@Etmax. Ah good old Aussie roads with the best potholes in the world (I'm an Aussie too).
At 60mph (88fps) you would maintain a minimum distance of 264ft on a US freeway ...and you'd like to have 528ft? mmm, I'd like to see you do that in peak hour on one of Sydney's or Melbourne's freeways.
Choices on car spacing aside, cars decelerate at different rates and with ABS essentially universal your "emergency" braking is limited to what the system allows in wheel speed differences. As we move to drive by wire, brake pressure is fully software controlled. A fault in the braking system might result in anything from a nice controlled maximum –g stop to a four wheels locked monster with allied loss of directional control.
As in UA, this unintended braking (under fault conditions) might happen at any time, and IMO would be just as hard to have the human cope with. At least with UA, the vehicle is moving in the direction you are looking: with unintended braking the danger front is both in front and behind you.
As a last comment, as we move to more automation in cars, the spacing between cars may be set in software based on in car sensors. Manufacturers are playing with "platooning" of cars on the freeway with distances of about 20ft at 60mph between 10- 20 cars (Mercedes and Volvo seem to have the lead here). http://www.newscientist.com/article/dn22272-out-of-control-driving-in-a-platoon-of-handsfree-cars.html#.Um_g7HCsi-0 While this is an island/V2V system and I don't really agree with it, this does get the traffic density up on the freeway, and should be valuable providing interaction between multiple platoons can be controlled. Platooning does however clearly show that if one vehicle in the platoon has an "unintended X" failure, it will be challenging to prevent V2V contact.
The court transcripts are publicly available. I will post the URL and parse out relevant parts in a separate story. Unfortunately, the slides Mr. Barr presented ate during the trial, however, is not publicly available.
I have gone through that court testimony doc at embeddedgurus.com. It is not only interesting, but can be considered as a lesson if you are in the business of designing safety critical hardware/firmware.
The following is an excerpt from that pdf. It is an answer given by Mr. Barr when asked about how they had access to the toyota source code.
"That experts see source code is not unusual, but the protections around this source code are certainly unusual in my experience. The source code review involves looking at electronic documents on computers. There is basically a room the size of a small hotel room that is disconnected from the Internet, no cell phones allowed inside or would work inside. In that room there is about five computers and some cubicles. In there, it is possible to believe view on the computer screen Toyota's source code. We couldn't take any paper in, take any paper out, couldn't wear belts, watches. There was a guard. It was worse than airport security was on the way here. Each time in and out, even to go to the bathroom."
The driver claims that full-force braking had been applied. If it is true indeed (though there is no particular reason to take it for granted), then the failure must have had crippled both E-gas (forcing the engine to overrev) and ESP/ABS/brake assist that could potentially loosen pressure on brakes.
Had to at least skim through transcript for details, though (thanks for providing it).
(Just as disconcerting and deadly would be un-intended braking at highway speeds on those around your vehicle).
I have to disagree with this one, we should keep at least 3 seconds to the car in front and if it's a long drive and we're likely to lose concentration then 6 seconds, giving ample time to react in an emergency. I drive with the cruise control on on the highway and have me foot over the brake just in case. I've missed kangaroos and wombats and birds in flight by being alert and watching the road ahead. You should be able to stop before hitting the car in front even in a panic stop or you're driving to close.
On the common theme of this article, (not in response to your comments) sadly automotive electronics is designed to a cost in tight competition with other suppliers with the winning bit being over as little as 50c (I worked for Delco Electronics for a number of years, and this is based on actual experience) so for something to be less than ideal is expected. I think there should only be large payouts for gross negligence. I don't have enough info to opine as to whether Toyota met this criteria, but erally if we want drive by wire and steer by wire then the design rigour must be more in tune with the aircraft industry even if it means that the drive by wire system in car 'X' is a $50,000 option, none of this $500 dollar option because we got it for 10c extra in the competitive bid process. If we want real solutions we need to start paying real prices for them.
Sorry to keep putting you on the spot, but this is important stuff.
I'm reading the court transcript, and it's clear that during the trial, Michael Barr had a presentation prepared with visual aids to walk the (most non-technical) jury through the findings.
In the U.S., the court system is open, correct? In other words, isn't everything, including the testimony, public and available, unless the courtroom is cleared?
I don't mean to give you (Junko) homework, but I'm sure every reader & commenter here would love to see the presentation and the same things the jury saw. We love to analyze, understand, learn. Is there any reason to expect we won't be able to see this?
"Manual transmission on a steep hill. You need to transition from a stop to moving. Speed from brake to accel is too slow to keep from stalling. What do you do?"
I agree with the "not enough feet" scenario. Although I'm not usually worried about stalling, as much as I'm worried about frying the clutch!
Yes, I too apply the hand brake while moving the right foot from brake to throttle. A foot-actuated (and foot-deactuated) parking brake makes this technique impossible, in a stick shift. So, you either learn to drive more skillfully, or you buy an automatic.
It's quite difficult, in most stick shift cars, to apply brakes and throttle at the same time (aside from a hand brake), although if you have a reasonably wide foot and the pedals are positioned just right, it can be done. Still, for a regular stick shift car or for automatics, having the brake pedal override any throttle command seems easy and fool proof enough. The hand brake is mechanical, cable-operated, and best kept out of the throttle safety logic, IMO. For one thing, in my experience anyway, hand brakes are hardly adequate as any sort of safety device while the car is moving. They aren't close to effective enough to overpower an engine at full throttle.
Manual transmission on a steep hill. You need to transition from a stop to moving. Speed from brake to accel is too slow to keep from stalling. What do you do? Hit the brake and accelerator and the same time then transition from brake to accelerator. Why not use the parking brake? Some cars have foot actuated parking brakes and you already have a problem of not having enough feet. . .
Perhaps I've watched too many TV legal dramas. When expert witnesses start heaping up evidence on the plaintiff's side, sometimes it seems overdone.
In this case, the fact that a zillion potential issues with the throttle algorithm were uncovered, even though none of them was actually determined to be the cause, nor was their probability of occurence mentioned, and further that it was shown that the black box may also be lying at the same time, seems a bit like "stacking the deck."
I suppose the intent was to absolve the driver from any possible responsibility, because she evidently hadn't applied the brakes? Like I said, probably too many TV dramas.
Aside from that, it certainly makes sense to have the brake pedal take precedence over any throttle control signal. I can't imagine a proper autonomous vehicle NOT implementing that same logic. Any braking command automatically overrides any acceleration command. Simply because, in the majority of major system failure scenarios, cars are better off stopped (hopefully on the side of the road). It's the most resonable fail safe mode.
A Book For All Reasons Bernard Cole1 Comment Robert Oshana's recent book "Software Engineering for Embedded Systems (Newnes/Elsevier)," written and edited with Mark Kraeling, is a 'book for all reasons.' At almost 1,200 pages, it ...