I hardly know where to start, and the 2000 character comment limit doesn't allow anything approaching a complete answer.
I used to work for a manufacturer of flame safety controls. That was where I learned the precise definition of the term "fail-safe." Its job is simple: if the flame goes out, shut off the fuel valve within 4 seconds, so you don't get a furnace explosion and maybe level a city block.
Regulatory standards required rigorous proof that if any component failed, the system as a whole would either work correctly or fail in a safe manner. Similarly, we had to demonstrate that it would either operate correctly in the presence of a long list of external electrical interference effects, or fail safely. No excuses.
In some ways, we had it easy. For a burner, there _is_ such a thing as a safe shutdown. For the flight controls of an airliner, there isn't. That just has to work, no matter what fails, and no matter how it fails. You also want every failure to be detected and reported immediately, before something else fails.
Obviously, none of that kind of thinking goes into a $20,000 car.
Note also that no amount of control electronics can eliminate the physical mechanisms being controlled: throttle plates, wheel cylinders, and steering boxes. Instead, they actually require increased mechanical complexity to interface to the electronics: the actuators that move these parts rather than the driver's hands and feet. Note also that while operating the control surfaces of a multi-hundred-ton airliner without power assistance is beyond a pilot's strength, the physical mechanisms of a two-ton car are not. What's done in the largest commercial airliners isn't in any way a justification for adding unnecessary automation to a car. And that's why I don't want any added things that can break getting between my hands and feet and the machinery. I drive a 1983 pickup truck, with no power anything.
I my opinion I would split reliability Vs safety aspect of the car. Having more and more computers makes the ride smooth and easy, certainly with intention of added safety too.
However more the parts, less is the reliability. Toyota's recent incident is definitely an indicator that how complicated the system is how good of our test coverage on these complex systems are. Due to lack of possible testing of all corner case functionality of the system, we are pushing ourselves into safety risk zone. This also indicates that due to competition the car industry is taking too much risk while delivering the products.
The solution may not lie in reducing the processors but may be time to rethink on safety checks to make sure that we increase our coverage of the software and hardware test.
I think most of you will gladly accept a heart pacemaker to keep you alive and not wonder a single second about it not being mechanical.
You would also gladly accept the safety given by an airbag which has also the slight risk to engage when it is not supposed to.
So why should this be a problem with electric brakes or electric steering ?
And I think there is a lot of positive looking back in history. It is actually not true that mechanical brakes are/were that reliable or that mechanical steering is always reliable.
It was not. I did have the experience to step the pedal all the way to the floor without any use.
But I agree that an electric comfort feature should never stop the car from being usable. This is the reason I sold me 3-series BMW. It kept telling me that things like the electric window opener was defect. It did that with a annoying sound avery 30 seconds or so. The car could practically not be driven any more, although the window was closed and no one cared.
It is a forgone conclusion that we will have cars that drive themselves in the not too distant future at least on expressways. The reasons will be obvious:
- Much higher packing density
- Higher speeds with the same amount of cars
- Fewer accidents. Even when they occur, networking will ensure cars close will slow down though lower spacing may results in a certain number of cars involved.
Again, it is a forgone conclusion. We are not making any more space and we love our personal transports so we need to figure out how to get more with less.
We are engineers... that is what we do. Solve problems.
Is there too much automation? I could argue there is not enough. I could also argue there is too much poor engineering. A dashboard solder joing taking out you car being a prime example. That is not an example of too much computer control, that is just BAD engineering, plain and simple.
Computer control is scary. No matter how reliable, there should be a way to stop a car when the computer fails.
In the old days, traffic light controllers were mechanical and there was no way that all green could occur. Computers now control traffic lights. All green is possible and has happened. There is now a mandatory requirement for an independent safety circuit that prevents all green.
Cars need an independent safety circuit that can stop a car. Like most safety features, you hope that it is never needed, but it is a must have feature.
Designing an automatic safety circuit may be difficult. A manual kill switch may give drivers a chance to avoid a crash.
I too sometimes long for the simple days of cars with breaker points, vacuum advance and carburetors. There is something cathartic about spending a few hours with wrenches and grease and saving a few hundred dollars in repair charges. Until I remember just how much time I used to have to spend working on them. Yes, the repairs were much less expensive, but the downtime was much more frequent and the fear of being stranded someplace was always in the recesses of my mind.
And, it wasn't just the maintenance items. Accelerator cable return springs could snap. Brake lines could leak. Steering linkage could break loose. All of those problems could be just as devastating as a firmware-induced problem, but back then, those problems happened much more often.
Yes, engineers must do everything in their power to produce the best and safest electronics and code, but I don't want to trade the reliability and safety of a modern car for something from the bailing wire and duct tape era.
One of the reasons for introducing the current levels of computerization is the reduction of cost & weight. With increasing electrically-powered features, the wiring loom for the car increased dramatically. It becomes much cheaper for a small MCU to act as a local communications hub, multiplexing the connections to (for example, window motor, mirror motors, mirror heater, window switches, mirror switches, locks, etc.)
Of course, once the ECU is in place, it's easy to see how the temptation to "add value" through new features can creep in.
With the appearance of ISO 26262 (a derivative of IEC 61508), automotive software development will have to step up to high quality development processes.
I strongly agree with the content of this article. Computer control should be confined to only "assist" the driver in carrying out his/her "willing" action. Software-dependent decision-making and/or wired electro-mechanical actuators for critical parts (as throttle and brakes are) should be accurately kept away from safe cars.
What are the engineering and design challenges in creating successful IoT devices? These devices are usually small, resource-constrained electronics designed to sense, collect, send, and/or interpret data. Some of the devices need to be smart enough to act upon data in real time, 24/7. Are the design challenges the same as with embedded systems, but with a little developer- and IT-skills added in? What do engineers need to know? Rick Merritt talks with two experts about the tools and best options for designing IoT devices in 2016. Specifically the guests will discuss sensors, security, and lessons from IoT deployments.