"Unless the Throttle, brakes, steering, and engine control have mechanical linkages, there is no reliable possibility of human as intervention or backup control for failures. You either automate or stay manual."
It looks like the trend is definitely going away from manual control and toward some sort of automation. The accelerator pedal cannot directly control anything. It HAS to see the right foot as just one of the parameters that go into control decisions. There are advantages to making other controls such as steering and brakes to be mostly suggestions as to intent. That doesn't mean that there can't be some looser driver control in the event of a degraded system. Certainly, as has been suggested, tapping the brake pedal should kill a runaway throttle.
I believe the Toyota problem is one of inadequate design and testing. I'm sure we will ultimately learn much from this. There are problems with technology but auto safety looks pretty good. There are a lot more factors than electronic control. If you go back 50 years to when there was only automated shifting you will realize that modern cars are much safer. Absolute perfection of control would nowhere near compensate for the poor state of tires, brakes, suspension, and body structure that we faced then. And... the best tires, brakes and suspension are made even more effective with the application of some sensors, processing power and various actuator mechanisms. There's no turning back.
I pretty much agree with your last paragraph but this must be seen as being able to operate in a heterogeneous environment, not just with vehicles that are pretty much at the command of the infrastructure.
The 800 page report, in redacted form, was filed in U.S . District Court in Santa Ana, CA in St. John v Toyota on April 12, 2013. I don't have it; I am contacting the court if this is available. Meanwhile, unredacted is only in the code room and in a few lawyers' hands, according to those involved in the investigation.
This may be ok in an automated or warehouse situation. In general, humans are not in the machines being stopped by hitting the E-STOP switch or you have people stand clear before you do it (like when administering a shock from a difibrillator).
However, in a car, that is highly dangerous. Take a drive by wire car. What happens were you do hit an E-Stop button that disengages everything? Physics isn't bound by the E-STOP. That car will continue traveling in the direction it is moving (likely now skidding or sliding and if you're lucky that road compliance doesn't cause the steering to move around) with no way for the driver to control it's motion. You can't steer out of trouble, you can modulate the brake, if the doors are locked or windows closed, can you then open them?
Without manual controls that can control some of these things or ejector seats that activate when you hit the E-STOP, doing so in a car is very likely more dangerous than having the car attempt to recover (or continue to malfunction in a particular way).
"Even where the infrastructure mostly commands, or directs the vehicle, there will still be a need for someone, or something, to drive the car in case there is a communication failure."
This goes to the very root of Toyota's current problems. It is very difficult to ensure that the firmware running the car is totally safe, and in a drive by wire system a breakdown in communications within the system may render it undrivable by a human. The computer(s) is in control, you may have no direct human control ability at all.
Unless the Throttle, brakes, steering, and engine control have mechanical linkages, there is no reliable possibility of human as intervention or backup control for failures. You either automate or stay manual.
In the case of failure in the V2I, an automated vehicle would slow down and stop using local sensors. The infrastructure knows it just lost communications with a client (hearbeat) and can move surrounding traffic out of the way (slow down and move aside).
JCreasey, this whole thing is complicated in that the cost of vehicle controls, infrastructure and public acceptance are all huge issues. It won't all happen at once. There will be a mix of vehicles with various capabilities and drivers with varying responsibilities, skills and alertness. However, I am confident that the more automation here, the safer the roads will be.
Even where the infrastructure mostly commands, or directs the vehicle, there will still be a need for someone, or something, to drive the car in case there is a communication failure.
Rich Pell, I agree fully with your assesment! The likelyhood of a car vs driver mistake is widely different. On both ends of the spectrum: very old and very young drivers can make mistakes. I would like to see more cars with the collision avoidance electronics as a means of preventing some crashes. I know that these cost money but I wonder if insurance company discounts would help offset the additional cost for these features?
Les Slater, I am not sure how an autonomous driven car makes the problem less difficult. Given all the variables with roads (conditions, car state of operation, other vehicles, etc.) there is just so many complications to account for that I would be very surprised if they covered all the bases. Given the huge task and the possible failures of systems/subsystems what is the fallback for the "passengers"? How/when would they be able or know to take over? It sort of bogles the mind - all the possibilities. I have driven robots both with drive assist and with full manual - drive assist really helps but if there is a sensor fault it does not take long to get into trouble even at 15 ft/sec, I can't imagine what would happen at highway speeds. I am sure that the technical challenges can be solved but would really want to see a lot more testing, standards, and safety features before I would "get behind the wheel" of an autonomous car.
But to the Toyota case I was troubled by the lack of driver control over the electronics given the systems set up as they were. I would not want any system to override a desire to stop. There should have been a means to prevent runaway situations if nothing else but to stop motion if there is a difference between gas and brake.. just a thought.. Intent is hard to know for sure I agree, but if the black box was able to robustly determine if the gas was pressed and/or the brake then maybe intent would have been easier to determine.
Back@ MeasurementBlues, I can only imagine the lawsuits, the costs, the huge money (for the lawyers!) given the fact that it will be companies being targeted for the fault. What about the car service people? If they did not "properly" check out the operation of the vehicles electronics at the last service then they could be liable as well. Just think what that would cost everyone if all the service folks needed insurance to protect themselves from lawsuits and the added cost of new tests/equipement..
"I wonder how many drivers have been wrongly accused of being the cause when the Blackbox data is used and treated like it is an impartial data collection means???"
This is why having some idea of the probability of such errors is so important. Here it seems that the jury concluded that not only did a throttle fail-safe error occur but that also the car's EDR failed to record events properly. What is the likelihood of this scenario compared to that of a human error-caused unintended acceleration - an event that is known to be not uncommon, especially among older drivers?
NASA's Orion Flight Software Production Systems Manager Darrel G. Raines joins Planet Analog Editor Steve Taranovich and Embedded.com Editor Max Maxfield to talk about embedded flight software used in Orion Spacecraft, part of NASA's Mars mission. Live radio show and live chat. Get your questions ready.
Brought to you by