REGISTER | LOGIN
Breaking News
Blog

Why 'Toyota's Killer Firmware' May Not Have Been a Killer After All

NO RATINGS
View Comments: Newest First | Oldest First | Threaded View
<<   <   Page 3 / 3
state-machine.com
User Rank
Author
How bad is bad enough?
state-machine.com   3/10/2017 8:41:44 PM
NO RATINGS
The title of this article asserts that the "Toyota's Firmware Was Not a Killer". This is a fundamentally faulty logic, because the author cannot prove that the firmware didn't, in fact, kill people.

Also, as I remember correctly, the experts working for the plaintiff did offer a theory that the fault happened due to a stack overflow, which corrupted the operating system variables that happened to be conspicuously just below the stack. The experts further showed that Toyota's stack use analysis was faulty and the stack could overflow. Finally, they also showed that once the bit corresponding to TaskX was flipped in a real vehicle, all other fail-safes didn't prevent the unintended acceleration.

But this article raises an interesting issue of how much proof is sufficient to implicate complex firmware like this. Please note that error rate of just one per many millions of hours of operation is sufficient to reproduce the observed fatal accident rate. Yet, the author demands that expert witnesses reproduce such incredibly intermittent event at will, effectively performing debugging of the system for the car manufacturer. All this while receiving no support or very reluctant support from the actual developers of the firmware.

So, the question is: How bad is bad enough for a complex firmware to be?

Kevin Neilson
User Rank
Author
Re: Brakes
Kevin Neilson   3/10/2017 8:00:55 PM
NO RATINGS
I think they panicked and sensible solutions didn't occur to them.  In the heat of the moment they must've forgotten about the parking brake or gearshift.  

jyavins
User Rank
Author
Re: Brakes
jyavins   3/10/2017 5:56:48 PM
NO RATINGS
I owned a Toyota when these incidents (there were several of them) were in the news. Regardless of any presumed computer failure, the drivers involved must have been pretty dumb. How hard is it to turn the ignition key? Toyotas (and most other cars) require that the key be pushed in to be moved from "accessory" to "lock", so there is little likelyhood of the steering wheel becoming locked. Moreover, power steering remains effective as long as the engine is turning over because it's in gear. Those too flummoxed to think of turning off the engine might at least shift into neutral.

Synder
User Rank
Rookie
Re: Brakes
Synder   3/10/2017 12:58:35 PM
NO RATINGS
The whole episode was shameful, but not necessarily the fault of the driver.  Those who still maintain that  a car can be braked to a stop from high speed with the engine at wide open throttle are deluding themselves.  Try it sometime, hold the accelerator fully open while traveling at 70 MPH and step on the brake pedal.  Do it sporadically as you might do when the car is acting strangely and will not stop. The brakes will fade pretty fast and although you may slow, soon the engine will overcome the fading brakes.  You absolutely will not be able to slow the car as quickly as if the engine were not at full throttle. 

The "simulations" that may have been done to prove that the brakes would work properly are just that, simulations, and are only as good as the assumptions.  For a good idea of the usefulness of simulations in real world emergencies, go watch the movie "Sully" and pay attention to the section where they talk about the simulations showing he should have been able to land the plane on one of two alternate airports instead of the Hudson River.

A failure analyst that had reoccurring problems with his Toyota fly-by-wire accelerator did some failure analysis and found tin (Sn) dendrite growth between the pins of the IC on the pedal that could tell the computer that the pedal was fully depressed when it was not depressed. A summary of this was published in EE Times, "Toyota accelerations revisited-hanigng on by a (tin) whisker -2012-01-10" 

The push-button start-stop switch requires the driver to depress the button for 3 seconds continuously to turn the engine off when it is in gear.  At 70 MPH a car will cover over 300 feet in the time required to turn off the engine.  That is a pretty scary scenario, expecting someone to hold that button down continuously for the time to cover the length of a football field in a panic situation.  I know that I likely would not do it.   

Toyota and other auto manufacturers are paying attention to this belated wakeup call to improve the software, firmware, and hardware of their cars. Autonomous vehicles will suffer the same challenges, no engineer or group of engineers, no matter how smart or wise, can anticipate all possible situations.

 

Mike Galvin
User Rank
Rookie
Re: Brakes
Mike Galvin   3/9/2017 4:47:36 PM
NO RATINGS
I agree.  There was a good podcast on this from Malcom Gladwell (Revisionist History, episode called "Blame Game").  

Kevin Neilson
User Rank
Author
Brakes
Kevin Neilson   3/9/2017 12:35:06 PM
NO RATINGS
This whole episode was shameful.  I don't think you pointed it out in the article, but even if the software had left the throttle open, it's been demonstrated that the brakes can still stop the car with no trouble.  Apparently Toyota thought it was easier to settle and move on than to try to argue to juries that people had killed their families by confusing the gas and brake pedals.

<<   <   Page 3 / 3

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)
Like Us on Facebook
EE Times on Twitter
EE Times Twitter Feed