Toyota has been much in the news lately because of questions about the performance of a variety of their cars. In the interest of full disclosure, I should say that I’ve owned four cars in my lifetime–two Fords and two Toyotas (my current car is a Scion which is a division of Toyota). When I was 14, I learned to drive a standard using my father’s company trucks, teeny tiny Toyota pickup trucks. So I have been a fan of the company.
But I think the company’s response to reports about problems with unexpected, uncontrolled acceleration have been quite problematic. And this response made me realize how scary a situation we are all in when it comes to our cars, no matter the make or model.
I’ve understood for a long time that our cars are increasingly controlled by a computer. I think this realization came upon me gradually, as my check engine light came on over the years and increasingly computers could read whatever the problem was based on diagnostic codes. I was a software developer for a long time and I believe we are placing too much trust in software. The Toyota issue is another piece of evidence that we are placing too much trust in software.
When I first started hearing about the Toyota recalls, the discussion was all about the unexpected acceleration being caused by gas pedals that get stuck or by floor mats that get wedged under the brake pedals. These mechanical explanations for the problem are comforting because they can be fixed fairly easily. Just replace the shaft of the gas pedal or the floor mats and the problem goes away. Toyota would certainly like us to believe that the problem is mechanical and not a problem with the software. They have implied that the National Highway Traffic Safety Administration’s report indicates that misplaced floor mats have caused all of the accelertation problems. Unfortunately for Toyota, the NHTSA’s report simply said that they had found no other problems–yet.
So here’s the thing. Software is complex. The way software interacts with hardware is even more complex. Finding bugs in software is sometimes incredibly difficult because it is impossible, in a complex system, to anticipate and test every single combination of conditions. As a result, bugs in software can raise their ugly heads intermittently for years before they are discovered. Software developers should understand this.
Whenever possible, if lives depend on the integrity of a software system, an override should be built into the system. In the case of Toyota vehicles (and cars of any other make), this means that there should be some sort of mechanical override of the software system. An easy override would be that when the key is turned off (which should be a mechanical process unmediated by software–this is clearly not the case), the computer should shut down and the brakes should go into mechanical mode, which means it will be more difficult to brake but braking should still be possible. Apparently, this does not happen in Toyota vehicles since a driver in California recently had a high profile case of unexpected acceleration. Scrutiny has turned to the past of the driver in that case (he has had significant financial problems in the past) but even if this case turns out to be a hoax, Toyota should seriously reconsider any decisions they have made to rely exclusively on their software. Even the best software has bugs.
I found it interesting that the SIUC professor who was able to cause a Toyota to accelerate in much the same manner so many have complained about was criticized by Toyota for, among other things, tampering with the sheathing on a cable in order to circumvent the sensors that would have alerted the PCIM that the car was accelerating. Given the near-constant movement, heat, and other conditions that ANY car is subject to, I would think that almost any test that could produce rapid acceleration undetected by the software (even if they required unusual wear on components) would support your call for mechanical overrides. Although the recalls are massive, I think Toyota can restore trust in their line. But another bona fide accident would be a disaster for them.
Hearing about that professor and Toyota’s criticism of him is what made me think about writing this post. And today, the news is that the latest case in California is suspicious because it can’t be replicated and no evidence is found on the chip about what might have happened. That’s part of the problem, I think. If the software is malfunctioning in controlling the speed of the car, why wouldn’t it be logical that at that same time, it would be malfunctioning in recording the correct data?