[SystemSafety] More on Bookout-Schwarz/Toyota
Peter Bernard Ladkin
ladkin at rvs.uni-bielefeld.de
Mon Nov 11 13:14:41 CET 2013
Andrew,
I'll just answer your questions straight.
On 11/11/13 11:05 AM, Andrew Rae wrote:
> 1) The reports of unintended acceleration follow the pattern of socially-propogated concerns,
I think "follow" is wrong. The event happened in 2007. According to
http://en.wikipedia.org/wiki/Sudden_unintended_acceleration (for what Wikipedia info is worth) there
were two isolated reports in Toyota Camrys before that, one which was explained mechanically ("tin
whisker") and one it seems unexplained.
The mass of Toyota UA reports I think was around 2009 and following. This event was before that.
> making
> it possible, maybe probable, that
> there were no underlying unintended acceleration events caused by software faults
Unlike Bishop Berkeley, I don't see any plausible relation between any social or psychological
phenomena and the likelihood of UAs being caused by SW faults.
> 2) None of the car models concerned had an independent recording device allowing _other_ causes of
> the unintended acceleration to to be confirmed.
I think they had the devices, indeed I think this car had a recorder. It's that the recorder was
written by the same task that it was proposed had hung, Task X.
Besides, Toyota (Dr. Ishii, if I remember the name right) determined that the event recorder did not
always record adverse events that were known with certainty to have occurred (through bench testing).
> 3) The NASA report found problems with the software, but none that they thought were likely to be a
> cause of unintended accleration under the circumstances of
> the set of accidents they looked at.
NASA didn't commit to likelihood, as far as I know. They said that they couldn't rule out SW
misbehavior as a cause of the UA event. They seem to have been well aware that not inspecting the
source code significantly limits what one can conclude.
> 4) The Bookout trial evidence was heavily critical of the software, and found plausible ways that
> unintended acceleration could be caused by the software, but nothing directly linking these
> possibilities to the Bookout events.
That seems to be right, depending on what one takes as a "direct link".
Only the general sequence of events in the Bookout incident were determined, as far as I know; no
one reconstructed the sequence in detail. For example, there were significant skid marks from the
car some way before the collision point, and the court could not determine whence they were caused.
Plaintiff said they came from an attempt to use the parking brake; defendant couldn't show that that
was not the case, neither was an alternative shown to be plausible.
As far as I can tell from my currently-limited knowledge, the Barr scenario is consistent with the
Bookout events. Being "consistent with" is obviously not "caused". But it does seem to me from what
I have read so far that a Barr-type scenario is intuitively plausible as a possible cause of the
Bookout events, and I'm not sure one can do any better than that here in determining cause, given
the unknowns. But I am open to being corrected.
PBL
Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
Tel+msg +49 (0)521 880 7319 www.rvs.uni-bielefeld.de
More information about the systemsafety
mailing list