Re: [SystemSafety] More on Bookout-Schwarz/Toyota

From: Andrew Rae < >
Date: Mon, 11 Nov 2013 12:23:43 +0000


Thanks all for the clarifications. I knew I didn't have it quite straight, and all the replies (whilst pointing out different things) are consistent with each other, except for some uncertainty in exactly what NASA did or didn't have access too.

Important subtle point by Matthew and Peter that the existence of a social scare says nothing about the existence or non existence of real events. Makes them hard to diagnose though since pattern/population approaches can be misleading.

Drew
On 11 Nov 2013 12:14, "Peter Bernard Ladkin" <ladkin_at_xxxxxx wrote:

> Andrew,
>
> I'll just answer your questions straight.
>
> On 11/11/13 11:05 AM, Andrew Rae wrote:
> > 1) The reports of unintended acceleration follow the pattern of
> socially-propogated concerns,
>
> I think "follow" is wrong. The event happened in 2007. According to
> http://en.wikipedia.org/wiki/Sudden_unintended_acceleration (for what
> Wikipedia info is worth) there
> were two isolated reports in Toyota Camrys before that, one which was
> explained mechanically ("tin
> whisker") and one it seems unexplained.
>
> The mass of Toyota UA reports I think was around 2009 and following. This
> event was before that.
>
> > making
> > it possible, maybe probable, that
> > there were no underlying unintended acceleration events caused by
> software faults
>
> Unlike Bishop Berkeley, I don't see any plausible relation between any
> social or psychological
> phenomena and the likelihood of UAs being caused by SW faults.
>
> > 2) None of the car models concerned had an independent recording device
> allowing _other_ causes of
> > the unintended acceleration to to be confirmed.
>
> I think they had the devices, indeed I think this car had a recorder. It's
> that the recorder was
> written by the same task that it was proposed had hung, Task X.
>
> Besides, Toyota (Dr. Ishii, if I remember the name right) determined that
> the event recorder did not
> always record adverse events that were known with certainty to have
> occurred (through bench testing).
>
> > 3) The NASA report found problems with the software, but none that they
> thought were likely to be a
> > cause of unintended accleration under the circumstances of
> > the set of accidents they looked at.
>
> NASA didn't commit to likelihood, as far as I know. They said that they
> couldn't rule out SW
> misbehavior as a cause of the UA event. They seem to have been well aware
> that not inspecting the
> source code significantly limits what one can conclude.
>
> > 4) The Bookout trial evidence was heavily critical of the software, and
> found plausible ways that
> > unintended acceleration could be caused by the software, but nothing
> directly linking these
> > possibilities to the Bookout events.
>
> That seems to be right, depending on what one takes as a "direct link".
>
> Only the general sequence of events in the Bookout incident were
> determined, as far as I know; no
> one reconstructed the sequence in detail. For example, there were
> significant skid marks from the
> car some way before the collision point, and the court could not determine
> whence they were caused.
> Plaintiff said they came from an attempt to use the parking brake;
> defendant couldn't show that that
> was not the case, neither was an alternative shown to be plausible.
>
> As far as I can tell from my currently-limited knowledge, the Barr
> scenario is consistent with the
> Bookout events. Being "consistent with" is obviously not "caused". But it
> does seem to me from what
> I have read so far that a Barr-type scenario is intuitively plausible as a
> possible cause of the
> Bookout events, and I'm not sure one can do any better than that here in
> determining cause, given
> the unknowns. But I am open to being corrected.
>
> PBL
>
> Prof. Peter Bernard Ladkin, Faculty of Technology, University of
> Bielefeld, 33594 Bielefeld, Germany
> Tel+msg +49 (0)521 880 7319 www.rvs.uni-bielefeld.de
>
>
>
>
>



The System Safety Mailing List
systemsafety_at_xxxxxx Received on Mon Nov 11 2013 - 13:23:54 CET

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:06 CEST