Researching Toyota throttle by wire unwanted acceleration or stuck throttle cases

Doing some research on the Toyota unwanted acceleration issue.

It seems that all the cases I’ve heard of involve vehicles with a throttle that is controlled by the vehicle engine control computer instead of the old fashioned mechanical linkage. The hackaday article does a good job describing the problem. The big issue seems to be that there is no back up system to prevent a computer problem from letting this happen. A simple analog circuit that would turn off the fuel injectors if the throttle body position is above 20% open and the commanded throttle is less than 10% would be easy to do.

Look what a disaster the Boeing 737 MAX was, where a single sensor and software was allowed to crash a plane! It was caused by a very ironic situation where Boeing actually avoided having redundency in that system, because doing so would make the system appear to be a safety related system, and then it would be subject to a bunch of safety reviews and testing, causing a lot of delay.

This is from wikipedia showing what vehicles were recalled:
MY 2005–2010 Toyota Avalon
MY 2007–2010 Toyota Camry (excludes Camry Hybrid and some other models)
MY 2009–2010 Toyota Corolla*
MY 2010 Toyota Highlander* (excludes Highlander Hybrid)
MY 2009–2010 Toyota Matrix
MY 2009–2010 Toyota RAV4*
MY 2008–2010 Toyota Sequoia
MY 2007–2010 Toyota Tundra

https://en.wikipedia.org/wiki/2009%E2%80%932011_Toyota_vehicle_recalls#Field_workaround_for_sudden_unintended_acceleration

All of the above vehices appear to be throttle by wire. Vehicles with Denso pedals are excluded from the recall according to Wikipedia.

What’s interesting is that the Hybrid version of the Camry is excluded. I wonder if that’s due to a different accelerator pedal or different software? The software on a hybrid would be vastly different.

Does anyone know if a software change (including to ABS) was performed as part of the service procedure when fixing the floor mat on recalled vehicles? If so that must be how they fixed the software without actually admitting that software was the issue.

A random person once said that the Toyota computer would run out of memory and kill the throttle task, causing the throttle to be stuck at the position it was in when the throttle task was killed.

So the big question is, was it software, or a mechical issue with the throttle or floor mat? Or both? The problem with software is that it can be nearly impossible to reproduce. If 1 million Toyotas are driven today, but only 1 has a software problem, then it would be infeasable to reproduce this in a laboratory. With 1000 cars being tested, it would take 1000 days to produce a problem.

It’s strange how the issue of not being able to stop a vehicle with the brake alone never comes up. Have you ever tried putting your right foot to the floor and then tried stopping your vehicle using your left foot only, after pressing down a few times until the power brake assist goes away? It can be very difficult or impossible to do.

The whole issue can be avoided by shifting in to neutral, but there are a surprising number of people who don’t know to do this, especially under stress.

edit: This article explains everything. https://www.edn.com/toyotas-killer-firmware-bad-design-and-its-consequences/

It doesn’t look like Toyota has owned up to their dangerous software, as they went out of their way to blame floor mats and throttle pedal hardware. Neither has Boeing. I wonder if some of this had to do with corporate political correctness resulting in people working in software design who aren’t actually qualified to work on safety critical things.

If a software update wasn’t done during the recall, then these cars are still out on the road! I bet they did though, even if they sneaked it in with an ABS update or some such thing during the floor mat recall.

Since you started a new thread I’ll post this again:

Your link makes up a new cause and artificially creates a problem. Not credible.

The recalls were for the floor mat and mechanical issue with the gas pedal. No indication of reprogramming that I could find.

Just happened to view this comment on my newly edited in link.

Remember LaHood is the same guy who had the idea of paying people govenment money to buy new cars if they were willing to
destroy their perfectly good cars (only currently insured and operating vehicles qualified) in a program called Cash for Clunkers.

And what was wrong with cash for clunkers? It got a lot of junk off the road.

I have performed hundreds of “floor mat” recalls.

Most recall procedures involved cutting 1 1/2" off the accelerator pedal, modification to the floor (tibia pad) and a software update to provide a fail-safe mode to close the throttle if the brake pedal is applied for more than a few seconds.

Unknown if electronic throttle body system fault detection software was tightened with the update however the production vehicles lacked the software that would stop the vehicle if the brake pedal and accelerator were applied at the same time, that is a major flaw.

Known as the “floor mat” recall, much more involved than replacing or securing the floor mat.

Safety recall 90L; RCRIT-09V388-5461.pdf (nhtsa.gov)

image962×826 86.2 KB

Thank you! So that’s how they fixed the software on these cars. Of course the update fixed the issue where the software would let the throttle get stuck and stop responding. It’s easy to add another check in the software that would make the engine stop running if the pedal position didn’t correspond to the current amount of fuel being injected. They had to come up with a reason to get the cars in to the shop to fix this.

The throttle bodies don’t get stuck.

The software change would close the throttle if there was a conflicting input; accelerator pedal and brake pedal applied simultaneously. This protects against accelerator pedal mechanical malfunction and driver error.

Electronic malfunction is nearly impossible. The accelerator pedal and the throttle position sensors each have two sensors involved. The two sensors operate with opposite voltage inputs; 0 to 5.0 volts and 5.0 to 0 volts, if there is a correlation error, the system will shut down.

I noticed that too. And one of the things that Toyota did was it adopted the simple and effective way how the Europeans prevent unintended acceleration.

Regardless of the condition of the brakes, pressing down on the brake pedal, even slightly, requires the computer to override the throttle and reduce fuel flow to the engine, down to idle speed.

This also discourages bad technique of two foot driving.

Easy to test on a European car, just gently apply the brake while your foot is on the gas. It practically turns the throttle off in response.

Another nice thing Toyota did is they switched to floor mounted throttle pedals. Also, something most European cars do and is less likely to become stuck in the open position under a floormat compared to the top down hanging throttle pedal.

The car shuts off fuel when you take foot off gas pedal. I read it on internet.

A 1992 does that too. But it turns the fuel back on when it falls below around 1250 RPM as your speed decreases. The engine won’t warm up when going 45 MPH down a long hill!

A 1992 car has a cable-actuated spring-return throttle body. The idle air is provided by a separate IAC motor. The computer provides fuel as long as the engine is running. I do not remember any issues with unwanted acceleration on cars with this setup.

Twelve years late to the party. Haven’t you noticed that all new cars are now drive by wire.

If you ever think you have unintended acceleration, just shift into neutral. No more acceleration and the computer won’t let the engine rev high enough to hurt itself.

Not at minimum throttle with the engine above about 1500 RPM! Even in 1992, fuel cut off during coasting existed on Toyota!

Found this video

If the right wires get shorted together, it will go to full throttle and there is no fault code.

Easy to find an expert that will present a hypothetical failure. NASA/NHTSA studied this for 10 months, found no problem.

I work as an expert witness, and have been stunned by what my counterparts will testify to, under oath, in court.

What if a scientist/engineer were aware of a potential design problem that could cause a safety problem, but one that neither they nor anyone else had never known to actually occur? Should it be corrected? If so, only for subsequent builds? Or should all the existing builds be recalled?

Environmental testing is designed to over stress systems to see what the weak points are. If engineers are concerned about a specific issue, they can design environmental tests to evaluate the concerns.

For instance, Ford just issued a recall for a bolt in the rear drive assembly if certain models of the F150. Overstressing that bolt in testing would have provided additional data not available in the original test regimen. I just posted more info on that issue.

This is a very common scenario and why DFMEA and PFMEA processes exist as part of a comprehensive Risk Assessment analysis. Within the 4 quadrants of knowledge, you can bet there are issues from 3 of the four quadrants that crop up all the time.

1. What we know
2. What we don’t know we know
3. What we know we don’t know
4. What we don’t know what we don’t know

Then the engineers revisit the Risk Assessment to add in the new information and determine the overall risk score for the new issue. That score will dictate a plan of action that can span the range of immediate cessation of use and recall for upgrade, field bulletin for upgrade if the unit comes in for service or just an alert to watch for subsequent failures for example.

Disposition of WIP, materials on hand or on order and other factors may also determine when a fix is applied to the ongoing production stream. Assuming the probability and severity scores of the risk analysis are not dictating otherwise…

Unless it is related to a production process issue- like an improperly trained operator forgot to apply loctite to those bolts when they assembled the unit…but you’re absolutely right about the value of stress testing. HALT, HASS and HAST have their deserved place in the verification and validation phases of testing. However, I see both engineers and customers that often place to much trust in those results when the testing criteria is ill-conceived.