2007年9月，美國(guó)俄克拉荷馬高速公路出口網(wǎng)關(guān)上，有一輛2005年份的豐田(Toyota) Camry 發(fā)生汽車暴沖事故，導(dǎo)致一死一重傷的慘劇，當(dāng)時(shí)認(rèn)為事故是車地板的踏墊松動(dòng)、或是油門踏板黏膩所導(dǎo)致；但最新調(diào)查結(jié)果顯示，電子節(jié)流閥控制系統(tǒng)(electronic throttle control system)才是意外事故元兇。 上述調(diào)查結(jié)果是原告律師的結(jié)案陳詞，但被告豐田汽車的辯護(hù)律師卻聲稱，事故原因是駕駛?cè)耸枋В欢@起纏訟數(shù)年的案件，終于在日前由俄克拉荷馬法院的陪審團(tuán)做出決議，認(rèn)為豐田汽車所采用的汽車技術(shù)必須承擔(dān)事故法律責(zé)任。 根據(jù)美聯(lián)社(AP)報(bào)導(dǎo)，法院陪審團(tuán)決議，在該起事故中受重傷的駕駛?cè)薐ean Bookout應(yīng)獲得150萬(wàn)美元的賠償金，而在事故中喪生的Barbara Schwarz家屬也應(yīng)獲得150萬(wàn)美元的賠償。陪審團(tuán)并認(rèn)為，豐田汽車犯下“罔顧他人權(quán)利”的罪責(zé)，法院將在接下來(lái)繼續(xù)針對(duì)被告在此案件所需支付的懲罰 性賠償金，進(jìn)行第二階段的審理。 專家將此俄克拉荷馬案件視為一個(gè)先例──據(jù)了解，已經(jīng)有數(shù)百位豐田汽車車主聲稱車輛發(fā)生無(wú)預(yù)警加速暴沖狀況；而該案例也是第一次有測(cè)試結(jié)果聲稱，問(wèn)題可能出在車輛的電子節(jié)流閥控制系統(tǒng)。曾檢視過(guò)豐田電子節(jié)流閥系統(tǒng)軟件原始碼的嵌入式系統(tǒng)專家表示，它們?cè)谄渲邪l(fā)現(xiàn)缺陷，所包含的錯(cuò)誤碼就是導(dǎo)致車輛暴沖事故的原因。 但 值得一提的是，美國(guó)太空總署(NASA)專家也曾經(jīng)調(diào)查過(guò)豐田汽車的電子節(jié)流閥控制系統(tǒng)，卻并未發(fā)現(xiàn)導(dǎo)致車輛暴沖的電子缺陷。據(jù)了解，NASA的專家花了 十個(gè)月的時(shí)間進(jìn)行調(diào)查后，美國(guó)國(guó)家高速公路交通安全局(National Highway Traffic Safety Administration)早在2011年2月就結(jié)束了對(duì)豐田汽車多款車型的測(cè)試。 嵌入式系統(tǒng)產(chǎn)業(yè)界的專家們并不認(rèn)為 NASA有足夠的時(shí)間做出完整的報(bào)告，而更重要的是，NASA在該報(bào)告中并沒(méi)有排除軟件導(dǎo)致車輛無(wú)預(yù)警加速暴沖的可能性；當(dāng)時(shí)的報(bào)告指出，調(diào)查小組定義出 了兩個(gè)假設(shè)性的豐田ETSC-i 電子節(jié)流閥控制系統(tǒng)故障模式(相對(duì)于非電子性的原因，例如黏膩的油門踏板、地墊壓迫或是駕駛員操作不當(dāng)?shù)葐?wèn)題)。 這 兩種故障模式之一，是油門踏板位置感測(cè)系統(tǒng)(pedal position sensing system)故障，與未被汽車監(jiān)視系統(tǒng)偵測(cè)到的中央處理器(CPU)的系統(tǒng)軟件故障；它們不會(huì)產(chǎn)生診斷故障代碼(diagnostic trouble code，DTC)，有可能導(dǎo)致無(wú)預(yù)警的車輛加速暴沖。 第二種假設(shè)情況是主CPU的系統(tǒng)軟件故障導(dǎo)致節(jié)流閥在駕駛員未動(dòng)作的前提下開(kāi)啟，并持續(xù)控制燃油噴射與點(diǎn)火。報(bào)告指出，雖然并沒(méi)有證據(jù)顯示報(bào)告中所假設(shè)的ETSC-i狀況發(fā)生，并不意味著可能性不存在。 為了讓俄克拉荷馬案件水落石出，有一組新的嵌入式系統(tǒng)專家受命接手NASA的調(diào)查；而究竟是怎樣的一個(gè)小小軟件碼失誤，可能導(dǎo)致駕駛?cè)藷o(wú)法控制引擎速度，還需要專家們更詳盡的解釋。而由于目前法院要求案件律師與參與調(diào)查的專家，在判決前不得進(jìn)行公開(kāi)發(fā)言，未來(lái)有更新的信息出爐，ESMC將會(huì)有更進(jìn)一步的報(bào)導(dǎo)，敬請(qǐng)期待！ 本文授權(quán)編譯自EE Times，版權(quán)所有，謝絕轉(zhuǎn)載 編譯：Judith Cheng 參考英文原文：Acceleration Case: Jury Finds Toyota Liable，by Junko Yoshida

相關(guān)閱讀：
• 掃除盲區(qū)，百萬(wàn)像素高清3D全景行車輔助系統(tǒng)指日可待
• DIANA研究項(xiàng)目使快速維修汽車故障成為可能
• 自動(dòng)駕駛技術(shù)上路還有哪些問(wèn)題？1Hzesmc

{pagination} Acceleration Case: Jury Finds Toyota Liable Junko Yoshida It wasn't loose floor mats or a sticky pedal that caused the sudden acceleration of a 2005 Camry in an accident that killed one woman and seriously injured another on an Oklahoma highway off-ramp in September 2007. The electronic throttle control system did it. This was the closing argument of the plaintiffs' attorneys. In contrast, attorneys for Toyota blamed the crash on driver error. In a verdict delivered Thursday afternoon, an Oklahoma County jury found Toyota's in-car technology liable for the crash. The Associated Press reports that the jury awarded $1.5 million in monetary damages to Jean Bookout, the driver of the car, who was injured in the crash, and $1.5 million to the family of Barbara Schwarz, who died. The jury also decided Toyota acted with "reckless disregard" for the rights of others. A second phase of the trial on punitive damages is scheduled to begin Friday. Bellwether Experts had viewed the Oklahoma case -- one of several hundred contending that the company's vehicles tended to accelerate inadvertently -- as a bellwether. This was the first test of a claim that put the fault squarely on a flaw in the vehicle's electronic throttle control system. Embedded systems experts who reviewed Toyota's electronic throttle source code testified that they found it defective. They said it contains bugs -- including some that can cause unintended acceleration. It's important to note, however, that Toyota's electronics throttle control system had already been the subject of a NASA investigation that reportedly found no electronic causes of unintended acceleration. After the US space agency's 10-month investigation, the National Highway Traffic Safety Administration closed its probe of Toyota models in February 2011. But not everyone in the embedded systems industry thinks NASA had enough time to come up with a complete report. Perhaps more significantly, in its report, NASA itself did not rule out the possibility of software having caused unintended acceleration. The NESC team identified two hypothetical ETSC-i failure mode scenarios (as opposed to non-electronics pedal problems caused by sticking accelerator pedal, floor mat entrapment, or operator misapplication) that could lead to [an unintended acceleration] without generating a diagnostic trouble code (DTC): specific dual failures in the pedal position sensing system and a systematic software malfunction in the main central processor unit (CPU) that is not detected by the monitor system... The second postulated scenario is a systematic software malfunction in the Main CPU that opens the throttle without operator action and continues to properly control fuel injection and ignition... Because proof that the ETSC-i caused the reported UAs was not found does not mean it could not occur. For the Oklahoma trial, a new group of embedded systems experts was hired to dig deeper in hopes of picking up where NASA left off. However, how exactly a single bit flip could cause the driver of a real car to lose control of the engine speed demands more detailed explanation from experts. EE Times will be talking to some who were involved in the investigation, and we will be breaking down what went wrong -- according to experts -- with Toyota's electronic throttle control systems. These experts are currently under a gag order from District Judge Patricia Parrish, who ordered attorneys and experts on both sides not to discuss the case publicly until after the punitive stage.