Absolutely, @sixscrews! Dr. Antony Anderson's paper seems to address the NHTSA's faulty argument quite well. We, the general public and Toyota owners in particular, should not be subjected to any known risk. The public needs to have access to all the information.
This is not the same as the ABS system. ABS systems are designed to keep the wheels rolling because the coefficient of static friction is higher than that of sliding friction, and rolling front wheels can be steered while rolling back wheels will maintain control and follow the front wheels. ABS systems do not release the brakes to the point stopping distances are increased.
Unless you have some evidence that the ABS systems were compromised/defective such that the brakes would have been substantially released when the drivers claimed they had the brake pedals floored, it is irresponsibel to fail to mention that the brakes will stop the car regardless of whether the engine is at full throttle.
It is also irresponsible to fail to mention details of all the other "sudden acceleration" cases that have been investigated over the years and found to be driver error. There have been hundreds and perhaps thousands of other drivers in all makes and models of cars who swore their foot was on the brake, meanwhile all the evidence showed their foot was on the gas.
Actually, a floored brake pedal, as claimed in this case, will override the engine completely no matter what tasks A, B, C, ... X, Y, and Z are telling the engine to do. The engine can wail away at full throttle, perhaps burning out the transmission, but the brakes will stop the car!
But I guess a decision was made that the story is much more interesting with a rogue "Task X" lurking in the engine control software.
The code was not reviewed ? Although it sounds funny but the implications was huge ... As a newbie in the embedded field "the bit flip that killed" tells me never to be complacent and make sure the code is peer reviewed before release
This "flip-bit" situation reminds me of an AT&T problem several years ago. Their long-distance phone system went down entirely. The controlling software had been running without problem for many years. Upon examination, it was determined that one line of code that had never been executed in the previous years was finally executed because all the parameters leading to its execution were met for the first time. That one line of the source code was missing a semicolon at the end of the line of code! That's all it took to bring the entire system to its knees.
...Perhaps we did not realize this or were unwilling to face up to it, either as a community of responsible engineers or as a nation that relies on a governement agency as the last defense against disaster.
In many ways, the public has not realized the extent of software defects Toyota introduced in the electronic throttle system. Much of the discovery by the experts' group had never been made public until the Oklahoma trial.
@sixscrews, sound analysis, great post. Thank you.
Recently Boeing was forced to ground an entire generation of new aircraft due to a battery control problem. Why doesn't the NHTSA have the authority to take faulty cars off the road?
A very good question.
As Michael Barr pointed out:
NHTSA needs to get Toyota to make its existing cars safe and also needs to step up on software regulation and oversight. For example, FAA and FDA both have guidelines for safety-critical software design (e.g., DO-178) within the systems they oversee. NHTSA has nothing.
That "NHTSA has nothing" comment makes me speechless.
@MS243, we wish. Denso's CPU was examined by experts. But all we are working with here is trial transcript; none of the reports or slides supplied by witnesses during the trial is publicly available at this point.
Exactly - as I said before, there are millions of vehicles on the road with this defective software. The loss of control condition is not occurring very often or we would be seeing a lot of Camrys in the ditch or being hauled to the scrapyard.
Still, it CAN happen - 'under what conditions?' is, perhaps, a question that cannot be answered. And maybe that points to the core of the issue - the software that controls safety-critical systems must be deterministic, that is, it must do action Z in case Y in time t +/- tx wher tx << t. Clearly the Toyota engine control software does not conform to this requirement. Why are we, as a society, letting Toyota off the hook here? Because it doesn't happen very often? I would suggest that it has happened more often that the published data imply - has every single vehicle/single driver fatal accident involving a Toyota been throughly investigated? Or are many of these written off as 'driver lost control of vehicle?' We are dealing with lucky survivors tales here rather than unequivocal data - and burying victims of a massive fraud.
It seems to me that Mr. Barr's work represents that unequivocal data - this CAN happen and, as engineers, we all know that what CAN happen WILL happen sooner or later.
NASA's Orion Flight Software Production Systems Manager Darrel G. Raines joins Planet Analog Editor Steve Taranovich and Embedded.com Editor Max Maxfield to talk about embedded flight software used in Orion Spacecraft, part of NASA's Mars mission. Live radio show and live chat. Get your questions ready.
Brought to you by