Design Con 2015
Breaking News
Comments
Newest First | Oldest First | Threaded View
<<   <   Page 4 / 7   >   >>
Bert22306
User Rank
CEO
Re: A Radical Alternative?
Bert22306   11/2/2013 6:27:31 PM
NO RATINGS
"It seems to me that some cars have the gas pedal where other cars would have placed the brake pedal (everything is shifted a little to the left). This could be a contributing factor - especially if the drivers in the accidents often drove other cars with the pedals in a different relative geometry to the driver's seat."

It was many years ago now, mid 1980s, that the car company on the hot seat, for this same unintended acceleration problem, was Audi. That was one conclusion reached, back then. Pedal placement. The driver can swear up and down that he had his foot planted on the brake, when in fact he had the accelerator floored.

Here's a more general discussion of the Audi and other examples of this phenomenon, unrelated to electronic controls.

http://en.wikipedia.org/wiki/Sudden_unintended_acceleration

SSDWEM
User Rank
Rookie
Re: Simulating EDAC failure?
SSDWEM   11/2/2013 6:09:31 PM
NO RATINGS
Thanks for the thoughtful & detailed reply.

"Most of the major OS's such as VxWORKS, PSOS, Green Hills, etc should support something like this or better (possibly with an option) "


This is really the crux of what I was asking about.  Trying to see if there are any RTOS vendors who advertise fault-tolerant countermeasures such as mirroring critical RTOS variables & data structures.  I've haven't found one yet.  If I remember Michael Barr's testimony, some of the scheduler's task lists or whatever were right next to the stack, and some of the important application variables weren't mirrored.


Will be interesting to see if this type of functionality starts showing up in some of the more heavyweight RTOSes.  IMO it would be a reaction to this fiasco right here.





MS243
User Rank
Manager
Re: Simulating EDAC failure?
MS243   11/2/2013 4:54:52 PM
NO RATINGS
-- Safety and software

If one thinks about the software a bit both the OS and the OEM's code need to detect bit flips.

One way this can be done is via a checksum or a CRC.  A routine or object to wrie or read each data type in the OS+OEM code needs to be created that adds this element to the type as an element in a structure or similar.  If there is a checksum/crc error one must reboot or in some other manor re-test the entire memory to rule out a hard fault.


Another way might be to keep dupicate RAM  entries and re-boot / retest on the mis-compare of the  duplicates.

One also needs to do one of these on code both in RAM and FLASH.

Most of the major OS's such as VxWORKS, PSOS, Green Hills, etc should support something like this or better (possibly with an option)  

The FAA has several good papers on reviews of safery critical systems

Do a google search for SEU SOFTWARE FAA

Also look up Byzantine Generals Algorythm for Softtware.

See my profile for contact information for further advise

SSDWEM
User Rank
Rookie
Re: Simulating EDAC failure?
SSDWEM   11/2/2013 2:21:18 PM
NO RATINGS
"There are safety criticla OS'es that will detect an error like a bit flip in the tasking" -

 

Can you share any details / links?  Would be interesting to see who's doing this, and how.

 

Thanks.

junko.yoshida
User Rank
Blogger
Re: Vehicle Testing Testimony
junko.yoshida   11/2/2013 6:49:47 AM
NO RATINGS
Thank you, DrQuine. The testimony of this court transcript has been truly educational and enlightening to me. But even better is some of he comments I read in this forum. I learn something new every day here. Seriously.

junko.yoshida
User Rank
Blogger
Re: DOT specifications for critical SW?
junko.yoshida   11/2/2013 6:39:29 AM
NO RATINGS
@njamass, the more I look into this, the morbe convinced I am that NHTHA (http://www.nhtsa.gov/) is at fault here. They dropped the ball.

njamss
User Rank
Rookie
DOT specifications for critical SW?
njamss   11/2/2013 4:07:07 AM
NO RATINGS
Seems here that the DOT (and regulators in other countries) are at fault here.  They should have proper code/architecture guidelines!

When SW was introduced in flight control a few decades back, they had quadruplex channels to prevent such failures.  See for example "safety and redundancy"in http://en.wikipedia.org/wiki/Fly-by-wire

I have not been involved with this for a few decades, so they may be doing different things today, but cars should also adhere to similar standards required by the DOD/FAA.

 

DrQuine
User Rank
CEO
Vehicle Testing Testimony
DrQuine   11/1/2013 9:47:00 PM
NO RATINGS
The testimony cited here is quite remarkable. It is one think to speculate about the possibility that a corrupted bit might have serious consequences ... it is quite another to demonstrate in an operating car such a bit error does indeed have significant effects. Kudos to Junko for tracking down and publishing this very interesting evidence.

DrQuine
User Rank
CEO
A Radical Alternative?
DrQuine   11/1/2013 9:36:00 PM
NO RATINGS
I do a lot of business travel and experience many car model in my car rentals every three weeks. I've noticed that the pedal placement varies from model to model.  Has anyone investigated the positioning of the brake and gas pedals with respect to the centerline of the driver's seat? It seems to me that some cars have the gas pedal where other cars would have placed the brake pedal (everything is shifted a little to the left). This could be a contributing factor - especially if the drivers in the accidents often drove other cars with the pedals in a different relative geometry to the driver's seat.

Some Guy
User Rank
Manager
Re: You left out the most important error - no independent failsafe
Some Guy   11/1/2013 8:38:36 PM
NO RATINGS
I've got a pair of diagonal cutters. Won't stop me from adding an EMO to the circuit.

Just sayin'

<<   <   Page 4 / 7   >   >>


Most Recent Comments
Flash Poll
Top Comments of the Week
Like Us on Facebook
EE Times on Twitter
EE Times Twitter Feed

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)
EE Life
Frankenstein's Fix, Teardowns, Sideshows, Design Contests, Reader Content & More
Max Maxfield

Are Today's Designs Bound by the Constraints of Yesteryear?
Max Maxfield
26 comments
As part of my ongoing Pedagogical and Phantasmagorical Inamorata Prognostication Engine project (try saying that 10 times quickly), I'm working with Jason Dueck from Instrument Meter ...

Jolt Judges and Andrew Binstock

Jolt Awards: The Best Books
Jolt Judges and Andrew Binstock
1 Comment
As we do every year, Dr. Dobb's recognizes the best books of the last 12 months via the Jolt Awards -- our cycle of product awards given out every two months in each of six categories. No ...

Engineering Investigations

Air Conditioner Falls From Window, Still Works
Engineering Investigations
2 comments
It's autumn in New England. The leaves are turning to red, orange, and gold, my roses are in their second bloom, and it's time to remove the air conditioner from the window. On September ...

David Blaza

The Other Tesla
David Blaza
5 comments
I find myself going to Kickstarter and Indiegogo on a regular basis these days because they have become real innovation marketplaces. As far as I'm concerned, this is where a lot of cool ...