Manual transmission on a steep hill. You need to transition from a stop to moving. Speed from brake to accel is too slow to keep from stalling. What do you do? Hit the brake and accelerator and the same time then transition from brake to accelerator. Why not use the parking brake? Some cars have foot actuated parking brakes and you already have a problem of not having enough feet. . .
Perhaps I've watched too many TV legal dramas. When expert witnesses start heaping up evidence on the plaintiff's side, sometimes it seems overdone.
In this case, the fact that a zillion potential issues with the throttle algorithm were uncovered, even though none of them was actually determined to be the cause, nor was their probability of occurence mentioned, and further that it was shown that the black box may also be lying at the same time, seems a bit like "stacking the deck."
I suppose the intent was to absolve the driver from any possible responsibility, because she evidently hadn't applied the brakes? Like I said, probably too many TV dramas.
Aside from that, it certainly makes sense to have the brake pedal take precedence over any throttle control signal. I can't imagine a proper autonomous vehicle NOT implementing that same logic. Any braking command automatically overrides any acceleration command. Simply because, in the majority of major system failure scenarios, cars are better off stopped (hopefully on the side of the road). It's the most resonable fail safe mode.
"Unless the Throttle, brakes, steering, and engine control have mechanical linkages, there is no reliable possibility of human as intervention or backup control for failures. You either automate or stay manual."
It looks like the trend is definitely going away from manual control and toward some sort of automation. The accelerator pedal cannot directly control anything. It HAS to see the right foot as just one of the parameters that go into control decisions. There are advantages to making other controls such as steering and brakes to be mostly suggestions as to intent. That doesn't mean that there can't be some looser driver control in the event of a degraded system. Certainly, as has been suggested, tapping the brake pedal should kill a runaway throttle.
I believe the Toyota problem is one of inadequate design and testing. I'm sure we will ultimately learn much from this. There are problems with technology but auto safety looks pretty good. There are a lot more factors than electronic control. If you go back 50 years to when there was only automated shifting you will realize that modern cars are much safer. Absolute perfection of control would nowhere near compensate for the poor state of tires, brakes, suspension, and body structure that we faced then. And... the best tires, brakes and suspension are made even more effective with the application of some sensors, processing power and various actuator mechanisms. There's no turning back.
I pretty much agree with your last paragraph but this must be seen as being able to operate in a heterogeneous environment, not just with vehicles that are pretty much at the command of the infrastructure.
The 800 page report, in redacted form, was filed in U.S . District Court in Santa Ana, CA in St. John v Toyota on April 12, 2013. I don't have it; I am contacting the court if this is available. Meanwhile, unredacted is only in the code room and in a few lawyers' hands, according to those involved in the investigation.
This may be ok in an automated or warehouse situation. In general, humans are not in the machines being stopped by hitting the E-STOP switch or you have people stand clear before you do it (like when administering a shock from a difibrillator).
However, in a car, that is highly dangerous. Take a drive by wire car. What happens were you do hit an E-Stop button that disengages everything? Physics isn't bound by the E-STOP. That car will continue traveling in the direction it is moving (likely now skidding or sliding and if you're lucky that road compliance doesn't cause the steering to move around) with no way for the driver to control it's motion. You can't steer out of trouble, you can modulate the brake, if the doors are locked or windows closed, can you then open them?
Without manual controls that can control some of these things or ejector seats that activate when you hit the E-STOP, doing so in a car is very likely more dangerous than having the car attempt to recover (or continue to malfunction in a particular way).
"Even where the infrastructure mostly commands, or directs the vehicle, there will still be a need for someone, or something, to drive the car in case there is a communication failure."
This goes to the very root of Toyota's current problems. It is very difficult to ensure that the firmware running the car is totally safe, and in a drive by wire system a breakdown in communications within the system may render it undrivable by a human. The computer(s) is in control, you may have no direct human control ability at all.
Unless the Throttle, brakes, steering, and engine control have mechanical linkages, there is no reliable possibility of human as intervention or backup control for failures. You either automate or stay manual.
In the case of failure in the V2I, an automated vehicle would slow down and stop using local sensors. The infrastructure knows it just lost communications with a client (hearbeat) and can move surrounding traffic out of the way (slow down and move aside).
JCreasey, this whole thing is complicated in that the cost of vehicle controls, infrastructure and public acceptance are all huge issues. It won't all happen at once. There will be a mix of vehicles with various capabilities and drivers with varying responsibilities, skills and alertness. However, I am confident that the more automation here, the safer the roads will be.
Even where the infrastructure mostly commands, or directs the vehicle, there will still be a need for someone, or something, to drive the car in case there is a communication failure.
Rich Pell, I agree fully with your assesment! The likelyhood of a car vs driver mistake is widely different. On both ends of the spectrum: very old and very young drivers can make mistakes. I would like to see more cars with the collision avoidance electronics as a means of preventing some crashes. I know that these cost money but I wonder if insurance company discounts would help offset the additional cost for these features?
Les Slater, I am not sure how an autonomous driven car makes the problem less difficult. Given all the variables with roads (conditions, car state of operation, other vehicles, etc.) there is just so many complications to account for that I would be very surprised if they covered all the bases. Given the huge task and the possible failures of systems/subsystems what is the fallback for the "passengers"? How/when would they be able or know to take over? It sort of bogles the mind - all the possibilities. I have driven robots both with drive assist and with full manual - drive assist really helps but if there is a sensor fault it does not take long to get into trouble even at 15 ft/sec, I can't imagine what would happen at highway speeds. I am sure that the technical challenges can be solved but would really want to see a lot more testing, standards, and safety features before I would "get behind the wheel" of an autonomous car.
But to the Toyota case I was troubled by the lack of driver control over the electronics given the systems set up as they were. I would not want any system to override a desire to stop. There should have been a means to prevent runaway situations if nothing else but to stop motion if there is a difference between gas and brake.. just a thought.. Intent is hard to know for sure I agree, but if the black box was able to robustly determine if the gas was pressed and/or the brake then maybe intent would have been easier to determine.