PDA

View Full Version : OT: good design and why it's not used (e.g. Toyota pedal problem)



rotate
02-07-2010, 11:50 PM
The news about the Toyota accelerator pedal problem (btw my wife's RAV4 is affected) got me thinking about the wisdom of my car's design, one which I didn't really appreciate until Toyota's problem became a news.

I drive a 2000 Saab 9-3. It's a throttle by wire, however the pedal is attached to a throttle cable like the traditional setup and the cable winds it's way to the throttle body. There the cable is attached to a shaft which is sensed by two separate potentiometer (POT). One of the POT increases in resistance as the throttle is depressed and the other decreases in resistance. Both of these values are read by the ECU to determined how much to open the throttle valve.

The throttle valve is controlled by a servo motor, and just like the throttle position sensor, there are two POTs used. During the operation, ECU continually checks for the "sanity" of the throttle by wire system and should it sense that something is out of range, the ECU activates a solenoid in the throttle body which pushes a pin between the throttle position sensor and the the throttle valve. ECU then goes completely hands off the throttle, and allow the driver to control the throttle valve directly (and mechanically). Essentially allowing a manual override. Air/fuel mixture is still maintained by MAF, MAP, and O2 sensors.

Originally, I thought why goes through so much trouble! Just put the sensor at the throttle pedal and do everything electronically. Now I see the wisdom of Saab's design. I actually think it's it's quite brilliant. No single point failure can cause the throttle system to fail completely (less the throttle cable breaking).

So, my question is, "why are good designs replaced with inferior ones?" I see this all the time when they introduce new models. They had something that worked brilliantly but then they decided to change it and make it less effective (ergonomics being the primary examples). You may say that it's about cost reduction but in many cases I don't see that.

Black_Moons
02-08-2010, 12:18 AM
Heh, if car redesign was about cost reduction, we'd have $5000 new cars by now!

Too_Many_Tools
02-08-2010, 12:59 AM
The news about the Toyota accelerator pedal problem (btw my wife's RAV4 is affected) got me thinking about the wisdom of my car's design, one which I didn't really appreciate until Toyota's problem became a news.

I drive a 2000 Saab 9-3. It's a throttle by wire, however the pedal is attached to a throttle cable like the traditional setup and the cable winds it's way to the throttle body. There the cable is attached to a shaft which is sensed by two separate potentiometer (POT). One of the POT increases in resistance as the throttle is depressed and the other decreases in resistance. Both of these values are read by the ECU to determined how much to open the throttle valve.

The throttle valve is controlled by a servo motor, and just like the throttle position sensor, there are two POTs used. During the operation, ECU continually checks for the "sanity" of the throttle by wire system and should it sense that something is out of range, the ECU activates a solenoid in the throttle body which pushes a pin between the throttle position sensor and the the throttle valve. ECU then goes completely hands off the throttle, and allow the driver to control the throttle valve directly (and mechanically). Essentially allowing a manual override. Air/fuel mixture is still maintained by MAF, MAP, and O2 sensors.

Originally, I thought why goes through so much trouble! Just put the sensor at the throttle pedal and do everything electronically. Now I see the wisdom of Saab's design. I actually think it's it's quite brilliant. No single point failure can cause the throttle system to fail completely (less the throttle cable breaking).

So, my question is, "why are good designs replaced with inferior ones?" I see this all the time when they introduce new models. They had something that worked brilliantly but then they decided to change it and make it less effective (ergonomics being the primary examples). You may say that it's about cost reduction but in many cases I don't see that.

The answer IS cost reduction aka increasing the company's profit.

Change costs money and companies do not spend money unless they think there will be a cost benefit to THEM.

Notice I did not say YOU.

TMT

Optics Curmudgeon
02-08-2010, 01:27 AM
Cast your mind back, say 20 years or so. The original "uncommanded acceleration" crisis was with Saab cars. The step on brake before shifting into drive interlock came from that. The system you are describing was meant to ensure that the problem never came back, Saab claimed that the real issue was drivers stepping on the gas by mistake, but one of their engineers found a single point failure in the throttle system and the whole thing got redesigned. A repeat would have really screwed them.

Joe

form_change
02-08-2010, 02:07 AM
This is a sore point with me because I get to see a lot of bad design at work. There are several contributing factors -

"Let's not re-invent the wheel"
"We don't do it that way here"
"It's worked for the last x years - why do we need to change?"
"The cost of changing is too much"
"We can't change now - we need to get into test", followed by
"It's too late to change now - we need to get into production"
"We've already tested the design - we're not doing that again"

Then again, some companies think that one designer is just as good as another, foregetting that like everything else, some people do and some don't have the knack for good design. For me the worst is the new graduates straight out of Uni/ College who are not trained how to design things properly but are thrown into design work as a learning experience without a mentor to watch over them.
I could complain on and on...

Michael

SteveF
02-08-2010, 02:41 AM
Cast your mind back, say 20 years or so. The original "uncommanded acceleration" crisis was with Saab cars. The step on brake before shifting into drive interlock came from that. The system you are describing was meant to ensure that the problem never came back, Saab claimed that the real issue was drivers stepping on the gas by mistake, but one of their engineers found a single point failure in the throttle system and the whole thing got redesigned. A repeat would have really screwed them.

Joe

The problem you described was with Audi 5000s, not Saabs.

Back to rotate's point - I think a good bit of it has to do with engineers on staff who try to find something to "improve" to justify their continued employment. This is a huge problem IMHO in the software industry.

Steve.

RB211
02-08-2010, 02:49 AM
Call me crazy but I think the highest level of reform is simplicity! What is wrong with a straight cable to the throttle body with a spring that drives the throttle to idle if the cable snaps? And why not use a cam shaped pulley to create a better response curve than to use a drive by wire system?

strokersix
02-08-2010, 07:29 AM
My Chevy truck drive-by-wire system with automatic trans backs off the throttle during upshifts. Smoother acceleration and longer trans life presumably.

Major reason for drive-by-wire or a side benefit I don't know.

I'm accustomed to harder shifts like a quick shifting th400 behind a big block 454 so it was a little unnerving at first but I don't even notice it anymore.

vpt
02-08-2010, 07:54 AM
Drive by wire is stupid plain and simple. There is no need for it. It is just a problem waiting to happen. I frown upon car manufactures today. Everything is built in china or japan, there is no american car anymore. They get the same gas mileage as cars 20 years ago and they are no more if not less reliable. But hey, it has blondstar and some useless plug in feature on the radio!

Carld
02-08-2010, 08:05 AM
I prefer the Saab method over anything I have read about so far but I too am dead against any throttle by wire, steer by wire or brakes by wire all of which they call drive by wire.

What is going on, are we so stupid we are no longer able to drive and we have to have a computer do it for us. The aircraft use fly by wire but the systems they use are far superior to anything the auto industry would use.

The only thing I see when I read about drive by wire is a whiz bang techy attitude and practicality was thrown out with the wash water.

I see nothing but trouble using the drive by wire systems.

J Tiers
02-08-2010, 09:24 AM
The dual pot system is USELESS!

Useless UNLESS the lack of sanity requires the vehicle to stop and refuse to work until the problem is resolved. Refusing to start on the next attempt would probably be the most practical, but not the best method.

Single redundancy has no "limp home" mode..... you must stop.

A three pot system would take the two best signals, and then require a 'service engine soon, safety systems failing" message.

japcas
02-08-2010, 09:45 AM
They get the same gas mileage as cars 20 years ago and they are no more if not less reliable.

There is really no way you can compare cars today to cars from 20 years ago. Especially when talking about gas mileage. I used to have a 1987 nissan sentra that would get 38 miles to the gallon no matter how it was driven. My 2009 corolla gets about 34 mpg in town and about 40 on the highway. But, the sentra would barely do 80 mph and was really dangerous when trying to merge into traffic on the interstate because the engine was very underpowered. The corolla has no problem at all getting into traffic and can run well over 100, yet still gets mileage in the same range as the sentra without putting my life in danger trying to get on the interstate. Plus it don't sound like it's about to puke it's guts out when it gets up to highway speeds and is a lot more fun to drive. I wouldn't want to have to go back to an engine like the sentra even though I really liked that car when I had it then.

vpt
02-08-2010, 09:55 AM
Sorry to hear about your gutless sentra. My 180HP 1989 civic will bury the speedo in 14 seconds (100mph+) and gets 35mpg religiously. Oh and it has a cable controlled throttle body that has never gave me problems.

japcas
02-08-2010, 10:02 AM
Sorry to hear about your gutless sentra. My 180HP 1989 civic will bury the speedo in 14 seconds (100mph+) and gets 35mpg religiously. Oh and it has a cable controlled throttle body that has never gave me problems.

VPT, those cars were the exception, not the rule. Honda had several civic engines in those years that had around 80 to 90 hp too, much like the sentra. Look around a little, you'll find more of the low hp versions than you will of the one like you have. And they were quite gutless just like the sentra engine.

vpt
02-08-2010, 10:06 AM
The 80-90hp hondas of those years got up to 75mpg. What does it take to get that kind of mileage now days?

Gas mileage winner this last year, what was it? Oh yes a 1989 honda!

http://ecomodder.com/blog/20-yearold-modified-honda-crx-hf-scores-118-mpg-fuel-economy-run/

japcas
02-08-2010, 10:07 AM
Sorry to hear about your gutless sentra. My 180HP 1989 civic will bury the speedo in 14 seconds (100mph+) and gets 35mpg religiously. Oh and it has a cable controlled throttle body that has never gave me problems.

And unless you've done something to that engine it is rated at 150 hp. The most hp for that year was 150 hp out of the 1.6L VTEC engine.

japcas
02-08-2010, 10:08 AM
The 80-90hp hondas of those years got up to 75mpg. What does it take to get that kind of mileage now days?

Gas mileage winner this last year, what was it? Oh yes a 1989 honda!

http://ecomodder.com/blog/20-yearold-modified-honda-crx-hf-scores-118-mpg-fuel-economy-run/

Yeah and it took 5 minutes to get up to 60 mph. My point is that kind of engine would be great in a small town but if you get on the interstate at all your putting your life at risk, big time.

vpt
02-08-2010, 10:10 AM
And unless you've done something to that engine it is rated at 150 hp. The most hp for that year was 150 hp out of the 1.6L VTEC engine.


160hp stock.

180 is easy to get.

vpt
02-08-2010, 10:15 AM
Yeah and it took 5 minutes to get up to 60 mph. My point is that kind of engine would be great in a small town but if you get on the interstate at all your putting your life at risk, big time.


Not quite, I have also owned a 65hp 89 civic pretty much the same platform as the HF crx in the link. It faired just fine getting on the highway and could do 85-90 mph just fine.

Plain and simple what I am getting at is the car companies have accomplished hardly anything in the last 20 years.

The only thing I see that they have improved on is more plastic, more electronics, and airbags. They don't last any longer, they don't get any better gas mileage, they don't look any better, they don't drive any better, etc.

bruto
02-08-2010, 11:06 AM
A bit drfiting away from throttle by wire, but I had an 85 Civic DX hatchback, and it was far from a poor performer, at least by my relatively leisurely rural standards. It had quite enough pep to stay in traffic and get up hills, and faithfully delivered over 40 mpg for years, without my having to try. Handled well, too, though the ride was pretty punishing as it aged. My inlaws had the same thing in sedan form, and it too delivered nearly as good mileage, seated five people without undue suffering, and could pull a small boat trailer on the expressway with four adults and a full trunk on board and a canoe on the roof, and still manage well enough.


But it seems nobody wants these things now, or at least the manufacturers can't sell enough of them. Every time someone introduces a little, economical car, people flock to the first generation, but the next generation is bigger, heavier, and more powerful. Look at the evolution of the Civic, or at the second iteration of the Honda Fit, or the Toyota Matrix/Pontiac Vibe. Many of the cars we wish still existed went off the market, it seems, because they simply didn't sell well enough. When it comes down to the final buying decision, I think many people decide they'd rather sacrifice a couple of MPG in favor of the fancy options, especially if they're buying on credit. If you never actually pay cash for a vehicle, and if you're used to poor mileage and push-button performance, a couple of bucks a month difference, a few bucks a year more in gas, etc., why not get the ultra-boom stereo and the cruise control?

People who hang around a machinists' forum may not represent the general buying public very well. I'd happily buy another mid-80's stick-shift econobox with crank up windows and radio optional, but I'm guessing it's a niche market. That old Civic would outperform a Smart Car in every department and probably cost much less to build, but if you want one, you'll have to find a used one or build it yourself.

Optics Curmudgeon
02-08-2010, 11:12 AM
The problem you described was with Audi 5000s, not Saabs.

Back to rotate's point - I think a good bit of it has to do with engineers on staff who try to find something to "improve" to justify their continued employment. This is a huge problem IMHO in the software industry.

Steve.
Yep, bad memory and lack of research on my part.

joe

Lew Hartswick
02-08-2010, 11:27 AM
Yep, bad memory and lack of research on my part.

joe
One of the danger of "jumping in with both feet" before testing the
water with a toe. :-)
...lew...

Ries
02-08-2010, 11:34 AM
Well, I actually have the words "old fart" embroidered on my work shirts, but even I realize that nobody gives a damn what I think about product design, and complaining about drive by wire systems is like whining about why I still cant get the telegram boy to deliver to the front door, or why I cant get a sturdy Bell Systems rotary dial phone anymore.
And if I tried to ride my horse downtown, they would all give me dirty looks, too. ( I dont have a horse)

Sorry, but electronics in autos are here to stay. They are cheap, controllable, and require far less maintanence for the 3 year window that car makers care about.
Sure, you want a car that is reliable 20 years later- but guess what- they dont.
They wanna sell you a new one, and there is NO incentive for a manufacturer to make something that lasts forever. None.

I used to drive a 91 300zx- thats almost a 20 year old car now- and it had FIVE bloody computers in it. And no way no how does Nissan keep making replacements- I would guess that various electronic components in it are probably not even in production anymore. Luckily, it had a throttle cable- but nothing else in it was simple. Even the stereo and climate control were absurdly expensive and complicated. Those Bose speakers sounded great, though.

My point is that as long as 20 to 30 years ago, the luxury and top end cars had already changed to mostly electronic, non-user fixable, systems, and it has been moving down market ever since.

And once you let those cows out of the barn, they never go back.

In my area, there used to be these quaint little businesses called Carburetor Rebuild Shops- all gone now- I dont think you have been able to buy a new car with a carb for years and years now- I know my last one was a 86 Camaro, and that was a special order at the time- all the ones on the lot were fuel injected.

The other reason this change is inevitable is Air Quality Laws- Which is the same reason those old hondas get such good mileage, compared to the new ones.
Honda is perfectly capable of building a new version of the Civic HF now- but it would be illegal in 90% of its markets. Those engines wont meet current standards in Japan, the US, or Europe.
Governments in all three places have mandated that engines be more complicated, and less efficient in mileage, not on purpose, of course, but as an inevitable side effect of lowering emissions. Slowly, engineers are climbing back up out of the hole, increasing mileage AND keeping the low emissions, but its not easy.
And from an emissions design standpoint, you can gain a fair amount by using the ECM to control the throttle, and override the foot and brain of the driver at various times.

You can rage all you want against the dying of the cable, but it aint gonna change a thing- money, and government regulations, beat an old fart's nostalgia for simplicity every time. At least, speaking as an old fart, with lengthy experience at being beat, thats been my experience... :D

vpt
02-08-2010, 11:44 AM
^ one reason why they would consider going back.

SAFETY

Ries
02-08-2010, 12:16 PM
If you add up all the deaths, worldwide, from every manufacturer, I think the percentage would be so low, it would be way way less than your chance of getting hit by lighting.

The actual safety risk is tiny.

The marketing perceptions, and their implications on sales are much bigger, of course, and the reason for the recall.

There are tons of things about cars that are MUCH more dangerous, statistically- I am sure you are about 100 times more likely to die because somebody in front of you is driving on bald tires- but no real concerted effort is made to ensure tire replacement is timely- no big flashy news story there, after all.

Most of the time, the drive by wire stuff works perfectly well.

japcas
02-08-2010, 01:21 PM
If you add up all the deaths, worldwide, from every manufacturer, I think the percentage would be so low, it would be way way less than your chance of getting hit by lighting.

The actual safety risk is tiny.

The marketing perceptions, and their implications on sales are much bigger, of course, and the reason for the recall.

There are tons of things about cars that are MUCH more dangerous, statistically- I am sure you are about 100 times more likely to die because somebody in front of you is driving on bald tires- but no real concerted effort is made to ensure tire replacement is timely- no big flashy news story there, after all.

Most of the time, the drive by wire stuff works perfectly well.


I've been thinking the same thing. If the media wouldn't blow everything out of proportion everybody wouldn't be running around thinking their car is about to run away from them. Cars are built by people and nobody's perfect. But the media is hell bent on ruining any company they can say something bad about.

Rich Carlstedt
02-08-2010, 01:54 PM
Blame the EPA guys, the real reason for fly by wire
There is no "Free Lunch"
For every improvement, there is a detriment.
Those who fail to learn from their mistakes, are destined to re-live them

Simplicity-- is the essence of invention

Too may years in the shop, fixing "new solutions"

Rich

quadrod
02-08-2010, 03:52 PM
One has to ask, if the problem with the Lexus was and after market floor mat causing the gas pedal to stick, how come Lexus has to change the gas pedals and you can still buy after market floor mats not designed for the car? And as has been said already drive by wire is not going away. In order for vehicles to meet federal emission standards the ECM has to have total control of the throttle and transmission shift points.
And i hate to say it but the Toyota gas pedal sensor problem is only on the vehicles ( and sensors ) made in America.

Evan
02-08-2010, 04:05 PM
The big issue now in automotive design is reducing fuel consumption, not cost reduction. The fuel efficiency of a piston engine is strictly limited by the immutable laws of physics. The primary avenue to reducing fuel consumption is by reducing weight as that allows for a less powerful engine that will still produce the same performance for less fuel.

Plastics are replacing metals for this reason. Throttle by wire will replace linkages for the same reason. Servos will replace hydraulics for the same reason. If an automotive engineer can save just one pound in the design of a car he will probably get a healthy bonus from his employer. Weight is all important as it determines cost of production, cost of shipping and fuel economy. Of course the control flexibility this gives is also an important factor.

There is a simple principle that aircraft designers use. Given a particular design they will specify a lighter gauge of metal or a thinner section of tubing etc for parts that account for a large percentage of the weight. Then using the resulting weight reduction the stress and safety margins are recalculated. Often this will result in no compromise in performance because the weight saving reduces the loads which allows the use of weaker/thinner parts which are then strong enough because of the reduced weight. This process is repeated until no further improvement is possible.

The biggest problem I see in the design of almost any product is one that plagued Xerox during the more than two decades I worked there. I would see design mistakes being repeated in every new generation of machines. The reason for that is a phenomena that is relatively recent, the drift away from the idea of a "job for life" at any particular company. People at all levels in corporations move around far more than they used to. When they leave a position they take with them a chunk of "corporate memory" that reduces the overall competence of the corporation at whatever that person's assignment was. Even if that person is replaced by a similarly trained and competent individual they will not have the background in the lessons learned by the previous individual.

It's for that reason that poor designs continue to be produced even by the same company who should have learned from previous mistakes. Even if the information is preserved in a database it is rare for it to be used by new employees. In many cases they will not even be aware of the existence of such information no matter how well implemented the system is.

There is a way to deal with this issue but it is generally not very popular with design engineers. Xerox tried it and met with considerable resistance from newly hired engineering staff. The approach was to required new engineers to work in the field with the service technicians such as myself for a period of six months before they were permitted to design anything. The reasoning behind this was based on the fact that the service staff at Xerox had far less turnover that the engineering staff and many of the technicians had equivalent training to many engineers. Xerox even tried to rename the senior service representatives such as myself as Service Engineers but that met with strong opposition from the Society of Professional Engineers even though there was no legal reason to prevent the change.

danlb
02-08-2010, 04:32 PM
The original poster's question: Why are good designs replaced by inferior ones?

Sometimes they just seem inferior.

Auto designs do not change just for fun. It costs money to change the jigs and machines on an assembly line, so making gratuitous changes are frowned on.

But to say that a change is inferior requires that you really analyze every aspect of usability, reliability, cost and customer perceptions.

It may seem that the Saab system is better, but in reality the pots will age, get dirty, etc. The cable will still fray with enough use. It can still bind if pinched. Springs break or pop loose,

I like my drive by wire car. It's been ultra reliable in the 8 years that I've had it. Being designed from scratch means it was designed as a whole integrated system. That's the best way to do it.

Dan

rotate
02-08-2010, 04:50 PM
Power brakes have backup against booster failure. Power steering has backup when the pump fails. Why shouldn't the throttle control have backup?

I'm not sure if other manfacturers have used the Saab's method of having manual backup, but having a mechanical backup for throttle control seems to me like a good idea.

camdigger
02-08-2010, 05:01 PM
strong opposition from the Society of Professional Engineers even though there was no legal reason to prevent the change.

pge 11 article 13 for BC http://www.apeg.bc.ca/resource/publications/governancepolicies/documents/act1.pdf

Similar provincial and state legislation in various and assorted jurisdictions in North America.

Use of the title "engineer" is closely guarded to protect the public. At least that is the stance taken by the governments of BC, Alberta, and Saskatchewan among others.

Engineering is defined differently in North America than elsewhere in the world most notably England.

Doozer
02-08-2010, 05:01 PM
Drive by wire is the answer to a problem that never was. Mechanical throttle linkage was fine. EPA and gas mileage should not interfere with the go pedal. When I need to MOVE to avoid an accident, I need to go NOW. Not whenever the emissions system thinks it is OK to allow WOT. At cruise at part throttle, fine, regulate A/F ratio for best emissions and mileage. Idle air control motors seem to work well in a lot of cars, no need for a servo controlling the throttle plate. A servo controlled throttle idle stop would also be a good idea, as idle air control motors can clog with carbon for intake reversion. But even with a servo controlled idle stop, you still have a mechanical throttle. Heck, I still prefer linkage rods for my throttle instead of cables. These modern engineers don't know the meaning of Keep It Simple (stupid). And you will have to prove to me how having an electronic throttle makes better emissions. On a diesel engine which has no throttle plate, I can see how electronic throttle makes sense. I have driven diesels with these systems and they work well. Just make sure you give me a regular key ignition switch, and when I turn off the key, the engine brain goes dead and the injectors shut off. I know if a diesel is really pissed off, she will continue to run om the oil it sucks past the piston rings, but I would think killing the injectors would allow you to get control of it.
--Doozer

camdigger
02-08-2010, 05:30 PM
I know if a diesel is really pissed off, she will continue to run om the oil it sucks past the piston rings, but I would think killing the injectors would allow you to get control of it.
--Doozer

There have been incidents where diesel engines have "run away" on engine oil, but the incidents I'm aware of involve seal failures in the turbo. "run aways and overspeeds can also happen under conditions that have fuel in the intake air (like a wellsite or compressor installation with a leak.) This has lead to the PASO Positive Air Shut Off, a spring loaded gate valve on the intake manifold. Over speed or manual actuation are used to trip the spring loaded gate which slams shut choking off the intake air. Early supercharged 671 GMs would sometimes roll the seals when ASOs were activated.

Evan
02-08-2010, 06:00 PM
Similar provincial and state legislation in various and assorted jurisdictions in North America.


Use of the title "engineer" is closely guarded to protect the public. At least that is the stance taken by the governments of BC, Alberta, and Saskatchewan among others.



What you posted has no legal standing at all. Those are the bylaws of the Society of Professional Engineers, not government rule making. They only apply to members of the society and the only term that is protected is "Professional Engineer". The descriptive term "engineer" is not protected. Further, if you read the act you posted it specifically states:

Offence Act
43: Section 5 of the Offence Act does not apply to this Act or to bylaws made under this act

Section 5 of the BC Offence act states ( and specifically does not apply per above):

General offence
5 A person who contravenes an enactment by doing an act that it forbids, or omitting to do an act that it requires to be done, commits an offence against the enactment.


The general term Engineer has no legal protection or standing in BC.

camdigger
02-08-2010, 06:14 PM
Does in Alberta.

"What you posted has no legal standing at all. Those are the bylaws of the Society of Professional Engineers, not government rule making. They only apply to members of the society and the only term that is protected is "Professional Engineer". The descriptive term "engineer" is not protected. Further, if you read the act you posted it specifically states:"

At least get the name right.. it's APEGBC for a reason. Like Alberta, BC has an engineering act that legislates the Association into being. Their mandate is not to be a union or society, it is to regulate the practice of engineering. From what I've been told, the legislators recognized that they did not have the technical background necessary to regulate the profession so they set up the association as a mechanism so the practice of engineering would be regulated by peers. Engineering in Canada is a self regulating profession.

JCHannum
02-08-2010, 06:26 PM
The throttle by wire is not a weight saving device or a one for one replacement of mechanical throttle linkage. The gas pedal is nothing more than another sensor in the system which inputs the driver's desire to speed up or slow down. Its movement or relative position is added to many other inputs to adjust the throttle plate or admit more or less fuel depending on the system in use.

philbur
02-08-2010, 07:00 PM
I don't think computer control of the trottle is about emissions control. The only time that the computor takes over throttle control (that you will be aware of) is under specific situations, such as to reduce rpm if a wheel is spinning free or in some cases if you try to use the throttle and the brake at the same time.

Phil:)


Drive by wire is the answer to a problem that never was. Mechanical throttle linkage was fine. EPA and gas mileage should not interfere with the go pedal. When I need to MOVE to avoid an accident, I need to go NOW. Not whenever the emissions system thinks it is OK to allow WOT. At cruise at part throttle, fine, regulate A/F ratio for best emissions and mileage. Idle air control motors seem to work well in a lot of cars, no need for a servo controlling the throttle plate. A servo controlled throttle idle stop would also be a good idea, as idle air control motors can clog with carbon for intake reversion. But even with a servo controlled idle stop, you still have a mechanical throttle. Heck, I still prefer linkage rods for my throttle instead of cables. These modern engineers don't know the meaning of Keep It Simple (stupid). And you will have to prove to me how having an electronic throttle makes better emissions. On a diesel engine which has no throttle plate, I can see how electronic throttle makes sense. I have driven diesels with these systems and they work well. Just make sure you give me a regular key ignition switch, and when I turn off the key, the engine brain goes dead and the injectors shut off. I know if a diesel is really pissed off, she will continue to run om the oil it sucks past the piston rings, but I would think killing the injectors would allow you to get control of it.
--Doozer

philbur
02-08-2010, 07:12 PM
I have to agree with you that the continuous movement of people leads to a loss of corporate knowledge. However 6 months in the field, as useful as it may be, is hardly going to replace the loss of say 10 years design knowledge accumulated by the previous incumbent, even if that 6 months in the field was with you.

Phil:)


The biggest problem I see in the design of almost any product is one that plagued Xerox during the more than two decades I worked there. I would see design mistakes being repeated in every new generation of machines. The reason for that is a phenomena that is relatively recent, the drift away from the idea of a "job for life" at any particular company. People at all levels in corporations move around far more than they used to. When they leave a position they take with them a chunk of "corporate memory" that reduces the overall competence of the corporation at whatever that person's assignment was. Even if that person is replaced by a similarly trained and competent individual they will not have the background in the lessons learned by the previous individual.

..........

There is a way to deal with this issue but it is generally not very popular with design engineers. Xerox tried it and met with considerable resistance from newly hired engineering staff. The approach was to required new engineers to work in the field with the service technicians such as myself for a period of six months before they were permitted to design anything.

Evan
02-08-2010, 07:20 PM
The throttle by wire is not a weight saving device or a one for one replacement of mechanical throttle linkage.

Of course it is. When it comes to saving weight in the design of a car every gram counts. If a linkage can be replaced by a piece of wire far more than a gram can be saved. It is ALL about saving weight as well as the opportunities to improve engine control.

djinh
02-08-2010, 07:25 PM
Throttle-by-wire is needed for any kind of stratified burn engine, as more and more engines are these days. The push for those development are fuel standards and emission regulations. Both annoying, but with 800 million cars in the world today, something's got to give.

My car doesn't have a servo controlled throttle, but it's the first car I ever own that has fuel injection and electronic ignition. While I might get a car with carbs again sometime, provided all the parts are still available to do a full rebuild on them, I'll never ever go back to a car with points. Electronic ignition beats points hands down.

Give it a couple years and the drive by wire systems will improve. Saab's system seems like an excellent idea, although it might also have its weak points, as it's more complex.

Arcane
02-08-2010, 08:56 PM
Well, we do have something to look forwards to apparently, at least according to this guy. :rolleyes: http://www.youtube.com/watch?v=-jHFT1X1JDI&feature=player_embedded

duckman
02-08-2010, 09:29 PM
My 07 Explorer has drive by wire and if I had known that it would still be on the lot . Pulling out from a stop sign with a gap in traffic that I would always make , so I stomp on the gas and start to coast thru the gap because the stupid computer wouldn't open the butterflys what seemed like forever actually it was only about 2 or 3 seconds engine finally accelerates and I don't get crushed by the big truck . Went back to Ford after changing my shorts and they had to reflash the ECU because there was a glich in the programing so much for technoligy .

J Tiers
02-08-2010, 11:14 PM
My 07 Explorer has drive by wire and if I had known that it would still be on the lot . Pulling out from a stop sign with a gap in traffic that I would always make , so I stomp on the gas and start to coast thru the gap because the stupid computer wouldn't open the butterflys what seemed like forever actually it was only about 2 or 3 seconds engine finally accelerates and I don't get crushed by the big truck . Went back to Ford after changing my shorts and they had to reflash the ECU because there was a glich in the programing so much for technoligy .

And so much for verified programming..................... Another incidence of programming messups which made it through into production.
.
.
.

.


Corporate memory:

At my previous employer, I instituted a "mistake repetition preventer".

We had a procedures book, which everyone had a copy of. As a part of that, I had a 'gotcha list" included. This was a list of all the design mistakes and "hidden gotcha's" which we had run into over the years, with a short explanation of each, what happened, what was wrong, what fixed it.

it was regularly added to, and eventually was put "online" on our network.

new guys were required to read through it, and it did prevent quite a number of repetitions. While we didn't have a lot of turnover, obviously not everyone was involved with every project, and so the knowledge of goofups was not 'common knowledge".

danlb
02-08-2010, 11:43 PM
RE: the assertion that 'by wire' does not help emissions...

Slamming the throttle plate open messes up the air/fuel mixture and does not necessarily provide maximum acceleration. The old carburetors had pumps that would squirt raw gas into the air stream so it would not starve when you floored it.

Properly done, a computer control can maximize the performance despite the actions of a bad driver or one who is panicked, making it safer than traditional designs.

Dan

Doozer
02-09-2010, 01:50 AM
"The old carburetors had pumps that would squirt raw gas into the air stream so it would not starve when you floored it."

So do injected cars. It's called a TPS. It tells the computer when an accelerator pump enrichment is necessary. You do not need drive by wire to get accelerator enrichment.

--Doozer

Evan
02-09-2010, 08:10 AM
And so much for verified programming..................... Another incidence of programming messups which made it through into production

Give me a break. On the basis of a second hand anecdote originally spoken by a person that wouldn't know a programming error if it bit him you are willing to pronounce that the concept of verification is dead.

There are reasons that poor programming sometimes does make it into production and it has nothing to do with mistakes in the code. I had a Chevy Astro for a couple of years that I ordered with a 5 speed manual instead of an automatic. It had a serious driveability problem at low speed. If you let off the gas and then gave it just a bit back to adjust your following distance behind a loaded logging truck, for instance, it would do nothing at all until you had pressed the throttle a significant amount at which time it would violently lurch forward.

To prevent running into the ahead traffic you had to remove all throttle which caused the entire sequence to repeat. The only alternative was to ride the brakes and that was not a very good idea as we have steep hills with some very long grades.

I complained repeatedly and was told they couldn't fix it. I finally insisted on talking to an actual engineer in the design department and asked him what was up with the ECU. He explained that the problem was caused by a piece of code that simulates the action of a dashpot that prevents the engine from dying when you completely remove your foot from the gas. This bit of code only applies to automatic transmissions but because they sold so few standards they had not developed an alternative to the auto version of the code. It was purely a business decision that resulted in inappropriate code being used to control a standard instead of developing a separate version for standard transmissions.

MrSleepy
02-16-2010, 04:36 PM
Here in the UK we have a body who produce the EMC journal..a monthly tutorial free to electronic engineers who have to comply with ever changing regs..

They have just emailed me this...Its a very large document so I have just taken the first part..but I can post the rest if theres interest..


========================================


Toyota “sticking pedals” recall is a smokescreen



Their sudden unintended acceleration problem is caused by electronics



either due to EMI, lead-free soldering or software “bugs”




By EurIng Keith Armstrong FIET, C.Eng, ACGI, www.cherryclough.com (http://www.cherryclough.com/),
phone/fax: +44 (0)1785 660 247, 13th February 2010

1 US Government’s NHTSA contacted me for advice on EMI and Toyota electronics
2 CTS pedal replacement could not have saved Mark Saylor and his family 2
3 It is difficult/impossible to stop a runaway vehicle with the brakes 2
4 EMI generally leaves no trace of a “defect” after an incident 2
4.1 Why no “defect” can be found afterwards 2
4.2 “Latch-up” as a possible cause 3
4.3 What kind of misoperations can occur? 4
4.4 “Black Box” data recorders 4
4.5 Redundancy 4
4.6 Lack of evidence proves nothing 4
5 Complex electronics cannot be reliable enough for safety-critical systems 4
6 EMC testing cannot prove EM immunity for safety-critical systems 5
7 Auto electronics do not employ safety principles that have been commonplace, even mandatory, in many other industries for decades 6
7.1 “Fail safes” must be independent systems 6
7.2 Making the driver the back-up for vehicle control failure is bad practice 7
8 Standards 7
9 Lead-free soldering 7
9.1 Tin whiskers 8
9.2 Brittle solder joints 8
9.3 Tin Pest 8
9.4 Higher soldering temperatures can weaken components 8
10 Software 9
11 References 9



1 US Government’s NHTSA contacted me for advice on EMI and Toyota electronics

The US Government’s National Highway Traffic Safety Agency (NHTSA) has been wanting to speak to me for some weeks, to discuss the EMI implications of Toyota’s spate of sudden unintended acceleration incidents. They said they wanted to speak to me because they had no-one on their staff with my experience or knowledge of EMI and EMC.
I imagine the fact that I’ve been presenting IEEE EMC Symposium papers on EMC and Functional Safety since 2001, including one addressed to the auto industry at a symposium in Detroit in 2008, played a part in their decision.
They also said they wanted to speak to my colleague, Dr Antony Anderson (www.antony-anderson.com (http://www.antony-anderson.com/)), a forensic electrical engineer, because they had no-one with his knowledge or experience either.
I eventually spoke for over an hour with two of their senior officers, on February 2nd, while I was in Florida attending a Sudden Unintended Acceleration case as an Expert Witness against the Ford Motor Company (my first ever appearance in court, anywhere, for any reason!).
Unfortunately, a confidentiality agreement prevents me from describing what we discussed.
2 CTS pedal replacement could not have saved Mark Saylor and his family

California Highway Patrol officer Mark Saylor and three family members, were all killed when their Lexus crashed and burned after a 100+mph race down a highway in San Diego County, on August 28, 2009, see http://suddenacceleration.com/?p=302.
During the incident one of his family phoned 911 and spoke to the emergency services for nearly one minute, you can hear a most distressing recording of the call at http://suddenacceleration.com/?p=431.
It is not credible that a Highway Patrol officer with Mr Saylor’s 19 years experience would have pressed the wrong pedal, or been unable to deal with a gas pedal that got stuck on a ridge in the floor mat, or was a bit sticky, for over a minute with a car full of passengers.
And CTS, whose alleged “sticky pedals” are being replaced in the current Toyota recall, recently said (see: www.google.com/hostednews/afp/article/ALeqM5jXlnWY76DKARDE459OFtAWoYEZdA (http://www.google.com/hostednews/afp/article/ALeqM5jXlnWY76DKARDE459OFtAWoYEZdA)) "CTS wishes to clarify that it does not, and has never made, any accelerator pedals for Lexus vehicles and that CTS also has no accelerator pedals in Toyota vehicles prior to model year 2005".
It was Mark Saylor’s terrible fate that started this current media furore over runaway Toyotas, which started off as a “Toyota Sudden Acceleration” story.
But I note that over recent weeks it has morphed into a “Toyota Sticking Pedals” media story, with terrible accidents like Mark Saylor’s played down – as if a floormat or sticky CTS gas pedal could somehow have been the cause of his death along with three members of his family.
3 It is difficult/impossible to stop a runaway vehicle with the brakes

Tests performed by the motor industry, by the Japanese Government, and for the US Government, including recent tests by Toyota on its ES-350, all show that it is very difficult indeed – and may be impossible for some people. Even if you do manage to do it, the stopping distance is enormous.
This assumes that the brake pedal is pressed only the once, and is kept firmly pressed down until the car stops, and is not ‘pumped’.
Many people have been taught that if the brakes don’t stop the car quickly enough, pumping can help increase brake pressure. This is the wrong approach when the engine is high-revving because in this condition it does not provide much vacuum for the brake booster. If you press the brake pedal more than just the once when the engine is revving flat out – you lose the brake boost from its vacuum servo and braking effectiveness is actually lost.
4 EMI generally leaves no trace of a “defect” after an incident

4.1 Why no “defect” can be found afterwards

Switch on a light. Then switch it off. Now prove that the light was ever switched on.
You can’t do it – the electricity that flowed in the circuit leaves no trace.
Electronic circuits can operate in many ways, and as design engineers we are used to improving them so that they behave the way we want them to with sufficient reliability for the application they are intended for.
Even if the vehicle in question was left running with its engine screaming away, it would take quite some time to get the appropriately-skilled people and their electronic test gear to the site, by which time the vehicle may have run out of fuel or the engine may have overheated and failed for some reason due to its unusual stress, or the consequences of damage in the accident.

========================================

Rob

vpt
02-16-2010, 05:15 PM
Useless technology...

Put the cable back in!

lazlo
02-16-2010, 05:52 PM
Their sudden unintended acceleration problem is caused by electronics either due to EMI, lead-free soldering or software “bugs”

I think that's correct. NPR had an article about it last night, and the Toyota rep said that the throttle would run out of control when the car "hit a bump or a pothole." The article also mentioned that there was a related issue that caused the headlights to go out :rolleyes:

That sounds like a wiring problem is causing a software glitch. I've fixed glitches like that in software by adding hysteresis to the input sampling. In other words, a low-pass filter.

JCHannum
02-16-2010, 06:07 PM
There is still too much going on in regards to this problem for it to have been as simple as a loose floormat or a sham shim. Toyoda himself is over here making excuses and production is still on hold. I don't think the problem has been identified or, if it has, a true solution found.

Al Messer
02-16-2010, 06:15 PM
Personally, I like the system found on the 1931 Ford Model "A", et al----where the "brains" were to be found in the driver, not the car.

lazlo
02-16-2010, 06:16 PM
Jim, I got the impression from the Toyota web page you linked that there are two sets of problems, affecting different cars; the electronic throttle issues with the Prius et al, and the floor mat entrapment issue with the Camry et al.

According to the Toyota video, the floor mat entrapment problem is "fixed" by beveling the bottom edges of the accelerator pedal.

JCHannum
02-16-2010, 07:57 PM
There appear to be several problems occurring in different cars in their line. The Prius is a brake problem, which is in addition to the floormat and gas pedal. They all seem to hinge on failure to stop or "unintended" acceleration, which might be a stuck pedal or not.

These things do feed on themselves, there have been several more fatalities reported recently, so it is difficult to sort the various problems out as to whether they are real or imagined. There does seem to be some serious problem throughout their line. It could be simple, but transient or intermittent faults are almost impossible to find at times.

J Tiers
02-16-2010, 11:24 PM
Give me a break. On the basis of a second hand anecdote originally spoken by a person that wouldn't know a programming error if it bit him you are willing to pronounce that the concept of verification is dead.

There are reasons that poor programming sometimes does make it into production and it has nothing to do with mistakes in the code. I had a Chevy Astro for a couple of years that I ordered with a 5 speed manual instead of an automatic. It had a serious driveability problem at low speed. If you let off the gas and then gave it just a bit back to adjust your following distance behind a loaded logging truck, for instance, it would do nothing at all until you had pressed the throttle a significant amount at which time it would violently lurch forward.


I complained repeatedly and was told they couldn't fix it. I finally insisted on talking to an actual engineer in the design department and asked him what was up with the ECU. He explained that the problem was caused by a piece of code that simulates the action of a dashpot that prevents the engine from dying when you completely remove your foot from the gas. This bit of code only applies to automatic transmissions but because they sold so few standards they had not developed an alternative to the auto version of the code. It was purely a business decision that resulted in inappropriate code being used to control a standard instead of developing a separate version for standard transmissions.

Check over what you wrote......... with special attention to the parts of what you wrote which I have highlighted.....

I am NOT INTERESTED in "excuses" as to *why* the wrong code is used, I AM interested IN THE FACT THAT IT WAS USED.

The "business decision" must, in any rational company, have been based on the idea that there would be no harm done, that it would have no consequences. The "decision makers" must have consulted with the engineering folks. And in your case, since you are still around, presumably there WAS no harm done.

But the code was the "wrong code", no matter what the "excuse" is for having used it, and no matter that it has no serious direct safety impact in this particular specific case.

That driveability issue might be viewed quite differently if it were common on merging with traffic, or trying to get off the tracks before the train hits. let a few fatalities come from non-response to throttle....... The media would be all over it.

The VERY SAME general sort of reasoning may have been used back in the upper reaches of Toyota with regard to throttles, or brake over-ride, etc, etc, etc. That sort of thing IS HOW THESE PROBLEMS GET OUT. They know there is a problem, or fail to test for all problems, and make a "business decision" to let it ride.

That is almost a textbook example of one way bad engineering gets into the field. Your example is the very opposite of a good illustration of your point.

But, wait... it is only an "anecdotal report" by a person who "may not know a programming (or engineering) error if it bit him" . We cannot attach ANY significance to it....... :D

Weston Bye
02-17-2010, 06:04 AM
Here in Michigan we have quite a few manufacturer's test vehicles on the road. Just a few days ago I saw, right here in downtown Grand Blanc, a Mustang with a manufacturer's license plate - and an industrial grade Emergency Stop mushroom head pushbutton mounted on the top of the dashboard.

Don't know its purpose or function, but the observation seemed somehow relevant to this thread.

JCHannum
02-17-2010, 06:45 AM
Here in Michigan we have quite a few manufacturer's test vehicles on the road. Just a few days ago I saw, right here in downtown Grand Blanc, a Mustang with a manufacturer's license plate - and an industrial grade Emergency Stop mushroom head pushbutton mounted on the top of the dashboard.

Don't know its purpose or function, but the observation seemed somehow revelant to this thread.

I know several people who have owned Fords that shut off at odd times for no reason and would not restart. Are you sure it wasn't an "Emergency Start" button?

Evan
02-17-2010, 07:02 AM
I know several people who have owned Fords that shut off at odd times for no reason and would not restart. Are you sure it wasn't an "Emergency Start" button?


That is a common problem with Fords. The usual cause is the impact sensor on the right side firewall just above the floormat. On the pickups like my Ranger it is in a position where it can be kicked easily which will turn off the fuel pump. It has a reset button if you know about it. More common is that the switch becomes phase of the moon dependent and will very intermittently go open for a little while and then start working again for no particular reason.

Evan
02-17-2010, 07:09 AM
That is almost a textbook example of one way bad engineering gets into the field. Your example is the very opposite of a good illustration of your point.


You obviously don't get the point. The point is that it wasn't a programming error but a business decision that was responsible. There is a very big difference as to where the incompetence lies. If, in your infinite wisdom, you are going to apportion blame then you should try to be sure you blame the right parties.

J Tiers
02-17-2010, 08:52 AM
You obviously don't get the point. The point is that it wasn't a programming error but a business decision that was responsible. There is a very big difference as to where the incompetence lies. If, in your infinite wisdom, you are going to apportion blame then you should try to be sure you blame the right parties.

And please explain HOW this matters?

There is nothing "obvious" about me "not getting it" here..... YOU may not understand your OWN point... the results are what gets out... the *intentions* or the *exact point of internal blame* is totally irrelevant to the results.

There may BE an engineering fault, and then a subsequent "business decision" by the "suits" to let it go.

or it may be that engineering offered a "feature" or a "solution to field issues", and the "suits" rejected it.

Or there may be a real engineering messup.

it is of no real relevance, because any way you slice up the corpse, the fact is that a fault or unaddressed issue got out. The exact *path* that took in not getting fixed isn't the point, except for the new manager to address when he takes over for the disgraced one.

In the case of Toyota, the real base issue is almost CERTAINLY blameable on the "suits". It seems to have been the "suits" who refused to put in the brake over-ride, since they are already now back-pedaling fast and promising to put it in soon. Most likely it was almost ready and the "suits" decided not to spend the added time to finish it, and qualify it for production.

But, who cares? Cars got out of Toyota, for example, that for one reason or another have been known, for years, to have a "sudden acceleration" problem, and a KNOWN good solution was not applied.

I doubt if the families of the 34 people who are alleged to have been killed by the effects of this problem really care one way or the other... it is "Toyota" that got their relatives killed.

Nor does your example show "incompetence" in the business area..... The business folks surely asked engineering whether this would be an issue, and were told things that amounted to "no". And they went with that, as they SHOULD.

The incompetence comes back to roost on the engineering top folks, the engineering "suits".

MrSleepy
02-17-2010, 02:58 PM
To save fighting the character limit I found a direct link of their website for the document..

http://www.nutwooduk.co.uk/downloads/Toyota.doc

Rob

Evan
02-17-2010, 03:25 PM
And please explain HOW this matters?


Look at the topic title Jerry.

J Tiers
02-17-2010, 10:27 PM
Look at the topic title Jerry.

I did, ONE OF THE REASONS *good design* is NOT used is because of the factors that you unknowingly mentioned....... And I picked up on and brought forward. This is directly down the middle of the on-topic path here....

"OT: good design and why it's not used (e.g. Toyota pedal problem)"

management interference is a very common reason for the lack of an obvious improvement, or not implementing a useful or even safety-improving new idea. Or why another round of complete testing is nixed,
because people are TOLD NOT TO USE IT by others (usually "suits") in the company.

I am afraid you do not understand how a business with an engineering department actually works.... the very close relationship of engineering projected costs, and the decision to allow development or use of some idea. And the huge influence of the corporate legal department.

An improvement to safety may be nixed by legal because it theoretically could amount to an admission that prior designs were unsafe and open the door to thousands of lawsuits.

or the cost of development is too much, in the manager's opinion, and won't pay back.

Or the incremental product cost increase is estimated to put the product too high to be competitive.

Or because the change is deemed by management to be "too small to be a problem" so another round of testing is not required.. and funds for it are not released


Just a couple of the reasons why "good design is not used".....

vpt
03-12-2010, 10:02 AM
http://www.youtube.com/watch?v=lZ4PtafRB9c

Deja Vu
03-12-2010, 11:45 AM
http://www.youtube.com/watch?v=lZ4PtafRB9c

That's a very "interesting" video about stopping the vehicle, but my question remains...."Why did the car accelerate in the first place?"
(assuming the guy wasn't a good actor and that he's out for something):D

I just can't believe that the media hasn't delved into this particular situation for the problem! :mad: . Did everything go back to "all systems normal" after the incident?

At what time did the "stuck pedal return...as the guy said..."it wouldn't move"...geesh:confused:

I want updated details from the media.....

winchman
03-12-2010, 12:46 PM
I wathced the news report, and read the article about the guy with the runaway Prius in CA. I also listened to the 911 call where the operator asked him if he had tried to put the car in neutral. "No." I think they must have edited out the "DUH".

Later he said he thought the car might flip if he put it in neutral. Considering what (he says) was ALREADY HAPPENING, it seems like putting the car in neutral might be a safer bet.

My conclusion is that the guy is a scammer. He's in debt over his eyeballs:
http://www.usatoday.com/money/autos/2010-03-12-prius12_ST_N.htm?csp=34

There's an huge spike in reports of problems with Toyotas:
http://news.yahoo.com/s/ap/20100311/ap_on_bi_ge/us_prius_panic_7

Between the honest people with real problems, the scammers, the idiots, and the government regulators, Toyota's getting royally shafted.

nheng
03-12-2010, 04:18 PM
One of Toyota's VPs says Toyota is mystified at the acceleration:

"Esmond explained that all Priuses have a computer system that will cut power to the wheels if the brake and gas pedals are pressed at the same time"

As a designer of hardware and software for embedded and other systems, I have to give this guy a big "DUH !" He's never heard of crappy software (firmware) ... oh wait a minute, perhaps no one has ever mentioned crappy software to a VP !

Sounds to me like the problem may be in the cruise control system as that has access and the ability to force acceleration. Nothing has been mentioned that has much meat to it ... just the BS "carpet" and "sticking pedal" crap.

And I'm sure Toyota is ISO. Let's see their development and design validation plans. No, wait, let's see ALL of the automaker's development and design validation plans. I'll bet there is a ton of stuff out there designed by interns and inexperienced developers that gets hit by budget and delivery constraints and goes out the door with "just enough" testing.

I'd like to think more highly of the development teams themselves but the problem is that they all buckle under as corporate pressures and quarterly reports take precedence over a bit more testing, safety and failsafe mechanisms.

Don't give me a #%$%@# microcontroller as the failsafe mechanism for my freakin car's brakes, ABS or cruise control. Give me a hard line control to it ! !

Den

Evan
03-12-2010, 05:08 PM
I am afraid you do not understand how a business with an engineering department actually works.... the very close relationship of engineering projected costs, and the decision to allow development or use of some idea. And the huge influence of the corporate legal department.


No, but I may not understand how your engineering dept works. I worked with the company engineers sometimes daily in my job. You seem to forget that I worked for a giant multinational with more engineers than most large companies have employees.

If there is a way to design a machine badly I have seen it. I have seen designs so bad that they were quietly pulled from the market after only a few months. I am fully aware of the reasons that good designs are not used, time after time.


I did, ONE OF THE REASONS *good design* is NOT used is because of the factors that you unknowingly mentioned....... And I picked up on and brought forward.

You give yourself far too much credit Jerry.
--------------------------------------------------------

This recent event reeks of either extreme stupidity or fraud. Maybe both.

What I saw on the news is that;

A: The cop did nothing to slow him down. He never made contact with the vehicle.

B: He slowed down to 50 because the car doesn't climb hills very well.

C: He brought the car to a full stop using only the parking brake.

There are some very pertinent unanswered questions in these events.

Why are people mashing the pedal to the floor, especially in the high powered vehicles?

Has anybody checked to see if the vehicles have brakes in good working order rather than worn badly? It seems to me that people that routinely mash the pedal to the floor might also need to replace brakes more often than most.

What is the driving record of the people that experience these events compared to the population at large? How many speeding tickets do they have?

Who last worked on the vehicle?

darryl
03-12-2010, 05:12 PM
I drive a Toyota- it has a mechanical linkage to a Chevy fuel system component- a carburetor! It also gets no more than 17 mpg. Safest vehicle I've ever driven. Brakes used to be excellent (master cylinder is shot now). There's enough room under the hood for a kitchenette, and you can actually see the engine block. In the 36 years I've owned it, I have NEVER been left stranded because of a failure that I couldn't fix on the spot. The only time it didn't get me home was when I ran out of gas. It had a self-sticking gas pedal (a manual throttle control) that you could use if you had to get out and help coax the vehicle over an obstacle with the engine running and the tranny in gear (bull low).

That vehicle has been the only one to not let me down when others failed- the Astro being the worst of those. I fully understand the need for engine control systems to minimize emissions and maximize economy- and in fact here we are, right at the future, waiting for our chance to burn to death in an invisible hydrogen fire. Or I suppose, get mashed into oblivion because a computer has decided that more speed was called for- or that gee, you don't need the engine right now, do you? Or even climate control- high tech blowing around of the BPH and BPA coming out of those 'safety' interiors- here we are becoming feminized as we drive around saving the planet from ourselves- Well, I guess we really are saving the planet- soon we won't be able to reproduce and within a few hundred years the planet will not have us around to -uck things up :) Put an M in there if you want.

I don't know- I don't want to toast the planet, but I don't want to become a victim because of the complexity of modern systems and electronics. I was just reading about electronic parts being susceptible to random cosmic particles, where a transistor for example, could fail because a certain particle happened to pass through it. Even if all that happens is a delayed acceleration while entering a freeway- I think all this modern technology is putting us in greater peril than in times past when we relied on mechanical systems.

Just a little rant, I'm ok now. I think-. Maybe I'll walk to the store- the back way, so I'll have a chance to jump out of the way of those runaway Toyotas

Evan
03-12-2010, 05:24 PM
I see one thing coming out of this for sure. If you are tooling along the freeway in your Toyota at 20 over the limit and a cop comes up behind you mash the pedal all the way down and start frantically waving at him while you put the e-brake on halfway to generate some burnt brake aroma.

Wanna bet that something like this gets named "The Toyota Defense"?

lazlo
03-12-2010, 06:22 PM
Wanna bet that something like this gets named "The Toyota Defense"?

Yeah, I've been calling around town trying to rent a Prius for my free high-speed pursuit :)

vpt
03-12-2010, 06:44 PM
Yeah, I've been calling around town trying to rent a Prius for my free high-speed pursuit :)


That sounds like a fun time!

Rookie machinist
03-12-2010, 06:51 PM
That you-tube video was dead on. The major problem is not the sticking pedal but the lack of knowledge most drivers have on how to operate their vehicle. Shifting to neutral should be an automatic response to this situation not caling the news and 911. Yes I know Toyota has a problem but it should not have ever resulted in a single death on the highway. People not having the knowlege on how to shift into neutral or shut off the vehicle is the major issue.

SOSMFG
03-12-2010, 07:44 PM
Yeah, this thread is very muddy, and deep...and as to now doomed by extranious, made meaningless over-obviscation-to-fact as read except for you, darryl- your opinion is that of mine. Thanks for sayin' it, brother!, as we continue to communicate by the very means of our downfall in this, our present society...Next?

saltmine
03-12-2010, 08:41 PM
"The Toyota Defense" That sounds like the one that got O.J off the hook...
"If de glove fit, you must acquit."

I just got back from Phoenix...(almost 500 miles back and forth today.)

I've noticed one thing about most Toyota drivers. They ALL like to drive 20mph over the posted speed limit, except one guy...He was driving 50 mph over the speed limit. When he finally slowed down, you should have heard the racket coming from under his hood. The brakes smelled like they were burning. The transmission must have been in "NEUTRAL" because the engine was wailing, back-firing, and detonating as the RPM's bounced off the rev limiter.

Yes, I waved as I drove past.

Carld
03-12-2010, 09:28 PM
The idea of shifting to neutral may have a problem. I think the Lexus and Prius have push button shifting that is controlled by the ECU just as the throttle is and I believe the method of starting and stopping the engine is with a push button also controlled by the ECU.

As I understand it the reason they can't shut the engine off or take it out of gear is the ECU won't allow it. Several people have said they tried to shut the engine off and it just kept running. One Prius owner that was assisted by a cop said he was afraid to put it in neutral because he might hit reverse. I guess he figured it was better to run into something at 94 MPH than tear up the transmission. He also couldn't get the engine to shut off until after several tries.

It kind of tells me they have an ECU and sensor problem. I am wondering if the government is waiting until a Toyota kills 10 or more people in one accident before they take the Toyota's off the road. I guess Toyota is paying the government to much money for them to shut them down until they fix the problem.

I just hope any Toyota's that fail are in front of me on the road. As long as they don't hit me or my family or friends they can run helter skelter and kill all they want to.

Rookie machinist
03-12-2010, 10:01 PM
The prius still has a stick for shifting the gears and it goes into neutral very easy, tried that and the shut down in my father-in-laws prius yesterday and they both worked fine. Takes about 5 seconds of holding the power button for the engine to shut off.

steve45
03-12-2010, 10:21 PM
One Prius owner that was assisted by a cop said he was afraid to put it in neutral because he might hit reverse. I guess he figured it was better to run into something at 94 MPH than tear up the transmission. He also couldn't get the engine to shut off until after several tries.
I didn't believe that guy from the start. He waited until after he called 911 and got the cops and the choppers out before he tried to turn it off.

Rush was talking about him today, he's deeply in debt, has previously filed bankruptcy, has been on some sort of TV game show, etc. Sounds like a publicity hound that's looking to file a lawsuit to me...

wdtom44
03-12-2010, 10:24 PM
In reading all these posts about engines and speed controls, it makes me think of the GM two cycle diesels I worked on in the nave back in the late 60. Some had an emergency shutdown incase the engine ran away or otherwise failed to act normal. This device was a flap, sort of like a choke valve, that, with the pull of the emergency shut down control, would block the air intake, shutting down the engine even if it was running on crankcase oil. This device had to be reset before the engine would start. Reminds me of a story. Worded for a small company that got truck deleveries from time to time. Driver showed up with a rented tractor, shut it down and we unloaded the truck. When he went to start it it would only fire once or twice and then just crank and crank. He had the hood open and I looked in and thre was a GM diesel and on top, (this one was in a V shape) was the blower and right there was the emergency shut down and it was tripped. Reset it and told the driver to start it. He did. Explained to him what he did and away he went happy. As a green engineman in the navy myself and another spent a while finding a similar problem on a landing craft. Must have learned well as it is quite a few years ago for both. Anyway, such a shutdown and a red handle to pull would shut down any runaway engine.

Carld
03-13-2010, 12:04 AM
Hmm, I missed Rush today because my station had a damn basketball game on instead. I was a little skeptical about how that event went down when he said he was afraid to shift to neutral.

Evan
03-13-2010, 12:36 AM
Turning off the power to the fuel pump will shut down any engine with an electric fuel pump.

J Tiers
03-13-2010, 08:24 AM
Turning off the power to the fuel pump will shut down any engine with an electric fuel pump.

Except for a diesel with bad oil control rings........................ etc.


Generally true, however, and an excellent way to stop a GAS engine via the control computer.


One difficulty with all these potential new safety systems is not being mentioned very much........

THEY KEEP THE ENGINE (and vehicle) FROM RUNNING

That's fine in the case of a problem. But the ONLY TIME so far that my S10 has failed to run when I turned the key, was when the *security system* (which I would like to disconnect) decided that I was stealing my vehicle, and shut it off in 2 seconds. Would NOT run. A $700 repair, which GM ate.

Safety systems and sensors are a prime cause IIRC of rocket launch delays, such as the shuttle. If safety systems can't be kept running for single high value vehicles, your dime a dozen "we don't care" vehicle is not going to do better.

Safety systems, as they proliferate, will likely become a prime reason for cars not running. The IC engine is pretty reliable, after around 150 years of development. It's the stuff around them that fails.

So.............

Right now we have vehicles that either do really "run away", or user error cases which may be due to poor design also.

In the future...........

Will we then start with the "my Toyota shut down and screeched to a stop in the middle of the freeway at 60 mph and triggered a 30 car pileup" cases?

I think it is VERY likely that such things may occur if enough safety shutdown stuff is piled onto existing cars....... Unless the vehicle control programming is evaluated by 3rd party certification agencies. I have no information as to whether this is done now, but the reports tend to suggest that it is not, and that there is no requirement for it.

There are standards for safety-related computer programs, and there are agency certification standards for safety-critical software.

As to whether this would have a big effect, that is questionable. There are other parts besides the program, sensors, computer hardware, wiring, etc, all of which can suffer from vibration and poor maintenance. The lead-free solder usually used in VCUs can have a short life under wide temperature swings.

However, certified software could eliminate some questions. There is no credible argument that vehicle control software is NOT "safety critical software".

saltmine
03-13-2010, 09:12 AM
The one I'm waiting to see go "haywire" is the "self park" feature Lincoln-Mercury is advertising on TV commercials. They show a guy pulling up next to a parked car, pushing a button, and the car parks itself, backing into the space behind the parked car.
That scenario would be hilarious on the freeway at 70mph.

Tony Ennis
03-13-2010, 09:52 AM
We had a procedures book, ... a 'gotcha list" [was] included.

Back in the day, I worked for a company that sold training simulators for chemical plants as well as process optimizers. We'd help companies reduce their costs/increase their production by simulating their chemical plant with a variety of control settings being changed based upon how much of what type of fuel was available, etc. We could generally get 10% more product out of a typical chemical plant. The chemical plant designs were pretty standard, so we'd get out our standard manual, copy/replace the boiler-plate company name with the real one, and make tweaks. It worked well. Until one day. You see, this manual was about 4" thick and very very dense. No one read it more than once. One of our clients had made a significant change to their chemical plant. This was duly noted and properly documented in the manual. Engineers got to work, and produced... the wrong model. We lost a few millions dollars by the time the rework was completed and penalties for missing our deadlines were paid. The engineers didn't read the manual because it was thousands of pages of the same crap they had already read. No one told them the plant was different. While it doesn't excuse them or the project manager you can understand how it could happen.

Had the documentation read, "It's just like project X, but with these fundamental changes...", the engineers would have been all over it.

vpt
03-13-2010, 10:03 AM
We don't need any more safety features in cars. We need people to smarten up and know how to control their vehicles.

RWO
03-13-2010, 01:49 PM
Drive by wire is necessary for the computer to control the throttle when the traction control and stability control software kicks in. It also aids fuel economy slightly.

RWO

Thruthefence
03-13-2010, 03:10 PM
Steve, that guy seemed a little shaky to me, as well. On the interview I saw, the body language of the newsman doing the interview was "this guy's a grifter". Too nervous to knock it into neutral, but not to nervous to use a cell phone? And first trip after leaving the dealer? This has a "balloon boy" feel to it.

Paul Alciatore
03-13-2010, 03:53 PM
The problem you described was with Audi 5000s, not Saabs.

Back to rotate's point - I think a good bit of it has to do with engineers on staff who try to find something to "improve" to justify their continued employment. This is a huge problem IMHO in the software industry.

Steve.


Exactly my first thought. Rooms full of engineers that have to justify their existance. And who must "shine" above the others to get raises and promotions.

dwilliams35
03-13-2010, 04:53 PM
If you can't improve upon perfection, scrap it and do it a different way...

We get that a lot: we've got twenty years worth' of machines that essentially do the same thing: the oldest has push-pull actuators on the console that run, via cable, to hydraulic controls... The newest have touch screens attached to PLC's with PID loops running servo amplifiers that run proportional valves.. I'll give you three guesses which one runs better. Another three guesses about which one's easier to diagnose a problem with..

Bill736
03-13-2010, 09:58 PM
I have serious doubts about the reliability of automotive grade electronics, and I'm not surprised to see problems arising. Electronics are used in modern cars extensively, especially for engine controls, and I've seen so many premature failures in those electronics that's it's alarming. There's been a huge rush to introduce electronic engine management to improve fuel economy and meet emissions standards, without a parallel increase in the reliability of those electronics. I've seen cars that were traded in or junked because a new control " computer" costs more than the car was worth.
In some cases, new engine management computers are not even available for orphan model cars . Mechanics have often been reduced to mere " parts changers" because of the impossibility of repairing " black box" electronics. The intermittent nature of many electronics problems makes a positive diagnosis impossible, and if you don't have a stock of replacement parts on hand to start trying, you're in trouble. The onboard diagnostics system on modern cars only detects certain problems, and ignores many others. The problems Toyota has had with duplicating the " runaway" conditions owners have reported is typical of electronics problems. My lady friend had stalling problems with her Geo Metro which required a tow back home twice, after which the car would run fine for a couple of days. The Chevrolet dealer had the car for four days and several test drives, with no problems. On the way home from picking up the car at the dealer, it stalled and would not restart. The dealer recommended a new engine management computer, which normally cost $1000, but was no longer available. She had little choice but to buy another car.
I'd rather take an older car with a carburetor on a cross country trip than a new electronically controlled car, because at least trouble with the old car can be diagnosed and repaired by most garages. The reliability of automobiles has been reduced to that of home entertainment electronics, and that's pathetic.

vpt
03-17-2010, 11:04 AM
I heard on the news yesterday that people are starting to ask toyota to buy their cars back.

This coule be the fall of toyota in the end. Government motors will be happy.

Black_Moons
03-17-2010, 11:35 AM
I know my dad drove his car for *YEARS* with the engine 'service soon' light on because when he took it in, what failed was a $10 sensore that would require $500 labour to get at and replace. I wonder what other stuff failed in the meantime that he never got looked at and produced worse emissions.

Too many sensores/saftys spoil the product. Especialy when they are not designed to be maintainable. Failure can be acceptable if the fix is quick and easy. (Oil, air and fuel filters all get perodic replacement and is easy, why are the engine sensores any more complicated to access/replace?)

vpt
03-17-2010, 11:45 AM
Yeah, what happened to engine bays that look like this?

http://image.classictrucks.com/f/17928852/0905clt_05_z+1949_ford_f1_pickup_truck+engine_bay. jpg

lazlo
03-17-2010, 12:00 PM
Yeah, what happened to engine bays that look like this?

Too high-tech. I want to go back to this, no run-away controls:

http://oregontrail.org/oregon-trail-pics/covered-wagon.jpg

Evan
03-17-2010, 12:12 PM
I have serious doubts about the reliability of automotive grade electronics, and I'm not surprised to see problems arising.

Automotive grade electronics (it is an actual grade too) rarely fail. They are the same spec level as MIL spec in most cases, rated for much larger temperature ranges and voltages than commercial home entertainment grade parts. The most common failures are the same as they have always been, connectors and bad grounds, vibration induced failure of solder joints and similar. Actual failure of the active parts is most unusual unless you have some turkey hooking up booster batteries backward. I have been driving new vehicles every couple of years since 1975 and have never seen an ECU failure or any other significant failure other than relays and connectors.

The automotive environment is about as harsh as it gets with operating temps from -50 to 150F. Add in salt water spray and repetitive freeze thaw cycles, solvents and physical battering by road debris and it is amazing the systems are as reliable as they are.

On the other hand the most unreliable part of the system is the nut behind the wheel.

bob_s
03-17-2010, 12:25 PM
Yeah, what happened to engine bays that look like this?



They went the way of vehicles that only got 10 mpg!

Modern vehicles are as sophisticated as every other technology that we have today. Which, if I am allowed to paraphrase my father, if you don't understand how something works, you don't have any business owning it!

Bill736
03-17-2010, 09:09 PM
Automotive grade electronics (it is an actual grade too) rarely fail. They are the same spec level as MIL spec in most cases, rated for much larger temperature ranges and voltages than commercial home entertainment grade parts. The most common failures are the same as they have always been, connectors and bad grounds, vibration induced failure of solder joints and similar. Actual failure of the active parts is most unusual unless you have some turkey hooking up booster batteries backward. I have been driving new vehicles every couple of years since 1975 and have never seen an ECU failure or any other significant failure other than relays and connectors.

The automotive environment is about as harsh as it gets with operating temps from -50 to 150F. Add in salt water spray and repetitive freeze thaw cycles, solvents and physical battering by road debris and it is amazing the systems are as reliable as they are.

On the other hand the most unreliable part of the system is the nut behind the wheel.

Maybe that's the issue; You drive a new vehicle every couple of years. Try keeping them longer, and watch the electronics problems develop. I find it strange that I've encountered dozens of failed sensors that are part of electronic engine controls , and had to replace ECUs as well, but you've never encountered one. Checking for bad connections and grounds is standard procedure for a good mechanic, and checking and double checking any suspected bad part , including switching new and old parts back and forth, is good practice too. I can easily compare the reliability of older vehicles with that of newer vehicles with extensive electronics. In my experience the older vehicles are much more reliable, and far easier and cheaper to diagnosis and repair if something does fail.

J Tiers
03-17-2010, 11:16 PM
Baloney...

Even is right, the *automotive grade* electronics are quite good. The most usual failure of the *system* is sensors and wiring. Those parts get a lot more abuse, with Bubba at the dealer wrenching on them, and daily road abuse.

Even the greenie european no-lead solder hasn't damaged auto electronics too badly. Consumer stuff is another story, but never mind.

The automotive electronics actually have an easy life, in a way. They have vibration, and temp changes, but those things can be tested for, and designed for.

The operating environment is the cleanest of all consumer stuff... a sealed box. If you crack an ECU open, you find it sparkly clean. Not so for many of the sensors, or the wiring..... those get beat on, soaked in salt water, etc.

For stuff that is built to be the dead cheapest that is possible and still function, auto electronic systems are very very good.

Now, that is NOT to suppose that the programming is necessarily perfect.

The ECU has to tolerate all sorts of nasty stuff and continue to execute correctly. No lock-ups, etc, no "running into the weeds", etc can be tolerated.

Of course, it probably WILL at some point start to "execute data". The thing is, it must recover right away. The programming must handle EVERY possible case correctly, every situation of limit value data, conflicting inputs, sensor failures, etc.

That is MUCH more difficult than making hardware that functions in a given environment correctly.

Evan
03-17-2010, 11:52 PM
Maybe that's the issue; You drive a new vehicle every couple of years.

Nope, those were company vehicles. My personal vehicles I keep forever. I have a 59 Land Rover that I have owned since 76, an 88 Ford Ranger bought new and a 2001 PT Cruiser bought new as well as a Brand new Jeep Patriot with the Variable ratio xmission and selectomatic shifting. The Jeep is about as automated as it can get but guess what? It doesn't have a throttle lockout when the brakes are applied even though it has antilock brakes that work perfectly, traction control and even anti skid programming in turns that actually works on ice.


No lock-ups, etc, no "running into the weeds", etc can be tolerated

It isn't tolerated but it is anticipated.


Taking care of unintended misoperation of the control programs is really simple. If the program is running the normal control loop one of the things that it does is to reset a timer. That timer is called a watchdog timer and is not operated by a computer program but by a simple electronic timing circuit. If it isn't reset within a certain very limited time window of only a few hundredths of a second it automatically issues a hard reset command to the ECU which starts it up from scratch.

If the ECU fails to operate correctly and the watchdog times out a certain number of times within a short period the ECU is effectively disabled and a very limited drivability "limp home" mode is engaged, or the vehicle is entirely disabled depending on the feature set that depends on the computer.

I have worked with embedded systems since before embedded systems came into existence. Some of the machines I was trained on make an engine control unit look like a 4 function calculator. Some of the machines had as many as eight or so Z80 or X86 proprietary systems scattered around the machine all running microsecond synchronization motion control programs connected on a proprietary high speed asynchronous bus that came to be eventually known as Ethernet.

J Tiers
03-18-2010, 12:34 AM
It isn't tolerated but it is anticipated.


Taking care of unintended misoperation of the control programs is really simple. If the program is running the normal control loop one of the things that it does is to reset a timer. That timer is called a watchdog timer and is not operated by a computer program but by a simple electronic timing circuit. If it isn't reset within a certain very limited time window of only a few hundredths of a second it automatically issues a hard reset command to the ECU which starts it up from scratch.

Evan, I very well understand those timers. but they are not perfect.....

The programming has to be written to start up under any circumstances and "take up where it left off" seamlessly.

There are other an much more effective techniques, such as burying reset vectors in the code, etc. normally that type of precaution will catch the erroneous operation long before the watchdog timer has a chance to resewt the computer.

Correct programming will provide a system which operates outwardly perfectly despite being reset almost continuously due to EMI etc..

However, that is hard to do, and takes experience. With a very complex system like a vehicle control unit, it is necessary to be extremely good at that type of "robust system" programming.

Mistakes take the form of erroneous operation, bad data values, bad system status, etc. Essentially failing to seamlessly take up where the program was when reset.

J Tiers
03-18-2010, 12:43 AM
duplicate post removed

Evan
03-18-2010, 01:10 AM
But we aren't talking about seamless operation here. This is about the sort of problem that the watchdog is intended to catch. For the basic watchdog to fail repeatedly on different models in different years for years on end is stretching far beyond the realm of believability. To hold a throttle wide open in spite of sensor values requires a total departure from normal main loop operation. To hold it open for minutes on end would require a system locked up tight. That is what the watchdog will prevent and it will do so within a hundred milliseconds at most, usually much less.

It is the very first thing they will look at and it is trivial to determine if it is a robust design. It's really easy to write all sorts of reasonable sounding nonsense about how computers might fail without leaving evidence but those explanations crumble when you actually know how they work. A failure of the watchdog timer will be limited to a hardware failure since it doesn't depend on software. That is an absolute requirement.

vpt
03-18-2010, 01:16 AM
Toyotas recall should include a new peddle, cable, and throttle body cam.

J Tiers
03-18-2010, 08:36 AM
But we aren't talking about seamless operation here. This is about the sort of problem that the watchdog is intended to catch. For the basic watchdog to fail repeatedly on different models in different years for years on end is stretching far beyond the realm of believability. To hold a throttle wide open in spite of sensor values requires a total departure from normal main loop operation. To hold it open for minutes on end would require a system locked up tight. That is what the watchdog will prevent and it will do so within a hundred milliseconds at most, usually much less.

ALWAYS much less.......

And, OBVIOUSLY..... the WATCHDOG does not fail...... the SOFTWARE does..... it can fail to use the right values, start to use the wrong scale factor, etc, if the reset occurs in a poorly written part of the code.



It is the very first thing they will look at and it is trivial to determine if it is a robust design. It's really easy to write all sorts of reasonable sounding nonsense about how computers might fail without leaving evidence but those explanations crumble when you actually know how they work. A failure of the watchdog timer will be limited to a hardware failure since it doesn't depend on software. That is an absolute requirement.

See the above about what fails..........

"those explanations crumble when you actually know how they work."

Implying WE do NOT, but YOU DO.... no doubt..... which is arrogant nonsense.

Now, if YOU would simply READ what we write, and understand it, you would not be caught up in this sort of blunder.........

When teh processor is reset "from cold", the software MUST set ALL variables to KNOWN VALID STATES as its first operation.

The problem when resetting under watchdog reset is a little different, the states of all variables should be BOTH valid, AND relevant to the current mode of operation.

That includes all current scale factors, current data, current "machine state", including in this case engine variables etc.

if you are in the middle of acceleration, the ECU should not restart an acceleration ramp from zero, it must know and work with the current RPM, throttle position, etc. ANY other operation will cause a glitch, since it takes a certain time, which may be quite a long time, computer-wise, to re-obtain all the variables from the sensors. You cannot be sure the ECU will not be reset again before you have good data from them all, so you must use the current stored info.

And, you therefore must have good stored data.... data in RAM may be corrupted, you have to pull data from an area you KNOW has not been re-written by the temporary 'data execution event"

If you are not careful, you may miss data, use a bad piece of data, such as throttle position input, or whatever, or "blow the stack", over-running the processor interrupt stack pointer..... that's a goodie, it often really causes troubles if it occurs.

A hardware failure is easy to find.

A software failure that occurs ONLY in ONE particular state of all the inputs PLUS an EMI event of a certain type, is extremely difficult to find, and you really have to guarantee it by design. You'll never find it, most likely. It may occur to only one car in 200, ONCE in its existence. But that ONE time might send the throttle to max and make it stay there..................

Richard-TX
03-18-2010, 09:07 AM
Drive by wire is nothing new. Fighter jets have been fly by wire for years and they are reasonably reliable. The controls for the airplane is a joystick.

Evan
03-18-2010, 09:22 AM
Now, if YOU would simply READ what we write, and understand it, you would not be caught up in this sort of blunder.........

The only blunder here is your continued insistence that such a Hypothetical programming fault could continue while somehow escaping the precise failsafes designed in HARDWARE to catch it. That is why NHTSA inspectors refused to even examine the ECU again.

All you are doing is feeding the Nonsense Brigade more of what they want to believe regardless of what the reality may be. The really unacceptable reality, especially in the USA at this time, is that the explanation could be as simple as crappy driving habits and poor driver training. Yet the driving record for freeway accidents points directly at that as the most probable cause. US drivers have a hiway accident rate twice that of German drivers which have a suggested speed limit of 130K on about 50% of the Autobahn. I personally have driven as fast as 180k on the Autobahn and have been much safer at that speed than I would have been at much lower speeds in the US.

Forestgnome
03-18-2010, 05:50 PM
The dual pot system is USELESS!

Useless UNLESS the lack of sanity requires the vehicle to stop and refuse to work until the problem is resolved. Refusing to start on the next attempt would probably be the most practical, but not the best method.

Single redundancy has no "limp home" mode..... you must stop.

A three pot system would take the two best signals, and then require a 'service engine soon, safety systems failing" message.
That's the way they do it on aircraft. Triple redundancy, two inputs have to agree. I don't think the requirement should be any less in a car. Can't wait til we're steering by wire with no redundancy. Could be fun!

Forestgnome
03-18-2010, 05:55 PM
Automotive grade electronics (it is an actual grade too) rarely fail. They are the same spec level as MIL spec in most cases, rated for much larger temperature ranges and voltages than commercial home entertainment grade parts. The most common failures are the same as they have always been, connectors and bad grounds, vibration induced failure of solder joints and similar. Actual failure of the active parts is most unusual unless you have some turkey hooking up booster batteries backward. I have been driving new vehicles every couple of years since 1975 and have never seen an ECU failure or any other significant failure other than relays and connectors.

The automotive environment is about as harsh as it gets with operating temps from -50 to 150F. Add in salt water spray and repetitive freeze thaw cycles, solvents and physical battering by road debris and it is amazing the systems are as reliable as they are.

On the other hand the most unreliable part of the system is the nut behind the wheel.
Reeeeally! I've worked on a lot of military gear and a lot of automobiles, and, I'm sorry, the quality doesn't compare. May in the ecu, but not when it comes to sensors, solenoids, wiring, connectors, etc.

Forestgnome
03-18-2010, 05:57 PM
I'd rather take an older car with a carburetor on a cross country trip than a new electronically controlled car, because at least trouble with the old car can be diagnosed and repaired by most garages. The reliability of automobiles has been reduced to that of home entertainment electronics, and that's pathetic.
Not only that, most problems could be fixed by the side of the road with a few tools.

Weston Bye
03-18-2010, 06:11 PM
...but not when it comes to sensors, solenoids, wiring, connectors, etc.

Have to agree. I build that stuff. Most connectors are rated for a limited number of engagements/disengagements, other things are built to satisfy so many cycles, not the life of the vehicle. Everything is made to the lowest price. Still, things work pretty well, mostly.

Evan
03-18-2010, 06:57 PM
We sure are getting side tracked a lot here. It is the ECU that many people are blaming and without any evidence that any part of the system has failed, especially the failsafe systems.

vpt
03-18-2010, 07:18 PM
Crush all the cars, boycot toyota, buy a chevy.

winchman
03-18-2010, 07:41 PM
It's looking like driver error in the case of the Prius hitting the wall in NY. The throttle was open and the brakes weren't being applied.

http://finance.yahoo.com/news/Feds-brakes-werent-applied-on-apf-3915292671.html?x=0&sec=topStories&pos=main&asset=&ccode=

nheng
03-18-2010, 08:33 PM
I question the experience of the average engineer, especially the software guys (and girls) generating code for our vehicles.

I've seen new programmers make the same mistakes (although in a "higher" level of code design) that were made, found and fixed 20 years ago.

It doesn't seem to me that there is much continuity of knowledge in the industry. Now automotive may be different and certainly SHOULD have enough testing to root out most problem scenarios but I'm not so sure about that.

When I bought my last new Jeep in '97, it made a number of trips back for firmware upgrades over a period of months. Why? Because each new revision of code allowed for a little more wear in engine and other system components. C'mon guys, you didn't realize that some provision had to be made in system parameters for aging and drift?

Den

J Tiers
03-19-2010, 12:04 AM
The only blunder here is your continued insistence that such a Hypothetical programming fault could continue while somehow escaping the precise failsafes designed in HARDWARE to catch it. That is why NHTSA inspectors refused to even examine the ECU again.



Nonsense.

You have again failed to read and understand.

I didn't say the failure "ESCAPED" the hardware reset.....

I SAID THAT THE HARDWARE RESET CAN CAUSE A PROBLEM TO OCCUR IF THE PROGRAM IS POORLY WRITTEN.

That is an entirely different thing.

I do NOT propose a runaway program...... I propose a program operating IN EVERY WAY CORRECTLY, with the small and very important distinction that it is using WRONG values. Or perhaps JUST ONE bad value..... such as throttle position.

I think it unlikely, frankly. But it IS possible, and it could be credibly caused by poor handling of an "unanticipated reset" situation such as the watchdog.

Now, you may hate Americans, and as a result say they are bad drivers, or you may say so just because you want to, or because newspaper reports suggest it. I don't know what impels you to say so, as you apparently don't drive here.

Myself, I do not hate Americans (although I think they are darn silly sometimes) but I DO drive here, and I entirely agree they are often shockingly bad drivers. With the number of them driving, there will certainly be some real winners.... otherwise legislators would not be seriously discussing the issue of "texting" while driving, which is a most idiotic action.

I am not claiming that the problem IS an ECU issue..... I am saying that YOU cannot PROVE it is NOT. Nor can I.

However, there is enough KNOWN about Toyota and cars speeding up, or, in the latest flap, STALLING in bad situations, with Toyota fairly fully informed about the matter, but downplaying, or even concealing it from outsiders. What is known is such as NOT to build confidence that all is well in Toyota-land.

Whether or not there is a real problem, there are enough reports that a few instances of "the Toyota defense" are not sufficient to allow dismissing the matter out of hand.

Toyota would not recall millions of cars for nothing. Either they believe that the repairs cure the problem, or they were willing to spend money on a smokescreen, to provide evidence of good faith when in reality they have no more clue than you or I do.

As a counter-suggestion, I will suppose that ANY large manufacturer might have reports of products doing nearly anything.... from starting fires, to jumping off the table and attacking a dog.... or speeding onto the freeway uncontrollably. Obviously some reports might be more credible than others. The problem is when investigators start finding reports, or maybe only one, that appear to be similar to new reports. Then the news trumpets "Toyota had already received reports of this as early as 2001!".... Which may be effectively nonsense, in that the reports were a very few, or even a single one, and were never possible to follow up because the car had been repaired, junked, or was not made available for examination. Nobody can do anything meaningful with such reports, they amount to nothing.