[SystemSafety] More on Bookout-Schwarz/Toyota

Mike Ellims michael.ellims at tesco.net
Mon Nov 11 13:07:56 CET 2013


Nancy wrote:

 

> For one thing, as I understand it, NASA was not allowed to look at the
detailed code. The NASA results are meaningless. 

 

The latest version from of "National Highway Traffic Safety Administration
Toyota Unintended Acceleration Investigation - Appendix A" - with updated
redactions .I wonder why? Quite a lot of the document is blacked out.

 

The document states that: "NASA engineers performed the study on Toyota
premises within an access controlled area."  <snip> "Access to the Toyota
source code was made possible through the workstations."

 

The document goes on to list three tool sets used for static code analysis
i.e. Coverity, CodeSonar and Uno, and use of SPIN for model checking on
select parts of the code.

 

The main page of the DOT web site states "In conducting their report, NASA
engineers evaluated the electronic circuitry in Toyota vehicles and analyzed
more than 280,000 lines of software code for any potential flaws that could
initiate an unintended acceleration incident."

 

Thus it would appear that NASA did have access to the source code, it being
America one assumes under the supervision of an armed guard  ;-)

 

Andrew Rae wrote.

 

> The reports of unintended acceleration follow the pattern of
socially-propogated concerns, making it possible,

> maybe probable, that there were no underlying unintended acceleration
events caused by software faults.

 

The following paper (Cars Gone Wild: The Major Contributor to Unintended
Acceleration in Automobiles is Pedal Error) is an interesting study on the
prevalence of throttle misapplication:
http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3153815/

 

Cheers.

 

 

From: systemsafety-bounces at lists.techfak.uni-bielefeld.de
[mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of
Nancy Leveson
Sent: 11 November 2013 10:11
To: Andrew Rae
Cc: systemsafety at techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] More on Bookout-Schwarz/Toyota

 

Is this a fair summary?

 

For one thing, as I understand it, NASA was not allowed to look at the
detailed code. The NASA results are meaningless. 

 

Nancy

 

On Mon, Nov 11, 2013 at 5:05 AM, Andrew Rae <andrew.rae at york.ac.uk> wrote:

Peter,
Thanks for finding and sharing these. Can I ask for an opinion from you and
others who have followed this, on the likely situation. 

My understanding (as someone with no inside information, just following
press and academic opinion):

1) The reports of unintended acceleration follow the pattern of
socially-propogated concerns, making it possible, maybe probable, that

     there were no underlying unintended acceleration events caused by
software faults

2) None of the car models concerned had an independent recording device
allowing _other_ causes of the unintended acceleration to to be confirmed.

3) The NASA report found problems with the software, but none that they
thought were likely to be a cause of unintended accleration under the
circumstances of

 the set of accidents they looked at.

 

4) The Bookout trial evidence was heavily critical of the software, and
found plausible ways that unintended acceleration could be caused by the
software, but nothing directly linking these possibilities to the Bookout
events. 

Is this a fair summary? 




My system safety podcast: http://disastercast.co.uk
My phone number: +44 (0) 7783 446 814
<tel:%2B44%20%280%29%207783%20446%20814> 
University of York disclaimer:
http://www.york.ac.uk/docs/disclaimer/email.htm

 

On 9 November 2013 18:53, Peter Bernard Ladkin <ladkin at rvs.uni-bielefeld.de>
wrote:

This analysis goes deeper than what I've seen to date. It links parts of
Phil Koopman's testimony (Phil tells me he is not the source) and *Barr's
slides*, which like his testimony, are an object lesson in presentation.

 

http://www.safetyresearch.net/2013/11/07/toyota-unintended-acceleration-and-
the-big-bowl-of-spaghetti-code/

 

PBL

Prof. Peter Bernard Ladkin, University of Bielefeld and Causalis Limited

 

_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE

 


_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE





 

-- 
Prof. Nancy Leveson
Aeronautics and Astronautics and Engineering Systems
MIT, Room 33-334
77 Massachusetts Ave.
Cambridge, MA 02142

Telephone: 617-258-0505
Email: leveson at mit.edu
URL: http://sunnyday.mit.edu

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20131111/d5bfd3da/attachment-0001.html>


More information about the systemsafety mailing list