guy knows the following. If you manually take the throttle of a carbureted engine and open it briefly, then close it, then open it, and continue this cycle in just the right way, the engine will backfire because the hysteresis loops of the pneumatic circuits in the carburetor have been crossed!! This is an example of multiple mechanical hysteresis loops that can be easily placed into a failure mode. This failure mode is much more difficult to reproduce, however, when mechanical, digital, and analog electrical components are integrated into a complex control system such as in the Toyota Prius. I estimate that a single such test set up will require approximately half a million dollars in instrumentation for just one station. We are looking for the proverbial needle in the hay stack or worse! LOTS OF LUCK, GUYS!!!!

primeMover
User Rank
Rookie
re: NASA enlisted to study Toyota throttles
primeMover   4/1/2010 9:00:56 AM
NO RATINGS
It's a mechanical issue, that also affected other cars that were built in the same fab (Peugeot 107 and Citroen C1)

parkgate
User Rank
Rookie
re: NASA enlisted to study Toyota throttles
parkgate   4/1/2010 8:19:22 AM
NO RATINGS
Isn't the problem that the firmware doesn't give priority to the brake so if the accelerator is jammed and the driver presses the brake pedal the firmware doesn't resolve the conflict in a safe way? And isn't this a system or requirements issue rather than a low level coding or language issue? Also does anyone know if turning the ignition key off will stop the car? If it does provide a temporary solution than it should be advertised in order to save lives. And before the arguments about Ada vs C start didn't NASA land a man on the moon using some primitive firmware that pre-dated C? Terry

<<   <   Page 2 / 2
Most Recent Comments
DrFPGA
 
Susan Rambo
 
Bert22306
 
DrFPGA
 
DrFPGA
 
DrFPGA
 
Max The Magnificent
 
Susan Rambo
 
Bert22306
August Cartoon Caption Winner!
August Cartoon Caption Winner!
"All the King's horses and all the KIng's men gave up on Humpty, so they handed the problem off to Engineering."
5 comments
Top Comments of the Week
Like Us on Facebook

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)
EE Times on Twitter
EE Times Twitter Feed
Flash Poll
Radio
LATEST ARCHIVED BROADCAST
David Patterson, known for his pioneering research that led to RAID, clusters and more, is part of a team at UC Berkeley that recently made its RISC-V processor architecture an open source hardware offering. We talk with Patterson and one of his colleagues behind the effort about the opportunities they see, what new kinds of designs they hope to enable and what it means for today’s commercial processor giants such as Intel, ARM and Imagination Technologies.