Breaking News
Comments
Newest First | Oldest First | Threaded View
<<   <   Page 2 / 11   >   >>
junko.yoshida
User Rank
Blogger
Re: inherently safe design of automobiles
junko.yoshida   11/28/2013 1:37:23 AM
NO RATINGS
@Mervynrs, an intersting argument -- sort of coming from the left field.

And yet, somehow I don't agree that the "speed" is the key reason for safety issues of cars. A growing list of all the bells and whistles now added to cars seems to be the cultprit in my mind, although some of those new features are being developed for safety reasons.

Mervynrs
User Rank
Rookie
inherently safe design of automobiles
Mervynrs   11/27/2013 5:20:26 PM
As a complete departure from the current approach to automotive safety system inprovement by computerisation, I would like to pose the following question?

Why are regular automobiles designed and built with the capabilty to move at speeds that all agree can cause lethal harm? If the engines were all "governed down" there may well be no need for most of the layers of safety system architechture in the first place! 

The presence of speed limit laws in all nations is admission that we all know what the dominant risk factor is. So why not fix it at the source?

ARabold
User Rank
Rookie
Re: Single bit flip
ARabold   11/20/2013 9:55:45 AM
NO RATINGS
There is an extensive literature on the question 'how safe is safe enough', and you might start with the early chapters of Nancy Leveson's book 'Safeware: System Safety and Computers' (though it is somewhat dated, and she has a new book in the works.)

Forcing a hardware / software dichotomy on the safety question is unwise, as a significant subset of risk involves aspects of both domains, and their interaction. 

One issue is 'what are the alternatives?' In the case of anti-lock braking, we add a system that could potentially interfere disastrously with braking, but which, when it works, reduces the frequency and severity of accidents. In the case of a car's throttle, I don't know if there are any compelling reasons for full-authority digital control, from a safety perspective.

It is well established that redundancy can effectively mitigate random physical errors to the point where it is no longer the dominant risk (it is not, however, effective for software errors, as different developers tend to make related mistakes, so the errors in independently-developed implementations of the same requirements tend to be somewhat correlated.)

You quoted Larry comment, "If you look at modern automotive control systems, they are beginning to introduce redundant voting controls" (emphasis added.) This suggests, disturbingly, that the designers of automotive control systems are far behind the state of the art with regard to digital systems safety.

 

 

ARabold
User Rank
Rookie
Re: Single bit flip
ARabold   11/20/2013 9:06:11 AM
NO RATINGS
I don't know if you replied to my post by mistake, but nothing in what I wrote could be properly construed as indicating that I doubt the potential lethality of some software, or that I doubt it has actually happened. I read Nancy Leveson's highly informative report on the Therac-25 when it was first published, and I was appalled by the fact that the development of this safety-critical software was entrusted to an unqualified person, and deployed without effective rik analysis, review and testing.

This quote should have made my position clear:

 "These risks can be effectively mitigated, if and ony if you make a serious effort to do so." (emphasis added.)

Effective mitigation does not mean 'eliminate all risk' for software any more than it does for any other technology.

 

KGround
User Rank
Rookie
Re: Single bit flip
KGround   11/18/2013 2:42:16 PM
NO RATINGS
You question that a software bug can kill ??

There are many, many examples. Here:

http://en.wikipedia.org/wiki/Therac-25

is one of my favorites.

We trust machines with our lives every day, and that is fine, but we should also remember that a machine is heartless and relentless and will kill you in the blink of an eye if it gets the chance (and this applies to simple mechanical equipment as well as complex software driven systems), it will feel no regret later, and suffer no consequences. 

Trust your life to a machine if you wish, but it should be conscious decision and not just force of habit.

ARabold
User Rank
Rookie
Re: Single bit flip
ARabold   11/4/2013 9:45:11 AM
NO RATINGS
Frank Eory wrote:

"It makes one wonder how blame can be attributed to software in a system in which the source of the error may have been a random SRAM bit that was flipped by an alpha particle or other natural radiation event."

If that were an unavoidable problem, the undavoidable conclusion would be that digital equipment is unsuitable for safety-critical purposes, especially for things such as a car's throttle, where mechanical linkages have worked well for decades, and so where it's particularly hard to make a case for any additional risk.

The point here, however, is that these risks can be effectively mitigated, if and ony if you make a serious effort to do so. If you are unable or unwilling to do that, do not use digital electronics where peoples' well-being is at risk.

"Is the failure being blamed on software, or is it an overall laxity of hardware plus software..."

None of the above. The blame is being placed on the people of Toyota who, in their complacent ignorance, failed to take reasonable steps to reduce the risk.

I find Mr. Eory's "things break, that's just the way it is" attitude disturbing. No-one with that attitude should have any responsibility in the development or deployment of safety-critical systems, or the policies that govern their use.

 

 

Antony Anderson
User Rank
Rookie
Transcript of evidence
Antony Anderson   11/1/2013 5:47:47 PM
NO RATINGS
Dear Mark,


e-mail me and I might know of someone who could help you

Antony Anderson

e-mail: antony.anderson@onyxnet.co.uk

Tel +44 191 2854577

website:www.antony-anderson.com

William Miller
User Rank
CEO
Re: Interesting reading
William Miller   11/1/2013 11:01:59 AM
NO RATINGS
Being killed for someone's code mistake is very-very sad and tragical!

Toyota engineers must have felt very sorry for that person and its relatives.

I thought this is a trustful car company. Now I'm not sure! schengen travel insurance

markgoespop
User Rank
Rookie
Re: Interesting reading
markgoespop   10/31/2013 1:53:29 PM
NO RATINGS
> On the internet, nothing is ever lost!

I suspected as much -- Thanks!


- M

SSDWEM
User Rank
Rookie
Re: Interesting reading
SSDWEM   10/31/2013 1:43:19 PM
NO RATINGS
Mark,

 

On the internet, nothing is ever lost!


From the reddit discussion, I found this link:

 

http://cybergibbons.com/wp-content/uploads/2013/10/Bookout_v_Toyota_Barr_REDACTED.pdf

 

Good reading - enjoy!

<<   <   Page 2 / 11   >   >>


EE Life
Frankenstein's Fix, Teardowns, Sideshows, Design Contests, Reader Content & More
Max Maxfield

Steve Wozniak Reacts to Latest iPhone
Max Maxfield
8 comments
Funnily enough, just a few days ago as I pen these words, I was chatting with my wife (Gina the Gorgeous) when she informed me that -- as a kid -- she had never played at making a ...

EDN Staff

11 Summer Vacation Spots for Engineers
EDN Staff
20 comments
This collection of places from technology history, museums, and modern marvels is a roadmap for an engineering adventure that will take you around the world. Here are just a few spots ...

Glen Chenier

Engineers Solve Analog/Digital Problem, Invent Creative Expletives
Glen Chenier
15 comments
- An analog engineer and a digital engineer join forces, use their respective skills, and pull a few bunnies out of a hat to troubleshoot a system with which they are completely ...

Larry Desjardin

Engineers Should Study Finance: 5 Reasons Why
Larry Desjardin
46 comments
I'm a big proponent of engineers learning financial basics. Why? Because engineers are making decisions all the time, in multiple ways. Having a good financial understanding guides these ...

Flash Poll
Top Comments of the Week
Like Us on Facebook
EE Times on Twitter
EE Times Twitter Feed

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)