Toyota initially blamed these problems on floor mats and recalled millions of cars. They said the mat could stick under the accelerator pedal and cause the car to accelerate out of control. Later, Toyota blamed some problems on bad electronics in the accelerator pedal (tin whiskers).
Now it is now coming to light that the Toyota problems could be due to bad engine control software: Toyota Single Bit Flip That Kills. Can software kill? Yes (I am working on another post about that -- watch this space).
Toyota spent YEARS and multiple recalls addressing runaway acceleration of Camry and other vehicles. They worked with NASA on a high-level review (no software fault found) and the US Government NHTSA. The result: they blamed the problems on the floor mats. The solution, replacing floor mats and fixing accelerator pedals. However, after investigation by embedded software experts at the Barr Group (see this blog entry) for a jury trial, the unintended acceleration has been largely determined to be due to very bad software in the engine control module. These issues, plus lying to Congress and the NHTSA have resulted in a $1.2B fine by Toyota and another about $1.7B in settlements.
The finding is very damaging: "a systematic software malfunction in the Main CPU that opens the throttle without operator action and continues to properly control fuel injection and ignition” that is not reliably detected by any fail-safe." (Ref) Toyota admitted to lying to NHTSA, Congress and the public, however there have not been safety recalls for defective engine control software.
These Toyota slides have a lot of technical details on the problems in the software.
Just how expensive is Toyota's software taking this into account? For comparison, the software developed for the Space Shuttle cost about $1000/line of code for the best tested software in history. Toyota's engine controller consists of about 1M lines of code and Toyota has paid fines of $1.2B (and a lot more to settle lawsuits) resulting in a cost per line of code of $1200 (or $2800 if lawsuits are included). Well-tested, very clean code (Shuttle) or well-litigated, sloppy, dangerous code (Toyota). Take your pick.... The result is Toyota's software is more expensive than the Space Shuttle's software!
What about those deaths versus flying? In the US, there have been 53 airline deaths the last 10 years versus 89+ deaths due to faulty Toyota software (source).
- 2005: 1 on ground in Chicago
- 2009: 49 Buffalo, plus 1 on the ground
- 2013: 3 San Francisco (pilot error)
Clearly, software used in critical functions needs to be tested and evaluated. It needs to be evaluated by 3rd parties and must be developed using well-defined, controlled, audit-able processes. Software engineers and programmers need to do a MUCH better job.
BTW, the Toyota code is the opposite of open source -- it was reviewed in a secure, locked room with no phones or notebooks allowed.
Could the problem be that the automakers are focusing on NEW FEATURES and not on reliability and usability? It's not just the automakers, for example we seen that before with Windows Vista and Windows 8, spawning posts like "8 Reasons why Windows 8 Sucks"? However, how many deaths can be attributed to bad desktop software like Windows Vista (possibly a few heart attacks due to raised blood pressure)?
Now are you ready for that self-driving car? Will it be safe?
No comments:
Post a Comment