Toyota's Trinity of Troubles

runaway prius ramp  

 

 

A technical perspective

Feb 21, 2010


 

There's no doubt that Toyota is taking a real publicity beating in the press these days, with any number of viewpoints and plagiarized rehashes emerging on their braking and "unintended acceleration" woes in recent car models. A stunningly vast number of press flacks and bloggers, notably many associated with the Detroit car world, have leapt upon this with a bloody vengeance, thirsting to see "#1" topple and possibly as a way for some faith be restored in American carmakers. Well, it's time to add myself to the list of those weighing in, but in an attempt to be a voice of reason over the resulting din.

The overall situation is an unfortunate confluence of three, or maybe three and a half, largely *unrelated* issues that happen to have surfaced pretty much right on top of each other. So close together in time, in fact, that many people are *still* confused as to which problem is which. These stories combined to ignite feverish mob-hysteria across all of Dumfukistan, which takes much greater pleasure in screaming "NHTSA" and "class action suit" instead of actually understanding the issues and more importantly, learning how to control their own vehicles properly and anticipate and handle unusual events. The noise has risen far beyond any hope of real damage control by now, but that's doesn't prevent me from trying. When it gets to the point that a supposedly impartial transportation secretary entrusted with responsible leadership starts advising the public to "park your Toyota", something starts smelling very fishy about the whole thing.

I described this sorry situation to a friend over lunch, and she mused "wow, that really sounds like the perfect storm, doesn't it?" That's almost the perfect description. When three such raging squalls whipped along by widespread and breathless speculation collide, the results aren't pretty and for the most part, actively discourages reasoned study of the underlying technical situations. Snug down that tinfoil hat and read on.

The three central issues, roughly in order of public recognition, are:

      1>   Pedal entrapment by misplaced floor mats
      2>   Sticky accelerator pedal assemblies
      3>   Prius braking quirks, particularly in the 2010

with a few more timeline details on the first two amusingly reviewed at Jalopnik. One might be tempted to cite a fourth problem as the cruise-control complaint that Steve Wozniak brought in from left field, but that has proven to simply be irrelevant self-aggrandizing fluff. I'll deal with him later.

Now, far be it from me to imply that any automaker is perfect. None of them are -- with shareholder profit as the first priority, they all screw up and then gloss over the fact by burning more PR dollars. But Toyota has built up a pretty clear and well-deserved history of quality products, which depends not only on their own engineering ability but also heavily on their choice of parts suppliers as well as seeming to genuinely want to continuously improve the product. That's getting harder to maintain across any industry sector, with positively maniacal focus on the bottom line driving widespread outsourcing to the cheapest bidder. Toyota is a certainly not immune to that, as we'll see in a moment. Cars are very complex pieces of machinery these days; there must be thousands of places where an unexpected defect in a part or a design engineering principle could crop up. Product testing can't simulate *every* possible real-life condition seen over the long haul of a car's lifecycle through all kinds of weather. Especially when a whole set of new concepts is introduced, such as a hybrid powertrain.

Even something novel like that can fall victim to mundane problems outside its immediate design scope. The early 2004 second-generation Priuses went through a recall for flakey brake-light switches. That could have had huge safety implications, as slowing down without any warning could easily trigger rear-end crashes, but there was no huge press dust-up about it. Toyota acknowledged the problem in a certain supplied brand of switches and went about getting them replaced in customers' cars as methodically as possible. Then there was the "stalling" problem caused by a fairly simple event timeout in a controller set a little too short; also an easy fix in software. We heard a little about the replacement stronger steering shaft, but that all blew over within a couple of months. Inverter castings leaked coolant, pump motors shrieked in cold weather, and dash rattles became a popular forum topic. Perhaps Toyota saved some face in the industry by dealing with most of this in a timely fashion, but perhaps the rest of the industry wasn't yet hanging on their every move as the Prius had not really come into its own yet.

Meanwhile, through the last decade the Prius otherwise proved itself to be one of the most reliable, economical, and downright *useful* cars on the road, in spite of a few odd quirks that owners quickly got used to. Toyota's established skill in specifying high-quality, durable parts the majority of the time remained unquestioned, and consumers voted with their wallets. That undoubtedly didn't make the American automakers, already circling the drain and suffocating under burdensome mismanagement, a down economy, and their own litany of QC issues any happier. And thus the seed was planted for what could become a massive witch-hunt mostly for the sake of public spectacle. If anything it has been some of the most irresponsible, sensationalistic reporting we've seen from what's left of our press since 9/11. Just take a look at the vindictive glee all over the articles over at Detroit Free Press, for example. If as much time and effort and high-profile publicity went into training our own nation's drivers properly, only then would we truly be able to "move forward".


Problem 1:   Floor mats

We may never know what really happened to the off-duty CHP officer and family who crashed in a borrowed Lexus ES350 at high speed in California. The accepted most likely scenario is the accelerator pedal getting trapped by a bulky all-weather floor mat after being mashed to the floor by the driver. What we do know is that one of the car's occupants had time to make the 911 call [Backup copy here] that's gone viral all over the internet, from which it's apparent that all the driver is doing is trying to stomp on the brakes. This was a police officer -- a trained professional driver, supposedly experienced in high-duress emergency situations and more aware of vehicle dynamics and control than your average driver even in an unfamiliar car. And yet in the drawn-out timeframe leading up to the crash, the concepts of shifting to neutral, pulling the floor mat back, hooking a foot under the pedal to try pulling it up, etc never seemed to occur to anyone. Nor, evidently, had the idea of perhaps being a little less aggressive with an unfamiliar and powerful vehicle in the first place. Instead, the first thing someone thinks of is getting on the phone.

The NHTSA crash site report [Backup copy here] pretty clearly shows the accelerator pedal remains in the last picture, firmly fused to the rubber floor mat by the ensuing fireball. The report mentions the wrong floormats for the vehicle installed and not fastened down at the rear to prevent migration forward in the footwell. But it gets even more interesting after the fact, as it turns out that the specific car in question had a known prior history of its accelerator pedal becoming trapped.

 

Edmunds.com has a sensibly done video showing what can happen with pedals and errant floormats, which also brings up the puzzling issue of why the brakes on the runaway Lexus couldn't overpower the engine and at least keep speeds in check long enough for the driver to figure out what the real problem was and try other obvious strategies to stop the car. [That was before anyone knew that its brakes had already been badly thrashed by a previous user and then never serviced.] Heck, even my own '04 Prius manual, printed long before any of this flap began, has a succinct picture [reproduced here] of what can go wrong with an unsecured mat.

While it's unfortunate that people died here, it's not the first occurrence of such a situation by any means and the drive-by-wire electronic throttle is not necessarily any more at fault than a mechanical linkage would be. Similar problems have been commonly caused in non-electronic setups by issues like gummed-up throttle assemblies, corroded cables, faulty cruise-control add-ons or broken return springs, and not universally resulting in injuries or death. The general conclusion must be that the chain of electronics from pedal to eventual throttle control motor was commanded to do exactly what the driver, and then the floormat, told it to.


Problem 2:   Sticky go-pedals

But interestingly, parts that become gummed up or worn and get sticky with age can affect electronic setups as well, and are at the heart of the second problem that turned up. Just as people began to properly hook back or even simply remove their floor mats and breathe a little easier, it turned out that certain electronic pedals could stick in a depressed position all by themselves due to excessive friction at the pivot. Oops! The issue was tracked to a particular design sold by one of Toyota's alternate sources for accelerator pedals, CTS, a US company [surprise!] out of Elkhart IN. In 2005, Toyota and other manufacturers began buying pedal assemblies from CTS for some new drive-by-wire cars built in the US. The irony here: they outsourced, and it bit them in the bum! The Prius itself remained immune to this issue as it was still exclusively built in Japan and had differently-designed pedals from Denso installed, but other Toyota models were affected. So were several models from Ford and GM and other manufacturers who bought from CTS -- a problem that *crossed* company lines, thus nobody could point fingers at any one automaker. But since Toyota's name was already popping onto the radar from the floormat foofaraw, the press jackals jumped in and attacked it as primarily another Toyota problem.

Traditional throttle pedal and cable assemblies have a certain amount of inherent linkage friction through the cable sheath, which actually helps stabilize the throttle position when the car and driver are being bounced around over bumps. In electronic pedal designs there's no cable so some effort is made to simulate one, rather than having an absolutely free-swinging arm with a spring attached that would potentially give too "bouncy" a feel to the driver. While a pedal *should* snap right back up as a foot is removed from it, that tiny bit of frictional hysteresis is evidently important enough that pedal designers go out of their way to include it, often by means of a small purpose-built friction brake. It is here that the CTS design has its problem. Over time and changing environmental conditions, particularly high humidity, the little friction element in the CTS pedal can begin applying too *much* friction to the pivot, causing slow return or in extreme cases, failure to return at all. Something like this would NOT have been easy to observe in early product testing, it took a year or more to develop in the wild and has a somewhat tenuous link back to engineering choice of plastics and other materials.

But why am *I* sitting here trying to explain it, when Paul Niedermeyer over at the "Truth About Cars" site has done an astoundingly good teardown and analysis of both the CTS and Denso pedals. Hat tip also to Greg Locock, who I think has some ties with Ford, for forwarding that link to the Prius_Technical_Stuff Yahoogroup. Not only does it present a level of analytical detail that I could only aspire to, many of the comments after each section are from intelligent people and actually worth reading for perspective and pointers to even more information. Toyota's "shim fix" does seem like a bit of a band-aid and may remove most of that intended friction-hysteresis feel from the pedals anyway, and many are dubious about its long-term viability. Really, there must be better methods for creating consistent friction in such a moving mechanism if it's needed at all. My own Denso pedal doesn't seem to have a whole lot of hysteresis anyway, and even with my usual desire to keep my foot locked at operational sweet-spots, that never bothered me.

What I can't understand is how drivers can be so unaware as to not *feel* that their go-pedals are becoming progressively stiffer to operate well in advance of any stick-down problem. [Here's one good argument in favor of driving barefoot -- more sensitivity to return-spring effectiveness, but trust me, if a pedal wasn't springing up as briskly as it should I would notice that sort of thing wearing shoes too.] As I described the friction issue to a couple of other people they brightened up and said "yeah, I remember having to pull the pedal up or fiddle with it in an old car I used to drive..." where they *knew* they had stiff throttle parts and simply made up for it until they could get them fixed/lubed/whatever. Toyota never even mentions pedal-pulling in their recall FAQ as something to try, either. Today's undereducated, mollycoddled drivers can't seem to handle such a simple situation anymore. You can see that just in the tone of some of the posts surrounding mine in a long Priuschat thread on the Toyota and other manufacturer recalls and problems -- people just *refuse* to think things through for themselves far too often.


A brief technical aside on Sudden Unintended Acceleration   (SUA)

There are still those who dismiss both the floormat and the pedal-friction theories and insist that the SUA incidents are caused by an "electronic glitch" in the computers handling drive-by-wire functionality. Well, let's look at some of the safety features of those designs. First, accelerator pedals generally have TWO voltage-level outputs that must remain within a tight tolerance of each other -- one is a check for the other. They must also stay within certain limits well away from their power supply voltage levels, so that an open wire or a short to either ground or the positive supply causes the ECU to register an instant error condition. In the Toyota pedals, the two sensors each have independent 5V-power and ground leads straight from the ECU, totalling six wires between pedal and computer. Basically, if anything electronic goes wrong with the pedal it is detected immediately, making that interface an unlikely source of unintentional acceleration command when the pedal is not pressed. Flakey harness connectors and micro-cracks in solder joints would be covered by this as well, as the ECU input circuitry is wired so that an open connection to it drops the voltage toward ground and thus a no-driver-demand safe condition.

Next, the ECU or some other module downstream of it eventually controls a servomotor that opens the actual throttle out at the engine's intake, meanwhile monitoring how far open it is with another position sensor. The throttle position sensor also has two cross-checked outputs for similar safety reasons. If those leads disagree with each other or wander out of range, same thing -- error condition, and here's what Toyota's own Prius repair manual has to say about the electronic throttle's operational safety:

	The ECM uses the throttle position sensor to monitor the throttle
	valve opening angle.  This sensor has two signals, VTA1 and VTA2.
	VTA1 is used to detect the throttle opening angle and VTA2 is used to
	detect malfunction in VTA1. There are several checks that the ECM
	confirms proper operation of the throttle position sensor and VTA1.

	There is a specific voltage difference between VTA1 and VTA2 for each
	throttle opening angle.  If VTA1 or VTA2 is out of the normal
	operating range, the ECM interprets this as a fault and will set a DTC.

	If VTA1 is within 0.02 V of VTA2, the ECM interprets this as a short
	circuit in the throttle position sensor system and will set a DTC.

	If the voltage output difference of the VTA1 and VTA2 deviates from
	the normal operating range, the ECM interprets this as malfunction of
	the throttle position sensor. The ECM will turn on the MIL and a DTC
	is set.

	FAIL SAFE

	If the Electronic Throttle Control System (ETCS) has malfunction,
	the ECM cuts off current to the throttle control motor. The throttle
	control valve returns to a predetermined opening angle (approximately
	16 deg) by the force of the return spring. The ECM then adjusts the
	engine output by controlling the fuel injection (intermittent
	fuel-cut) and ignition timing in accordance with the accelerator
	pedal opening angle to enable the vehicle to continue to drive.
The car won't drive very *well* in the error condition, but at least the system provides a limp state allowing a little motive power to get to a safe stopping place. Now, one could argue that only twenty millivolts of margin between the two signals is close to a dead short circuit and could be made a little more rigorous to also detect partial interconnection, but really, in the absence of deliberately injected faults, it still provides a high safety factor all the way from pedal to throttle and is less prone to getting gunked up like a traditional steel cable. I would also expect that if a commanded throttle position isn't reached within a reasonable *time*, that's another source of error and throttle motor cutoff. But that starts getting into the realm of ECU software, and while a discussion on firmware written under strict life-safety requirements and best-practice engineering could go here that's a whole 'nother long topic by itself. Overall, such levels of redundancy-checking would never be attained in any mechanical linkage so we've already raised the bar in several ways by going electronic. The exact safety thresholds likely vary from model to model and year to year as development teams refine the designs. For example, some testing shows that the Prius hybrid ECU specifically is very paranoid about its two pedal inputs, only allowing a delta of 0.4 volts between them before throwing the "red triangle of doom" error. That's already "Gilbert-proof" right there.

It is important to note that Toyota *has* had a couple of issues with electronic pedals. The early first-generation Priuses often suffered from what came to be called "big hand syndrome" -- a dropoff in output power, feeling like a big invisible hand was holding the car back somehow. This was easily tracked to dirty potentiometers in the go-pedal assemblies, and a couple of owners even started a sideline opening up the housings and cleaning out the resistance tracks to restore reliable operation in favor of buying a new pedal. As the opposite problem to SUA and in a relatively miniscule volume of cars, it got almost no press. Toyota changed to a more reliable, non-contact magnetic sensor type for the 2004 model year, with the same principle of sending two offset voltage inputs to the ECU. These new pedal types, be they from Denso or CTS or whatever, also began appearing in Toyota's other ETCS-equipped offerings.

However, there's one safety check that still isn't done in many of the Toyota cars that is arguably advisable: a throttle-opening cutoff when the brakes are applied any appreciable amount. This is called "brake override", and will likely become required functionality for any new DBW system designs. Another advantage of electronic throttle commands is that control software can choose to *ignore* them when deemed necessary. Besides increasing safety in a broad range of runaway cases and possible causes, it might help train those "both feet" drivers out of bad habits. This is already implemented in the Prius, whose control computers bring the "driver demand" figure down to nothing upon reasonable brake application. For other vehicles, Toyota may have mildly screwed the pooch here by assuming [and vehemently defending] that all the other throttle-by-wire checks are enough. If universal brake override had also been a part of Toyota's standard approach all along, it would render stories like Liz James' whitewater adventure, Kevin Haggerty's lightbulb, and the victim lineup over at Safety Research far less believable. But it's not a change that can just be casually made -- vehicle speed needs to be taken into account for such systems, as there are diagnostic reasons to allow both brake and throttle to be applied in a car at a standstill. Performance drivers also argue that they need both fully functional at all times for best high-speed, high-load traction dynamics. Override or not, none of the reports listed above seem to have ever had any satisfactory conclusion with a solid technical explanation for what happened, and that's a big missing piece through all of it. In most reports the drivers involved never even think of shifting to neutral, and of course *all* such incidents are confined to vehicles with automatic transmissions where drivers would not have an immediate reflex to stab down the clutch pedal.

Some still cling to the theory of external electromagnetic interference to explain SUA, which if it's not targeted gamma-rays from the planet Mongo it might be from some radio source like a cell phone inside the car. Even that seems fairly specious, as sensitive ECU electronics and their inputs are always well-shielded in any design and modern cell phones emit very little power to stay in touch with towers. I thought about this during my own purchase process, in fact, and went at the underside of a Prius dash with a handy-talkie to test for exactly that sort of problem -- details here, and lookie, I even used the term "sudden acceleration" back then before ever thinking it would become such a hot buzzword. If the RF field strength coming off the nest of transmitters up on Lookout Mountain that made my homebuilt instruments wig out the only time I've ever observed wasn't enough to cause the many late-model cars passing by to do something weird, then I doubt any dinky cellphone would have a chance.

But I could almost wish that it did, since that would be enough to universally mandate turning the damn things fully OFF when driving. Ut-oh, I think I might have just touched upon one of the real underlying problems...


Problem 3:   Prius braking

This is the latest chapter in the saga, coming so hot on the heels of the other coverage that the word "acceleration" on everyone's lips has been commonly misapplied when talking about it. It is peculiar to the Prius and other hybrids from Toyota/Lexus as well as some other manufacturers, in the transition from regenerative braking to regular hydraulic braking. The two systems used to slow the car are really quite different but must nonetheless integrate with each other very tightly, and Toyota's implementation [and by implication, any similar system from other makers] has been a little quirky since the earliest days of the Prius.

In a nutshell, braking over a bumpy stretch of road can "kick out" the regeneration capability and pass control almost fully to the traditional service brakes, and it's that transition that often causes a slight change in the braking force applied to the car. When it decreases a little, it is perceived by drivers as a bit of a "lurch" or "surge" toward the object they're trying to avoid hitting. It is NOT acceleration, as mis-termed by many who complain about it, and while a little unsettling it is also not a complete loss of braking power. All that is required is for the driver to apply the brake pedal a little farther to maintain the same stopping ability. Experienced Prius pilots make the compensation without even thinking about it anymore, since they tend to plan and execute their decelerations with more care than most drivers.

Without getting too technical about it at first, I attempted to clarify the situation to some of the newer 2010-model owners in a Priuschat thread and offer some hints on what they could do about it to both handle it in stride and also salvage a little of the regenerative energy capture that would otherwise be lost:

   
I really hate to start yet another thread about Prius brakes, but I need to
call specific attention to a few clarifying points.  The babble has risen to
unmanageable levels and there are far too many other threads to keep track of,
but I see a common trend across pretty much all the ones on braking [here and
on other forums].

Integrated regenerative and hydraulic braking systems are unique, and still
a young science.  To Toyota's credit they've done a really nice integration
job with the Prius in general, with almost seamless balancing of the braking
force provided by the separate parts of the system.  It requires tight
computer communication, and does its job in very short timeframes under wildly
varying conditions and high mechanical stresses.  There are certain unavoidable
limits on batteries and inverters that restrict regenerative braking to a
certain "operating envelope", which the car will not let the driver exceed.
Such systems are bound to have a few quirks in their early stages, and trust
me, even the 2010 Prius is an "early stage" for a lot of this science.
It's not perfect and may never be.  Maybe the 2010 system is more squirrely
than the second-gen or maybe it isn't -- I don't know, all I know is that
it's fairly different but the principles of operation AND LIMITING FACTORS
are exactly the same.

Fact is, the braking "sag" over bumps is a quirk that has existed from the
2004 Prius right on down.  The "old guard" owners know all about it and know
how to respond and in some cases even prevent it from happening with
sufficiently skillful driving.  I see that virtually all of the recent
complaints and new threads on the topic have come from NEW OWNERS, who have
not researched what has, uh, gone before.

Therefore I would urge all new owners to go read my detailed discussion
on the braking system -- you can skip the techie stuff but the operational
observations are near the end, and have been well-documented even before that
article was written in *2005*.  Learn your vehicle and how to control it.  It
is generically unsafe in any car to try and do all your braking right at the
end of a stop, and much more efficient in a regenerative system to spread it
long and slow over as much distance as you can predict and make available.
The shift between regenerative and hydraulic is not "acceleration" as so many
confused posters have called it, it is simply a momentary diminishment of
overall braking force *per given pedal demand* as the system compensates for
some limits being exceeded.  One is battery current; another is low speed
under which regen isn't practical anymore.

New owners have also probably not gone off and read all about the
"B" shift setting, either, still believing some dreck from their dealers
about how it's for "charging your battery".  Well, that is partially right in
that "B" does tend to increase regen current a little, but also throws away
a lot more energy elsewhere.  However, it also offers a way to partially make
up for regen loss.  If you get the "sag" over a bump and have already
compensated for it with your foot but want some of your regen back on that
stop, whack the shifter down into "B".  You will then feel that you need
*less* pedal force to decelerate at the same rate, as the car sort of falls
on its face.  You may hear the engine spin a bit, you'll see your HSI slam
toward the left, and after the car gets down to around 5 MPH you can just go
back into D since you're on full hydraulics at that point anyway.  [Don't
leave it in B or your engine might keep idling if was on.]

That's it.  Your best means of compensating for regen loss is to first expect
it, and then try to get a little bit of it back with "B" if you have time.
Whether or not you GIVE yourself that leisure time to decide and act is up to
you, and that's where I'd put my energy rather than whining about the NHTSA.
This has been a solved problem for six years.

It was not really an issue on the first-gen Prius because that system always
brings in about half hydraulics anyway giving much less ground to cover in a
"transition".  One of the nicest aspects of the PII and the PIII is that it
tries its best to stay *completely* off the energy-squandering hydraulics
until you need them.  The rest is up to the loose nut behind the wheel.
Well, okay, perhaps that comes off a little harsh. But really, it's only common sense to "preflight" a strange conveyance before trying to place it in normal operation -- I certainly did this during my own shopping experience, before feeling anywhere near confident to try it out on the road. The significant trend I notice was that most of the complaints have been coming from forum users with the fewest total posts, e.g. new owners be it of a 2010 or a used earlier year. Another high-volume thread on Priuschat shows this better, with the newbies hollering "brake failure" and the more experienced owners trying to smooth feathers and reassure them that it's normal hybrid system behavior. The user join dates speak volumes. In other words, the Prius has become a victim of its own success, as more of the great unwashed jumped onto the Prius bandwagon and also discovered places on the internet where they could complain about the car because it was different.

Shortly afterward, however, Toyota publicly admitted that there was an inherent problem in how ABS was being handled in the 2010 Prius and it needed a bit of a tweak, and had designed a firmware "reflash" to one or more control computers to try and rectify it. Additional evidence for a misprogrammed threshold or two may be in another, less-ballyhooed but frequent complaint of brake grabbiness when backing up out of parking spots and may very well be related. The change was already being applied to new production, and a high-priority service campaign began to modify the behavior of existing cars and help restore owner confidence in them. The founder of Priuschat himself even issued a news bulletin on it, reassuring people once again that even pre-reflash it is not a braking *failure* and that some additional pressure on the pedal would bring the car to a safe stop.

Soon I also began to see certain misunderstandings in the supposedly cream-of-the-crop technical Yahoo-group, and with the idea that a> some newer owners may have joined up there recently and b> some of the old farts had started to forget some basics, I got inspired one morning and posted a fairly in-depth technical discussion on why getting that regen-to-physical transition exactly seamless is an almost intractable challenge:

   
Regenerative braking torque is not completely removed in a "bump event",
just greatly reduced, down to about 10 - 15 A in a second-gen.  It's about
the same as the baseline amount you get from no-feet coasting.  You can
still get a little more regen immediately afterward by slapping the shifter
down into "B" as I pointed out on Priuschat, but it's gotten so noisy over
there I doubt anyone who matters is seeing any of the explanations I posted.

Simply trying to exceed 100A on a normal high-speed braking event does NOT
remove regen.  The system gives you close to that 100A *and* brings enough
hydraulic brake in *on top of that* to add up to the braking force requested,
and as you slow down and the instantaneous braking power needed diminishes,
the hydraulic tends to drop back *out* and leave you with pure regen if
you've still got battery capacity to take it.  I see this all the time
on my current meter and pressure-monitors, and y'all with Scangauges can
take pretty good guesses just from watching battery current.

That assumes a braking event with no short-time anomalies included.
What causes the "cutout" or "sag" or whatever we name it is a TRANSIENT
that exceeds certain limits, and triggers protective action.  Here's
my best THEORY as to what's going on with the sag:

Under reasonably high-current regen, a bump or brief skid or wheel hop causes
a rapid change in MG2 speed and thus electrical phase, and an effectively
uncontrollable spike of battery current.  It may be a spike over 100A of
charge current, or it may simply be an excursion outside some percentage of
what the expected running value was -- either way, it's something the ECU
and inverter cannot directly handle.  Regen current corrections based on
brake pedal demand, speed, etc have a certain temporal damping factor,
primarily to avoid wild oscillations, and let's remember that the ECU is
also frantically doing a bunch of Park and Clarke transforms just to figure
out baseline switching phase at the same time.

Out-of-range events that happen too quickly to be damped or compensated for
aren't necessarily immediate show-stoppers because the net energy under one
or two such curves isn't enough by itself to immediately fry wires or battery
plates or transistor dies, but they will cause the system to drop into a
safety mode -- greatly reducing the available regen-current capability and
handing off much more of the work to the hydraulic system that is designed
to handle [but unfortunately waste] all of it.  And again, the hybrid ECU
doesn't completely *remove* regen but reduces the working level to something
that allows a generous overhead to safely absorb *more* transient events.
That is entirely reasonable to do, as one nasty bump or slip during braking
may be the first of many while that braking event proceeds down a rough road,
and it's safest to just go into hold-down mode until the dust clears.  We're
still uncertain if that's based on time or on some combination of other
control events.  I've been unable to "reset" the state in my '04 even with
enough space ahead to get off the brakes and poke the go-pedal once, so there
is almost certainly a time or distance component in play regardless.

I frankly think it's amazing that Toyota thought of this, although it seems
more likely that it was learned during bitter experience [i.e. toasted battery
fuses and inverters during mule testing], and some of this is hinted at in
"prius that shook the world".  There may have also been prior-art knowledge
from earlier EV efforts, but frankly I don't think the industry has seen
quite the level of braking system integration we have in the Prius in
anything prior.  And as I pointed out on Priuschat, the science is still in
its early childhood even here in 2010.

Vehicles like the Tesla have much higher current capability in all of their
components, so the amount of available regenerative stopping energy is much
higher.  I'll bet a brisk stop from high speed in a Tesla isn't going to be
100% regen, though, and I doubt that its regen goes all the way down to
zero.  We know a couple of Tesla owners, don't we?  We could ask.

Now, about transition: the exact amount of regen current or the exact amount
of hydraulic pressure required to produce exactly the SAME braking force on
the whole car is almost impossible to get right under varying conditions of
temperature, humidity, dirt, etc -- so for a given pedal displacement the
results felt by the driver's butt-dyno are VERY likely to be slightly
different -- still close, and I'd like to say close enough for continued
safety but evidently the jury is still out on the third-gen Prius -- and if
you want to feel what this difference is on any given day, get into a regen
braking situation with nothing in front of you and just flip to Neutral to
force the car onto all hydraulics.  Was it a 100% seamless transition?  No,
you definitely had to adjust your foot.  Was it a seamless transition in an
Escape hybrid, a Ford Fusion, an Altima, a Camry, or any other HSD-type hybrid
system with integrated regenerative/hydraulic systems?  Likely not.  The
difference is going to invariably stem from a few numbers held in software
tables that were determined by best-guess real world testing, because all the
math in the world isn't going to let you exactly match perceived braking
force created by such disparate mechanisms -- motor countertorque along the
driveline and only at the two front wheels, vs. balanced hydraulic pressure
sent to differently-worn brake parts at FOUR wheels.  There is NO feedback
to tell the control systems what's actually happening with the overall car.
Add in uncontrollable and un-sensed weather factors, turns, bumps, pad wear,
rotor rust, etc and even your best observed numbers will be a little off.

Those numbers are probably what's getting reflashed in the 2010, and we'll
note that the braking system layout changed quite a bit between the
second-gen and third-gen cars so here we have another new Toyota experiment
in the hands of the motoring public.

The low-speed transition, again my best THEORY on it, is simply because
there isn't enough energy coming off a motor turning too slowly to usefully
soak up the last few MPH of the car's momentum.  Voltage, even boosted,
wouldn't be enough to get above the battery rails and send in charge anymore,
so it's not worth doing.  It still amazes me that they get it down as slow as
they do -- 8 or 9 MPH is *not* a lot of motor RPM, and yet that's somehow
cranking out north of 240 V at usable current??  Well, we know how they go
about it and guess what, it's NOT the boost converter because in the Prius
HV circuit config there's no way to use the boost converter in that direction
when the motor rails are less than the battery voltage.  Battery --> 500V,
yes, but with the boost driver pair on the motor side of the inductor like
it is all the circuit can do in the other direction is regulate, not boost.
A while ago I substantiated my long-standing suspicion that it's perfectly
reasonable to use the motors themselves as a boost inductor, which I'll also
point out is the ONLY option in the NHW11 with no converter at all and an
even higher battery voltage to push charge "uphill" toward:

   http://techno-fandom.org/~hobbit/cars/boost-hack/

At some point the amount of power you get back from this game doesn't make
up for the energy put in as Florian points out, so it's easiest to handle
the rest down to zero with the hydraulics.  And gives the driver a more
traditional, expected feel of stopping with brakes -- including that stupid
lurch as the suspension unloads, which I always try to avoid.

I also routinely urge people to control their braking events as best as
possible and keep a steady but limited current going into the battery if
they want the best regenerative capture -- and in the third-gen Prius,
the HSI gives them the capability to monitor that as I point out in my
"Tao of HSI" rundown.  It's much trickier at higher speeds because
of the braking power required, making it even more important to plan ahead.
The central point here is that there is no way to predict the exact coefficient of friction between brake rotors and pads/shoes, as it can change substantially with ambient conditions. That will stay true until cars are fitted with braking-force strain gauges at all four corners or some other ECU-readable feedback path, and even then it's iffy. A common complaint about the second-generation cars often was that the brakes worked *too* well, especially after sitting in wet weather and having surface rust turn the rotors into sandpaper. A system designed to transfer X amount of motor current to Y amount of hydraulic pressure has no choice but to take a best guess at it and hope to land in the middle of the possible extremes.

We have yet to see exactly what Toyota's "SSC-A0B" fix actually changes; the phrasing we've seen so far is "shortened brake force timing" from the marketing people and reports from owners that the "sag" is gone or greatly reduced. There's some concern that the revised code will bring the hydraulic system in sooner before it's really needed and cut down the regen efficiency, but Toyota insists that it won't. Well, it's not like a quick brake ECU reflash can magically make the hybrid battery accept more regen current, so something else has to give. Various testing will be needed, and it is hoped that this paragraph can later be replaced by the measurably substantiated facts.


Problem 2b, maybe:   Woz

This is a self-parodying travesty of a story, and I hesitate to even call it pilot error as the origin -- more like deliberate pilot malfeasance for the sake of getting Steve Wozniak's name splashed across the news. Before reading my take on it, I suggest consulting Reference 1 and Reference 2 as they are my primary sources of information on this. After finding out what was really going on I was dumbfounded that such a simple misunderstanding of a user-interface could have raised such a useless, distracting brouhaha, but followed up on the technical group as I know there are a lot of computer geeks on it as well:

   
Here's another astounding travesty that the press has glommed onto in
entirely the wrong way.

The "bop the cruise stick" speed change mechanism works over any speed
range that is valid for cruise to be in effect; you don't have to be
going 87 miles an hour to start.  I did a little testing; I'm poking
along at 52 and smack the stick upward seven or eight times and guess
what, the car roars its way up to 60 or so in one long blast of
acceleration.  Not unintentional acceleration by any means, because
there was this maniac behind the wheel insisting "go faster, go faster,
no, go even faster than that!" and continuing to deliberately update the
target number until the stimulus finally stopped.  And the same model
works exactly the same for speed *decrease* as well.

So here we have Woz spreading complete BS -- a *computer guy* who evidently
doesn't understand the simple concept of TYPEAHEAD and command buffering.

Go out and try it.  That's what I want to tell *every* driver who's
falling for this latest nonsense.  This is so a non-issue it's not funny.
Of course, one may argue that maybe a cruise control shouldn't buffer up any more than maybe five MPH worth of requested delta at a time or some other reasonable limiting, but note that simply holding the stick up also has the same effect and strangely enough, so does thumping one's right foot to the floor on top of that funny little black plastic thing that's been in the news so much recently. You can't fix stupid.

The theory has also been floated that Woz's Prius may have the "advanced technology" package with the "Dynamic Radar Cruise Control" that's supposed to automatically maintain following distance. Increasing the target speed setpoint when stuck behind another car would likely have no *visible* effect right away, but how about when that car ahead dives down an off-ramp? VROOOOOM, fully *intentional* acceleration that someone conveniently forgot about asking for three minutes ago. My take on that system is that if you think you need to use DRCC, you're following too close already as its "longest" setting claims to only give less than two seconds' worth of gap at highway speed. It needs to be at least three, and more in bad weather.

So, Steve ol' pal, why don't you see if you can convince the autopilot to accurately guide your Gulfstream into the side of a mountain, so you can go blame the aeronautical engineers that their "bug" let you? That would at least fix the real problem here, wouldn't it. Don't worry, you can always hit the brake.


Ride out the storm

Eventually all this madness will trickle away and be forgotten and everyone will have incrementally safer pedals and floormats and brake systems, but I'm just wondering how much time, money, and community goodwill is getting wasted in the process. Well, what of it, really -- when gas prices crest $3 and start rocketing upward again all the doubters and bashers will be pounding down the dealership doors saying "*please* sell me a Prius" just like they did during the last spike. It's not like any efforts are about to be made toward improving driver situational awareness or to teach techniques for saving fuel in general -- nooo, that would be un-American. So would be the only real way to truly idiot-proof the motor vehicle -- limit it to 12 MPH and encase it all around in BIG energy-absorbing bumpers.

Some of the more dismaying statements about our society come from seeing the real slimeballs crawl out of the woodwork trying to take advantage of the situation. They are generally identifiable by their miserable command of English as well as the scam-like content presented, such as this gem of a Google sponsored link from some ambulance-chaser that popped up on a search page just a few days ago ...

   
       Toyota Crash?  www.James Dunlap Law.com      May be brake or
       accelerator problem Talk to a Lawyer Now 1-404-354-2363
... or the numbnuts who tried to sign up on Prius_Technical_Stuff as "toyotabrakerecall" and spam the group pushing some useless blog site. Parasites like this need to hook up with Woz for a little puddle-jump out towards Tahoe while he stress-tests his avionics.

In the meantime, I'm happy to keep tooling around in my uncontrollable, juggernaut HYBRID MACHINE OF DEATH with its original floormats and underbuilt steering column and "stallout special" firmware all still firmly in place. It's already got enough warning stickers all over it. Maybe that will help keep other drivers the hell away from me, which is really all I want when I'm out on the road.


_H*   100221