First, Toyota recalled more than 10 million vehicles for problems related to unintended acceleration in 2009 and 2010, starting with a September 2009 announcement that it was recalling 3.8 million Toyota and Lexus vehicles because of a defect that may cause floor mats to jam accelerator pedals. The company later recalled vehicles over defects involving the pedals themselves.
(Now, curiously, 2005 Camry which was the car at dispute in this Oklahoma case has NOT been recalled by Toyota yet.)
Toyota's recalls led to lawsuits claiming that defects harmed the value of Toyota vehicles or caused accidents leading to death and injury. Toyota settled suits claiming economic losses for about $1.6 billion. That was the end of Dec., 2012.
Toyota won the three unintended-acceleration claims that previously reached jury verdicts since the recalls. The defense verdicts include injury cases in New York in 2011 and in Philadelphia in June. A Los Angeles jury in October cleared Toyota of fault for the death of a 66-year-old woman.
What's important and what's different about the Oklahoma case is that this case -- among a host of lawsuits filed against Toyota concerning unintended acceleration in its vehicles -- is the first in which the plaintiff has laid the blame squarely on the electronic throttle system.
As a result, this is the first trial that any jury actually heard expert witnesses such as Michael Barr explaining the software gllitches (combined with other factors) that led to the unintended acceleration.
The experts' findings (laid out in Oklahoma case) in fact led to the one-billion dollar settlment for the economic losses, late last year. But since the case was settled (never went to a trial), the experts' report or testimony has never been made public, and no jury heard the case whose focus was on the electronic throttle system.
Because this case went to a trial in Oklahoma, now for the first time, the public had an opportunity to hear and read what were discussed during the trial. It's a matter of public record now.
The general press probably hasn't had time to look into all the details about the embedded system software malfunctioning.
But watch for the upcoming trial nex tweek in federal court in Santa Ana, Calif.
Attorneys for the plaintiffs in that case plan to argue that defective software caused Camry to accelerate and crash into the side of a Georgia schoolhouse.
The trial, transcript and these discussions indicate that there are millions of vehicles on the road today with a potentially lethal defect. Toyota has already settled with the NHTSA and has that settlement to wave in any Camry owner's face (provided they did nothing and accepted the settlement terms). Am I correct about this? And, if I am, what is the next step? I own a 2004 Camry and wonder if I should keep driving it - I seriously doubt that I could react appropriately if the vehicle went to full throttle w/o warning. I would for sure step on the brake, but, according to Mr. Barr's testimony, that's the wrong thing to do. What's the right thing to do? Switch off the ignition? Ram the automatic transmission lever into reverse? Given this knowledge, what's my responsibility in the event of a loss of throttle control event and the nearly inevitable accident? Morally I can't justify laying all the responsibility on Toyota but the chances of this happening to me are very, very small.
Besides the above, I'm wondering what my car is now worth and whether Toyota will step up and replace their badly-engineered software or the entire engine control module. That would be the right thing to do, but my money is on a big consumer blow-off using the NHTSA settlement as a broom to sweep it all under the floor mats.
The thing that really puzzles me is why the popular press hasn't picked this up yet - I expect to see it splashed all over the place. It shows that software can never trump celebrities or political bloviatators.
It would be good to also post the transcript of the Denso Monitor CPU code -- to see why it might also have potentially contributed -- Also most ECU /ABS code is supposed to also meet a set of MISRA safety checks as part of a Static Analyis -- It would be good to hear about this in the trial -- Additionally it might be good to see how any hardware features came into play.
I myself have learned a great deal in following the Oklahoma case. The thing is, though, that this is not the end of the Toyota's unintended acceleration trial.
Toyota is facing another trial early Nov. -- this one will be in federal court in Santa Ana, Calif.
In many of the death and injury lawsuits, including Bookout's, plaintiffs claim that loose floor mats and sticky pedals don't explain all episodes of sudden acceleration and that the electronic throttle control system is at fault.
The reason why EE Times is following the case so closely is that the Oklahoma trial was the first instance when any of the testimonies by expert witnesses focused on software and hardware issues -- outside the floormat and sticky pedals -- became publicly available. Until now, such reports and testimonies have been sealed under the court order.
And one more disturbing fact. Bookout's vehicle, a 2005 Camry, wasn't included in the Toyota's recalls.
There have been many-many posts here about how the braking system should always be able to override the engine.
What about the anti-lock braking system?
Virtually every car has them and the control computer has the ability to release the brakes at any time depending on factors like invididual wheel rotation speed and so on. I don't know how the ABS is tied into "Task-X" but if they all use the same microprcessor, it's entirely possible the ABS will be affected too.
Thus, pushing on the breaks would have no effect if the ABS has released them, falsely thinking the car was in a skid condition. This seems to correlate closely to what some drivers have reported; that the brakes had no effect.
It seems there should always be a mechanical overide for emergencies like these. The parking brake, otherwise known as the "Emergency Brake" which it isn't, applys only the back brakes. And the actual brake pads are tiny compared to the front pads. It would be of no use in an engine runnaway situation.
I'd really like to know how the ABS ties into all of this.
Thanks Junko for the thorough coverage. I've learned a lot about the case.
There seems to be serious design flaw. In order to avoid any serious issue in any software system, the design shall always avoid deadlock. There shall always be a simple task to monitor the health of the system. A watchdog to reboot the system in case of deadlock is an avoidance mechanism; system engineer shall not rely on it.
To be honest, I'm quite surprise to read the report. Toyota is a very good company. They should know better. I wonder whether there is anything missing n the findings.
Nonetheless, Toyota will learn from it and make themselves better.
Actually, in every cruise control system I've used, if the desired speed (set by the accelerator pedal position) exceeds the current CC set speed, the system will still throttle up; when the pedal is released, it smoothly returns to the set speed. So when things are working, the pedal is not ignored. If task X failed, you'd notice that you couldn't speed up, either.
"I think that what you may have meant to say was that the accelerator pedal signal was not examined when in the cruise control mode."
Indeed. The angle of the accelerator pedal. Sorry for the ambiguity.
In at least some older cruise control systems, perhaps also on some new ones (I certainly haven't done any study on this), the cruise control system actually moved the accelerator pedal. So that the same linkage between accelerator pedal and carburator was used in cruise control mode, to maintain a constant speed.
"In cruise control, presumably the throttle angle is not examined at all, and the fuel/air command is supplied as a function of vehicle speed vs requested speed."
I think that what you may have meant to say was that the accelerator pedal signal was not examined when in the cruise control mode.
I understand that in cruise control there is still an inner throttle position control loop and an outer speed control loop is added. In effect the driver input via the accelerator pedal is disabled or ignored.
The outer control loop is a speed control loop - where a speed signal is fed back and compared with a set speed (speed reference) to give a speed error. Presumably it is the speed error that is fed in as a torque request to either speed up the vehicle or slow it down to match the actual speed to the set speed.
A Book For All Reasons Bernard Cole1 Comment Robert Oshana's recent book "Software Engineering for Embedded Systems (Newnes/Elsevier)," written and edited with Mark Kraeling, is a 'book for all reasons.' At almost 1,200 pages, it ...