“Based on postulated failure modes and predicted system responses, numerouselectrical *system hardware failure modes were tested on benchtop simulators”. Page22 adds: “Test scenarios were developed based on analysis of software and hardwaredocumentation” and later states: “Model responses were compared to the hardwareexternal responses. Monitoring of actual responses inside the ECM hardware was notpossible; however, the software model and ASIC block diagrams did give a level of insight into system function”.In simple terms, this means that NASA took the existing Toyota documentation andassumed that the Toyota data was complete as well as accurate. NASA conducted their analyses and test scenarios (both hardware and software) at a functional block level, ascan be seen by doing a deep dive into the NASA report. This approach is only as goodas the data input into the software simulation as well as the test scenarios emulating thefaults listed in the functional block analyses. This methodology relies on the premis thatthe existing data from Toyota completely describes all possible failure nodes. Engineersshould recall the expression “garbage in, garbage out”. Note: a functional level failuremode analysis is only a preliminary top-down analysis, and should be followed by amore detailed bottoms-up component level analysis.Obviously the Toyota and NASA experts did not consider all failure modes, asexemplified by the Göteborg University and Volvo Technology paper published in theProceedings of the 2007 IEEE, an internationally accreddited Institution.In conclusion, I sincerely hope that the NHTSA Transportation officials follow up on theNESC recommendation to “consider conducting more research on electronic controlsystems”.
ADDITIONAL INFORMATION GLEENED FROM THE NHTSA DOCUMENT:
NHTSA-NASA Study of Unintended Acceleration in Toyota Vehicles:http://www.nhtsa.gov/staticfiles/nvs/pdf/NHTSA-Toyota_keywords.pdf P 14 –Of 426,911 NHTSA Vehicle Owners’ Questionnaire (VOQ) system, (2000 –2010), for all vehicles, there were 9698 identified as unintentional acceleration (UA),and of these 3054 were TMC vehicles. However, no evidence of a failure in ether theelectronic throttle control system-intelligent or brake system typically was reported ashaving been found following these events.P 26 -NHTSA: VOQ is voluntary and therefore difficult to extrapolate frequency of events to total events reported, causes: P 28 Public did not know of VOQ prior topublicity,