Toyota's lesson: Software can be unsafe at any speed

One week ago, as news reports attributed Toyota's sudden acceleration problem to a sticking accelerator pedal or a floor mat issue, my mechanic rolled his eyes. "You know, those systems are all electronic," he said.

The problem, he was willing to bet, could be summed up in one word: software.

Sure enough, this week investigators are focusing in on electronics as a potential culprit behind Toyota's woes. Meanwhile, the auto maker has admitted that it has experienced problems with braking control software used in its Prius line and has since updated the software to correct the problem. So far, the model is only being recalled in Japan.

Many drivers would be shocked to know that, when it comes to automotive controls, drivers increasingly fly by wire. A few years ago it was Airbus that ushered in an era in which electronics replaced direct hydraulic controls in airplanes. Automobiles have since followed. Gone are the days when the accelerator or brake pedal were directly connected to the throttle by a physical connector, such as a cable. Today for many makes - not just Toyota - electronics act as the intermediary. Most drivers are still blissfully unaware of this sea change in how cars operate.

It's ironic that Toyota, the leader in building quality automobiles, may have become the poster child for poor software quality. It probably won't be the last auto manufacturer to suffer this fate. Unfortunately for Toyota, software development hasn't coalesced around a Deming to instill the same discipline in the manufacturing of software that made Toyota so successful in automotive hardware.

That culture of quality has largely been missing in commercial software development, where most software licenses include outrageous disclaimers that absolve the developer of any responsibility for harm created by their products, which are typically offered "as is."

The problem is much bigger than just Toyota. Electronics systems - and the networks that connect them - now make up 40% of the value of the typical vehicle. The interaction between these systems are complex. In the brakes alone software controls the anti-lock braking systems, stability control - and the Prius includes a system that converts the energy from braking into power to recharges the batteries.

Some automotive software glitches are merely annoying. For example, my 2005 Subaru Forester suffers from a computer glitch. Whenever the master computer is reset (which seems to be required every time I take the car in for service) the vehicle forgets how to deliver the correct air/fuel mix. In the 20 minutes or so the computer takes to relearn the correct settings the driver is subjected to constant stalling - which in my case happened in the middle of a busy rotary at rush hour. According to my dealer, Subaru has been unable to identify the exact source of the problem in the software. The solution? The dealer must run the vehicle long enough for the problem to self correct before I pick it up.

Other issues are more deadly. In an acceleration incident the driver has seconds to react, particularly in a highway situation. Drivers who don't realize that they're flying by wire may waste precious time trying to pry up the pedal rather than switching to neutral and pulling to the side of the road. "It's scary," my mechanic says.

He also worries about the possibilities for hacking new vehicles. "What if someone pirates something on there?" he asks. There are no antivirus scans for vehicles. What would happen if a terrorist was able to get an insider into the supply chain and insert dormant code into each new vehicle that on a specific date and time would disable braking or cause sudden acceleration in thousands of vehicles?

It's easy to understand that concern. For mechanics, 40% of the vehicle amounts to a black box. They aren't trained to be systems analysts. They must rely on other computers - another black box - to diagnose a wide range of complex issues that crop up with vehicle electronics.

Auto makers, on the other hand, now function more like systems integrators. Dozens of suppliers provide sub-assemblies, many of which come with their own silicon - and those interconnected systems are becoming more elaborate.

Can Toyota elevate software quality to the same level that it achieved with hardware? If not, customers may start to feel that modern fly by wire vehicles are unsafe at any speed.

FREE Computerworld Insider Guide: IT Certification Study Tips
Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies