The December 2022 issue of IEEE Spectrum is here!

Close bar

The U.S. Department of Transportation (DoT) yesterday released the final results from NASA's Engineering and Safety Center's ten-month study into potential electronic causes of unintended acceleration (UA) in Toyota vehicles. As the DoT's press release states:

"The National Highway Traffic Safety Administration (NHTSA) launched the study last spring at the request of Congress, and enlisted NASA engineers with expertise in areas such as computer controlled electronic systems, electromagnetic interference and software integrity to conduct new research into whether electronic systems or electromagnetic interference played a role in incidents of unintended acceleration."

The DoT press release goes on to state that:

"NASA engineers found no electronic flaws in Toyota vehicles capable of producing the large throttle openings required to create dangerous high-speed unintended acceleration incidents. The two mechanical safety defects identified by NHTSA more than a year ago - "sticking" accelerator pedals and a design flaw that enabled accelerator pedals to become trapped by floor mats - remain the only known causes for these kinds of unsafe unintended acceleration incidents. Toyota has recalled nearly 8 million vehicles in the United States for these two defects."

U.S. Transportation Secretary Ray LaHood who last year famously said owners of recalled Toyota vehicles should stop driving them (before taking that statement back) now is quoted in the press release as saying that:

"We enlisted the best and brightest engineers to study Toyota’s electronics systems, and the verdict is in. There is no electronic-based cause for unintended high-speed acceleration in Toyotas."

In this Washington Poststory, Secretary LaHood is even more emphatic and according to the Post, defiant:

""The jury is back, the verdict is in... There is no electronic-based cause for unintended high-speed acceleration in Toyotas. Period.' "

NASA's Engineering and Safety Center (NESC) extensively investigated Toyota's Electronic Throttle Control System Intelligent (ETCS-i - see description in PDF here) to determine if there were design and implementation vulnerabilities that could cause sudden unintended acceleration. The executive summary of the NESC team's study findings in PDF can be found here; its full report in PDF is here.

The NESC team reported that it could not find any solid evidence of sudden unintended acceleration based in its review of the NHTSA Vehicle Owners' Questionnaire (VOQ) dataset. It found that reported unintended accelerations:

"... are rare events. Typically, the reporting of UAs is about 1/100,000 vehicles / year or 1 in 1.4 billion miles. Of 426,911 total VOQ reports NHTSA received from calendar years 2000 to 2010 for all vehicle  makes and models, there were 9,698 identified as UA events based on expert review and analysis. Of these, 3,054 were for TMC [Toyota Motor Corporation] vehicles."

In examining the dataset, the NESC team did not find marked increases in UA  Vehicle Owners' Questionnaire complaints "coincident" with ETCS-i introduction in Toyota vehicles; it did find, however, increases "coincident with publicity" about UAs.

In addition, the NESC team could not find potential UA events (i.e., events that force the ETCS-i to allow wide throttle openings greater than 25 degrees) caused by abnormalities or flaws in the 280,000 lines of code in the ETCS-i, by electro-magnetic interference, by electronic failure(s), or by electrical faults.

The NESC team did find, however, that:

"There is  a single failure mode found that, combined with driver input, can cause the throttle to jump to 15 degrees in certain conditions and may not generate a DTC [diagnostic trouble code]. This failure effect can be removed by releasing the accelerator pedal or overridden by the braking system. For the small throttle openings, the NESC team found single failure modes within the ETCS-i that can result in throttle openings less than 5 degrees. These failures may result in high idle speed, hesitation, and surging as described in submitted VOQs and may not generate DTC, but can also be removed by  releasing the accelerator pedal or overridden by the braking system. "

In concluding, the NESC team stated that:

"Proof for the hypothesis that the ETCS-i caused the large throttle opening UAs as described in  submitted VOQs could not be found with the hardware and software testing performed. Because proof that the ETCS-i caused the reported UAs was not found does not mean it could not occur. However, the testing and analysis described in this report did not find that TMC ETCS-i electronics are a likely cause of large throttle openings as described in the VOQs."

Michael Kirsch, principal engineer at the NASA Engineering and Safety Center was quoted in the Washington Post as saying that "... our detailed study can't say it's [UA caused by some type of electronic malfunction] impossible" but rather that its "unlikely."

The only conclusion that the NESC reports seems to leave is that UA's which cannot be attributed to known mechanical problems, i.e., caused by floor mats or sticky-pedal issues, must be caused by driver "pedal misapplication."

The NHTSA report lends further support for this conclusion:

"NHTSA and NASA both reviewed relevant consumer complaints and warranty data in great detail. Both agencies noted that publicity surrounding NHTSA’s investigations, related recalls, and Congressional hearings was the major contributor to the timing and volume of complaints. Both also noted that the vast majority of complaints involved incidents that originated when the vehicle was stationary or at very low speeds and contained allegations of very wide throttle openings, often with allegations that brakes were not effective. NHTSA’s analysis indicated that these types of complaints generally do not appear to involve vehicle-based causes and that, where the complaint included allegations that the brakes were ineffective or that the incident began with a brake application, the most likely cause of the acceleration was actually pedal misapplication (i.e., the driver’s unintended application of the accelerator rather than, or in addition to, the brake)."

"The results of NHTSA’s field inspections of vehicles involved in alleged UA incidents during 2010 supported this analysis. Those vehicle inspections, which included objective evidence from event data recorders, indicated that drivers were applying the accelerator and not applying the brake (or not applying it until the last second or so), except for one instance involving pedal entrapment."

NHTSA goes on to state in the DoT press release that:

"Based on objective event data recorder (EDR) readings and crash investigations conducted as part of NHTSA’s report, NHTSA is researching whether better placement and design of accelerator and brake pedals can reduce pedal misapplication, which occurs in vehicles across the industry."

A National Academy of Science panel which is also investigating possible links between UA and electronic vehicle controls across the entire automotive industry will report its findings later in the year.

Shares in Toyota jumped about 5 percent on the NASA report, according to the BBC.

Toyota's response to the report's findings was this:

"Toyota welcomes the findings of NASA and NHTSA regarding our Electronic Throttle Control System with intelligence (ETCS-i) and we appreciate the thoroughness of their review. We believe this rigorous scientific analysis by some of America's foremost engineers should further reinforce confidence in the safety of Toyota and Lexus vehicles. We hope this important study will help put to rest unsupported speculation about Toyota's ETCS-i, which is well-designed and well-tested to ensure that a real world, un-commanded acceleration of the vehicle cannot occur."

Even with the release of NASA's report, the debate over whether electronics play a role in UA in Toyota vehicles will continue for some time to come, at least in court. One of the lawyers involved in a UA class action lawsuit against Toyota is quoted in this Daily Breezestory as saying that the NESC team didn't "account for the fact that we continue to see runaway events post-recall. People have had their cars fixed - the pedals and mats - and NHTSA is still getting complaints."

"I don't think the report ends this matter one bit," the lawyer was quoted as saying.

The Conversation (0)

Why Functional Programming Should Be the Future of Software Development

It’s hard to learn, but your code will produce fewer nasty surprises

11 min read
A plate of spaghetti made from code
Shira Inbar

You’d expectthe longest and most costly phase in the lifecycle of a software product to be the initial development of the system, when all those great features are first imagined and then created. In fact, the hardest part comes later, during the maintenance phase. That’s when programmers pay the price for the shortcuts they took during development.

So why did they take shortcuts? Maybe they didn’t realize that they were cutting any corners. Only when their code was deployed and exercised by a lot of users did its hidden flaws come to light. And maybe the developers were rushed. Time-to-market pressures would almost guarantee that their software will contain more bugs than it would otherwise.

Keep Reading ↓Show less