http://pressroom.toyota.com/pr/tms/d...tration_1_.pdf

From Exponents document, above...

"..Figure 1. A 200 ohm resistor is apparently placed between the output signals of the two pedal position sensors...."

Note the word "apparently"....??!!

I had assumed that the "short" Dr. Gilbert placed across the two sensor signals had just enough resistance, accidental and unintentionally, that a voltage difference greater than the monitoring system was checking for, 0.020 volts (only 20 millivolts), remained between the two signals.

I think that what Exponent is saying here is that in order to replicate Dr. Gilbert's experiment BUT NOT trigger the monitor they had to use a 200 ohm "short" between the two sensors. 200 ohms is well above any accidental or unintentional resistance I would have assumed.

Given that the two sensor output voltages should ALWAYS be displaced by at least 0.80 volts (factory document), using a difference voltage as low as 20 millivolts is unreasonable if one wishes to truly detect short between the two sensors.

Apparently (there's that word again) Exponent assumed a 200 ohm short since that's the resistance they had to use in order to NOT to trigger the firmware monitoring test.

From Exponent, again.

"..To bypass setting the DTC code on the 2007 Camry Exponent slightly modified the parameters of Dr. Gilbert's demonstration...."

"...By carefully engineering the modification.."

Carefully engineering the modification...

Yes, using empirical engineering methods to select a shorting resistance that provided "just enough" signal shorting to still allow a voltage difference above the detection threshold.

In other words the 200 ohm resistor wasn't small enough, low enough in resistance, to "fool" the 2007 Camry's firmware sensor monitoring system, so Exponent chose another value.

First they "ASSUME" Dr. gilbert used a 200 ohm resistor with absolutely no evidence of that (granted, either way), now they modify their own assumption to fit the new case.

And yes, you can "short" the two signals together with just enough resistance to still remain above the minimum voltage difference detectable by the monitoring firmware. And now, if you wish, provided you carefully select the resistance of the "short", connect the one sensor to the 5 volt reference to create a runaway engine "without" setting a DTC.

Or, if you like, you could short the one sensor to a reference voltage right at the maximum of the normal operating range, the engine would go WOT, but no DTC would be set.

"...Exponent was able to rewire the pedal sensors and achieve engine revving without setting a DTC...."

Yes, so could anyone, by empirically selecting the shorting resistance.

And finally:

"...Exponent also evaluated how vehicles made by other manufacturers would respond to the same rewiring that Dr. Gilbert showed in his demonstration. Every vehicle from other manufacturers tested by Exponent could be induced to respond with a sudden increase in engine speed and power output, although the parameters of the rewiring changed slightly from vehicle to vehicle. These demonstrations in no way indicate a defect with any of the vehicles tested (including the Toyota and Camry)..."

...although the parameters of the rewiring changed slightly...

NO SHxx, SHINOLA..!!

....no way indicate a defect with any of the vehicles...

Avoiding a public REBUTTAL by other manufacturers, "this".

But I still find myself puzzled that this worked, so far...

 

"I am able to alter the design so that it fails" is NOT the same as "the design is defective". EVERY DESIGN CAN BE ALTERED TO THE POINT OF FAILURE.
Every building can be made to fall down by removing some fraction of its posts or beams. Every electronic device can be made to catch fire by removing the safety circuits and increasing the voltage or current. None of that is new. It is inherent in every field of engineering. Engineers work hard to make their designs fail-safe. They anticipate just about every single failure, and many multiple failures.

When someone alters more than two elements in a design (in this case, I think it was SIX elements) they can not plausibly claim that the alterations could occur by any means other than intentional alteration.

Hiring a consultant to modify a competitors product so that the result is a spectacular failure is not "science", and it's not "engineering", it's not "fair and balanced", and it's not even "news". It is only "marketing", or, what the TV studios call "special effects". You might as well send the thing to MythBusters, and have them wire it full of explosives. (If you buy enough advertising, they will blow up anything.)

 

amen, brother!!! :d

 

I nominate this to be "Post of they Year"

 

>>I nominate this to be "Post of they Year"


Second.

 

>>>>I nominate this to be "Post of they Year"


>>Second.


All in favor, press your Y key, all opposed press N.

 

Crap! I kept pressing the N key instead of the Y key on my MacBook...my lawyer thinks we should sue Apple. His reasoning is that they have a lot of cash in the bank. He also feels the keys are too close on the keyboard and if someone is blindfolded, intoxicated or has incredibly fat fingers, they can easily confuse the keys.

 

From a hardware design viewpoint there is nothing, I do mean ABSOLUTELY NOTHING, wrong with the accelerator pedal position sensing design, NOTHING!! The problem lies with the NipponDenso, Denso US, programming IDIOTS that had responsibility for implementing the specified firmware design.

Give me 10 minutes with the firmware source code and a moderately competent programmer and together we would revise the firmware such that NO ONE could find a way to "fool" the accelerator pedal's existing redundant, dual, position sensor system.

Try as you might, compromise the output signals any way you would like/can, and the correctly written/composed firmware will ALWAYS set an MIL.

 

I usually don't respond to obvious nonsense. But I have to call "bullshit" on this particular nonsense. The programmers are not idiots. They are engineers, and part of the engineering team that designed and tested the system. If there is a bug in the code, ten minutes isn't nearly enough time to find it, much less to verify the fault, develop the fix, and then verify the new code. The regression test almost certainly takes hundreds of times longer than that to run, even once. And your last statement is just absurd. Read a few dozen volumes about signal processing, information theory, language theory, communication coding, and of course, software engineering and system verification, and you might begin to understand.

Oh -- I have a Ph.D., and have taught graduate level courses in software engineering and software verification & validation, as well as in harder "language" topics. I have more than enough credential to call "bullshit", here. I'm not saying there is no bug in that software. That possibility is not excluded by the tests that have been described. I am saying that intentionally altering multiple elements of a system design so that it behaves differently from the original design, does not prove a fault in the original design.

 

Oh, I don't have a Ph.D, just 40 some odd years having founded and now managing a real time process control hardware and software development company. Trivial end-user applications like being able to SCRAM a power generating nuclear reactor core within 50 milliseconds (that's 0.050 seconds for those of you without a Ph.D) if the multiple redundant sensors indicate a need.

Putting it as simply as I can....

The factory firmware design is FLAWED because by actual factory specification it is supposed to detect both of the instances in which Dr. Gilbert made external circuit modifications.