backtop


Print 106 comment(s) - last by delphinus100.. on Mar 22 at 1:36 PM


  (Source: Warner Brothers)

Could cosmic rays be blame for unintended acceleration in Toyota vehicles and crashes? The National Highway Traffic Safety Administration is investigating the possibility, which was raised by an industry tipster.  (Source: SuperChevy.com)
Could outer space be endangering Toyota's drivers?

Whether individual reports of runaway Priuses are true or not, the sheer number of complaints and accidents would indicate that many vehicles in Toyota's lineup may have deep underlying issues. These issues are exacerbated by the fact that many American drivers are unaware of all the means at their disposal to stop their vehicles.

The feds are now examining a rather wild theory -- that cosmic radiation may be causing some of Toyota's electrical issues.  The feds received an anonymous tip from an industry source that Toyota's microprocessors, memory chips and software may be more sensitive to cosmic rays than its competitors, causing increased incidences of malfunctions.  Such problems are commonplace with airplanes or spaceships, raising the need for extremely robust electronic designs.

Sung Chung, who runs a California testing firm, says he believes the tipster may be correct.  He states, "I think it could be a real issue with Toyota.  [But] nobody wants to come out and say we have issues and we need to test."

Electrical interference could help to explain the unintended acceleration afflicting 13 models across Toyota's lineup, or about 5.6 million vehicles in total.  While software and hardware can compensate, to an extent for cosmic interference, cosmic rays can potentially cause the kind of unrepeatable "single event upsets" that could add up to many of the 3,000 complaints against Toyota received by the National Highway Traffic Safety Administration since 2000.

William Price, who worked at a jet propulsion laboratory studying extraterrestrial electromagnetic interference (EMI) for 20 years, comments, "[It] occurs virtually anywhere.  It doesn't happen in a certain locale like you would expect in an electromagnetic problem from a radio tower or something else."

A Toyota spokesperson in a brief comment to 
Freep.com said that Toyota's protections against extraterrestrial EMI were "robust against this type of interference" and that its vehicles featured "absolute reliability".

Toyota may not be the only one susceptible to cosmic EMI, though.  Other manufacturers likely would have similar occurrences even in more reliable designs, albeit less frequently.

Cosmic EMI may turn out to be of little concern, or it may turn out to be a major problem with the increased use of in car electronics.  The auto industry used to use mechanical links, but now uses electrical throttle controls to save weight and space, and make other technologies possible, such as stability control.  Those benefits could come at a cost, though.

Update:

There's a lot of confusion about what "cosmic interference" or "cosmic EMI" is.  "Cosmic interference" or "cosmic radiation" can mean one of two things:
First, disruption due to cosmic rays, which are primarily composed of protons (hydrogen ions), helium nuclei (alpha particles), and high energy electrons.  Secondly, cosmic bodies like the sun can transmit self-propagating electromagnetic waves through the vacuum.  These waves can be referred to as "cosmic EMI".  Cosmic particles can also cause damage, but aren't referred to as EMI.  This article is referring to both cosmic rays and cosmic electromagnetic radiation.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

By porkpie on 3/16/2010 4:56:53 PM , Rating: 2
"...it would be very difficult to build shields for all of the vehicle's processors."

You can't shield against cosmic rays...not unless you want a few feet of lead or water on top of your vehicle.


By Lord 666 on 3/16/2010 5:01:43 PM , Rating: 2
Exactly my point... So if they prove that Toyota's design is more prone to EMI issues, they will be buying back an insane amount of cars.


By porkpie on 3/16/2010 5:13:31 PM , Rating: 1
NOT EMI. Say it again-- cosmic rays are not EMI.

In any case, even if true, they won't buy back entire vehicles; they'll just replace the control module with one more resilient to soft errors.


By Lord 666 on 3/16/2010 5:33:11 PM , Rating: 2
Hey smartie pants, your just upset you didn't think of outside interference before with the Toyota SA cases;)

Anyway, if they cut corners with non-ecc memory in one area, wouldn't trust my life in any of their cars. Money back or sued into oblivion.

Ironically, it would be funny if the US gives financial support to Toyota for their financial woes.


By Samus on 3/17/2010 5:06:59 AM , Rating: 5
Financial woes? They might not be selling as many cars as before, and sure the recall is costing them a few billion or so, but you are talking about a huge corporation, technically the largest automotive label in the world (VAG takes the cake when you roll in their underlings.)

This problem isn't impossible to fix. Infact a expensive, but simple solution is to simply have redundancy. ECC memory isn't going to help the problem, but perhaps adding a throttle control secondary somewhere (maybe in the cruise control circuit) and adding a simple mechanical override like an emergency shutdown would both do a world of good to a vehicle prone to this sort of radiation.

ECU's are already pretty well insultated from the elements, particularely moisture and heat, so perhaps they could relocate them to a place in the vehicle they are less prone to interferance such as under the drivers seat. The driver's body might act as a disruptor to cosmic radiation.

There are many things they can do to resolve this problem is cosmic interferance is to blame.

But if it is a software problem and they haven't fixed it by now, they better fix it fast if they want to stay on top.


By AstroGuardian on 3/18/2010 6:08:55 AM , Rating: 3
Why don't they just leave the old mechanics in the critical systems?


By leexgx on 3/19/2010 9:57:39 PM , Rating: 2
quote:
emergency shutdown would both do a world of good to a vehicle prone to this sort of radiation.

most do not know that holding the power button turns off the computer (in this case Toyota and 1-2 other car makers),

some other makes of cars that use push button start have an panic detection (hammer the start button the car cuts the engine off) as most are thinking to much when there car is doing 90mph and

911 or 999 do not know how to stop new cars that have got the car stuck in runaway mode

all car makers should use the same system to stop an engine both ways should be used, panic start button shutdown ECU (as most would do this hitting the start button) and Hold start to shutdown ECU (some computer techs may try this most would not)


By ekv on 3/16/2010 6:47:02 PM , Rating: 2
I believe semiconductor manufacturer's [like AMD, Intel, Cypress, etc.] still make mil-spec IC's. There is a special class within mil-spec that accounts for radiation hardened IC's. That's what they use on the Shuttle. I don't think the Shuttle has lead shielding.

Very expensive IC's. It'd be silly to use mil-spec on a terrestrial consumer application like a car's computer. Cheaper methods exist ... like you could have a secondary computer / backup and voting, etc.


By porkpie on 3/16/2010 7:22:24 PM , Rating: 4
In general, you can't solve SEU type problems with a second computer. You need triple redundancy. With only two, if they disagree, you don't know which one is correct.

In theory, you could just use the disagreement itself to detect an event, and make both computers recalculate their results...but in a realtime control situation, that isn't practical, especially since in the general case, it requires a reboot / refresh all memory from persistent storage. Meanwhile, your car/jet/spacecraft is maneuvering out of control.


By Shining Arcanine on 3/16/2010 8:09:03 PM , Rating: 2
You still need a computer to decide which of the three is right. :/


By randomly on 3/16/2010 8:37:55 PM , Rating: 5
No, the data streams of the three computers are compared by a voting circuit which flags the odd data out and sends the bad computer off to sit in the corner.

You can certainly minimize catastrophic problems caused by SEU with proper programming. Bounds checking of I/O and data, COP (computer operating properly) reset timers, check sum verification of firmware, etc. Rebooting an engine controller can be done in milliseconds since program memory is non-volatile and the amount of program and data memory is really quite small.

If you make the effort you can certainly get an engine computer to detect improper operation and handle it gracefully. It is a non-trivial task however.


By Alexvrb on 3/16/2010 11:57:13 PM , Rating: 2
You could just use a single module with a little bit of internal redundancy. The other issue is with sensors. If all of your computers are fed by a single sensor, and that sensor is faulty, they would all be fed the same data. So you really need multiple sensors too, if you're really going the paranoid route.

Or you could just use limp mode and/or safe defaults if a major issue is detected (sensor value out of expected range, etc), which all manufacturers do, and put in robust computers. Plus throw in a brake override switch, that has the computer close the throttle whenever the primary brakes are depressed.


By randomly on 3/17/2010 2:20:41 AM , Rating: 3
I don't think I was clear in my previous post but you can do all those things I mentioned in my previous post with a single processor and those techniques are used fairly often. Bounds checking sensor data can go a long ways toward detecting faulty sensors. Many sensor types will fail at one extreme or another, which will be outside the range of normal output values and so you can detect the failure. There are also ways of monitoring sensors to see if they are operating within expected parameters. Gas pedals jammed by floor mats is another matter.

In the case of brakes there can be a pedal position sensor and also a pedal depressed switch or sensor. So there can be sensor redundancy, and it's not paranoid to do that. If either brake pedal sensor reads as depressed then the throttle is driven to zero.


By randomly on 3/16/2010 8:22:14 PM , Rating: 2
A theory rapidly gaining traction is that SEU caused processing faults are to blame for the current dysfunctional state of American politics.

Still hotly debated though is whether this lack of fault tolerance is caused by defective hardware in the politicians or just bad programming.


By ekv on 3/16/2010 10:41:04 PM , Rating: 2
I meant to write tertiary (not secondary). "Triple redundancy" is even more precise a statement. Thanks.

Actually, it turns out the Shuttle does have some shielding on their AP-101S'. Of course, they have 5 computers. Quite robust.

http://spaceflight.nasa.gov/shuttle/reference/shut...

http://en.wikipedia.org/wiki/Space_Shuttle
[the "Flight systems" section details how they vote]


By porkpie on 3/16/2010 11:42:20 PM , Rating: 2
"Actually, it turns out the Shuttle does have some shielding on their AP-101S"

I don't believe that's true; their computer gear is usually hardened, but not shielded.

In any case, its not really relevant to ground-level GCRs; the Shuttle has the solar wind and the Van Allen belts to deal with; particle energy levels in both cases can easily be shielded against. The problem with doing so, however, is it actually increases the problems from the higher-energy GCRs.


By Iketh on 3/17/2010 10:11:29 AM , Rating: 2
today's chips (even if it's not AMD or Intel) can recalculate hundreds or thousands of times a second, which only proves that hardware redundancy is not needed since one computer can re-check its own calculations many times before taking action... meaning they could solve their issues with a software fix

but that's assuming this interference happens in a fraction of a second...

and the redundancy fix assumes the interference is very localized to the point that 2 computers sitting side-by-side (or anywhere in the same vehicle) won't receive the same interference


By porkpie on 3/17/2010 11:09:51 AM , Rating: 2
"since one computer can re-check its own calculations many times before taking action.."

But if it is calculating based on a memory value that's been corrupted as a result of a SEU (the normal situation), it doesn't matter how many times it recalculates -- the answer is still going to be incorrect.

"the redundancy fix assumes the interference is very localized to the point that 2 computers sitting side-by-side won't receive the same interference"

They won't. A GCR hit is due to a single atomic nucleus strike. It's hard to get more localized than that.


By Iketh on 3/17/2010 7:08:49 PM , Rating: 2
quote:
But if it is calculating based on a memory value that's been corrupted as a result of a SEU (the normal situation), it doesn't matter how many times it recalculates -- the answer is still going to be incorrect.


Sure, if you program the redundancy poorly. The cars perform normally after it has been shut off to the point investigators are not even able to replicate the occurrence. Software programmers can check against redundant constants and use an algorithm to determine if the calculation is within the limits set by the algorithm.


By porkpie on 3/17/2010 7:15:41 PM , Rating: 2
quote:
Software programmers can check against redundant constants and use an algorithm to determine if the calculation is within the limits set by the algorithm.
And what if its within limits, but still incorrect? (i.e. a pedal position calculated at 90%, when its really at 0%?) Or what if the code that compares the "redundant constants" is what's corrupted, rather than the constants themselves?

There's a reason triple (and higher) redundant clusters exist. There is no general way to achieve guaranteed reliable results simply by recalculating with a single node.


By Ammohunt on 3/17/2010 2:20:55 PM , Rating: 2
SUN 10 years ago has exactly this problem with the cache memory on some its SPARC CPU's that was sensitive to Cosmic Rays if i remember right it would casue kernel panics. From what i understand it has to do with either the thinkness of the wires on the die or the distance between them hence the reason space probes and the shuttle use ancient CPU's for their processing tasks like hardened versions of Motorola 68000's


"I f***ing cannot play Halo 2 multiplayer. I cannot do it." -- Bungie Technical Lead Chris Butcher














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki