HOME  |  NEWS  |  BLOGS  |  MESSAGES  |  FEATURES  |  VIDEOS  |  WEBINARS  |  INDUSTRIES  |  FOCUS ON FUNDAMENTALS
  |  REGISTER  |  LOGIN  |  HELP
Comments
View Comments: Newest First|Oldest First|Threaded View
Page 1/3  >  >>
tekochip
User Rank
Platinum
Re: preventing the unknown
tekochip   7/7/2014 12:31:41 PM
NO RATINGS
For something critical we frequently use two different ADCs, just in case something goes wrong with the multiplexer in the ADC.

patb2009
User Rank
Gold
Re: UNKNOWN
patb2009   7/5/2014 4:13:21 PM
NO RATINGS
You can't prevent the unknown but you can clearly reduce the odds down to the billions or trillions.

 

Consider a fault that kills is 1 in a million per year.  Seems like a tolerable number?

Well, considering a good selling car can sell 8 million, tha'ts 8 people per year.

if it's a systemic fault, we have a fleet of 100 million cars, you are killing 100 people

per year.  Given the litigation hazard for death is about 2 million per person,

that's potentially $200 Million in cost every year.  

 

if you can get the problem down to 1 in a billion, then it's $200K per year.

 

If you consider aircraft engines, a single faulty disk can kill a plane, that disk will turn at 5,000 RPM for thousands of hours.  That's 10EE8 rotations per engine, 2 engines per bird,

a thousand aircaft of type easily made.


How do you get to 1 in a trillion failures?  Well that's what risk analysis is all about.

 

every failure is analyzed, predicted, and chased down. then, they are designed against

or inspected against, or monitored against.

 

It's why airplanes rarely crash.

 

 

patb2009
User Rank
Gold
preventing the unknown
patb2009   7/5/2014 4:07:54 PM
NO RATINGS
Everything needs to be designed to be 2 fault tolerant and self diagnosing.

 

You don't make a single channel throttle pedal, and you don't make a 2 channel throttle pedal where the A channel and B Channel send the same voltage.  to show the same position because a sneak circuit reduces you to 1 channel with no visible detection.

 

No you design it so the A channel sends 0-6 volts and the b Channel sends 13-18

volts  that way, if you get 14 volts on the A channel you know there is a sneak circuit,

and if you get 5 volts on the B channel you also know  and during startup the system

checks itself out by running on single channel.

 

now it takes 2 failed channels to kill the throttle.

 

you put in things like a hard stop button, that kills the driveline.

 

and as charles points out, you have telemetry, and record everything.  Wheel inputs,

brake inputs, brake outputs, ABS frames, get it all. voltages, running lights, 

 

 

JimT@Future-Product-Innovations
User Rank
Blogger
Re: Driving Skills
JimT@Future-Product-Innovations   1/16/2014 1:02:45 PM
NO RATINGS
Even as a competent Design Engineer, I strongly advise there is no better safeguard against accidents than an experienced, skilled operator.  It's just sad that people (in general) expect everyone else to protect them, and take no personal responsibility in the fact that they perhaps don't belong behind the wheel of a car.

This mentality has forced all automakers to include countless so-called 'safety' features, in effort to appease the unqualified demands of the public.

If you think about it, if we lived in a world where this was not so important, there would exist a natural-selection process which would help keep roads safer, merely by thinning the herd.

(I'm just sayin',,,please don't bombard me with insensitivity comments !!)

Charles Murray
User Rank
Blogger
Re: UNKNOWN
Charles Murray   1/13/2014 2:05:20 PM
NO RATINGS
Yes, an engineer would have to be a prophet to consider all possibilities, bobjengr, and therein lies the problem. A class action suit resulting for one of those unforeseen problems can practically crush a company. It almost did in Audi's case, and we still don't know for sure what the cause was there.

imagineer1000
User Rank
Iron
Simplify...
imagineer1000   1/13/2014 1:52:06 PM
NO RATINGS
What is alarming is how complex software is getting - and I think unnecessarily.  It hasn't helped reliability.  As an example, I rent dozens of vehicles a year, and in spite of the fact that none had more more than a few thousand miles on them I've had two rentals where the throttle and transmission simply stopped working when I was backing up  - one in the desert, the other in the snow.  Both times required shutting off the ignition to get them working again.  In a combined 700,000 miles/65 years on my old personal vehicles under worse environmental conditions than I've subjected any rental to I've never once had an issue with the transmission (OK - except for leaking seals, and frozen solid due to -45F).  I've also had two rentals suddenly go to full throttle for no reason (when cruise control was engaged) - fortunately both were on interstates with no traffic around me.  Not hazardous, but definitely irritating.

And mind you, what will happen when these complex systems are subjected not to unusual environments - including EMI, but to deliberate malicious attack - say a bunch of teens who get their jollies out of watching drivers reactions when they cause a vehicle to accelerate just before a red light?

Reliabilityguru
User Rank
Platinum
Welcome to my world
Reliabilityguru   1/13/2014 9:37:45 AM
NO RATINGS
Building the safety case for software controlled weapon system; we are required to prove that the probability of a hazardous incident is less than 1 in a million. The only way to do this is by analysis, supplemented with tests. The system has to be partitioned and designed from the beginning to support the safety case. In the end it does not matter what fault or rather what faults in combination lead to a catastrophic event so all possibilities must be accounted for over the life of the system.

bobjengr
User Rank
Platinum
UNKNOWN
bobjengr   1/11/2014 5:37:08 PM
NO RATINGS
  

Excellent post Charles.  One factor that  contributes to the unknown is the condition of the car AFTER maintenance has been performed.  I think we all have had problems resulting from maintenance that might have fixed one problem but created another.  Then it becomes "he said--she said". Is the fault basic engineering or issues AFTER customary work accomplished during the life of the vehicle.  I really don't know how engineers can prepare for outcomes such as this.    I have been part of FMEA (failure mode effect analysis) exercises and sometimes the possible number failure modes are truly astounding.  Add to that customer interaction and maintenance and you have to be a prophet to understand all of the possibilities.   

Charles Murray
User Rank
Blogger
Re: Driving Skills
Charles Murray   1/10/2014 5:33:01 PM
NO RATINGS
You're right, critic, there will be failures. Watching my car struggle through the recent deep freeze, with mechanical parts locked up by sub-zero temperatures and snow, I wondered how good those autonomous vehicles will be when they face bad weather and aging parts. Will they know the headlights are blocked by ice and snow? Will the camera-based sensors be able to see under those conditions? And, if not, will they know they can't see? Vehicle intelligence will be built up by years of experience and, yes, failures.

William K.
User Rank
Platinum
Re: Driving Skills: and hardware thrills
William K.   1/10/2014 5:31:28 PM
NO RATINGS
Bob, I wonder if some of these cars would allow shifting into neutral. If the shifting is controlled by the same computer that has failed and locked the throttle open, then possibly not. And I know that at least a few transmissions are entirely controlled by electronics, although I think that they may have a mechanical link for the "park" locking function. And using the brakes can get interesting when the engine won't slow down. Quite a few years ago I drove a lab car about 50 miles after the idle speed cam control system froze, and the "idle" would run about 78MPH. The day was bitter cold and it was befor cell phones, and so the chice was sit and freeze or dive and heat up the brakes. They were quite hot by the time I got back. And even with good power brakes, slowing a vehicle with the engine running hard is not easy. 

Page 1/3  >  >>


Partner Zone
Latest Analysis
If you didn't realize that PowerPoint presentations are inherently hilarious, you have to see Don McMillan take one apart. McMillan -- aka the Technically Funny Comic -- worked for 10 years as an engineer before he switched to stand-up comedy.
The first Tacoma Narrows Bridge was a Washington State suspension bridge that opened in 1940 and spanned the Tacoma Narrows strait of Puget Sound between Tacoma and the Kitsap Peninsula. It opened to traffic on July 1, 1940, and dramatically collapsed into Puget Sound on November 7, just four months after it opened.
Noting that we now live in an era of “confusion and ill-conceived stuff,” Ammunition design studio founder Robert Brunner, speaking at Gigaom Roadmap, said that by adding connectivity to everything and its mother, we aren't necessarily doing ourselves any favors, with many ‘things’ just fine in their unconnected state.
When my daughter decided she wanted to study engineering, I was very proud of her. At the same time, in the back of my mind, I wondered if she knew what she was in for.
AutoDesk has teamed up with 3D scanner provider Artec to link CAD software and 3D scanners to make it faster and easier to create accurate 3D mesh models for printing or digital use.
More:Blogs|News
Design News Webinar Series
11/19/2014 11:00 a.m. California / 2:00 p.m. New York
11/6/2014 11:00 a.m. California / 2:00 p.m. New York
10/7/2014 8:00 a.m. California / 11:00 a.m. New York
12/11/2014 8:00 a.m. California / 11:00 a.m. New York
Quick Poll
The Continuing Education Center offers engineers an entirely new way to get the education they need to formulate next-generation solutions.
Dec 1 - 5, An Introduction to Embedded Software Architecture and Design
SEMESTERS: 1  |  2  |  3  |  4  |  5  |  6


Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.
Last Archived Class
Sponsored by Littelfuse
Learn More   |   Login   |   Archived Classes
Twitter Feed
Design News Twitter Feed
Like Us on Facebook

Sponsored Content

Technology Marketplace

Copyright © 2014 UBM Canon, A UBM company, All rights reserved. Privacy Policy | Terms of Service