Firm: Toyota, industry need more rigorous testing
Latest problems linked to Toyota show the auto industry needs to fix the way it tests software, says company that specializes in software integrity.
The latest cases of uncontrolled acceleration in the Toyota Prius point to software glitches that the car industry needs to address with more rigorous testing, according to a company that specializes in software integrity.
The most recent high-profile incident happened on Monday when James Sikes called 911 around 1:30 p.m., saying the accelerator in his Prius was stuck and he couldn't slow down, according to a CBS News report.
At one point, the car hit a speed of 90 mph. A California Highway Patrol officer inserted his car in front of the Prius and applied the brakes to try to get the Prius to stop. It stopped after about 20 minutes.
"I pushed the gas pedal to pass a car and it did something kind of funny...it jumped and it just stuck there," Sikes said at a news conference, according to the CBS News report. (See video below.) He said he tried the brakes but this didn't stop the car.
Dave Peterson, chief marketing officer at Coverity, said: "There are two things that are clear about the latest Prius incident. One, nobody knows where the problems are inside of these types of automobiles. Two, the days of blaming floor mats are coming to an end." Coverity provides software analysis to help electronics companies build high-integrity software. Its customers have included France Telecom, Siemens, Mitsubishi Electric, Research In Motion, and Broadcom.
Peterson asserts----that "drivers should not be software beta testers for automobiles." Sophisticated drive-by-wire cars like the Prius demand more exacting analysis, as is practiced in the airplane industry. "It is time to see the auto industry learn from the avionics sector and apply rigorous integrity testing for all software components and all combinations of integrations between these components," he said.
In a statement, Toyota said it sent a technical specialist to San Diego to investigate the Monday incident. Generally, the automaker has maintained that mechanical flaws, not electronics, are to blame in cases of unintended acceleration, though the company does investigate select incidents when drivers claim electronic failures.
In a document (PDF) last month, Exponent--an engineering and scientific consultant firm retained by Toyota to assist in its efforts to understand customer reports--addressed unintended acceleration in vehicles using Toyota's ETCS-i (Electronic Throttle Control system-intelligent) system. The report stated that Exponent was "unable to induce, through electrical disturbances to the system, either unintended acceleration or behavior that might be a precursor to such an event despite concerted efforts towards this goal."
Also in that document, Toyota describes its ETCS-i systems as follows. "In the ETCS-i system, the throttle body has the two throttle position sensors and a motor integrated into the throttle body assembly...When the throttle valve motor is not energized, the throttle body valve is forced into its most closed position by two powerful internal springs." And in a paragraph following this discussion entitled "Summary" Toyota states that "no anomalous behavior was detected in any of the component tests."
Code size matters
"The amount of code in cars today is getting truly enormous," said Andy Chou, chief scientist and co-founder of Coverity. Luxury cars can have as much as 100 million lines of code, according to Chou. (Windows Vista, by comparison, is estimated to have about 50 million lines of code.)
"We're not talking about tiny applications here but a huge amount of code. Code size matters because the more code you have, the harder it is to test all of its behaviors. That involves driving the code towards doing things that are unusual or perhaps testing it with different timing, different ordering of events," he said.
Coverity maintains that the most common problem in large software systems is integrating all of the pieces together.
"You may have little individual components that do their jobs well but when you put them all together, they may not interoperate in a way that is reliable. These code bases are not sequestered from each other, they're all interoperable," said Peterson. "And what happens when you start to glue together 20 or 30 subsystems inside of an automobile--the different combinations between these systems start to operate in very unexpected ways."
The problem, as, comes down to how the car's electronics and software interpret driver actions. "The driver may think they're tapping the brakes and turning right but if there's a bug or software defect that's triggered by that behavior, at that particular time of day, in that particular instance, software may behave differently than what the driver expected. You can do it a thousand times and then the 1,001 time it will occur," according to Peterson.
Chou said, "You have problems that are very hard to reproduce. And when they do fail, they fail catastrophically."
And the solution? Emulate the airplane industry, says Chou. "They have a lot of very rigorous mandates and standards because they do understand the challenges of the software interdependence. I think the same thing will happen in the auto industry. I think (the auto industry) is in the nascent stage. There will be a lot of quality standards to ensure the integrity of the code and certifying that integrity."
Note: Coverity disputesin which the director of vehicle testing at car Web site Edmunds.com asserts that individual car systems are more straightforward than PCs and are more akin to pocket calculators. Coverity refutes this and believes that car systems are extremely complex, which, as a result, can be the cause of accidents.
Update: March 12, 11:15 a.m. PST: Some reports are questioning the veracity of Jim Sikes' statements.