Possible Electronics Causes for Sudden Unintended Acceleration

Sudden unintended acceleration has occurred in disproportionate numbers (relative to market share) on Toyota vehicles since the introduction of the ETCS-I (Electronic Throttle Control System with Intelligence) in 2001 across multiple popular Toyota models.

Many complaints in the NHTSA database clearly indicate that in several cases, the accelerator pedals were not stuck in a floor mat when SUA occurred. The recent fix for sticky pedals that Toyota recently announced also seem to be just a red herring in this whole context.

The timing of the surge in SUA complaints and the lack of other causes points the finger directly at electronics, namely ETCS-I.

Nature of Sudden Unintended Acceleration

While the term sudden unintended acceleration (SUA) has been used quite commonly for months, a better term to use would be sudden and sustained unintended acceleration (SSUA), i.e. acceleration continues in a sustained fashion often leading to high, unsafe and unstoppable speeds.

Once SSUA happens, vehicles have been totaled in a wreck or had to be stopped by putting the transmission into neutral. After reset, in many cases, the vehicle runs normally. However, SSUA can occur again in the future.

Possible Scenarios

  1. The root cause of SSUA is not in the ETCS-I at all – this seems very unlikely given the above data.
  2. A root cause of SSUA lies in the ETCS-I, and Toyota could not repeat the problem in the lab. While the problem may happen under complex or non-obvious conditions, this would likely imply inadequate testing on the part of Toyota engineers (for not being able to think out of the box to find a lurking problem over several years) and/or insufficient investment of resources.
  3. Problems in the ETCS-I were indeed diagnosed in the lab or in the field when Toyota tested vehicles which exhibited SSUA. This would be a major surprise since Toyota has claimed many times in recent years that electronics was not a cause of SSUA. (The President of Toyota USA is expected to make this claim today in the ongoing Congressional hearings). If documents are found that Toyota found some problems in electronics but chose not to disclose them, this would naturally reflect very serious technical, procedural and corporate culture problems within the company and one hopes would not be the case.

Toyota, in fact, announced a few hours ago that brake overrides will be added on more Toyota cars than (quietly) announced earlier. The move is described as intended to “provide an additional measure of confidence”. Lawyers pursuing class action lawsuits against Toyota could be expected to argue that this is an indirect acknowledgement of problems with electronics.

Electro-Magnetic Interference (EMI) Issues

Can EMI (electro-magnetic interference) cause SSUA?

EMI (also called Radio Frequency Interference or RFI) corresponds to disturbances arising from electromagnetic conduction or electromagnetic radiation from a source external to the system under consideration. When your TV reception is poor (e.g. ghost images) during thunderstorms, that can be attributed to EMI. If your cordless phone or WiFi (wireless network) does not work if a nearby microwave oven is running, that can also be at attributed to EMI.

EMI from Sources External to the Automobile

There has been speculation that EMI from sources such as auto-wash houses and big restaurant ovens affect automotive electronics. The intensity of these signals drops (at least) as a square of the distance from the source. In other words, the strength of the interference decays very rapidly and is unlikely to be the source of sudden and sustained acceleration where the vehicle has traveled several hundreds of meters past the source.

EMI from Sources Internal to the Automobile

Interference from within the automobile can in principle cause problems as well. Ford recently noticed EMI from two neighboring wires causing problems in the Ford Focus Hybrid braking system. A software error that saw such EMI decided to transfer control from the regenerative brake system to the (traditional) hydraulic brake system. Additional shielding of the cables and a software patch fix the problem.

Can such EMI cause Toyota vehicles to experience SSUA? In principle, yes. But this would require two conditions to hold true: the EMI happens distorting inputs to the electronics and software interprets those values incorrectly.

My personal opinion is that if this were the problem, it is easier to detect than other sources. If software just reacts instantaneously to the fluctuating EMI signals, sustained acceleration will perhaps not happen.

Electro-Static Discharge (ESD) Issues

Electrostatic discharge (ESD) is the name given to the sudden and short-lived electric current that flows between two objects at different electrical potentials (voltages) caused by direct contact or induced by an electrostatic field. These currents, while short-lived, are unwanted that may cause damage to electronic equipment.

The simplest ESD example that people see in practice is the very brief spark that happens when during winter one touches a metal and you get a ‘shock’ and see a spark. (Charge develops on your body as you walk across a carpet, for example, which gets discharged when you touch a conducting material). At home, one often uses voltage surge suppressors to connect sensitive electronics like TVs and computers. Without such surge suppressors, voltage spikes like lightning can enter your electronics and cause permanent damage. Lightning is another classic example of ESD.

Due to the damage that ESD can cause to electronics, there are military, industry, automotive and international standards to deal with them. Popular consumer electronics like camcorders, mobile phones, and digital cameras have built in voltage shunts that trap these spikes from reaching the core of the electronics and damaging them.

ESD damage to electronics, which worsens over time, can fall into different categories. One, the damage can be permanent and the device fails. This is often referred to as a hard fault. Two, the damage seems to reset itself and function correctly (for a while) when the device is shut down and restarted. This is often referred to as a soft fault. Some standards even define finer distinctions.

Hardware Issues

Can any problems in Toyota throttle electronics lie in hardware?  Here are the possibilities:

  1. There are no logical errors in the hardware particularly when all goes according to plan (such as no EMI, no sensor and Electronic Control Unit failures). It is very likely that this situation reflects the vast majority of cases. In practice, Toyota could not successfully ship a faulty ETCS-i since around 2001 if the design was behaving in
    faulty fashion across most of its models.
  2. Hardware component failures, when they happen, lead to unexpected outputs (causing SSUA). Safety-critical systems such as electronic throtle control systems are supposed to have built-in fail-safe mechanisms. A designer must make assumptions about what could fail and how the system will react to it. See my earlier posting on
    Brake Overrides: The Devil in the Details for additional details. The lack of brake overrides in the ETCS-I is an issue that Toyota has to deal with for quite some time. Its promise to add brake overrides to recent models is a good step in the right direction but leaves open the question “What about the older models?”. Another
    question that applies to all models (even those with the promised overriddes) is the lack of a (say, mechanical) over-ride mechanism that does not depend on the ECU (Electronic Control Unit) inside the ETCS-I to process and execute the over-ride requirement.
  3. Sensor failures (throttle position sensors, for example) can also cause ETCS-I to believe that all is well with the engine control when it is not.  If the throttle position were fully open in reality, but the throttle position sensor reports that it was nearly or fully closed, the engine could experience a surge in acceleration as the throttle is commanded by the ECU to open more and more.   Similarly, if the accelerator pedal position sensor (APPS) were malfunctioning and it reports that the gas pedal was pressed down when it actually is not, SSUA would be a natural result.

Software Issues

Could software in the ETCS-I have problems?

It would be very hard to prove that there are no software problems – such verification technology for the complex situations that ETCS-I can encounter (including noise and failures) is not very mature yet. Those outside Toyota can only conjecture. Only those with access to the source code of the programs running on the ETCS-I can make
more precise statements.

One or two lines of code can in principle do the wrong thing under a complex set of conditions that happen in the accelerator pedal position and throttle position sensors, combined with internal context.

Summary

In principle, many things can go wrong in Toyota’s ETCS-I due to many factors including electro-static discharge (ESD), electro-magnetic interference (EMI), hardware or software.  We are currently focusing on ESD as the likely source of soft and hardware faults in the electronics that can lead to SSUA (sudden and sustained unintended acceleration).   Individual or combinations of these elements can be causing the problems.

Advertisements

3 Responses to “Possible Electronics Causes for Sudden Unintended Acceleration”

  1. Elmer Bulman Says:

    Circuit geometry would lessen the effects of ESD. For example a ground wire from A to B to C is not the same circuit as a ground wire from A to C to B when high frequency is present. ESD is a high frequency event.

    A Ground wire from a sensor that runs to the CPU common then to CHASSIS should be instead rerouted from the sensor to CHASSIS then to the CPU Common. This is the way a desk top PC common bus is protected from an external ESD sources.

  2. Matthew B Says:

    “If the throttle position were fully open in reality, but the throttle position sensor reports that it was nearly or fully closed, the engine could experience a surge in acceleration as the throttle is commanded by the ECU to open more and more.”

    That is a doubtful scenario. The throttle only controls air. Fuel is under control of the fuel injectors. If the throttle was open but the ECM was intending to idle the engine, the fuel / air ratio would go so low that the engine would die.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: