Slashdot Mirror
Do Car Safety Problems Come From Outer Space?
Hugh Pickens writes "As electronic devices are made to perform more and more functions on smaller circuit chips, the systems become more sensitive and vulnerable to corruption from single event upsets. This is especially true of Toyota, which has led the auto industry in its widespread inclusion of electronic controls in the manufacture of their various car models. 'These circuit families store not just data, but their basic function electrically,' says Lloyd W. Massengill, director of engineering at the Vanderbilt Institute for Space and Defense Electronics at Vanderbilt University. 'In the unfortunate event of a particle flipping just the right bit, a circuit configured to carry out a benign action may be reprogrammed to carry out some unintended action.' Denise Chow writes in Live Science that some scientists are pointing to cosmic ray radiation as a plausible mechanism behind the sudden, unexplained acceleration reported to have occurred with the late model Toyotas."
"As the design of automobile systems continues to evolve from mechanical to electronic controls, relying more and more on various circuitry and chips, these electronic components may be vulnerable to being confounded by high-energy radiation writes Chow. Federal regulators were prompted to look into the possible role that cosmic rays played in Toyota's product recall fiasco after an anonymous tipster suggested the design of Toyota's microprocessors, software and memory chips could make them more vulnerable (PDF) to interference from radiation compared with other automakers. 'What's not known is what direction Toyota and other automakers are taking in terms of finding and correcting these issues,' says senior researcher Ewart Blackmore."
Interference from radiation doesn't just come from outer space, it comes from cell phones, TV/radio stations, microwaves.... you see where this is going. I once worked in an office where there was a cell phone relay antenna too close to a PC, and we were constantly reinstalling the OS until I told them to move things around in the area.
Thing is, when Windows gets a corrupted OS... it BSODs and we move on. Single-bit errors shouldn't send the car out of control... there should be some checksum that shouldn't add up. When a fault is detected, it should go to a backup program about safely shutting down the car.
Since the biggest Toyota runaway story has turned out to be a problem exists between seat and pedals situation... is this all hype with no science behind it?
I bet they still use C for these kinds of things, how about something safer, such as Eiffel?
There's a reason that our entire modern world doesn't come crashing to a halt around us every 30 seconds. If every CPU was vulnerable to bit flips from random radiation, every part of your house would be on fire and arcing electricity. Times Square would look like the bridge of the 60s enterprise under attack.
This is just some douchebag professor trying to ride the tragedies to fame. There's a reason it's always hitting the same system in the car. It's because the system is defective. There's a reason the professor has nothing but speculation to back himself up.
This is the worst kind of charlatanry from someone who should know better. I hope his hosting school takes this very, very seriously.
StoneCypher is Full of BS
The most plausible explanation is radiation, not bugs in the device... Does this really come from a scientist?
Sounds a whole lot like the e-cache parity errors in the Sun UltraSPARC-II processors.
If you were never affected by that, consider yourself a lucky person.
particle-caused bitflips are very much real.
It's not out of the question, IBM noted in the 90s:
Extensive background radiation studies by IBM in the 1990s suggest that computers typically experience about one cosmic-ray-induced error per 256 megabytes of RAM per month. If so, a superstorm, with its unprecedented radiation fluxes, could cause widespread computer failures.
You have to fix this though. As a large manufacturer you have to accept this risk just like your competitors do. Airlines accept this risk and triple check their data because people's lives are at risk. As a car manufacturer, you are in the exact same position.
I hope the fix they already rolled out as a recall includes triple checking data or -- if the article is correct -- we won't see a drop in these horrible accidents. I hope for drivers and public safety that it does. It's led to death and possibly wrongful incarceration. Restitution is in order. Take testing motor vehicles seriously.
My work here is dung.
It's actually not our fault! Please drop the class-action lawsuit and in the future we will trot forth more gnomes and fairies to blame our problems on! Seriously, it's called testing - not a pass the blame game.
Whether you subscribe to Occam's razor, or just plain old common sense, rays from outer space are not Toyota's problem (though they may be the author's problem).
... but rays from outer space? Please.
/. had posted that in the last Toyota story they would have gotten a +5 Funny.
This type of thing is just plain bat shit crazy. There is a problem somewhere in Toyota's system somewhere. Either a software bug or bad chips or something real and tangible
If someone here on
Shouldn't there then be a well-insulated ROM copy in the car that can replace corrupt values with reasonable defaults from time to time, or a "Check Chips at Mechanic" light that, well, tells the driver to send the car with its chips to the mechanic?
--and bloody Hell, change that family name before your discoveries end up on Slashdot!
You can hold down the "B" button for continuous firing.
Airplanes use X-by-wire for a much longer time than cars. What's this anti-Toyota FUD all about?
The Avionics industry has been designing around neutron single event upset for decades now. Check out http://en.wikipedia.org/wiki/Single_event_upset (and the links) for details. There are also several reference to "neutron single event upset" when you do a web search.
Aliens saw cars consuming humans and made the sensible deduction that cars were the master race and at the top of the food chain. The radiation is an attempt to destroy the master race and save the pink apes from extinction. Next up is to stop the flying creatures that eat the apes through long feeding tubes. They seem to mostly gather in major cities in breeding areas with long black paths that help them take off and land.
The 1996 Camry had a mechanical throttle and ignition switch.
Even if his throttle got stuck open, which btw isn't as rare as you'd think, he had the old-style ignition switch to turn off his engine.
This would be a shame. It is very well known that the size of the chips influences their susceptibility to charged particles. I am sure the people estimating the reliability have numbers about that. And there is no reason to use hi density electronics for this purpose, besides saving 10cents.
So, if they start building shielded circuitry in cars, does that mean that those annoying EM pulse traps the police have been trying to deploy to shut down cars will no longer work? You know, the little things they throw out in the roadway with a couple wires sticking up that zap the underside of the car and shut it down...
No trespassing. Violators will be shot. Survivors will be shot again.
Yes the universal instruction in action "JFM" Jump and F*** Memory.
So what ?, embedded programmers have been dealing with this for years.
The minimum fix would be a hardware watchdog circuit.
Add to that defensive software - pack all unused memory with noops followed by jumps to a restart routine , if necessary make space in the code for those.
It's not - oh yeah sorry it *IS* rocket science folks - if Toyota were actually stupid enough to trust the processors to behave properly all the time then they are probably negligent. It wouldn't be a surprise - they've probably drunk the cool-aid and migrated to high level languages and believed the hardware manufacturers - but the problem and the solutions have been available for a loooong time.
This sounds more like a cop-out for Toyota's design practices than anything. If it's not reliable enough for the road, then don't sell it! (safety laws and all).
What's so wrong with simple and effective that good design philosophy gets thrown out in favor of industry buzzwords?
There are no perfect answers, only the right questions. More questions at http://foresightandhindsight.blogspot.com/
Actually, no, in case you missed the news! The only airplane manufacturer to use a "fly-by-wire" system is Airbus. Check the link because there was a huge uproar about that "by-wire" system when the Air France flight crashed because of a control/fly-by-wire system borked.
This is stupid as hell. If cosmic rays cause this, it would be a problem with other car makes.
Insert some appropriate joke here.
I want my Cowboyneal
Tonight on CBS, a very special episode of Everyone Loves Space Ray:
Space Ray: Hey, Deborah, did you hear what happened to my car?
Deborah: Don't worry about it, Space Ray, you didn't cause it this time (simulated audience laughter)
With a special guest appearance by Ace Frehley as "Just Another Confused Alien". Coming up right after "The Ghosts of Gilligan's Island"
Since the biggest Toyota runaway story has turned out to be a problem exists between seat and pedals situation..
Ignorant alien between seat and pedals. Toyotas were designed for humans to drive. 'nuff said.
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
Dr. Bruce Banner, pelted by gamma rays,
Turned into The Hulk, ain’t he unglamorous!
Wrecking the town with the power of a bull!
Ain’t no monster clown who is as lovable!
As ever-loving Hulk! Hulk! Hulk!
There should be all sorts of other flakiness if these types of errors are significant. Why would they lead to uncontrolled acceleration rather than, say, uncontrolled braking? The most error-prone piece of equipment in these machines is the human behind the wheel. They can do strange things like push the accelerator to the floor while thinking they are pushing the brake.
The part I don't get with all these cases is why the drivers don't put the transmission in neutral or pull the key out of the ignition. Although I can understand it for events that are brief, how do people drive along the highway at high speed for several minutes without thinking of that option?
Why not just have three ECUs instead of just one? Just link them up and apply some voting logic. Two of the three will provide the right answer. If all three disagree, a fail-safe goes into action and all three ECUs process data on the next round of sensory input.
Life is not for the lazy.
This is the excuse I used on my Computer Science professor for why I didn't have my assignment. It didn't work.
Almost ALL airplane manufacturers use fly-by-wire for at least something. You are only considering commercial airliners that are entirely fly-by-sire. Military aircraft have have fly-by-wire for decades before Airbus came along. Airbus is better-known as their implementation of fly-by-wire is particularly poor.
The single-event-upset is a well-known issue even in older-technology processors - EDAC and other strategies to combat it (like, 3-bit flags with voting) have been known solutions, also for decades.
Brett
Single-bit errors shouldn't send the car out of control... there should be some checksum that shouldn't add up.
What if the cosmic rays corrupted the checksum routine?
The mind boggles!
Car safety problems come from the jerk behind the wheel...
Who is programming his iPod, eating is lunch, fiddling with his Bluetooth earpiece while dialing his cellphone and booting his laptop to get the latest updates into his GPS... and so on.
In other words he is doing everything but "driving" which is ALL he should be doing.
Instead, the marketers have sold the public on the car-as-comfortable-living-room as a vehicle that should be as anti-brainworthy as possible.
Get rid of all the complicated systems. Reduce the machine to its simplest functions. Oh, and it probably wouldn't hurt to plug in some personal responsibility while unplugging all the extraneous crap.
The safest car I ever owned was my old MG. Why? Because I could feel the road and I knew that everyone was trying to kill me so I kept my guard up while driving it!
I had told many friends and family that adding computers to cars would eventually cause unexpected problems.Looks like I was right.
That's why I rebuild older cars and drive them instead of the newer ones.
No computers to go apeshit,Simpler to design & repair.AND NO ABILITY OF THE CORRUPT POLICE TO REMOTELY SHUT DOWN YOUR RIDE!!!
Insurance is much cheaper,too.
Geek Hillbilly
...... allow you to time travel (http://en.wikipedia.org/wiki/Repo_Man_%281984_film%29)! But the most sophisticated electronics in the Chevy Malibu were in its radio. Anyway, to stay on topic - Scientists need not to just point to cosmic radiation, they need to test this. What about pointing to the manufacturing process also!
The likelihood of a bit being flipped is already ludicrously small. The likelihood of a random bit-flipping causing anything but a nonfunctional car is also extraordinarily low; It is exceedingly unlikely that an event like this will flip just the right bit to cause a car to careen out of control. It seems that Toyota would have noticed an unusually high failure rate in general.
Oh, right. Hoods and bonnets. They already have those.
They should start making them out of lead, maybe?
No.
Next question.
cuz their shit don't stink!
or, the more reasonable explanation... Toyota just royally f'ed up!
We had a system quit working that had not been modified in years. Upon investigation the problem was found in a Perl script. The date on file was years in the past. The error was due to a change to a single character and the character was changed by one bit. Someone suggested that this was caused by an "Oh-My-God" particle interaction - who knows?
Der Spiegel sums it up quite nicely:
"The same cars exist around the world, but no accidents of this type have occurred anywhere outside of North America. There were also cases of stuck Toyota gas pedals in Germany. The drivers braked successfully, and notified their car dealerships. None of them met their deaths."
http://www.spiegel.de/international/business/0,1518,682417,00.html
FTFA:
Testing for the problem would involve putting vehicles in front of a particle accelerator and showering them with radiation.
In Soviet Russia, particle accelerate you!
If this were true then more electronics would go haywire at higher altitudes. They do not. I used to live in Leadville, CO and our computers (and cars) worked just fine. In fact, I'd say that a car receives more radiation from the trace amounts of Uranium in the asphalt than from the cosmos.
As long as I can remember people have been blaming cosmic rays for all sorts of unexplained problems. It's just a convenient scapegoat for shoddy workmanship because few people understand comic rays or even what radiation is for that matter.
Soft errors from Alpha particles are only induced in DRAM. They do not affect SRAM or FLASH, which is what most mission-critical controllers use. Those that don't use an EDAC to detect and correct single and sometimes multibit errors.
A couple of weeks ago I was at a red light when suddenly the car's interior lights and radio began to fluctuate, while this was happening I noticed that everything in sight was doing the same thing, other car's headlights, the apartments nearby and the gas station at the intersection
So, in the case of Toyota, these cosmic rays are very clever. They targeted cars in the US and not cars in Japan or other countries. How did the rays target selective areas of the planet? Did they choose highly litigious geographical areas?
I predict government grants will be spawned to finance new careers (and even a new federal agency) in Terrorist Cosmic Ray Detection and Analysis (TCRDA) to protect the US from these rogue rays.
they were trying to compete with the LHC but didn't have enough real estate, so they built a world wide detection network in their automobiles called the Large Vehicle Collider. Every time a vehicle has a sudden unattributed acceleration, it means it was hit by some sort of particle and an investigation could be begun on that controller. They just packaged the detectors in dual-function machinery. Way to go Toyota!
Toyota's software is still to blame because it failed to react properly to anomalies. If the software is written properly, the parts that are still working should be able to detect any anomaly and react accordingly. Toyota's software research managers need to read this: How to Construct 100% Bug-Free Software.
"I flip through my excuse calendar.
Electronic Disruption due to Cosmic Radiation.
Ah, this day is going to be fun."
Or something like that, anyway. :P
While working for Motorola, I worked on electronic throttle control (ETC). We spent a ton of time working to make the system "fail safe". I think we all had in the back of our minds that it was only a mater of time before we would have to testify as to our engineering decisions.
My little part of ETC involved adding a sub processor which watch-dogged the main micro. The little micro asked a series of questions of the main micro. Both processors would need to agree on all the inputs and output of the system. The little micro would also ask question regarding real time OS (RTOS) of the main micro. The main micro would need to have tasks executing in the right order to satisfy the small micro. Lastly, the small micro would ask the main micro to perform math operations to verify accuracy. Oh, and the main micro was continuously checksumming it's memory too.
Both micros had a direct hardware disable path to the H-bridge which was delivering power to the throttle plate. The throttle plate was spring loaded, so, with power cut, the throttle plate would snap to an idle position.
Next came the electro / magnetic compatibility testing (EMC). We spent months inside huge chambers testing both radiation and susceptibility. One of the tests for susceptibility involved using a zap gun to spark a 20kV spark on each pin of our ECU. Not satisfied with that, our customer opened one of our modules and used a sparking spark plug to slowly zap our board to failure. Bottom line, that throttle plate better never stick one way, or the other.
In the end, it always amazed me that the whole thing would work at all. Seemed to me that the system was always seconds away from going into some kind of fail safe mode.
No, a stray bit flip is not going to facilitate a run away car. Least not on my system!
So, what happened to physical redundancy, (or redundancy at all, even) for life- and mission-critical systems?
I don't buy this whole "Cosmic Ray" business, I think it's just a copout for shoddy programming.
I remember reading an article years ago. ionizing radiation is all around us, in low amounts. Naturally, small amounts of radioactive particles will make it into the epoxy and such surrounding ICs, and at some point it will decay.
From what I remember reading, it was inevitable, so they had to change the design of the [memory, I think] to make it resistant to occasional decay events.
I seem to recall the article being from the dawn of solid state memory, i.e. right after core. I'm thinking it was about DRAM, as SRAM is inherently harder to flip a bit in.
That said, all the oldschool car computers from the 80's generally had a 680x micro, with 256b or so of SRAM on board, and maybe 64k of program ROM - So it shouldn't be prone to problems.
Modern computers running.. whatever.. 68000's? x86? with globs of DRAM for infotainment stuff might be a little more prone to radiation flipping bits. I don't know.
I guess if they want to be hardass about it, they can use radhard RAM and ROM and a silicon-on-sapphire COSMAC [vomit] micro for the crucial driving bits, and a normal machine for the infotainment. This is the stuff they use (used?) in space.
Last I checked, Intersil still sold rad hardened 8086's and 1802's, at stupid prices - so presumably NASA and/or the army are still buying them.
Here's their rad hard 8086:
http://www.intersil.com/products/deviceinfo.asp?pn=HS-80C86RH
Apparently good to 100k rad dose - any humans nearby will be pushing daises a very long time before that.
Sent from my PDP-11
Just use the LHC with some extra magnets or mirrors or
something to shoot back at these cosmic dickweeds.
They might have a slight point if the stuck accelerator problem actually was caused a software problem.
But since the problem has been shown to be a floor mat, or, in some other cases, a faulty mechanical design, what does this article have to do with anything?
http://www.t10.org/ftp/t10/document.03/03-224r0.pdf Storage systems have standards in place where every data path is protected by CRC to ensure data integrity. Short of keeping cost low, there should be no reason not to implement something similar to automotive applications.
In the early '80's, it was discovered that a PC would hang on the average of about every three weeks due to the ionizing effect of cosmic rays here in Denver. BSOD every three weeks on computers doing nothing but waiting for a login, in other words. They figured out how to alter the design of the chips so that this is no longer a problem, even with much much smaller scales of construction with much less apparent area to dissipate the charge of ionizing radiation over. That is the reason the world does not come crashing to a halt every few minutes today: we have learned to design around the problems of ionizing radiation flipping bits in microprocessors. Given that Toyota has apparently pursued their own design practices which differ apparently from industry usual practice, it is not so absurd that cosmic rays could have an impact, and the nature of those problems would be pretty random. Given the effort that has been put into locating the source of the Toyota problems, you have to look beyond the "obvious" at this point, and this looks like a credible avenue to pursue.
Let's look at this from a personal injury attorneys perspective. Cosmic rays are made by God. God's richest representative here on Earth is the Catholic Church. Since the Catholic Church is the local distributor of "God's will" and that action caused harm to my client, I will sue the Holy See.
Profit!
* Carthago Delenda Est *
Its funny how dereferenced pointers can work so well without bugs, then you change something seemingly unrelated like another variable, and then it triggers craziness. I've learned my lessons with pointers and only use them when absolutely necessary.
God spoke to me.
Of course there can't be a bug in the 100 million lines of software we wrote, that's simply preposterous, it could never happen. There's nothing "spooky" or "mystical" about software, it's just boring old maths and numbers.
Thousands of people having the computers in a specific make and model of car all struck in an identical fasion by cosmic rays is far more likely than some so-called theorised "software bug". It's most likely thanks to the global warming monster overenergizing the cosmic rays and targeting them towards the green solutions for our planet.
Our solution involves a svelte and trendy tinfoil hat to be worn by all occupants of our green energy vehicles. This will stop the cosmic rays from being attracted to the groovy vibes of cosmic conciousness that emanate from all of you hippi-- err, Prius drivers.
My specialization is low-power processor architecture, and so I quite familiar with soft errors (single event upsets). As transistors have gotten smaller, and the voltage has gone down, the probability of a soft error has gone up significantly. And as a result, error correction techniques are making their way into more commodity hardware. For instance, all flash drives now use at least SECDED, but many use BCH codes (e.g. Reed-Solomon). Still, the reason that we're paying attention to these is not that they're an every-day problem, but that the probability has gone up to the point that mean time between failures (single bit) has gone down from years to months. In your video game console, this isn't a problem, but in banking software, we need to be extra specially careful. As you add more and more bits to your DRAM, the probability of one bit being flipped doesn't go up much, but the probably of one of that huge number of bits being flipped becomes significant. (Like how evolution happens faster when you have larger populations.)
That all being said, by far and away, the more likely thing is programmer error. I can't tell you how many times I've want to blame mysterious bugs on soft errors. But so far, I've always been able to find the source of the problem as being my mistake (or someone else's). More over, even if you don't have ECC protection, soft errors are STILL no excuse, because there should be failsafes and sanity checks. Moreover, this is also true about programmer errors. Every system you deploy will have bugs, so oftentimes, you write more code to sanity-check the results of some other code, and if they disagree, you fall back to something very conservative.
I remember one time, I was writing a driver for a graphics card, and we found that every time someone would turn on this huge CRT we had, the software would crash. Basically, the EMP from the monitor degaussing would interfere with the PCI bus or something inside the chip, and we'd get back incorrect values from status registers. So we "hardened" it by triple-reading certain status registers and making sure to choose the most conservative value. Learning from that, we put in various other protections as well, whatever we could think of. After that, we were able to degauss that monitor all we wanted, and we never even saw drawing errors.
Cosmic neutron caused soft errors are real, but they usually cause crashes, not some random action. If Toyota's systems were susceptible, we'd see hundred (thousands) ?) of failures for every unintended acceleration. That hasn't happened, so this theory is BS.
When I was working for NASA, on the NISN network, we'd get these weird router crashes for the old Cisco router located at (or very near) the South Pole in Antarctica. It was always a memory problem, and I'd always have to call someone to get them to powercycle the router. It irritated me to keep bothering those guys, so I opened a case with Cisco TAC.
The TAC guy sent a terse response, saying that particular crash was a "transient memory error" due to "alpha radiation or sun spots." That really pissed me off -- Cisco TAC just gave me a standard BOFH response! I escalated, and swung the NASA club around some, and finally got a senior engineer on the phone. "You said this router's at the South Pole, right? So that means it's at very high altitude, with very little ozone shielding, right?" "Umm, yeah." "Well there you go. There's a lot more radiation at that altitude than at sea level. Our stuff's only rated for sea level. See if they can .. I dunno, put a lead blanket over it or something."
I relayed the info to my contact at McMurdo, and he laughed and said he'd figure something out.
On a hunch, I checked the other two "high-altitude" routers we had, and sure enough, they both had a statistically higher failure rate for "transient memory errors".
http://unxmaal.com
Well, what was the cause then? A poster above had his anecdotal with bad shielding on some component, then getting hit with a tool booth rfid reader scan that triggered all sorts of wild action.
If it does turn out to be an actual real systemic electronic control problem with toyota..man...it might wipe them out, who knows. I've already seen on the TV their "reassuring" commercials about reliability, so you know it is having some effect so far.
And here's a real wildcard thought..maybe some people have built home brew car electronic disruptor devices, and it just effects toyotas more than other brands, and they are tooling around mashing the remote "screw with it" switch.
If by "car safety problems" you mean the driver in the car next to me who based on his lack of driving skills is obviously new to this planet, then yes.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Lloyd W. Massengill and his team are some among the best in this kind of work. They do a lot of work with the government. However, I thing that his point is just a ploy to get some more research money from the automotive industry.
You have violated my intergalactic copyright on that phrase!
This makes me angry, very angry indeed. As a result I shall now destroy Slashdot using my Illudium Pu-36 Explosive Space Modulator.
Prepare for a troll-shattering kaboom!
---
BTW, I really am Marvin, not just some out-of-work ACTA hired to play him.
Rather than repeat myself, i'll link to my comment on this matter.
Things in your environment such as radiation, and the behavior of your hardware under varying conditions, are just as significant and can cause issues just as readily as a defect in the code you write.
They could use ECC memory, perhaps, they do, but even that is not infallible.
You will need to reboot your car's computer every few days, to make sure it loads fresh code, eliminating any undetected multi-bit errors :)
Having worked in digital electronics for 30 years, I have seen some pretty strange ways to introduce noise into digital circuits:
1) Inadequate grounding - two circuits are communicating, but are grounded to two different ground planes. Over time they build up a potential difference, and the 5 volts necessary to form a "1" bit starts to look like 3 or 4 volts to the other side. The signal just "stops", until you power down and the charge bleeds off. It won't reoccur during short tests.
2) Static electricity. Cars develop thousands of volts in static electric potential from air friction, just like airplanes. You may laugh, but static can be devastating to digital circuits. It can make craters in chips and even when it doesn't destroy them it can flip bits undetected until they are accessed. I worked on one system that would reboot whenever my boss walked by and brushed against it wearing a wool suit jacket - true story.
3) Temperature sensitive dielectric in the capacitors. Capacitors are shielding the power lines on the bus from digital information - which behaves just like high frequency noise. The capacitors get hot from engine heat, the dielectric looses its resistance to electrons, the capacitors fail temporarily and allow digital noise onto the power lines which then bleeds into the circuits attached - causing random errors all over the place.
4) The antenna effect - circuits operating in the multi-hundred megahertz to gigahertz frequencies start to radiate from copper conductors on the circuit board - these signals can be picked up by other copper traces on the circuit board and cause "ghost" signals. It is often necessary to use micro-coax cable instead of etched copper traces to quell this problem.
Toyota should let their computer geeks go back to playing WoW, and give a couple of good high-frequency electrical engineers look a the problem.
I realise that I'm wasting my breath, but it is appalling how ignorant most SlashDot posters are when it comes to basic science.
For what it's worth:
Electromagnetic radiation (from cell phones, RFID, etc) is non-ionising. EM Interference (EMI) is well understood and manufactures go to enormous lengths to design out (and test for) EMI, especially with critical automotive systems.
Cosmic rays are in the completely different category of Ionizing radiation. This is also well understood, and is carefully considered in the design of critical systems (especially space craft, planes and military).
If Cosmic rays could seriously affect the relatively simple electronics in cars, then your (much more complex) desktop computer would be completely unusable.
I'm sure 18 people here can tell me without much effort the answer to this:
Are cosmic rays so high energy that they pass right through a steel car hood?
Or are the components in question placed somewhere in the car where they are not well shielded?
"I wanna go fast" Should have bought a Toyota...
A single bit flip is a nuisance, but usually there is error checking to prevent malfunctions. Overloading circuits with EM radiation will cause circuits to fail though. The cell phone will work nicely. Audi had a car that was 'Der Pride uf da Cherman Engineerink". "Za carr isht mechanically perrfekt" "Shtupit Amerigans don't know how to drrive za carr" They denied any problems, and later added interlocks to prevent people from setting the transmission from park to drive without first stepping on the brake. The problem was, that some people said the car would accelerate unexpectedly, and that (in the case of a man who accidently killed his wife in the garage because she was standing in front of the car when he changed gears). He claimed that the bruises on the bottoms of both feet were from him standing on the brake, and the bent (and thats not an easy thing to do) brake pedal showed that he was standing vary hard on the brake with both feet, and it would not stop the car. Later, a 60 Minutes(tm) news article showing an electrical engineer with a signal generator and a driver in an Audi 5000 on a test track. Everything worked without fail. Then they took the car to a very long (10 miles long) test section. The driver took the car to 30 miles per hour and then braked to a stop. He then took the car back to 30 miles per hour. The electrical engineer then turned on the signal generator (about the same size of signal as a cell phone). The car suddenly accelerated to over 130 miles per hour. The driver did not have his foot on either gas nor brake pedals, but tried braking ....and the car slowed down a little, but the brakes smelled like they were burning, and they couldn't get the car below 70 miles per hour. They shut the signal generator off, and stopped the car successfully. Cell phones were rare then. They are very common now. Automotive engineers have to study at least a little electrical engineering. At least learn what is a Faraday cage.
If a cosmic ray will fit, you must acquit !!!
Shakespeare poems - infinite monkeys with infinite time.Computer tech support - a few trained ones working from 9 to 5.
I'm sure there's a connection to Xenu in there.
10e-34 error rate overall, cosmic rays at earth's surface included
Assume we check 8 bits of acceleration data 20 times per second
Assume each car runs for 10000 hours
Assume there are on order of 100 million Toyotas in the US
Multiply all these together and you find that the odds of this happening even once are on the order of 10e-17
Cosmic ray radiation? Better get some radiation shielding shields!
At the bottom of the
should be a movie
"Car Safety Problems from Outer Space!"
Simplest explanation is the most likely: someone stuffed up.
Believing something doesn't make it true. Not believing something doesn't make it false.
My dad was an IBM CE (Customer Engineer) specialist on one of the models in the IBM System/360 mainframe range. He used to like telling the story about how he and another engineer were out on a customer's site trying to determine an intermittent fault. They would bring the machine up and sure enough there would be this glitch at precise intervals. They just couldn't figure out what was causing it. That was, until the other CE took a look out the window.
After a bit he said 'Tell me when it happens'. OK... '...now' my dad said. Then he said 'I'll tell you when the next one happens' and a few seconds later said '...now'. Which is exactly when it did glitch.
It turned out that the customer's DP center was situated close to an airport. The CE could see the radar dish revolve at the end of the runway. When it pointed straight at him was when the glitch occurred. Needless to say the computer room received some RF shielding.
A grue did it ... Better get out of the house before it gets dark ... it most likely will eat you.
More plausible than cosmic radiation you say ? That's correct! Blame grue's!
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
What's the problem, there are open source SEU tolerant CPUs you can use out there
http://www.gaisler.com/cms/index.php?option=com_content&task=section&id=4&Itemid=33
Leon FT, space grade, VHDL IP cores available.
I for one welcome our car controlling overlords
1. Prof testifies as an expert witness about stuck accelerators being caused by cosmic rays.
2. Idiot jurors buy his story and let Toyota off the hook.
3. Prof profits!!
I do it every time I stop at a red light. I put it back in D only when the light turns back to green. Saves a bit of gas and wear and tear in the whole car. What's the point in having to hold the brakes while the engine tries to pull the car forward?
Having heard all these stories really makes me wonder, i live in Belgium where cars with manual gear boxes are the common norm, and i've had my car accelerate like nuts once (pedal got stuck because of the floormat) i shifted to neutral, turned of the engine & used my momentum to get to the side of the road where i could dislodge the mat.
Are manual gearboxes that rare in the States?
Wrong analogy. Windows does crash a lot. It should be "It reminds me of Windows users who say Linux isn't ready for the desktop".
Funny, this is the first time I ever saw a computer analogy used to explain a car problem in Slashdot. But, come to think of it, this is a rather neat analogy. Toyota is blaming their problems on driver error, Microsoft says third-party drivers are the only cause of crashes in Windows ever since XP came out.
Both of these corporations are *wrong* at that, any system should be resistant to outside errors.
A computer shouldn't crash just because a hardware driver fails. I have seen several Linux computers freeze when running some graphics applications, ATI cards are particularly prone to this, but you can still enter through the network and kill the offending application or, at worse, restart the windowing system. The fault with Windows is not the third-party hardware driver, it's the windowing system being built into the operating system.
Likewise, a car shouldn't depend entirely on one computer system for operation. Brakes, even with anti-lock, should have a hydraulic system that should always be able to stop the wheels from turning if the driver presses hard enough on the pedal. The transmission should have a mechanical lever that puts it into neutral. Steering should be operable by mechanic links from the wheel if the power-assisted system fails.
All this because a broken mechanical link or a leaking hydraulic system can be seen, or heard, but a software bug will remain lurking there undetected until it kills you.
Ever hear of RohS compliance? Basically, a bunch of electronics companies around the world suddenly decided to "go green" and save us from lead poisoning by removing lead from their packaging. Ever wonder why?
Because they wanted to be able to sell their stuff in the EU?
We could simply replace some of the electronic drive-by-wire systems with traditional mechanical ones. There problem solved. Don't need any fancy electrical error checking and less complicated systems=easier to fix.
There is another factor here, beyond cosmic rays. The way circuits are produced has a statistical element. The doping process introduces interstitial atoms along the conductive paths, but the density has random fluctuations. Some circuits may be more marginal than others, and it may be hard to discover when some such density fluctuations sit in places where they have effects only in rather special circumstances.
There is no substitute for common sense. Especially, no body of rules will do.
In 1991, our general manager was fond of blaming "stray cosmic rays" for hard-to-reproduce bugs in our software. I never found a case where the bug was not reproducible but there were many when it took a lot of communication with the customer to tease out the necessary preconditions. (In one case it required having them ship one of their workstations to us and it turned out to be a lying graphics adapter that claimed it was a type with a known refresh rate when its refresh rate was different. Combine that with an overly ambitious developer who wrote his own graphics i/o code to improve performance and you get total system lockup.)
My guess is that there is a set of conditions that causes loss of significance resulting in division by nearly zero and producing a number large enough to be interpreted as "Floor it!".
This Massengill fellow sounds like a real douche.
Yes, cosmic rays and alpha particles can and do cause bits to flip. You might be able to argue that for a single isolated case. But for them to flip the right bit at the right time in multiple vechicles? Ain't gonna happen.
On the other hand, I've been in a car which experienced a sudden acceleration problem. In this case it was a '70s era Ford. We were sitting at a stop sign and the car lurched forward. The driver swore she was pressing the brake. Naturally, when this happened she pressed the brake harder, and the car lurched forward even faster! In fact, there was a direct correlation between pressing the "brake" and the car accelerating. Hmmm... Surely the driver, who'd had her license for a good 30 years or so, couldn't have made such a basic mistake. Mysteriously, when I was driving the car home (because she was pretty shaken by the incident) the problem had cleared itself up. I guess it had to be cosmic rays after all! Who knew they could physically pull a throttle linkage?
FWIW, '70s era Ford beats '90s era Toyota in crash testing.
Chelloveck
I give up on debugging. From now on, SIGSEGV is a feature.
The BSOD is not Windows' way of performing a checksum.
It IS your PC GOING OUT OF CONTROL!
I've found that when coasting down an ice-covered hill, I have better control in neutral than in drive. Admittedly, I've never shifted into N while driving at any significant speed, since I don't have a Toyota. :P
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
So a tin foil hat for my Prius should fix 'er right up?
What he really means is "What's not known to him". People in the industry have been dealing with randomness and various odd hardware failures for decades. This is being formally addressed in the upcoming ISO 26262 standard. So yes, this guy is writing pure speculation and someone is apparently publishing his unqualified babble - probably because he's got a PhD.
do we really fucking need this in our cars?
WTF, can we just not have a few critical systems untouched by code, its fucking overkill,
Be it on/off, throttle, shiting, braking and steering, leave it alone
Was sitting in my driveway and turned on my van. I didn't know it at the time but my brake booster was bad, and apparently it has something to do with the throttle, from vacuum lines and whatnot. As I shifted it, with my foot on the brakes of course, it slammed into full speed in reverse, I hit my T Bird parked behind it, and pushed it several feet before I got it stopped. Dang spooky.
If the problem is indeed cosmic ray induced mistakes then by far the easiest fix is a combination of error correcting codes applied to the RAM and registers and redundant coding in the processor. If the registers and RAM have say a detect 3 correct 2 ECC system built in then many of those cosmic ray induced errors will just be cleaned out by the ECC hardware. If you just have the computer run the same code 3 times, or even twice, and compare the results, you sill catch transient glitches in much of the code. And, you use watch dog timers to ensure that each part of the code terminates on time. The time for each task should either be a fixed value or should fall within a small range of values. That means that a watch dog timer can be used to detect serious anomalies and active alternate code paths or even a back up processor. Or, even take the computer out of the loop and send control inputs directly to the actuators. The cost of the extra hardware in the volumes used by car manufacturers would be very small. It may not cost anything at all. The cost of the extra code, using a software development methodology that included 100% review coverage of designs, and testing, with a full impact review for all design changes and bug fixes would almost certainly save them mega bucks over just the first few years. Compared to the cost of shutting down their assembly plants and what they are going to pay out fro wrongful death suits treating the code and computers as if they were life critical will cost so little that they will not even notice it on the balance sheet.
But, they have to give a damn first. Toyota is just starting to experience what Ford experienced with the Pinto. In the Toyota case it seems to be most of their models and it looks like they have been covering up the evidence for many years. I say that as the worried owner of a car that has not been recalled...yet.
Oh, yeah. I am really looking forward to what happens when US courts start issuing subpoenas for the source code, all the development documents, and all other records including emails that pertain to the code in those computers. That should be fun to see the records and the reports of the special masters tasked with reviewing the code. If they haven't followed accepted methods established by everyone else who writes life critical code the managers could face negligent homicide charges.
Stonewolf
Seriously, when I had first heard of electronically controlled throttle, braking, and steering systems in cars, each time I thought it was just a matter of time before one goes haywire and causes accidents. There's a place for computer control for things... This is simply not it. Owners of cars with traditional mechanical throttles and hydraulic braking system simply don't have anything like this to worry about and WON'T have to worry about it.
Steering is one place where computer control really terrifies me. As we've already seen, this type of system cannot be trusted with braking and throttle, so next we're going to see cars turning harder than the driver intended due to some "cosmic ray" caused glitch. That person, trying to merge into traffic will end up cutting hard across traffic, likely being killed in the process.
The what are they going to blame it on??? Terrans launching an EMP Shockwave from their floating Science Vessel???
Fifty watts per channel, baby cakes.
On a cross-country adventure
It got hit by cosmic rays
And the car was changed forever
In some most fantastic ways
No need to steer
It's here
Just call the Car
Fantastic Car
"Don't need OnStar."
"That's anticompetitive!"
Oh, the gas pedal's on elastic
The brakes just fade from sight
Johnny is The Human Torch
The pedestrians run with fright
From the Car
Fantastic Car
Fantastic Car
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
You know, it's not that hard to send all data in triplicate a few milliseconds apart and then error correct it using the odd man out gets ignored style. They're just too lazy to do it or too cheap to put in a processor 3x faster. It's not going to flip the same exact bit in two different streams of data at different times and if it did, it's probably enough radiation to melt you and your car.
Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
I've been driving and working on cars since before the bulk of them were born..heh. And I operate heavy equipment as well. I *think* I grok the diff between the pedals...
I have only seen a single news source doing stats on this and it pointed to the fact that the problem seems to discriminate by age even after accounting for age repartition among toyota owners.
It seems to me that seeing a simple review of accidents blamed on this correlated with age/country could easily disprove the whole thing unless it's a real problem. My gut tells me that somehow the problem would happen mostly to older people as 2 persons already demonstrated but also that it seems to happen mostly in the USA where the media is milking this story.
There's just a wee bit of difference between, at most, 5W of non-ionizing radiation transmitted by a mobile phone (which, at best, could transfer 50 millijoules to an IC), and the 50 Joules in a charged particle at near-relativistic speed. A cellular base station does transmit more effective radiated power but that's mostly due to the gain in the antenna array. Solution: Don't drive up the cellphone base station mast.
The Professor Irwin Corey of the Internet (Wikipedia) points to an article in Scientific American (2008-07-21), 'Solar Storms: Fast Facts' which declared "Studies by IBM in the 1990s suggest that computers typically experience about one cosmic-ray-induced error per 256 megabytes of RAM per month."
I won't compare Apples to Priuses directly, but three order of magnitude difference in energy between cosmic radiation and mobile phones should give a clue to the clueful.
There is nothing wrong with yr Internet. Do not attempt to adjust the picture. We are controlling the transmission - NSA
Well it seems that everyone is concentrating on the high tech while the problem could be lying in the lack of pre-testing or much shorter time for pre-testing.
when new car were designed 20 years, it used to 3-5 years with molding and all that.
There was enough time to test all the parts and accessories to go with that but now with superior cad tech, it takes 3-6 months to design a car so how much time is spent on testing all the parts and accessories?
well someone should look into this to see how much pre-tesing was with the gas pedals and we might have the answer for the problem!