The ongoing Toyota safety crisis is putting the spotlight on the use of electronic controls for critical vehicle systems such as brakes and throttle. During today’s hearings, on Capitol Hill, testimony raised serious questions about Toyota’s claims that it had developed a safe and reliable engine controller that could and would not cause vehicles to unexpectedly surge out of control.
Whether or not the automaker is ultimately cleared, with more electronic content in cars today, especially as electronic systems replace mechanical functions, a fundamental question has arisen: Are automakers equipped with the right tools to design and develop these digital systems — and, more importantly, do they have the right testing mentality?
(A university professor’s 3-hour experiment could show that Toyota electronic systems are flawed. Click Here for that story.)
The electrical and electronics complexity inside cars today is enormous, and with relentless attention focused on fuel economy, reduced emissions and improvements in safety, it’s unlikely to abate. By some estimates, as much as 40% of the value of some premium cars will be in the onboard electronic systems by mid-decade. It’s like having a full computer network on wheels.
“Frequently a single function – braking, for example – involves multiple electronic control units (ECUs), as well as a lot of application software, communication software stacks, and operating systems,” explains Serge Leef, vice president at Mentor Graphics. His firm markets software that car makers use to verify that the communications between ECUs are transmitted and received accurately and on time.
“There may be one ECU that controls the brake pedal, another for tire rotation information, and another responsible for braking signals – and it’s quite possible that all three ECUs come from different vendors. When you consider what happens when the driver hits the brakes, the opportunities for error from network communication inside the vehicle are phenomenal,” Leef says.
“If all the computers involved come from different sources, and the only way they know how to communicate is because the automaker gave the suppliers specifications for the type and timing of each message, the first time that everything comes together is in the automaker’s lab.”
That can be a challenging place for the car maker to try to figure out whether the sequences really work.
“There are millions of possible scenarios, most of which represent ‘corner cases’ – situations that only occur outside of normal operating parameters,” Leef adds. “It is critical that car makers have a rigorous methodology that recognizes the existence of corner cases, then searches for them and enables engineers to fix them.”
Sounds like a no-brainer, but Mentor Graphics and other providers of simulation and verification tools say that not all automakers use them. Part of the problem is that most senior managers in car companies today came up the ranks either through mechanical engineering or finance. Leef says this is beginning to change, but he adds, “At the highest levels, today, there is not a lot of understanding of the complexity of electronics, so car companies are continuing to apply field test methods to verify that their products work. To put it bluntly, they are grounded in methodology that dates back 100 years.”
Lacking a thorough methodology and adequate tools for electronic system verification, automakers tend to rely on mainstream testing – chalking up lots of mileage. But Leef cautions, “You can drive vehicles from here to Mars and not find the corner cases that can be found through simulation. As it turns out, some of these corner cases are not so far in the corner, and they can result in extremely costly warranty issues.”
Which brings Toyota to mind.
It remains to be seen whether further testing will finally reveal the alleged glitches in the maker’s electronic control technology. If it turns out there are some digital gremlins, there is reason to suspect that network complexity might play a part.
“In my understanding, the braking issue on the Prius is related to the delay in, or lack of activation of the conventional (hydraulic) wheel-brakes versus the braking effect provided by the generator, recovering energy in the process,” says Antal Rajnak, chief scientist in Mentor Graphics automotive business.
Put simply, Rajnak points the finger at some sort of fault or anomaly in the communications between the various ECUs that operate the so-called “blended” braking system.
Proprietary software tools are available now to solve the problems that can result from electronic systems complexity. A new generation of tools for the same purpose is emerging under the aegis of the AUTOSAR Development Partnership, which was initiated by major European automakers to solve critical problems they faced during the last decade.
Leef contends that the AUTOSAR tools are not sufficiently mature, and some makers agree and prefer to wait. Others are moving now, hoping to use whatever tools they can find.
What’s certain is that with onboard electronic increasing at an almost exponential pace, there is a clear need to pay attention to the problem.