The court transcripts are publicly available. I will post the URL and parse out relevant parts in a separate story. Unfortunately, the slides Mr. Barr presented ate during the trial, however, is not publicly available.
I have gone through that court testimony doc at embeddedgurus.com. It is not only interesting, but can be considered as a lesson if you are in the business of designing safety critical hardware/firmware.
The following is an excerpt from that pdf. It is an answer given by Mr. Barr when asked about how they had access to the toyota source code.
"That experts see source code is not unusual, but the protections around this source code are certainly unusual in my experience. The source code review involves looking at electronic documents on computers. There is basically a room the size of a small hotel room that is disconnected from the Internet, no cell phones allowed inside or would work inside. In that room there is about five computers and some cubicles. In there, it is possible to believe view on the computer screen Toyota's source code. We couldn't take any paper in, take any paper out, couldn't wear belts, watches. There was a guard. It was worse than airport security was on the way here. Each time in and out, even to go to the bathroom."
The driver claims that full-force braking had been applied. If it is true indeed (though there is no particular reason to take it for granted), then the failure must have had crippled both E-gas (forcing the engine to overrev) and ESP/ABS/brake assist that could potentially loosen pressure on brakes.
Had to at least skim through transcript for details, though (thanks for providing it).
(Just as disconcerting and deadly would be un-intended braking at highway speeds on those around your vehicle).
I have to disagree with this one, we should keep at least 3 seconds to the car in front and if it's a long drive and we're likely to lose concentration then 6 seconds, giving ample time to react in an emergency. I drive with the cruise control on on the highway and have me foot over the brake just in case. I've missed kangaroos and wombats and birds in flight by being alert and watching the road ahead. You should be able to stop before hitting the car in front even in a panic stop or you're driving to close.
On the common theme of this article, (not in response to your comments) sadly automotive electronics is designed to a cost in tight competition with other suppliers with the winning bit being over as little as 50c (I worked for Delco Electronics for a number of years, and this is based on actual experience) so for something to be less than ideal is expected. I think there should only be large payouts for gross negligence. I don't have enough info to opine as to whether Toyota met this criteria, but erally if we want drive by wire and steer by wire then the design rigour must be more in tune with the aircraft industry even if it means that the drive by wire system in car 'X' is a $50,000 option, none of this $500 dollar option because we got it for 10c extra in the competitive bid process. If we want real solutions we need to start paying real prices for them.
Sorry to keep putting you on the spot, but this is important stuff.
I'm reading the court transcript, and it's clear that during the trial, Michael Barr had a presentation prepared with visual aids to walk the (most non-technical) jury through the findings.
In the U.S., the court system is open, correct? In other words, isn't everything, including the testimony, public and available, unless the courtroom is cleared?
I don't mean to give you (Junko) homework, but I'm sure every reader & commenter here would love to see the presentation and the same things the jury saw. We love to analyze, understand, learn. Is there any reason to expect we won't be able to see this?
"Manual transmission on a steep hill. You need to transition from a stop to moving. Speed from brake to accel is too slow to keep from stalling. What do you do?"
I agree with the "not enough feet" scenario. Although I'm not usually worried about stalling, as much as I'm worried about frying the clutch!
Yes, I too apply the hand brake while moving the right foot from brake to throttle. A foot-actuated (and foot-deactuated) parking brake makes this technique impossible, in a stick shift. So, you either learn to drive more skillfully, or you buy an automatic.
It's quite difficult, in most stick shift cars, to apply brakes and throttle at the same time (aside from a hand brake), although if you have a reasonably wide foot and the pedals are positioned just right, it can be done. Still, for a regular stick shift car or for automatics, having the brake pedal override any throttle command seems easy and fool proof enough. The hand brake is mechanical, cable-operated, and best kept out of the throttle safety logic, IMO. For one thing, in my experience anyway, hand brakes are hardly adequate as any sort of safety device while the car is moving. They aren't close to effective enough to overpower an engine at full throttle.
Manual transmission on a steep hill. You need to transition from a stop to moving. Speed from brake to accel is too slow to keep from stalling. What do you do? Hit the brake and accelerator and the same time then transition from brake to accelerator. Why not use the parking brake? Some cars have foot actuated parking brakes and you already have a problem of not having enough feet. . .
Perhaps I've watched too many TV legal dramas. When expert witnesses start heaping up evidence on the plaintiff's side, sometimes it seems overdone.
In this case, the fact that a zillion potential issues with the throttle algorithm were uncovered, even though none of them was actually determined to be the cause, nor was their probability of occurence mentioned, and further that it was shown that the black box may also be lying at the same time, seems a bit like "stacking the deck."
I suppose the intent was to absolve the driver from any possible responsibility, because she evidently hadn't applied the brakes? Like I said, probably too many TV dramas.
Aside from that, it certainly makes sense to have the brake pedal take precedence over any throttle control signal. I can't imagine a proper autonomous vehicle NOT implementing that same logic. Any braking command automatically overrides any acceleration command. Simply because, in the majority of major system failure scenarios, cars are better off stopped (hopefully on the side of the road). It's the most resonable fail safe mode.
"Unless the Throttle, brakes, steering, and engine control have mechanical linkages, there is no reliable possibility of human as intervention or backup control for failures. You either automate or stay manual."
It looks like the trend is definitely going away from manual control and toward some sort of automation. The accelerator pedal cannot directly control anything. It HAS to see the right foot as just one of the parameters that go into control decisions. There are advantages to making other controls such as steering and brakes to be mostly suggestions as to intent. That doesn't mean that there can't be some looser driver control in the event of a degraded system. Certainly, as has been suggested, tapping the brake pedal should kill a runaway throttle.
I believe the Toyota problem is one of inadequate design and testing. I'm sure we will ultimately learn much from this. There are problems with technology but auto safety looks pretty good. There are a lot more factors than electronic control. If you go back 50 years to when there was only automated shifting you will realize that modern cars are much safer. Absolute perfection of control would nowhere near compensate for the poor state of tires, brakes, suspension, and body structure that we faced then. And... the best tires, brakes and suspension are made even more effective with the application of some sensors, processing power and various actuator mechanisms. There's no turning back.
I pretty much agree with your last paragraph but this must be seen as being able to operate in a heterogeneous environment, not just with vehicles that are pretty much at the command of the infrastructure.