×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Do Car Safety Problems Come From Outer Space?

timothy posted about 4 years ago | from the we-know-that-oranges-do dept.

Bug 437

Hugh Pickens writes "As electronic devices are made to perform more and more functions on smaller circuit chips, the systems become more sensitive and vulnerable to corruption from single event upsets. This is especially true of Toyota, which has led the auto industry in its widespread inclusion of electronic controls in the manufacture of their various car models. 'These circuit families store not just data, but their basic function electrically,' says Lloyd W. Massengill, director of engineering at the Vanderbilt Institute for Space and Defense Electronics at Vanderbilt University. 'In the unfortunate event of a particle flipping just the right bit, a circuit configured to carry out a benign action may be reprogrammed to carry out some unintended action.' Denise Chow writes in Live Science that some scientists are pointing to cosmic ray radiation as a plausible mechanism behind the sudden, unexplained acceleration reported to have occurred with the late model Toyotas.""As the design of automobile systems continues to evolve from mechanical to electronic controls, relying more and more on various circuitry and chips, these electronic components may be vulnerable to being confounded by high-energy radiation writes Chow. Federal regulators were prompted to look into the possible role that cosmic rays played in Toyota's product recall fiasco after an anonymous tipster suggested the design of Toyota's microprocessors, software and memory chips could make them more vulnerable (PDF) to interference from radiation compared with other automakers. 'What's not known is what direction Toyota and other automakers are taking in terms of finding and correcting these issues,' says senior researcher Ewart Blackmore."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

437 comments

Why they tell you to turn off your phone... (5, Informative)

LostCluster (625375) | about 4 years ago | (#31650752)

Interference from radiation doesn't just come from outer space, it comes from cell phones, TV/radio stations, microwaves.... you see where this is going. I once worked in an office where there was a cell phone relay antenna too close to a PC, and we were constantly reinstalling the OS until I told them to move things around in the area.

Thing is, when Windows gets a corrupted OS... it BSODs and we move on. Single-bit errors shouldn't send the car out of control... there should be some checksum that shouldn't add up. When a fault is detected, it should go to a backup program about safely shutting down the car.

Re:Why they tell you to turn off your phone... (5, Funny)

JoshuaZ (1134087) | about 4 years ago | (#31650788)

That's almost exactly what I was going to say. You've managed to make an accurate first post that actually includes a suggestion for dealing with the problems in question. Are you sure you meant to post this comment on Slashdot?

Re:Why they tell you to turn off your phone... (2, Insightful)

Cryacin (657549) | about 4 years ago | (#31651008)

I think it's just trying to blame the little green men on a problem that has more terrestial origins.

Re:Everyone Loves Space Ray (3, Funny)

WrongSizeGlass (838941) | about 4 years ago | (#31651046)

Tonight on CBS, a very special episode of Everyone Loves Space Ray:

Space Ray: Hey, Deborah, did you hear what happened to my car?
Deborah: Don't worry about it, Space Ray, you didn't cause it this time (simulated audience laughter)

With a special guest appearance by Ace Frehley as "Just Another Confused Alien". Coming up right after "The Ghosts of Gilligan's Island"

Re:Why they tell you to turn off your phone... (1, Funny)

Anonymous Coward | about 4 years ago | (#31651176)

"Where's the Kaboom? There was supposed to be an Earth shattering Kaboom." OK, well that car crash was nice, but next time I want the Kaboom!

Re:Why they tell you to turn off your phone... (4, Informative)

pushing-robot (1037830) | about 4 years ago | (#31650818)

http://en.wikipedia.org/wiki/Non-ionizing_radiation [wikipedia.org]

Granted, an unshielded circuit can be vulnerable to any EM field, but gamma rays affect electronics in a completely different way than microwaves do.

Re:Why they tell you to turn off your phone... (1)

blackraven14250 (902843) | about 4 years ago | (#31650988)

I was under the impression that gamma rays were much (orders of magnitude) less likely to have an effect on electronics as their wavelength was so much higher, but if they did, it would be (basically) a more drastic impact, because of the higher energy.

Re:Why they tell you to turn off your phone... (3, Informative)

Anonymous Coward | about 4 years ago | (#31651082)

Nope, the exact opposite. Gamma rays [wikipedia.org] are short wavelength and high energy.

Don't fuck with Gamma Rays. Just ask Dr. Banner. (0)

Anonymous Coward | about 4 years ago | (#31651092)

Dr. Bruce Banner, pelted by gamma rays,
Turned into The Hulk, ain’t he unglamorous!

Wrecking the town with the power of a bull!
Ain’t no monster clown who is as lovable!
As ever-loving Hulk! Hulk! Hulk!

Re:Why they tell you to turn off your phone... (1)

MadUndergrad (950779) | about 4 years ago | (#31651154)

Gamma rays have a higher wavelength, which makes them less likely to interact, but a correspondingly high energy which makes the possible ionizing effect greater if they do interact.

Re:Why they tell you to turn off your phone... (3, Informative)

hipp5 (1635263) | about 4 years ago | (#31651226)

Gamma rays have a higher frequency,

Corrected. And thus they have a shorter wavelength.

Re:Why they tell you to turn off your phone... (1, Funny)

Anonymous Coward | about 4 years ago | (#31650848)

How can you protect yourself from that checksum algorithm not getting flipped? What if that single-bit error caused the checksum algo to do some assembly magic and start injecting its benign code into places where it would be malignant!?

This just proves how vulnerable electric cars really are!

Re:Why they tell you to turn off your phone... (1)

WrongSizeGlass (838941) | about 4 years ago | (#31650878)

How can you protect yourself from that checksum algorithm not getting flipped?

Easy, just buy one of our new Automotive Tin Foil Hats. It keeps the space rays out - and the real crazy in.

Re:Why they tell you to turn off your phone... (1)

beakerMeep (716990) | about 4 years ago | (#31650906)

Redundancy. You have a second car follow you around in case one of the bit of the first car goes rouge or 'evil'

Re:Why they tell you to turn off your phone... (4, Informative)

Anonymous Coward | about 4 years ago | (#31651194)

If red cars are an indication of the problem, it's more widespread than engineers used to believe. On a more serious note: Fault tolerant design is the answer. Have three systems calculate the result (ideally using three different algorithms) and let them vote on the correct result. Don't assume that a set state persists, recalculate frequently and set the state even if it should be already set. Feed the control and the sensor data into a watchdog circuit (in triplicate...) to detect mismatches. Etc.

Re:Why they tell you to turn off your phone... (3, Interesting)

pitchpipe (708843) | about 4 years ago | (#31650922)

there should be some checksum that shouldn't add up. When a fault is detected, it should go to a backup program about safely shutting down the car.

Or how about a computer redundancy system where a group of computers that are all capable of controlling the car watch the behavior of the computer that is actually controlling the car. Through a voting system they could decide to hand the control of the car over to a another computer in the event that the controlling computer doesn't act in a way that was deemed safe. This way the car could continue to operate normally while signaling that there is a problem that needs to be addressed.

Re:Why they tell you to turn off your phone... (5, Informative)

SeekerDarksteel (896422) | about 4 years ago | (#31651376)

This is one of the most common methods of error tolerance, actually, N-modular redundancy [wikipedia.org] (typically either dual-modular or triple-modular). It's used in airliners and space shuttles, as well as a number of other critical applications. IBM actually sells servers (the system z series) which automatically runs two copies of everything and compares instruction results, so that failing processors can be detected and avoided.

The proposal by the GP poster is actually much more difficult that it would seem at first glance. About the only place "checksum" style error detection is used is in memories/registers. The reason is that if I do a floating point addition, for example, the only way I know whether the addition gave me the right answer is to do the addition again and check.

Re:Why they tell you to turn off your phone... (0)

Anonymous Coward | about 4 years ago | (#31650942)

Interference from radiation doesn't just come from outer space, it comes from cell phones, TV/radio stations, microwaves.... you see where this is going. I once worked in an office where there was a cell phone relay antenna too close to a PC, and we were constantly reinstalling the OS until I told them to move things around in the area.

Thing is, when Windows gets a corrupted OS... it BSODs and we move on. Single-bit errors shouldn't send the car out of control... there should be some checksum that shouldn't add up. When a fault is detected, it should go to a backup program about safely shutting down the car.

Was about to say the same as well (crc checksum) nice one :) !!!

Re:Why they tell you to turn off your phone... (0)

BitterOak (537666) | about 4 years ago | (#31650996)

Thing is, when Windows gets a corrupted OS... it BSODs and we move on. Single-bit errors shouldn't send the car out of control... there should be some checksum that shouldn't add up. When a fault is detected, it should go to a backup program about safely shutting down the car.

Not good enough. The part of the program that does the checksum could be corrupted. The only acceptable solution should be some sort of hardware interlock that the driver can control. For instance, if there is a pushbutton gear shifter in which you press a button to tell a computer that you wish to shift into neutral, there should also be a safety lever that you can pull that physically disconnects the drive train from the engine with no electronic or electrical parts. The problem is some cars are all electronic. Shifting into neutral, applying brakes, even turning off the engine are all basically like pushing keys on a computer keyboard. Well, when a computer bluescreens, you can push all the keys you want, sometimes even ctrl-alt-delete and nothing happens. That is not acceptable in a car. There needs to be one mechanical failsafe control in the hands of the driver that no sunspots or police EMP guns can disable.

Re:Why they tell you to turn off your phone... (0)

Anonymous Coward | about 4 years ago | (#31651118)

I can remember fitting Engineering Changes to IBM 8130 CPUs to add Error Check Correction that countered the effect of cosmic rays "re-writing" static RAM.
It's a known problem.

What if the cosmic rays... (3, Funny)

neiras (723124) | about 4 years ago | (#31651144)

Single-bit errors shouldn't send the car out of control... there should be some checksum that shouldn't add up.

What if the cosmic rays corrupted the checksum routine?

The mind boggles!

Re:Why they tell you to turn off your phone... (1)

NotQuiteReal (608241) | about 4 years ago | (#31651220)

Single-bit errors shouldn't send the car out of control... there should be some checksum that shouldn't add up. When a fault is detected, it should go to a backup program about safely shutting down the car.

See, here's the problem with random errors that happen in the hardware from an outside source; It might happen after you did you sanity check...

Re:Why they tell you to turn off your phone... (5, Insightful)

Jane Q. Public (1010737) | about 4 years ago | (#31651232)

In order for it to interfere with a digital circuit, it first has to be radiation of the "ionizing" category, and then it has to get through whatever shielding the electronics are in. (I presume they are in some kind of can; no shielding at all would be plain stupid.)

Cell phone radiation hardly qualifies. Nor, for that matter, do most terrestrial sources of radiation.

"Cosmic rays", unlike most terrestrial-source radiation, are capable of penetrating shielding and disrupting electronics.

However... striking just the right bit(s) to cause acceleration, in a large collection of cars, is so incredibly unlikely as to be in the "I don't f*ing think so" category.

Re:Why they tell you to turn off your phone... (1)

Bigjeff5 (1143585) | about 4 years ago | (#31651288)

However, RF interference is well known and understood, and easy to protect against.

Cosmic radiation is relatively new in regards to how well we understand the substantial impact it may actually have on modern technology. There are also fluctuations over time in the earth's magnetic field and how well it protects us from solar and cosmic radiation. With these two factors combined, we are seeing more and more warnings from scientists that solar and cosmic radiation have the potential to do massive damage to our electronic infrastructure. We've built up a lot of technology in a period of low-interference, and we're potentially headed into a period of high interference. That is certainly going to cause a lot of oddball, if not downright devastating, effects.

As to whether or not cosmic radiation is the cause of Toyota's problems, well, it still sounds like a regular old fuckup to me, not so much a "Oops, didn't think about cosmic radiation!" but a "Oops, didn't think about a kill switch!".

No matter what the cause, I think this is a good indication that we need a real, physical kill switch that will absolutely halt the system if things go awry in these drive-by-wire systems. No software to depend on, because you're breaking a physical connection to do it. It should be easy and noticeable, but not something you're likely to grab by accident.

Re:Why they tell you to turn off your phone... (1, Interesting)

Anonymous Coward | about 4 years ago | (#31651326)

I think its highly likely that Toyota would have included checksums for their data. They put their cars through a lot of testing and I'm sure all the mobile phone, bluetooth, and other RF interference would have been tested in their labs. They know their cars last 20+ years so I'm sure they would have tested their electronics to so it can handle degraded and faulty wires and interference.

Yeah sure, some cosmic particle could flip a bit in your data, but with a checksum you'd throw away that corrupted packet and keep going.

Given that the electronics is responsible for everything in the car (including the timing of every spark in the cylinders) you think other things like an engine misfiring would be the most likely thing to have happen. These cars have data flowing through them all the time.

It sounds more and more like a software bug the more I read. Sure something could have mucked up the software - but you'd get random outcomes of that.

If the common outcome is sudden unintended acceleration - then it sounds like the bug is in the same section of code - sounds like a software bug - not some random "act of god" liability reducing cosmic particle that's figured out how to change the same bit on multiple cars spread across the globe.

Maybe they should have gone for the more internet friendly headline "aliens attack toyota model cars with accelerating retractor beams" - it'd sound just a plausible as their cosmic ray problem

Re:Why they tell you to turn off your phone... (1)

Hurricane78 (562437) | about 4 years ago | (#31651336)

Thing is, when Windows gets a corrupted OS... it BSODs and we move on.

How do you move on from a BSOD in your car?? No, you won’t be dragged away in a bag. You will be dragged away in several bags!

There is only one way to make bit-flips completely go away:
Design every processing component with triple simultaneous execution, so a bit-flip can be detected properly. Also do mirroring on all data storages, and use checksums on them and on all data streams. Then do constant scrubbing (like in ZFS) on all storage systems.

If you leave out even one of those things, the whole effort becomes pointless for writable or constantly processed data.

Re:Why they tell you to turn off your phone... (1)

victorhooi (830021) | about 4 years ago | (#31651420)

heya,

The issue here is, what exactly is "safely shutting down the car". I can think of many cases where shutting down the car would *not* be a good idea. So I suppose the issue is, how much of the systems are critical and not, and is there some kind of mostly-manual fallback you can switch to, so the driver can at least control the vehicle?

Cheers, Victor

Is there realy a problem? (5, Insightful)

LostCluster (625375) | about 4 years ago | (#31650786)

Since the biggest Toyota runaway story has turned out to be a problem exists between seat and pedals [aol.com] situation... is this all hype with no science behind it?

Re:Is there realy a problem? (1, Troll)

forkazoo (138186) | about 4 years ago | (#31650856)

Since the biggest Toyota runaway story has turned out to be a problem exists between seat and pedals situation... is this all hype with no science behind it?

Yeah, pretty much. Besides, error correcting systems are relatively well-uderstood technology. ECC hasn't been the best available option for RAM for ages, and even the imperfect gains of ECC will work around occasional single-bit corruptions in memory. Flash can be used with extensive checksums. Executables can have hashes like MD5 and SHA checked before being allowed to execute, etc. People just don't bother with that sort of stuff because the error rate usually isn't high enough to justify being truly OCD about it. Spending X million dollars of R+D effort, or adding X hundred dollars of per-unit cost, you can probably improve safety in better ways that obsessing over cosmic rays and whatnot.

Re:Is there realy a problem? (2, Insightful)

Anonymous Coward | about 4 years ago | (#31651240)

>Executables can have hashes like MD5 and SHA checked before being allowed to execute, etc.

That's a ONE TIME check when you load the program. Sure it can check if the data in the FLASH has start to corrupt or someone has tempered the firmware. However, It doesn't check the memory once the coding is running which is 99+% of the time the code is doing. Cosmic ray can be hitting your car ANYTIME and not just when it is parked.

ECC checks the memory bits during access and you can have periodic scrubbing to check for any changes. It has a higher chance of finding issues that are transient nature.

Re:Is there realy a problem? (2, Interesting)

MadShark (50912) | about 4 years ago | (#31651282)

The problem is that many microcontrollers used in automotive systems don't have support for ECC or any other hardware based error checking mechanism. A lot of these systems only use the memory on the microcontroller chip. If there is external RAM on the unit, ECC memory isn't always used since it is more expensive. Flash is typically checksumed/CRCed/MD5 checked, but you don't typically see flash cells get flipped in the field. I've seen one unit get flash corrupted(out of many millions of possible units) in the last 11 years.

It will be interesting to see if they get to the root cause of the problem. If it is an electromagnetic interference problem, it will be very difficult.

Re:Is there realy a problem? (0, Flamebait)

belmolis (702863) | about 4 years ago | (#31650936)

Indeed. There have been scares of this type before and virtually all cases have turned out to involve driver error or fraud. Confirmed cases of runaway acceleration are virtually non-existent. Before speculating on possible causes, we should find out if there is a real problem.

Re:Is there realy a problem? (1, Insightful)

blackraven14250 (902843) | about 4 years ago | (#31651020)

You may wish to consider that there were stories of leaked documents from Toyota that implied a cover up about the problems. I heard it on CNN about a week or two ago, and don't have a link, so take it with your grain of salt, but consider that Toyota does have a vested interest in proving every case to be driver error or fraud.

Re:Is there realy a problem? (1, Informative)

Anonymous Coward | about 4 years ago | (#31651078)

And the trial lawyers involved in the class action lawsuits being filed against Toyota have a vested interest in showing otherwise.

Re:Is there realy a problem? (2, Interesting)

ShakaUVM (157947) | about 4 years ago | (#31651256)

>>Confirmed cases of runaway acceleration are virtually non-existent.

And how do you confirm it? Ask the person?

My '84 Cutlass Supreme went out of control accelerating when I was driving on the campus loop (back in '97 or so), but how could you confirm this? It did happen, but how can you verify it? (I've posted the story on Slashdot before, if you really dig back into my history, long before the runaway Toyota thing entered our national consciousness.)

And to the snarky people posting on this - it's terrifying as fuck for your car to accelerate arbitrarily fast (especially when you run a stop and have to dodge pedestrians), and no, the brakes didn't work. Long story short, I had to kill the gas and use non-power assist brakes to come to a stop, fortunately without killing anyone.

Problem IS from outer space... (2, Funny)

AliasMarlowe (1042386) | about 4 years ago | (#31651050)

Since the biggest Toyota runaway story has turned out to be a problem exists between seat and pedals situation..

Ignorant alien between seat and pedals. Toyotas were designed for humans to drive. 'nuff said.

Re:Is there realy a problem? (2, Informative)

Jah-Wren Ryel (80510) | about 4 years ago | (#31651340)

Since the biggest Toyota runaway story has turned out to be a problem exists between seat and pedals situation...

The article you linked to does not even begin to support that conclusion. Basically its a bunch of innuendo, like he [i]might[/i] have been late on payments on the car (since proven false) or that he should have shifted it to neutral (not an intuitive action for someone who has never driven a manual transmission - and certainly a last resort that does not negate the existence of a problem to begin with). Even information released after that article was published has been far from damning - basically toyota has said "we couldn't reproduce the problem" - as if "works for me" means there are no software bugs.

The undisputed facts are that the brakes were severely worn (although Toyota claims that the wear is not consistent with emergency braking - huh?) and that the car's black-box showed that the guy hit the brakes over 200 times during the time of the incident and that a cop witnessed the guy practically standing on the brakes.

Unless there is more that's come out recently, all facts released so far point to a failure with the car, not the nut behind the wheel.

Re:Is there realy a problem? (0, Flamebait)

FrankieBaby1986 (1035596) | about 4 years ago | (#31651398)

Just listened to the 911 call. The guy was only going 80 mph and couldn't even manage to answer the 911 operator verbally, but he was able to dial them? WTF? Was he on drugs or retarded or something? I could see freaking out if my car was doing 110 or something, but 80? I mean please, just put ur blinkers on, keep tapping the horn, and make it clear to the other vehicles that you have a problem. They will get out of your way, and 80mph on the highway shouldn't be difficult to drive.

Finally, what the hell is with people not knowing how to operate a multi-ton machine but doing it anyway? What kinda moron drives a car without knowing how to disengage or shut off the engine?

The man should lose his license for being incompetent!

How about safe languages? (3, Funny)

Anonymous Coward | about 4 years ago | (#31650790)

I bet they still use C for these kinds of things, how about something safer, such as Eiffel?

Re:How about safe languages? (0)

Anonymous Coward | about 4 years ago | (#31650864)

They use some kind of visual language that generates code automatically. Hence the reason they need "million lines" of code for simple systems. Had they used C and hired real developers they wouldn't have this problem.

Re:How about safe languages? (2, Insightful)

istartedi (132515) | about 4 years ago | (#31650884)

If a cosmic ray flips a bit in the (insert safe language here) array boundary checker, then what?

No. (4, Insightful)

stonecypher (118140) | about 4 years ago | (#31650804)

There's a reason that our entire modern world doesn't come crashing to a halt around us every 30 seconds. If every CPU was vulnerable to bit flips from random radiation, every part of your house would be on fire and arcing electricity. Times Square would look like the bridge of the 60s enterprise under attack.

This is just some douchebag professor trying to ride the tragedies to fame. There's a reason it's always hitting the same system in the car. It's because the system is defective. There's a reason the professor has nothing but speculation to back himself up.

This is the worst kind of charlatanry from someone who should know better. I hope his hosting school takes this very, very seriously.

Re:No. (4, Insightful)

TheGeniusIsOut (1282110) | about 4 years ago | (#31650900)

I can't even begin to calculate the probability of a single bit flip due to impact from a cosmic ray causing unintended acceleration in multiple vehicles. Possible? Certainly, nearly anything is. Plausible? Maybe in a very broad sense of the world. Likely? Not very.

Re:No. (1)

DingerX (847589) | about 4 years ago | (#31651310)

It doesn't have to be likely. It just has to be a probable at approximately the same level as the incidence rate, and more probable than any competing explanation.

Of course, more probable than a bit flip due to cosmic rays is a bit flip due to marginally bad RAM.

I would think that Toyota's design process includes some sort of Byzantine fault tolerance. And I would think the automobile industry would have regulation regarding how safety-critical firmware is written. But then I think how the pressure from management is to developed software in the least expensive manner possible.

I'd also like to see some sort of study of the incidence of reported runaway acceleration per vehicle mile by brand of vehicle (excluding the data from the last few months). There are tons of theories we can all throw around, but I haven't seen any evidence of the scope of the problem.

Re:No. (1)

WrongSizeGlass (838941) | about 4 years ago | (#31650940)

Parent is not Flamebait. Disgusted? You bet. Angry that this type of crazy has made its way to the pages of /.? Indeed.

I'm standing in line with SC on this one. This story needs to be tagged "unicorns, ponies and space rays".

Re:No. (0)

Anonymous Coward | about 4 years ago | (#31651012)

Grandparent is also a raving lunatic stoner with serious people issues. Heh, I just realized that SC, that dude who single-handedly pissed hundreds of people off in several IRC channels until other operators finally kicked him out, also lurks around /..

Though I must admit that the professor is certainly full of BS.

Re:No. (1)

WrongSizeGlass (838941) | about 4 years ago | (#31651070)

Grandparent is also a raving lunatic stoner with serious people issues. Heh, I just realized that SC, that dude who single-handedly pissed hundreds of people off in several IRC channels until other operators finally kicked him out, also lurks around /..

Even a stopped clock is right twice a day ... unlike the professor.

Re:No. (1, Interesting)

Anonymous Coward | about 4 years ago | (#31651286)

There's a reason it's always hitting the same system in the car.

It may be that the system or packaging in which the processor or memory is embedded emits alpha particles at an unusually high rate. It wouldn't be the first instance of that happening.

Occam Razor (0)

Anonymous Coward | about 4 years ago | (#31650812)

The most plausible explanation is radiation, not bugs in the device... Does this really come from a scientist?

Sun UltraSPARC-II's anyone? (4, Insightful)

nbvb (32836) | about 4 years ago | (#31650822)

Sounds a whole lot like the e-cache parity errors in the Sun UltraSPARC-II processors.

If you were never affected by that, consider yourself a lucky person.

particle-caused bitflips are very much real.

Re:Sun UltraSPARC-II's anyone? (2, Informative)

Anonymous Coward | about 4 years ago | (#31650932)

I work with someone who used to do tech support for Sun - those flips were due to a manufacturing error - tech support were just told to tells customers it was due to 'Sun Spots'.....

Re:Sun UltraSPARC-II's anyone? (2, Interesting)

Anonymous Coward | about 4 years ago | (#31651052)

Actually, it was due to a design error, as the cache wasn't ECC protected and occasional bit-flips weren't detected.
http://www.sparcproductdirectory.com/artic-2001-dec-1.html

Re:Sun UltraSPARC-II's anyone? (2, Insightful)

dr2chase (653338) | about 4 years ago | (#31651104)

Right, but then more of them would appear at higher altitudes.

Re:Sun UltraSPARC-II's anyone? (1)

Bigjeff5 (1143585) | about 4 years ago | (#31651400)

Not necessarily, clouds absorb cosmic radiation - or more accurately water vapor absorbs cosmic radiation and forms clouds, so anywhere with a lot of cloud cover is going to have a lot of cosmic-ray cover too. Higher altitudes generally occur in hilly or mountainous regions (duh, that's what makes them high), and they also tend to have a lot more cloud cover because wind and moisture get blocked by the mountains.

You'd probably be most likely to see lots of cosmic rays in dry, flat areas that usually have light to no cloud cover. Periodic massive clouds won't have much affect if the area is clear on average, so your biggest suspect for cosmic-rays are areas like the mid-west.

Prove It, Implement Fix, Pay Out Families (4, Insightful)

eldavojohn (898314) | about 4 years ago | (#31650830)

If this is true, recreate the phenomenon in a lab. Test your hypothesis by exposing the circuitry in question to similar radiation in a lab. While you can't test thousands of sets of circuitry, being able to recreate it by increasing the amount of radiation and testing or automating the testing and dosage cycle and letting it run until the malfunction is noted or another failure occurs.

It's not out of the question, IBM noted in the 90s [scientificamerican.com]:

Extensive background radiation studies by IBM in the 1990s suggest that computers typically experience about one cosmic-ray-induced error per 256 megabytes of RAM per month. If so, a superstorm, with its unprecedented radiation fluxes, could cause widespread computer failures.

You have to fix this though. As a large manufacturer you have to accept this risk just like your competitors do. Airlines accept this risk and triple check their data because people's lives are at risk. As a car manufacturer, you are in the exact same position.

I hope the fix they already rolled out as a recall includes triple checking data or -- if the article is correct -- we won't see a drop in these horrible accidents. I hope for drivers and public safety that it does. It's led to death and possibly wrongful incarceration [go.com]. Restitution is in order. Take testing motor vehicles seriously.

Possibly wrongful incarceration? (0)

Anonymous Coward | about 4 years ago | (#31650952)

The 1996 Camry had a mechanical throttle and ignition switch.

Even if his throttle got stuck open, which btw isn't as rare as you'd think, he had the old-style ignition switch to turn off his engine.

Re:Prove It, Implement Fix, Pay Out Families (1)

TapeCutter (624760) | about 4 years ago | (#31651146)

The UNKNOWN software/electronic fault theory has fallen over at the "prove it" stage, the cars that suffred sudden acceleration have been examined and the electronics found to be working. OTOH Toyota has recalled 3.8 million cars [google.com.au] to replace the floor pan so that the KNOWN problem of floor mats intefering with the pedal can be fixed.

Finally, a wayward floor mat doesn't make a good news story unless you're writing it up for the Darwin awards.

Re:Prove It, Implement Fix, Pay Out Families (1)

Cochonou (576531) | about 4 years ago | (#31651206)

Working in the space industry, we perform routinely those kind of integrated circuit tests with heavy ions (i.e, cosmic rays species). At sea level, you're more concerned with atmospheric neutrons coming from the decay of cosmic rays in the upper atmosphere, though.
So, the bottom line is that :
- the test facilities (heavy ion and neutron sources) to perform those tests are available
- the single even effect theory and event rate predictions methods are well known (even if they are not perfect)
Which means that it should be quite straightforward to prove or disprove this theory, in the toyota case.

In other words... (0)

Anonymous Coward | about 4 years ago | (#31650832)

It's actually not our fault! Please drop the class-action lawsuit and in the future we will trot forth more gnomes and fairies to blame our problems on! Seriously, it's called testing - not a pass the blame game.

Space Rays, My Ass (4, Funny)

WrongSizeGlass (838941) | about 4 years ago | (#31650852)

Whether you subscribe to Occam's razor, or just plain old common sense, rays from outer space are not Toyota's problem (though they may be the author's problem).

This type of thing is just plain bat shit crazy. There is a problem somewhere in Toyota's system somewhere. Either a software bug or bad chips or something real and tangible ... but rays from outer space? Please.

If someone here on /. had posted that in the last Toyota story they would have gotten a +5 Funny.

Re:Space Rays, My Ass (0)

Anonymous Coward | about 4 years ago | (#31651074)

People have posted this in other stories about this topic. It is not as far fetched as you think. There's a statistical analysis of RAM errors in Google's server farm: DRAM Errors in the Wild: A Large-Scale Field Study. [toronto.edu] A large percentage of these errors are hard errros, i.e. defective electronics. The remaining random errors have other causes. The Google paper references other studies which examined the influence of cosmic radiation at ground level.

If you build safety critical systems, you have to build in redundancy, even if the software is provably correct. Hardware is never perfect.

Re:Space Rays, My Ass (1)

budgenator (254554) | about 4 years ago | (#31651332)

If there is a hard to define race condition locking up systems on the cars due to a software bug, it may be triggered by a bit getting flipped that is assumed to be an impossible event, this could be caused by a hardware glitch, a voltage spike, a cosmic ray strike or any combination.

Checksums? (1)

game kid (805301) | about 4 years ago | (#31650854)

'These circuit families store not just data, but their basic function electrically,' says Lloyd W. Massengill, director of engineering at the Vanderbilt Institute for Space and Defense Electronics at Vanderbilt University. 'In the unfortunate event of a particle flipping just the right bit, a circuit configured to carry out a benign action may be reprogrammed to carry out some unintended action.'

Shouldn't there then be a well-insulated ROM copy in the car that can replace corrupt values with reasonable defaults from time to time, or a "Check Chips at Mechanic" light that, well, tells the driver to send the car with its chips to the mechanic?

--and bloody Hell, change that family name [google.com] before your discoveries end up on Slashdot!

Re:Checksums? (1)

WrongSizeGlass (838941) | about 4 years ago | (#31651086)

"Check Chips at Mechanic" light that, well, tells the driver to send the car with its chips to the mechanic?

I think there is a "Check Chips at Mechanic" light ... but it's only activated when the car is racing forward uncontrollably. Hey, who knows, maybe the car is just trying to get to a mechanic on its own? It's as likely as this "rays from outer space" theory.

Why is everyone picking on Toyota? (1)

danielsanII (925610) | about 4 years ago | (#31650902)

Airplanes use X-by-wire for a much longer time than cars. What's this anti-Toyota FUD all about?

Not really... (0)

Anonymous Coward | about 4 years ago | (#31651024)

Actually, no, in case you missed the news [slashdot.org]! The only airplane manufacturer to use a "fly-by-wire" system is Airbus. Check the link because there was a huge uproar about that "by-wire" system when the Air France flight crashed because of a control/fly-by-wire system borked.

Not really WAS (Re:Not really...) (1)

Brett Buck (811747) | about 4 years ago | (#31651138)

The only airplane manufacturer to use a "fly-by-wire" system is Airbus. Check the link because there was a huge uproar about that "by-wire" system when the Air France flight crashed because of a control/fly-by-wire system borked.

      Almost ALL airplane manufacturers use fly-by-wire for at least something. You are only considering commercial airliners that are entirely fly-by-sire. Military aircraft have have fly-by-wire for decades before Airbus came along. Airbus is better-known as their implementation of fly-by-wire is particularly poor.

          The single-event-upset is a well-known issue even in older-technology processors - EDAC and other strategies to combat it (like, 3-bit flags with voting) have been known solutions, also for decades.

            Brett

Re:Why is everyone picking on Toyota? (1)

Mashiki (184564) | about 4 years ago | (#31651318)

Wiring on fly-by-wire on planes are double or triple weave shielded. They aren't on Toyota's, they're just plastic coated wires.

Re:Why is everyone picking on Toyota? (1)

budgenator (254554) | about 4 years ago | (#31651418)

Are you talking about Airbus style fly-by-wire or Boeing style Fly-by-wire? In the Airbus the pilot flies the computer and the computer flies the plane, computers crash and so does the Airbus; In the Boeing style the pilot flies the plane the computer helps but the pilot is boss.

Single event upset (0)

Anonymous Coward | about 4 years ago | (#31650912)

The Avionics industry has been designing around neutron single event upset for decades now. Check out http://en.wikipedia.org/wiki/Single_event_upset [wikipedia.org] (and the links) for details. There are also several reference to "neutron single event upset" when you do a web search.

War of the Worlds (0)

Anonymous Coward | about 4 years ago | (#31650928)

Aliens saw cars consuming humans and made the sensible deduction that cars were the master race and at the top of the food chain. The radiation is an attempt to destroy the master race and save the pink apes from extinction. Next up is to stop the flying creatures that eat the apes through long feeding tubes. They seem to mostly gather in major cities in breeding areas with long black paths that help them take off and land.

Excuse me? (1)

drolli (522659) | about 4 years ago | (#31650968)

This would be a shame. It is very well known that the size of the chips influences their susceptibility to charged particles. I am sure the people estimating the reliability have numbers about that. And there is no reason to use hi density electronics for this purpose, besides saving 10cents.

Hardened cars? (1)

dasdrewid (653176) | about 4 years ago | (#31650974)

So, if they start building shielded circuitry in cars, does that mean that those annoying EM pulse traps the police have been trying to deploy to shut down cars will no longer work? You know, the little things they throw out in the roadway with a couple wires sticking up that zap the underside of the car and shut it down...

So ? (0)

Anonymous Coward | about 4 years ago | (#31650992)

Yes the universal instruction in action "JFM" Jump and F*** Memory.

So what ?, embedded programmers have been dealing with this for years.

The minimum fix would be a hardware watchdog circuit.
Add to that defensive software - pack all unused memory with noops followed by jumps to a restart routine , if necessary make space in the code for those.

It's not - oh yeah sorry it *IS* rocket science folks - if Toyota were actually stupid enough to trust the processors to behave properly all the time then they are probably negligent. It wouldn't be a surprise - they've probably drunk the cool-aid and migrated to high level languages and believed the hardware manufacturers - but the problem and the solutions have been available for a loooong time.

Cop-out (1)

Celeste R (1002377) | about 4 years ago | (#31651016)

This sounds more like a cop-out for Toyota's design practices than anything. If it's not reliable enough for the road, then don't sell it! (safety laws and all).

What's so wrong with simple and effective that good design philosophy gets thrown out in favor of industry buzzwords?

Re:Cop-out (1)

Onyma (1018104) | about 4 years ago | (#31651272)

I personally don't believe the engine control system in the Prius failed any safety tests that would have deemed it unsafe to sell when it was certified. I do think that the rising rate of cases (even after you factor out the money-grabbing scammers) signifies an age degradation issue of some component in the system. This is not an uncommon happening in engineering as it is truly impossible to perfectly rapid-age parts during testing the same way they will in real world scenarios.

Stupid. (0)

Anonymous Coward | about 4 years ago | (#31651040)

This is stupid as hell. If cosmic rays cause this, it would be a problem with other car makes.

If it is due to such errors, why not others? (0)

Anonymous Coward | about 4 years ago | (#31651124)

There should be all sorts of other flakiness if these types of errors are significant. Why would they lead to uncontrolled acceleration rather than, say, uncontrolled braking? The most error-prone piece of equipment in these machines is the human behind the wheel [wikipedia.org]. They can do strange things like push the accelerator to the floor while thinking they are pushing the brake.

The part I don't get with all these cases is why the drivers don't put the transmission in neutral or pull the key out of the ignition. Although I can understand it for events that are brief, how do people drive along the highway at high speed for several minutes without thinking of that option?

Voting logic needed (1)

DigiShaman (671371) | about 4 years ago | (#31651128)

Why not just have three ECUs instead of just one? Just link them up and apply some voting logic. Two of the three will provide the right answer. If all three disagree, a fail-safe goes into action and all three ECUs process data on the next round of sensory input.

Coincidentally... (1)

AndrewBC (1675992) | about 4 years ago | (#31651136)

This is the excuse I used on my Computer Science professor for why I didn't have my assignment. It didn't work.

No. (0, Troll)

Cornwallis (1188489) | about 4 years ago | (#31651164)

Car safety problems come from the jerk behind the wheel...

Who is programming his iPod, eating is lunch, fiddling with his Bluetooth earpiece while dialing his cellphone and booting his laptop to get the latest updates into his GPS... and so on.

In other words he is doing everything but "driving" which is ALL he should be doing.

Instead, the marketers have sold the public on the car-as-comfortable-living-room as a vehicle that should be as anti-brainworthy as possible.

Get rid of all the complicated systems. Reduce the machine to its simplest functions. Oh, and it probably wouldn't hurt to plug in some personal responsibility while unplugging all the extraneous crap.

The safest car I ever owned was my old MG. Why? Because I could feel the road and I knew that everyone was trying to kill me so I kept my guard up while driving it!

I was proofed right (0, Troll)

hardburlyboogerman (161244) | about 4 years ago | (#31651168)

I had told many friends and family that adding computers to cars would eventually cause unexpected problems.Looks like I was right.
That's why I rebuild older cars and drive them instead of the newer ones.
No computers to go apeshit,Simpler to design & repair.AND NO ABILITY OF THE CORRUPT POLICE TO REMOTELY SHUT DOWN YOUR RIDE!!!
Insurance is much cheaper,too.

Re:I was proofed right (0)

Anonymous Coward | about 4 years ago | (#31651266)

Actually, you'd be surprised at what a decent anti-materiel rifle can do to your slant six, to say nothing of a GPMG if collateral damage is deemed unimportant in the circumstances.

Signed, your local corrupt police sniper.

Re:I was proofed right (1)

Pentium100 (1240090) | about 4 years ago | (#31651346)

I agree.

I trust mechanical systems more than I do some software. Yes, the mechanics also fail, but they can be inspected better ("It looks like this this linkage is rusty/cracked. I should replace it just in case") and people seem to be able to design mechanics better than software (a TV or a tape recorder does not need constant patches to fix various bugs like Firefox or other software do, it works right the first time). Mechanical systems are not affected by small intensity cosmic rays like microchips are.

4 dead aliens in the trunk (1)

voodoo cheesecake (1071228) | about 4 years ago | (#31651188)

...... allow you to time travel (http://en.wikipedia.org/wiki/Repo_Man_%281984_film%29)! But the most sophisticated electronics in the Chevy Malibu were in its radio. Anyway, to stay on topic - Scientists need not to just point to cosmic radiation, they need to test this. What about pointing to the manufacturing process also!

Likely? (1, Insightful)

Anonymous Coward | about 4 years ago | (#31651210)

The likelihood of a bit being flipped is already ludicrously small. The likelihood of a random bit-flipping causing anything but a nonfunctional car is also extraordinarily low; It is exceedingly unlikely that an event like this will flip just the right bit to cause a car to careen out of control. It seems that Toyota would have noticed an unusually high failure rate in general.

How about tinfoil hats for the engine compartment? (1)

marciot (598356) | about 4 years ago | (#31651274)

Oh, right. Hoods and bonnets. They already have those.

They should start making them out of lead, maybe?

Do car safety problems come from outer space? (0)

Anonymous Coward | about 4 years ago | (#31651308)

No.
 
Next question.

If I were a janitor I'd work at Toyota... (0)

Anonymous Coward | about 4 years ago | (#31651388)

cuz their shit don't stink!

OR.... (0)

Anonymous Coward | about 4 years ago | (#31651390)

or, the more reasonable explanation... Toyota just royally f'ed up!

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...