Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Stack Overflow Could Explain Toyota Vehicles' Unintended Acceleration

timothy posted about 7 months ago | from the go-ahead-ask-your-car-a-question dept.

Bug 664

New submitter robertchin writes "Michael Barr recently testified in the Bookout v. Toyota Motor Corp lawsuit that the likely cause of unintentional acceleration in the Toyota Camry may have been caused by a stack overflow. Due to recursion overwriting critical data past the end of the stack and into the real time operating system memory area, the throttle was left in an open state and the process that controlled the throttle was terminated. How can users protect themselves from sometimes life endangering software bugs?"

cancel ×

664 comments

Sorry! There are no comments related to the filter you selected.

Wow (5, Funny)

rsilvergun (571051) | about 7 months ago | (#46307735)

Is there anything Stackoverflow [stackoverflow.com] can't do?

Re:Wow (4, Interesting)

snookerdoodle (123851) | about 7 months ago | (#46307745)

I have to admit, that was my first thought as well. :)

Re:Wow (0, Insightful)

Anonymous Coward | about 7 months ago | (#46307829)

Is there anything Stackoverflow can't do?

Fix beta?

Re:Wow (2)

wisnoskij (1206448) | about 7 months ago | (#46308289)

I am not so sure, have you tried it yet?

"Stack Overflow" not good for discussion site. (1, Insightful)

Futurepower(R) (558542) | about 7 months ago | (#46308117)

Technically knowledgeable people often give very poor names to their efforts.

Re:Wow (1)

fred911 (83970) | about 7 months ago | (#46308141)

"Is there anything Stackoverflow can't do?"

Divide by zero?

Live in a cave (-1)

Anonymous Coward | about 7 months ago | (#46307739)

EOMsdfsdfsdf

Re:Live in a cave (-1, Flamebait)

lgw (121541) | about 7 months ago | (#46308159)

More like: stop confusing the break and gas pedals.

It seems like every 5 years or so we have a wave of "unintended acceleration" incidents that tarnish some manufacturer. A few years later when it's all gone through the courts, it's been "driver pedal misapplication" every time, a.k.a. "controlled flight into terrain". Sure, it's possible this is the first real acceleration bug, but I'm skeptical. When drivers claim "I was stepping on the brake really hard, but the car just launched forward", I'm incredibly skeptical (some of the Prius claims weren't this, though).

Will such a bug happen eventually? I think so - the more complexity there is, the more room for "oops". Self-driving cars could misbehave in all sorts of new and exciting ways. Likely still safer than a drunk driver, though.

Re:Live in a cave (0, Insightful)

Anonymous Coward | about 7 months ago | (#46308239)

You're one to talk, you can't tell break from brake. Idiot.

Re:Live in a cave (1)

Immerman (2627577) | about 7 months ago | (#46308235)

Or at least avoid any software-controlled devices capable of killing you. And hope you never need a CAT scan. Yeah, can't think of any examples of microwaved people, but you *know* that somewhere in the software there's an extremely rare corner case that will fail to shut off the x-ray source.

And we're going to trust self driving cars now? (-1)

Anonymous Coward | about 7 months ago | (#46307759)

Who pays when they kill someone?

Re: And we're going to trust self driving cars now (0)

Anonymous Coward | about 7 months ago | (#46307933)

What's your point? People are killed everyday by cars operated by people (others, or even themselves). I'll take my chances with the computer, thank you

Re: And we're going to trust self driving cars now (4, Insightful)

hermitdev (2792385) | about 7 months ago | (#46308133)

I've known a lot of high-quality developers over my 15 years of professionally developing software. The reason I don't want an automated car is because of these people. People make mistakes, intentionally or otherwise. There are unforeseen circumstances that the software may not understand. A foreseen circumstance: I've yet to see a demo of an automated car navigating anything resembling an icy surface (safely or otherwise), let alone in stop & go traffic in a city such as Chicago, where such things are quite common.

Yeah, but we know today who pays: the insurance company of the at-fault driver (provided they have the legally required insurance - I think collision is required in all US states). Failing that, the at-fault driver. Failing that, the dead at-fault driver's estate.

The question at hand is, in the case of an automated car, who is at fault (when the automated car is deemed to have caused the accident)? The manufacturer, because, it must have been a design/implementation flaw? The owner? The driver (because owner/driver aren't necessarily the same)? It becomes more difficult when you divest yourself from current paradigms of car transport. Oh, I sent my 6 year old daughter to school as a passenger, and along the way it ran over someone. There was no driver (the daughter was a passenger), but the car still killed someone. Am I at fault because I ordered the car to make the trip? Is the manufacturer at fault because the car didn't detect and prevent the collision that killed the other party? Is my 6 year old daughter at fault, because she was the only human occupant? This is the question that is being posed.

Re: And we're going to trust self driving cars now (4, Insightful)

JMZero (449047) | about 7 months ago | (#46308223)

People make mistakes, intentionally or otherwise

Yes, people do make mistakes. Often while driving. The test shouldn't be whether automated cars make mistakes, but rather whether they do better than an average driver. Can they deal with icy roads as well as an average driver? That bar's pretty low, even here in Edmonton.

Once they've reached that average competence and start being deployed, they'll also improve rapidly over time; computers have the potential to be much safer drivers than humans. They'd know where other cars are and where they're going, they'd be able to apply brakes to wheels independently with lightning reactions, and would not be subject to health conditions, intoxication, aging, or inexperience.

I'm not sure how far off we are, but it's definitely coming.

Re: And we're going to trust self driving cars now (3, Insightful)

ebno-10db (1459097) | about 7 months ago | (#46308269)

I've known a lot of high-quality developers over my 15 years of professionally developing software. The reason I don't want an automated car is because of these people. People make mistakes, intentionally or otherwise.

When it comes to true high-rel software, like that written to DO-178B Level A (an avionics software standard used for things like fly-by-wire) it's almost never the software per se that's at fault. The stuff is amazingly good. It's also amazingly expensive to write and test. You might also find it frustrating because it brings new meaning to the idea of conservative design. For example, I don't think it allows recursion. I know it doesn't allow dynamic allocation.

There are unforeseen circumstances that the software may not understand.

That's more the point. When things like fly-by-wire systems have problems, it's almost never the software itself, but something that was unforeseen by the system designers.

A foreseen circumstance: I've yet to see a demo of an automated car navigating anything resembling an icy surface (safely or otherwise), let alone in stop & go traffic in a city such as Chicago, where such things are quite common.

Agreed. This technology is interesting, but it's way over-hyped. It's impressive to be able to drive on a nice clear day, but a far cry from the real world, even in Silicon Valley, let alone Chicago.

Ever hear of the flying cars that in the 1960's they said we'd all have soon? I haven't seen any lately. I suspect driverless cars robust enough not to require human intervention when the going gets tough may be developed on the same schedule.

Never use any software. (0)

Anonymous Coward | about 7 months ago | (#46307761)

Problem solved.

Re:Never use any software. (4, Informative)

Anonymous Coward | about 7 months ago | (#46307947)

Not using recursion in constrained embedded systems is a good start. It's been best practice since I started working with them 15 years ago.

Did anyone else read that title and think... (5, Funny)

RevWaldo (1186281) | about 7 months ago | (#46307763)

..."We'll I'm sure somebody on there could!"

.

Oh come on! (0)

Lexible (1038928) | about 7 months ago | (#46307767)

How in the world can the StackExchange formun StackOverflow be responsible for such anomolous acceleration events? I mean praise reddit or IRC alternatives to stackoverflow.com all you want, but tone down the rhetoric willya? Sheesh.

Go Amish? (5, Insightful)

dbc (135354) | about 7 months ago | (#46307769)

"How can users protect themselves from sometimes life endangering software bugs?"

Amish buggies typically don't have software throttle failures. Run-away horses can be an issue.... and actually having to share the road with dipshit drivers who don't understand the number of slow moving vehicles (not just buggies) that there are out in farm country are a real danger.

Seriously, software has bugs. Mecanical throttle linkages can stick, too. Life has risks.

Re:Go Amish? (2)

rmdingler (1955220) | about 7 months ago | (#46307881)

Water's wet.

Skies are blue.

Software and cheaper accommodations have bugs.

Re:Go Amish? (4, Funny)

mjwalshe (1680392) | about 7 months ago | (#46307893)

typical stack overflow high rated answer - totally ignoring the question at hand

Re:Go Amish? (1)

LordLimecat (1103839) | about 7 months ago | (#46307971)

Sometimes the question is dumb and asking to do the wrong thing. There isnt a good answer to "how do I avoid software bugs" other than "avoid software", and not the answer that is wanted.

Re:Go Amish? (1)

Jeff Flanagan (2981883) | about 7 months ago | (#46308139)

While you can't do anything to avoid bugs, in the case of cars, there are things you can do to reduce the chance of being killed by a software bug.

A car where you have to hold down a button for 2 seconds to turn it off makes it easier for software to kill you than a car where you can simply turn the key counter-clockwise if the throttle sticks open.

Not handing your gear-shift over to electronics gives you the option to drop it into neutral if the computer is causing undesired acceleration.

Re:Go Amish? (4, Insightful)

Anonymous Coward | about 7 months ago | (#46307905)

Coming from the aerospace industry, you cannot have software that has bugs. And if there was the possibility of a software bug, you have to prove that you can mitigate the effect in hardware. So just to say "software has bugs...life has risks" isn't an acceptable answer (in my opinion). We have to remember this is not an apples to apples comparison. Just because traditional consumer software always has bugs in it (which are acceptable) doesn't mean they are acceptable in other industries. Considering that the failure puts someone's life at risk, I would think it should be considered unacceptable in automotive industry as well.

Re:Go Amish? (5, Interesting)

CodeArtisan (795142) | about 7 months ago | (#46308135)

Coming from the aerospace industry, you cannot have software that has bugs. And if there was the possibility of a software bug, you have to prove that you can mitigate the effect in hardware. So just to say "software has bugs...life has risks" isn't an acceptable answer (in my opinion). We have to remember this is not an apples to apples comparison. Just because traditional consumer software always has bugs in it (which are acceptable) doesn't mean they are acceptable in other industries. Considering that the failure puts someone's life at risk, I would think it should be considered unacceptable in automotive industry as well.

If you want your cars to be as expensive as a 747, then you can attain that goal. I used to work in the automotive industry designing embedded software for engine management systems. At that time, no automotive company would pay more than $100 for the Engine Control Unit. Probably 60% of the code was written to manage failures (both software and hardware), and there were other electronic fail safe mechanisms. But you can't mitigate every possible failure event without introducing costs that would have made the unit orders of magnitude more expensive.

Re:Go Amish? (4, Informative)

dcw3 (649211) | about 7 months ago | (#46308191)

The aerospace industry deploys bugs very frequently. Don't pretend like you don't. Yes, for some applications, we test the hell out of it, but bug free, hardly.

Re:Go Amish? (1)

digitalhermit (113459) | about 7 months ago | (#46308205)

Web developers have a different level of acceptability than in aerospace. I remember a code review for a tiny bit of code that did almost nothing but flash an LED on a failure condition. Three engineers, from three different areas had to approve the change. There was a code review board. There was paperwork and signoffs. Documentation had to include test results, cert results, someone's firstborn and a blood sacrifice to Moloch. The unfortunate engineer that submitted the code had to *defend* it in front of a room full of people whose chief entertainment was watching software guys squirm ("They ain't real engineers" "Here's a quarter kid. Go buy a real degree.").

Wimps.

In the last company where I worked, they changed web code on the fly. The developer edited code directly on the web server. An refresh from the client browser during the update could mean that the look of the page changed one moment to the next. Hell, there was one time when the whole webroot directory was renamed on the live server so the new site could be installed. Too bad for anyone browsing the old page...

Pshaw... You aerospace guys think you live on the edge? Change review? Bwahahaaha. Regression testing? You kid. Dev/Test/Stage/Prod migration? What are you, five?

Re:Go Amish? (5, Insightful)

arkhan_jg (618674) | about 7 months ago | (#46308219)

Even in the aerospace industry, there are software bugs. Very few, yes, because a lot more time and money is spent to track them down. There are mechanical failures too, despite the best engineering efforts. But anything we build has the potential to be flawed somewhere in the process. That's why we still put highly trained pilots in the things, for when something goes wrong - and even then, human error causes unintended faults, sometimes catastrophically.

If a car cost as much as a jet, and drivers went through as much training as a passenger pilot - and had to have a co-driver at all times - we'd be far safer on the roads.
After all, the vast majority of car crashes are driver error. And failure modes when you're at 30mph on wheels are a lot better on the whole than when at 30,000 feet. But if we built cars to the same standard, and held drivers to the same standard as aerospace engineering, only the rich could afford to.

There's a trade off between acceptable risk, and cost. Even though the designs get safer every year, maybe we allow too much risk in drivers and their cars. But absolute flaw free cars? Impossible.

Re:Go Amish? (1)

eulernet (1132389) | about 7 months ago | (#46308249)

Coming from the aerospace industry, you cannot have software that has bugs.

Why do you think that you are better than us ?
This is wishful thinking:
https://en.wikipedia.org/wiki/... [wikipedia.org]
7 major bugs in space exploration !

Instead of "you cannot have software that has bugs", you should have said "you have to accept that there are still hidden bugs".
Then, you try to mitigate them by running 3 different programs on 3 different processors, so that if the result differs on one of them, you can suppose that the 2 others are correct.

Just because traditional consumer software always has bugs in it (which are acceptable) doesn't mean they are acceptable in other industries.

And then ?
A bug is never acceptable.
Fixing bugs has a cost, and if your project is very expensive, spend a lot of time fixing bugs is cheaper than delivering quickly.
Writing bullet-proof software is possible, but expensive, and requires a lot of code-reviews (automated and human), and code that never changes !

Re:Go Amish? (1)

TapeCutter (624760) | about 7 months ago | (#46307961)

Until someone actually reproduces the bug I'd say the loose floor mat explanation is just as credible.

Re:Go Amish? (1)

bobbied (2522392) | about 7 months ago | (#46308029)

Until someone actually reproduces the bug I'd say the loose floor mat explanation is just as credible.

I'm actually going for "operator error" but hey...

Two cases come to mind. First, was short term unintended acceleration. Probable cause for that is hitting the wrong or both peddles.

Long term acceleration on the highway? Nobody thought to just turn off the ignition switch? Turns off the fuel pump, care stops running, eventually you come to full stop.

BOTH where operator error..

Re:Go Amish? (4, Insightful)

amorsen (7485) | about 7 months ago | (#46308181)

Killing the ignition also means killing power steering and power braking. There is a quite widespread belief that it can also engage the steering wheel lock, but AFAIK no one has been able to name a car where that happens so far. The next challenge is that in many modern cars the ignition switch is just a button which is handled in... software. You could throw the key out of the window and wait for the anti-theft device to kill the fuel supply, but that does not seem like something that most people would try.

In most cars you can put the gear box in neutral. The car will likely have a rev limiter (possibly in software, but it might still work). Worst case the engine breaks, but in almost all cases that would not be fatal to the people in the car.

However, in almost all cars, when not going down a steep hill, the brakes are actually more powerful than the acceleration. Just do not let off the brakes once you get the car slowed down and you think things are under control -- then the brakes overheat and you have a stuck accelerator combined with no brakes, and that has killed at least one driver already.

Got it Handled! (4, Funny)

FatdogHaiku (978357) | about 7 months ago | (#46307981)

I have just finished my patent application for the steering wheel mounted Ctrl, Alt, Delete button combination...
Problem solved!**

**Some users may experience complete lack of vehicle control while the system is rebooting.

Re:Got it Handled! (1)

Anonymous Coward | about 7 months ago | (#46308213)

"Hi! Looks like you're trying to reboot your car! Can I help?"

Mandatory publication? (4, Interesting)

Skinkie (815924) | about 7 months ago | (#46307783)

How would a mandatory publication of all code as open source [not suggesting liberal licensing here] work out here? Might converge at a collaborative initiative and will most likely be reviewed by all sort of people.

Re:Mandatory publication? (1)

Anonymous Coward | about 7 months ago | (#46308001)

That doesn't always help. The software is still dependent on complicated wiring, connectors, and sensors. My brother was seriously hurt when the throttle stuck on his Harley that has fly by wire throttle. He high sided after turning the ignition off. Unfortunately he's left handed so he used that hand and wasn't depressing the clutch at the time. A rock hit the small box on the handlebars containing the sensor which made it unable to tell that he rotated the throttle back down so he kept accelerating. If you do a search for "tbw harley" you'll see thousands of complaints about failures, but not a one I have ever seen concerned the software.

Re:Mandatory publication? (1, Insightful)

Demonantis (1340557) | about 7 months ago | (#46308173)

That is a software failure. It isn't failing safe at all. A watchdog timer, of sorts, should be occurring that would detect a failed sensor assembly.

How can drivers protect themselves.... (1)

mevets (322601) | about 7 months ago | (#46307801)

One way would be to insist that automakers do not nickel and dime design vehicles. The critical components related to vehicle safety should be designed for safety first, cost second.

These vehicles go for over $20 000, I should at least have the option to pay an extra $1000 to chuck the electronic crap.

Re:How can drivers protect themselves.... (1)

Anonymous Coward | about 7 months ago | (#46307901)

I should at least have the option to pay an extra $1000 to chuck the electronic crap.

Won't happen.
All of the new electronic stuff is required for emissions and fuel efficiency. Taking it out means the manufacturer has to submit that version for testing as well, which it won't pass.

Re:How can drivers protect themselves.... (1)

Anonymous Psychopath (18031) | about 7 months ago | (#46307911)

One way would be to insist that automakers do not nickel and dime design vehicles. The critical components related to vehicle safety should be designed for safety first, cost second.

These vehicles go for over $20 000, I should at least have the option to pay an extra $1000 to chuck the electronic crap.

The electronics are very deeply embedded. Not sure how you're gonna dump them when there's no physical cable connecting your throttle to your engine. Impossible in the case of EVs or hybrids.

Also although the article does a decent job of showing that a stack overflow is possible and might result in unexpected behavior, what's needed is a simulated failure scenario to see if that's what actually happens.

stackoverflow.com (1)

tdoshea90 (3393145) | about 7 months ago | (#46307807)

i thought this post was going to be about the website lol

I know what users could do! (1)

Anonymous Coward | about 7 months ago | (#46307823)

At least in this case switch the car into that little N looking thing on their shifter. Sadly a good portion of the population does not know what that N means.

Re:I know what users could do! (1)

Nighttime (231023) | about 7 months ago | (#46308005)

A lot of gearboxes on modern cars are "fly-by-wire", so selecting N may not work. How about some way to mechanically disengage the engine from the driving wheels? You could make it foot-operated and install it to the left of the brake pedal.

Re:I know what users could do! (-1)

Anonymous Coward | about 7 months ago | (#46308027)

Why would a car have a Nigger mode? The last thing you want is a lazy, smelly car!

Re:I know what users could do! (1)

bobbied (2522392) | about 7 months ago | (#46308091)

Even easier is to just TURN IT OFF using the key and get on the breaks. Trust me, the car WILL stop running and come to a full stop fairly quick. Don't worry when the key won't come out, the steering wheel will work with a bit of effort, just turn the key as far as you can. Coast to a safe place, stop, put the car in park and remove the key. THEN check your floor mats.... If you see nothing wrong, start the car and if everything is normal again, continue on your way.

What do they teach people in drivers education these days..

Re:I know what users could do! (2)

CodeArtisan (795142) | about 7 months ago | (#46308149)

Even easier is to just TURN IT OFF using the key and get on the breaks. Trust me, the car WILL stop running and come to a full stop fairly quick.

Not if it's a diesel engine.

Re:I know what users could do! (1)

amorsen (7485) | about 7 months ago | (#46308193)

Modern cars have nothing to turn. They just have a software-controlled button.

Motorcycles! (2)

Marrow (195242) | about 7 months ago | (#46307837)

No software. No seat belts. No automatic..anything.

Re:Motorcycles! (2)

Walter White (1573805) | about 7 months ago | (#46307935)

No software. No seat belts. No automatic..anything.

You'd have to restrict that to old motorcycles. My '98 has ABS and fuel injection, both of which used programmed electronics. Newer bikes include systems such as CAN Bus, traction control, fly by wire throttles and more. Except for things like air bags, seat belts and bumpers, motorcycles use a lot of technology found in automobiles.

Re:Motorcycles! (1)

Hognoxious (631665) | about 7 months ago | (#46308145)

Does it have an automatic transmission, and if not does it have clutch by wire?

Re:Motorcycles! (0)

Anonymous Coward | about 7 months ago | (#46308097)

I prefer my Motorcycle to be 100% software:

http://i.imgur.com/cz8klVm.jpg

Re:Motorcycles! (1)

bobbied (2522392) | about 7 months ago | (#46308101)

No software. No seat belts. No automatic..anything.

In Chicago in a snow storm during rush hour? No thanks!

Mental stack overflow of the driver is more likely (5, Interesting)

Anonymous Coward | about 7 months ago | (#46307853)

Idiot drivers hit the gas pedal instead of the brake and instead of owning up to their incompetence as a drivers, they blame the car instead. The Toyota sudden acceleration problem disproportionately affects the elderly and inexperienced drivers. It also a uniquely an American problem and it occurred during a deep recession where GM and Chrysler were going bankrupt and Americans needed some FUD against Toyota because supporting American car companies was the jingoism of the day. The toyota sudden acceleration is more of a case study of an American moral panic and mass hysteria perpetrated by the media than it was an engineering problem.

Re:Mental stack overflow of the driver is more lik (0)

Anonymous Coward | about 7 months ago | (#46307975)

I think it was also related to the push button start feature. Most older drivers are familiar with, turn key, engine shuts off, not hold button for 5 seconds to turn off engine while panicking.

Brake (1)

Etrahkad (1399575) | about 7 months ago | (#46307861)

I mean.. lesson well learned. I will test the throttle now. Ah crap that's right I was fired. Must not do that in the next automotive company, Saturn beware I made buyers be weary of the Toyota Brand. (Glad Lexus drivers have more common sense)

Death Penalty? (1)

Anonymous Coward | about 7 months ago | (#46307867)

The death penalty for programmers that write such code will bring an end to this OUTRAGE !

Re:Death Penalty? (2)

colinrichardday (768814) | about 7 months ago | (#46307963)

The death penalty for programmers that write such code will bring an end to software !

FTFY

Re:Death Penalty? (1)

bobbied (2522392) | about 7 months ago | (#46308107)

The death penalty for programmers that write such code will bring an end to this OUTRAGE !

I'm shocked, SHOCKED that our software has bugs!

Your bug reports sir!

Carry on...

It's like this (0)

Anonymous Coward | about 7 months ago | (#46307869)

There is no such thing as unintended acceleration. All cases have been unrepeatable or shown to be human error.
The Toyota stuff was a bunch of crap that got whipped in to a media frenzy then a bunch of people tried to cash in on it.

The slightly longer answer is, if something like that ever happens, turn off the car and press the brake pedal firmly.

Re:It's like this (0)

Anonymous Coward | about 7 months ago | (#46307941)

Ah yes. All software is perfect. Nothing to see here. I'm sure the average motorist will think of your workaround, thus avoiding tragic "human error". (can you even turn off the car while it's in drive? what are the sequence of steps, exactly? hopefully your transmission isn't computer controller?)

Re:It's like this (0)

Anonymous Coward | about 7 months ago | (#46307993)

Drive much? You CAN turn a car off in drive. In keyed cars, you can't "lock" the steering wheel in most models. In keyless, you must hold the start button down for 3 seconds (see owners manual.)

I would hope that the accelerator pedal and start/stop switch are not running within the same embedded logic however.

Re:It's like this (1)

amorsen (7485) | about 7 months ago | (#46308207)

All cases have been unrepeatable

Stack overflows tend to be difficult to reproduce.

Re:It's like this (1)

dcw3 (649211) | about 7 months ago | (#46308285)

Wrong. I've personally had it happen to me in a '85 Hyundai. The vehicle was relatively new at the time, and had a manual transmission. After tapping the throttle to try to unstick it, I flipped the ignition and stopped the car. Once completely stopped, I restarted, and with my foot on the clutch watched at the tach approached redline until I shut it down again. I was eventually able to get it going again, and headed straight to the dealership. They found nothing, and it never reoccurred.

Yes, I'm well aware that people can hit the wrong pedal...there's no way I did that twice. I believe in my case, the throttle got stuck when I had floored it..those vehicles had very little acceleration.

Those wily Toyota lawyers .... (4, Funny)

140Mandak262Jamuna (970587) | about 7 months ago | (#46307885)

Suddenly Toyota lawyers sued this website http://stackoverflow.com/ [stackoverflow.com] and claimed they are victims too.

Likley the cause? (1)

mjwalshe (1680392) | about 7 months ago | (#46307903)

if you cant demonstrate it in lab conditions it is just awlawyer speculating about stuff "M'lud I postulate it was the alien space bats wot dun it"

Could it? Really, it could? Could be? (0)

Anonymous Coward | about 7 months ago | (#46307907)

A stack overflow could cause uncontrollable acceleration. The car also could be hit by a meteor. You could be mauled by a bear when you press the accelerator. The engine could catch on fire. Small invisible aliens could hold down the accelerator. The wavefunction of the car could tunnel to a position high above the ground.

I'm no law-talking guy, but I guess "conceivable occurrence allowed by the laws of physics" is pretty much the same level of proof as "preponderance of evidence". Anyway, check, please!

Re:Could it? Really, it could? Could be? (1)

roc97007 (608802) | about 7 months ago | (#46307937)

> You could be mauled by a bear when you press the accelerator.

But only if you've purchased the "mauled by a bear" feature and have forgotten to put the "bear" switch in the "off" position before putting the car in gear.

I thought everyone knew that.

Re:Could it? Really, it could? Could be? (0)

Anonymous Coward | about 7 months ago | (#46308067)

Oh man, we just barely escaped being mauled. Let's be more careful this time.

Checks manual: Release accelerator pedal. Depress clutch to floor. Move shifter into second bear. Aaaaugh!

Re:Could it? Really, it could? Could be? (0)

Anonymous Coward | about 7 months ago | (#46308137)

> You could be mauled by a bear when you press the accelerator.

But only if you've purchased the "mauled by a bear" feature and have forgotten to put the "bear" switch in the "off" position before putting the car in gear.

I thought everyone knew that.

It's only supposed to maul the passenger; mauling the driver is a feature defect.

Not much (4, Interesting)

n1ywb (555767) | about 7 months ago | (#46307909)

Honestly, not much, except perhaps demand better software. Better processes, better languages. I'm just hypothesizing here but it might not have happened if they had e.g. followed better development standards like the MISRA C standard, or don't use C at all, use Ada or something. Better QA processes might have caught it before it went into production, e.g. using a dynamic stack profiling tool, input fuzzing, whatever. Fundamentally a system like this should have an independant hardware watchdog timer to at least try and make it fail-safe in the event of a CPU crash. Finally any motor vehicle ought to have a manual cutoff switch wired into the fuel pump or ignition circuit so that when the CPU shits it's bits you can still turn the damn thing off before you crash crash.

Re:Not much (0)

Anonymous Coward | about 7 months ago | (#46308261)

Of course this bug would not happen because neither MISRA C or Ada SPARK allows recursion, so the stack wouldn't get overflown.

Can != did (3, Insightful)

140Mandak262Jamuna (970587) | about 7 months ago | (#46307921)

"We've demonstrated how as little as a single bit flip can cause the driver to lose control of the engine speed in real cars due to software malfunction that is not reliably detected by any fail-safe," Michael Barr, CTO and co-founder of Barr Group, told us in an exclusive interview. Barr served as an expert witness in this case

Emphasis mine.

Yes, a single bit flip can cause unpredictable behavior in any code. You could say that without any analysis. A single mistake in sign can get you a goose egg in the Algebra paper. So many people could have won the lottery if only one digit was different. These are well known. But can != did. Did that stack overflow? Did it actually happen? That is the question.

This is a case of manual override (4, Insightful)

EmperorOfCanada (1332175) | about 7 months ago | (#46307923)

Quite simply the absolute control should not be handed over to the computer. Basically doing something like pulling on the handbrake should basically physically cut the throttle. Or stomping on the brakes should activate a simple solenoid that cuts the throttle. This mechanism should be 100% separate from the computer and override most computer outputs.

I see this as critical in a driverless car. There needs to be a way for people to pull the plug and there needs to be a way for people to phone in an emergency. So if someone is lying in a pothole being run over by car after car, or the bridge is failing, there needs to be a way for 911 to say that a stretch of road is now cut off. The key is that this cannot be ab abusable by officials. I do not want my car grinding to a halt because the police are looking for some runaway or a bank was robbed.

Re:This is a case of manual override (0)

Anonymous Coward | about 7 months ago | (#46307955)

I strongly suggest that if you base your needs above that of the public servants doing work for the good of us all that you buy an airplane or helicopter and stop using public roadways immediately. It's not always about you.

Re:This is a case of manual override (1)

PPH (736903) | about 7 months ago | (#46307985)

I strongly suggest that you re-evaluate the needs of those public servants who had their blue lights on en route to their coffee/donut break a few months back.

Re:This is a case of manual override (1)

StikyPad (445176) | about 7 months ago | (#46308039)

I do not want my car grinding to a halt because the police are looking for some runaway or a bank was robbed.

GLWT.

Re:This is a case of manual override (3, Informative)

jcdr (178250) | about 7 months ago | (#46308233)

Actually the brakes alone are enough to stop the car even in case of a full throttle bug.

Outlaw Recursion (0)

Anonymous Coward | about 7 months ago | (#46307925)

Recursion is lazy, stupid, and above all, DANGEROUS.

Whomever thought recursion was a good idea ought to be taken out back and given a thorough beating.

Re:Outlaw Recursion (4, Funny)

Dunbal (464142) | about 7 months ago | (#46307951)

Recursion is fine if recursion is fine if recursion is fine if recursion is fine if recursion is fine if you do it right.

Re:Outlaw Recursion (1)

Hognoxious (631665) | about 7 months ago | (#46308131)

Yo dawg...

Re:Outlaw Recursion (1)

bobbied (2522392) | about 7 months ago | (#46308143)

Recursion is lazy, stupid, and above all, DANGEROUS.

Only in the hands of a novice..

It is an elegant solution for certain kinds of problems that can work magic in the hands of one who has mastered the technique. But when applied to the wrong problem, it's what you describe.

As in all things, the right tool for the job is always best. Masters of the trade know their tools well.

Protecting yourself from bugs? (1)

Savage-Rabbit (308260) | about 7 months ago | (#46307931)

How can users protect themselves from sometimes life endangering software bugs?

Drive older non digital cars. Come to think of it I can get you a great deal on a factory standard model 1971 Ford Pinto.

Re:Protecting yourself from bugs? (1)

bobbied (2522392) | about 7 months ago | (#46308153)

The one with the scorched paint that caught fire when I was driving it? Wow, I thought that went to the junk heap back in the 80's

I don't buy it. (1)

Timmy D Programmer (704067) | about 7 months ago | (#46307949)

Most of the people who claimed 'sudden' acceleration said it happened while they applied the brake. And I don't care how crazy your engine goes, the brakes wouldn't also happen to go out at that moment too. It's like the Audi's even before the computers did anything more than fuel mixture, folks pressed the wrong petal and blamed it on the car.

Re:I don't buy it. (0)

Anonymous Coward | about 7 months ago | (#46308011)

Read the report. The explanation is in there. Basically, the acceleration gets stuck on and pressing the brake pedal doesn't send the signals to turn it off. And since the brakes are not strong enough to stop the car, you're hosed.

Re:I don't buy it. (0)

sexconker (1179573) | about 7 months ago | (#46308171)

Read the report. The explanation is in there. Basically, the acceleration gets stuck on and pressing the brake pedal doesn't send the signals to turn it off. And since the brakes are not strong enough to stop the car, you're hosed.

You're going to get a lot of idiots telling you that the brakes will win out over a floored throttle. Just a heads up.

Re:I don't buy it. (1)

amorsen (7485) | about 7 months ago | (#46308225)

And since the brakes are not strong enough to stop the car, you're hosed.

They are, though. Unless the brakes are otherwise faulty. However, if you just try to keep the speed low instead of stopping completely, the brakes will overheat and stop working.

coding standards (5, Informative)

lkcl (517947) | about 7 months ago | (#46307965)

... you know... i worked for pi technology in milton, cambridge, in 1993. they're a good company. they write automotive control systems, engine control management software, vehicle monitoring software and diagnosis systems and so on. one of the things i learned was that coding standards for mission-critical systems such as engine control have to be very very specific and very very strict. the core rules were simple:

1) absolutely no recursion. it could lead to stack overflows.
2) absolutely no local variables. it could lead to stack overflows.
3) absolutely no use of of malloc or free. it could lead to stack overflows.

now you're telling me that there are actually car manufacturers that cannot be bothered to follow even the simplest and most obvious of safety rules for development of mission-critical software, on which peoples' lives depend? that's so basic that to not adhere to those blindingly-obvious rules sounds very much like criminal negligence.

Re:coding standards (1)

TechyImmigrant (175943) | about 7 months ago | (#46308211)

>... you know... i worked for pi technology in milton, cambridge, in 1993. t
So did I.

Small world.

Stack overflow vs. buffer overflow (difference) (5, Informative)

Trax3001BBS (2368736) | about 7 months ago | (#46308013)

For anyone else that's curious; at first I thought it was double speak, so not to sound as bad.

Stack overflow refers specifically to the case when the execution stack grows beyond the memory that is reserved for it. For example, if you call a function which recursively calls itself without termination, you will cause a stack overflow as each function call creates a new stack frame and the stack will eventually consume more memory than is reserved for it.

Buffer overflow refers to any case in which a program writes beyond the end of the memory allocated for any buffer (including on the heap, not just on the stack). For example, if you write past the end of an array allocated from the heap, you've caused a buffer overflow.

http://stackoverflow.com/quest... [stackoverflow.com]

Two words (1)

daniel142005 (906427) | about 7 months ago | (#46308099)

Manual Override

NO (4, Informative)

confused one (671304) | about 7 months ago | (#46308125)

First rule of real time: No recursion.

turn off the car? (1)

ironicsky (569792) | about 7 months ago | (#46308127)

I used to have a truck with a sticky gas peddle. As in I pushed it down and it didnt come back up. I quickly learned a secret... when it happened, I turned the truck off, dropped it to neutral, and breaked.

I knew that when I was 16. Why cant people figure that out 15 years later?

Drive Older Cars (0)

Anonymous Coward | about 7 months ago | (#46308175)

Drive older cars. They're not getting better anyways. Just more complex. e.g. Television for each passenger and 28 cup holders....

In Canada Engineers Are Required to Write the Code (1)

celest (100606) | about 7 months ago | (#46308183)

In Canada, the public is protected from such software bugs by statute, in the same way the public is protected from medical screw ups: a professional engineer is required by law to write any software code where safety is on the line. Just like when a new bridge is constructed and must be designed and validated by a professional engineer who is an expert in structures and who becomes professionally liable for the project, the same is true for software. If safety is on the line, a professional engineer who is an expert in software and/or computer systems (as the case may be) must design and validate the code and they become professionally liable for the software. Unfortunately, too many companies ignore the law.

Source: Professional Engineers Act of Ontario (http://www.e-laws.gov.on.ca/html/statutes/english/elaws_statutes_90p28_e.htm ) and Professional Engineers Ontario (http://www.peo.on.ca/). There are similar acts and professional associations for all provinces and territories in Canada.

Full disclosure: I'm a professional computer engineer registered in Ontario with PEO.

SystemD (0)

Anonymous Coward | about 7 months ago | (#46308189)

systemd is the answer.

Way to dumb it down EE Times (1)

wiredlogic (135348) | about 7 months ago | (#46308227)

FTA:

Just to clarify, the "tasks" are equivalent to apps running on smartphones or PCs.

It's sad that a publication targeted to EEs has writers that dumb everything down with this sort of populist pap.

Dangerous recursion! (5, Funny)

mveloso (325617) | about 7 months ago | (#46308255)

From the slides:

"Toyota used dangerous recursion"

Not like that safe recursion that other vendors use.

Mechanical throttle "stopcock" (0)

Anonymous Coward | about 7 months ago | (#46308267)

This drive-by-wire shit would be cool if everything were built to aircraft flight control standards, but it is not nor will it be and proponents need to FACE that reality.

Safeties should be SIMPLE, not cute.

A mechanical throttle with a good old-fashioned return spring is most appropriate for use on street vehicles. Not perfect, but proven to be highly reliable.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>