Originally Posted By: JimPghPA
Software, or hardware could still have a design problem. Now days with the removal of lead solder, the newer lead free solder joints are prone to growing whiskers that connect to adjacent traces. This can happen at very small connections and cause intermittent or continuous failures. This problem has already disabled multi-million dollar satellites. What is to prevent it from causing failures in automotive electronics.
The demand that all vehicles have a brake override is not enough. If the break override in done electronically a hardware, and possibly a software problem could still cause a run-away.
What is required is a mechanical throttle plate in series with the intake air flow of the engine that is connected to the brake through mechanical means, or if electrical all parts of its circuitry must be independent of the engine control, and a watch dog subroutine on the engine should monitor this function for failure, and do a safe shut-down if it fails.
What is required is a hard wired power off circuit with a big red button in the dashboard to trip the vehicle, rather than relying on telling a computer to do your wishes.
Personally, I feel that the specifics of this case are impossible.
Vehicle has a standard hydraulic braking system, that can stop the car. When you panic stop, you drive the pedal past the regeneative section of it's travel, and on to a good old hydraulic four wheel disk arrangement.
To get runaway like this, you need multiple systems failures.
Stuck/faulty pedal (say 1:1000 chance for argument's sake, but due to the number of miles on Prius', it's obviously way lower than that)
Motor Generator 1 controller faulty (say 1:1000 again).
Motor Generator 2 controller faulty (say 1:1000 again).
Brake over-ride faulty (say 1:1000).
Chances of all 4 failing in the same car at the same time 1:1000x1000x1000x1000...1 in a trillion.
And all failing into the same state ?
Plus the brakes failing over the top of that, and the fact that after reasonably heavy full throttle acceleration up a steep hill for 2 mins or so, there is no battery assist, and the thing can't get out of it's own way, let alone 140km/hr.
If the car genuinely had the set of failures that would lead to this event, this guy needs to buy a lottery ticket.