The real question is, just how in-control is the computer. And how much has to go wrong such that uncontrollable acceleration happens and nothing can override that acceleration such that no matter what you do the computer makes the car go into "drive" and accelerate to the max, without responding to other parts of the system like the breaks and such.
The accelerator pedal would have to be immovable, frozen in place.
The ignition switch would have to lock or otherwise malfunction
The shift lever or clutch or automatic shift lever would have to malfunction
The brakes would have to overheat (does not really happen much in a production car). It is not 100% true that brakes will always overpower the engine, but the cases in which they don't are the ones with massive 700hp engines with big 'ol turbos and stock drum brakes, and in that situation it's the owner's responsibility.
There would also have to be no runaway truck exits.
If you were creative and knew something about cars, you could pull one of many fuses from the fuse box. On cars I've serviced, the computer fuse is always in the driver kick panel, so just rip off that panel and start yanking fuses while watching the road.
It should be noted that the e-brake on fwd cars is not your best choice (though still a decent choice); while a locked up wheel provides drag, it does not apply as much drag as a rolling wheel with maximum braking (which can easily be obtained cause of ABS). Also at extreme speeds you run the risk of a spin, which puts you possibly at risk for a roll.
> The accelerator pedal would have to be immovable, frozen in place.
In recent Toyota vehicles the pedal isn't connected to the throttle--it's drive by wire. In theory the computer could continue accelerating regardless of the gas pedal's position.
I've designed systems like this. You use redundant potentiometers to sense throttle position. If they don't match within 5%, you power down.
You also toggle bits in your code. One in the main loop, another in any interrupt service routine that you are dependent upon. These bits then go to a GPIO so that the GPIO toggles. If the ISR freezes or the main loop freezes, the GPIO quits toggling. You then have an hardware, RC-Diode type circuit, that stays high if it's input toggles, but goes low, if it's input goes low and stays low, or goes high and stays high. The output of this circuit drives a relay, so that if the CPU quits toggling the GPIO, the relay clicks off. The output of that relay is a dead-man's switch that powers down the vehicle. The end result is a hardware fail-safe if the CPU misbehaves. There are other tests to confirm that the relay isn't frozen, that the RC-Diode circuit isn't frozen, etc.
So, in theory, if a high-school sophomore designed the vehicle, you might have a problem. Otherwise, I think you don't give the engineers that design these systems enough credit.
... And yet there are out of control cars without the pedal being stuck.
"Well, I have many models of Prius that got recalled, but I have a new model that didn't get recalled. This new model has an accelerator that goes wild, but only under certain conditions of cruise control. And I can repeat it over and over and over again--safely."
"This is software. It's not a bad accelerator pedal. It's very scary, but luckily for me, I can hit the brakes," he said.
This is more believable to me, as the "set-point" for cruise control is not dependent upon throttle position, but instead, is remembered by the computer. There's nothing to check against to insure believability.
More suspect, in my opinion, is that in a cruise control, you have a feedback system, based on car speed. The car speed is almost certainly redundantly sensed, so that's no worries, but the feedback loop itself could potentially go oscillatory if there were other variables introduced that hadn't been designed for. Those variables could be pretty subtle. For example, maybe the gear motor that you use to mechanically control the engine gets sourced from another distributor, and they give you a better one, that has more torque. Perhaps that throws off the stability analysis that you had done. Tons of things could change somewhere between the 500K's car and 1M's car you produced, lots of different vendors and permutations could come into play that could throw off the stability of a cruise control, I would think.
EDIT: They're probably using feedback in the control motors as well (servos), so that's a non-realistic example, but it illustrates the problem.
To be fair, Woz's account seems to be limited to the case where someone uses the cruise control above 80 MPH, far from what the control loop was optimized for. I didn't see anything in what he wrote that could possibly have any bearing on the cases being examined.
Brain-dead cruise control behavior is nothing new. My '92 Porsche 968 would cheerfully redline the engine if you disengaged the clutch with cruise active.
Still, this doesn't account for the case where the CPU and the watchdog signal is working, but the algorithm isn't. Pure software malfunctions, have happened on commercial airliners, where there are quite stringent FAA requirements regarding how the software is developed and maintained. So it wouldn't be surprising if it happens in automotive systems, where you might not have the redundancy of multiple CPUs running concurrently.
I'm not sure if automotive systems are held to any certification standards. Maybe someone working in this field could answer that?
If you were creative and knew something about cars, you could pull one of many fuses from the fuse box. On cars I've serviced, the computer fuse is always in the driver kick panel, so just rip off that panel and start yanking fuses while watching the road.
Unfortunately, this is probably considerably more dangerous than driving while on your cellphone.
Being distracted while driving is less safe than simply driving--given that your car is in good working order. If you have a stuck accelerator, you're going to crash if you can't fix it. I'll take the distraction and possible loss of reaction time over the sudden and guaranteed death of flipping a curve at 120+, personally.
Please consider the entirely of your own scenario. Bending down awkwardly and taking your eyes off the road to get at fuses under the dash could well kill you if you are in an out of control speeding car.
Most of the other actions suggested can be taken while in standard driving posture. Those will be much safer than reaching for fuses under the dash.
It's not the first solution. It's just a last-ditch effort to try. In other words, it "could well kill you". I'd much rather take the "COULD" route than doing something that will darn sure kill me, i.e. speeding uncontrollably.
The real question is, just how in-control is the computer. And how much has to go wrong such that uncontrollable acceleration happens and nothing can override that acceleration such that no matter what you do the computer makes the car go into "drive" and accelerate to the max, without responding to other parts of the system like the breaks and such.