How NASA and NHTSA tested Toyota

Blog Post

Posted Feb 10, 2011
by John Day
2 Comments
Tags: unintende acceleration, Toyota, electromagnetic radiation, event data recorders, brake override systems, nasa, NHTSA, Goddard Space Flight Center, keyless ignition

Go URL

Share

It’s not that I was suspicious. I have no axe to grind against Toyota and was pleased to read that after a 10-month study, NASA and NHTSA engineers found no electronic flaws in Toyota vehicles capable of causing unintended acceleration.

But I was curious to know how they did it – how they examined and tested mechanical and electronic components and what tools they used to analyze some 280,000 lines of electronic throttle control code.

When they released the findings, NHTSA said NASA hardware and systems engineers examined and tested mechanical components at the Goddard Space Flight Center, NHTSA and NASA engineers bombarded Toyota vehicles with electromagnetic radiation at a facility in Michigan, and NHTSA engineers looked for additional mechanical causes at NHTSA’s research and test center in Ohio. They also worked to determine whether any of the test scenarios developed during the investigation could actually occur in real-world conditions.

Details are available in reports from NHTSA http://www.nhtsa.gov/staticfiles/nvs/pdf/NHTSA-UA_report.pdf and NASA http://www.nhtsa.gov/staticfiles/nvs/pdf/NASA-UA_report.pdf. An executive summary is available at http://www.nhtsa.gov/staticfiles/nvs/pdf/NASA_report_execsum.pdf

NASA used three tools for static analysis of the software code – Coverity (http://coverity.com), Grammatech’s CodeSonar (http://grammatech.com/products/codesonar/overview.html) and Uno (http://spinroot.com/uno/). NASA used the open source verifier Spin, and a preprocessing system, Swarm, for logic model checking, and it used MathWorks’ MATLAB, Simulink, Stateflow, and SystemTest, and Absint’s aiT, for software algorithm design analysis. Should they also have used a dynamic analysis tool? If you take the time to read the full report, let me know your thoughts.

Exonerating electronics leaves sticking accelerator pedals and accelerator pedals trapped by floor mats as the primary causes of unintended acceleration, at least for now. NHTSA and NASA plan to brief members of a National Academy of Sciences panel that is also studying unintended acceleration and electronic throttle control.

And based on their findings, NHTSA may propose rules to require brake override systems, standardize operation of keyless ignition systems, and require the installation of event data recorders. The agency is also planning additional research on the reliability and security of automotive electronic control systems.

Preparing Recommendations

More Blog Posts

About John Day

John DayJohn Day recently launched John Day’s Automotive Electronics News (johndayautomotivelectronics.com) to provide news and feature coverage of the automotive electronics industry. Earlier he wrote for Auto Electronics magazine, Auto E-lectronics, EE Times, and other business and engineering publications. Visit John Day

Follow on Twitter

More Posts by John Day

Preparing Recommendations

Comments (↓ Add Your Own)

2 Comments on this Post

Commented on 8:04 PM, Feb 25, 2011
By Paul Barnard

The question of performing dynamic analysis is a good one. Whether or not they did dynamic analysis, I did see that quite a lot of dynamic testing was performed. NASA did dynamic testing with MATLAB and Simulink models, running over 114,000 test cases. (http://blogs.mathworks.com/seth/?p=123) Source code was also incorporated into the models to increase model fidelity. Because the source code was brought into Simulink through S-functions, it allowed for reuse of the same test framework and exploration of different scenarios.

Commented on 5:38 AM, Mar 20, 2011
By Nick Presnell

Are these systems immune from SEUs?

Add Your Comment

Please complete the following information to comment or sign in.

(Your email will not be published)

Recent Posts

Archives

Tags

Less More