Design Con 2015
Breaking News
Comments
Oldest First | Newest First | Threaded View
<<   <   Page 2 / 4   >   >>
Justin.Heinecke
User Rank
Rookie
Re: The "Task X" failure testing
Justin.Heinecke   10/30/2013 11:37:25 AM
NO RATINGS
Actually, in every cruise control system I've used, if the desired speed (set by the accelerator pedal position) exceeds the current CC set speed, the system will still throttle up; when the pedal is released, it smoothly returns to the set speed.  So when things are working, the pedal is not ignored.  If task X failed, you'd notice that you couldn't speed up, either.

chanj0
User Rank
CEO
Excellent Coverage
chanj0   10/30/2013 11:57:03 AM
NO RATINGS
Thanks Junko for the thorough coverage. I've learned a lot about the case.

There seems to be serious design flaw. In order to avoid any serious issue in any software system, the design shall always avoid deadlock. There shall always be a simple task to monitor the health of the system. A watchdog to reboot the system in case of deadlock is an avoidance mechanism; system engineer shall not rely on it.

To be honest, I'm quite surprise to read the report. Toyota is a very good company. They should know better. I wonder whether there is anything missing n the findings.

Nonetheless, Toyota will learn from it and make themselves better.

 

BobsView
User Rank
CEO
What About the Anti-lock Brakes?
BobsView   10/30/2013 11:58:46 AM
NO RATINGS
There have been many-many posts here about how the braking system should always be able to override the engine.

What about the anti-lock braking system?

Virtually every car has them and the control computer has the ability to release the brakes at any time depending on factors like invididual wheel rotation speed and so on.  I don't know how the ABS is tied into "Task-X" but if they all use the same microprcessor, it's entirely possible the ABS will be affected too.  

Thus, pushing on the breaks would have no effect if the ABS has released them, falsely thinking the car was in a skid condition.  This seems to correlate closely to what some drivers have reported; that the brakes had no effect.

It seems there should always be a mechanical overide for emergencies like these.  The parking brake, otherwise known as the "Emergency Brake" which it isn't, applys only the back brakes.  And the actual brake pads are tiny compared to the front pads.  It would be of no use in an engine runnaway situation.

I'd really like to know how the ABS ties into all of this.

 

junko.yoshida
User Rank
Blogger
Re: Excellent Coverage
junko.yoshida   10/30/2013 12:12:41 PM
NO RATINGS
Thanks, Chanj.

I myself have learned a great deal in following the Oklahoma case. The thing is, though, that this is not the end of the Toyota's unintended acceleration trial. 

Toyota is facing another trial early Nov. -- this one will be in federal court in Santa Ana, Calif.  


In many of the death and injury lawsuits, including Bookout's, plaintiffs claim that loose floor mats and sticky pedals don't explain all episodes of sudden acceleration and that the electronic throttle control system is at fault.

The reason why EE Times is following the case so closely is that the Oklahoma trial was the first instance when any of the testimonies by expert witnesses focused on software and hardware issues -- outside the floormat and sticky pedals -- became publicly available.  Until now, such reports and testimonies have been sealed under the court order.

And one more disturbing fact. Bookout's vehicle, a 2005 Camry, wasn't included in the Toyota's recalls.

MS243
User Rank
Manager
It would also be good to post the transcript of the Denso Monitor CPU code
MS243   10/30/2013 12:56:57 PM
NO RATINGS
It would be good to also post the transcript of the Denso Monitor CPU code -- to see why it might also have potentially contributed -- Also most ECU /ABS code is supposed to also meet a set of MISRA safety checks as part of a Static Analyis -- It would be good to hear about this in the trial  -- Additionally it might be good to see how any hardware features came into play.

sixscrews
User Rank
CEO
What's next?
sixscrews   10/30/2013 4:25:39 PM
NO RATINGS
The trial, transcript and these discussions indicate that there are millions of vehicles on the road today with a potentially lethal defect.  Toyota has already settled with the NHTSA and has that settlement to wave in any Camry owner's face (provided they did nothing and accepted the settlement terms).  Am I correct about this?  And, if I am, what is the next step?  I own a 2004 Camry and wonder if I should keep driving it - I seriously doubt that I could react appropriately if the vehicle went to full throttle w/o warning.  I would for sure step on the brake, but, according to Mr. Barr's testimony, that's the wrong thing to do.  What's the right thing to do?  Switch off the ignition?  Ram the automatic transmission lever into reverse?  Given this knowledge, what's my responsibility in the event of a loss of throttle control event and the nearly inevitable accident?  Morally I can't justify laying all the responsibility on Toyota but the chances of this happening to me are very, very small.

Besides the above, I'm wondering what my car is now worth and whether Toyota will step up and replace their badly-engineered software or the entire engine control module.  That would be the right thing to do, but my money is on a big consumer blow-off using the NHTSA settlement as a broom to sweep it all under the floor mats.

The thing that really puzzles me is why the popular press hasn't picked this up yet - I expect to see it splashed all over the place.  It shows that software can never trump celebrities or political bloviatators.

ss/wb

junko.yoshida
User Rank
Blogger
Re: What's next?
junko.yoshida   10/30/2013 4:51:54 PM
NO RATINGS
Let me back up and explain, sixscrews.

First, Toyota recalled more than 10 million vehicles for problems related to unintended acceleration in 2009 and 2010, starting with a September 2009 announcement that it was recalling 3.8 million Toyota and Lexus vehicles because of a defect that may cause floor mats to jam accelerator pedals. The company later recalled vehicles over defects involving the pedals themselves.

(Now, curiously, 2005 Camry which was the car at dispute in this Oklahoma case has NOT been recalled by Toyota yet.)

Toyota's recalls led to lawsuits claiming that defects harmed the value of Toyota vehicles or caused accidents leading to death and injury. Toyota settled suits claiming economic losses for about $1.6 billion. That was the end of Dec., 2012.

Toyota won the three unintended-acceleration claims that previously reached jury verdicts since the recalls. The defense verdicts include injury cases in New York in 2011 and in Philadelphia in June. A Los Angeles jury in October cleared Toyota of fault for the death of a 66-year-old woman.

What's important and what's different about the Oklahoma case is that this case -- among a host of lawsuits filed against Toyota concerning unintended acceleration in its vehicles -- is the first in which the plaintiff has laid the blame squarely on the electronic throttle system.

As a result, this is the first trial that any jury actually heard expert witnesses such as Michael Barr explaining the software gllitches (combined with other factors) that led to the unintended acceleration.

The experts' findings (laid out in Oklahoma case) in fact led to the one-billion dollar settlment for the economic losses, late last year. But since the case was settled (never went to a trial), the experts' report or testimony has never been made public, and no jury heard the case whose focus was on the electronic throttle system.

Because this case went to a trial in Oklahoma, now for the first time, the public had an opportunity to hear and read what were discussed during the trial. It's a matter of public record now. 

The general press probably hasn't had time to look into all the details about the embedded system software malfunctioning. 

But watch for the upcoming trial nex tweek in federal court in Santa Ana, Calif.

Attorneys for the plaintiffs in that case plan to argue that defective software caused Camry to accelerate and crash into the side of a Georgia schoolhouse. 

Bert22306
User Rank
CEO
Re: What's next?
Bert22306   10/30/2013 4:52:20 PM
NO RATINGS
Good questions, sixscrews. From the transcripts, if I understand them correctly, if the car goes into sudden uncommanded (by you) acceleration, you can brake, release the brake for a few tenths of a second, then brake again. But like you say, ramming the shift into reverse should also do the trick, an/or shutting off the engine.

As for Toyota, assuming what we all think we understand is factual, I'm not sure why they can't send out update kits to install. Some of this would be just new firmware that splits out apps better. And they would also want to reapportion tasks to different processing units, to split up this infamous Task X to different hardware (split out the monitoring and fail-safe functions). I'm not sure why this can't be done as a recall. Without any inside knowledge, it seems to me that once the new software architecture has been figured out, replicating it in cars out there now should be doable. We do this type of firmware update, remotely, one our systems, very frequently.

MS243
User Rank
Manager
Re: What's next?
MS243   10/30/2013 5:06:35 PM
NO RATINGS
ECU code on older vehicles is often in MASKED ROM or at least requires opening the ECU to reflash the code -- a recall could be a large undertaking --

SPLatMan
User Rank
Manager
Show us
SPLatMan   10/30/2013 5:33:01 PM
NO RATINGS
IMHO Toyota should be forced to publish the complete source code of the faulty ECU, as an object lesson to the industry. Clearly it's not suitable for commerce. I can't see how confidentiality can apply when people die. Besides, the threat of having your code exposed might be a better incentive to do better than the risk of dead customers. ... only half joking.

<<   <   Page 2 / 4   >   >>


Top Comments of the Week
Flash Poll
Like Us on Facebook

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)
EE Life
Frankenstein's Fix, Teardowns, Sideshows, Design Contests, Reader Content & More
Max Maxfield

Want a Voltera Desktop PCB Printer?
Max Maxfield
13 comments
I just received an email from my chum Javi in Spain. "Have you heard about Voltera (VolteraInc.com)? It's a Canadian company that is going to offer desktop-size PCB printers for fast ...

Aubrey Kagan

Have You Ever Been Blindsided by Your Own Design?
Aubrey Kagan
37 comments
I recently read GCHQ: The uncensored story of Britain's most sensitive intelligence agency by Richard J. Aldrich. The Government Communication Headquarters (GCHQ), Britain's equivalent of ...

Martin Rowe

No 2014 Punkin Chunkin, What Will You Do?
Martin Rowe
2 comments
American Thanksgiving is next week, and while some people watch (American) football all day, the real competition on TV has become Punkin Chunkin. But there will be no Punkin Chunkin on TV ...

Rich Quinnell

Making the Grade in Industrial Design
Rich Quinnell
15 comments
As every developer knows, there are the paper specifications for a product design, and then there are the real requirements. The paper specs are dry, bland, and rigidly numeric, making ...

Special Video Section
The LT8640 is a 42V, 5A synchronous step-down regulator ...
The LTC2000 high-speed DAC has low noise and excellent ...
How do you protect the load and ensure output continues to ...
General-purpose DACs have applications in instrumentation, ...
Linear Technology demonstrates its latest measurement ...
10:29
Demos from Maxim Integrated at Electronica 2014 show ...
Bosch CEO Stefan Finkbeiner shows off latest combo and ...
STMicroelectronics demoed this simple gesture control ...
Keysight shows you what signals lurk in real-time at 510MHz ...
TE Connectivity's clear-plastic, full-size model car shows ...
Why culture makes Linear Tech a winner.
Recently formed Architects of Modern Power consortium ...
Specially modified Corvette C7 Stingray responds to ex Indy ...
Avago’s ACPL-K30T is the first solid-state driver qualified ...
NXP launches its line of multi-gate, multifunction, ...
Doug Bailey, VP of marketing at Power Integrations, gives a ...
See how to ease software bring-up with DesignWare IP ...
DesignWare IP Prototyping Kits enable fast software ...
This video explores the LT3086, a new member of our LDO+ ...
In today’s modern electronic systems, the need for power ...