Unintended acceleration and other embedded software bugs
Despite the redactions, we can still learn some interesting facts about Toyota's embedded software and NASA's technical review of the same.
Last month, the National Highway Traffic Safety Administration (NHTSA) and the NASA Engineering and Safety Center (NESC) published reports of their joint investigation into the causes of unintended acceleration in Toyota vehicles. NASA's multidisciplinary NESC technical team was asked, by Congress, to assist NHTSA by performing a review of Toyota's electronic throttle control and the associated embedded software. In a carefully-worded concluding statement, NASA stated that it "found no electronic flaws in Toyota vehicles capable of producing the large throttle openings required to create dangerous high-speed unintended acceleration incidents." (The official reports and a number of supporting files are available for download at www.nhtsa.gov/UA.)
The first thing you will notice if you join me in trying to judge the technical issues for yourself are the redactions: pages and pages of them. In parts and entirely for unexplained reasons, this report on automotive electronics reads like the public version of a CIA training manual. I've observed that approximately 193 of the 1,061 pages released so far feature some level of redaction (via black boxes, which obscure from a single number, word, or phrase to a full table, page, or section). The redactions are at their worst in NASA's Appendix A, which describes NASA's review of Toyota's embedded software in detail.1 More than half of all the pages with redactions (including the vast majority of fully redacted tables, pages, and sections) are in that Appendix.
Despite the redactions, we can still learn some interesting facts about Toyota's embedded software and NASA's technical review of the same. The bulk of my column this month outlines what I've been able to make sense of in about two days of reading. Throughout, my focus is on embedded software inside the electronic throttle control, so I'm leaving out considerations of other potential causes, including electromagnetic interference (which NASA also investigated). First, here's a little background on the investigation.
Although the inquiry was undertaken to examine unintended acceleration reports across all Toyota, Scion, and Lexus models, NASA focused its technical inquiry almost entirely on Toyota Camry models equipped with the Electronic Throttle Control System, Intelligent (ETCS-i). The Camry has long been among the top cars bought in the U.S., so this choice probably made finding relevant complaint data and affected vehicles easier for NHTSA. (By the way, NASA says the voluntary complaint database shows both that unintended accelerations were reported before the introduction of electronic throttle control and that press coverage and Congressional hearings can increase the volume of complaints.)
According to a statement Toyota released upon publication of the NHTSA and NASA reports, Toyota's ETCS-i has been installed in "more than 40 million cars and trucks sold around the world, including more than 16 million in the United States."2 Undoubtedly, ETCS-i has also "made possible significant safety advances such as vehicle stability control and traction control."2 But as with any other embedded system, refinements have been made through the years to both the electronics and the embedded software.
Although Toyota apparently made available, under agreed terms and via its attorneys, schematics, design documents, and source code "for multiple Camry years and versions" (Appendix A, p. 9) as well as many of the Japanese engineers involved in its design and evolution, NASA only closely examined one version. In NASA's words, "The area of emphasis will be the 2005 Toyota Camry because this vehicle has a consistently high rate of reported ‘UA events' over all Toyota models and all years, when normalized to the number of each model and year, according to NHTSA data." (p. 7) Except as otherwise stated, everything else in this column concerns the electronics and firmware found in that year, make, and model.