Practical Experience Report: Automotive Safety Practices vs. Accepted Principles

  • Philip KoopmanEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11093)


This paper documents the state of automotive computer-based system safety practices based on experiences with unintended acceleration litigation spanning multiple vehicle makers. There is a wide gulf between some observed automotive practices and established principles for safety critical system engineering. While some companies strive to do better, at least some car makers in the 2002–2010 era took a test-centric approach to safety that discounted non-reproducible and “unrealistic” faults, instead blaming driver error for mishaps. Regulators still follow policies from the pre-software safety assurance era. Eight general areas of contrast between accepted safety principles and observed automotive safety practices are identified. While the advent of ISO 26262 promises some progress, deployment of highly autonomous vehicles in a non-regulatory environment threatens to undermine safety engineering rigor.


Software safety Automotive Unintended acceleration 


  1. 1.
    MISRA: Development Guidelines for Vehicle Based Software, November 1994Google Scholar
  2. 2.
    Bookout v. Toyota Trial Transcript, 11 October 2013.
  3. 3.
    Charles Johnson et al. v. Ford Motor Company, US Dist. S. WV, Huntington, 3:13-CV-06529, 1 Feb 2018 PM. (Lawyer summaries of expert testimony and evidence)Google Scholar
  4. 4.
    Koopman, P.: A case study of toyota unintended acceleration and software safety. Carnegie Mellon University, 18 September 2014. Presentation slidesGoogle Scholar
  5. 5.
    Kennedy, J.: Toyota has reached deals in 496 cases in acceleration MDL. Law360, 15 November 2017.
  6. 6.
    Manganis, J.: Cop’s fatal-crash trial underway; defense appears to abandon long-touted ‘sudden acceleration’ theory. Salem News, 17 March 2008.
  7. 7.
    Toyota, 2005 Prius Repair Manual (RM1130U), pp. 05–951Google Scholar
  8. 8.
    Marosi, R., Olivarez-Giles, N.: Runaway prius driver: I was laying on the brakes but it wasn’t slowing down, 10 March 2010.
  9. 9.
    ISO: Road vehicles-Functional Safety-Management of functional safety, ISO 26262 (2011)Google Scholar
  10. 10.
    GSN Community Standard Version 1, November 2011Google Scholar
  11. 11.
    Bookout v. Toyota Trial Transcript, 22 October 2013.
  12. 12.
    EGAS Working Group, Standardized E-Gas Monitoring Concept for Gasoline and Diesel Engine Control Units, Version 5.5 (2013)Google Scholar
  13. 13.
    SAE: Potential Failure Mode and Effects Analysis in Design (Design FMEA), J1739_200901, 15 January 2009Google Scholar
  14. 14.
    GPO: Section 571.138, Standard No. 138; Tire pressure monitoring systems. 49 CFR Ch. V (10-1-11 Edition)Google Scholar
  15. 15.
    NHTSA: Denial of a petition for a defect investigation. Federal register vol. 80, no. 93, pp. 27835–27844, 14 May 2015Google Scholar
  16. 16.
    Lala, J., Harper, R.: Architectural principles for safety-critical real-time applications. Proc. IEEE 82(1), 25–40 (1994)CrossRefGoogle Scholar
  17. 17.
    Driscoll, K., Hall, B., Sivencrona, H., Zumsteg, P.: Byzantine fault tolerance, from theory to reality. In: Anderson, S., Felici, M., Littlewood, B. (eds.) SAFECOMP 2003. LNCS, vol. 2788, pp. 235–248. Springer, Heidelberg (2003). Scholar
  18. 18.
    Driscoll, K.: Real system failures (2012).
  19. 19.
    Hammett, R.: Design by extrapolation: an evaluation of fault-tolerant avionics. In: 20th Conference on Digital Avionics Systems. IEEE (2001)Google Scholar
  20. 20.
    Thomas, D., et al.: The ‘trouble not identified’ phenomenon in automotive electronics. Microelectron. Reliab. 42, 641–651 (2002)CrossRefGoogle Scholar
  21. 21.
    Gladwell, M.: The engineer’s lament: two ways of thinking about automotive safety. The New Yorker, 4 May 2015Google Scholar
  22. 22.
    Lococo, K., et al.: Pedal Application Errors, DOT HS 811 597, March 2012Google Scholar
  23. 23.
    Wierwille, W., et al.: Identification and evaluation of driver errors: overview and recommendations. Federal Highway Administration; McLean, VA, FHWARD-02-003 (2002)Google Scholar
  24. 24.
    Walter, R., et al.: Study of mechanical and driver-related systems of the Audi 5000 capable of producing uncontrolled sudden acceleration incidents, DOT-TSC-NHTSA-88-4, December 1988Google Scholar
  25. 25.
    US DoT: Federal Automated Vehicles Policy: Accelerating the next revolution in roadway safety, September 2016Google Scholar
  26. 26.
    US DoT: Automated Driving Systems 2.0: a vision for safety, September 2017Google Scholar
  27. 27.
    Koopman, P., Wagner, M.: Autonomous vehicle safety: an interdisciplinary challenge. IEEE Intell. Transp. Syst. Mag. 9, 90–96 (2017)CrossRefGoogle Scholar
  28. 28.
    Waymo: On the Road to Fully Self-Driving (2018).
  29. 29.
    GM: 2018 Self-Driving Safety Report.
  30. 30.
    Johnson, C., et al. v. Ford Motor Company, US Dist. S. WV, Huntington, 3:13-CV-06529, order granting sanctions, 27 December 2017Google Scholar
  31. 31.
    Koopman, P.: Letter to editor. IEEE Consum. Electron. Mag. 7(1), 6 (2018)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Carnegie Mellon UniversityPittsburghUSA

Personalised recommendations