Most modern fuel-injected engines have an overspeed shut-down that either interrupts the spark, fuel or both to prevent an engine from overspeed destruction; it may sopund scary, but it does work. Selecting neutral and standing on the brakes shoudl always work. Like Asimov's 3 laws of robotics, a heirarchy of operation needs to be established that only allows safe operation and different failures would invoke different levels of over-ride up to stopping immediately. There will never a fail-safe autonimous vehicle until the definition of "fail-safe" has been established and agreed upon by all developers. Once those utterly defensible parameters have been incorporated, autonomy may be added. The rub is there will never, ever exist a definition of "Fail Safe" that can't be successfully challenged by lawyers. The technology may be perfect, but the written word will always be open to interpretation. "Thou shalt not kill." Seems to exemplify a simple, clear sentence, yet somehow we manage to re-interpret the meaning on occasion.
GTO, the understanding of how to shut down a runaway engine is indeed a potentially lifesaving thing. And having a runaway engine overspeed destruct upon shifting to neutral may be the lesser of the evils, but it is a very expensive one, since overspeed induced failures are seldom minor.
I have had stuck throttles a few times and switching off the ignition has always been the first step to recovery. The HUGE problem, which I have pointed out before in other discussions, is the cars that no longer have a way to switch off the engine. Instead, they have a big button that sends a shut-off request to the controls computer, and does not include a way to force the shutdown.
There is no rational reason for allowing such cars on public roadways.
A simple on/off switch that would disable the ignition system entirely independant of the control computers would solve the problem. It would also be able to provide an additional child-proofing safety function, which is how it could be marketed.
For all of my career in designing industrial control systems, there has been a requirement for a "Emergency Stop" function that must be independant of all control software and logic. That requirement is right next to the specification of the machines functions, and for very good reasons. Just like any other computer type of system, if a failure has caused an unwanted type of operation it can not be expected that the failed control system will respond to any command as required. So that is why the big red button provides the non-maskable hardware shutdown. Because if part of a system has failed other parts may also have
The paperwork that surfaced during the Pinto fire lawsuits showed that Ford made a conscious decision to balance the cost of production against the cost of liabilities. Nothing specific to the Pinto model ever came to light, but documentation exposed a culture that balanced the monetary cost of liabilities against the cost of producing the vehicle.
I guess safety didn't sell back in the Seventies, but hey, now there's a mandate for every contingency.
Cameras on board rocket boosters were not common-place until after the Columbia accident. Now, most launchers have them. Aside from the fact that they provide way-cool images, they can be used forensically.
I haven't decided if it's a good idea or not. Today "free" people are under surveillance much more than anyone behind the iron curtain was in the bad old cold war days.
Amen to that Critic! Learn to safely shutdown your vehicle if it goes out of control. When a car is speeding down the freeway because the throttle is stuck wide open, even if the car is the fault, it became a driver problem if after several hundred feet they could not shutdown the vehicle!
Another example is manual stick shift cars and trucks. My teenage son has a 1981 F150 with a manual transmission. I have shown him and trained him on how to respond if he pushes in the clutch and it does not disengage. Brake hard and throw the shifter into neutral ASAP! Then safely coast to a safe stop (or push the truck to a safe spot). He has even demonstrated this to me so I can be sure he is aware of what to do.
TJ, the more I think about it, I think you are correct. I would certainly want to know if a pilot is flying incorrectly or heaven forbid, incompentantly. So why not the same for drivers and driverless cars? I think if 'accidents' were overwhelmingly shown to be driver error and people had to be held liable for their incompentant driving, then the cost of cars could go down. Automakers could focus on MPG instead of adding controls to correct bad drivers.
Then again, humans have a propensity for 'hiding' their faults and drivers will do the same to the blackbox recorder.
The thing that irritates me about the "sudden acceleration" cases is that the drivers should have been able to control the cars even if the throttles were stuck wide open. Get on the brakes and STOP immediately (yes, the brakes are more forceful than the engine, but only count on one stop), turn off the igntion while you are stopping (yes you can still drive without power steering, and you will still have power brakes unless you take your foot off the brakes, which you should not do, and no, the steering will not lock), and shift to neutral while you are stopping. Please practice this.
No matter how well a self-driving car is designed and manufactured, there will be failures and accidents. Having a black box and fail-safe systems will help, but will also add to the cost of the car. Manufacturer liability for accidents will also add to the cost to consumers.
I think I will drive the old-fashioned way, and avoid being surprised by a self-driving car failure. Yes, there will be failures.
TJ's comment about turning unknowns into knowns is the way to go. That's why they have black boxes on aircraft. If Toyota had a recording sensor on the accelerator and brake of their cars, they would have answer to the "driver error" question. As commented earlier, automakers are extremely cost sensitive, so the occasional $3MM lawsuit may be an "acceptable risk" to the accountants vs. the sensor cost. Widespread use of driverless technology may shift that equation to the point where the automaker's liability is high enough to justify the added product cost. Another possibility is legislation which limits liability per case, as is the case currently for air travel (see the fine print on your airline ticket).
TJ, from a purely engineering stand point I completely agree with instrumented vehicles with comprehensive data recorders. However, given the revelations of government snooping and the prospect of insurance companies wanting to monitor driving habits, no thanks!
Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.