Toyota learns the tyranny of software complexity

So much so for the GM way - GM just called back 1.2m vehicles.

Regarding the need for left foot braking, and this is a reason I am getting rid of my Audi - in snow or loose conditions, to control the car from understeering off of the road, application of left foot braking while throttle on is going to save your life. My Audi cuts the throttle at the wrong times right when the driver is demanding more throttle on a front wheel or all wheel drive car, and is very unnerving. I am replacing this pile of engineering junk with an earlier vintage car, most likely an awd Subaru, with a throttle linkage and stability control that I can either shut off or is non existent. Too much technology takes the driver away from driving and is a good excuse to talk on the phone, text, put on eye makeup or all of the above. Toyota just ruined it for those that actually LIKE TO DRIVE their cars, not just ride around in them, especially in the snow.

Check also the Design News blog on the Toyota Travails! lots of good comments there. ON this one: the solution for the brake-throttle override problem is to only enable the override above 10 or 15 MPH, then all situations are covered. The can bus problems are undoubtedly in the software, not in the hardware, and setting priorities incorrectly, just like one of the major OS companies does all the time. As for the 3 second hold for a forced shutoff? That sounds like software to me. My most reliable cars had an actual in-line hard switch in the ignition power circuit, some of the less reliable ones used a relay under the hood. But there was no software to ask "Why would you ever want to do that", and then say "action denied". I did have a throttle lock on a lab car while at Chrysler, maintaining a 4700RPM "idle" after the engine warmed up. I wound up driving the 70 or so miles back from the proving grounds all the way to their Highland Park engineering center in that mode. Braking was indeed difficult, and quite likely my grandmother would have had a problem. But the only casualty was the brake pads. That problem was caused by a stuck experimental idle speed control motor, easily diagnosed and easily fixed, except, not on the road, without tools.

Re: "I can?t think of a reason a car needs to have brake and throttle on at the same time..." Answer: It doesn't matter. From an FMEA standpoint, if it can be done someone will do it and it doesn't matter why. More food for thought: I would guess that most operators don't think or care about electronic throttle control (vs. a mechanical linkage). They expect that the vehicle will do what their last vehicle and the vehicle before that did: braking with the throttle depressed does not cut the throttle.

I have been in two major accidents in Saturn sedans. I was hit from behind by a semi truck who did not see that traffic was stopped and I had a collision with a ford mustang that pulled out in front of me while I was going 30mph. In both cases all of the safety systems worked and I came out with only minor bruises. I would recommend buying a Saturn but GM is no longer making them. I guess Saturns didn't make enough money for them.

I always thought there would be more to Toyota?s recall than the floor mats. What?s with all the Ford bashing? I bought my 1972 Mach 1 off the showroom floor 38 years ago. It?s a wonderful car. I?m about the only person that still drives these around town on a regular basis. Have had very few problems and those are usually easy to repair. So you think Honda?s are immune? Recently my Accord would just sporadically die. I tried everything I could think of to resolve the problem, dirty intake, EGR, Idle air control, tune up?nothing worked. Searching the internet, I found an old recall notice from about the time I bought the car. A faulty ignition switch would shut off the ignition. OK, not as bad as Toyota?s but still could leave you stranded somewhere. Luckily, my would eventually restart, but still un-nerving not knowing when I would get stuck.

i am replying to the question: "why would someone want to have the throttle live and the brake live at the same time?" Front wheel drive motocross racers often will approach a turn and get on the brake and push the throttle at the same time. The braking 'loads up" the front end for better traction and the gas is needed to keep acclerating thru the turn:) These are race car drivers of course....not normal humans:) (give them software RCEX 1.0)

I have been working with CAN for 20 years and it is wrong to use a expression ? goofy CAN bus disaster could..?. The CAN bus is very robust and safe and it is almost impossible that data will be corrupted during the communication. If you have that much noise in the CAN-communication that could cause any problem in the CAN-link, it could be detected and you will know you have problem. The problem is the layout of the system and the mixing of all type of information into a complex mix. The only signal that must be working in a car at any time is two signals acceleration and direction of the car (at night it is nice to also have headlight). All other signals are not necessary but nice to have to increase safety and comfort when driving the car. If you prepare your system with multiples MCU it is possible double/triple check each other to detect units with problem and isolate them from causing any damage in the system. If you include into the system such means to detect and isolate units you will get a safe system. CAN itself is not the problem and not the solution, but it is good enough to be used in a proper system.

Was the root cause of the problem: a) software ? (lack of brake over ride, lack of data logging sensor error) b) hardware (lack of detecting sensor failure)? c) Quality assurance testing ? (no detection of above issues) d) bad (poor) engineering? (stupid people) e) A manager's decision ? (all the above, plus greed/politics thrown in.) f) Lack of industry standards for testing/certification of complex control systems in cars? g) lack of government oversight? ... any many other areas/issues.... A lot of places to place blame. Lot of places the problem(s) could have been caught, before any one was hurt. All can share blame... The real question.. with all the examples of recalls/failures.. Have we found a better system for making highly complex systems more reliable/safer? and if we have .. why aren't we using it? The answer is ... everything continues to evolve. expectations. solutions. everything.... including the thresholds for defining "failures"

I love it...finally someone who says something that is coherent.... for pennys...manufacturers will cut costs and bring a death situation into reality....all for the profit....Heartless Capitalism.... Bring them before the courts and chop their heads off. I say AMEN to that.

The most reliable car on earth is a Toyota? Tell that to my wife. In one accident where a 16 year old rammed into the rear of her stopped car, the seat belts failed to lock. Only the threat of a lawsuit convinced Toyota to replace faulty seat belts in the car, a 1991 Celica. I was always suspicious of the car's belts as they would not lock in panic stops. It was miserable to have to find out the hard way they were defective. Two years later some codger rams into her head-on coming out of a parking lot. Eye witnesses to the accident said she was going under the speed limit and had no chance to stop in time. The airbag did not deploy in a 25mph head-on collision. Second safety system failure in this "reliable" car. I filed complaints with NHTSA and Toyota to no avail. I paid to have the system checked out at a local Toyota dealership. The mechanic said the system checked out. When I showed him a picture of the car after the wreck, his only reply was "those air bags are faulty, no matter what the diagnostics say; that kind of head-on collision should have made the bag deploy". I don't want to ever see a Toyota again. They are death traps as is finally coming out.

There is one time that you might want a little trottle with the brake on. If you are stopped on a hill and someone has pulled up right behind you, pressing down on the gas so you do not roll backwards is the solution. Even with automatic transmissions this might be needed. However, like you, I can see no reason to have the accelerator and brake depressed at the same time. The company I work for designs automation equipment. We always include a background software task that checks for problems such as these and disables the machine when they occur. With every machine we design that can pose a danger to a human being, we provide the manditory E-Stop switch. This is a big red switch circled with the words Emergency Stop. Hitting this switch removes all energy from the machine. In the case of a car, I would think everything except braking and steering should be disabled. I live in San Diego California and daily pass the area where the four people lost their lives on highway 125 when they ran out of freeway. I was also witness to a fatal collision where they suspect that the driver had a stroke and was pressing on the accelerator and brake at the same time. We need a simple a quick method of detecting failures and overriding possible error conditions in a safe manner.

Several of the drivers, like the TN grandmother that testified before the House subcommittee, did indeed try to pop the transmission into neutral but it did nothing. So your prescription, which is what I would recommend, will not work in this case.

Involuntary Recalls by Toyota in the company?s history ? 1 Involuntary Recalls by Ford/General Motor/Chrysler in the last 12 months ? 37 I was always instructed to work from first principles and start with the facts.