Wednesday, August 31, 2016
doc F00956-ATX-18200932 Lexus engineers attempt to correct accelerator sensor non-linearity, consider grounding
F00956-ATX-18200932 fiddling around with different sizes of ground wires in Lexus
F00956-ATX-18200932 Japanese source document
Yesterday we held a meeting concerning grounding wire measures against performance changes.
> ◇ There is a change in the accelerator feel when the grounding wire is strengthened. > ◇ At such times, non-linearity and hiss [possibly “hysteresis”] were confirmed in relation to the actual accelerator stroke and accelerator sensor RAM value.
> ◇The aforementioned non-linearity sometimes occurs and sometimes does not occur, and the cause is unknown.
> The situation is that the effect on the engine is huge as long as any non-linearity remains, and we came to the conclusion that design changes in the grounding wire measures would be difficult in the current situation, due to engine emissions and other requirements.
>
> However, we are moving forward with analysis of the facts in the aforementioned sensor hiss and try to find out whether there is anything we can do.
> Therefore, would it be possible for you to move forward with consideration of conformance of drivability and riding comfort in terms of possibilities for both presence and absence of grounding wire measures. >
Toyota lawyer Christine Lofgren - a lady gladiator trying to enforce secrecy of Toyota internal documents that the public ought to see
Cutting away at free speech.
Facebook takes down content on the basis of any unsubstantiated claim of infringement; in contrast, other platforms tend to need court orders, AFAIK.
Tuesday, August 30, 2016
doc F00956-ATX-12884974 electrical load problems causing "ghosts" --unpredictable vehicle behavior in many models
F00956-ATX-12884974
F00956-ATX-12884974 Japanese source text
最近では装備の少ない、120L,130L,045Lもお化けが
> 発生しており、心配です。
"Even in lightly-loaded models 120L, 130L, and 045L, ghosts have occurred recently, and we are worried."
F00956-ATX-12884974 Japanese source text
最近では装備の少ない、120L,130L,045Lもお化けが
> 発生しており、心配です。
"Even in lightly-loaded models 120L, 130L, and 045L, ghosts have occurred recently, and we are worried."
doc F00956-ATX-12438165 Toyota engineer to Denso re: gas pedal abnormal sensor fixit meeting
Shimizu 12/07 [forwarded to several Denso employees after being distributed to many Toyota engineers] : “Subject: Accelerator sensor error Regular progress report meeting”
“This time, for once at least, sincerely investigate FTA [field technical issues] …If you always say foreign matter is at fault…I smell a rat.”
"one more thing--I ask that you separate the causes between the accelerator pedal and the ECU, and that you verify your predictions of future occurences."
F00956-ATX-12438165
F00956-ATX-12438165 source document in Japanese
Monday, August 29, 2016
doc F00956-ATX-15925054 electronics causes admission by Toyota engineers
Some parts.
"The large number of market malfunctions of the accelerator pedal sensor linkage were confirmed. According to the explanation of the Electrical Engineering Dept, it was concluded that the problem lay exclusively with Electrical Engineering Department components (ECM connectors, accelerator sensors and software related.)"
F00956-ATX-15925054 source document in Japanese
Sunday, August 28, 2016
Toyota "gladiator" takedown requests, unsuccessful
https://drive.google.com/file/d/0BxYkSkVbATRSUXY5ZC0yQVVoQUE/view?usp=sharing
see latter pages for extensive but pathetic efforts to enforce silence
Ben Kelley commentary on 'gladiator' fights to keep dark corporate secrets
"fight like gladiators to keep the documents under wraps"
Saturday, August 27, 2016
doc F00956-ATX-07372177 Toyota test driver Omote suggests high RPMs could be caused by software ("control") or malfuntioning communication to throttle
Even sherbet couldn't make the gas pedal "stick"
Friday, August 26, 2016
Monday, August 22, 2016
Korean study demonstrates 100% wide open throttle SUA reproduced by auto voltage drop
A very odd couple: Gas pedal, 35%, throttle valve 100%
S. Park, Y. Choi, W. Choi, Experimental Study for the Reproduction of Sudden Unintended Acceleration Incidents, Forensic Science International (2016), http://dx.doi.org/10.1016/j. forsciint.2016.08.014
Abstract
A few cases of the sudden unintended acceleration have been reported over the last few years 0005, 0010, 0015, 0020, 0025, 0030, 0035, 0040, 0045, 0050 and 0055 and some of them seemed to be somewhat related to an electronic throttle control (ETC) system 0055 and 0060. In this experimental study, efforts were made to reproduce the cases of sudden unintended acceleration possibly related to the ETC. Typically, an ETC of the engine is managed based on signals from airflow sensor, throttle position sensor and acceleration pedal sensor. With this typical sensor configurations in mind, these sensor signals were checked for noise levels. However, none of them showed any clear relationship with the sudden unintended acceleration mainly due to the robustness of the ETC logic software. As an alternative approach, supply voltage to an engine control unit (ECU) was tempered intentionally to observe any clues for the incidents. The observed results with the supply voltage drop and fluctuation tests were rather astonishing. The throttle valve position went all the way up to 100% for around one second when the battery voltage plunged down to 7 V periodically despite that the acceleration pedal position was kept steady. As an effort to confirm the case, multiple tries were made systematically on a chassis dynamometer as well as on the test road. In this paper, detailed procedures and findings are reported accordingly.
Question: The authors point to vehicles overloaded with power-hungry electrical devices as a likely cause of low voltages and SUA. In at least a dozen documents, including one that I posted here a few days ago, Toyota engineers expressed concerns that vehicles were behaving unpredictably due to issues with electrical loads. What is the connection?
Wednesday, August 17, 2016
Monday, August 15, 2016
Repost of Michael Barr's Bookout victory comments
Well-encrusted, but far too ornate and heavy
Here below is a frank blog post by Michael Barr, the leader of the embedded systems experts who
examined Toyota's source code under conditions of tight security imposed by
Toyota to protect the secrecy of the software it called its "Crown
Jewel."
After Barr gave expert testimony that Toyota's ETC failsafe was like a "house of cards," I think Toyota has ceased describing its software with those words. Not a queen of diamonds there.
Barr's concerns about the source code's poor quality echo those of the Toyota engineers, as they wrote in the documents. Here is Barr's blog post:
An Update on Toyota and Unintended Acceleration
Saturday, October 26th, 2013 by Michael Barr
http://embeddedgurus.com/barr-code/2013/10/an-update-on-toyota-and-unintended-acceleration/
(downloaded on 29 October 2013)
Michael Barr
Michael Barr is an expert on the design of software-powered medical
devices and other embedded computer systems. (full bio)
In early 2011, I wrote a couple of blog posts (here and here) as well as a later article
(here) describing my initial thoughts on skimming NASA’s official report on its
analysis of Toyota’s electronic throttle control system. Half a year later, I was
contacted and retained by attorneys for numerous parties involved in
suing Toyota for personal injuries and economic losses stemming from incidents of
unintended acceleration. As a result, I got to look at Toyota’s engine source code
directly and judge for myself.
From January 2012, I’ve led a team of seven experienced engineers, including three
others from Barr Group, in reviewing Toyota’s electronic throttle and some other
source code as well as related documents, in a secure room near my home in
Maryland. This work proceeded in two rounds, with a first round of expert reports and
depositions issued in Summer 2012 that led to a billion-dollar economic loss
settlement as well as an undisclosed settlement of the first personal injury case set
for trial in U.S. Federal Court. The second round began with an over 800 page formal
written expert report by me in April 2013 and culminated this week in an Oklahoma
jury’s decision that the multiple defects in Toyota’s engine software directly caused a
September 2007 single vehicle crash that injured the driver and killed her passenger.
Don’t be misled by much of the mainstream coverage of the Oklahoma verdict. While
it is true this was the first time Toyota has lost an unintended acceleration case in
court, it is more significant that this was the first and only jury so far to hear any
opinions about Toyota’s software defects. Each of the earlier cases either predated
our source code access, applied a non-software theory, or was settled by Toyota for
an undisclosed sum.
In our analysis of Toyota’s source code, we built upon the work that NASA had done.
First, we looked more closely at more lines of the source code for more vehicles for
more man months. And we also did a lot of things that NASA didn’t have time to do,
including reviewing Toyota’s operating system’s internals, reviewing the source code
for Toyota’s “monitor CPU” (which even Toyota hadn’t ever done before! (!)),
performing an independent worst-case stack depth analysis, running portions of the
main CPU software including the RTOS in a processor simulator, and
demonstrating–in exemplar Toyota Camry vehicles–a link between loss of throttle
control and the numerous defects we found in the software.
In a nutshell, the team led by Barr Group found what the NASA team sought but
couldn’t find: “a systematic software malfunction in the Main CPU that opens the
throttle without operator action and continues to properly control fuel injection and
ignition” that is not reliably detected by any fail-safe. To be clear, NASA never
concluded software wasn’t at least one of the causes of Toyota’s high complaint rate
for unintended acceleration; they just said they weren’t able to find the specific
software defect(s) that caused unintended acceleration. We did.
Now it’s your turn to judge for yourself. Though I don’t think you can find my 800
page expert report outside the Court system, here’s the trial transcript [*] of my expert
testimony to the Oklahoma jury in Bookout, et.al. v. Toyota.
Note that the jury in Oklahoma went with the software defects and found that Toyota
owed each victim $1.5 million in compensatory damages and also found “reckless
disregard”. The latter legal standard meant the jury was headed toward deliberations
on additional punitive damages when Toyota finally called the plaintiffs to settle (for
yet another undisclosed amount). I understand there are about 500 personal injury
cases still working their way through various courts, including one set for trial in
November in U.S. District Court in Santa Ana, California.
***********************************************************
2 Responses to “An Update on Toyota and Unintended Acceleration”
1. Miro Samek says:
October 28, 2013 at 4:49 pm
Hi Michael,
Thank you for posting the link to your court deposition. I found it fascinating
and couldn’t stop reading late into the night…
There is no doubt in my mind that exposing the inadequacies in the Toyota
firmware is a very important development for the whole embedded software
profession.
It is also interesting to see old mistakes repeated time and time again. For
example a timed task degenerating into a kitchen sink.
I also bet my shirt that there were no assertions in the Toyota firmware.
Assertions in software work like fuses in electrical systems and beyond
certain density of assertions in the code all failures (including hardware
failures) manifest themselves as assertion violations. I’m sure that this could
have saved the day (besides making software development so much faster).
Anyway, there are tons of valuable lessons to learn here. From now on I will
imagine that all my software is on trial…
–Miro
2. David W. Gilbert, Ph.D. says:
October 28, 2013 at 10:25 pm
Dear Mr. Barr,
Nicely done! I found your testimony very interesting, and while I am not a
software expert, I can certainly verify the inability of Toyota vehicles to detect
certain malfunctions in the electronic throttle controls. And few malfunctions
are more apparent than tin whiskers growing inside the APP sensors!
Since my 2010 testimony in the Washington Toyota hearings, I have learned
much. Your testimony certainly adds to that knowledge and I am pleased that
it has received much needed media attention.
Maybe our paths will cross someday.
DWG
***************************************************
[*] Trial transcript is available on the Safety Research & Strategies website
After Barr gave expert testimony that Toyota's ETC failsafe was like a "house of cards," I think Toyota has ceased describing its software with those words. Not a queen of diamonds there.
Barr's concerns about the source code's poor quality echo those of the Toyota engineers, as they wrote in the documents. Here is Barr's blog post:
An Update on Toyota and Unintended Acceleration
Saturday, October 26th, 2013 by Michael Barr
http://embeddedgurus.com/barr-code/2013/10/an-update-on-toyota-and-unintended-acceleration/
(downloaded on 29 October 2013)
Michael Barr
Michael Barr is an expert on the design of software-powered medical
devices and other embedded computer systems. (full bio)
In early 2011, I wrote a couple of blog posts (here and here) as well as a later article
(here) describing my initial thoughts on skimming NASA’s official report on its
analysis of Toyota’s electronic throttle control system. Half a year later, I was
contacted and retained by attorneys for numerous parties involved in
suing Toyota for personal injuries and economic losses stemming from incidents of
unintended acceleration. As a result, I got to look at Toyota’s engine source code
directly and judge for myself.
From January 2012, I’ve led a team of seven experienced engineers, including three
others from Barr Group, in reviewing Toyota’s electronic throttle and some other
source code as well as related documents, in a secure room near my home in
Maryland. This work proceeded in two rounds, with a first round of expert reports and
depositions issued in Summer 2012 that led to a billion-dollar economic loss
settlement as well as an undisclosed settlement of the first personal injury case set
for trial in U.S. Federal Court. The second round began with an over 800 page formal
written expert report by me in April 2013 and culminated this week in an Oklahoma
jury’s decision that the multiple defects in Toyota’s engine software directly caused a
September 2007 single vehicle crash that injured the driver and killed her passenger.
Don’t be misled by much of the mainstream coverage of the Oklahoma verdict. While
it is true this was the first time Toyota has lost an unintended acceleration case in
court, it is more significant that this was the first and only jury so far to hear any
opinions about Toyota’s software defects. Each of the earlier cases either predated
our source code access, applied a non-software theory, or was settled by Toyota for
an undisclosed sum.
In our analysis of Toyota’s source code, we built upon the work that NASA had done.
First, we looked more closely at more lines of the source code for more vehicles for
more man months. And we also did a lot of things that NASA didn’t have time to do,
including reviewing Toyota’s operating system’s internals, reviewing the source code
for Toyota’s “monitor CPU” (which even Toyota hadn’t ever done before! (!)),
performing an independent worst-case stack depth analysis, running portions of the
main CPU software including the RTOS in a processor simulator, and
demonstrating–in exemplar Toyota Camry vehicles–a link between loss of throttle
control and the numerous defects we found in the software.
In a nutshell, the team led by Barr Group found what the NASA team sought but
couldn’t find: “a systematic software malfunction in the Main CPU that opens the
throttle without operator action and continues to properly control fuel injection and
ignition” that is not reliably detected by any fail-safe. To be clear, NASA never
concluded software wasn’t at least one of the causes of Toyota’s high complaint rate
for unintended acceleration; they just said they weren’t able to find the specific
software defect(s) that caused unintended acceleration. We did.
Now it’s your turn to judge for yourself. Though I don’t think you can find my 800
page expert report outside the Court system, here’s the trial transcript [*] of my expert
testimony to the Oklahoma jury in Bookout, et.al. v. Toyota.
Note that the jury in Oklahoma went with the software defects and found that Toyota
owed each victim $1.5 million in compensatory damages and also found “reckless
disregard”. The latter legal standard meant the jury was headed toward deliberations
on additional punitive damages when Toyota finally called the plaintiffs to settle (for
yet another undisclosed amount). I understand there are about 500 personal injury
cases still working their way through various courts, including one set for trial in
November in U.S. District Court in Santa Ana, California.
***********************************************************
2 Responses to “An Update on Toyota and Unintended Acceleration”
1. Miro Samek says:
October 28, 2013 at 4:49 pm
Hi Michael,
Thank you for posting the link to your court deposition. I found it fascinating
and couldn’t stop reading late into the night…
There is no doubt in my mind that exposing the inadequacies in the Toyota
firmware is a very important development for the whole embedded software
profession.
It is also interesting to see old mistakes repeated time and time again. For
example a timed task degenerating into a kitchen sink.
I also bet my shirt that there were no assertions in the Toyota firmware.
Assertions in software work like fuses in electrical systems and beyond
certain density of assertions in the code all failures (including hardware
failures) manifest themselves as assertion violations. I’m sure that this could
have saved the day (besides making software development so much faster).
Anyway, there are tons of valuable lessons to learn here. From now on I will
imagine that all my software is on trial…
–Miro
2. David W. Gilbert, Ph.D. says:
October 28, 2013 at 10:25 pm
Dear Mr. Barr,
Nicely done! I found your testimony very interesting, and while I am not a
software expert, I can certainly verify the inability of Toyota vehicles to detect
certain malfunctions in the electronic throttle controls. And few malfunctions
are more apparent than tin whiskers growing inside the APP sensors!
Since my 2010 testimony in the Washington Toyota hearings, I have learned
much. Your testimony certainly adds to that knowledge and I am pleased that
it has received much needed media attention.
Maybe our paths will cross someday.
DWG
***************************************************
[*] Trial transcript is available on the Safety Research & Strategies website
Sunday, August 14, 2016
Subscribe to:
Posts (Atom)