Thanks Junko for the detailed coverage. The analysis described in the transcript is very useful & educative. As an engineer who has worked on non-critical automotive code, the article series gave a whole new understanding of the challenges and process required to test & qualify a critical automotive system
Actually, on the contrary, this testimony sounds less damaging to me.
First, the brakes did work throughout task x death.
Second, the problem of power not being cut, when brakes were applied, only occurs if task x death occurs WHILE you are braking. Otherwise, it seems that braking did cut the power. Just that the driver neeeds to be awake enough to realize that speed is going up and up.
Third, it's not all that un-intuitive to pump the brakes if you feel they aren't doing the job. Just like you push again and again on the leveator button, if the eleveator doesn't come. This detail had already been explained, actually. But last time around, it was not clarified that death of task x only made the brake fail-safe incomplete if task x died while the brake pedal was pushed in.
"Q. So in other words, if you're driving down the road and you put your foot on the brake to slow down, for whatever reason, during that time period task-x is where it actually dies, the vehicle starts to accelerate.
You've got to actually back off the brake and try and catch it?
A. That's correct. Which is both counter intuitive because your car is zooming away and you have to let go of the brake. And it's also dangerous because as you let off the pressure of the brake, at least you were applying some mechanical pressure, but as you let off the car speeds up. And so that may increase the risk in the short term, at least, before this fail-safe would take effect."
This is absolutely amazing! Counter intuitive - I'll say so!
It is interesting to note however that many sudden accelerations seem to happen as the driver is pulling in gently to a parking space or pulling out of a parking space. Could it be that with very light braking the brake switch is giving a rather indeterminate signal to the ECU which is being misinterpreted? This needs teasing out more
Kris, I am glad you feel that way. This case, I think, has legs, since most consumers as of today still believe that Toyota case is an old story; it's finished with Toyota's recall of millions of vehicles. But another trial, just like this one (buildling the case on the software flaws), is about to start in Santa Ana, Calif. next week.
Again, this vehicle in the Oklahoma case, 2005 Camry, by the way, is NOT on Toyota's recall list.
We certainly don't mean to be "All Toyota All the Time" news; but we wanted to make sure that our readers have the opportunity to see snippets of what went on in the court room of Bookout v Toyota in Oklahoma. We created an exclusive three-part series based on trial transcript. The story above is the last in the series. The two others include:
NASA's Orion Flight Software Production Systems Manager Darrel G. Raines joins Planet Analog Editor Steve Taranovich and Embedded.com Editor Max Maxfield to talk about embedded flight software used in Orion Spacecraft, part of NASA's Mars mission. Live radio show and live chat. Get your questions ready.
Brought to you by