backtop


Print 106 comment(s) - last by delphinus100.. on Mar 22 at 1:36 PM


  (Source: Warner Brothers)

Could cosmic rays be blame for unintended acceleration in Toyota vehicles and crashes? The National Highway Traffic Safety Administration is investigating the possibility, which was raised by an industry tipster.  (Source: SuperChevy.com)
Could outer space be endangering Toyota's drivers?

Whether individual reports of runaway Priuses are true or not, the sheer number of complaints and accidents would indicate that many vehicles in Toyota's lineup may have deep underlying issues. These issues are exacerbated by the fact that many American drivers are unaware of all the means at their disposal to stop their vehicles.

The feds are now examining a rather wild theory -- that cosmic radiation may be causing some of Toyota's electrical issues.  The feds received an anonymous tip from an industry source that Toyota's microprocessors, memory chips and software may be more sensitive to cosmic rays than its competitors, causing increased incidences of malfunctions.  Such problems are commonplace with airplanes or spaceships, raising the need for extremely robust electronic designs.

Sung Chung, who runs a California testing firm, says he believes the tipster may be correct.  He states, "I think it could be a real issue with Toyota.  [But] nobody wants to come out and say we have issues and we need to test."

Electrical interference could help to explain the unintended acceleration afflicting 13 models across Toyota's lineup, or about 5.6 million vehicles in total.  While software and hardware can compensate, to an extent for cosmic interference, cosmic rays can potentially cause the kind of unrepeatable "single event upsets" that could add up to many of the 3,000 complaints against Toyota received by the National Highway Traffic Safety Administration since 2000.

William Price, who worked at a jet propulsion laboratory studying extraterrestrial electromagnetic interference (EMI) for 20 years, comments, "[It] occurs virtually anywhere.  It doesn't happen in a certain locale like you would expect in an electromagnetic problem from a radio tower or something else."

A Toyota spokesperson in a brief comment to 
Freep.com said that Toyota's protections against extraterrestrial EMI were "robust against this type of interference" and that its vehicles featured "absolute reliability".

Toyota may not be the only one susceptible to cosmic EMI, though.  Other manufacturers likely would have similar occurrences even in more reliable designs, albeit less frequently.

Cosmic EMI may turn out to be of little concern, or it may turn out to be a major problem with the increased use of in car electronics.  The auto industry used to use mechanical links, but now uses electrical throttle controls to save weight and space, and make other technologies possible, such as stability control.  Those benefits could come at a cost, though.

Update:

There's a lot of confusion about what "cosmic interference" or "cosmic EMI" is.  "Cosmic interference" or "cosmic radiation" can mean one of two things:
First, disruption due to cosmic rays, which are primarily composed of protons (hydrogen ions), helium nuclei (alpha particles), and high energy electrons.  Secondly, cosmic bodies like the sun can transmit self-propagating electromagnetic waves through the vacuum.  These waves can be referred to as "cosmic EMI".  Cosmic particles can also cause damage, but aren't referred to as EMI.  This article is referring to both cosmic rays and cosmic electromagnetic radiation.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

By porkpie on 3/16/2010 7:22:24 PM , Rating: 4
In general, you can't solve SEU type problems with a second computer. You need triple redundancy. With only two, if they disagree, you don't know which one is correct.

In theory, you could just use the disagreement itself to detect an event, and make both computers recalculate their results...but in a realtime control situation, that isn't practical, especially since in the general case, it requires a reboot / refresh all memory from persistent storage. Meanwhile, your car/jet/spacecraft is maneuvering out of control.


By Shining Arcanine on 3/16/2010 8:09:03 PM , Rating: 2
You still need a computer to decide which of the three is right. :/


By randomly on 3/16/2010 8:37:55 PM , Rating: 5
No, the data streams of the three computers are compared by a voting circuit which flags the odd data out and sends the bad computer off to sit in the corner.

You can certainly minimize catastrophic problems caused by SEU with proper programming. Bounds checking of I/O and data, COP (computer operating properly) reset timers, check sum verification of firmware, etc. Rebooting an engine controller can be done in milliseconds since program memory is non-volatile and the amount of program and data memory is really quite small.

If you make the effort you can certainly get an engine computer to detect improper operation and handle it gracefully. It is a non-trivial task however.


By Alexvrb on 3/16/2010 11:57:13 PM , Rating: 2
You could just use a single module with a little bit of internal redundancy. The other issue is with sensors. If all of your computers are fed by a single sensor, and that sensor is faulty, they would all be fed the same data. So you really need multiple sensors too, if you're really going the paranoid route.

Or you could just use limp mode and/or safe defaults if a major issue is detected (sensor value out of expected range, etc), which all manufacturers do, and put in robust computers. Plus throw in a brake override switch, that has the computer close the throttle whenever the primary brakes are depressed.


By randomly on 3/17/2010 2:20:41 AM , Rating: 3
I don't think I was clear in my previous post but you can do all those things I mentioned in my previous post with a single processor and those techniques are used fairly often. Bounds checking sensor data can go a long ways toward detecting faulty sensors. Many sensor types will fail at one extreme or another, which will be outside the range of normal output values and so you can detect the failure. There are also ways of monitoring sensors to see if they are operating within expected parameters. Gas pedals jammed by floor mats is another matter.

In the case of brakes there can be a pedal position sensor and also a pedal depressed switch or sensor. So there can be sensor redundancy, and it's not paranoid to do that. If either brake pedal sensor reads as depressed then the throttle is driven to zero.


By randomly on 3/16/2010 8:22:14 PM , Rating: 2
A theory rapidly gaining traction is that SEU caused processing faults are to blame for the current dysfunctional state of American politics.

Still hotly debated though is whether this lack of fault tolerance is caused by defective hardware in the politicians or just bad programming.


By ekv on 3/16/2010 10:41:04 PM , Rating: 2
I meant to write tertiary (not secondary). "Triple redundancy" is even more precise a statement. Thanks.

Actually, it turns out the Shuttle does have some shielding on their AP-101S'. Of course, they have 5 computers. Quite robust.

http://spaceflight.nasa.gov/shuttle/reference/shut...

http://en.wikipedia.org/wiki/Space_Shuttle
[the "Flight systems" section details how they vote]


By porkpie on 3/16/2010 11:42:20 PM , Rating: 2
"Actually, it turns out the Shuttle does have some shielding on their AP-101S"

I don't believe that's true; their computer gear is usually hardened, but not shielded.

In any case, its not really relevant to ground-level GCRs; the Shuttle has the solar wind and the Van Allen belts to deal with; particle energy levels in both cases can easily be shielded against. The problem with doing so, however, is it actually increases the problems from the higher-energy GCRs.


By Iketh on 3/17/2010 10:11:29 AM , Rating: 2
today's chips (even if it's not AMD or Intel) can recalculate hundreds or thousands of times a second, which only proves that hardware redundancy is not needed since one computer can re-check its own calculations many times before taking action... meaning they could solve their issues with a software fix

but that's assuming this interference happens in a fraction of a second...

and the redundancy fix assumes the interference is very localized to the point that 2 computers sitting side-by-side (or anywhere in the same vehicle) won't receive the same interference


By porkpie on 3/17/2010 11:09:51 AM , Rating: 2
"since one computer can re-check its own calculations many times before taking action.."

But if it is calculating based on a memory value that's been corrupted as a result of a SEU (the normal situation), it doesn't matter how many times it recalculates -- the answer is still going to be incorrect.

"the redundancy fix assumes the interference is very localized to the point that 2 computers sitting side-by-side won't receive the same interference"

They won't. A GCR hit is due to a single atomic nucleus strike. It's hard to get more localized than that.


By Iketh on 3/17/2010 7:08:49 PM , Rating: 2
quote:
But if it is calculating based on a memory value that's been corrupted as a result of a SEU (the normal situation), it doesn't matter how many times it recalculates -- the answer is still going to be incorrect.


Sure, if you program the redundancy poorly. The cars perform normally after it has been shut off to the point investigators are not even able to replicate the occurrence. Software programmers can check against redundant constants and use an algorithm to determine if the calculation is within the limits set by the algorithm.


By porkpie on 3/17/2010 7:15:41 PM , Rating: 2
quote:
Software programmers can check against redundant constants and use an algorithm to determine if the calculation is within the limits set by the algorithm.
And what if its within limits, but still incorrect? (i.e. a pedal position calculated at 90%, when its really at 0%?) Or what if the code that compares the "redundant constants" is what's corrupted, rather than the constants themselves?

There's a reason triple (and higher) redundant clusters exist. There is no general way to achieve guaranteed reliable results simply by recalculating with a single node.


"DailyTech is the best kept secret on the Internet." -- Larry Barber














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki