NHTSA Has No Software Engineers To Analyze Toyota

thecarchik writes "An official from the National Highway Traffic Safety Administration told investigators that the agency doesn't employ any electrical engineers or software engineers, leaving them woefully unable to investigate correctly what caused the most recent Toyota recall. A modern luxury car has something close to 100 million lines of software code in it, running on 70 to 100 microprocessors. And according to consultant Frost & Sullivan, that number will rise to 200 to 300 million lines within a few years. And the software that controls the 'drive-by-wire' accelerators of Toyota and Lexus vehicles is one potential culprit in the tangled collection of issues, allegations, and recalls of many of those vehicles for so-called 'sudden acceleration' problems."

Re:Heads better roll

[tonywong]

What is wrong is that everyone started believing the mantra that smaller government is better government. This isn't just limited to the United States.

In Canada, the province where I live (Alberta), derives a major part of its revenues from oil and gas. In the same conservative government 35 years ago, we had 2 independent arms of the government who could determine how much royalties were owed to the government from the oil and gas producers.

Today, we have no one in our government who is able to determine how much we should be collecting and therefore have to rely upon the oil and gas companies to tell use how much they are supposed to remit. Our own government auditor believes we have been bilked out of billions yet somehow we have a leaner and, ahem, more efficient government.

Just remember that the only thing to stand up to a big business nowadays is big government, and the goal of any big business is to convince everyone that a small government can watch over big business just like a big government can.

Re:Heads better roll

[je+ne+sais+quoi]

I don't why I even respond because I'm sure to get a troll mod but I'd just like to point out that one of the major political parties solution to bad government is no government at all. This poorly functioning government is a direct result of the dual conservative mantras: 1) deregulation of markets is necessary for them to perform well and 2) less government is better. We saw how well #1 worked in the banking industry, this is more of the same. #2 results in chronically understaffed government agencies, or government agencies not able to do what they're supposed to do (e.g. the Republican senators holding up Obama's appointees right now).

My parents both worked for the FDA and if the NHTSA operates in any similar way to the FDA, it's a shadow of itself in the 1970s. For the FDA that means that there are less food inspectors and no surprise, there is a rise in food poisoning incidents. I wouldn't be surprised if NHTSA is also chronically understaffed. Additionally, even if individual government workers wanted to do their jobs, they are often prevented by doing so because that is not perceived as "business friendly". The political appointees who run the show are in the thrall of private industry, in fact, they are often people taken directly from private industry (e.g. big pharma lobbyists often run the FDA). This "government capture" is the fault of the democrats just as much as the republicans, e.g. Obama lied about hiring lobbyists in his campaign. Basically, we have a non-functioning government and one party's answer to this is the get rid of the thing all together. That is one solution but that wouldn't prevent things like this incident with Toyota.

I'm sure Toyota will do the right thing though, because that would be in its interests as a good corporate citizen. *snicker*

Re:Here come the shackles.

[Beardo+the+Bearded]

Dunno.

My kids were runover by an out-of-control Mustang about four years ago. There was nothing mechanically wrong with the car. Maybe it was driver error. I don't know, but apparently the accelerator was still stuck to the floor when the police got there. I remember how the cruise control on the cars I've owned will lower the accelerator when the CC is accelerating.

I've always blamed the firmware. Maybe that's because I'm an EE who used to write firmware for a living. (Firmware that's been in use in life-critical applications for five years with a 0% failure rate.) Odds are the code is shit and there's an edge case that nobody thought about. Maybe there's an uninitialized variable in there. I've seen it happen before. Of course, I'm not Woz-brand, so my opinion doesn't mean a thing.

For some reason, the various regulatory agencies (i.e. Engineering Associations) have been rolling over and letting the manufacturers put any code they want into public use without any thought that hey, maybe we should get someone with some credentials to look into it. I've tried to mention it to mine, no results. Maybe they're dinosaurs who think that engineering is about roads and sometimes other things, like buildings and handrails. Software can't hurt people, can it?

This problem is not limited to Toyota, and we've only just seen the beginning. I guarantee that other manufacturers are clenchinging their butts hoping that nobody in the media wonders about all the intermittent "floor mat" problems.

Re:100 million lines? Sure, we will get right on i

[bhtooefr]

And they said in a modern luxury car.

So that's all the code in the following computers:

Engine (controls throttle and such)
Transmission
Collision avoidance (ABS, traction control, etc. TPMS is usually here, too, because it's sometimes part of the ABS system to save costs)
Safety (airbags, seatbelt pretensioners, etc.)
Central convenience (security system, power locks, power windows, cabin illumination, in some cars even the exterior lighting goes through central convenience)
HVAC
Instrumentation (yep, there's a computer dedicated to that - and some security functions are sometimes in there)
Entertainment (navigation, stereo, DVD, etc., etc.)

And all these systems are interconnected.

You get in your car (central convenience deactivates security upon receiving the signal, and when you open the door, it illuminates the cabin, alerts the engine computer that a start is imminent, possibly starting fuel pumps, on diesel cars turning on the glow plugs, etc., etc., and notifies the instrument cluster that the door is ajar.)

You insert your key into the ignition (yes, I know about push-button start,) and start the engine (engine computer starts up, after which the instrument cluster polls the RFID chip on the key. If it can't get a read, it immediately requests that the engine computer shut down.)

You decide that you want a little heat before you set off, so you use your steering wheel controls (which go through instrumentation) to set HVAC settings, and then you figure some music won't hurt (entertainment.) Then, you remember that you don't know where you're going, so you punch the address into the navigation system, and it feeds directions back to the instrument cluster.

Now, you put the car into gear. The transmission computer notifies the other computers about this, and the engine computer adjusts the idle fueling to compensate. The instrument computer reflects the gear change. The central convenience module turns on the daytime running lights. The entertainment system might prevent you from using the touchscreen interface. The safety computer may become more persistent about reminding you that you didn't put on your seat belt, and will notify the instrument cluster of this, to annoy you more.

After you put your seatbelt on, you let off the brake and pull out of your parking space. Obviously, the engine computer and transmission computer are working together here, the instrument cluster is constantly updating the status of those (and the entertainment computer, which is noting the changes in vehicle position.) After you hit 10 MPH, the engine or transmission computer sends a request to the central convenience module to lock the doors.

Now, you're going down the freeway, and right in front of you, a semi truck loses control, and flips onto its side. You jam on the brakes, which kills engine power immediately (engine computer, and the transmission computer is affected as well, and this all gets fed back to the instrument computer.) Collision avoidance computer activates ABS and (as you're attempting to swerve out of the way) stability control, and notifies the central convenience computer that you're undergoing a panic stop, and to activate the hazards.

Unfortunately, you don't have enough time and room to stop, and you hit the semi. The safety computer notices this, and fires the seatbelt pretensioners and the appropriate airbags. Once that's done, there's some less immediate concerns. It would be a bad idea to leave the engine running, so the safety computer requests an engine shutdown. The transmission computer may be requested to shift to neutral, to make moving the wreck easier. The entertainment system will be told to stop playing music, and if it's got a system like OnStar (which used to be yet another TWO separate computers off of the entertainment system,) an emergency call initiated. Instrumentation is of course updating the status of all of this. HVAC may be set to off. The collision avoidance computer will still be trying to keep t

unlikely, given most networks are separated

[SuperBanana]

Here comes DO-178B for cars.

The vehicle drivetrain network is very often, if not always, separate from the "entertainment" network; Audi, for example, runs two separate CAN busses for them. The original story hypes things a bit; there may be 70-100 microCONTROLLERS, but half or more of them are "body" (ie windows, sunroof, etc) or "entertainment"(audio, navigation) related and thus don't really need to be reviewed.

The vast majority of them do very, very simple things, mostly sending CAN bus messages or responding to CAN bus commands. Ie, you move the wiper stalk. The microcontroller for the steering wheel controls says "the stalk moved" either to the wiper motor interface or a 'body control' computer, which then sends a command to the wipers.

The code review for most of the modules, as a result, is extremely simple- they're just (mostly digital) I/O boxes. Some of them are things like fuel pump modules, which at most have some diagnostic capabilities (like current draw from the pump, pressure sensor, etc.)

The code review will not be very problematic for engine computers, because (gasp!) they're not made by car manufacturers. Bosch, Magnetti Marelli, Hitachi, and a couple of other companies are the primary producers. And guess what? The code is largely the same car-to-car. Parameters are changed- code doesn't, so much. And car companies share "platforms", which further simplifies things.

It's not nearly as scary as it sounds.

Re:With all the recent US layoffs ...

[sconeu]

But if he is lying then he is telling the truth
and if he is telling the truth he is lying...

NORMAN COORDINATE!!!!!

Legitimate checks to power

[copponex]

The government doesn't have to do anything complicated. It just has to have the ability to strike fear into the hearts of the business community it's supposed to regulate.

This requires a few things: an independent media, which we don't have; a civically informed populace that takes it's democratic duties seriously, which we don't have; and a culture that values human dignity over profits, which we don't have.

In cultures that do have all of these things, government regulation works very well and fosters progress, since you don't have to constantly worry about getting screwed over, you don't have to wonder if you'll have access to medical care, or a good public school, or a good safety net to get you back on your feet if your fall ill, get in an accident, or whatever.

Clear and concise regulation with real penalties for breaking those regulations fosters competitive markets. Diminishing the government to the point where it can be bought and sold by businesses usually leads to fascism. The markets destroy themselves with greed, destabilize the economy (and eventually the whole society), and further concentrate wealth and power until you have a virtual oligarchy sprinkled with political theater.