Years ago, when I heard that carmakers were going to build cars that were mechanically simpler and controlled by software, I was genuinely frightened. Bugs, I thought. There are always bugs. I didn't even worry then, what mostly bothers me now: do these companies understand how to thoroughly test software?
Toyota's recent experiences with sudden acceleration suggest that the company's software developers are not experienced enough to know one of the most basic lessons about software. Or, much more likely, they do understand, and their request for what's necessary fell on the deaf ears of their bean-counters.
In a company that is going to bet the lives of its customers on its software, even the bean-counters have to understand this lesson. I will illustrate it from an experience in my long, checkered career.
In 1978 and 1979, I developed an unusual sort of disk subsystem for an office work station. We used an optical disk, where you can only write once to a given location, but you can read many times. Despite the unusual chaarcteristics of an optical disk, my software made it appear to be an ordinary disk drive, in which files could be rewritten and modified.
A dozen developers depended on my disk subsystem, and during my early releases, they often came to me, angry about a failure in my software. "I wrote a file and it's gone!" they said.
To their complaints, I always said the same thing: "Let's look at the log." My software logged every request the developers made of my disk system, and I logged how I responded to each request. I might say, "Look, you never opened the file." Or I might say, "You opened the file, but you never wrote any data to it." Or I might say, "Oops, I've got a bug."
The point is this: When you ask other people to use your system, you must protect yourself against incorrect claims of failure, and you must track how your system is working, to help find bugs.
In the case of cars, there should have been loggers recording data, even ten or twenty years ago, to record what the driver does, how the car responds, and what the observable conditions are, for MINUTES leading up to each crash. That data would make it easy for Toyota to say to us drivers: Sorry, you never pressed the brake pedal.
Why aren't these detailed loggers on every car that uses software? My guess is, it's too expensive to add the necessary memory and sensory equipment. But is it more expensive than what Toyota has gone through? Good loggers would enable them to say what percentage of sudden acceleration claims are driver-faults, and to better diagnose the cases that are their fault. Instead of letting the world wonder whether they are blowing smoke about sticking pedals, they could publish logs to independent reviewers to demonstrate the truth of their claims. I'd say they are foolish beyond belief, not to have the necessary log data.
By the way, I know there are loggers in modern cars. And I know that it was possible to use that data to show that, in many cases, an accelerating Toyata was the driver's error. It's just painfully evident that these loggers are inadequate, or we would sure as heck have heard about the data they recorded.
Subscribe to:
Post Comments (Atom)
3 comments:
A major part of Toyota's problem was not putting in a simple error handler that everyone else does. Commands from the brake always override the throttle.
JF, Thanks. I think the problem goes deeper than this. It should be impossible to "floor" both the brake and the accelerator with one foot. In my Toyota, it is almost impossible to do this, because the accelerator pedal is lower down. The car floor can be configured to make this double-flooring really impossible, and one step is to move the pedals slightly further apart.
If the car's sensors tell it that both pedals are floored, the car's computer can conclude that something has gotten stuck on the accelerator pedal!
- PB
The biggest problem with them being moved farther apart is that car designs still allow for standard transmissions (which incidently, I prefer), the clutch limits the room that you can practically move the brake pedal over without moving the clutch to far to be comfortable.
Post a Comment