Again, the 'computer crash' theory falls down because the UA incidents "go away" and don't return. All these stories, as far as I can gather, are about a one time incident, and certainly not all lead to crashes or destruction of evidence---certainly not.
A computer crash will almost always be non-repeatable and will "fix" itself if you reboot it.(in this case, turning the ignition on and off) If it's something like a particular part of the motherboard overheating or bad memory(this is common) or EM interference, it can be amazingly hard to actually tell what's going on and to replicate it with any consistency.
But none of that matters, really. Most people are looking for specific causes when I suspect that it's really more critical to look at what happens after the computer has frozen up.
I understand why the start/stop PB firmware design requires a 3 second depression to shut down the engine if the transmission is in gear. But simple human factors engineering dictates that the same method should be used to stop the engine at ANY time. Otherwise just how many drivers will/can be unaware of the unusual "in gear" circumstance.
Note that Barnard states that he attempted, unsuccessfully, to use the PB to stop the engine several times.
I'm not following you there. If the UA occurs, and then you re-boot to correct it, then if the UA was *really* computer related, it will happen again. In other words, it will require multiple re-boots.
Re-booting doesn't cure the defect forever. If it did, the every UA would happen only once, and that seems highly implausible.
Unless the exact same circumstances happen again, then you may never see it again. I've "fixed" a lot of computer problems by rebooting and never saw the issue repeat itself. That's bad - if you can repeat the issue, you can usually narrow it down to the code or bad component or software. Could be something as nebulous as a stray static discharge.
Simply rebooting your computer can change the load order of programs that get run on startup.
In the computer trouble-shooting world it's called "shot-gunning".
First, you are certain/sure that some problem of an intermittent nature exists. In this case we have the actual dealer personell that encountered/witnessed the problem for themselves.
Once you come to the conclusion that the problem is of a SERIOUS nature but cannot be replicated there are several reasons SOMETHING must be done, not the least of which is to restore the customer's trust.
So, what or which components are most likely to be causative factors.
More than one time did I, DIY, replace both the generator and regulator in the old days for this very same reason, intermittent battery charging.
"..the "computer crash" theory falls down because the UA incidents "go away" and don't return.."
For those of us with "deep" experience in real-time, process control, computer programming we find nothing unusual about the rare failures or failures that happen once and "never" again.
I can tell you of many instances wherein these "live-lock" or "deadly-embrace software "crash" events were either so rare or non-eventful that they weren't worthy of chasing.
On the other hand in the world of "mission-critical", life-threatening, events, such as we have here extreme measures are made to correct the situation even for a one-time event. Assuming, of course, the event is verifiable, as is seemingly the case here.
In this case redundancy is not the appropreate term, failsafe is.
Someone was thoughful enough to realize that the engine should not be unintentionally, accidentally, shut down due to an inadvertent "touch" of the start/stop PB if the shifter wasn't in park or neutral.
The cost of a failsafe engine/transaxle ECU firmware "bypass" would be fairly inexpensive and therefore perfectly justifiable in a DBW throttle control environment.
In a way the brake is already being used in that manner, you can "kill", over-ride, CC via a simple touch of the brake.
I think you are missing the nature of many of the problems we experience with electronic products these days. You are expecting that the problem is a simple, repeatable problem that is not multi-factored.
I agree with you scientifically that problems are repeatable; though you need to know what to do it to get it to repeat. If a fuse blows and I give you the device to check, sure you can find a blown-fuse, and you can put a new one in and it will blow for you. And we can do it again and again! You're assuming that UA is much like that.
My argument and I believe Pletkos, is that the UA can be more like PC's or PS3's. It is not so easy to determine what was happening when an electronic "crash" occurs. Say my computer crashes, and I turn it back on and it's fine. I call tech support to report my crash, and I tell them what I was doing and what happened. "I was just opening Excel and next thing I know the screen freezes." Maybe I forget to mention that I was burning a CD at the time that was a factor. But let's say I think to add that - oh the CD-burner was running. Is that it? "yes, I answer". But is it? what is happening in the PC? many other things! Data may have just started transferring from the graphics chip to main memory; there was a high demand for refreshing the screen; or any other behind the scene functions could kick in.
It is those sorts of factors and their interaction, which I doubt have been fully tested. There are numerous functions of the electronics in vehicles that when put in various combinations would give you millions of combinations of things to check to see if there were flaws. Exactly the sort of stuff that MS spends millions of man-hours trying to weed-out in their development. Unless you have some proof that the people who write the code for the electronics of vehicles somehow have god-like powers to eliminate these, I presume these hidden flaws exist in ALL complicated systems.
Now I'm not saying that NASA could or should have checked every combination of factors. It's like looking for a murderer by interviewing every citizen. But just like a criminologist you have to have a crime-scene and witnesses, and forensic evidence or other clues. What does Toyota or NASA or anyone have to go on in these UA cases? Not much right? You have some basic statements of what people did, which is doubted because of suspected "panic", you have twisted metal, and very little data from any black-box, and the data may never have made it to a black-box because of the "freeze", just like on most PC's.
So let me ask you to reconsider again, that because electronic problems usually aren't simple, and the fact that anyone trying to replicate the situation does not have all the correct factors included and in sequence as the actual event, in my mind the replicate testing is LIKELY to find NOTHING.
What Toyota and NASA probably have is an issue like looking for archaeology sites in the desert. What they did was act on some basic map, and they went and dug a few holes in the Sahara desert over a number of months. They've concluded based on that, that "There's nothing out there".
I'm not blaming them for what they've done, as there isn't more specific information. What I do find scientific faut with, is whether the Testers or was it Toyota and the media, who then used that "sample-testing" to claim that is somehow representative of the whole desert.
That makes no sense either, because if the car's computer "froze up", requiring a re-boot, it probably wouldn't run, either. This sounds like more epicycles--where the presumption this time around is that part of the computer works while the other part freezes, and this selectivity is precisely directed to mimic the reported UA incident.
it sounds like a conclusion in search of a fact to me.
As JFK once said "Where there's smoke, there's usually a smoke making machine".
First it sounds like the "god argument" -- I can't see it but I'm supposed to believe it
Then it sounds like the "only we can know it" argument--that your doctor knows everything and you must follow his orders.
This doesn't sound like scientific inquirty to me--it sounds like dodging the point, which is: "Where is the proof?"
And, there seems to be quite a bit of "chatter" in recent postings about "one-time" events.
Lets see... How many millions of cars were recalled under suspicion of UA?
How many minutes of run time/ignition cycles (on-off cycles)/miles driven?
We literally have, conservatively speaking, billions of "tests". Yet, by any stretch of the imagination, a relatively few examples of UA, and even less if you exclude those "events" that don't have a different probable cause likely.
Again, the entire assertion of UA fails on that argument alone.
BTW, notice how no one still pushing UA responded to my challenge in post #1762?
First it sounds like the "god argument" -- I can't see it but I'm supposed to believe it.
You certainly must then dislike much of Particle Physics, String Theory, Dark Matter and Dark Energy; and the reason that Congresswoman from AZ who was shot, is recovering so well.
We literally have, conservatively speaking, billions of "tests". Yet, by any stretch of the imagination, a relatively few examples of UA, and even less if you exclude those "events" that don't have a different probable cause likely.
That's probably equivalent to the number of PC's and how many hours they run without a proble, and how many experience severe problems.
Stretch your imagination and question why the high-tech companies of the world have hundreds of thousands of people processing warranty returns, and doing online software support.
Stretch your imagination and realize that every rocket launch, or missile-defense test does not go well. Our technology is very susceptible to design and manufacturing flaws - both hardware and software.
Go take a look at some reports on how many missiles actually hit their targets. The best and brightest minds, fail to consider all the possibilities and problems. If you think our elctronics systems are so great, where's our Star Wars Missile Defense System after 25 years?
I *do* dislike the String Theory--it's very much the 'god argument'---good point.
As for Dark Matter, we sorta know its really there, so I'm okay with that. We just don't know what it is.
As for poor Ms. Gifford, there have been documented cases of people actually walking around with iron rods drilled through their heads. It's very plausible because it depends on where the damage is. Sever your spine, however, and you have a 100% certainty of the consequence.
Point is, I don't see any basis so far for condemning a car company.
For me, the most honorable conclusion about UA right now is "we have no idea".
That sounds like something right out of the Conspiracy Theorists Handbook.
Just ignore the facts that disagree with your "conclusion", make up some supporting evidence, then put it forth as "factual", and...
Abbra-Cadabra!!!
Instant solution.
BTW, You're really stretching it a bit when you compare missle launches to automobiles. I would think that by the time we have fired 150 million missles, we'll have a much better success ratio than what we have today.
LOL. "stretch of the imagaination" were your words in Post 1778. You're just confirming the "wow" factor of your own intellectual-methods!
Just ignore the facts that disagree with your "conclusion", make up some supporting evidence, then put it forth as "factual",
I'm not ignoring the facts. The facts are Toyota and NASA did not find a problem. The fact also is that they did not look at all the possibilities. It seems you don't want to recognize that. Because someone goes and buys 5 lottery tickets a day for 2 months, and doesn't find a $5,000 winner, does not mean that there are no $5,000 winning tickets.
I would think that by the time we have fired 150 million missles, we'll have a much better success ratio than what we have today.
It's not a matter of how many you make, as much as it is the constant development which necessitates change. Toyota is not using the same software and hardware it did 10 years ago, or probably 5 years ago. They have not learned and banished all problems with their software and hardware before new generations come along. MS had developed Windows XP for several years, then had it on the market for several years more; they were still issuing patches and updates when Vista came out. Vista brought a whole new set of bugs, which again were found and fixed over many years. Many of those problems never affected the vast majority of people who had PC's using XP and Vista. I probably received several hundred patch-files over the 4 years I ran XP.
So again I will state that it is not that unlikely that a manufacturer, and let's not just say Toyota, ANY MANUFACTURER today, could put out vehicles such that a few dozen or a few hundred of 2 million per year could be affected by electronic problems causing UA. It happens in the PC world ALL THE TIME. An electronic problem similar to a PC "crashing" can happen for the 1st time after a few years or on Day 2. It could happen once in the life of the vehicle, or it could happen everyday if the exact same factors and sequence leading to the fault/error occurred. Everyone on your block may have that model, bought from the same dealer around the same time, and you may be the only one to experience a problem. Because the problem could be triggered by something subtly different in the way you drive or do in the vehicle.
I agree. I believe the situation is more #1. And it may not be the fault that engineers and scientists have not looked hard-enough. It may be (as I said) they really don't have much to go on. A driver and the vehicle itself do not offer a very good set of data, if this is a problem similar to those seen in MS and Intel (and similar) products.
Detectives and the FBI can usually solve cases when there is evidence and motives associated with crimes (murders). They do not have such a great track-record and will admit they need a lucky-break to find random killers. If there is little data or evidence to go on, problems and criminals remain undetected/undetermined for quite a while.
I agree that UA is unproven; but neither can it be stated that it can't be a system flaw given the millions of possibilities, and the little that engineers would have to go on as to where to look.
We literally have, conservatively speaking, billions of "tests". Yet, by any stretch of the imagination, a relatively few examples of UA, and even less if you exclude those "events" that don't have a different probable cause likely.
Nothing like taking quotes out of context, but when that's all you've got, I guess that's what you go with.....
So, tell us...
What would it take for you to admit there is (at least, as much as is humanly possible) no chance of these UA incidents being caused by electronic failure? When would YOU say "uncle", and stop searching for the proverbial "needle in the haystack"?
Its a simple question... One that you continue to evade answering...
Is it possible UA exists?
Again, yes.
But possibility doesn't translate into probability.
One might be a murderer.
That doesn't make you one, or imply you ever will attack or harm anyone. Just because you might in no way affects the outcome.
Making the jump from "might" to "absolutely will" is a jump no rational person would make.
"..it sounds like the "only we know it" argument-...."
You just hit the nail quite squarely on the HEAD...!
Unless you understand programming coding techniques and more likely than otherwise have also encountered these type of coding mistakes in the process of debugging code, or trouble-shooting intermittent (***) "live-lock" or "deadly embrace" code execution sequences/streams, then yes, only the "doctor" has the knowledge and experience to understand.
You can't look behind the curtain because you simply can't see the curtain to begin with.
*** They are always intermittent, often in the extreme, just as we see here. The simple ones, easily repetitive ones, are usually found before shipping.
I agree that UA is unproven; but neither can it be stated that it can't be a system flaw given the millions of possibilities, and the little that engineers would have to go on as to where to look.
Now that is bordering on the absurd !!
I guess it would also be "possible" that a couple of these Toyota's went into orbit around the moon just before they crashed back down to earth. It would be very difficult to "prove" that this did not happen.
In the face of all odds, there are a certain number of people whose ego just will not allow them to say the three little words, "I was wrong" !!
"..if the car's computer "froze up", requiring a reboot, it probably wouldn't run, either.."
No, oftentimes it only appears that the computer is "frozen up". It may well be "off" executing some ill-behaved or HIGH priority software task and therefore not responding to your keyboard or mouse inputs.
The windows "end now" sequence when an ill-behaved "window" will not shut down normally is currently one of those. Unbeknowst to you what is actually happening is that windows is busy, VERY busy, saving the entire state of the machine should you subsequently wish to report the incident to microsoft.
An argument can be made that since the MS "save the machine state" software runs at the HIGHEST priority and CANNOT allow any other tasks to be executed simultaneously the machine can be said to be in a "live-lock" state.
Unless you have the task manager up and running it will appear to you for many minutes that the PC is frozen.
What would happen if the wire from the brake pedal light switch to the engine/transaxle controlling ECU came open at say, 85MPH, while cruise control was active. In a panic situation how many of us would have the presense of mind to resort to using the CC "switch"/lever to disable CC...?
Step on the brakes and the only result is the tranny downshifts to overcome the extra engine load....
Now what do you mean by "no"? So every computer crash would allow partial functionality? That can't be.
Or would some crashes allow partial and some none?
now that makes sense as an answer.
And, if some crashes are total and some partial, how co-incidental is it that the alleged "partial crash" on the Toyota computers only *selectively* disable the exact list of things you need to stop the car?
To the "community" computer crash can have a vary wide meaning, basically the computer is not operating properly. That could mean anything from smoke coming from the CPU card, instruction execution halted altogether, or even a temporary live-lock, as in windows "end now"
Yes but it's all way too pat a theory to explain the various complexities of these UA incidents.
So we're supposed to believe the following?
A computer crash causes the car to accelerate, while disabling the brakes, while disabling the ignition shut off, while disabling the neutral slot in the transmission and any other component that would interfere with the acceleration. While doing this, other functions of the car do not fail, including electronic steering, lights, horn, windows, etc.
Then, the computer glitch disappears as soon as anyone attempts to find it, and never re-appears again, leaves no trace whatsoever of its existence, nor can anyone but the driver ever experience it.
That makes no sense either, because if the car's computer "froze up", requiring a re-boot, it probably wouldn't run, either. This sounds like more epicycles--where the presumption this time around is that part of the computer works while the other part freezes, and this selectivity is precisely directed to mimic the reported UA incident.
But that IS what happens. Remember that a typical vehicle these days has over a dozen computers in it. And a lot of the ICs in the actual sensors and so on are simpler 8 bit or similar processors. Simple to code for, but things like multitasking and real-time redundancy are often not possible with them, either. It's a known limitation, because they just aren't designed to do more than one task at a time.
The example you are looking for is your PC. Why? Because what happens when the CPU crashes? Right - the sub systems on the cards that are in the slots attached to the motherboard don't stop working. Your sound freezes(usually the last sound or sample plays forever). Your video freezes(frozen image on screen). Your hard drive still spins, but nothing gets transferred back and forth.
If the ignition switch and/or gear selection sub processors and/or sensors simply freeze up, it would explain what's been happening. And if you use a typical PC as a (much more complex) example, it's likely more common than the auto makers would like to admit.
What would happen is that the system would crash in the last state it was in. If you were accelerating at all, it would continue to do so. 30 turns into 40 and then 50 and soon 90+. Even if it's just "stuck" at 1/4 or 1/2 throttle, that's enough to cause an enormous problem.
Remember that the sensors in question, as I stated in my first post (page 1 or 2, IIRC) are Hall Effect sensors. They register a magnetic position and have no physical electrical connection to the moving parts(say, unlike a potentiometer). So if the sensor believes the magnet is somewhere where it isn't due to its monitoring software freezing, as far as it knows, everything is fine.
There are others besides the couple who testified and had no use for the Lexus. I would have ditched it as well. The NHTSA saved at least a couple of the vehicles - don't know if the NASA/NESC team used actual complaint cars when they finally got black box access.
Sorry for some of my comments as it just seems like you parody the Toyota line - such as this one from latest reports from them: "A Toyota lawyer told a California court that plaintiffs in the case are "chasing a phantom theory of defect" that does not exist."
Not a lawyer - an engineer who actually read many of the reports attempting to find a correlation using similarities and differences. I sure wish I had the hard data and could have really been involved and used the Kepner Tragoe method of problem solving that I believe Ford still uses.
Of course some of the hundreds of websites including victims' reports are lawyer sites such as: http://suddenacceleration.com/
Also not a Toyota owner or victim. Love my Ford Flex especially the days when we have our 4 million-dollar grandkids in tow - the other reason we just can't let cover-ups happen as was the case initially with UA. At least there will be more brake override and available much sooner (still have to hit the correct pedal).
What would it take for you to admit there is (at least, as much as is humanly possible) no chance of these UA incidents being caused by electronic failure?
Scientifically you can not prove something 100%, or no chance. You can increase your probability of something by repeating the events as closely as possible, and running replicate trials. If I were running the testing, I might start at: 1. Getting the same model vehicle, with the same ECU version/revision and the same software. 2. Better yet I would want an ECU and other hardware made in the same lot/batch in case there was a hiccup in production that day. 3. I would want to know the history of the vehicle that crashed, - was it in a fairly extensive accident, was it driven in dusty conditions, high heat, extreme cold, dust, road-salt, was it a rental where the switches and the vehicle are tested a lot ... The vehicle tested should have a similar history. Again match as close as you can. 4. How did the driver drive? was he typically aggressive? babied the gas/brake and transmission? 5. What was the driver doing that day in the vehicle when they had UA? Did they have the stereo on? the cruise? the portable NAV (Tom Tom or Garmin, model #)? cruise control was on set at 60 mph? what speed? how long had they been driving? what was going on with the HVAC. I want to know what sort of electrical draw was going on, and what was running. I'd want to know if ABS, traction control, or DSC had just been triggered. In summary REPLICATE the exact driving conditions/sequences.
Is there some combination or sequence to activating those along with the history and condition of the hardware that causes a malfunction?
What was the weather like that day? Did they just get the car washed?
So in summary I think the test should have been a detailed, detailed reenactment. Not a computer simulation. Not someone testing the ECU, and someone testing the software, and not someone testing a vehicle that was not extremely similar that may not have had a similar history or been driven similarly.
It's a tall task I know. But that is the sort of problems you can end up with in a complicated design, when the human can not tell what is happening with the equipment, and the equipment is not really designed to record its activities and provide an extensive, detailed history after a crash.
Not quite bordering on absurd. If you want what I said stated more eloquently, try this better explanation.
"Over the past two decades, probabilistic risk assessment and its underlying techniques, including FTA, has become a useful and respected methodology for safety assessment. Because of its logical, systematic and comprehensive approach, PRA and FTA have been repeatedly proven capable of uncovering design and operational weaknesses that escaped even some of the best deterministic safety and engineering experts. This methodology showed that it was very important to examine not only low-probability and high-consequence individual mishap events, but also high-consequence scenarios which can emerge as a result of occurrence of multiple high-probability and nearly benign events."
So were these methods used to review UA. This is a NASA link. What is the probability that the Fault Tree was successful? Where the scenarios of high risk then tested thoroughly thru reenactments? Were the same hardware and software provided to do the tests as were involved in the accident vehicles?
I don't think it is fallacious at all. I think it is more frustration on many people's parts that they don't understand issues outside their realm. I see that frsutration in many of our political leaders as well, or want the 5 minute summary and then have the arrogance to think they understand the details, and can make some intelligent decisions from it.
I guess that is a part of our ego and hormones that gave our ancestors the guts to go hunting wooly mammoths. So the discussion continues. It sounds to me from my experience as an engineer, and dealing with software and sensor issues that he is correct. Anyone else like to volunteer their technical background. Houdini? You Mr. Shiftright? What kind of engineering? mathematical? physics degrees? do you guys have? How many years working with PLC 's and other software?
BTW - what is a PC doing when ALT-CTR-DEL fails to work? and tech. support says "pull the plug"?
Funny how those here that feel that just because they are an engineer or programmer that THEY are the ONLY ones with the knowledge to "see" what is happening.
I would remind those that, at the very same time, that are many MORE engineers and programmers that have also examined the issue (many far more closely that anyone here) and have arrived at the conclusion that there is ZERO evidence of electronic UA in any of these cases.
So, what claims do those here have to the "superior" understanding?
What makes you so much more intelligent than the investigating programmers and engineers?
As a side note, the issue of PC's keeps coming up. I know no one who simply turns a PC on and lets the OS run. They ALL run some sort of task on it, and everyone runs different tasks, on machines made by different companies, with different components running different applications.
Cars don't do that. They (each model) all run the same code in the ECM, on the very same ECM designed and built for a single application.
Can it fail?
Sure.... But far less likely than someone's PC running different applications.
Its another comparason that looks good when you say it, but in reality, is another "apples to oranges" issue.
BTW, I have a masters degree in Statistics, .and worked in (and managed) IT shops my entire career. While I am no "expert" programmer, I DO understand numbers.
And, statistically speaking, if electronice UA in Toyotas was likely, we would be seeing an entirely different distribution of events than those we actually are seeing.
I knew this automatic transmission builder, a genius in his field, who told me that engineers from Martin_Marietta were among the easiest to sell the "big job" because they were applying standards of perfection that had nothing to do with an automatic transmission. He'd show them a little scratch on a part or bushing, knowing full well that this meant nothing for reliability, and they'd say "well of course replace it".
While we know engineers are smart, they are smart in the specific areas they work in. A bone doctor does not pontificate about the human brain; an aroma chemist does not know much about climate change.
About as far as I'm willing to on this UA thing is to consider that we have a combination of an actual cruise control malfunction compounded by the driver's inability to do the right thing to correct it---the 'wrong' thing being stepping on the wrong pedal, not knowing how to shut off the ignition, not considering putting the car in neutral, not pulling up the floor mats, etc.
In other words, a correctable malfunction compounded by human error.
I find *that* scenario much more plausible than this Byzantine diagrams of multiple simultaneously failures that defy the human imagination.
Think of something like Apollo 13 -- had not the astronauts reacted properly, they would have died. The cause was really a rather simple thing--it wasn't some complex multi-functional mysterious computer issue at all.
Anyone else like to volunteer their technical background. Houdini? You Mr. Shiftright? What kind of engineering? mathematical?
Master's degree in EE. Over 43 years experience designing high-rel electronics for the mil-aero market, including airborne radar systems and satellite electronics. Anyone know anything at all about a EE program, the mathematics required speak for themselves.
I knew this automatic transmission builder, a genius in his field, who told me that engineers from Martin_Marietta were among the easiest to sell the "big job" because they were applying standards of perfection that had nothing to do with an automatic transmission. He'd show them a little scratch on a part or bushing, knowing full well that this meant nothing for reliability, and they'd say "well of course replace it"
Here's a counter example. I was supporting a flight program out at the Dryden Flight Center at Edwards AFB. This involved a highly modified F-16. Well, came time for one of regularly scheduled maintenance inspections (required ever XXX hours of operation), and low and behold they found a small crack in the exhaust section of the engine. Did they replace the engine? No! They went to the service manual where it said that "if the crack was less than 1" long and (bunch of other criteria were listed, I forget most of them), there was no need to replace the engine and that the aircraft could continue to fly.
Heads up - read the reports before you Toyota supporters parody their official line - electronics as the cause just a phantom of your imagination.
Recent report: "A Toyota lawyer told a California court that plaintiffs in the case are "chasing a phantom theory of defect" that does not exist."
NASA/NESC - report below on their report - I pasted most of it since some of you just hate lawyers (I only hate the grubby ones and am all for tort reform). Note that Prof. Gilbert is vindicated as I have earlier argued.
Despite the popular headline, the report actually found evidence that electronic sources of sudden acceleration are possible and can happen. "NASA's study confirmed that there is a theoretical possibility that two faults could combine under very specific conditions to affect the ETC systems to as to create an unintended UA." (Full Report, p. vii).
Unlike Secretary LaHood's boisterous comments, NASA's engineers were more guarded in describing their findings [via LA Times and SRS]:
"Our detailed study can't say it's impossible...." "Due to system complexity ... and the many possible electronic software and hardware systems interactions, it is not realistic to prove that the ETCSi cannot cause UAs.... Therefore, absence of proof that the ETCSi caused a UA does not vindicate the system."
Other NASA Findings:
* O-2 .... When the brake can override the throttle command it provides a broad defense against unintended engine power whether caused by electronic, software, or mechanical failures. (Full Report, p. 60-61) * O-5 Vehicles that are operated with an active pedal sensor fault, either with the MIL on or off, may be susceptible to the effects of second faults, leading to possible unintended accelerations (Full Report, p. 61) * O-7 There are no methods for capturing pre-event software states and performance following a UA event either on the vehicle or as a diagnostic tool. (Full Report, p. 61) * O-8 The available incident reporting databases are valuable for identifying potential vehicle symptoms related to UA events. However, voluntary reporting systems may not allow for accurate quantitative estimates of incident rates or statistical trends. (Full Report, p. 61) * O-9 A review of HF literature related to UAs indicates that pedal misapplication remains an identified cause of some UAs. However, it is not possible to accurately estimate from available survey and laboratory data how frequently this error is an underlying cause. (Full Report, p. 61) * O-11 Design features, such as a sport shifter and push button stop, might compromise the driver's ability to recover from a UA event. Such features may be indicative of broader driver-vehicle integration issues and therefore may merit further consideration. (Full Report, p. 62).
NASA also found -- contrary to Toyota's assertions -- failures that mimic valid accelerator pedal signals can be induced to produce large throttle openings. (Full Report, p. 63). NASA also found that "certain resistive faults can result from the presence of tin whiskers within the accelerator pedal position sensor. (Full Report, p. 63).
NASA's Executive Summary also identified the following failure modes:
* Failure mode when combined with driver input can cause the throttle to jump 15 degrees in certain conditions and may not generate an error code to document or trace the error. * Multiple failure modes that can result in throttle openings of less than 5 degrees resulting in high idle speed, hesitation, and surging.
These findings are significant because Toyota has consistently maintained that no fault could occur without triggering an error code to document the malfunction. NASA has shown otherwise.
Both you and Mr. Shiftright make excellent points. In your example, one has to wonder how the criteria for component replacement came to be determined.
Was it by simple engineering, or that... along with accounting profits/losses added into the equation? My guess is "option B".
And, car manufacturers do this all the time... Weighing the cost of lawsuits .vs. recall costs. The Ford Pinto debacle is a great example of that practice, with the known danger of exploding gas tanks.
Once again, this debate seems all to similar to the one going on with the vaccination/autism debate. Those wanting so badly to have an answer swallow "crap" espoused by the infamous "Dr. Wakefield", and even after being roundly discredited, still ask "Why doesn't everyone see what this man is seeing?"
Why?
Because it isn't there to be seen. Its a mirage. In his case, a "rigged" mirage.
Some would rather believe a Playboy centerfold and her claims rather than the established medical researchers.
And, I see that elsewhere. Our country seems to be moving in a direction of mistrust of those in the educated fields of research. Politicians like to call them "intellectuals", as if that is some sort of insult.
At the end of the day, however, the numbers tell the story.
If electronic UA were anywhere as huge as some posters here wish to believe it is, the numbers of incidents would be vastly larger, and they wouldn't have declined much after the pedal-redesign recall. Millions of ECM's weren't re-flashed nor replaced.
So.... what happened? Where are the numbers of UA?
I agree with Mr-Shiftright. Something may indeed break on a car. That's nothing new, and there are dozens of "critical" items besides ECM's on a car (tie rod end, steering gear, etc).... some will break. Sometimes a driver can recover.... sometimes its impossible.
These issues cross product brand lines and can occur in any car.
Houdini, I think, pegged it when he commented that some folks simply can't bring themselves to say "I was mistaken".
I can take most cars and motorcycles completely apart and rebuild them mechanically (I suck in bodywork). I pretty much know what cars do and don't do from the greasy wrench end of it. I am an autodidact when it comes to automobiles. My degrees are completely non-technical. My dad was an engineer for Packard and taught me a fair amount, too, and I did go through the Mercedes Benz Technical Training course. This is where my obnoxious insistence on logical diagnostic "trees" comes from I guess.
A lot of "mays" and "mights" in there, don't you think?
As for Dr. Gilbert, for those who actually took the time to understand his work, he needed no "vindication".
I don't question his results, but I do question the application of his results.
If, and that's a BIG IF, no one can reliably demonstrate how his "pre-conditions" that gave him the results he reported can be met in the real world, then its a non-starter.
Anyone who has an adequate understanding of basic electronics understands that an unanticipated input in a circuit can change the logic (and output) of that circuit.
Can YOU duplicate it in a Toyota? As far as I know, Dr. Glbert hasn't been able to explain how it could happen. This discussion would be over if anyone had been able to reliable replicate those conditions.
So far, its not much more than "cold-water" fusion.
I'm not defending Toyota. What I AM defending is reasoned, logical determination of a problem and its resolution.
"..what claims do those here have to the "superior" understanding.."
A deep level of knowledge and experience in the specific area of concern, ~40 years in my case.
Do "you" understand just what "live-lock" means with regards to software code, in depth..?
"...what makes you so much more intelligent..."
Intelligence is not, was NEVER the issue.
"...Cars don't do that.."
But yes, they do.
For instance, the CC section of code on a given car might NEVER be executed. And there are so many different tasks, instruction execution "paths", tens of thousands, that can be taken in the engine/transaxle controlling ECU's firmware that a specific "path" may be encountered only rarely.
On rare occassions, once in blue moon, my '01 F/awd RX300's hazard lights will go into a FAST blink mode when I lock the car the second time so as to quickly turn off the headlights.
Why...?
Haven't bothered to find out, no reason to. I simply get back into the car, cycle the key on, turn the headlights off manually, and all is well for ~months....
Has anyone EVER depressed the brake pedal at EXACTLY the same time as using CC to enter "accel" mode...? And I do mean EXACTLY....?
Cars don't do that. They (each model) all run the same code in the ECM, on the very same ECM designed and built for a single application.
I bet it would be rare for a single model year to go by where the code or ECM didn't have revisions made. As problems are discovered in designs revisions are made all the time. many people have their software updated when they take their cars in to dealers for routine oil changes.
Out of potentially billions of "events", we have so few "hits". And, after the mechanical pedal revision/recall, what few hits we were seeing dropped dramatically. Want to tell us why you think that happened?
Frankly, you fit the bill perfectly of what I described earlier in the vaccination/autism issue.
You appear to want so desparately to believe in electronicall-induced UA that you simply cannot honestly evaluate any othe alternative.
Once again...You're entitled to your opinion... just not your own facts.
Our country seems to be moving in a direction of mistrust of those in the educated fields of research.
Maybe the supposed expertise of 1) Every expert and scientist in the intelligence field who promised us WMD in Iraq, and 2) Alan Greenspan and Ben Bernanke's continued flaw theories and predictions
Comments
A computer crash will almost always be non-repeatable and will "fix" itself if you reboot it.(in this case, turning the ignition on and off) If it's something like a particular part of the motherboard overheating or bad memory(this is common) or EM interference, it can be amazingly hard to actually tell what's going on and to replicate it with any consistency.
But none of that matters, really. Most people are looking for specific causes when I suspect that it's really more critical to look at what happens after the computer has frozen up.
Note that Barnard states that he attempted, unsuccessfully, to use the PB to stop the engine several times.
Re-booting doesn't cure the defect forever. If it did, the every UA would happen only once, and that seems highly implausible.
Simply rebooting your computer can change the load order of programs that get run on startup.
In the computer trouble-shooting world it's called "shot-gunning".
First, you are certain/sure that some problem of an intermittent nature exists. In this case we have the actual dealer personell that encountered/witnessed the problem for themselves.
Once you come to the conclusion that the problem is of a SERIOUS nature but cannot be replicated there are several reasons SOMETHING must be done, not the least of which is to restore the customer's trust.
So, what or which components are most likely to be causative factors.
More than one time did I, DIY, replace both the generator and regulator in the old days for this very same reason, intermittent battery charging.
For those of us with "deep" experience in real-time, process control, computer programming we find nothing unusual about the rare failures or failures that happen once and "never" again.
I can tell you of many instances wherein these "live-lock" or "deadly-embrace software "crash" events were either so rare or non-eventful that they weren't worthy of chasing.
On the other hand in the world of "mission-critical", life-threatening, events, such as we have here extreme measures are made to correct the situation even for a one-time event. Assuming, of course, the event is verifiable, as is seemingly the case here.
Might not that mean the mat was restrained and the hook broke as a result of the crash..?
Someone was thoughful enough to realize that the engine should not be unintentionally, accidentally, shut down due to an inadvertent "touch" of the start/stop PB if the shifter wasn't in park or neutral.
The cost of a failsafe engine/transaxle ECU firmware "bypass" would be fairly inexpensive and therefore perfectly justifiable in a DBW throttle control environment.
In a way the brake is already being used in that manner, you can "kill", over-ride, CC via a simple touch of the brake.
I agree with you scientifically that problems are repeatable; though you need to know what to do it to get it to repeat. If a fuse blows and I give you the device to check, sure you can find a blown-fuse, and you can put a new one in and it will blow for you. And we can do it again and again! You're assuming that UA is much like that.
My argument and I believe Pletkos, is that the UA can be more like PC's or PS3's. It is not so easy to determine what was happening when an electronic "crash" occurs. Say my computer crashes, and I turn it back on and it's fine. I call tech support to report my crash, and I tell them what I was doing and what happened. "I was just opening Excel and next thing I know the screen freezes." Maybe I forget to mention that I was burning a CD at the time that was a factor. But let's say I think to add that - oh the CD-burner was running. Is that it? "yes, I answer". But is it? what is happening in the PC? many other things! Data may have just started transferring from the graphics chip to main memory; there was a high demand for refreshing the screen; or any other behind the scene functions could kick in.
It is those sorts of factors and their interaction, which I doubt have been fully tested. There are numerous functions of the electronics in vehicles that when put in various combinations would give you millions of combinations of things to check to see if there were flaws. Exactly the sort of stuff that MS spends millions of man-hours trying to weed-out in their development. Unless you have some proof that the people who write the code for the electronics of vehicles somehow have god-like powers to eliminate these, I presume these hidden flaws exist in ALL complicated systems.
Now I'm not saying that NASA could or should have checked every combination of factors. It's like looking for a murderer by interviewing every citizen. But just like a criminologist you have to have a crime-scene and witnesses, and forensic evidence or other clues. What does Toyota or NASA or anyone have to go on in these UA cases? Not much right? You have some basic statements of what people did, which is doubted because of suspected "panic", you have twisted metal, and very little data from any black-box, and the data may never have made it to a black-box because of the "freeze", just like on most PC's.
So let me ask you to reconsider again, that because electronic problems usually aren't simple, and the fact that anyone trying to replicate the situation does not have all the correct factors included and in sequence as the actual event, in my mind the replicate testing is LIKELY to find NOTHING.
What Toyota and NASA probably have is an issue like looking for archaeology sites in the desert. What they did was act on some basic map, and they went and dug a few holes in the Sahara desert over a number of months. They've concluded based on that, that "There's nothing out there".
I'm not blaming them for what they've done, as there isn't more specific information. What I do find scientific faut with, is whether the Testers or was it Toyota and the media, who then used that "sample-testing" to claim that is somehow representative of the whole desert.
Not necessarily.
Assume, suppose, you have somehow encountered, "loaded" a virus.
It is not at all unusual that these will cause the appearance of a system lockup, or even actually result in one.
You re-boot and during the startup process your virus protection finds the virus "seed" and deletes it.
How often have you seen the message "re-boot" required from your virus protection program...?
it sounds like a conclusion in search of a fact to me.
As JFK once said "Where there's smoke, there's usually a smoke making machine".
First it sounds like the "god argument" -- I can't see it but I'm supposed to believe it
Then it sounds like the "only we can know it" argument--that your doctor knows everything and you must follow his orders.
This doesn't sound like scientific inquirty to me--it sounds like dodging the point, which is: "Where is the proof?"
Lets see... How many millions of cars were recalled under suspicion of UA?
How many minutes of run time/ignition cycles (on-off cycles)/miles driven?
We literally have, conservatively speaking, billions of "tests". Yet, by any stretch of the imagination, a relatively few examples of UA, and even less if you exclude those "events" that don't have a different probable cause likely.
Again, the entire assertion of UA fails on that argument alone.
BTW, notice how no one still pushing UA responded to my challenge in post #1762?
What does that tell you?
You certainly must then dislike much of Particle Physics, String Theory, Dark Matter and Dark Energy; and the reason that Congresswoman from AZ who was shot, is recovering so well.
That's probably equivalent to the number of PC's and how many hours they run without a proble, and how many experience severe problems.
Stretch your imagination and question why the high-tech companies of the world have hundreds of thousands of people processing warranty returns, and doing online software support.
Stretch your imagination and realize that every rocket launch, or missile-defense test does not go well. Our technology is very susceptible to design and manufacturing flaws - both hardware and software.
Go take a look at some reports on how many missiles actually hit their targets. The best and brightest minds, fail to consider all the possibilities and problems. If you think our elctronics systems are so great, where's our Star Wars Missile Defense System after 25 years?
As for Dark Matter, we sorta know its really there, so I'm okay with that. We just don't know what it is.
As for poor Ms. Gifford, there have been documented cases of people actually walking around with iron rods drilled through their heads. It's very plausible because it depends on where the damage is. Sever your spine, however, and you have a 100% certainty of the consequence.
Point is, I don't see any basis so far for condemning a car company.
For me, the most honorable conclusion about UA right now is "we have no idea".
Wow!
That sounds like something right out of the Conspiracy Theorists Handbook.
Just ignore the facts that disagree with your "conclusion", make up some supporting evidence, then put it forth as "factual", and...
Abbra-Cadabra!!!
Instant solution.
BTW, You're really stretching it a bit when you compare missle launches to automobiles. I would think that by the time we have fired 150 million missles, we'll have a much better success ratio than what we have today.
Just ignore the facts that disagree with your "conclusion", make up some supporting evidence, then put it forth as "factual",
I'm not ignoring the facts. The facts are Toyota and NASA did not find a problem. The fact also is that they did not look at all the possibilities. It seems you don't want to recognize that. Because someone goes and buys 5 lottery tickets a day for 2 months, and doesn't find a $5,000 winner, does not mean that there are no $5,000 winning tickets.
I would think that by the time we have fired 150 million missles, we'll have a much better success ratio than what we have today.
It's not a matter of how many you make, as much as it is the constant development which necessitates change. Toyota is not using the same software and hardware it did 10 years ago, or probably 5 years ago. They have not learned and banished all problems with their software and hardware before new generations come along. MS had developed Windows XP for several years, then had it on the market for several years more; they were still issuing patches and updates when Vista came out. Vista brought a whole new set of bugs, which again were found and fixed over many years. Many of those problems never affected the vast majority of people who had PC's using XP and Vista. I probably received several hundred patch-files over the 4 years I ran XP.
So again I will state that it is not that unlikely that a manufacturer, and let's not just say Toyota, ANY MANUFACTURER today, could put out vehicles such that a few dozen or a few hundred of 2 million per year could be affected by electronic problems causing UA. It happens in the PC world ALL THE TIME. An electronic problem similar to a PC "crashing" can happen for the 1st time after a few years or on Day 2. It could happen once in the life of the vehicle, or it could happen everyday if the exact same factors and sequence leading to the fault/error occurred. Everyone on your block may have that model, bought from the same dealer around the same time, and you may be the only one to experience a problem. Because the problem could be triggered by something subtly different in the way you drive or do in the vehicle.
1. They haven't looked hard enough
2. There is no problem
However, until everyone doing #1 gives up, then #2 rules the roost, at least in the field of product liability.
How many man hours and how many milllions of dollars should be spent chasing this apparent 'phantom'?
Detectives and the FBI can usually solve cases when there is evidence and motives associated with crimes (murders). They do not have such a great track-record and will admit they need a lucky-break to find random killers. If there is little data or evidence to go on, problems and criminals remain undetected/undetermined for quite a while.
I agree that UA is unproven; but neither can it be stated that it can't be a system flaw given the millions of possibilities, and the little that engineers would have to go on as to where to look.
We literally have, conservatively speaking, billions of "tests". Yet, by any stretch of the imagination, a relatively few examples of UA, and even less if you exclude those "events" that don't have a different probable cause likely.
Nothing like taking quotes out of context, but when that's all you've got, I guess that's what you go with.....
So, tell us...
What would it take for you to admit there is (at least, as much as is humanly possible) no chance of these UA incidents being caused by electronic failure? When would YOU say "uncle", and stop searching for the proverbial "needle in the haystack"?
Its a simple question... One that you continue to evade answering...
Is it possible UA exists?
Again, yes.
But possibility doesn't translate into probability.
One might be a murderer.
That doesn't make you one, or imply you ever will attack or harm anyone. Just because you might in no way affects the outcome.
Making the jump from "might" to "absolutely will" is a jump no rational person would make.
You just hit the nail quite squarely on the HEAD...!
Unless you understand programming coding techniques and more likely than otherwise have also encountered these type of coding mistakes in the process of debugging code, or trouble-shooting intermittent (***) "live-lock" or "deadly embrace" code execution sequences/streams, then yes, only the "doctor" has the knowledge and experience to understand.
You can't look behind the curtain because you simply can't see the curtain to begin with.
*** They are always intermittent, often in the extreme, just as we see here. The simple ones, easily repetitive ones, are usually found before shipping.
Now that is bordering on the absurd !!
I guess it would also be "possible" that a couple of these Toyota's went into orbit around the moon just before they crashed back down to earth. It would be very difficult to "prove" that this did not happen.
In the face of all odds, there are a certain number of people whose ego just will not allow them to say the three little words, "I was wrong" !!
2013 LX 570 2016 LS 460
No, oftentimes it only appears that the computer is "frozen up". It may well be "off" executing some ill-behaved or HIGH priority software task and therefore not responding to your keyboard or mouse inputs.
The windows "end now" sequence when an ill-behaved "window" will not shut down normally is currently one of those. Unbeknowst to you what is actually happening is that windows is busy, VERY busy, saving the entire state of the machine should you subsequently wish to report the incident to microsoft.
An argument can be made that since the MS "save the machine state" software runs at the HIGHEST priority and CANNOT allow any other tasks to be executed simultaneously the machine can be said to be in a "live-lock" state.
Unless you have the task manager up and running it will appear to you for many minutes that the PC is frozen.
Step on the brakes and the only result is the tranny downshifts to overcome the extra engine load....
Or would some crashes allow partial and some none?
now that makes sense as an answer.
And, if some crashes are total and some partial, how co-incidental is it that the alleged "partial crash" on the Toyota computers only *selectively* disable the exact list of things you need to stop the car?
This is sounding like more epicycles to me.... :P
So we're supposed to believe the following?
A computer crash causes the car to accelerate, while disabling the brakes, while disabling the ignition shut off, while disabling the neutral slot in the transmission and any other component that would interfere with the acceleration. While doing this, other functions of the car do not fail, including electronic steering, lights, horn, windows, etc.
Then, the computer glitch disappears as soon as anyone attempts to find it, and never re-appears again, leaves no trace whatsoever of its existence, nor can anyone but the driver ever experience it.
Is that about it?
Sounds supernatural.
But that IS what happens. Remember that a typical vehicle these days has over a dozen computers in it. And a lot of the ICs in the actual sensors and so on are simpler 8 bit or similar processors. Simple to code for, but things like multitasking and real-time redundancy are often not possible with them, either. It's a known limitation, because they just aren't designed to do more than one task at a time.
The example you are looking for is your PC. Why? Because what happens when the CPU crashes? Right - the sub systems on the cards that are in the slots attached to the motherboard don't stop working. Your sound freezes(usually the last sound or sample plays forever). Your video freezes(frozen image on screen). Your hard drive still spins, but nothing gets transferred back and forth.
If the ignition switch and/or gear selection sub processors and/or sensors simply freeze up, it would explain what's been happening. And if you use a typical PC as a (much more complex) example, it's likely more common than the auto makers would like to admit.
What would happen is that the system would crash in the last state it was in. If you were accelerating at all, it would continue to do so. 30 turns into 40 and then 50 and soon 90+. Even if it's just "stuck" at 1/4 or 1/2 throttle, that's enough to cause an enormous problem.
Remember that the sensors in question, as I stated in my first post (page 1 or 2, IIRC) are Hall Effect sensors. They register a magnetic position and have no physical electrical connection to the moving parts(say, unlike a potentiometer). So if the sensor believes the magnet is somewhere where it isn't due to its monitoring software freezing, as far as it knows, everything is fine.
Sorry for some of my comments as it just seems like you parody the Toyota line - such as this one from latest reports from them:
"A Toyota lawyer told a California court that plaintiffs in the case are "chasing a phantom theory of defect" that does not exist."
Phantom? Must be the Mothman that caused many of the 89 deaths besides hundreds of injuries and thousands of cases – many not recalled vehicles:
http://www.usatoday.com/money/autos/2010-05-25-toyota-acceleration-deaths_N.htm
(also the 600 new cases reported to the NHTSA in the last half of 2010 including some that were repaired )
As an aside Walter Cronkite? You mean that fn Hanoi Jane's buddie that lied and said we lost the Tet offensive?
Of course some of the hundreds of websites including victims' reports are lawyer sites such as: http://suddenacceleration.com/
Also not a Toyota owner or victim. Love my Ford Flex especially the days when we have our 4 million-dollar grandkids in tow - the other reason we just can't let cover-ups happen as was the case initially with UA. At least there will be more brake override and available much sooner (still have to hit the correct pedal).
Scientifically you can not prove something 100%, or no chance. You can increase your probability of something by repeating the events as closely as possible, and running replicate trials. If I were running the testing, I might start at:
1. Getting the same model vehicle, with the same ECU version/revision and the same software.
2. Better yet I would want an ECU and other hardware made in the same lot/batch in case there was a hiccup in production that day.
3. I would want to know the history of the vehicle that crashed, - was it in a fairly extensive accident, was it driven in dusty conditions, high heat, extreme cold, dust, road-salt, was it a rental where the switches and the vehicle are tested a lot ... The vehicle tested should have a similar history. Again match as close as you can.
4. How did the driver drive? was he typically aggressive? babied the gas/brake and transmission?
5. What was the driver doing that day in the vehicle when they had UA? Did they have the stereo on? the cruise? the portable NAV (Tom Tom or Garmin, model #)? cruise control was on set at 60 mph? what speed? how long had they been driving? what was going on with the HVAC. I want to know what sort of electrical draw was going on, and what was running. I'd want to know if ABS, traction control, or DSC had just been triggered. In summary REPLICATE the exact driving conditions/sequences.
Is there some combination or sequence to activating those along with the history and condition of the hardware that causes a malfunction?
What was the weather like that day? Did they just get the car washed?
So in summary I think the test should have been a detailed, detailed reenactment. Not a computer simulation. Not someone testing the ECU, and someone testing the software, and not someone testing a vehicle that was not extremely similar that may not have had a similar history or been driven similarly.
It's a tall task I know. But that is the sort of problems you can end up with in a complicated design, when the human can not tell what is happening with the equipment, and the equipment is not really designed to record its activities and provide an extensive, detailed history after a crash.
"Over the past two decades, probabilistic risk assessment and its underlying techniques, including
FTA, has become a useful and respected methodology for safety assessment. Because of its
logical, systematic and comprehensive approach, PRA and FTA have been repeatedly proven
capable of uncovering design and operational weaknesses that escaped even some of the best
deterministic safety and engineering experts. This methodology showed that it was very
important to examine not only low-probability and high-consequence individual mishap events,
but also high-consequence scenarios which can emerge as a result of occurrence of multiple
high-probability and nearly benign events."
http://www.hq.nasa.gov/office/codeq/doctree/fthb.pdf
So were these methods used to review UA. This is a NASA link. What is the probability that the Fault Tree was successful? Where the scenarios of high risk then tested thoroughly thru reenactments? Were the same hardware and software provided to do the tests as were involved in the accident vehicles?
I guess that is a part of our ego and hormones that gave our ancestors the guts to go hunting wooly mammoths. So the discussion continues. It sounds to me from my experience as an engineer, and dealing with software and sensor issues that he is correct. Anyone else like to volunteer their technical background. Houdini? You Mr. Shiftright? What kind of engineering? mathematical? physics degrees? do you guys have? How many years working with PLC 's and other software?
BTW - what is a PC doing when ALT-CTR-DEL fails to work? and tech. support says "pull the plug"?
I would remind those that, at the very same time, that are many MORE engineers and programmers that have also examined the issue (many far more closely that anyone here) and have arrived at the conclusion that there is ZERO evidence of electronic UA in any of these cases.
So, what claims do those here have to the "superior" understanding?
What makes you so much more intelligent than the investigating programmers and engineers?
As a side note, the issue of PC's keeps coming up. I know no one who simply turns a PC on and lets the OS run. They ALL run some sort of task on it, and everyone runs different tasks, on machines made by different companies, with different components running different applications.
Cars don't do that. They (each model) all run the same code in the ECM, on the very same ECM designed and built for a single application.
Can it fail?
Sure.... But far less likely than someone's PC running different applications.
Its another comparason that looks good when you say it, but in reality, is another "apples to oranges" issue.
BTW, I have a masters degree in Statistics, .and worked in (and managed) IT shops my entire career. While I am no "expert" programmer, I DO understand numbers.
And, statistically speaking, if electronice UA in Toyotas was likely, we would be seeing an entirely different distribution of events than those we actually are seeing.
I knew this automatic transmission builder, a genius in his field, who told me that engineers from Martin_Marietta were among the easiest to sell the "big job" because they were applying standards of perfection that had nothing to do with an automatic transmission. He'd show them a little scratch on a part or bushing, knowing full well that this meant nothing for reliability, and they'd say "well of course replace it".
While we know engineers are smart, they are smart in the specific areas they work in. A bone doctor does not pontificate about the human brain; an aroma chemist does not know much about climate change.
About as far as I'm willing to on this UA thing is to consider that we have a combination of an actual cruise control malfunction compounded by the driver's inability to do the right thing to correct it---the 'wrong' thing being stepping on the wrong pedal, not knowing how to shut off the ignition, not considering putting the car in neutral, not pulling up the floor mats, etc.
In other words, a correctable malfunction compounded by human error.
I find *that* scenario much more plausible than this Byzantine diagrams of multiple simultaneously failures that defy the human imagination.
Think of something like Apollo 13 -- had not the astronauts reacted properly, they would have died. The cause was really a rather simple thing--it wasn't some complex multi-functional mysterious computer issue at all.
Master's degree in EE. Over 43 years experience designing high-rel electronics for the mil-aero market, including airborne radar systems and satellite electronics. Anyone know anything at all about a EE program, the mathematics required speak for themselves.
Here's a counter example. I was supporting a flight program out at the Dryden Flight Center at Edwards AFB. This involved a highly modified F-16. Well, came time for one of regularly scheduled maintenance inspections (required ever XXX hours of operation), and low and behold they found a small crack in the exhaust section of the engine. Did they replace the engine? No! They went to the service manual where it said that "if the crack was less than 1" long and (bunch of other criteria were listed, I forget most of them), there was no need to replace the engine and that the aircraft could continue to fly.
Recent report:
"A Toyota lawyer told a California court that plaintiffs in the case are "chasing a phantom theory of defect" that does not exist."
NASA/NESC - report below on their report - I pasted most of it since some of you just hate lawyers (I only hate the grubby ones and am all for tort reform).
Note that Prof. Gilbert is vindicated as I have earlier argued.
http://kansascity.injuryboard.com/defective-and-dangerous-products/what-nasas-re- port-said-about-toyota-sudden-acceleration.aspx?googleid=288272
excerpt
Update: I originally only linked to the NHTSA report (rather than both NHTSA and NASA) You can reach both reports now below:
Read the NHTSA Sudden Acceleration Executive Summary
http://www.nhtsa.gov/staticfiles/nvs/pdf/NHTSA_report_execsum.pdf
Read the NHTSA Full Report
http://www.nhtsa.gov/staticfiles/nvs/pdf/NHTSA-UA_report.pdf
Read the NASA Sudden Acceleration Executive Summary
http://www.nhtsa.gov/staticfiles/nvs/pdf/NASA_report_execsum.pdf
Read the NASA Full Report
http://www.nhtsa.gov/staticfiles/nvs/pdf/NASA-UA_report.pdf
Despite the popular headline, the report actually found evidence that electronic sources of sudden acceleration are possible and can happen. "NASA's study confirmed that there is a theoretical possibility that two faults could combine under very specific conditions to affect the ETC systems to as to create an unintended UA." (Full Report, p. vii).
Unlike Secretary LaHood's boisterous comments, NASA's engineers were more guarded in describing their findings [via LA Times and SRS]:
"Our detailed study can't say it's impossible...." "Due to system complexity ... and the many possible electronic software and hardware systems interactions, it is not realistic to prove that the ETCSi cannot cause UAs.... Therefore, absence of proof that the ETCSi caused a UA does not vindicate the system."
Other NASA Findings:
* O-2 .... When the brake can override the throttle command it provides a broad defense against unintended engine power whether caused by electronic, software, or mechanical failures. (Full Report, p. 60-61)
* O-5 Vehicles that are operated with an active pedal sensor fault, either with the MIL on or off, may be susceptible to the effects of second faults, leading to possible unintended accelerations (Full Report, p. 61)
* O-7 There are no methods for capturing pre-event software states and performance following a UA event either on the vehicle or as a diagnostic tool. (Full Report, p. 61)
* O-8 The available incident reporting databases are valuable for identifying potential vehicle symptoms related to UA events. However, voluntary reporting systems may not allow for accurate quantitative estimates of incident rates or statistical trends. (Full Report, p. 61)
* O-9 A review of HF literature related to UAs indicates that pedal misapplication remains an identified cause of some UAs. However, it is not possible to accurately estimate from available survey and laboratory data how frequently this error is an underlying cause. (Full Report, p. 61)
* O-11 Design features, such as a sport shifter and push button stop, might compromise the driver's ability to recover from a UA event. Such features may be indicative of broader driver-vehicle integration issues and therefore may merit further consideration. (Full Report, p. 62).
NASA also found -- contrary to Toyota's assertions -- failures that mimic valid accelerator pedal signals can be induced to produce large throttle openings. (Full Report, p. 63). NASA also found that "certain resistive faults can result from the presence of tin whiskers within the accelerator pedal position sensor. (Full Report, p. 63).
NASA's Executive Summary also identified the following failure modes:
* Failure mode when combined with driver input can cause the throttle to jump 15 degrees in certain conditions and may not generate an error code to document or trace the error.
* Multiple failure modes that can result in throttle openings of less than 5 degrees resulting in high idle speed, hesitation, and surging.
These findings are significant because Toyota has consistently maintained that no fault could occur without triggering an error code to document the malfunction. NASA has shown otherwise.
Was it by simple engineering, or that... along with accounting profits/losses added into the equation? My guess is "option B".
And, car manufacturers do this all the time... Weighing the cost of lawsuits .vs. recall costs. The Ford Pinto debacle is a great example of that practice, with the known danger of exploding gas tanks.
Once again, this debate seems all to similar to the one going on with the vaccination/autism debate. Those wanting so badly to have an answer swallow "crap" espoused by the infamous "Dr. Wakefield", and even after being roundly discredited, still ask "Why doesn't everyone see what this man is seeing?"
Why?
Because it isn't there to be seen. Its a mirage. In his case, a "rigged" mirage.
Some would rather believe a Playboy centerfold and her claims rather than the established medical researchers.
And, I see that elsewhere. Our country seems to be moving in a direction of mistrust of those in the educated fields of research. Politicians like to call them "intellectuals", as if that is some sort of insult.
At the end of the day, however, the numbers tell the story.
If electronic UA were anywhere as huge as some posters here wish to believe it is, the numbers of incidents would be vastly larger, and they wouldn't have declined much after the pedal-redesign recall. Millions of ECM's weren't re-flashed nor replaced.
So.... what happened? Where are the numbers of UA?
I agree with Mr-Shiftright. Something may indeed break on a car. That's nothing new, and there are dozens of "critical" items besides ECM's on a car (tie rod end, steering gear, etc).... some will break. Sometimes a driver can recover.... sometimes its impossible.
These issues cross product brand lines and can occur in any car.
Houdini, I think, pegged it when he commented that some folks simply can't bring themselves to say "I was mistaken".
As for Dr. Gilbert, for those who actually took the time to understand his work, he needed no "vindication".
I don't question his results, but I do question the application of his results.
If, and that's a BIG IF, no one can reliably demonstrate how his "pre-conditions" that gave him the results he reported can be met in the real world, then its a non-starter.
Anyone who has an adequate understanding of basic electronics understands that an unanticipated input in a circuit can change the logic (and output) of that circuit.
Can YOU duplicate it in a Toyota? As far as I know, Dr. Glbert hasn't been able to explain how it could happen. This discussion would be over if anyone had been able to reliable replicate those conditions.
So far, its not much more than "cold-water" fusion.
I'm not defending Toyota. What I AM defending is reasoned, logical determination of a problem and its resolution.
NASA Can't Find Unintended Acceleration Causes in Toyota's Electronic Throttle Control System (IEEE Spectrum - blog poster's opinion, not that of the IEEE).
lol, there's another story on that site that will give you pause. Gee I thought I was thinking "slow down".
BrainDriver: A Mind Controlled Car
A deep level of knowledge and experience in the specific area of concern, ~40 years in my case.
Do "you" understand just what "live-lock" means with regards to software code, in depth..?
"...what makes you so much more intelligent..."
Intelligence is not, was NEVER the issue.
"...Cars don't do that.."
But yes, they do.
For instance, the CC section of code on a given car might NEVER be executed. And there are so many different tasks, instruction execution "paths", tens of thousands, that can be taken in the engine/transaxle controlling ECU's firmware that a specific "path" may be encountered only rarely.
On rare occassions, once in blue moon, my '01 F/awd RX300's hazard lights will go into a FAST blink mode when I lock the car the second time so as to quickly turn off the headlights.
Why...?
Haven't bothered to find out, no reason to. I simply get back into the car, cycle the key on, turn the headlights off manually, and all is well for ~months....
Has anyone EVER depressed the brake pedal at EXACTLY the same time as using CC to enter "accel" mode...? And I do mean EXACTLY....?
Highly doubtful, statistically, right..?
I bet it would be rare for a single model year to go by where the code or ECM didn't have revisions made. As problems are discovered in designs revisions are made all the time. many people have their software updated when they take their cars in to dealers for routine oil changes.
Out of potentially billions of "events", we have so few "hits". And, after the mechanical pedal revision/recall, what few hits we were seeing dropped dramatically. Want to tell us why you think that happened?
Frankly, you fit the bill perfectly of what I described earlier in the vaccination/autism issue.
You appear to want so desparately to believe in electronicall-induced UA that you simply cannot honestly evaluate any othe alternative.
Once again...You're entitled to your opinion... just not your own facts.
Maybe the supposed expertise of 1) Every expert and scientist in the intelligence field who promised us WMD in Iraq, and 2) Alan Greenspan and Ben Bernanke's continued flaw theories and predictions
HAS something to do with that.