MADISON, Wis. — Among the hundreds of cases brought by individuals across the United States claiming their Toyota vehicles accelerated without warning, only Bookout v. Toyota Motor, tried in Oklahoma County, Okla., resulted in a verdict against Toyota. This was also one of the first unintended acceleration cases to go to trial since the Japanese carmaker began recalling millions of vehicles in 2009 over this very issue.
The Oklahoma case was also the first in which plaintiffs' attorneys put the fault squarely on a flaw in the vehicle's electronic throttle control system. They dismissed arguments about floor mats and sticky pedals and focused on the software that controls the electronic throttle. The attorneys supported their argument with extensive testimony from embedded systems experts.
Similar testimony and extensive software analysis reports had been filed previously in other courts looking into unintended acceleration. But none of that material became public, because Toyota paid settlements and obtained gag orders before those cases went to trial. The public and the engineering community had to wait until the Oklahoma trial, where all testimony became public.
A dozen embedded systems experts were allowed to review Toyota's electronic throttle source code in a secure room in Maryland -- described as the size of a small hotel room. The room, with a guard at the door, was disconnected from the Internet. No cellphones, paper, belts, or watches were allowed inside. The experts viewed Toyota's code on five computers in cubicles.
Having spent more than 18 months going in and out of the secure room to study Toyota's code, Michael Barr, CTO of the Barr Group, put together an 800-page report analyzing the 2005 Camry L4's software. On the witness stand, he walked a jury step by step through what the experts discovered in their source-code review. According to Barr's testimony, that review revealed:
- Software bugs that specifically can cause memory corruption
- Unmaintainable code complexity in Toyota's software
- A multifunction kitchen-sink Task X designed to execute everything from throttle control to cruise control and many of the fail-safes
- That all Task X functions, including fail-safes, are designed to run on the main CPU in the Camry's electronic control module
- That the brake override that is supposed to save the day when there is an unintended acceleration is also in Task X
- The use of an operating system in which there is no protection against hardware or software faults
- A number of other problems
Barr testified that the source-code review indicated "both that task could die by the memory corruption, and that also that one of side effects of that would be that this -- for example, that task died, that many of fail safes would be disabled." But is it possible to prove that the experts' discoveries in that cloak-and-dagger source-code room would manifest themselves in a moving vehicle? How do we know how a car might react to malfunctions or an outright failure in Task X?
The plaintiffs' attorneys noted that they actually conducted vehicle testing. Though Barr wasn't present when the vehicles were tested, he testified that his group's simulations in the source-code room were tested by a gentleman named Mr. Louden, using 2008 and 2005 Camry vehicles. The purpose was to perform the same testing and demonstration (originally done in the source-code room) to determine what the fail-safes would do in a vehicle in response to task death.
Excerpts of the court transcript
EE Times is publishing a portion of the court transcript relevant to vehicle testing. The following Q&A was carried out when Benjamin E. Baker, Jr., representing the plaintiffs, called Barr to the stand.
Q. So Mr. Louden ran multiple tests on the '08 and '05 Camry?
A. That's correct.
Q. And all looking at how the software task made out?
A. That's correct.
Q. Was that reported in some fashion?