Author Topic: Toyota firmware fail  (Read 24611 times)

0 Members and 1 Guest are viewing this topic.

Offline mikeselectricstuff

  • Super Contributor
  • ***
  • Posts: 12135
  • Country: gb
    • Mike's Electric Stuff
Youtube channel:Taking wierd stuff apart. Very apart.
Mike's Electric Stuff: High voltage, vintage electronics etc.
Day Job: Mostly LEDs
 

Offline dr.diesel

  • Super Contributor
  • ***
  • Posts: 2189
  • Country: us
  • Cramming the magic smoke back in...
Re: Toyota firmware fail
« Reply #1 on: October 29, 2013, 09:32:24 pm »
Their piss poor debugging is the worst part, they didn't even try, pathetic..

Offline AwArD_RzD

  • Regular Contributor
  • *
  • Posts: 90
  • Country: ca
Re: Toyota firmware fail
« Reply #2 on: October 29, 2013, 09:32:52 pm »
I wonder how many bug are around me, it's a little scary to see big company skipping testing when human life is at risk. 
 

Offline AlfBaz

  • Super Contributor
  • ***
  • Posts: 2030
  • Country: au
Re: Toyota firmware fail
« Reply #3 on: October 29, 2013, 10:35:48 pm »
I've never understood why the convention to grow stacks down toward data areas and to top it off no simple mechanism to check stack pointer incursions to out of bound areas, whilst placing the stack at the top of ram and growing it up can give you a mem exception when you hit the wall <--- EDIT: oops, sorry for the pun  :)
 

Online edavid

  • Super Contributor
  • ***
  • Posts: 2988
  • Country: us
Re: Toyota firmware fail
« Reply #4 on: October 29, 2013, 10:53:52 pm »

http://www.edn.com/design/automotive/4423428/1/Toyota-s-killer-firmware--Bad-design-and-its-consequences

This article gives a laundry list of reasons why the code could have failed, but apparently no one knows if or how it did, so what's the point?  It's a legal rather than technical discussion.

 

Offline Bored@Work

  • Super Contributor
  • ***
  • Posts: 3932
  • Country: 00
Re: Toyota firmware fail
« Reply #5 on: October 29, 2013, 11:17:33 pm »
The article is a bit too sensationalistic for my liking. And it has some factual errors, like claiming OSEK is an RTOS. OSEK is a consortium specifying an API.

Another one is the rather stupid claim of
Quote
Anyone working with safe systems knows that single points of failure are to be avoided at almost any cost,

I was about to shout "Dude, anyone knows cars just have one accelerator pedal and one break pedal. Both are mechanical parts and single points of failure and are part of a safety system. Yet no one is avoiding them at almost any cost".
« Last Edit: October 29, 2013, 11:19:39 pm by Bored@Work »
I delete PMs unread. If you have something to say, say it in public.
For all else: Profile->[Modify Profile]Buddies/Ignore List->Edit Ignore List
 

Offline apelly

  • Supporter
  • ****
  • Posts: 1039
  • Country: nz
Re: Toyota firmware fail
« Reply #6 on: October 29, 2013, 11:19:32 pm »
It's a legal rather than technical discussion.

Not here!

That article points and appalling cascading failure chain. There is clearly a systemic problem in Toyota's R&D.

Given how shit it all turns out to be, why not just bloody open source it all. Is it really that secret? At least that will open the developers to public scrutiny; who wants to be publicly embarrassed by their shit design?
I'd rather a Google clue, link, or some theory than "do this" (generally)
 

Offline David_AVD

  • Super Contributor
  • ***
  • Posts: 2607
  • Country: au
Re: Toyota firmware fail
« Reply #7 on: October 30, 2013, 12:21:17 am »
We used to have a Holden Combo van (Opel / Vauxhall overseas) with an electronic throttle sensor.

One day I accidentally left the parking lights on overnight.  When I went back to the van I could hear a relay chattering due to the really low battery.

So, I jump started it and took it for a short drive to give it a bit of charge.  Part way down the street, I turned the A/C off so it has less load.

Well, that proved interesting.  The second the A/C was disengaged, the van started accelerating hard.  Foot off the pedal and it's still speeding up.   ???

After a few seconds I turned the A/C back on and it went back to normal operation.  I'm thinking WTF!!!

So, I take it back home, disconnect the battery for 30 minutes, connect it back up and no sign of the fault.
 

Offline Stonent

  • Super Contributor
  • ***
  • Posts: 3824
  • Country: us
Re: Toyota firmware fail
« Reply #8 on: October 30, 2013, 12:32:24 am »
I wonder if this will result in a recall and/or firmware rewrite for those vehicles?
The larger the government, the smaller the citizen.
 

Offline HackedFridgeMagnet

  • Super Contributor
  • ***
  • Posts: 1970
  • Country: au
Re: Toyota firmware fail
« Reply #9 on: October 30, 2013, 12:36:14 am »
I agree with Bored, it is very one sided and
Quote
single point of failure
wow, lets go back to biplanes.

The other thing is they have the source code but they haven't said they can reproduce the bug.
I am not saying the code was good or anything but if acceleration was caused by the firmware or the hardware or some combination of both then why cant they reproduce it?

And just because an jury of one nation found against a car manufacturer of another nation doesn't prove it in my eyes, especially something in such a technical niche such as automotive firmware.

 

Online Dave

  • Super Contributor
  • ***
  • Posts: 1261
  • Country: si
  • I like to measure things.
Re: Toyota firmware fail
« Reply #10 on: October 30, 2013, 12:48:54 am »
But seriously, how difficult is it to stop a car with a "jammed" accelerator pedal? It's not like the brakes died (and even that shouldn't be a problem, if you are not on a steep slope or just about to turn into a bend).
If a driver is that incompetent, he/she shouldn't be driving in the first place.
<fellbuendel> it's arduino, you're not supposed to know anything about what you're doing
<fellbuendel> if you knew, you wouldn't be using it
 

Offline c4757p

  • Super Contributor
  • ***
  • Posts: 7805
  • Country: us
  • adieu
Re: Toyota firmware fail
« Reply #11 on: October 30, 2013, 12:51:13 am »
If a driver is that incompetent, he/she shouldn't be driving in the first place.

Welcome to America, where you get a driver's license for knowing what a stop sign is.

I seriously think that most of the people on the road here wouldn't be able to tell you what to do in that situation if you gave them time to think. While driving? Forget about it.
No longer active here - try the IRC channel if you just can't be without me :)
 

Offline Stonent

  • Super Contributor
  • ***
  • Posts: 3824
  • Country: us
Re: Toyota firmware fail
« Reply #12 on: October 30, 2013, 01:05:45 am »
If a driver is that incompetent, he/she shouldn't be driving in the first place.

Welcome to America, where you get a driver's license for knowing what a stop sign is.

I seriously think that most of the people on the road here wouldn't be able to tell you what to do in that situation if you gave them time to think. While driving? Forget about it.

What is this sign? Apparently I'm the only one left in this world that knows.



And also the purpose of those mysterious orange lights on the back of your car.
The larger the government, the smaller the citizen.
 

Offline Corporate666

  • Supporter
  • ****
  • Posts: 2007
  • Country: us
  • Remember, you are unique, just like everybody else
Re: Toyota firmware fail
« Reply #13 on: October 30, 2013, 01:23:40 am »
I agree with Bored, it is very one sided and
Quote
single point of failure
wow, lets go back to biplanes.

The other thing is they have the source code but they haven't said they can reproduce the bug.
I am not saying the code was good or anything but if acceleration was caused by the firmware or the hardware or some combination of both then why cant they reproduce it?

And just because an jury of one nation found against a car manufacturer of another nation doesn't prove it in my eyes, especially something in such a technical niche such as automotive firmware.

I agree with this.  Very one sided article and a bit sensationalist for my tastes... obviously looking to create a grand claim like Toyota is incompetent and made a big mess of the ECU.

The proof is in the pudding however - as far as I know, nobody has been able to reproduce the "unintended acceleration" problem.  Ever.  Nor has anyone been able to find a manner in which the hardware or software can malfunction and cause it.

IIRC, all vehicles brakes can overcome the acceleration of the engine, not to mention one can shut off the engine, go into neutral, etc, so it seems blaming these incidents on Toyota is sort of like blaming a shooting on the forge that made the metal that was used on the firing pin.
It's not always the most popular person who gets the job done.
 

Offline c4757p

  • Super Contributor
  • ***
  • Posts: 7805
  • Country: us
  • adieu
Re: Toyota firmware fail
« Reply #14 on: October 30, 2013, 01:31:30 am »
I was about to shout "Dude, anyone knows cars just have one accelerator pedal and one break pedal. Both are mechanical parts and single points of failure and are part of a safety system. Yet no one is avoiding them at almost any cost".

*cough* handbrake *cough*
*cough* shifter *cough*

Stopping and slowing are redundant. Remember that the handbrake usually actuates a completely separate set of brakes through a completely separate actuator.
No longer active here - try the IRC channel if you just can't be without me :)
 

Online nctnico

  • Super Contributor
  • ***
  • Posts: 19665
  • Country: nl
    • NCT Developments
Re: Toyota firmware fail
« Reply #15 on: October 30, 2013, 01:51:03 am »
I was about to shout "Dude, anyone knows cars just have one accelerator pedal and one break pedal. Both are mechanical parts and single points of failure and are part of a safety system. Yet no one is avoiding them at almost any cost".
Only the brakes and clutch are an all-mechanical system. The accelerator is just a pedal on a potmeter with a spring. It gets hairy on cars with an automatic gearbox. In those the software decides what happens if you brake. I once drove a (company) VW with an automatic gearbox in which there was a short between the brake lights and the normal lights. It made the car run like the fuel tank was as good as empty if/when I turned on the head lamps.
There are small lies, big lies and then there is what is on the screen of your oscilloscope.
 

Offline orion242

  • Supporter
  • ****
  • Posts: 745
  • Country: us
Re: Toyota firmware fail
« Reply #16 on: October 30, 2013, 01:58:15 am »
How about....

1 Turn the ignition off!!!
2 Put it in neutral
3 Brakes
4 E brake

I think there is a PR hit job currently on Toyota.  Consumer reports just slammed them on crash safety also.  Funny many other cars also failed the same tests, yet only Toyota is all over the media.

Apparently they have not bought enough air time for commercials and this is the reminder that they may want to rethink that move.
 

Offline Bored@Work

  • Super Contributor
  • ***
  • Posts: 3932
  • Country: 00
Re: Toyota firmware fail
« Reply #17 on: October 30, 2013, 02:04:19 am »
I was about to shout "Dude, anyone knows cars just have one accelerator pedal and one break pedal. Both are mechanical parts and single points of failure and are part of a safety system. Yet no one is avoiding them at almost any cost".

*cough* handbrake *cough*
*cough* shifter *cough*

Stopping and slowing are redundant. Remember that the handbrake usually actuates a completely separate set of brakes through a completely separate actuator.

Nop kid. The handbrake is not designed, and can not, stop the car when it is driven at some speed. Easy to test. Keep the handbrake on and start driving. You can. Shifter? Engine breaking? No substitute for a real break. Your break pedal is a single point of failure in your single full-force break system in your car. All the other stuff is no real substitute.

And when an article like that EDN piece makes a big fuss about the qualification of the dude
Quote
As a primary expert witness for the plaintiffs, the in-depth analysis conducted by Barr and his colleagues illuminates a shameful example of software design and development, and provides a cautionary tale to all involved in safety-critical development, whether that be for automotive, medical, aerospace, or anywhere else where failure is not tolerable. Barr is an experienced developer, consultant, former professor, editor, blogger, and author.
then they should get their facts right, instead of blaring absolute bullshit around.
I delete PMs unread. If you have something to say, say it in public.
For all else: Profile->[Modify Profile]Buddies/Ignore List->Edit Ignore List
 

Online nctnico

  • Super Contributor
  • ***
  • Posts: 19665
  • Country: nl
    • NCT Developments
Re: Toyota firmware fail
« Reply #18 on: October 30, 2013, 02:08:08 am »
@orion242:
If you know anything about crashes then you'd probably know that most people barely manage to just press the brake pedal. That is only one out of four actions you suggest.

@bored@work:
Actually (almost) every car has a dual brake system. The master brake cylinder consists of two seperate cylinders which feed the brake calipers on different wheels. So worst case you'll have half the braking capacity. I wouldn't call that a single point of failure.

Braking on the engine is not to be underestimated. When driving downhill its the only viable option.
« Last Edit: October 30, 2013, 02:12:08 am by nctnico »
There are small lies, big lies and then there is what is on the screen of your oscilloscope.
 

Offline orion242

  • Supporter
  • ****
  • Posts: 745
  • Country: us
Re: Toyota firmware fail
« Reply #19 on: October 30, 2013, 02:10:05 am »
Its instinct to hit the brakes.

If the car kept moving the key would be next.
 

Offline c4757p

  • Super Contributor
  • ***
  • Posts: 7805
  • Country: us
  • adieu
Re: Toyota firmware fail
« Reply #20 on: October 30, 2013, 02:11:26 am »
Downshift to slow down, then apply the brake, of course. I agree, there is a single point of failure for full power braking, but you still always have an alternate way to stop the car.
No longer active here - try the IRC channel if you just can't be without me :)
 

Online nctnico

  • Super Contributor
  • ***
  • Posts: 19665
  • Country: nl
    • NCT Developments
Re: Toyota firmware fail
« Reply #21 on: October 30, 2013, 02:23:47 am »
Its instinct to hit the brakes.
It most certainly is not. Lots of people press the accellerator.
Quote
If the car kept moving the key would be next.
You'll crash before you get to that point. There simply isn't enough time. I strongly suggest to take a crash course. You'll see your reaction time is way worse than what you'd expect.
There are small lies, big lies and then there is what is on the screen of your oscilloscope.
 

Offline Bored@Work

  • Super Contributor
  • ***
  • Posts: 3932
  • Country: 00
Re: Toyota firmware fail
« Reply #22 on: October 30, 2013, 02:33:27 am »
@bored@work:
Actually (almost) every car has a dual brake system. The master brake cylinder consists of two seperate cylinders which feed the brake calipers on different wheels. So worst case you'll have half the braking capacity. I wouldn't call that a single point of failure.

Braking on the engine is not to be underestimated. When driving downhill its the only viable option.

A single point of failure is that, a point, not the whole system. When a system has a single point of failure it means that when that single point fails the whole system fails. Redundancy of other system components don't help if the system depends on that single point.

The pedal as such is a single point of failure. You have no alternative to invoke and control full breaking power. If the pedal breaks, if it got stuck, if it fails in any way, you are screwed. You can no longer control your full breaking system.

The accelerator is just a pedal on a potmeter with a spring.

Like with the break pedal we can agree there is only one, and its proper function is relevant for safety and it is a single point of failure. Something this Barr dude claims
Quote
Anyone working with safe systems knows that single points of failure are to be avoided at almost any cost,

So now show me where in a car this single point of failure "is avoided at almost any cost"? Where is the redundant accelerator pedal or redundant break pedal?

What I want to point out is that this Barr dude was hired by the plaintiffs to support their case. He is not neutral, and of course he spun everything he legally could in the way the plaintiffs needed it. This "Anyone working with safety systems ..." is a statement where he spins the truth. And he manged to convince the judge/jury more than the defense managed. Not everything he says is absolutely true, and the article in EDN is public relations work to drum up more business for him (or, if you believe in a conspiracy against Toyota, to further damage Toyota).

You should also take into account that US courts love to sit with the plaintiffs when they are ordinary citizens and the defendant is a big corporation. Especially a foreign corporation.

Of course, the not so great, maybe even sad state of the Toyota code and their omissions helped that Barr dude to argue in favor of those who paid him. It doesn't mean he found out the absolute truth.
I delete PMs unread. If you have something to say, say it in public.
For all else: Profile->[Modify Profile]Buddies/Ignore List->Edit Ignore List
 

Offline orion242

  • Supporter
  • ****
  • Posts: 745
  • Country: us
Re: Toyota firmware fail
« Reply #23 on: October 30, 2013, 02:33:59 am »
Its instinct to hit the brakes.
It most certainly is not. Lots of people press the accellerator.

Sounds like mother nature sorting things out then.  How can "lots" of people even handle normal traffic signals...

Quote
If the car kept moving the key would be next.
You'll crash before you get to that point. There simply isn't enough time. I strongly suggest to take a crash course. You'll see your reaction time is way worse than what you'd expect.
I put on over 30K miles a year for work and have done so for 16 years.  Plenty of close calls, one crash, even watched fatal a crash right next to me over that time.  NEVER have I hit the gas in a panic.  Its always been black trails leading to my tires and the smell of burning rubber with dust settles.
 

Online Dave

  • Super Contributor
  • ***
  • Posts: 1261
  • Country: si
  • I like to measure things.
Re: Toyota firmware fail
« Reply #24 on: October 30, 2013, 03:32:49 am »
Only the brakes and clutch are an all-mechanical system. The accelerator is just a pedal on a potmeter with a spring.
Actually, no.
The modern accelerator pedal uses a hall effect sensor and a metal slope that moves in front of the sensor to detect the position of the pedal. Well, not one, but two individual sensors that feed the pedal position information to the ECU. One signal is twice as large as the other (the amplitudes), so in case they are not in correct proportion, the ECU knows something went wrong.
It also has two springs, a large main spring and a smaller backup, that's located inside the large spring.

In case one of the sensors dies, the dashboard will let you know. In case one of the springs break, you will definitely feel it under your foot. In both cases you will still have a fully operational pedal, and you can safely drive to a mechanic.

Shifter? Engine breaking? No substitute for a real break.
You can actually bring a car to a very low speed (walking pace) with downshifting and engine braking alone. Stopping the car at that point isn't too difficult.
But you do need the distance to be able to do that. If your whole brake system fails just as you are approaching a bend at speed, you are well and truly f*cked.
<fellbuendel> it's arduino, you're not supposed to know anything about what you're doing
<fellbuendel> if you knew, you wouldn't be using it
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf