Breaking News
Comments
Newest First | Oldest First | Threaded View
<<   <   Page 4 / 11   >   >>
AZskibum
User Rank
Author
Re: Single bit flip
AZskibum   10/29/2013 1:11:50 PM
NO RATINGS
But as Bert and I have pointed out, ultimately the designers of critical safety systems, both hardware & software designers, are dealing with probabilities, and their task is one of reducing the probability of a dangerous incident to some acceptably low level, which can never be exactly zero.

Those familiar with ISO 26262 know that it defines four automotive safety integrity levels (ASILs) and various metrics, including the probability of violation of a safety goal (PVSG). The highest ASIL level, ASIL D, requires a PVSG (1/hour) of less than 10^-8, which is an order of magnitude less than that required by IEC 61508.

An argument could be made that safety systems which meet such requirements reduce the failure rate of these systems to a level far less than the failure rate of human behavior & decision-making while driving. Again, I am speaking of automotive safety in general, without regard to the particulars of this case. We could imagine future standards requiring even lower error probabilities, but these will never be zero.

Consider that just in North America, vehicle travel amounts to about 3 trillion miles a year, amounting to billions of hours spent behind the wheel. That is a sufficiently large sample size that even with extremely low failure probabilities resulting from best engineering practices to ensure absolute safety, failures will still be seen from time to time. But consider how that compares with the injury and fatality rates caused by human error.

Even as modern automotive safety systems make driving safer every year, and as we look toward a future in which we humans are merely passengers in our vehicles and safety incidents are rare, the burden of responsibility and the cost of failure borne by the providers of these systems is far greater than it ever was or is on the fallible humans whose errors cause so many injuries and fatalities every day on our roads.

 

junko.yoshida
User Rank
Author
Re: Interesting reading
junko.yoshida   10/29/2013 1:07:14 PM
NO RATINGS
I know; that bit was quite interesting, wasn't it?

As I wrote in my blog, http://www.eetimes.com/author.asp?section_id=36&doc_id=1319910&, the experts' group spent 18 months in the secluded room in Maryland looking at the source code. Under the unbelievable security.

And in the end, only 12 experts were allowed to see the source code.

The report that contains the source code is NOT made available.

EE Times will be publishing some of the relevant parts of the testimony in a separate story shortly.

Etmax
User Rank
Author
Re: Toyota's culpability here is the tip of the iceberg for everyone
Etmax   10/29/2013 12:58:47 PM
NO RATINGS
@JCreasey :-) re:

At 60mph (88fps) you would maintain a minimum distance of 264ft on a US freeway ...and you'd like to have 528ft? mmm, I'd like to see you do that in peak hour on one of Sydney's or Melbourne's freeways.


I've never been on a Melbourne freeway in peak hour where the speed get much above 60kph let alone 60mph. :-) (you new that was coming right? :-)

Platooning is an interesting one, it would avoid the cycling between 0kph and 60kph that occurs at various intervals on freeways, but as you say with no margin for error, and who is responsible for the collision and possible death? Toyota paid dearly here, and while most drivers can't cope with their car in working order they have little chance to cope with an X-failure in platooning, the car makers will likely be sued out of existence in that case.

People just like to blame someone, and usually the one with the deepest pockets rather than the one at fault.

JCreasey
User Rank
Author
Re: Toyota's culpability here is the tip of the iceberg for everyone
JCreasey   10/29/2013 12:36:01 PM
NO RATINGS
@Etmax. Ah good old Aussie roads with the best potholes in the world (I'm an Aussie too).

At 60mph (88fps) you would maintain a minimum distance of 264ft on a US freeway ...and you'd like to have 528ft? mmm, I'd like to see you do that in peak hour on one of Sydney's or Melbourne's freeways.

Choices on car spacing aside, cars decelerate at different rates and with ABS essentially universal your "emergency" braking is limited to what the system allows in wheel speed differences. As we move to drive by wire, brake pressure is fully  software controlled. A fault in the braking system might result in anything from a nice controlled maximum –g stop to a four wheels locked monster with allied loss of directional control.

As in UA, this unintended braking (under fault conditions) might happen at any time, and IMO would be just as hard to have the human cope with. At least with UA, the vehicle is moving in the direction you are looking: with unintended braking the danger front is both in front and behind you.

As a last comment, as we move to more automation in cars, the spacing between cars may be set in software based on in car sensors. Manufacturers are playing with "platooning" of cars on the freeway with distances of about 20ft at 60mph between 10- 20 cars (Mercedes and Volvo seem to have the lead here). http://www.newscientist.com/article/dn22272-out-of-control-driving-in-a-platoon-of-handsfree-cars.html#.Um_g7HCsi-0  While this is an island/V2V system and I don't really agree with it, this does get the traffic density up on the freeway, and should be valuable providing interaction between multiple platoons can be controlled. Platooning does however clearly show that if one vehicle in the platoon has an "unintended X" failure, it will be challenging to prevent V2V contact.

junko.yoshida
User Rank
Author
Re: Can we get the presentation?
junko.yoshida   10/29/2013 8:23:33 AM
NO RATINGS
My colleague Michael Dunn has also posted his technical analysis on this issue here: http://www.eetimes.com/author.asp?section_id=36&doc_id=1319930&

junko.yoshida
User Rank
Author
Re: Can we get the presentation?
junko.yoshida   10/29/2013 8:20:37 AM
NO RATINGS
The court transcripts are publicly available. I will post the URL and parse out relevant parts in a separate story. Unfortunately, the slides Mr. Barr presented ate during the trial, however, is not publicly available.

vasanth kumar d
User Rank
Author
Re: Interesting reading
vasanth kumar d   10/29/2013 5:01:09 AM
NO RATINGS

I have gone through that court testimony doc at embeddedgurus.com. It is not only interesting, but can be considered as a lesson if you are in the business of designing safety critical hardware/firmware.

The following is an excerpt from that pdf. It is an answer given by Mr. Barr when asked about how they had access to the toyota source code.

"That experts see source code is not unusual, but the protections around this source code are certainly unusual in my experience. The source code review involves looking at electronic documents on computers. There is basically a room the size of a small hotel room that is disconnected from the Internet, no cell phones allowed inside or would work inside. In that room there is about five computers and some cubicles. In there, it is possible to believe view on the computer screen Toyota's source code. We couldn't take any paper in, take any paper out, couldn't wear belts, watches. There was a guard. It was worse than airport security was on the way here. Each time in and out, even to go to the bathroom."

 

Pritkiy Kaban
User Rank
Author

Pritkiy Kaban   10/29/2013 4:38:42 AM
NO RATINGS
Looks like the failure was massive.

The driver claims that full-force braking had been applied. If it is true indeed (though there is no particular reason to take it for granted), then the failure must have had crippled both E-gas (forcing the engine to overrev) and ESP/ABS/brake assist that could potentially loosen pressure on brakes.

Had to at least skim through transcript for details, though (thanks for providing it).

Etmax
User Rank
Author
Re: Toyota's culpability here is the tip of the iceberg for everyone
Etmax   10/29/2013 2:26:44 AM
NO RATINGS
(Just as disconcerting and deadly would be un-intended braking at highway speeds on those around your vehicle).

I have to disagree with this one, we should keep at least 3 seconds to the car in front and if it's a long drive and we're likely to lose concentration then 6 seconds, giving ample time to react in an emergency. I drive with the cruise control on on the highway and have me foot over the brake just in case. I've missed kangaroos and wombats and birds in flight by being alert and watching the road ahead. You should be able to stop before hitting the car in front even in a panic stop or you're driving to close.


On the common theme of this article, (not in response to your comments) sadly automotive electronics is designed to a cost in tight competition with other suppliers with the winning bit being over as little as 50c (I worked for Delco Electronics for a number of years, and this is based on actual experience) so for something to be less than ideal is expected. I think there should only be large payouts for gross negligence. I don't have enough info to opine as to whether Toyota met this criteria, but erally if we want drive by wire and steer by wire then the design rigour must be more in tune with the aircraft industry even if it means that the drive by wire system in car 'X' is a $50,000 option, none of this $500 dollar option because we got it for 10c extra in the competitive bid process. If we want real solutions we need to start paying real prices for them.

SSDWEM
User Rank
Author
Can we get the presentation?
SSDWEM   10/28/2013 7:41:29 PM
Junko -

Sorry to keep putting you on the spot, but this is important stuff.

I'm reading the court transcript, and it's clear that during the trial, Michael Barr had a presentation prepared with visual aids to walk the (most non-technical) jury through the findings.

In the U.S., the court system is open, correct?  In other words, isn't everything, including the testimony, public and available, unless the courtroom is cleared?

I don't mean to give you (Junko) homework, but I'm sure every reader & commenter here would love to see the presentation and the same things the jury saw.  We love to analyze, understand, learn.   Is there any reason to expect we won't be able to see this?

<<   <   Page 4 / 11   >   >>


Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)
Like Us on Facebook
Special Video Section
5G LTE is on the way. These systems will require more ...
Protecting sensitive electronic circuitry from voltage ...
09:45
Watch as a web server authenticates or rejects a water ...
Protecting sensitive electronic circuitry from voltage ...
Watch as a web server authenticates or rejects a water ...
Protecting sensitive electronic circuitry from voltage ...
Power can be a gating factor in success or failure of ...
Get to market faster and connect your next product to the ...
00:44
See how microQSFP is setting a new standard for tomorrow’s ...
The LTC3649 step-down regulator combines key features of a ...
Once the base layer of a design has been taped out, making ...
In this short video we show an LED light demo to ...
The LTC2380-24 is a versatile 24-bit SAR ADC that combines ...
In this short video we show an LED light demo to ...
02:46
Wireless Power enables applications where it is difficult ...
07:41
LEDs are being used in current luxury model automotive ...
With design sizes expected to increase by 5X through 2020, ...
01:48
Linear Technology’s LT8330 and LT8331, two Low Quiescent ...
The quality and reliability of Mill-Max's two-piece ...