Breaking News
Comments
Newest First | Oldest First | Threaded View
Page 1 / 3   >   >>
W1PK
User Rank
Rookie
Re: Test SEU
W1PK   11/14/2013 1:13:20 PM
NO RATINGS
Your objection is well taken.  As I pointed out earlier, the fail-safe approach to safety-critical product design is to assume the Totalitarian Law of Physics, which says that whatever isn't forbidden by natural law is mandatory: it must occur.  If SEU is physically possible, then the product must be designed in such as way that it can be irrefutably proven that it will not cause a fatal accident when, not if, it occurs.

For products where no safe shutdown is possible, it must be irrefutably proven that the product will meet minimum functional requirements after SEU, component failure, external electromagnetic interference, or any other unfavorable circumstance: it must be fault-tolerant.

Probability is irrelevant in safety-critical product design.

FillG
User Rank
Rookie
Re: Test SEU
FillG   11/12/2013 4:14:38 PM
NO RATINGS
Having shown that an SEU can kill a task does not prove it is actually the cause. But having no alternative explanation, we have a tendency to assume it must be cause. We couldn't be more incorrect. We would be 100% subjective. We are still in the state of not knowing for sure.  There is no less than a Nobel Prize here for the person that can figure out how to analyze an intractable problem.

FillG
User Rank
Rookie
Test SEU
FillG   11/12/2013 4:08:56 PM
NO RATINGS
After 15 years in flight controls software, having written code for 787, 747-8, Hawker Premier, Hawker Horizon, Bombardier Challenger, I have never ever seen a test for SEU. Not ever. How does one do it?  Expose the processor card to nuclear reactor and sit around waiting for it to happen? So not being able to deterministically test SEU, how can we ever now what will happen under SEU? We can't.  So we fall back on probability. Toyota's software is an unfortunate example of this state of affairs.

B. Benjaminson
User Rank
Manager
Re: What happened at NASA?
B. Benjaminson   11/12/2013 8:15:12 AM
NO RATINGS
The problem was not NASA. The problem was NHTSA.

The inside story goes as follows. I have heard the same narrative from three people, each in a very good position to know what really happened.

*************************************************************

NASA's efforts were sabotaged by certain known individuals within NHTSA from the start.  After weeks of delay, the NASA scientists were given banker's boxes of random, unlabeled parts from Camrys that had not experienced any UA events. They were given '2 or 3' documents out of the tens of thousands Toyota produced for the govt. No engineering drawings. Then, just as they were getting started with their analysis and started finding questionable software design practices and tin whiskers, the guys from NHTSA seized the materials and told NASA the investigation was over.

There were witnesses to these events. Will they come forward publicly?

This is an issue that should be investigated by the U.S. Dept. of Transportation's Inspector General.  

*************************************************************

From this and from much other direct evidence that I have, it seems pretty clear that NHTSA and Toyota were way too cozy, to put it mildly, and the public has suffered.

Since then, the NHTSA official who presided over this affair, Ron Medford, has left NHTSA and is now in the "safety director" of the self-driving car project at Google that features a Prius. Hmmm.

Betsy

 

 

W1PK
User Rank
Rookie
Re: Brake and steer by wire
W1PK   11/11/2013 11:10:43 PM
NO RATINGS
Fly by wire is done on aircraft -- and if you have flown on a 757,767,747-400,787,777, or any Airbus Airliner, you have depended on this technology from take-off to landing -- The best of these systems are Quadruple Redundant (typically three redundant actuators and dual sticks, plus redundant trim switch controls -- plus a disimilar backup system -- in these systems the power systems are triple redundant or quadruple redundant as well.

 

Exactly.  And that's affordable on a $300 million commercial airliner.  On a car, maybe a Lamborghini owner could pay for a fully fault-tolerant steer-by-wire system.  Nothing less should be allowed on a public road. 

MS243
User Rank
Manager
Brake and steer by wire
MS243   11/11/2013 7:43:57 AM
NO RATINGS
Fly by wire is done on aircraft -- and if you have flown on a 757,767,747-400,787,777, or any Airbus Airliner, you have depended on this technology from take-off to landing -- The best of these systems are Quadruple Redundant (typically three redundant actuators and dual sticks, plus redundant trim switch controls -- plus a disimilar backup system -- in these systems the power systems are triple redundant or quadruple redundant as well -- (MULTIPLE apu'S AND ENGINE mount Variable Frequency Generators -- with multiple batteries and ram air turbines for backup -- 767's have even glided in for a landing sucuessfully with no fuel on board(due to metric/english conversion error by crew) ---- Automakers have no trackrecord with redundant systems and safetys for doing electronics -- it will be a long steep curve if they wish to climb it)

David Ashton
User Rank
Blogger
Re: Toyota Failure
David Ashton   11/10/2013 8:02:05 PM
NO RATINGS
@W1PK... "....forbid steering or braking by wire."     The manufacturers will then cry foul because steering by wire makes it MUCH easier to make left-and right-hand drive vehicles....

W1PK
User Rank
Rookie
Re: Toyota Failure
W1PK   11/10/2013 6:13:15 PM
NO RATINGS
No need to kill everything, just the engine....leave the brakes and all safety systems intact.  --
 
Well.  This gets us into another problem.  It should be unlawful to market a vehicle that has not been rigorously proven to be physically incapable of malfunctioning in such as way as to defeat the driver's control of steering, braking and power.  Preventing loss of control of steering and braking is relatively easy: forbid steering or braking by wire.
Engine control is a different proposition, with engines that rely on complex control systems to minimize fuel consumption.  It must be recognized that simply shutting down in the event of a component failure is not necessarily a safe failure, because being stranded in some locations can be fatal to the vehicle occupants.  Thus, fail-safe principles can't be applied to engine controls; fault-tolerant design is required instead.  It should be legally mandatory that before a vehicle can be marketed, there must be peer-reviewed irrefutable proof than no design fault or hardware failure can defeat the driver's control of the engine, as long as the mechanical core itself is capable of operation.


rick merritt
User Rank
Author
Kudos
rick merritt   11/10/2013 1:13:30 AM
NO RATINGS
Kudos for some great reporting followed by working the social networkng angle to the hilt!

Antony Anderson
User Rank
Rookie
Re: What happened at NASA?
Antony Anderson   11/9/2013 9:40:24 AM
NO RATINGS
Quite a lot of the NASA report was redacted by NHTSA so that its impact was less than it might have been.

Page 1 / 3   >   >>


EE Life
Frankenstein's Fix, Teardowns, Sideshows, Design Contests, Reader Content & More
Max Maxfield

What's the Best Traveling Toolkit?
Max Maxfield
6 comments
A few years ago at a family Christmas party, I won a pocket knife as part of a "Dirty Santa" game. This little scamp was a Buck 730 X-Tract. In addition to an incredibly strong and sharp ...

Rishabh N. Mahajani, High School Senior and Future Engineer

Future Engineers: Don’t 'Trip Up' on Your College Road Trip
Rishabh N. Mahajani, High School Senior and Future Engineer
9 comments
A future engineer shares his impressions of a recent tour of top schools and offers advice on making the most of the time-honored tradition of the college road trip.

Larry Desjardin

Engineers Should Study Finance: 5 Reasons Why
Larry Desjardin
41 comments
I'm a big proponent of engineers learning financial basics. Why? Because engineers are making decisions all the time, in multiple ways. Having a good financial understanding guides these ...

Karen Field

July Cartoon Caption Contest: Let's Talk Some Trash
Karen Field
153 comments
Steve Jobs allegedly got his start by dumpster diving with the Computer Club at Homestead High in the early 1970s.

Top Comments of the Week
Flash Poll
Like Us on Facebook
EE Times on Twitter
EE Times Twitter Feed

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)