Slashdot Mirror

← Back to Stories (view on slashdot.org)

Should I Take Toyota's Software Update?

Posted by kdawson on from the no-brakes-on-the-rolling-dice dept.

kiehlster writes "I'm a software developer, and I know that most software has bugs, but how much trust can we put in the many lines of code found in our automobiles? I have a 2009 Camry that is involved in both of the recent Toyota recalls. As part of the floor-mat issue, they're offering to install a software update that would cause 'the brake pedal to take precedence over the gas pedal if both were pressed,' or, as their latest notice states, 'would cut power to the engine if both pedals were pressed.' In the computer world, we're all taught to install firmware updates only if there is a real problem because a large percentage of firmware updates actually brick the hardware or cause other unforeseen consequences. On a base of 100 million lines of code, can I really trust a software update to work safely when it is delivered in a three-month development cycle? My driving habits don't cause the floor mat to slide much, so I see the update as overkill. What do you think? If it doesn't void the warranty, should I tell them to skip the update?"

30 of 750 comments (clear)

  1. You're looking at it wrong. by Anonymous Coward · · Score: 5, Insightful

    You already took the 100 million lines of code when you bought the car.

    Now do you want the bug fixes, or would you rather find out what a "fatal exception" means in more physical terms?

    1. Re:You're looking at it wrong. by Sir_Lewk · · Score: 5, Insightful

      That's like using the LOC count of a disassembled program written in C to express the size of the original code.

      --
      "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
    2. Re:You're looking at it wrong. by urulokion · · Score: 4, Insightful

      I doubt the primary motivation is because of a suspected software problem. I'd say the primary motivation is because Toyota is the one (or one of the few) car manufacture that didn't have a brake-override feature in their fly-by-wire vehicles. After all of the publicity about the raw away cars, they are pulling out the stops to prevent it from getting worse.

      I think it was Car and Driver who did a test of vehicles which had fly-by-wire throttle systems to see how they handled under runaway conditions. They basically took the cars up to certain speeds (20, 40 and 60 MPH IIRC), kept the throttle depressed, and then tried to stop the car with brakes and emergency breaks. Every vehicle with the brake override system, the engines immediately went down to idle power when the brakes where pressed even with the thottle held down. It was very easy to bring the vehicle to a controlled stop.

      The Toyotas w/o the brake override system could be stopped if you were at slow speeds with a lot of effort on the brakes and emergency brake. At higher speeds, the breaks where not enough to stop the vehicle with only the brakes. They also tried turning the vehicles off which would stop the vehicle, but the driver had to manhandle the vehicle w/o benefit of power steering and power brakes.

      Side note: The Toyota Prius has a surprising amount of power at full ouput. That's when the gas engine is driving the wheels, teh eletric drive motor is drawing off teh traction battery to drive the wheels, and the gas engine is driving a secondary motor/generator to creating electricity which is feed to the eletric drive motor. The secondary motor/generator is normally used to recharge the traction battery when the car is operating in usual conditions.

      I was doing 65-75 MPH up the foothills in Arizona and Southern California. I was outdoing a lot of other vehicles with power engines. My cruise control kept at the set speed and didn't slow down at all. Unfortunately the Prius can only maintain that kind of output as the traction battery charge lasts. And the gas milage really sucks in that mode.

    3. Re:You're looking at it wrong. by schlesinm · · Score: 5, Insightful

      The dealer is doing the firmware update as part of the recall. If they brick your car because the firmware modification goes wrong, then they replace the bricked part. There is no risk on that side. So the big question is do you want a fix for a known bug or do you want to keep the buggy firmware. And as the parent says, if you don't do the upgrade, then if the bug happens to you the insurance company and manufacturer will deny your claim because you refused to fix the bug.

      --
      My company home page
    4. Re:You're looking at it wrong. by Anonymous Coward · · Score: 3, Insightful

      EXACTLY.

      1) What is your basis for claiming it is 100m lines of code.
      2) Just because the recall was announced 3 months ago doesn't mean that when they started working on a fix.
      3) It's not just your inability to get coverage for yourself if this "bug" affects you, you may have personal liability for others you injure in the process.

    5. Re:You're looking at it wrong. by netsharc · · Score: 3, Insightful

      Presumably they will deny his claims not just for this particular bug, but for anything he wants to claim!

      --
      What time is it/will be over there? Check with my iPhone app!
    6. Re:You're looking at it wrong. by DerekLyons · · Score: 5, Insightful

      So he's using it wrong because he optimizes it and actually evaluates the running code, and you're using it correctly because you treat it as a black box?

      Interesting.

    7. Re:You're looking at it wrong. by cgenman · · Score: 5, Insightful

      I would add that the "floor mat" excuse always sounded like BS to me. I'm guessing there is a firmware bug in there somewhere that they can't find that just registers the gas pedal as down. They'd never admit to that, as it would reduce the public perception of security of drive-by-wire systems, and might introduce expensive public testing procedures.

      In that case, your only chance is the brake overriding the gas (a process which should have been true from the beginning anyway). Of course, it might be something else and you might still be screwed... unknown computer bugs are like that.

      --
      The ______ Agenda
    8. Re:You're looking at it wrong. by ckaminski · · Score: 4, Insightful

      Which is why I don't like push-button ignition. If my car ever goes into hyperdrive because of a stuck throttle, I take comfort in knowing I still have a kill switch, and I grew up driving tractors and cars without power steering or power-assist braking, so I can cope.

      How can I trust that that push-button ignition will still shut off the car? I know it's conceivable that even a key-start ignition might turn all ignition control over to an ECM, but who's done that?

    9. Re:You're looking at it wrong. by clone53421 · · Score: 3, Insightful

      If my car ever goes into hyperdrive because of a stuck throttle, I take comfort in knowing I still have a kill switch, and I grew up driving tractors and cars without power steering or power-assist braking, so I can cope.

      Of course, if your car ever does go into hyperdrive, you’ll probably be several light-years away by the time you can hit the kill switch, and you’ll have hard vacuum to cope with (assuming you haven’t passed right through the core of a nearby star or planet).

      --
      Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
    10. Re:You're looking at it wrong. by RotsiserMho · · Score: 5, Insightful

      Or the first guy is using it wrong and taking the chance of introducing even MORE bugs (more cooks in the kitchen) while the second guy is relying on code that has been tested time and time again, not only by the Mathworks, but by all of their customers as well. Tell me, when writing code for Linux do you re-evaluate every line of the kernel or treat it as a black box? One of our largest customers (a Fortune 100 heavy equipment manufacturer) relies on generated code to control their engines. And these are big engines. The Mathworks produces very solid code allowing developers to create control systems very quickly that are time-tested to be reliable. That being said, that doesn't mean Toyota simply didn't connect the blocks wrong in this case. A human is still responsible for the logic.

    11. Re:You're looking at it wrong. by nacturation · · Score: 4, Insightful

      Push-button ignition can be turned off by holding down the button (kind of like with a computer)...

      ... and waiting for the software interrupt to get picked up by the CPU, which may be in a hung state.

      --
      Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
    12. Re:You're looking at it wrong. by sorak · · Score: 4, Insightful

      Push-button ignition can be turned off by holding down the button (kind of like with a computer)...

      ... and waiting for the software interrupt to get picked up by the CPU, which may be in a hung state.

      Not to mention that it's hard to hold a button down for three seconds while you're weaving in and out of traffic and urinating on yourself.

  2. huh? by pele · · Score: 4, Insightful

    Are you for real?

    1. Re:huh? by Aladrin · · Score: 3, Insightful

      Wow, self-referential AND accurate. Amazing!

      --
      "If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
  3. yes by samyem · · Score: 4, Insightful

    yes

    1. Re:yes by Anonymous Coward · · Score: 5, Insightful

      Uh - if the dealership "bricks" your car by applying the update they will fix it for free. This question is just plain stupid - get the damn update. If something ever happens and you crash your car the first thing they will say is that you declined to apply their update and so they are not liable.

  4. Umm... yes by Anonymous Coward · · Score: 5, Insightful

    Unpatched PCs are bad enough. If I can't go outside because of morons with unpatched cars, I will be very unhappy.

  5. Take the update by FrYGuY101 · · Score: 5, Insightful

    If it bricks, the Dealer's going to be the one who has to replace it. As far as I look at it, it's zero risk, financially.

    Safety wise, it fixes a known bug.

    Take the update.

    --
    "If we let things terrify us, life will not be worth living."

    - Seneca
    1. Re:Take the update by Goobermunch · · Score: 5, Insightful

      A bug that you know about. If, by chance, you find yourself in an accident, and get sued, I doubt a jury is going to look kindly on the "I passed up on the fix for the known bug because I thought it might brick my car" defense. If you pass on the deal, you are essentially taking full responsibility for Toyota's bad code.

      That's not a good choice.

      --AC

  6. Absolutely by onyxruby · · Score: 4, Insightful

    Think of this a few different ways. First from a liability standpoint, you are considering actively refusing a fix for a known bug that has killed people. If you ever sell your car and it can be proved you actively refused this you could be on the hook both civilly and criminally. Second from a liability standpoint, Toyota is now assuming liability for this, if they brick your car, they are liable for fixing it. Third, this is a known bug that has killed people, are you bloody nuts? This is not a software bug that results in a software crash, this is a software bug that results in a real world crash!

  7. Jane, you ignorant slut... by HotNeedleOfInquiry · · Score: 4, Insightful

    In the computer world, we're all taught to install firmware updates only if there is a real problem because a large percentage of firmware updates actually brick the hardware or cause other unforeseen consequences.

    Nobody taught you that. You pulled it out of your ass so you'd sound officious and get a post on /.

    The vast majority of firmware updates work, fix problems and don't brick devices. Much more of this shit that gets by as posts and I'll be begging for Jon Katz to come back.

    --
    "Eve of Destruction", it's not just for old hippies anymore...
  8. no shortage of reckless idiots by Anonymous Coward · · Score: 3, Insightful

    So based on vague general principles without any specific knowledge of the engineering issues involved you are refusing to install a manufacturer recommended safety fix. In an accident situation this is arguably evidence of a reckless disregard for human life. Good luck with your insurance company.

  9. it is an error catching routine by computerchimp · · Score: 3, Insightful

    Yes. Toyota's mechnical fix may not be the actual fix and the root issue may be a software based one.

    The software update is a failsafe, think of it as an error catching routine. All programs can benefit from error catching routines, problem is that programmers don't have enough time to program for every error possibility. Toyota has taken the time to add one to their cars.

    cc

  10. If you don't by cmiller173 · · Score: 4, Insightful

    If you don't take the patch and later have the problem you will likely have lost the ability to sue if necessary. Also, if you live in a state with the concept of "contributory negligence" in it's laws you could be found partially or fully at fault for any accidents that would have been prevented by the patch. Eventually insurance companies are going to realize that they could deny claims in accidents if the driver's car is not fully patched. So yes, take the patch

  11. I will be getting that firmware update by urulokion · · Score: 4, Insightful

    I have an '09 Prius. And I'll be getting that firmware update. It's a feature they should have included in the first place. It's not the best implementation of the brake override I'd like. What I'd really like to have an electrical circuit connection between the brake pedal and the throttle fly-by-wire assembly. When the circuit is tripped, the throttle position output of the assembly drops to 0 regardless of actual pedal position or sensor position. But that would require new hardware.

    I'm getting the update because if the engine does start runaway acceleration, the brakes aren't enough to overcome the hybrid system's output. I know the right thing to do would be to put the car into neutral and get it safely off the road. But I don't react well to stressful situations.

  12. Toyotaphobia getting out of hand by guanxi · · Score: 4, Insightful

    I think the anti-Toyota mania is getting a little out of hand. The problem caused 34 deaths in 10 years. Given the tens (hundreds?) of millions of Toyotas on the road, it's actually not a big deal. It's an unimaginable tragedy to the people and families that died, and it should be fixed. But as a public safety issue, more people died of lightening strikes and bee stings during that period. Heart disease kills over 1,000 Americans per day. Let's keep it in perspective.

    Now we don't trust their firmware updates? I think their safety record is pretty good. You're driving their car at death-defying speeds, aren't you?

    The concept of a firmware update for your car is pretty interesting, though.

  13. I call shanagans. by moogied · · Score: 3, Insightful
    I highly doubt this guy is a developer. If he was he would understand how fixing a peice of already running software goes... especially with a known bug. Almost all patches are done in short development cycle because its an easy fix once you find what caused it.

    To illustrate my point, take a made up piece of code that takes the position of 1 sensor, and uses that to control a servo. Lets say that for whatever reason a peice of the code looks like: ServoPosition =(sensor1 + offset) * ServoOffset

    Offset is used to correct for initial installation differences for the sensor, so the sensor can detect where it normally sits at idle(when not pressed) so that it can calculate its real position and not its perceived one. NOW! Lets go one step further and say the offset is suppose to be a static variable the entire time the loop is running.. but what if, WHAT IF, the code doesn't lock the offset variable, and for whatever reason the chip is restarting its program over and over again, increasing the size of the offset variable. Eventually, this could cause the sensors to detect the pedal being floored, when its not. So how do you fix that? Remove the offset variable from the part that could be ran over and over again. Be sure to always set it to 0 when you restart the loop.

    And then you wonder if its safe? Really they changed less then 1% of there code you fake developer.

    --
    So basically, -1 troll/offtopic is really slashdots way of saying "I hate that you thought of something before me."
  14. Re:Their new slogan by Sperbels · · Score: 4, Insightful

    Where was the Spanish Inquisition errr... Congress when Ford had to recall 4.5 million cars a few months ago due to their cruise control causing fires?

    Agreed. This has the feel of a smear campaign to put GM back on top.

  15. Flawed Fix by Temujin_12 · · Score: 3, Insightful

    would cut power to the engine if both pedals were pressed

    So anyone who starts from a stop on a steep incline by slowly depressing the brake while simultaneously pressing the gas to avoid rolling back into the vehicle behind them will now stall their vehicle?

    The accidents that have occurred as a result of this are tragic. But adding quirky behavior as a stop-gap measure seems ridiculous and sets a bad precedent. Is there anything out there to make sure vehicle behavior is reasonably consistent across different vehicles (or even vehicle firmware versions)? Or are we going to have to be aware of all the different firmware ins and outs between different models and firmware versions.

    I've been especially surprised at the fact that so many people seem to think that sudden acceleration is unstoppable. If you're driving a vehicle that suddenly accelerates and you cannot prevent the acceleration PUT THE VEHICLE IN NEUTRAL OR DOWNSHIFT (and yes you can downshift with automatics)! How people can get their driver's license while thinking the only way to slow/stop a vehicle is to press the brake is beyond me. I know panic can set in and can make reacting to unexpected dangerous situations difficult, but isn't that why you had a learner's permit first? My father took me to an empty lot and had me practice reacting to different situations that you can encounter which can be dangerous if you panic (ie: sliding, hydroplaning, slamming on brakes, etc.). Perhaps drivers education courses should focus more on these kinds of situations rather than merely how to obey traffic laws.

    --
    Faith is a willingness to accept something w/o complete proof and to act on it. Reason allows you to correct that faith.