http://www.edn.com/design/automotive/4423428/Toyota-s-killer-firmware--Bad-design-and-its-consequences
Very scary stuff. I think I'll stick to my throttle cable, thank you.
Interesting discussions for the software (or otherwise) minded here:
http://embeddedgurus.com/barr-code/2013/10/an-update-on-toyota-and-unintended-acceleration/
http://www.reddit.com/r/programming/comments/1pgyaa/toyotas_killer_firmware_bad_design_and_its/
\/\/\/\/\/\/\/ PDF WARNING \/\/\/\/\/\/\/\/
https://www.dropbox.com/s/wnzqidngrtj8y2l/Bookout_v_Toyota_Barr_REDACTED.pdf
i thought it was floormats and driver error?
So this doesn't say: "All cases of unintended acceleration were ECM based." It does say that it was VERY easy (relatively speaking) to create error conditions with the Toyota throttle control modules that cause unintended acceleration. I haven't finished reading the court document, but I believe they were able to create the error conditions reliably in a test car.
It also means that Toyota's about to lose a lot of money.
I think Denso makes most of their electronics hardware. That kind of blows, since many oem's also use Denso electronics.
In reply to alfadriver: From what I understand, the fault doesn't go with Denso, it goes with Toyota. It's Toyota's proprietary software that contains all the issues. (I could be terribly wrong though)
I'm only on page 76, but so far there are 2 very bad things going on, but neither particularly points to the hardware, just it's configuration and very very bad software.
Bad thing 1) They didn't use a separate brake override chip that could interrupt the throttle. The brake override routine is part of the throttle control code, the throttle control code could die and the watchdog wouldn't catch it, thus it would remain dead until you literally restarted the car. Mr. Barr says something to the effect of faulty software watching software.
Bad thing 2) They had a "kitchen sink" routine that did too much and was prone to failure (that also contained the number 1 issue).
novaderrik wrote:
i thought it was floormats and driver error?
Ya, that's what I thought they said too. My son was in coIlege at the time and worked at a Toyota dealership. Hundreds of Camry owners brought their cars in for a simple piece that held the floor mats down. That was the Toyotas fix for the problem. Hmmmmm, something doesn't quite add up here. I only browsed through the bulk of the material but it seems rather damning for Toyota.
In reply to accordionfolder:
I don't doubt the fault will go to Toyota, but the roots might be source within Denso's firmware. It's really their design. Or more correctly, Toyota's design that they allow other OEM's to use. Kind of the way the game is being played over the last decade.
The software is probably more Toyota than Denso, but even then, there's a lot of work to embed the desired code within the drivers and sensors.
It still sucks. Somebody screwed up, and it the fualt could reverberate through a number of OEM's who have to scramble.
In reply to alfadriver: I see. While this isn't going to be fun, I can't help but feel like it will improve the quality going into our 1-3 ton killing machines. So I'm going with the glass half full and hoping this improves standards. What I'm reading is terrifying (for a software engineer).
JoeyM
Mod Squad
10/30/13 7:14 a.m.
novaderrik wrote:
i thought it was floormats and driver error?
If you could shift into neutral, it is still driver error.
In reply to JoeyM: x2
And I swear to god, this is like reading a train wreck. We're moving into the the OS faults. Jesus, Toyota.
"Not only is there not a hardware protection against hardware random faults, but there is also no protection against either hardware faults or software faults, software bugs, causing corruption of this data inside the operating system."
!!!!!!!
"And now that task -- depends on how the corruption happens, actually -- but one thing that can happen is that task will never run again until you reboot the car, which generally speaking is it is taking the key and turning it off and turning it back on. If you have a push-button start, you actually have to get out of the car with your key on a remote before it will actually reset the processor."
Oh crap....
software driven components that replaced reliable as gravity mechanical ones...to save pennies...this is what happens
JoeyM
Mod Squad
10/30/13 7:22 a.m.
accordionfolder wrote:
http://www.edn.com/design/automotive/4423428/Toyota-s-killer-firmware--Bad-design-and-its-consequences
Very scary stuff. I think I'll stick to my throttle cable, thank you.
I'm torn....my inner luddite wants to agree with you, but my logical self is reaching out to dope slap him (....along with my inner child. That clown is always getting me into trouble.)
Electronic throttle control can't be inherently unreliable or we'd see even more problems in LOTS of makes and models. FWIW, I'm using a cable on my datsun, but this doesn't mean that it's any more reliable/trustworthy. It mostly means that this is how the 910 wagon donor I chopped up worked, and I don't feel like reinventing the wheel
In reply to JoeyM: I agree .... mostly. My DD is drive by wire. Let's hope Subaru's QA is better than Toyotas.
JoeyM wrote:
novaderrik wrote:
i thought it was floormats and driver error?
If you could shift into neutral, it is still driver error.
This is why we cant have nice things
Do me a favor, find neutral in this thing when youre having an OHBERKME moment of epic proportions. When your sphincter is in transform-coal-into-diamonds mode because your fancy deathslead feels like eating its master, me thinks that may prove difficult
In reply to 4cylndrfury: I suppose car enthusiasts are in the minority, but can't you bump nearly any automatic into neutral by simply pushing forward? Even that one? My aunt has a Nissan with that crazy pattern and as long as you are in drive you can easily "bump" it into neutral. I've done it on accident. Column shift now, that's where I think the true trouble is.
All that said, it's really easy to say: "should've dropped it in neutral" when you're sitting on your couch.
tuna55
PowerDork
10/30/13 7:32 a.m.
JoeyM wrote:
novaderrik wrote:
i thought it was floormats and driver error?
If you could shift into neutral, it is still driver error.
If you could still stop the car with the brakes at WoT, it is still driver error.
Nothing has ever been proven to say that the throttles stuck open on any of these cases. Anyone can find ghosts in software, and one expert will claim another expert's code is foolish and reckless. If this was real, a lot more issues would be popping up.
In reply to tuna55:
With actual cars on dynos they could reliably make it accelerate with the driver flat on the brake and off the accelerator. I agree, we'd see more if it was a common case, but that's pretty messed up.
accordionfolder wrote:
All that said, it's really easy to say: "should've dropped it in neutral" when you're sitting on your couch.
this is kinda my point...ever watch someone on video in a serious panic moment? Most people are frozen, and barely able to keep their eye on whatever is causing the danger. Precious few actually take action. Those who do snap into action are typically those trained to do so (enthusiasts even?).
Jane Doe suburban soccer mom is probably not a member of that latter group.
4cylndrfury wrote:
JoeyM wrote:
novaderrik wrote:
i thought it was floormats and driver error?
If you could shift into neutral, it is still driver error.
This is why we cant have nice things
Do me a favor, find neutral in this thing when youre having an OHBERKME moment of epic proportions. When your sphincter is in transform-coal-into-diamonds mode because your fancy deathslead feels like eating its master, me thinks that may prove difficult
Exactly. A few years ago a friend of the family, an older gentleman in his 70s, bought a new Camry. He had it several weeks and ended up plowing into a parked car at Walmarts. His story was, "OMG it just took off, the engine was roaring, I was pressing as hard as I could on the brake but it wouldn't stop". Now granted we don't know exactly what happened or why. And being old with slow reflexes doesn't help but if it is Toyotas fault can you expect him to shift into neutral all in a matter of seconds?
MCarp22
HalfDork
10/30/13 7:40 a.m.
4cylndrfury wrote: Do me a favor, find neutral in this thing when youre having an OHBERKME moment of epic proportions.
Presuming the shifter is in "D" then N is still straight forward one click. You don't even have to look.
JoeyM
Mod Squad
10/30/13 7:48 a.m.
MCarp22 wrote:
4cylndrfury wrote: Do me a favor, find neutral in this thing when youre having an OHBERKME moment of epic proportions.
Presuming the shifter is in "D" then N is still straight forward one click. You don't even have to look.
+1 most automatics are PRNDL....If you drive it, you should know it.
(...and ten bucks says the older gentleman was stepping on the gas instead of the brake. He panicked, stomped harder, and that's why the engine was racing.)
In reply to MCarp22: I think the point he was making was while we (as car people/enthusiasts/whatever) would think, "hey, bump this bitch into neutral."
My fiance would think: ";lkajf;oiejwafnklko;iajwlekvjaw;lejfioawjefjwaelkfjaj"
Congrats guys...I bet it was really exciting the day you all went pro. Im sure there hasnt been such a gathering of armchair QBs like this in our lifetime...
I hate the electronic throttle in my Volvo, but its gonna kill me for the opposite reason- it picks up a glitch, it shuts down. It picks up a glitch regularly in the winter, after its gotten icy from driving in snow...Nothing more fun than hitting the main road comfortably in front of a bus, only to have the berkeleying thing shut off. AAAHHHH- Hurry- neutral, shut off, restart, stand on it AAAAHHHH!
wae
Reader
10/30/13 8:06 a.m.
I can't remember which of the rentals I had recently that was like this -- I think it was the Focus, but I could be wrong -- but the shifter would not push forward to go in to neutral without first depressing the button. I always thought that the ability to simply slap the stick forward out of drive was a safety feature so that you could get it out of drive quickly, without thinking, and without the chance of accidentally going too far and finding reverse. I found it a bit disconcerting, honestly.
I make my living on technology, love all my shiny toys, think fuel injection is a game-changing improvement over carbs, was thrilled to never have to screw with a distributor, and would love nothing more than to megasquirt all the things. I'd still rather not have servos and computers translate my gas pedal, brake, or steering inputs for me. I'll take cables and hydraulics, thankyouverymuch.
EDIT: Actually, the only real annoying thing about the throttle-by-wire on the Mazda 5 and on my E-150 (I'm really only assuming it's by wire, based on how it behaves) is that when you're using cruise control, you can't easily get your foot on the throttle to hold it in place when you cancel the cruise and you can't really tell by feel how much accelerator input the system is giving the car. It kind of messes with my ability to drive smoothly, resulting in a bit of a jolt or nudge when you hit the cruise cancel button.
Also, on the Mazda 5, trying to left-foot brake while standing on the gas causes the gas to just cut out. Which, I guess is expected behavior as an override, but I wish I had an easy way to turn that off.