One way to think about it - if folks are 99.99% accurate with pushing the correct pedals, that’s still thousands of chances a day for somebody, somewhere to accidentally hit the gas.
I use both feet. Always have and always will. I only stopped when my driver training instructor wanted me to use one foot during class. I think it makes more sense and speeds reaction time. And I’ve had no problem switching between auto and manual and getting confused. Only thing thats confused me is Bobcat foot pedals and which one raises the bucket and which one tilts the bucket. Maybe it would come natural after a couple days-don’t know.
@irlandes
“I don’t know if Toyota uses microprocessors or another sort of computer called “Programmable Array Logic.” No one I know who knows about cars knows the difference, so I cannot get an answer.”
Modern day vehicles use everything from EPLDs to microprocessors for various functions in the vehicle. I can tell you without a shadow of a doubt, the device controlling the engine, and it’s associated electronics, is a microcontroller and have been since the days when ECms were first deployed. I posted a while back about the distinction between microcontrollers and microprocessors so not going to repeat it here.
“But, I guarantee you if it uses a microprocessor, which means a software operated system, current state of the art for the military for several decades has included a circuit called WATCH DOG TIMER. That is a timer circuit which is connected to the RESTART function on the microprocessor.”
Not sure I would call using just a watchdog timer “state of the art” when it comes to fault protection. It’s basic, fundamental and commonly applied at least since I have been involved in designing electronics. Even for industrial controls back in the early 80s using small embedded 8 bit microcontrollers, we always had AT LEAST a hardware watchdog. Even before they were integrated into the chip itself. Today, you’d be hard pressed to find a system being designed that doesn’t have that and a whole host of protections built in for faults that would never trip a watchdog timer.
A small digression- over my career I have had to perform numerous failure analysis on software/hardware based systems. I have seen all manner of bastardized watchdog implementations that failed miserably when they needed to do their job. People who coded in so many watchdog strokes throughout their code that they invariably ran across one even though the code was totally corrupted to one guy who tied the watchdog input to a free running timer output! The entire thing was locked up but the watchdog was being constantly refreshed by a hardware timer output…
Having a provision is different than actually properly implementing it. To my earlier point- who is watching the hen house? Are these guys developing code under ISO-9001? That would be a joke. MIL STDs? doubtful.
“No one noticed until I asked a senior lab tech what the period should be normally. He almost had cardiac arrest when I told him it was tripping every 2.5 milliseconds. The programmer did such a good job on the restart sequence no one had ever noticed until I actually looked at the output with a scope.”
This is what I was referring to as part of the V&V cycle. Safety critical code must be thoroughly analyzed. I have developed software for class III medical as well as military stuff. I can’t say much about the latter other than my hardware/software is on orbit in various vehicles and used in things like mach 9 missile interceptors. I actually developed the first microcontroller based shoulder fired missile ESAF and had to prove it was 100% reliable to some pretty formidable people in high positions in the military before they would accept it. Just background to let you know that I know a thing or two about fault tolerance in both hardware and software. If you never have, read up a bit on the shuttle program and their software development cycle. One single bit flip in object code required 100% verification protocol be exercised. That’s 100% thread execution under every possible execution possibility. No one can afford that except the government and on stuff that costs $BB. Even then, we’re only human and make mistakes. My mantra is that “in every software program there are bugs waiting to be found”.
“It it was a microprocessor based computer, it could switch the throttle to full speed ahead, then freeze up and be unable to shout it down again.”
It doesn’t need to freeze up, it can be acting on bad data…assuming there are no protections in place to reasonably prevent that from happening…
Seriously, my hat is off to you software genius’. Just as important as boots on the ground in my view. My Dad made the hard steel missle launchers for the Navy but you folks made them work and hit what they were supposed to hit.
Guess all I’ve been saying is that it would not be beyond the realm of possibilities to have a computer glitch that was hard to pinpoint after the fact.
That’s why the DOT brought in NASA. And the fact that the problem has gone away confirms that it wasn’t a software problem (I’m aware of no reprogramming by Toyota of existing cars).
Anything’s possible. But no info supports that.
In Minnesota in July, there is no evidence whatsoever that the lakes were covered in ice at one time. You just had to be there.
??? If Toyota’s problem went away without changing the computers or their programming, then how could a ‘computer glitch’ have been the source of the problem?
Watch-dog timers are very useful in an application like this. Simple to implement and effective. The microprocessors used in the vehicle’s is not that sophisticated.
If Toyota's problem went away without changing the computers or their programming, then how could a 'computer glitch' have been the source of the problem?
That’s one reason I’m skeptical. Software or hardware just don’t fix themselves.
Toyota may have quietly changed their software to address the potential glitches identified above, and no one’s the wiser.
That would only work on vehicles that get serviced at the dealership.
We’d have heard of that. For new cars, sure, but the vast majority of ‘problem’ cars would never have had the software reloaded.
Every ES350 that had Safty Recall 9LG performed received a software update/flash. The update included software that would cut engine power if both the accelerator and brake are applied.
Independent of the vehicle-based recall remedy, a newly designed override system will be installed onto the vehicle to provide an extra measure of confidence. This system will cut engine power in case of simultaneous application of both accelerator and brake pedals at certain speeds and driving conditions.
The 2010 RX350 was added to recall 9LG in 2010 but only involved cutting off a portion of the accelerator pedal. These vehicles were recalled again in August 2013 (Recall BSL) to add “Smart Stop Technology” to the Powertrain Control Module.
Like those runaway Audis, this one is highly suspect. A large number of drivers will press the gas pedal instead of the brake and blame it on the car!
Car makers have to completely idiot-proof a car so that these things are minimized. Why the CHP officer did not have the gumption to either turn the ignition off, put the car in neutral, pull the handbrake, is beyond me.
Years ago, working for a public utility we had to pass the city police test. One of the events was when going through an intersection (no traffic), the instructor would turn the ignition off and thow the keys on the floor. You were not supposed to panic, retrieve the keys, start the car and drive on.
This test today would be somewhat dangerous since the key would disable the steering and other functions.
So there was nothing at all to it. Just some floor mats, over-sized pedals, and some dufus old people that got their feet tangled up and got confused. If I remember right, Bruce Williams’ wife was sitting at a stop light when her Chrysler took off. Well at any rate just to be good guys we’ll pay out a billion dollars anyway. Case closed, no need for anyone to fall on the dagger.
To deny it did not happen is cause for legal action, as has been done. No happy endings. http://www.reuters.com/article/2014/03/20/hmg-toyota-ruling-idUSnPn6ghcVx+82+PRN20140320
I remember that case now. Really sad case in St. Paul. I drove that stretch every day. True he wasn’t a pro or experienced driver but if I remember right he hit the off ramp at about 90 on a 55 mph freeway and the brakes were burned to a crisp. On that stretch of highway, there are only steep banks on the side or bridges so no good place to land if you are out of control. I think what got him sent to prison was the Highway Patrol experts that did not find skid marks and essentially hung him with it. By that time though the brakes were fully shot from trying to stop so there couldn’t have been any skid marks.
The ignition switch on the ES350; a start/stop button, does not respond to a momentary push when the vehicles gear selector is in drive, neutral or reverse. This can send someone further into panic.
The owners manual states;
The engine cannot be turned off
unless the shift lever is in P.
Two pages later it shows;
If you want to stop the engine in an emergency while driving the vehicle, push and
hold the “ENGINE START STOP” switch for more than 3 seconds.
Press and hold the start/stop switch will stop the engine. Hopefully your not too close to the vehicle in front of you as accelerating for 3 to 5 seconds while waiting for the engine to stop may use up that space.
Of course to simply push the gear shift lever onto neutral will stop the vehicle from accelerating and should be common knowledge like checking your oil. Everybody has mastered that.
How can you rationalize away the $1.2-billion criminal penalty Toyota just paid to the US Government? Something was wrong that caused unintended acceleration. In some cases, the problem may not have been found yet. Toyota tried to at least delay the recall, and may have tried to avoidi t altogether.
Nothing being rationalized away. The penalty, as described by the government, was for failures in how Toyota communicated with its customers and with the federal agencies about the problem. Nothing more.
It seems to me there was a lot of talk about no real unintended acceleration and it was just driver error. That is what I object to.