Re: [SystemSafety] More on Bookout-Schwarz/Toyota

From: Matthew Squair < >
Date: Mon, 11 Nov 2013 23:01:11 +1100


Andrew,

Having waded through the transcripts that were released on safety research.net here's my response.

  1. Do you mean more probable than a software cause? If so I'd suggest that's something of a red herring. If there's a software cause there's a software cause, one does not preclude the other. See 4) for the specifics of this case.
  2. Did you mean user error? No as a general statement but there's also nothing that will record a failure of the engine throttle system software which is a major flaw in the systems 'fail safe' design.
  3. Can't comment as to NASA conclusions but, from the testimony given, NASA's investigation was limited in time, as to what they were shown and (as it turns out) Toyota misrepresented the system to them. Despite that they found many of the problems that Koopman and Barr did.
  4. Incorrect, the 'smoking gun' is in the physical evidence, e.g skid marks that indicate braking under power, photographic evidence, mechanical inspections, witness statements etc. So as someone once remarked, "when you've eliminated all other possibilities, whatever remains, however improbable..."

I'd recommend Barr's presentation it lays out the investigative analysis very well.

Reading through the material I was struck by how similar this case seemed to Therac 25.

Matthew Squair

MIEAust, CPEng
Mob: +61 488770656
Email; Mattsquair_at_xxxxxx
Web: http://criticaluncertainties.com

On 11 Nov 2013, at 9:05 pm, Andrew Rae <andrew.rae_at_xxxxxx

Peter,
Thanks for finding and sharing these. Can I ask for an opinion from you and others who have followed this, on the likely situation.

My understanding (as someone with no inside information, just following press and academic opinion):

  1. The reports of unintended acceleration follow the pattern of socially-propogated concerns, making it possible, maybe probable, that there were no underlying unintended acceleration events caused by software faults
  2. None of the car models concerned had an independent recording device allowing _other_ causes of the unintended acceleration to to be confirmed.
  3. The NASA report found problems with the software, but none that they thought were likely to be a cause of unintended accleration under the circumstances of the set of accidents they looked at.
  4. The Bookout trial evidence was heavily critical of the software, and found plausible ways that unintended acceleration could be caused by the software, but nothing directly linking these possibilities to the Bookout events.

Is this a fair summary?

My system safety podcast: http://disastercast.co.uk My phone number: +44 (0) 7783 446 814
University of York disclaimer:
http://www.york.ac.uk/docs/disclaimer/email.htm

On 9 November 2013 18:53, Peter Bernard Ladkin <ladkin_at_xxxxxx

> This analysis goes deeper than what I've seen to date. It links parts of
> Phil Koopman's testimony (Phil tells me he is not the source) and *Barr's
> slides*, which like his testimony, are an object lesson in presentation.
>
>
> http://www.safetyresearch.net/2013/11/07/toyota-unintended-acceleration-and-the-big-bowl-of-spaghetti-code/
>
> PBL
>
> Prof. Peter Bernard Ladkin, University of Bielefeld and Causalis Limited
>
> _______________________________________________
> The System Safety Mailing List
> systemsafety_at_xxxxxx >
>



The System Safety Mailing List
systemsafety_at_xxxxxx


The System Safety Mailing List
systemsafety_at_xxxxxx Received on Mon Nov 11 2013 - 13:01:24 CET

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:06 CEST