Intermittent Electrical Contact Resistance as a Contributory Factor in the Loss of Automobile Speed Control Functional Integrity
Video copyright Jerry Francel Nov. 16th 2012: Terror in our Toyota! Sure looks like the Electronic Throttle Control got stuck, huh? Another case of “UNINTENDED ACCELERATION?” My wife was only able to control the car with the PRNDL – 3 teenage girls in the car with her and just pulling into a neighbor’s driveway to pick-up during carpool! This could happen to you! The car was totalled, the home has sever damage, and a car inside the home was totaled out and another damaged. Toyota’s response: “…no evidence of any sort of manufacturing or design defect…” You look at this video and decide for yourself!
ANTONY F. ANDERSON, (Member, IEEE) Independent Electrical Engineering Consultant, Newcastle-upon-Tyne NE3 4XY, U.K. (e-mail: firstname.lastname@example.org).
For three decades, sudden acceleration (SA) incidents have been reported, where automobiles accelerate without warning. These incidents are often diagnosed as no fault found. Investigators, who follow the line of diagnostic reasoning from the 1989 National Highway Trafc Safety Administration (NHTSA) SA report, tend to conclude that SAs are caused by driver pedal error. This paper reviews the diagnostic process in the NHTSA report and nds that: 1) it assumes that an intermittent electronic malfunction should be reproducible either through in-vehicle or laboratory bench tests without saying why and 2) the consequence of this assumption, for which there appears to be no forensic precedent, is to recategorize possible intermittent electronic failures as proven to be nonelectronic. Showing that the supposedly inescapable conclusions of the NHTSA report concerning electronic malfunctions are without foundation opens the way for this paper to discuss electronic intermittency as a potential factor in SA incidents. It then reports a simple practical experiment that shows how mechanically induced electrical contact intermittencies can generate false speed signals that an automobile speed control system may accept as true and that do not trigger any diagnostic fault codes. Since the generation of accurate speed signals is essential for the proper functioning of a number of other automobile safety-critical control systems, the apparent ease with which false speed signals can be generated by vibration of a poor electrical contact is obviously a matter of general concern. Various ways of reducing the likelihood of SAs are discussed, including electrical contact improvements to reduce the likelihood of generating false speed signals, improved battery maintenance, and the incorporation of an independent fail-safe that reduces engine power in an emergency, such as a kill switch.
18 injured when car rams through wall of Fort Myers church
FORT MYERS, FL –
An Easter Sunday service at a Fort Myers church was violently interrupted when a driver slammed their car into the building, injuring 18 – including some who were trapped under the vehicle.
It happened just before 8 p.m. at Second Haitian Baptist Church on Central Avenue.
As of Monday evening, 11 of the injured had been treated and released. Those still in the hospital were listed in either fair or good condition.
Police say the driver, 31-year-old Marie Masson of Fort Myers, told them she drove her Lexus into the parking lot and the brakes failed. The car then plowed into the building, which was holding 200 people at the time.
Pastor Desmours Leontes was feet away when the car plowed through the front of his church before a concert.
“A short ‘BOOM!'” Leontes described.
“I opened the door and tried to help the people pull the car off the people. They say go outside so I went and sat on a curb,” Masson said.
Thirteen-year-old Kimberly Cherilus was injured when the car hit the pew she was in. She snapped some photos before the incident, and said the service is one she usually looks forward to.
“We usually do an Easter concert for the choir,” the teen said.
She suffered a broken nose when she says either the pew, or something off the car, hit her in the face – but she was able to walk away.
“People were screaming, people were going crazy. We thought it was the end of the world. For a second, I thought I was dying,” the Cypress Lake seventh grader said.
In the chaos, her older brother couldn’t find her.
“I was just trying to find my mom and my little sister. It was pretty scary,” Kevin Antoine said.
Cherilus’ grandmother was pinned underneath the car. She suffered a number of injuries, but is expected to make a full recovery.
Witnesses used jacks and brute force to lift the vehicle off the victims, police said.
Three children were among the injured, including Masson’s child, who was in the car with her.
“I’ve got a shirt, it has so much blood from so many people I tried to help,” the pastor said.
The victims were taken to three different area hospitals.
Cherilus’ family knows the night could have played out much differently. And while it’s not the Easter they had hoped for, it’s probably the most meaningful – because they say they all learned just how precious life really is.
“That’s what I would call it, an ‘Easter miracle,’ because no one died. Everyone was ok. God was watching over them the entire time,” said family friend Jonathan Danger.
“I don’t really know what’s going to happen next because tomorrow isn’t promised,” Cherilus said.
The teen says that while she won’t stop going to church, she may think twice about where she sits.
Meanwhile, Masson spent Monday apologizing to church members and asking that they pray for the victims.
Police are still investigating the incident.
Unintended acceleration and other embedded software bugs
March 30, 2011
Despite the redactions, we can still learn some interesting facts about Toyota’s embedded software and NASA’s technical review of the same.
Last month, the National Highway Traffic Safety Administration (NHTSA) and the NASA Engineering and Safety Center (NESC) published reports of their joint investigation into the causes of unintended acceleration in Toyota vehicles. NASA’s multidisciplinary NESC technical team was asked, by Congress, to assist NHTSA by performing a review of Toyota’s electronic throttle control and the associated embedded software. In a carefully-worded concluding statement, NASA stated that it “found no electronic flaws in Toyota vehicles capable of producing the large throttle openings required to create dangerous high-speed unintended acceleration incidents.” (The official reports and a number of supporting files are available for download at www.nhtsa.gov/UA.)
The first thing you will notice if you join me in trying to judge the technical issues for yourself are the redactions: pages and pages of them. In parts and entirely for unexplained reasons, this report on automotive electronics reads like the public version of a CIA training manual. I’ve observed that approximately 193 of the 1,061 pages released so far feature some level of redaction (via black boxes, which obscure from a single number, word, or phrase to a full table, page, or section). The redactions are at their worst in NASA’s Appendix A, which describes NASA’s review of Toyota’s embedded software in detail.1 More than half of all the pages with redactions (including the vast majority of fully redacted tables, pages, and sections) are in that Appendix.
Toyota Underestimated ‘Deadly’ Risks
EE Live! keynoter calls for stronger oversight
SAN JOSE — A software expert whose testimony led to a guilty verdict against Toyota Motors in one of a series of runaway acceleration accidents said Tuesday that the best assurance for preventing similar “deadly” outbreaks must be stronger, smarter oversight by federal regulators.
Michael Barr, co-founder and CTO of the Barr Group, told an audience of embedded system engineers at the EE Live! conference here that as automobile manufacturers have pushed each other into a race to fit cars with complex electronic control systems, watchdogs at the National Highway Traffic Safety Administration (NHTSA) have failed to keep pace. Lacking a team of experienced experts to test and monitor today’s flood of automotive software designs, NHTSA is failing in its mission to oversee “safety-critical systems.”
Despite assurances by companies like Toyota that their software undergoes rigorous testing, said Barr, the rush to get cars on the road means that “You, the users, have been testing the software.”
In some cases, like that of Jean Bookout, who was seriously injured when her 2005 Toyota Camry accelerated unintentionally, that sort of ad hoc consumer testing can result in catastrophe. A passenger in the Bookout car, Barbara Schwarz, was killed. After Barr testified at length for the plaintiffs — in the only software-focused Toyota case that has been tried — an Oklahoma City jury agreed to award $3 million to Ms. Bookout and to Ms. Schwarz’s family.
Commitment to a culture of safety
Although insisting on tighter NHTSA regulation, Barr did not absolve carmakers, whose current passion has been described as turning every new car model into a giant, apps-loaded smartphone.
Barr said that Toyota, and by implication other auto companies eager to load their products with electronic controls, lack a “mature design process, done right, documented, and peer reviewed.”
He called for carmakers — regardless of the government’s role — to adopt a “company culture and an engineering culture of wanting to know what can go wrong, and wanting to fix what can go wrong, from the outset,” rather than after-the-fact with apologies and million-dollar settlements.
Since the problem of “unintended acceleration” in Toyotas burst into headlines after a ghastly California crash that killed Mark Saylor, a 19-year California Highway Patrol veteran, and three family members, Toyota has recalled millions of cars and paid billions in penalties and settlements. Among these was a $1.2 billion criminal fine imposed last month by the Department of Justice — for lying to government regulators.
Using an exhaustive 56-slide PowerPoint presentation and citing his 18 months examining Toyota’s automotive software “source code,” Barr convinced the Oklahoma jury that Toyota had deployed dangerously flawed software in its cars. Despite Barr’s findings, Toyota continues to claim that all its unintended acceleration problems were mechanical, the result of misplaced floor mats and “sticky” gas pedals.
Neither NHTSA, with its absence of software expertise, nor the NASA Engineering and Safety Center — to which NHTSA turned to study the Toyota problem — were able to pinpoint a software cause for unintended acceleration. Nor were they able to rule out the possibility.
The NASA researchers, who were both on a deadline and not allowed to study Toyota’s source code, simply ran out of time, noted Barr.
Under court order, a team from the Barr Group was allowed into a specially built “code room” provided by Toyota. They were able to pinpoint at least one anomaly that could have caused Toyota accelerators to build up speed while disabling the brake system. Barr also found numerous Toyota violations of software design standards. Toyota, in many instances, even broke its own rules for safe design and system redundancy.
Patriot missiles, Therac-25, and others that failed
Many of these rules, and Toyota’s subsequent actions, were either buried in corporate secrecy or covered over by corporate denial. “The answer is not to say it can’t be the software, stick our heads in the sand,” said Barr. If companies like Toyota examined themselves more rigorously, he added, and allowed “less code confidentiality,” they wouldn’t require as much regulatory scrutiny.
Barr cited past cases of “safety-critical systems” that failed but then were corrected when regulators stepped up their intensity and capabilities. After a series of radiation overexposures — including two fatalities — caused by a software glitch in a radiotherapy machine called the Therac-25, the Food and Drug Administration created an in-house team of software engineers to review every electronic medical device before its approval for use on patients.
In the case of the Therac-25, in the case of a software-misguided Patriot missile that killed 28 US troops during the Gulf war, and in Toyota’s case, the companies responsible have invariably issued assurances about their exhaustive testing and cited “no other instances of similar damage.”
Such assurances disregard the bugs that exist in every complicated system and the harm they can cause. “If you are overconfident of your software in a safety-critical system, that could be deadly,” said Barr.