The Prius Wake Up Call
The problems now coming to light in Toyota’s Prius line are a grim reminder of just how far things can go wrong in low-power engineering.
For years, the Prius has been a shining example of how to reduce power consumption in an highly integrated array of complex systems, each geared for maximum performance while also reducing power consumption. But developing a low-power system is challenging enough. When you connect multiple systems together, each with a focus on low power, it becomes even more challenging.
So far, validation of concept and verification of an end product has been confined to individual blocks. When software is added in, the problem moves from block to subsystem. And when networking and power management of multiple systems is included, it becomes an exponentially larger challenge with an enormous number of hidden corner cases based upon state, unexpected interactions, breakdowns caused by harsh conditions—potholes or excessive heat, for example—and potential shutdowns.
All of this is tolerable in a consumer device like a smart phone. Users can live with dropped calls or a glitch in a handheld game. They simply call back or reboot. It’s not as important to solve the verification problems in these devices because no one’s life depends on them.
It’s a lot different when it comes to medical or industrial devices, but even those are generally limited-function devices. A pacemaker may be critical, but it also has one purpose. The same is true of a fire alarm. Still, in the future more of these devices will be tied together and increasingly interdependent, which means reliability testing will have to be done in all states and with all possible permutations being considered.
This is brain-bending stuff in the simplest of configurations, where it can be done on a spreadsheet. It’s the work of server farms in complex systems, based upon models that have to be developed at the architectural level. And it’s the kind of problem that has to be tested continually throughout the development cycle to ensure reliability and to incorporate any changes.
All of this adds cost, of course. And it requires more engineers with a broader focus. Once you get beyond that hurdle, it requires an interplay between groups that generally don’t speak the same language and which have, at least so far, had little in common. But like complex systems, all the pieces must work together. That starts with the people involved in making the systems.
Toyota had the right idea in developing the Prius. Unfortunately it didn’t have all the right tools or procedures for testing all of the possible things that could go wrong. It’s no longer just a chip or a software problem. It’s a much bigger engineering issue, and low power is now a central part of that problem.
–Ed Sperling
February 5th, 2010 at 12:17 pm
Do you have information that the Prius brake problem was an issue with low power design? I have not heard that connection anywhere. All I heard was that there was a delay from pushing of the brake pedal to actuating the brakes, and that it will be solved with a software/firmware update. This seems more like a systems issue with bus bandwidth, or debounding counter, etc. Not seeing a connection with low power…
February 5th, 2010 at 1:09 pm
Given the broad range of temperature and humidity, vibration and the large number of modules and modes full and continued failure analysis becomes impractical if not impossible. Every module change requires that the full interaction analysis with multiple variants of the real system should be repeated… in practice this is not done for all vehicle variants in all climates and useage modes. Older vehicles, including aircraft, of all types are frequently more reliable than their more recent replacements.
February 5th, 2010 at 3:10 pm
Another Brake problem for Ford this time. They point to a transition between regenerative braking and conventional brakes.
An article on Prius, says the brakes are “the tip of electronic problems”… “including headlights turning off inexplicably”
When I think of low power, my IC centric view points to power islands, etc. The automotive problems I think of as system simulation and verification issues. Admitedly, there may not be a true division between system only issues and power only issues.
I also wonder if there is any existing language or tool that can properly simulate and verify such diverse systems.
February 5th, 2010 at 9:40 pm
It is strange that people have started to worry about the braking capability of Prius. I have had the first generation Prius for four years and have a third generation Prius for now three years. They have done more than 100K miles each. I have not found a problem with the breakes as described. Since any system software issue should affect all models I do not belive that is the case. It should be a break specific software for a specific model year.
Toyota has done a very good job of providing a low power system with regenrative breaking and efficient operation. Let us not make small problems into something that it is not by over speculation.
February 5th, 2010 at 11:39 pm
Thanks all, your comments should be well considered. Let me add one more on the top. It’s more mental reaction or feel of the drivers who are new to the system (this case new Prius). The news said, the vehecle design itself probably match to any exsisting design criteria, however real human can feel some tiny difference that can’t be detected even very advanced measurement systen(prease remind high end audio gear). So you need lots of real field tests. Unfortunately this is the reason why too many systems have been built tooo conservatively.
February 7th, 2010 at 12:01 am
I had a similar problem in 1984 with the “New” Chrysler Mini Van. While driving down highway 73/75 near Omaha, NE., all of a sudden my Mini Van started to accelerate all by itself. First i looked at the cruise control to determine if it was on… it wasn’t; next I released pressure on the gas peddle… it still picked up speed; then I applied the brakes and they didn’t work; so I put the transmission into neutral and pulled to the side of the road… the engine still raced, then I turned the vehicle off and restarted. I was able to return home. After taking it in for repair, I was told it was dust that got into the system computer that caused the problem.
February 7th, 2010 at 4:52 am
Interesting (everything).
Are electronic systems better than the old ones.
Old ones were equally economic may be and reliable.
I think electronics is good for telecom PCs etc etc but cars not really.
I wonder how many other cars are potential killers.
Dealers are like politicians. Not elected, self made.
Quality bof US cars is terrible, Japs and Koreans are better. VV too but POSses too.
My Sienna 98 is good. Dealer is worse than NAZI.
February 7th, 2010 at 4:53 am
Sorry:
For what MEMs as sensors in cars another nonsense.
February 7th, 2010 at 3:39 pm
Note to the moderator: Regarding the “NEW” Chrysler Mini Van… it was called a “1984 Dodge Caravan,” the first year they came out. It was nothing but problems! I’m just mentioning only one.
February 8th, 2010 at 12:14 pm
Existing high reliability systems–like aircraft–came at a very high cost. IN WWII, we had a nearly infinite supply of money with which to build high performance aircraft and an near infinite supply of eighteen year old boys/men to fly them. We made them faster and lighter until they broke (scratch another 18 yr old), then strengthened whatever broke and added more power to carry it.