When a safety system is designed and accessed, it stresses on defining the safety function of the system and also it stresses in defining "safe state" of the system in case there is a failure. The intention behind designing a functional safety critical system is only to minimize "undetected dangerous" failures. Hence as per the safety standards, ISO26262 / IEC 61508, there are limits set for probability of dangerous failure (PoDF) & Safe faulre fraction (SFF);
Hence, a safety system is allowed to fail but shall fail safely. I wonder what would be the "safe failure" for ADAS if a potentially dangerous failure is detected or if there is a "safe failure"....what would be the safe state then? Engine shutdown? Certainly not? on a highway this could create troubles.
I would say, a fail-safe system for Autonomous cars , where a worst case scenario could be the engine failure, A back up system with a battery powered drive and braking system and the software that could take the car to the curbside safely- the way it is done for autonomous lifts when there is a power failure.
Regarding the safe state, automobiles are not that critical: Believe it or not - he safe state is "stopped". Thus all propulsion components are - relatively - easy to implement.
Other things like braking or airbag are much more challenging thinking of autonomous vehicles: if ABS detects a failure it is sufficient to light the MIL (malfunction indicator lamp). This will not really help in an autonomous vehicle...
"...safe state is "stopped". Thus all propulsion components are - relatively - easy to implement."
I also had the same thought in my mind that safe state would be a smooth stop, Then a question occurred to me...what would happen in a busy highway where, all the vehicles are moving at high speed and suddenly a car stops due to a failure...would that be safe for others behind? I did not find the answer yet.
Depending on the current state of the vehicle the stop might not be too 'smooth'. Anyway - following current legislation (hopefully not only here in Germany implemented that way) the following driver has to keep a distance that enables him to stop without touching.
Regarding a piston seizure (still heard of regarding vans/ buses) might create a significantly shorter stopping distance if nothing else breaks.
I agree that in cars, thankfully, the safe state is stopped. So that's relatively easy to do, in an autonomous vehicle. The same thing cannot be said for airplanes.
If you're on a fast interstate-type road, or autobahn, then just like now, you would best have an emergency lane. The autonomous vehicle could safely coast into the emergency lane and stop, if something critical broke.
If there is no emergency lane, then you would simply automate the procedure drivers have to use now. Which is to say, the cars following the sick one have to slow down and stop OR (and this part is much better done automated), the following cars can switch over to the other lane and pass the stalled car. An automated car will presumably have much better situational awareness than human drivers typically do, so this passing maneuver can be a whole lot safer with automation.
Even if the engine seizes, it should not be hard to develop an algorithm that "pushes in the clutch," so to speak, to allow the car to coast into the emergency lane, or to stop smoothly.
That is true and that is why I have a great fear of flying. Though airplanes are designed to be a lot safer, still I can't avoid the thoughts occurring to my mind while flying, that what happens if something fails :) . My fear started to grow stronger after I read that 3D printed parts might started to get used... LOL...
We can't even eradicate "unintentional acceleration" or deal with key chains laden with half a dozen keys in cars, yet designers and companies are unwilling to even admit to such problems right now. The cost of a standard automobile continues to rise faster than the cost-of-living and the electronics in a car costs 5x what a consumer-level equivalent would cost - and it's even higher when bought over the dealers' parts counter. We're a long way from a car driving itself successfully or cheaply. So stay sober and stop reading your phone. Or maybe your seat will buzz you to attention.
Agreed! My 2010 car has had more computer/electrical issues than I care for. I miss the days when the car didn't think so much for me. What we really need in the US is enforcement of laws. Enforce "distracted driving" laws and keep cars simple.
Getting stopped in the breakdown lane -- possibly after having to negotiate a failed or damaged vehicle through several lanes of traffic may prove very challenging for an Autonomous system
In principle, with V2V comms and with sensors surrounding the car, that operation can be a whole lot safer than having humans negotiate the maneuver. The car signals to all adjacent cars that it has a failure and is moving to the emergency lane, and the car should have sensors to indicate whether it can drift over safely.
Remember that human drivers have been doing this sort of thing with no clue what the other cars are doing, and with only a single pair of eyes being used to determine the situation in all directions. That's it! If a system like that were to be proposed for an autonomous vehicle, no one in his right mind would approve the design!
It's doing it with a damaged vehicle that no longer handles per any of the control laws that may prove interesting -- the other thing to remember, is all the hardware is single redundant in most land vehicles -- Aircraft are expensive enough to afford luxuries like tripple and quad redundant actuator channels for each surface for each control axis -- cars -- don't know of any -- the back-up brakes on all of them basically dates from when cars first came out -- For example I once had the brakes fail on a hill of glare ice - with an intersection of stopped cars at the bottom -- through downshifting, the emergency brake, and steering I was able to walk away with a cut in the plastic on the front bumper -- a computer likely would had disconnected, set the alarm and some startled sod would have to drop what they were doing mid-way down the hill and try something at the last minute -- Southern CA is great for showboating self driving cars -- Try it in Minneapolis, Or Erie PA in the dead of winter!
I would suggest, instead, that handling on a slippery road can be done far better with automated systems. They react much faster than humans, they can sense which wheel(s) is or are slipping and which have traction, where humans haven't a clue, and they allow application of brakes at each wheel independently of the other three. That would be a hopeless task if assigned to humans, and yet it is by far the best way of recovering from a skid on any sort of slippery road. The vast majority of drivers are woefully untrained in any of these dicey situations, nor do they have enough controls available to them.
And too, redundancy would naturally be built into autonomous controls. Redundant hydraulic brakes have been mandated in cars for decades. Power steering is also redundant in a sense, because it will work mechanically, even without the power assist.
When a chunk of ICE takes out the Traction Control wheel sensor, and ABS wheel sensor, as was in my case, the computers basically were in garbage in garbage out mode. Stuff on cars gets road damage fairly often -- there may not be that many pot-holes in CA, in MN with the annual sheet of ice, and inevitible pavement disintigration, there are ones that will blow out a few tires, or render the steering linkage a twisted mess, or puncture the fuel tank 30 miles from no where, or start an oil leak, or make the transmission sound like a coffee grinder - or freeze the valve that blends hot air off the manifold, leaving one vaporlocked in the middle of no where, and having to shoot holes in the valve with a Magnum to get enough cool air to make it to town.
Airplane model changes where there is all that redundancy take about 10 years -- Taking 10 years to make a model change, and regression test it seems hard to sustain given automotive varitey, annual changes, and the demand for features that varies widely across the US. (2WD, 4WD, mini-car to SUV, etc)
Heck -- we just had one of the most computerized, and automated airliners, go thousands of miles off course and vanish -- with two humans fully capable of taking over on-board --
Having been in a group that produced millions of computerized phones, I can say there were new problems from the field on a daily basis, even after building and testing 10,000 prototypes -- way more than the 500-1K for an auto model.
The more weird stuff you try and account for in software, the longer it takes to do the V&V -- it grows exponentially vs the number of conditions, and becomes un-managable.
Just got done with a SoC V&V where the Firmware was so complex to test on the preceding model, they completely forgot the basics, including compensating the sensor's for temperature -- take a product build with it on a good hot day in Phoenix, and it's garbage in -- garbage out of the sophisticated algorythms --
Safety critical stuff that is complex get's very expensive.
Levels of vehicle awareness and automata that shall be utilized on-board vehicles may dwarf the transportation industry's comprehension. A serious patch panel will be attached to a server, which is happenng within 3 months @ GreenWave* Think about bandpass discriminating microphones strategically placed in mechanical function areas.
Capital placement is not coming from VC's the Capital is being genrated by already capitated corporations that have abilities to perform complete systems integration in house with their excess available engineering crews. This report only bumps the total ongoing work by $100M More is coming in larger chunks
My Mom the Radio Star Max MaxfieldPost a comment I've said it before and I'll say it again -- it's a funny old world when you come to think about it. Last Friday lunchtime, for example, I received an email from Tim Levell, the editor for ...
A Book For All Reasons Bernard Cole1 Comment Robert Oshana's recent book "Software Engineering for Embedded Systems (Newnes/Elsevier)," written and edited with Mark Kraeling, is a 'book for all reasons.' At almost 1,200 pages, it ...