Toyota Pedal Issue Highlights Move To Electronics 913
Posted
by
timothy
from the drive-by-wire dept.
from the drive-by-wire dept.
cyclocommuter writes with an excerpt from a brief WSJ story on increasing electronic control of car components: "The gas pedal system used Toyota Motor Co.'s recall crisis was born from a movement in the auto industry to rely more on electronics to carry out a vehicle's most critical functions. The intricacy of such systems, which replace hoses and hydraulic fluid with computer chips and electrical sensors, has been a focus as Toyota struggled to find the cause for sudden acceleration of vehicles that led the company to halt sales of eight models this week."
Moving too fast (Score:4, Interesting)
This is really a case of technology moving too fast for its own good.
The fundamental concept behind Japan's quality is kaizen. This is the constant improvement on existing techniques and technology. By starting with what works, it is simpler to build in very small steps without losing any quality along the way.
However, due to perceived pressures from non-Japanese automakers, companies like Toyota have begun bold initiatives to modernize their cars. The typical automotive embedded system is fairly simple (relatively speaking, of course). There are only a few inputs and only a few outputs and the systems are usually isolated from each other. However, as more features become desired, more interaction between isolated systems becomes a reality. The gas pedal used to only manage the amount of fuel fed to the injection valves. Nowadays it works in tandem with the brake system and suspension to manage tire slippage and traction control.
In this case, Toyota implemented a very complex system without a series of solid intermediate steps. The result is catastrophic failure when unforeseen interactions suddenly arise. If they were slowly adding features, they could immediately pinpoint the problematic interaction. However because they did it all at once they don't have any idea where the problem lies.
It makes me want to buy an American car.
Re:Drive By Wire not really the problem (Score:5, Interesting)
Before that, they claimed it was the floormat, even though at least one credible incident report was for a car where the floormats were removed.
Now they claim the pedal sticks down in spite of the reports including cases where the car takes off while at highway speed or while stopped. A sticky pedal cannot explain sudden acceleration, only a failure to stop accelerating.
They seem to be dodging the issue of the car refusing to shift into neutral while at speed even though restoring that simple bit of functionality would greatly improve safety. The controller should really take the hint and digore the accelerator at that point.
As a Chrysler owner I don't understand (Score:3, Interesting)
This kind of stuff is par for the course if you own a Chrysler. Last year my PT Cruiser decided to get stuck with the throttle about 1/3rd down. It was really fun to park that way (a terrifying sort of fun). Chryslers are famous for bursting into flames, having brakes fail for no reason (which is what the emergency brake is for), and numerous other problems that normal people would consider to be a safety hazard.
When my car got stuck, sure it was a little surprising at first, hard to slow down for the turn I already committed myself to (stood with my full weight on the brake) but after that I put it in neutral (it is an automatic, they have an N position) and when the motor started revving like crazy I just turned off my engine (careful to only click once so the steering wheel lock isn't activated), flipped on my hazard lights and coasted to a place where I could pull over conveniently.
What I don't understand is how I can figure this out, but a CHP officer kills his family in a 100mph crash from the same sort of problem? Yes, he got going that fast, without ever thinking about just turning the damn thing off. California's finest indeed, it's sad because the CHP are held up as experts in driving and safety.
If people aren't able to deduce what they are supposed to do in an emergency on their own in a timely matter, then we must make safety training mandatory for all drivers. It should go into what to do if your brakes don't work, accellerator gets stuck, car catches on fire, car rolls over and you're trapped, and the thousand other things that can happen to you in a car. And there should be a test, it should be a hard test, and you should get an insurance discount if you score over 90%. And you get the opportunity to retake it once a year, but your best score is good forever.
missing option Manual Transmission (Score:5, Interesting)
Back in my day, cars had a 3rd pedal on the floor called the clutch. If your throttle got stuck you could hit the clutch pedal and cut the power to the transmission.
Re:Safety Critical (Score:4, Interesting)
Re:As a Chrysler owner I don't understand (Score:5, Interesting)
What I don't understand is how I can figure this out, but a CHP officer kills his family in a 100mph crash from the same sort of problem? Yes, he got going that fast, without ever thinking about just turning the damn thing off.
Uh, these stupid push-button starter gadgets are designed to prevent you from accidentally turning them off because that would be 'dangerous'. In this case I believe you have to hold the button in for a few seconds to turn off the engine, and if you just got in the car and don't realise then you might well assume that the starter is broken too.
So as I understand it the problem was not just a hardware/software fault, but a hardware/software fault combined with user-unfriendly non-standard design which made the normal responses far more difficult than they should have been.
Toyota Gas Pedal Fix Clears Regulators (Score:2, Interesting)
However, a new angle to the problem recently surfaced, according to a report [nytimes.com] just issued by the "New York Times" on its blog. CTS, which manufactures the throttle pedal for Toyota, claims that "the slow-return pedal phenomenon, which may occur in extreme environmental conditions, should absolutely not be linked with any sudden, unintended acceleration incidents". In other words, though the pedal is defective, the defect did not cause the unintended acceleration. CTS claims that it did not manufacture the pedals in older Toyota vehicles that exhibited the same acceleration problem.
If CTS is telling the truth, then the actual problem may be the electronic throttle control, the so-called drive-by-wire system.
Re:Stupid summary, stupid story (Score:3, Interesting)
victims report out of control acceleration where even pressing the brake harder merely mades engine ECM increase engine power, and can't merely move selector to neutral either (have to press brake in their stupid design). Problem is clearly circuitry or software failure, nothing to do with their bullshit gas pedal or floor mat nonsense. And gas pedal now only controls air intake, the computer controls fuel, not your daddy's cable pulled throttle.
Why Software Is Bad and How to Fix it (Score:1, Interesting)
Software is bad because, unlike hardware, deterministic timing is not an inherent part of it. Computer programs are based on the Turing Computing Model. The TCM has nothing to say about timing other than the inherent sequentiality of operations. Read Why Software Is Bad and What We Can Do to Fix it [rebelscience.org] and How to Solve the Parallel Programming Crisis [blogspot.com] if you're interested in solving this crisis once and for all.
Our basic algorithmic computing model has not changed since Charles Babbage. It's time for the industry and academia to wake up. What is needed is a non-algorithmic, synchronous and reactive model. I hope the auto industry (and everybody else who writes software and build computers) takes this to heart because these problems are going to happen again and again. And the cost is going to skyrocket.
Re:Safety Critical (Score:2, Interesting)
It's remarkable that automobiles do not already have such buttons or switches. Virtually every piece of heavy machinery in the modern world has some kind of very visible emergency off switch.
Every modern motorcycle already has a fairly standard and universal ignition-off switch that will kill the engine. It is a big red switch, and always on the right handlebar. Virtually all of these motorcycles (that have electric starters) also happen to be push-button started.
ETC - not floormats. (Score:2, Interesting)
I have some computer experience as well as a bit of design and electrinics in the mix and one thing comes to mind as the real cause.
Drive by Wire.
Seriously, floor mats and other issues like that are just Toyota looking for an excuse when they know full well that the issue is something that can't be fixed without a major redesign next year. Ie - "It might be that if you place the mats just this way"(bunched up like only a moron would let happen) or "This servo might stick under the right conditions and enough wear"(despite the part being nowhere near its normal end of life)
The issue is drive by wire. Something's gone pear-shaped with their electronics and/or software that controls it and they're trying to find any excuse that might be the cause other than their design is unsafe. Blaming a servo or floor mats is just total BS and anyone with an ounce of technical skill would realize that servos and relays last for the better part of a decade.
The big give-away is the reports of the automatic cruise control malfunctioning. That's 100% software, folks. Something does wrong with the sensors and the software doesn't have a proper fail-safe mode programmed.
***this is from Wikipedia on Electronic Throttle Control***
There are two primary types of throttle position sensors: a potentiometer or a Hall Effect sensor (magnetic device). The potentiometer is a satisfactory way for non-critical applications such as volume control on a radio, but as it has a wiper contact rubbing against a resistance element, dirt and wear between the wiper and the resistor can cause erratic readings. The more reliable solution is the magnetic coupling that makes no physical contact, so will never be subject to failing by wear.
This is an insidious failure as it may not provide any symptoms until there is total failure. (edit by me - they're talking about the second type of sensor here- usually the potentiometer desgins give plenty of warning)
*****
Guess what type of sensors the Toyotas use? Guess what happens when they get confused and start to fail? The U.S. made parts may be defective or fail in 2-3 years instead of 8-10 like the Japanese parts, but the problem still remains. When(not if) the part breaks and needs replacement, expect it to cause the throttle to jam wide open.
There also is a note at the bottom of the article stating that ETC is currently suspected in the recent Toyota recalls but that Toyota is fiercely denying it. of course they are. This affects almost every Toyota and Lexus that they currently sell(and for the last couple of years as well). And it's not something that can be fixed without a major physical redesign.
Watch the next year or two's models switch back to a throttle cable. Then try to sell your drive-by-wire ones used. To anyone.
Re:missing option Manual Transmission (Score:3, Interesting)
Is Germany, only pussies drive automatic cars. And we laugh at them. They’re for people who can’t drive. :)
Really. Automatic cars are the exception here. And for good reasons.
Try playing Richard Burns Rally with automatic gear shifting, and you will see them.
Re:Safety Critical (Score:3, Interesting)
Of course, you can say the same thing about electronic interconnects, considering that they seem to work just peachy fine on semi trucks and airplanes.
Re:Safety Critical (Score:2, Interesting)
I know it's not real drifting in forward-wheel-drive cars, but anyway it works and highlights you can't stop a car using rear brakes.
Re:Safety Critical (Score:2, Interesting)
I know first-hand that you cannot turn the car off if the transmission is set to 'Drive'. It gets locked in the On position.
Go ahead and try it out in your driveway. I bet you can't do it.
Source: Saab 9-3 and an Oldsmobile Cutlass
Ford 'cruise control terror driver' excellent link (Score:5, Interesting)
This article (happened in Australia - linked related articles contain more information): http://www.abc.net.au/news/stories/2009/12/16/2773868.htm [abc.net.au]
describes a problem with a Ford Territory getting stuck with the cruise control actively trying to keep the vehicle at 100km/hr.
A couple of things to answer the 'this guy was idiot, I'm so clever it wouldn't have happened to me' crowd:
1. He couldn't turn off the ignition as the car won't let you do that if the car is moving.
2. He couldn't shift to neutral because the car wouldn't let him push the shift release button. (It was an automatic, so no clutch pedal.)
3. Pushing the brake wasn't helping enough to stop the car. (In the end it worked, but he had to jump on it with both feet all his adrenaline fuelled strength while pulling as hard as he could on the handbrake.)
4. The accelerator pedal only worked to speed him up, It wasn't a pedal 'sticking to the mat' issue, as the car was holding itself exactly to the speed of the cruise control.
5. The car was going too fast to just ram into a barrier or tree, etc.
6. The guy called Ford Australia (on his mobile phone), who couldn't help him and put him on hold. So then he called the police who, to their credit, cleared the road ahead and kept him calm enough to eventually get the car to stop. The total ordeal lasted 50 minutes.
7. The recording of the police call was released and played on the news and it was pretty obvious that both the guy and the police were doing everything to get the car to stop. This was not a situation where a quick two second phone call to a know-it-all Slashdotter would have solved the problem.
Anyway, I can't believe this news didn't make Slashdot when it happened a couple of months ago, as it contains considerably more information than the usual fare on this topic.
Re:As a Chrysler owner I don't understand (Score:3, Interesting)
Is that actually the case? Some other posts mentioned one incident with push button transmission control that allegedly stopped working when the ECU crashed. That would make shifting into neutral impossible if it was actually the case. I am far from familiar enough with the automobile in question, or vehicle regulations to know if you or the other person are mistaken, or if you both are correct and the car violates regulation.
My idea (Score:4, Interesting)
Re:Safety Critical (Score:3, Interesting)
Nope. In any decent car made in the last 20-30 years, the ECU has a built-in rev-limiter, so when you throw it in neutral, it'll simply rev up to the redline and bounce off of it until you turn the key off. There's no real danger of permanent engine damage, unless your car is some piece of crap where they didn't set the redline properly (or it's some piece of crap that has no obvious way of manually turning off the engine like some of these new keyless cars).
After this Toyota debacle, any thoughts I ever had of getting a new car have been completely quashed. I'll keep my manual-transmission, cable-actuated throttle, key-operated car, thank you. This push-to-start (with no "off" button), drive-by-wire stuff is bullshit.
And before some moron chimes in with something about modern $150-million jetliners being fly-by-wire, average cars do not cost $150 million and certainly don't have the level of redundancy (and proper engineering) that a 777 Dreamliner has.
This is pure speculation, but my gut says ECM (Score:5, Interesting)
This may well be speculative crap, but at least based on the anecdotal incidents I keep hearing about, this sounds like an ECM problem.
First Toyota blamed floor mats. That immediately causes consumers to think that the problem was the fault of idiot drivers, not Toyota itself. The typical person's reaction would rightfully be something along the lines of "duh, if you stack floormats under the accelerator, it's going to stick...this is not Toyota's fault".
Now Toyota blames the pedal. And the pedal manufacturer. Again a simple system that people understand...that can be labeled as obviously defective and replaced with something theoretically not defective, bringing about peace of mind.
Finally Toyota is going to "go the extra mile" and update the ECMs to cause pressing the brake to cut the throttle. I imagine this is an algorithmic (code) change to the ECM, not just new calibrations. Apparently Toyota uses a proprietary ECM that is not very "hackable". That is, it's very closed in comparison to items like those in GMs and VW/Audis where there are cottage industries of tinkerers who have decompiled the code, modified calibrations for performance and economy, and even modified the algorithms themselves. (You don't see things like VAGCOM or EFILive for Toyotas.)
Point being, if they update the ECM and it is all proprietary stuff and there's no easy way to diff it (or an adequate number of eyes to catch the difference) they can fix the problem and scapegoat the pedal manufacturer. And potentially leave a lot of dangerous vehicles on the road to save face.
The biggest hole I can find in this idea is where I'm getting my data. Random reports from people, a lot of whom seem to claim their vehicles accelerated from a stop. And of course it's all stuff reported by the popular news media. And of course a lot of folks who rear-ended someone in their Toyota are going to suggest anything other than their own actions being the cause.
But being a software developer, the more I hear about this, the more it stinks of software. An ECM has too many variables to simulate all possible conditions, so you must rely on the algorithms to work correctly. My gut says there's a tiny hole in there somewhere, where most users will never encounter it.
Re:Safety Critical (Score:3, Interesting)
Re:I design computer hardware and software... (Score:3, Interesting)
At least an Airbus is a $100 million dollar aircraft, so it's much more likely they did some decent design and testing, plus there's a lot of redundancy in those fly-by-wire aircraft. Your car, OTOH, is designed to be as CHEAP to manufacture as possible. There's no redundancy there.
Re:Safety Critical (Score:4, Interesting)
That's true; I was thinking of gas-engine cars. Diesels don't even have a throttle if I understand properly; the "gas pedal" directly controls how much fuel is injected, whereas in a gas engine, it opens the throttle plate, and the carburetor/EFI adds more fuel when more air is present.
Yeah, diesels don't have throttles. In a mechanically-regulated diesel, there's a governor. I forget what they are called, but it's like those things you see on old engines or in steampunk designs where the weights get thrown out by centripetal force and compress a spring; the more RPMs, the further the spring is depressed, until a point of stasis is reached. The pedal controls the spring position. The lever action caused by throwing out the weights controls fuel delivery. These governors are the origin of the phrase "balls out". Electronic diesels have a pedal position sensor and regulate fuel delivery electronically.
Re:My idea (Score:3, Interesting)
Re:Safety Critical (Score:3, Interesting)
Wrong. It's a design issue not an electronics issue. You do know that the ignition switch is electrical don't you. That when you put in your key and turn it, that's mechanical but to stop the car it cuts out an electrical signal that stops the car. The common knowledge just makes everybody know what to do with the key to have the car obey. Remove that standard and it doesn't matter what you replace it with, mechanical (key turn causes electrical disconnect) or electronics (mechanical buton press disconnects electrical) you still have to know how to use it. Ever accidently crank the engine while it's running? Mistakes with mechanical systems happen too even though they could have just as easily made it not able to crank while the engine is running. Design flaw. Same mentality. It's not the element of electricity and the methods (button or key) at which it is turned on and off. It's the user interface at which it is presented. Make it able to be broken or used incorrectly and it will be. Put that interface in between a car and person and you can kill people. Not specific to electrical. Specific to a more base misunderstanding of the goal. Same thing as when they replaced the plug and turn method of the mechanical key with a plug, push, and turn method in some cars. And then with the push in and turn to get the key out instead of a button. Confusing some people. Any progress that necessitates people changing what base muscle memory they have for habits like starting a car will have issues whenever it changes. No matter what the change. mechanical or electrical.
Re:Conflict of interest. (Score:2, Interesting)
According to this article, NHTSA did shutdown Toyota.
http://www.nytimes.com/2010/02/01/business/01toyota.html?pagewanted=3&hp [nytimes.com]
"Last week, the transportation secretary, Ray LaHood, said in an interview with a Chicago radio station that Toyota had halted production of recalled vehicles "because we asked them to."
Indeed, Toyota had to be told by regulators to shut down production and suspend sales of the cars and trucks in the latest recall until it had the parts necessary to fix them."
Re:This is pure speculation, but my gut says ECM (Score:3, Interesting)
This may well be speculative crap, but at least based on the anecdotal incidents I keep hearing about, this sounds like an ECM problem.
I, too, believe this to be so. Why? Because Toyota already tried once to distract the public from the real problem by proposing a silly 50-cent solution involving a clip to hold back the floor mat. Only problem was that this turned out not to be the problem. And so now, a 50-cent shim is the magic bullet?
In 1988, I had a GM Grand Am that stalled in the middle of the road. Towed the car home, pulled off the intake (it was a throttle-body injection system [TBI]), and tried to recreate the problem. After about the 10th try, the injectors fired, 100% duty cycle, and flooded the throttle body with fuel. The engine stalled. I traced the problem back to a broken circuit trace on the PCM that would open and close when the board was stressed.
I suspect, too, that Toyota is very hesitant to proclaim a multi-hundred dollar ECM problem on several million vehicles. Condensation on the accelerator assembly? Give me a break. If this was the case, it should be a simple matter of reaching your foot under the pedal and popping it free.
It will be very interesting to see what happens in the next few months...
Re:missing option Manual Transmission (Score:3, Interesting)
Is Germany, only pussies drive automatic cars. And we laugh at them. They’re for people who can’t drive.
Really. Automatic cars are the exception here. And for good reasons.
Same thing back in Russia, and, as one of the "pussies", I must say that I'm really glad that there's none of this bullshit here in North America. AT is one of the key major advances in automobile tech in the last century; to dismiss it as "unmanly" is beyond stupid, and bordering on luddism.
My car is a tool for getting me from point A to point B with maximum comfort and minimum hassle, not some kind of a statement on how much of a macho I am.
I own a Camry 2009 - I too suspect it is the ECM (Score:5, Interesting)