Unintended Acceleration analysis

Discussion in 'Gen 3 Prius Main Forum' started by jayman, Mar 3, 2011.

  1. dovepistil

    dovepistil Junior Member

    Joined:
    Apr 22, 2009
    3
    0
    0
    Location:
    Olympia, WA
    Vehicle:
    2008 Prius
    Here's a quote from software guru F.P.Brooks, "All programs contain errors until proven otherwise, which is impossible." This quote is not a joke, it is a deadly serious fact, just as jayman states. But whether it's a bug or a loose floor mat doesn't really matter.

    The Prius is a machine which has killed people on multiple occasions when they were unable to stop power production. This is a fact, not an opinion. There are quite a few folks posting in this thread who seem to be saying, "Well, THEY SHOULD have known to hold the power button for x seconds", THEY SHOULD have known to hold in N for x seconds", and variations on "THEY SHOULD have known the Prius Club Secret Handshake!" Really?

    Wouldn't it make better sense to equip the Prius with a 100 year old control technology that EVERYONE ALREADY knows? We old timers call it an ignition switch. Both times that I have found myself with a throttle which refused to close, I knew INSTANTLY what I needed to do. In both cases, I switched ignition on-off to get exactly the power I needed to get safely out of traffic and to a safe stopping place. Surely, most drivers would react similarly. In half a century of driving, I have never heard of anyone "accidentally turning off" their car ignition. It has always been a design which requires deliberate action. Having the "ignition" be just another button in a car already full of buttons is, to be charitable, poor design.

    Yes, I'm sure that the (somewhat arrogant) Toyota engineers have convinced management that only THEY are smart enough to turn power production on and off. I say that's a load of hooey. They can surely demonstrate the smarts to handle shutdown properly. Obviously, brake control electronics and boost vacuum should be left on. I think that even the dinky drums that they put on the US Prius could overpower the full output of MG2. But it is crystal clear that those dinky brakes can not over power the more muscular ICE. Being a computer programmer, I am exceedingly uncomfortable putting my physical existence under the control of any computer. Any computer.

    So, my Prius just went out of warranty and I fully intend to put an off switch on mine. First, I will invest in search of current knowledge on the issue. Hacking the system, if you will. Any links or technical knowledge would be appreciated. I hope that it doesn't have to be as crude as a 4 pole relay dropping feed to the ICE ignition coils, but I decline to drive a car with no real off switch any longer. I'll just have to hope that Toyota was smart enough to handle loss of ICE power when at speed (which could happen with fuel outage, for example). I assume that they are smart enough to spin the ICE with MG1 if necessary to prevent overspeed of MG2. Who knows? It's pretty clear that they have yet to figure out how to stop people from being injured or killed because they don't know The Prius Secret Handshake. Wake up Toyota, and have enough respect for your car owners to provide them with a real OFF switch. Who knows, it might even save YOUR life someday.
     
  2. qbee42

    qbee42 My other car is a boat

    Joined:
    Mar 2, 2006
    18,058
    3,079
    7
    Location:
    Northern Michigan
    Vehicle:
    2006 Prius
    The ignition switch was once new too, and probably confusing. Technology evolves, and from time to time the user interface evolves with it. If we are forced to never adopt new standards we will be frozen in time.

    The second part of this involves the failure rate for the existing technology. Most people are willing to live with risk as long as it is familiar risk. Give them something less risky, but new, and they treat it with suspicion. Clinging to old technology is not necessarily less risky, just familiar.

    Tom
     
    1 person likes this.
  3. bisco

    bisco cookie crumbler

    Joined:
    May 11, 2005
    113,549
    51,667
    0
    Location:
    boston
    Vehicle:
    2012 Prius Plug-in
    Model:
    Plug-in Base
    didn't you get the memo? u/a was all a mistake. now, people are lining up to buy these death traps. imagine risking your life to save a few bucks on gas? well, what are you gonna do now that we're the ones left after the rapture?
     
  4. kbeck

    kbeck Active Member

    Joined:
    Feb 10, 2010
    420
    275
    0
    Location:
    Metuchen, NJ
    Vehicle:
    2010 Prius
    Model:
    III
    I've been reading through the comments, and think I have something to add.

    I work in an engineering environment. We build equipment, while not precisely safety critical, one does not want to see fail in the field.

    So, we do inspections, we do code reviews, we go over schematics. There are rules about how these are done, designed to yield maximum results.

    Fun. But the inspections, reviews, and all that are there for one reason, and one reason only: People Make Mistakes.

    And, that, fundamentally, is what ergonomics is all about. People will do things at random and make mistakes at critical junctures. It's not necessarily that they want to. Back when ergonomics got its start, airplane cockpits were not laid out the same way. On some planes, lowering the landing gear was a pull; on others, a push. Same for throttle controls, and, $DIETY help me, what the yoke movements did.

    It wasn't a big surprise when pilots moving between aircraft, or trained on one aircraft and assigned to another, were involved in crashes. So, there's reasons why aircraft controls are similar for all airplanes, and why all the pointers on all the little gauges line up the same way when everything is "nominal".

    Going along those lines, there's reasons why the Big Red Button that launches a missile is behind a key.. And, that once the key is inserted and turned, one has to unlatch and flip the cover. It's not one mistake that will launch that missile - it's several.

    The ideas behind ergonomics is not to stop people from making mistakes: It's to minimize the effects of mistakes from causing disastrous consequences. In a factory I was associated with somebody would occasionally load a rack of parts in backwards. Solution: Change the rack and loader so it could't be put in backwards. Yelling at the guy to "stop making mistakes" is fruitless - the factory worker didn't do it on purpose in the first place, and, even if you get him to be perfect, the next guy in line a year from now could make the same mistake. So, the answer is to change the game so the mistake can't happen, or make it less likely:

    So, with all this in mind, let's take a look at the Prius. Heck, forget the Prius: Any other computer-controlled car with a push-button start.

    As pointed out previously, an old-time runaway car (and there were such) had a simple control: Turn the car off with that there mechanical switch. Electrical power to the ignition would be gone. Doing it accidentally: Really, really hard. It's not one motion, it's several. (Look up the definition of a therblig. Really.)

    Now, consider these high-faluting modern cars with drive-by-wire and radio-based push-button on switches.

    First: People make mistakes. People write software. Software has mistakes. Yes, the people who wrote that software did their level best - but yelling at them to "Don't make that subtle error!" is, like yelling at the factory worker above to not load the rack in backward, rather fruitless.

    The problem is, as I understand it, that there is no fool-proof way to write, or even to verify, correct code. I'm aware of attempts to prove algorithms correct, or even to assure that microprocessors don't have internal hardware coding bugs. What the hand of man has touched, and so forth.

    So, as the original article stated, it's not that bugs weren't found (they found lots.. hand of man), or that the bugs weren't serious (some were major, some minor); it's just that they didn't find any obvious (obvious, meaning that they found one) bugs that would have caused unintended acceleration. And, given the state of the art in bug finding, they couldn't guarantee that there wasn't one.

    Under circumstances like these, one would think that a positive action "off" switch that would be (a) difficult to operate by mistake and (b) hard to defeat would be a Right Good Idea.

    So, forget a key: But how about a button that has to be turned and pushed at the same time? And maybe does something serious, like really turn off some electronics somewhere? And maybe doesn't use the same electronics that runs the car?

    Frankly, being able to turn off a car, unmistakeably, quickly, and without having to guess what works across multiple manufactures sure sounds like good, solid ergonomics. As in, "Making it Harder To Blow It Under Stress. Perhaps Fatally."

    KBeck.
     
  5. Gurple42

    Gurple42 New Member

    Joined:
    Mar 10, 2011
    354
    41
    3
    Location:
    Santa Monica, Ca.
    Vehicle:
    2011 Prius
    Model:
    Two
    The whole unintended acceleration thing seemed to me something to do about nothing, just simple driver error, then I learned about it first person.
    I filled my new (about 1000 mi) Prius at a Costco. As anyone who uses Costco knows, they are usually crowded, and I try, being the people pleaser that I am, to get it filled and get out quickly, so the next soul in line can get moving.
    In my haste to leave, I couldn't get the damned thing started, not sure what I did, but my routine normally is to release the emergency brake, push the brake,push the power button, put it in gear and drive. Since i was new to the car and the routine, I guess I got things in the wrong order, not once but 2 or 3 times I think.
    After about 30 seconds of fumbling I finally slowed down, started over, got the sequence right and drove off, for the next 5 minutes I thought there was something wrong with the car, then I realized the problem was me. I was in a hurry and not yet 100% familiar with the car, and I screwed up, but I had the luck of screwing up at 0 miles per hour.
    Now I really get it.:(
     
  6. F8L

    F8L Protecting Habitat & AG Lands

    Joined:
    Aug 14, 2006
    19,011
    4,083
    50
    Location:
    Grass Valley, CA.
    Vehicle:
    Other Non-Hybrid
    Model:
    N/A
    Wow dovepistil, 3 posts and so full of anger. Tsk tsk

    You have a 2008 Prius. If you start accelerating out of control, just hit the brakes. You will stop. ;)
     
  7. fuzzy1

    fuzzy1 Senior Member

    Joined:
    Feb 26, 2009
    17,579
    10,356
    90
    Location:
    Western Washington
    Vehicle:
    Other Hybrid
    Model:
    N/A
    When I needed to terminate a SUA incident in a previous car, my reaction was different. Two simultaneous reflexes actually, one effective just as fast as shutting off the ignition, the other even faster.

    Switching off the ignition is not one of my reflex actions. Among all the motorized equipment I drive on occasion, much of it not street legal, there is no standardized ignition switch location or even method.
     
  8. Yannick Willox

    Yannick Willox Auris Luna

    Joined:
    Mar 19, 2011
    7
    2
    0
    Location:
    Belgium
    Vehicle:
    Other Hybrid
    Model:
    N/A
    I've had UA with an Alfa Romeo with non-standard floor mat once.
    The quickest reaction was to brake (to counteract the speedup).
    One second later I thought let's look at the carpet (while braking - there was a car driving in front of me, two behind me). I moved the carpet and all was fine.

    I do not see the problem here. Just BRAKE !

    If I would have had a mechanical, fail-safe, redbutton-click-key-switching device, I would have had two cars rear-ending me.

    I think it is safe to assume switching off the car in a split second is always a bad idea.
     
  9. Insight-I Owner

    Insight-I Owner 2006 Insight-I MT + 2011 Prius

    Joined:
    Aug 29, 2009
    505
    100
    0
    Location:
    Essex, CT
    Vehicle:
    2011 Prius
    Model:
    Two
    +1

    One of the car mags, Car & Driver I think, tested a bunch of cars to see if their brakes could overpower the engine at full throttle. In every car tested, including a 600hp Mustang, brakes overwhelmed the ICE and stopped the vehicle. So the Atkinsonized (and therefore reduced power) Corolla ICE engine in the Prius doesn't worry me. The tiny 3 cyl 1000cc ICE in the Insight worries me even less, plus that's MT so stomping on the clutch would be my second move in that car.

    The thing to guard against is getting one's right foot on the wrong pedal, thinking you're on the brake when you're really on the gas. That's something that's increasingly likely as one ages. That and non-stock floormats jamming the accelerator.

    Streetbikes have a kill switch in the right handgrip assembly, close to or under your right thumb, but even so the reflex response to an emergency situation on a bike is almost always braking while you sort things out, possibly pulling in the clutch (effectively shifting to neutral), swerving if possible, or in a few cases hitting the gas to accelerate out of danger. The kill switch is further down on the list, to kill the engine to save it from overrevving; if you do it in gear you will get engine braking which you may not want at that moment.
     
  10. bisco

    bisco cookie crumbler

    Joined:
    May 11, 2005
    113,549
    51,667
    0
    Location:
    boston
    Vehicle:
    2012 Prius Plug-in
    Model:
    Plug-in Base
    so you're saying, when someone is pushing the accelerator through the floorboards thinking it's the brake pedal, with a whiteknuckle deathgrip on the wheel, passing cars and bridge abutments at 90+ mph, they'll probably remember to reach over and turn and press the shutdown?
     
    1 person likes this.
  11. qbee42

    qbee42 My other car is a boat

    Joined:
    Mar 2, 2006
    18,058
    3,079
    7
    Location:
    Northern Michigan
    Vehicle:
    2006 Prius
    Perhaps a voice operated shutdown, keyed to "sh*t, sh*t, sh*t", or "oh my god, oh my god", or any continuous high pitched scream.

    Come to think of it, that would cause unintended shutdown anytime your spouse was also in the car.

    Tom
     
    2 people like this.
  12. lolder

    lolder New Member

    Joined:
    Dec 13, 2009
    80
    7
    0
    Location:
    Florida
    Vehicle:
    Other Hybrid
    Model:
    N/A
    The eCVT Prius CANNOT run away if you put your foot on the brake. It is IMPOSSIBLE. If you cannot remove your foot from mistakenly applying accelerator pressure, you are unlikely to turn a key or any shutdown devise.
     
  13. qbee42

    qbee42 My other car is a boat

    Joined:
    Mar 2, 2006
    18,058
    3,079
    7
    Location:
    Northern Michigan
    Vehicle:
    2006 Prius
    In theory it can run away, but not from any single failure, such as a stuck throttle. A run away control system failure with a Prius would require multiple simultaneous failures in several subsections. The odds are very small, but not impossible.

    Tom
     
    1 person likes this.
  14. DaYooper

    DaYooper Member

    Joined:
    Apr 5, 2011
    106
    19
    1
    Location:
    Sout of da UP eh!
    Vehicle:
    2011 Prius
    Model:
    Two
  15. DaYooper

    DaYooper Member

    Joined:
    Apr 5, 2011
    106
    19
    1
    Location:
    Sout of da UP eh!
    Vehicle:
    2011 Prius
    Model:
    Two
    Ummm. Yes.
     
  16. DaveinOlyWA

    DaveinOlyWA 3rd Time was Solariffic!!

    Joined:
    Apr 13, 2004
    15,140
    611
    0
    Location:
    South Puget Sound, WA
    Vehicle:
    2013 Nissan LEAF
    Model:
    Persona
    so why are turnkeys not the standard shutdown option?

    if you had dyslexia, you would know. or if you were familiar with the sayings "lefty lucy, righty tighty" and on and on and on.

    all that is borne from our inability to make a snap judgment when facing a "one way" street.

    have you ever seen someone who was briefly aborted from entering a room simply because they turned the handle the wrong way, or pushed instead of pulled?

    buttons are a more "fail safe" way of doing things and have been for years.

    is it perfect? no, but a perfect solution to handle an imperfect species ?? hmmm, when pondering that question i begin to realize that maybe the Theory of Relativity was not so bad after all
     
  17. wick1ert

    wick1ert Senior Member

    Joined:
    Dec 3, 2009
    1,311
    183
    2
    Location:
    Delawhere
    Vehicle:
    2010 Prius
    Model:
    III
    In the MSF course I took 2 years ago, they teach you that in an emergency situation to pull both levers - clutch & brake - and also whenever you need to slow down or come to a stop. Of course, if you're on the highway doing 80 and need to slow down for traffic in front of you doing 70, you wouldn't grab the clutch.
     
  18. Skoorbmax

    Skoorbmax Senior Member

    Joined:
    Mar 19, 2010
    2,641
    265
    0
    Location:
    Western NY
    Vehicle:
    2010 Prius
    Model:
    II
    Kind of like the OP's belief that all car makers have a similar flaw. This despite no proof that they do, including arguments by Toyota, who wrote the code, and NASA, who audited it, that nothing they've found points to an electronic source of unintended acceleration. When the OP starts with a conclusion it's literally impossible by any scientific means whatsoever to prove that he's wrong because he can always say "but did you try this", "but did you look at it like this".

    One cannot prove a negative in this manner.

    The only satisfaction for such people will be if it's proven that UA is caused by an electronic problem. Until then they will remain in doubt. There will always be room for more testing and analysis.

    Keyless ignitions are fantastic. I would have a difficult time buying a new car now without it.
    Maybe, but then you move onto opinion. Opinion that if the Priuses had a standard ignition key the people would have lived. Maybe they would have if they didn't know how to shut off their cars anyway, and IF their events were unintended acceleration. Which by reasonable accounts they weren't; when you are hitting the gas instead of brakes the last thing on your mind (since you're obviously not paying attention) is how to turn the car off. More like hysterial omg.

    All of this talk of emergency off switches despite no proof being shown whatsoever that they are needed, only "well, they couldn't find it but I just feel in my heart it's a problem" could be applied to a multitude of things. Nobody here concerned about their _electric_ steering going haywire on the highway and doing a hard left? Or going around a corner and your stability control decides it's going to fish tail you into oncoming traffic?

    I write software. Some bad, some great. The one thing it is is consistent. When *most* of the bugs are worked out it runs well, performs its duties, and never gets tired. Never gets drunk, angry, never fiddles with the stereo of the car. Never hits the wrong pedal, unlike most of these people complaining of UA. So, yeah, software is buggy and always will be, but so are you. Your reaction time will always be magnitudes slower than a computer and it acts without emotion.
     
  19. bisco

    bisco cookie crumbler

    Joined:
    May 11, 2005
    113,549
    51,667
    0
    Location:
    boston
    Vehicle:
    2012 Prius Plug-in
    Model:
    Plug-in Base
    if you're in trouble in your sailboat, let go of the mainsheet. hah! easier said than done when you're panicking.
     
  20. bisco

    bisco cookie crumbler

    Joined:
    May 11, 2005
    113,549
    51,667
    0
    Location:
    boston
    Vehicle:
    2012 Prius Plug-in
    Model:
    Plug-in Base
    even my shop equipment has a big red 'slap this if you're cutting your hand off' paddle. no turn and push.