The trial, transcript and these discussions indicate that there are millions of vehicles on the road today with a potentially lethal defect. Toyota has already settled with the NHTSA and has that settlement to wave in any Camry owner's face (provided they did nothing and accepted the settlement terms). Am I correct about this? And, if I am, what is the next step? I own a 2004 Camry and wonder if I should keep driving it - I seriously doubt that I could react appropriately if the vehicle went to full throttle w/o warning. I would for sure step on the brake, but, according to Mr. Barr's testimony, that's the wrong thing to do. What's the right thing to do? Switch off the ignition? Ram the automatic transmission lever into reverse? Given this knowledge, what's my responsibility in the event of a loss of throttle control event and the nearly inevitable accident? Morally I can't justify laying all the responsibility on Toyota but the chances of this happening to me are very, very small.
Besides the above, I'm wondering what my car is now worth and whether Toyota will step up and replace their badly-engineered software or the entire engine control module. That would be the right thing to do, but my money is on a big consumer blow-off using the NHTSA settlement as a broom to sweep it all under the floor mats.
The thing that really puzzles me is why the popular press hasn't picked this up yet - I expect to see it splashed all over the place. It shows that software can never trump celebrities or political bloviatators.
It would be good to also post the transcript of the Denso Monitor CPU code -- to see why it might also have potentially contributed -- Also most ECU /ABS code is supposed to also meet a set of MISRA safety checks as part of a Static Analyis -- It would be good to hear about this in the trial -- Additionally it might be good to see how any hardware features came into play.
I myself have learned a great deal in following the Oklahoma case. The thing is, though, that this is not the end of the Toyota's unintended acceleration trial.
Toyota is facing another trial early Nov. -- this one will be in federal court in Santa Ana, Calif.
In many of the death and injury lawsuits, including Bookout's, plaintiffs claim that loose floor mats and sticky pedals don't explain all episodes of sudden acceleration and that the electronic throttle control system is at fault.
The reason why EE Times is following the case so closely is that the Oklahoma trial was the first instance when any of the testimonies by expert witnesses focused on software and hardware issues -- outside the floormat and sticky pedals -- became publicly available. Until now, such reports and testimonies have been sealed under the court order.
And one more disturbing fact. Bookout's vehicle, a 2005 Camry, wasn't included in the Toyota's recalls.
There have been many-many posts here about how the braking system should always be able to override the engine.
What about the anti-lock braking system?
Virtually every car has them and the control computer has the ability to release the brakes at any time depending on factors like invididual wheel rotation speed and so on. I don't know how the ABS is tied into "Task-X" but if they all use the same microprcessor, it's entirely possible the ABS will be affected too.
Thus, pushing on the breaks would have no effect if the ABS has released them, falsely thinking the car was in a skid condition. This seems to correlate closely to what some drivers have reported; that the brakes had no effect.
It seems there should always be a mechanical overide for emergencies like these. The parking brake, otherwise known as the "Emergency Brake" which it isn't, applys only the back brakes. And the actual brake pads are tiny compared to the front pads. It would be of no use in an engine runnaway situation.
I'd really like to know how the ABS ties into all of this.
Thanks Junko for the thorough coverage. I've learned a lot about the case.
There seems to be serious design flaw. In order to avoid any serious issue in any software system, the design shall always avoid deadlock. There shall always be a simple task to monitor the health of the system. A watchdog to reboot the system in case of deadlock is an avoidance mechanism; system engineer shall not rely on it.
To be honest, I'm quite surprise to read the report. Toyota is a very good company. They should know better. I wonder whether there is anything missing n the findings.
Nonetheless, Toyota will learn from it and make themselves better.
Actually, in every cruise control system I've used, if the desired speed (set by the accelerator pedal position) exceeds the current CC set speed, the system will still throttle up; when the pedal is released, it smoothly returns to the set speed. So when things are working, the pedal is not ignored. If task X failed, you'd notice that you couldn't speed up, either.
"I think that what you may have meant to say was that the accelerator pedal signal was not examined when in the cruise control mode."
Indeed. The angle of the accelerator pedal. Sorry for the ambiguity.
In at least some older cruise control systems, perhaps also on some new ones (I certainly haven't done any study on this), the cruise control system actually moved the accelerator pedal. So that the same linkage between accelerator pedal and carburator was used in cruise control mode, to maintain a constant speed.
"In cruise control, presumably the throttle angle is not examined at all, and the fuel/air command is supplied as a function of vehicle speed vs requested speed."
I think that what you may have meant to say was that the accelerator pedal signal was not examined when in the cruise control mode.
I understand that in cruise control there is still an inner throttle position control loop and an outer speed control loop is added. In effect the driver input via the accelerator pedal is disabled or ignored.
The outer control loop is a speed control loop - where a speed signal is fed back and compared with a set speed (speed reference) to give a speed error. Presumably it is the speed error that is fed in as a torque request to either speed up the vehicle or slow it down to match the actual speed to the set speed.