Edmunds dealer partner, Bayway Leasing, is now offering transparent lease deals via these forums. Click here to see the latest vehicles!
Unintended Acceleration - Find the Cause
Every car company has received complaints from consumers relating to vehicles that suffered unintended acceleration. Many incidents are not fully addressed by recalls. NHTSA is responding to the challenge with more of what they have already done: additional investigations.
Isn’t it time to try a different approach? We at Edmunds.com think so.
Isn’t it time to try a different approach? We at Edmunds.com think so.
Tagged:
0
Comments
And the rest of the story ....
Auto Web site Edmunds offers $1 million for cause of runaway Toyotas (Washington Post)
Here's the official press release from Edmunds.
Me thinks you'll be hearing from Dr.Gilbert very soon.
For that kind of dough, I may go out and buy a Corolla and do it myself.
Let's start with a very simple control in every electronics, the volume control. In the old products, the volume control is a simple potentiometer. If you turn it slowly, you can change volume in indefinitely small steps (fine adjustment). If you turn it really fast, you can bring the volume from min to max in one revolution and in less than half a second. That's the beauty of analog (mechanical) controls.
Now let's see how a digital volume control works. The volume knob turns a digital encoder which has certain contacts at certain position. Let's say the encoder has 8 contact positions in a revolution (at 12, 1:30, 3, 4:30, 6, 7:30, 9, 10:30 o'clock position). The CPU would check periodically where the current contact position is and compare with the past position to determine which direction the volume knob is turning and how many steps; the CPU would change volume accordingly.
You can see two major problems of digital volume already:
1) Fine adjustment vs. fast change: if you want to make very fine changes in volume, say 8000 steps from min to max. Then the knob needs to be turned 1000 revolutions for that! If you want to make less total turns to one revolution like the analog volume, then you only have 8 steps!
2) Rotation direction and speed detection: let's say the CPU checks the encoder position 4 times a second (CPU needs to multi-tasking with many controls). The 1st time the CPU found the contact is at 12 o'clock; 2nd time is at 9 o'clock. Then the CPU assumes the volume is turned down by 2 clicks. But the user may have turned the knob up (clockwise) very fast from 12 o'clock to 9 o'clock between the 1/4 second CPU checks the encoder! You can see that the CPU could easily and totally miss-interprets the user action in the opposite way and wrong number of steps!
These are the 2 exact challenges when designing the car's pedal, steering and brake into digital (electronics) controls.
Camry unintended acceleration is probably due to the CPU miss-interpret the driver pedal action in the wrong direction.
Prius brake hesitation is probably due to the CPU not checking the brake encoder (sensor) fast enough.
Corolla steering problem is probably due to not enough fine steps in the steering encoder (sensor).
I challenge Toyota engineers to post their solution to the problems I listed above in their car design.
But think how bad the resale value is likely to be on a toyota now. :P
2014 Malibu 2LT, 2015 Cruze 2LT,
And if the potentiometer jams on high, you get unintended acceleration "really fast."
In the good old days, a relatively common complaint was a "flat spot" in the accelerator. Drive by wire can avoid that issue. A mechanic device can kink or break or have an object dislodge and jam the throttle cable. So there's cons to heading back in that direction too.
Personally I would start by adding voltage "snubber" devices to the various inductive devices, A/C clutch, transaxle solenoids, DC motors, etc. I would also provide SOLID ground/supply wires directly from the battery post to the engine/transaxle control module, fused directly at the battery.
However I think the root cause issues are substantially more complex than you have described and involve both race-conditions (software bugs relating to unexpected timing of separate processes) and multiple simultaneous electronic failures or "glitches".
That is, I don't think the problem occurs due to "single point of failure" of either software or hardware, else we would be seeing way more catastrophic failures, and failures that were easily repeatable.
Instead I think the catastrophic failures are something like a "cascade" of worst-case/corner-case race-conditions.
That professor dude seems to be demonstrating this empirically.
BTW, I think Toyota engineers are doing (and redoing) the exact same kind of tests and that they are diligent, skilled, and ethical engineers.
1. Fine adjustment vs fast change.
Check you PC mouse setup. You can have it set for very fine resolution AND fast change. The more distance you move the cursor the more rapid the cursor accelerates....
2. Rotational encoders, optical and mechanical, ALWAYS have two outputs, 90 degrees in phase separation, so direction of rotation can be discerned..
Proper hardware and software design is almost magical.
The gas pedal sensors are not "encoders" in your sense of the word, but hall effect position sensors. The two sensor outputs are intentionally displaced in voltage output by ~0.80 volts but otherwise track each other linearly as the pedal moves from idle to full depression. So it is not possible for the firmware, correctly written firmware, to miss-interpret the gas pedal position.
In the 1st point, yes, I checked the mouse, both mechanical and optical. In the mechanical mouse, the movement in each axle is sensed by a small bar which drives a wheel with many holes. The optical sensor would read the hole counts. The resolution for one rotation is a fixed number (say 16); so no matter how you set it up, there's only 16 steps in one resolution. When you make the mouse faster, each step just jumps a bigger distance. The optical mouse works with the fixed amount of steps as well. The ball has many small dots which reflect lights. Again, fixed number of steps. You won't get more total steps no matter what you do.
In the 2nd point, I do not agree that the encoder ALWAYS have 2 outputs. I designed hundreds of products with the encoders of 1 output.
I'm not an auto engineer so I do not know if they use hall sensor in car design. If they do, there could be even bigger problems because Hall sensor is very sensitive to the EMI interferences.
When potentiometer jams, it jams. When a digital pedal jams, it also jams. Toyota already discovered that. We are trying to find the cause by electronics beyond the mechanical jam.
Only an encoder that has constant motion, does not reverse direction, or direction is of no interest, can be viable with a single output. ABS wheel speed sensors come immediately to mind.
VSC stearing wheel rotational position sensors CANNOT be subject to failures that would undoubtedly result from a single output encoder.
Are you saying that a good encoder should have 2 outputs or you know for sure Toyota uses ones with 2 outputs? The 1 output encoder is widely used in volume control which is a bi-directional device.
The only difference is that my "delay" occurs before that gas pedal depression whereas with the automatic the delay occurs after.
"..The manual transmission never has such hesitation.."
Yes, it does, EVERY time.
The rotary encoder in the stearing wheel of my '01 F/awd RX300 is most definity dual phase.
I'm also quite sure the volume, tuning, cabin temperature setting controls are also dual phase outputs. I will check tomorrow to see.
Think of a swinging door, opens inward or outward. Start out with door closed, no sunlight, and now we open it to sunlight...
Did it swing inward or outward...??
All the single sensor "knows" is that the signal went from dark to light.
And by the by the hesitation you feel, the historical 1-2 second downshift delay/hesitation, is a "fix" for the design flaw incorporated in the U160E/F transaxle during the initial design phase back in ~97-98.
The scenario you describe with rotary encoding is very common and basically precludes this configuration from being used in this type of application.
Generally, the PCM will expect a TPS voltage range between X and Y where 0 < X < Y < Vmax - let's say X = 1.0V, Y = 4.5V, and Vmax = 5V. Any failure of the TPS should either go open-circuit (which should have the appropriate circuitry to pull this down to 0V), or Vmax. Any of these failure conditions should log a TPS range fault in the PCM and the PCM will drive the throttle to 0% output.
The only way the TPS could be at fault would be if it somehow failed AND maintaned an a healthy output voltage. Possible? Can't say without intimate knowledge of the electronics, but certainly cannot be ruled out.
- they come from the factory without cruise control option. If you install the one from a Renault Megane II , on a Logan powered by a 1.5 dCi 85bhp diesel engine, around 90km/h almost 100% of times, you will get this acceleration thing, with cruise control enabled. Well, the reason for this, is the air friction force, wich is stopping the vehicle. The sensor detects a slight and constant decrease in speed, and tells the computer to give it more gas to compensate. But it keeps accelerating untill you disable it.
- 2nd common issue, is that when you are cruising at say 60 - 70 km/h , and you get just a small gust of wind from the front, again, the vehicle is accelerating past the set speed of the cruise control.
So, in my case, I blame the cruise control thingy for the unintended acceleration. Maybe this is the same reason for the cars affected by it, in this article.
What's really strange is that these diesel engine Logan's have drive by wire acceleration, and they don't have issues like these other cars, wich are way more expensive and "intelligent". A Logan is around 8000Euro's...
PS: Please excuse my bad english, I am not a native english speaker.
The rules, which will be announced shortly, will challenge participants to demonstrate in a controlled environment a repeatable factor that will cause an unmodified new vehicle to accelerate suddenly and unexpectedly.
This basically means a test lab or similar setup with monitoring and so on. But the problem is likely to be a worn part somewhere which can't BE reliably tested for unless one can get their hands on pretty much an entire car that has had the problem(and survived intact, plus hasn't been "fixed" or altered by Toyota).
So even if I knew the cause, which I have my own theory about, as do most of us here, there's no practical way to claim the prize unless we have a lot of free time and money to buy a known defective vehicle and do repeated testing without destroying the car in the process (chain it down to a dyno or something - who has the ability to rig up something like that?)
There should be part of the prize for the first person to figure out the cause and post it here even if they can't prove it themselves. We'll know the cause in a year or less, most likely, and it would be easy enough to verify.(It's likely to be already discussed or will be in the next two weeks)
BTW - Here's my post from Jan 28 about it and my theory. GM(as an example) normally uses potentiometers instead of Hall Effect sensors. Potentiometers tend to exhibit noticeable signs when they are wearing out. Hall Effect sensors have hardly any warning.
http://townhall-talk.edmunds.com/direct/view/.f1fa877/86!keywords=allin%3Amsgtex- - - - - - - - - t%20date%3A3m%20throttle%20plekto#MSG86
Here is an article that sheds light on this as well:
http://www.thetruthaboutcars.com/exclusive-ttac-takes-apart-both-toyota-gas-peda- - - - - - - - ls/
This is from Jan 30, two days after my post.
The Toyota parts in question use a Hall Effect type sensor(the above article mentions "magnet" multiple times). When it fails, the sensor reads either 0 or 100 depending upon how it is wired into the rest of the system. This isn't an easy to fix problem since it requires a total redesign of the cars in question back to either a potentiometer(less accurate, more prone to wear and dirt, but still minimally functional when worn) design or a normal throttle cable. The article above, though, like every one that I could find online - at least before my Jan 28 post, (and most since) don't target the TYPE of sensor as the potential problem - just the manufacturing differences.
In a nutshell: It's the use of magnets and Hall Effect sensors that is causing the problems in the entire industry.
EDIT - potentiometers also fail(and can also cause full-throttle acceleration), but give more warning as a rule and complaints tend to be along the lines of "the throttle surges" or "it won't maintain a constant speed" as opposed to "what just happened?". One gets repaired and the other bites you without warning.
I gave it some thinking... a more powerful car (mine it's only 85bhp) suddenly accelerating towards a 90 degrees corner (left, right, doesn't matter) would give some intense sensations. BAD sensations. :sick:
you would see that the 'reaction-time' and other times measured indicate the opposite of what you are saying about manual vs automatic, agreeing with wwest on that point. for reasons other than 'lag time', usually the dragracers prefer the automatics.
i'm not aware of anyone dragracing any recent toyota but hey, it could have happened somewhere - maybe Prius does reduce the measured reaction time compared to other slow and lousy-handling cars.
but i'll disagree on another wwest point:
the hall effect sensor can certainly malfunction such as via its connections/wiring, so i disagree with the idea that it is impossible for a computer to misread a hall effect sensor. and it's certainly possible for someone one to write software that misreads a hall effect sensor reading, or that has any arbitrary bug.
BTW, GM's method of dealing with faulty potentiometers is to notice that the impedance is missing or jumping around and it triggers the famous "limp home" mode almost all of the time. A Hall Effect sensor won't be able to tell unless it's a very sophisticated design and the programming is as well. The issue is in a nutshell what happens when the system thinks the magnet went missing/disappeared or got physically stuck.(note a potentiometer will almost never physically get stuck all of a sudden, either, barring enormous abuse or again, some warning)
EDIT - as further evidence(since it's getting late here and I need *some sleep), consider what happens if we were to replace the Hall Effect sensor in the TPS unit with a potentiometer. The type and manner in which it would fail would be different. The end result would be few if any crashes.
That logically points to the underlying technology itself as the root cause. Not how it's interpreted or being dealt with(even IF the software is part of the problem). One will fail suddenly and without any warning and the other type of sensor almost never does. (or certainly far far less often does it fail suddenly and without any warning beforehand)
To bring it around to cars(since we're all gear-heads here
First the vehicle has to be "new." If you've owned it, it's no longer new.
Second the "unmodified." To be able to test and effect the problem, some modification may be needed. A vehicle that has the problem that's a year or more old may not have had modifications in the problem area made to it when built, without fanfare by toyota, and is a better testbed for finding one or more of the causes for unintended runaway acceleration.
2014 Malibu 2LT, 2015 Cruze 2LT,
* Alcohol
* Old age
* Not paying attention
* Excuse to get out of accident
* Floor mat
* Kids toys
* Leg cramps after exercise
* Bad feedback from sensor
A simple safety measure could be that if a user tries to brake while the car is accelerating that the brake overrides the accelerator. This should not be the result of the normal accelerator brake processing in the emu. Instead something physical via a seperate control channel, such as gas flow into pistons progressively reduced the longer / harder that the brakes are applied.
An additional measure, if the car notices that it's not slowing down after a few seconds of brakes applied then that's a strong indication that there's a major safety problem and engine power output should be progressively reduced. Again this should be implemented on a seperate control channel to normal braking / acceleration processing
Downside is reduced driving experience for people who want to build up revs while braking, but the upside is that braking will always slow down the car even if the accelerator is floored
Auto makers are supposed to test their cars to make sure EMI/RF isn’t a problem, but who knows if something slipped through the cracks, and who knows what kind of tests dot they perform.
Either having a raised platform under the gas pedal so you could avoid getting it stuck under the floor mat. I have seen that in a few models I suppose that is why it is there, but every auto maker should take that precaution.
Also with electronics if the car is under heavy breaking while the car is unattended acceleration the car should shift into neutral to avoid any power getting to the wheels. Then you could safely come to a stop and with todays engines and rev limiters the engines should be fine if they are stuck revving in neutral.
1. Stupidity
2. Panic
3. Big feet
2013 LX 570 2016 LS 460
Though the technology was patented by KG Schneider-Senator GmbH in the early 1960's for use in guillotine paper and textile machines to assure Absolute Safety for the User, it clearly has an application here:
Two sensors (of any variety) are applied simultaneously to pedal travel, one measures "On" (in graduations) and the other measures "Off" in opposition. They are then both measured in a "Comparison Circuit" which specifies in milliseconds the "Reaction Time" for both sensors, and any deviation beyond the preselected "Tolerance" that is comparing the two sensors Defaults to Off... "Double Parallel Fail-Safe", a simple logic processor with minor cost and absolute Safety for the user.
The "absoluteness", or guarantee of this type configuration was demonstrated back in the 1980's when a female operator of one of Schneider-Senator's machines cut off both hands of that operator. Safety regulators shut down all machines of its type for three months while the Fail-Safe system on that machine was continuously run and challenged to default again, never, ever possibly failing. The final conclusion was the one offered first, (though it certainly was a worthwhile test regardless), that the small woman habitually reached her thin arms under the infrared light barriers to violate the safety system during automatic operation.
When a sensor fails under this logic circuit there can be no acceleration, and for the manufacturer, it would mean most often that sensors that are wearing out or out of tolerance would have to be replaced. [Of course, it is a seperate discussion as to whether the costs of electronic accelerator controls in this application really outweighs a simple spring-loaded mechanical cable? Electronic controls are inevitable, but have to be designed with safety first.]
I believe KG Schneider-Senator has an international patent on this device and that it is used by such as Airbus for certain systems. When it comes to electronic control of 3,000lb bullets driven by average (normally unprofessional) people, I would say this is the fix if Toyota sticks with electronic control. I would also add that any and all manufacturers who are deploying electronic throttle control will also eventually suffer likewise absent a "Double Parallel Fail-Safe" type circuit.
In the mean time, they should install a solenoid shutoff valve on the fuel line connected to a prominently-displayed switch on the dash. An accelerometer could light up the switch when extreme acceleration is detected. Hit the switch and the engine stops.
I believe this is a simple, cheap, non-computerized solution, no matter what the real cause is found to be.
What Dr. Gilbert was showing was that Toyota/etc (Denso, really) monitor did not detect that he had shorted the two sensors together. Assuming the assortment of factory shop/repair manuals I read in my research do not contain a typo the voltage difference range that Toyota/etc is using for this test, 0.02 volts, was poorly chosen. IMMHO the two sensors could easily be "shorted" together and still have at least a 0.02 volt tracking difference.
And anyone suggesting that a potentiometer would be more reliable in this application obviously has neevr disassembled one after many hour of use. The "contact" wiper ALWAYS wears through the resistive deposition in a relatively short period of time.
*note I also mentioned the other "why it failed" point first* - I'm technically addressing both questions that Edmunds is asking about here.
When you are designing a drive-by-wire system, you have two choices, normally. Sensor type A and sensor type B. Hall Effect or Potentiometer. Both cost roughly the same and it's really a "pick one you like" scenario for the engineering team.
None of this really matters, though(both get the job done), until you look at what happens when they both fail. The Hall Effect sensor fails in a manner that you would never want for something involving a moving object. You might use a potentiometer for an airplane(not sure if any do, but say you're designing a fly-by-wire airplane that does), but you'd never use a Hall Effect sensor for the controls of an airplane. Because one merely causes a problem and the other simply crashes the plane and you die.
Systems to mitigate or deal with catastrophic failures are entirely separate from this issue of the wrong technology between the two being chosen in the first place. Magnetic sensors are a bad idea for throttle and brake controls because of how they fail. This can be worked around with software and specialized hardware as you mentioned, but it's still the wrong technology to begin with when lives are potentially at stake. It shouldn't *need* a second backup sensor as a normal design parameter.
*edit* yes, Potentiometers do wear out quicker. It's a known issue but many auto makers do use them and they last reasonably well, considering. Of course, neither is an adequate substitute for a good old fashioned throttle cable.
In past years I have used hall effect sensors in a myriad of applications in minicomputer and microprocessor real time process control systems in harsh environments (lumber mills, etc.) and have never experienced any abnormal failure modes.
http://www.toyota.com/recall/?siteid=OM_SLA_AID1792905_CID4251042
Could you explain, expand on that thought..?
Read this.
http://en.wikipedia.org/wiki/Electronic_throttle_control
And this.
I mentioned both in my original post over a month ago. The critical line, and Wikipedia's entry is interesting(and wrong):
***
The potentiometer is a satisfactory way for non-critical applications such as volume control on a radio, but as it has a wiper contact rubbing against a resistance element, and dirt and wear between the wiper and the resistor can cause erratic readings. The more reliable solution is the magnetic coupling that makes no physical contact, so will never be subject to failing by wear.
This is an insidious failure as it may not provide any symptoms until there is total failure.
***
The author here states that Hall Effect sensors are "more reliable" as it has no wear, yet when it does fail, it is "an insidious failure an insidious failure as it may not provide any symptoms until there is total failure."? He's obviously an engineer who is looking at it like most engineers would. "More reliable" in terms of life span and number of movements/MTBF. Versus a "mission critical" scenario. Sudden failure without any warning of any kind is a deal-breaker here and is NOT satisfactory for automotive controls. No matter what this particular author states. This is doubly true since the feedback system in a broken Hall Effect sensor is the only thing keeping it from being a deathtrap. If the software or hardware fails to detect the problem instantly, you end up off the road.
What happened here, I'm sure, is that Toyota originally used or considered potentiometers but listened to their engineers who quoted things like lifespan and MTBF and went on about dirt and wear and used the Hall Effect sensor instead. They thought that they could overcome the inherent flaw in the design by using two redundant sensors and a lot of fancy software.
Yet when it failed and didn't work as intended, people died. If they had used a potentiometer, they would have had to do a *lot* more warranty repairs(the major downside to potentiometer-based ETC systems in their view), but it's unlikely that anyone would have died. Because when a potentiometer fails, you get a drastic change in resistance, which is easy to design any monitoring system to detect. (just a few lines of code that triggers the system to shut down)
*EDIT
Remember, Wikipedia is merely a collection of posts by random authors and not necessarily to be used as "proof" of anything other than basic ideas and concepts. Here the basic ideas and concepts do support how it fails(without warning - that's easy to verify elsewhere). His assertion about it being "more reliable" doesn't apply to something like this, though - that's obviously wrong.
How do I know? People died. That's the ultimate "bad scenario" in any application of automotive technology. Anything that causes people to die in a vehicle needs to be changed to a different application or technology as it has been shown to be unreliable. There is no gray area here, either. Dead people means the technology isn't to be used - find something else.
That's the larger issue in the industry, and nobody is addressing this. I hear nothing at all in the media about it. No articles, either. Sure, they mention it now about Toyota, but fail to draw the connection to the larger issue of it being the wrong type of sensor for this application. Now maybe they can design another type of sensor that isn't a Hall Effect or Potentiometer(maybe optical like they use in mice?), but this technology can be shown to produce disastrous results and shouldn't be used.
If so, I'd like to clarify, that in order for it to be "Fail Safe" it must be a "Timed" double-parallel circuit which is then measured in a separate comparison circuit in milliseconds, it must measure BOTH opposite voltages and the precise (parallel) Timing of each to allow activation. (our circuit required timing in the 7-15 ms range) Under this condition it is impossible to "short" the two sensors because 1. they must be opposite, identical or any other misreadings will always default "Off" as the comparison circuit is precisely designed for this purpose, and, 2. they must be entirely distinct circuits separated by hard wires and physically separated sensors. The main problem you have with this configuration is inoperability due to worn sensors (of any sort) but NEVER unexpected operation.
That's why I don't understand how Toyota could have had this problem, unless they aren't using the type of system I describe, but I'm sure I do not fully understand exactly what the Toyota system is composed of and am very interested in more information here. I used to teach the fail-safe system around the world for Schneider so I'm intimately acquainted with how their system works and why it cannot fail except to "Off".
On the side, I agree with your potentiometer argument, my experience is that hall sensors and even Encoders are far less vulnerable to environmental factors since there is no physical contact involved (not to mention far more precise)... all three of my vintage near 30 year old Audi's have never had a hall sensor fail in the distributor and none of the 50 year+ Schneider guillotines ever had an encoder failure either (that I am aware of), both under very harsh environmental conditions.
Please do elaborate especially if I've misunderstood the MIL, and thanks.
Put it like this: Let's say that all the troubleshooting guides point to computer A, pedal B and throttle body C. In some cases, replacing any one of the above 'seems' to fix the problem, so you apply that fix to all affected vehicles--but the problem re-occurs on a car that's already undergone the recall repair. It's not 100% repeatable, not even on the same vehicle--it's intermittent and infrequent. This alone points to a connectivity issue somewhere. It is in the wiring? Is it on the computer motherboard? What if it's due to some piece of information missing from one of the other computers/sensors? What is the most common single thing between all of these?
Connectivity—solder, to be exact. The fact that it's intermittent almost automatically implies a cold solder joint, one that looks intact but breaks under certain vibration/temperature/humidity situations. It's bad enough when it happens in aviation but at least there are enough redundant systems to override the defective one. In a car, you rarely have redundant systems and with hundreds of millions of cars on the road, the potential for disaster is multiplied enormously!
I'm not saying to remove computers from our cars, but how about doing something to ensure the reliability of the components and their connections. One of the first rules for soldering is to ensure you have a good mechanical connection, then solder it.
Here's the link - the pictures are pretty interesting. I'd be interested to hear your take on what you can tell from them.
http://www.thetruthaboutcars.com/exclusive-ttac-takes-apart-both-toyota-gas-peda- ls/
As noted in my other post #40, I've never personally had failures of either hall sensors or encoders (not saying they don't, they do), yet on the very same decades-old machines in harsh conditions, I can's tell you how many potentiometers I've seen fail. But again, it does not matter what technology is used to measure/control something like gas pedal control, anything and everything man made can and will fail, the key is default Fail Safe.
That's why Denso uses TWO Hall effect sensors that track the gas pedal position. The theory being that the likelihood of both failing simultaneously was too small to consider. The computer continously monitors both sensors directly via separate A/D channels and if the tracking voltage of each does not follow its opposite within 0.80 volts a "limp home" mode is entered. A limp home mode should also be entered should the two voltages track TOO closely. While the documents say that Denso uses this latter technique Dr. Gilbert's testing indicated this latter technique to be inoperative.
Yes, but a "virtual" comparison circuit embedded in firmware DSP, Digital Signal Processing, routines.
In my '92 LS400 I was able to INSTANTLY "fool" the climate control computer into thinking the cabin had gone instantly COLD simply by switching a resistance into the cabin temperature sensor, thermistor, circuit. That didn't work in my '01 F/awd RX300 because in the interim Denso had added anough DSP to discover that was not a valid change in the short term.
The double-parallel system addresses only electronic controls. Is the electronic issue buried, or are all these failures just mechanical?
It is unfortunate that the media and the US government have turned this problem into an opportunity to discredit Toyota. There have been complaints of unintended acceleration since the advent of the automobile, and there will continue to be complaints until people are willing to take responsibility for their own errors. The automakers have the most to lose or gain by manufacturing the safest acceleration systems possible. Their reputations and future business ride on it. They also have the best resources to employ. I don’t want a backyard mechanic or engineer tinkering with my acceleration system. In the US senate hearing on Tuesday, NHTSA administrator David Strickland said, “Toyota has had the same percentage of sudden acceleration issues as other manufacturers; they just had more of them because they have more cars”. The one constant in all complaints of unintended acceleration? Human drivers. Auto makers cannot engineer away distracted driving, or impaired driving, or speeding. Or medical conditions, or just plain driver error. Find a way to correct all of these variables, and you have solved the million dollar dilemma. How about a controlled study where robots drive the cars and make the decisions. Take away the human element and see how many events of “sudden acceleration” occur. This will not be a popular conclusion, but it may well be the truth.