Edmunds' Inside Line blog has posted a 17 minute long video from Toyota which explains in some detail how their ETC system works. It is at a layman's level, so you don't need an engineering degree to understand what they are showing.
Link
Thứ Tư, 24 tháng 2, 2010
In Defense of ETC Part 1
When I get a chance to review Prof. Gilbert's report on how he fooled Toyota's Electronic Throttle Control (ETC) system, I will post comments.
For now, I'd like to take a few lines to defend ETC in concept.
ETC has some significant advantages over mechanical throttle linkages.
Trial lawyers try to sow FUD (Fear, Uncertainty, Doubt) about "complex electronic systems", and throw out scary "what if" scenarios, to try to win cases and big money. But engineers know that complex systems are designed, tested, and validated over many years before being released into production, and are tested for every conceivable failure. ETC systems must be qualified under a range of temperatures and wide band electromagnetic interference testing. Failure modes, such as cut wires, broken sensors, damaged actuators, etc. are all tested using a process called FMEA (failure mode effects analysis). FMEA was designed by NASA as a way to think through a system's reliabilty to pin down possible ways it could break; then tests are designed to validate the system under those conditions.
Is it possible that Toyota screwed up the FMEA, or cut corners, and has a dangerous-but-rare condition with their ETC system? It is possible. But given the excellence of Toyota's engineering, I would be surprised.
For now, I'd like to take a few lines to defend ETC in concept.
ETC has some significant advantages over mechanical throttle linkages.
- Fuel economy: actual throttle flow can be optimized based on operating conditions, and pedal position is used to infer driver intent. For example, someone with a shaky foot can be "smoothed out".
- Mechanical simplicity, weight, and cost: Using ETC means you can get rid of the idle air control valve, throttle cable, and cruise control actuator. Fewer things to break.
- Robustness: ETC systems have built in algorithms for unusual conditions. For example, the throttle plate can be shaken very quickly by the motor, as an "ice breaker", if the throttle plate is iced. There are no cables to bind up or corrode, no exposed return springs to break. The system has independent CPUs which monitor the throttle plate position and pedal position 100s of times a second, with fail-safe algorithms to shut the thing down if something unexpected happens. ETC has redundant sensors, which are used to check that the information coming into the ECUs is reliable and self-consistent. In a mechanical throttle system, the only failsafe is the driver's foot--if the thing is stuck, you pump it and pray it gets unstuck.
Trial lawyers try to sow FUD (Fear, Uncertainty, Doubt) about "complex electronic systems", and throw out scary "what if" scenarios, to try to win cases and big money. But engineers know that complex systems are designed, tested, and validated over many years before being released into production, and are tested for every conceivable failure. ETC systems must be qualified under a range of temperatures and wide band electromagnetic interference testing. Failure modes, such as cut wires, broken sensors, damaged actuators, etc. are all tested using a process called FMEA (failure mode effects analysis). FMEA was designed by NASA as a way to think through a system's reliabilty to pin down possible ways it could break; then tests are designed to validate the system under those conditions.
Is it possible that Toyota screwed up the FMEA, or cut corners, and has a dangerous-but-rare condition with their ETC system? It is possible. But given the excellence of Toyota's engineering, I would be surprised.
Thứ Ba, 23 tháng 2, 2010
Toyota's Lentz Weeps
Toyota USA's Lentz, relating how his 30 year old brother was killed in a car accident, got teary eyed while answering a question for Rep. Rush (D-Ill).
Why Stuck Throttles Are So Dangerous: Loss Of Vacuum
Something that hasn't been discussed widely is the role of engine vacuum in the unintended acceleration issue.
The reason that you only have one chance to brake a car which is experiencing a stuck throttle or unintended acceleration is that at wide-open-throttle, the engine is not generating any manifold vacuum. Without manifold vacuum, on most cars, the hydraulic brake booster will ingest air as the brakes are applied. Pumping the brakes will fill the booster very quickly. Without vacuum, the brake pedal will be very hard, and it will require a huge amount of brake pedal force to stop the car.
The reason that you only have one chance to brake a car which is experiencing a stuck throttle or unintended acceleration is that at wide-open-throttle, the engine is not generating any manifold vacuum. Without manifold vacuum, on most cars, the hydraulic brake booster will ingest air as the brakes are applied. Pumping the brakes will fill the booster very quickly. Without vacuum, the brake pedal will be very hard, and it will require a huge amount of brake pedal force to stop the car.
Rep. Buyer Defends Toyota
Rep Steven Buyer (R-Ind) is coming to the defense of Toyota. Which makes sense, the Subaru plant which builds Toyotas is in his district. He points out that work by Prof. Gilbert is commissioned by an "advocacy" organization which is being funded by trial lawyer.
Toyota: Gilbert's Test "Sabotage"
Toyota's lawyers told the House Oversight Committee members that the test that Prof. Gilbert did to the Toyota electronic system was "sabotage". Professor Gilbert is testifying that the short circuit he introduced could happen in real life.
Gilbert: Toyota Electronic Throttle Diagnostics Poor
The gist of Professor Gilbert's testimony to the House Oversight Committee is that Toyota's electronic throttle sensing system is poor, in that the redundant signals are insufficiently different from one another, so that the diagnostic system can be fooled into thinking that a short circuit between them is a driver request for wide-open throttle, and not a fault state. He also just testified that other automakers would catch the fault that he induced "right away".
"If I would have done that on a Buick or a Honda... it would have set a DTC or code".
"If I would have done that on a Buick or a Honda... it would have set a DTC or code".
Đăng ký:
Bài đăng (Atom)