When a safety system is designed and accessed, it stresses on defining the safety function of the system and also it stresses in defining "safe state" of the system in case there is a failure. The intention behind designing a functional safety critical system is only to minimize "undetected dangerous" failures. Hence as per the safety standards, ISO26262 / IEC 61508, there are limits set for probability of dangerous failure (PoDF) & Safe faulre fraction (SFF);
Hence, a safety system is allowed to fail but shall fail safely. I wonder what would be the "safe failure" for ADAS if a potentially dangerous failure is detected or if there is a "safe failure"....what would be the safe state then? Engine shutdown? Certainly not? on a highway this could create troubles.
I would say, a fail-safe system for Autonomous cars , where a worst case scenario could be the engine failure, A back up system with a battery powered drive and braking system and the software that could take the car to the curbside safely- the way it is done for autonomous lifts when there is a power failure.
Regarding the safe state, automobiles are not that critical: Believe it or not - he safe state is "stopped". Thus all propulsion components are - relatively - easy to implement.
Other things like braking or airbag are much more challenging thinking of autonomous vehicles: if ABS detects a failure it is sufficient to light the MIL (malfunction indicator lamp). This will not really help in an autonomous vehicle...
We can't even eradicate "unintentional acceleration" or deal with key chains laden with half a dozen keys in cars, yet designers and companies are unwilling to even admit to such problems right now. The cost of a standard automobile continues to rise faster than the cost-of-living and the electronics in a car costs 5x what a consumer-level equivalent would cost - and it's even higher when bought over the dealers' parts counter. We're a long way from a car driving itself successfully or cheaply. So stay sober and stop reading your phone. Or maybe your seat will buzz you to attention.
"...safe state is "stopped". Thus all propulsion components are - relatively - easy to implement."
I also had the same thought in my mind that safe state would be a smooth stop, Then a question occurred to me...what would happen in a busy highway where, all the vehicles are moving at high speed and suddenly a car stops due to a failure...would that be safe for others behind? I did not find the answer yet.
Depending on the current state of the vehicle the stop might not be too 'smooth'. Anyway - following current legislation (hopefully not only here in Germany implemented that way) the following driver has to keep a distance that enables him to stop without touching.
Regarding a piston seizure (still heard of regarding vans/ buses) might create a significantly shorter stopping distance if nothing else breaks.
Agreed! My 2010 car has had more computer/electrical issues than I care for. I miss the days when the car didn't think so much for me. What we really need in the US is enforcement of laws. Enforce "distracted driving" laws and keep cars simple.
I agree that in cars, thankfully, the safe state is stopped. So that's relatively easy to do, in an autonomous vehicle. The same thing cannot be said for airplanes.
If you're on a fast interstate-type road, or autobahn, then just like now, you would best have an emergency lane. The autonomous vehicle could safely coast into the emergency lane and stop, if something critical broke.
If there is no emergency lane, then you would simply automate the procedure drivers have to use now. Which is to say, the cars following the sick one have to slow down and stop OR (and this part is much better done automated), the following cars can switch over to the other lane and pass the stalled car. An automated car will presumably have much better situational awareness than human drivers typically do, so this passing maneuver can be a whole lot safer with automation.
Even if the engine seizes, it should not be hard to develop an algorithm that "pushes in the clutch," so to speak, to allow the car to coast into the emergency lane, or to stop smoothly.
A Book For All Reasons Bernard Cole1 Comment Robert Oshana's recent book "Software Engineering for Embedded Systems (Newnes/Elsevier)," written and edited with Mark Kraeling, is a 'book for all reasons.' At almost 1,200 pages, it ...