Toyota Pedal Issue Highlights Move To Electronics

cyclocommuter writes with an excerpt from a brief WSJ story on increasing electronic control of car components: "The gas pedal system used Toyota Motor Co.'s recall crisis was born from a movement in the auto industry to rely more on electronics to carry out a vehicle's most critical functions. The intricacy of such systems, which replace hoses and hydraulic fluid with computer chips and electrical sensors, has been a focus as Toyota struggled to find the cause for sudden acceleration of vehicles that led the company to halt sales of eight models this week."

Moving too fast

[BadAnalogyGuy]

This is really a case of technology moving too fast for its own good.

The fundamental concept behind Japan's quality is kaizen. This is the constant improvement on existing techniques and technology. By starting with what works, it is simpler to build in very small steps without losing any quality along the way.

However, due to perceived pressures from non-Japanese automakers, companies like Toyota have begun bold initiatives to modernize their cars. The typical automotive embedded system is fairly simple (relatively speaking, of course). There are only a few inputs and only a few outputs and the systems are usually isolated from each other. However, as more features become desired, more interaction between isolated systems becomes a reality. The gas pedal used to only manage the amount of fuel fed to the injection valves. Nowadays it works in tandem with the brake system and suspension to manage tire slippage and traction control.

In this case, Toyota implemented a very complex system without a series of solid intermediate steps. The result is catastrophic failure when unforeseen interactions suddenly arise. If they were slowly adding features, they could immediately pinpoint the problematic interaction. However because they did it all at once they don't have any idea where the problem lies.

It makes me want to buy an American car.

Re:Drive By Wire not really the problem

[sjames]

Before that, they claimed it was the floormat, even though at least one credible incident report was for a car where the floormats were removed.

Now they claim the pedal sticks down in spite of the reports including cases where the car takes off while at highway speed or while stopped. A sticky pedal cannot explain sudden acceleration, only a failure to stop accelerating.

They seem to be dodging the issue of the car refusing to shift into neutral while at speed even though restoring that simple bit of functionality would greatly improve safety. The controller should really take the hint and digore the accelerator at that point.

As a Chrysler owner I don't understand

[OrangeTide]

This kind of stuff is par for the course if you own a Chrysler. Last year my PT Cruiser decided to get stuck with the throttle about 1/3rd down. It was really fun to park that way (a terrifying sort of fun). Chryslers are famous for bursting into flames, having brakes fail for no reason (which is what the emergency brake is for), and numerous other problems that normal people would consider to be a safety hazard.

When my car got stuck, sure it was a little surprising at first, hard to slow down for the turn I already committed myself to (stood with my full weight on the brake) but after that I put it in neutral (it is an automatic, they have an N position) and when the motor started revving like crazy I just turned off my engine (careful to only click once so the steering wheel lock isn't activated), flipped on my hazard lights and coasted to a place where I could pull over conveniently.

What I don't understand is how I can figure this out, but a CHP officer kills his family in a 100mph crash from the same sort of problem? Yes, he got going that fast, without ever thinking about just turning the damn thing off. California's finest indeed, it's sad because the CHP are held up as experts in driving and safety.

If people aren't able to deduce what they are supposed to do in an emergency on their own in a timely matter, then we must make safety training mandatory for all drivers. It should go into what to do if your brakes don't work, accellerator gets stuck, car catches on fire, car rolls over and you're trapped, and the thousand other things that can happen to you in a car. And there should be a test, it should be a hard test, and you should get an insurance discount if you score over 90%. And you get the opportunity to retake it once a year, but your best score is good forever.

Re:As a Chrysler owner I don't understand

[0123456]

What I don't understand is how I can figure this out, but a CHP officer kills his family in a 100mph crash from the same sort of problem? Yes, he got going that fast, without ever thinking about just turning the damn thing off.

Uh, these stupid push-button starter gadgets are designed to prevent you from accidentally turning them off because that would be 'dangerous'. In this case I believe you have to hold the button in for a few seconds to turn off the engine, and if you just got in the car and don't realise then you might well assume that the starter is broken too.

So as I understand it the problem was not just a hardware/software fault, but a hardware/software fault combined with user-unfriendly non-standard design which made the normal responses far more difficult than they should have been.

missing option Manual Transmission

[rossdee]

Back in my day, cars had a 3rd pedal on the floor called the clutch. If your throttle got stuck you could hit the clutch pedal and cut the power to the transmission.

Re:missing option Manual Transmission

[Hurricane78]

Is Germany, only pussies drive automatic cars. And we laugh at them. They’re for people who can’t drive.
Really. Automatic cars are the exception here. And for good reasons.
Try playing Richard Burns Rally with automatic gear shifting, and you will see them. :)

Re:Safety Critical

My girlfriend recently purchased a new car that has push button ignition. She decided to show off the car to one of her friends and took it out for a demo drive at night (and luckily only around the local suburbs). While driving, the friend was attempting to locate the navigation controls and pressed the ignition button... which completely turned the car off and left the two of them coasting in the dark with no headlights. Needless to say they freaked out but managed to stop the car without incident. Still, entirely too easy to accidentally disable a moving vehicle.

Ford 'cruise control terror driver' excellent link

[pipedwho]

This article (happened in Australia - linked related articles contain more information): http://www.abc.net.au/news/stories/2009/12/16/2773868.htm

describes a problem with a Ford Territory getting stuck with the cruise control actively trying to keep the vehicle at 100km/hr.

A couple of things to answer the 'this guy was idiot, I'm so clever it wouldn't have happened to me' crowd:

1. He couldn't turn off the ignition as the car won't let you do that if the car is moving.

2. He couldn't shift to neutral because the car wouldn't let him push the shift release button. (It was an automatic, so no clutch pedal.)

3. Pushing the brake wasn't helping enough to stop the car. (In the end it worked, but he had to jump on it with both feet all his adrenaline fuelled strength while pulling as hard as he could on the handbrake.)

4. The accelerator pedal only worked to speed him up, It wasn't a pedal 'sticking to the mat' issue, as the car was holding itself exactly to the speed of the cruise control.

5. The car was going too fast to just ram into a barrier or tree, etc.

6. The guy called Ford Australia (on his mobile phone), who couldn't help him and put him on hold. So then he called the police who, to their credit, cleared the road ahead and kept him calm enough to eventually get the car to stop. The total ordeal lasted 50 minutes.

7. The recording of the police call was released and played on the news and it was pretty obvious that both the guy and the police were doing everything to get the car to stop. This was not a situation where a quick two second phone call to a know-it-all Slashdotter would have solved the problem.

Anyway, I can't believe this news didn't make Slashdot when it happened a couple of months ago, as it contains considerably more information than the usual fare on this topic.

My idea

[Chicken_Kickers]

Talking out of my ass here but I gather that the 3 second delay is to prevent accidental shut-off of the engine due to bumping into the button etc. The solution is to do away with the 3 second delay and have a hinged transparent plastic cover over the ignition button, ala those found on fighter jet joysticks. To press the button, you have to manually lift the plastic cover, preventing accidental presses. Simple solution for an unnecessary problem.

This is pure speculation, but my gut says ECM

[ChangeOnInstall]

This may well be speculative crap, but at least based on the anecdotal incidents I keep hearing about, this sounds like an ECM problem.

First Toyota blamed floor mats. That immediately causes consumers to think that the problem was the fault of idiot drivers, not Toyota itself. The typical person's reaction would rightfully be something along the lines of "duh, if you stack floormats under the accelerator, it's going to stick...this is not Toyota's fault".

Now Toyota blames the pedal. And the pedal manufacturer. Again a simple system that people understand...that can be labeled as obviously defective and replaced with something theoretically not defective, bringing about peace of mind.

Finally Toyota is going to "go the extra mile" and update the ECMs to cause pressing the brake to cut the throttle. I imagine this is an algorithmic (code) change to the ECM, not just new calibrations. Apparently Toyota uses a proprietary ECM that is not very "hackable". That is, it's very closed in comparison to items like those in GMs and VW/Audis where there are cottage industries of tinkerers who have decompiled the code, modified calibrations for performance and economy, and even modified the algorithms themselves. (You don't see things like VAGCOM or EFILive for Toyotas.)

Point being, if they update the ECM and it is all proprietary stuff and there's no easy way to diff it (or an adequate number of eyes to catch the difference) they can fix the problem and scapegoat the pedal manufacturer. And potentially leave a lot of dangerous vehicles on the road to save face.

The biggest hole I can find in this idea is where I'm getting my data. Random reports from people, a lot of whom seem to claim their vehicles accelerated from a stop. And of course it's all stuff reported by the popular news media. And of course a lot of folks who rear-ended someone in their Toyota are going to suggest anything other than their own actions being the cause.

But being a software developer, the more I hear about this, the more it stinks of software. An ECM has too many variables to simulate all possible conditions, so you must rely on the algorithms to work correctly. My gut says there's a tiny hole in there somewhere, where most users will never encounter it.

Re:Safety Critical

[drinkypoo]

That's true; I was thinking of gas-engine cars. Diesels don't even have a throttle if I understand properly; the "gas pedal" directly controls how much fuel is injected, whereas in a gas engine, it opens the throttle plate, and the carburetor/EFI adds more fuel when more air is present.

Yeah, diesels don't have throttles. In a mechanically-regulated diesel, there's a governor. I forget what they are called, but it's like those things you see on old engines or in steampunk designs where the weights get thrown out by centripetal force and compress a spring; the more RPMs, the further the spring is depressed, until a point of stasis is reached. The pedal controls the spring position. The lever action caused by throwing out the weights controls fuel delivery. These governors are the origin of the phrase "balls out". Electronic diesels have a pedal position sensor and regulate fuel delivery electronically.

I own a Camry 2009 - I too suspect it is the ECM

[rcb1974]

I'm also a software developer, and an owner of a Camry 2009. I suspect a software or computer glitch is the root cause. I've experienced unintended acceleration in my Camry twice while I was cruising on a flat straight road going about 38MPH. Both my feet were completely motionless both times it happened. While my right foot was steady on the accelerator, the car just sped up (by about 1 to 2MPH/second) for about 2.5 seconds. I was like WTF was that!?!?! So far, I've only had it happen a few times, but I know it wasn't caused by the fricking floor mat. Last year when I heard Toyota blame it on the floor mat I got so upset because, based on my experience, I knew it wasn't caused by the floor mat. I don't know why Toyota is so reluctant to audit their computer hardware/software. Toyota should be forced to release all the code that is in any way/shape/form connected to the throttle and accelerator pedal for public scrutiny. It will cost them essentially nothing to post the code on their website, so there is no reason not to do this. Since buggy code could jeopardize the safety of the public, the code should be publicly available. Read my post from last year about this here: http://slashdot.org/comments.pl?sid=1430048&cid=29976746&art_pos=18 My guess is that is probably some stupid divide by zero or integer overflow glitch.