Never say never

By Bill Schweber, Executive Editor -- EDN, 2/17/2000

A fascinating front-page story in The Wall Street Journal presented some interesting lessons for any engineer charged with debugging a design or an application's implementation (Reference 1). The story detailed how an experienced, thorough investigator—not a deskbound bureaucrat—from the National Highway Traffic Safety Administration (NHTSA) dug into the details surrounding the unexpected acceleration of a police van. During the investigation, he came up with the wrong answer, but he later discovered the actual cause of the accident through an offhand remark made by a police officer.

In brief, as a police officer moved his police van at the scene of an accident, the van suddenly lurched forward, killing some bystanders. Although the officer insisted he had put his foot on the brake before shifting the vehicle into drive, it appears that he may have simultaneously pushed the brake pedal and the gas pedal. By pushing the brake pedal, he activated the shift lock, which prevents you from shifting out of park unless you are depressing the brake; the shift lock is a safety interlock installed on most new cars, spurred by (subsequently discredited) reports that Audi cars would sometimes jump from park to drive if the driver stepped on the gas without shifting.

The NHTSA researcher had investigated 63 sudden-acceleration incidents over 17 years and found no cases in which there was a mechanical or electrical failure. In other words, it was the driver's fault—not the car's—despite the driver's insistence that the car suddenly lurched forward even though it was in park. Many mechanical tests on the crashed vehicle, numerous measurements, and other corroborating evidence buttressed his written accident report. Because the shift lock was operating perfectly even after the crash, it was clear that the police officer had stepped on the brake, shifted into gear, then inadvertently stepped on the gas.

But the real shock came when the investigator presented his findings to an auditorium full of police officers. One of the officers raised his hand to say he had a cruiser that you could shift from park to drive without depressing the brake—despite the shift lock—whenever the cruiser's lights were flashing. Apparently, many police departments have installed after-market (nonfactory) flasher modules that flash the brake lights of the cruiser in synchronization with the police lights for extra safety when the cruiser is stopped on a roadside. This module is wired into the circuit for the shift lock, and in many cases, it interferes with and defeats the shift-lock circuitry. Months of investigation and a previously airtight conclusion evaporated in a flash.

With any luck, you won't be involved in this serious type of post-accident analysis. But most engineers determine many things about their project: what really happens, what actually works, what goes wrong, and what is the objective reality versus the first level of appearance and supposition. Throughout this analysis, you have to work hard to keep the proverbial open mind while you investigate any offhand remarks about anomalies, hunt down undocumented or postrelease features or changes to circuitry and software, try to re-create intermittent or poorly described events, and generally determine whether anyone has missed anything. Encourage everyone to speak out at design reviews and make sure that the review is open to more than the usual project-team members.

Finally, despite your best efforts, you should expect a re-examination of your assumptions and their implications when you find a new fact or observation that changes the implications of what you've already seen.

Author info