Blog from SafeTTy Systems Ltd
This page hosts an informal “News Blog” from members of the team at SafeTTy Systems Ltd.
The page is used to highlight and comment on current news stories and events that we have found of interest – and that we hope may also be of interest to visitors to this site.
If you are looking for ‘News about SafeTTy Systems’ please visit our Announcements page.
Is it possible to build a safe ‘Level 3’ passenger car?
According to SAE J3016, control systems for road vehicles can be classified as follows:
- Level 0 – No Automation: The full-time performance by the human driver of all aspects of the dynamic driving task, even when enhanced by warning or intervention systems
- Level 1 – Driver Assistance: The driving mode-specific execution by a driver assistance system of either steering or acceleration/deceleration using information about the driving environment and with the expectation that the human driver performs all remaining aspects of the dynamic driving task
- Level 2 – Partial Automation: The driving mode-specific execution by one or more driver assistance systems of both steering and acceleration/deceleration using information about the driving environment and with the expectation that the human driver performs all remaining aspects of the dynamic driving task
- Level 3 – Conditional Automation: The driving mode-specific performance by an Automated Driving System of all aspects of the dynamic driving task with the expectation that the human driver will respond appropriately to a request to intervene
- Level 4 – High Automation: The driving mode-specific performance by an Automated Driving System of all aspects of the dynamic driving task, even if a human driver does not respond appropriately to a request to intervene
- Level 5 – Full Automation: The full-time performance by an Automated Driving System of all aspects of the dynamic driving task under all roadway and environmental conditions that can be managed by a human driver
On first inspection, the SAE levels describe a plausible ‘technology progression’ that might reasonably be expected to lead to the development of safe, fully-autonomous vehicles in due course. How long it might be before Level-5 vehicles become commonplace (or even the norm) is not yet clear, but a recent article in the New York Times (31 October 2017) highlights some of the progress that Waymo – part of the Google family – is making in this area.
An interesting issue that is touched on in the above article is the difference between ‘Level 3’ and ‘Level 4’ vehicle control systems (VCSs).
According to SAE definitions, both Level-3 and Level-4 vehicles exhibit a degree of autonomy. An important distinction arises from the assumptions made about the role of the driver in situations in which the VCS makes a “request to intervene”.
According to the article in the New York Times:
“Humans, [Waymo] … says, can easily lose concentration while driving with Level 3 autonomy, even though they often need to take over at a moment’s notice.”
If we are going to build VCSs that may issue a “request to intervene” then – presumably – such systems need to check that the driver is (at least) awake before they attempt to hand back control.[It is perhaps worth noting that systems built using a DuplicaTTor Design Suite provide one way of achieving this.]
If the VCS issues a request to intervene but the driver is not ready to take back control, then what do we do?
In a Level 4 design, we should not have a safety issue (because – by definition – the VCS must be designed to operate safely “even if a human driver does not respond appropriately to a request to intervene”).
In a Level 3 design, the safety position is not so clear (because – by definition – we have been required to assume that the driver “will respond appropriately to a request to intervene”).
Where does this leave us? Unless we can be sure that our driver will be ready to take over at any time during the journey, then it is difficult to see how we can be confident in the safety of any ‘Level 3’ design.
Perhaps we therefore need to consider another category – let’s call it ‘Level 3.5’.
In our proposed Level 3.5, we need to check that the driver is alert before we return control to him or her. If the driver is not alert when we wish to return control, we must enter a ‘limp home‘ mode in which we will try to get the vehicle to a location in which it can be brought safely to a halt.
[2 November 2017]
Spanish woman ‘crushed between floors’ in Seville hospital lift
According to reports on the BBC New website, a Spanish woman died after being crushed in an accident involving a hospital lift on Sunday 20 August 2017.
Rocío Cortés Núñez, 25, had just given birth by Caesarian section in Seville’s ‘Our Lady of Valme’ hospital when the incident occurred. Her hospital trolley was being wheeled out of the lift when it began to rise with its doors open, leaving part of her body hanging outside. Firefighters were called to rescue her but she could not be saved.
Further information can be found on the BBC website.
On the surface, this incident appears similar to the lift accident at Minato Ward (Japan) in 2006.
In the 2006 accident, a student was backing out of the lift with his bicycle when the system began moving: he died of asphyxiation.
In several previous cases, incidents with lifts have apparently been attributed to software issues.
It is to be hoped that a report of the causes of the incident in Seville will be made public.
[21 August 2017]
New technology trials to improve bus safety in London
Transport for London has announced plans to test new safety technology on London buses. Automatic braking will be included in the trial.
Earlier this year the Mayor of London, Sadiq Khan, set out a ‘Vision Zero’ approach to road danger in his draft transport strategy. It aims for no one to be killed in or by a London bus by 2030, and for deaths and serious injuries from road collisions to be eliminated from London’s streets by 2041.
All of the new technology will receive an independent trial at the Transport Research Laboratory (TRL). Their leading engineers and technical specialists have been appointed to work with TfL, bus manufacturers and operators to trial a range of potential new safety measures including:
- Autonomous Emergency Braking Systems that allow the vehicle to detect its surroundings and automatically apply the brakes;
- systems to alert pedestrians and other road users of the presence of buses, such as lights or audible warnings;
Further information can be found on the Transport for London site.
[16 August 2017]
Driverless trains in Malaysia
There are various articles on this page about the development of future driverless cars: driverless trains are already in use.
For example, Bombardier have delivered a driverless train that operates on Kuala Lumpur’s new fully-automated CityFlo 650 network.
Running along the second phase of the new Klang Valley line, passengers can now cross the Malaysian capital in under 90 minutes.
CityFlo 650 signalling is a CBTC system which makes use of bi-directional radio communication between trains and wayside equipment to control train operation. Trains report their position via radio, and a signalling system provides movement authorities to the trains (again via a radio link).
It is reported that this train technology has already been installed in 37 lines worldwide.
Further information can be found here.
[27 July 2017]
India to ban self-driving cars to protect jobs
It has been announced that India won’t allow self-driving cars.
Union road transport and highways minister Nitin Gadkari is reported to have said (25 July 2017):
“We won’t allow driverless cars in India. I am very clear on this. We won’t allow any technology that takes away jobs.”
You can learn more on the Hindistan Times website.
[27 July 2017]
Transport plans for London
The Mayor Of London has announced some ambitious long-term plans for transport in London.
For example, Policy 2 is as follows:
“The Mayor, through TfL, the boroughs, police and enforcement authorities, will adopt Vision Zero for road danger in London. The Mayor’s aim is for no one to be killed in or by a London bus by 2030, and for all deaths and serious injuries from road collisions to be eliminated from London’s streets by 2041.”
There will also be a big push towards electric vehicles (and cycling).
The proposals are currently out for public consultation.
You will find the proposals on the Mayor of London site.
[23 June 2017]
UK support for driverless cars
Petrol stations and motorway services will be required to install electric charge points, under plans outlined in the Queen’s Speech today (UK).
The measure forms part of a government push to increase the number of electric vehicles on UK roads.
The Automated and Electric Vehicles Bill also contains plans to push driverless car technology.
It includes an extension of car insurance to cover the use of automated vehicles.
Further information can be found on the BBC website.
[21 June 2017]
Just one driverless car eases traffic flow
In an article in ‘The Times’ newspaper (London, UK) today it is reported that having a single car “with autonomous speed-control and braking can improve the flow of at least 20 cars around it, with much less deviation in speed, excessive braking and fuel consumption”.
The source for this article is a research study carried at the University of Illinois (US).
The article in The Times is behind a ‘pay wall’: however, further information is available on the Science Daily site.
The development of safe autonomous vehicles presents many significant challenges. You’ll find more information about the work we are doing in this area in our ‘safer autonomy’ article.
[12 May 2017: Updated 31 August 2017]
Self-flying taxi to transport passengers in Dubai
From an article in the Daily Telegraph on 15 February 2017:
“An autonomous drone that can transport humans will start ferrying passengers around Dubai this summer.
The city will use the Ehang 184 for the airborne service. The Ehang is a drone that can fly without human direction and carry a single passenger and their bag. It can take one person on a journey up to 23 minutes long.”
You’ll find the complete article here.
[16 February 2017]
Tesla cleared by NHTSA
On 7 May 2016, while driving in Florida, Joshua Brown put his Tesla Model S into ‘autopilot’ mode: this allows the car to ‘drive itself’. The car’s sensors system subsequently failed to distinguish a large white 18-wheel truck and trailer crossing the highway. The Tesla drove into the trailer and Mr Brown was killed.
The U.S. National Highway Traffic Safety Administration (NHTSA) launched an investigation into this incident (investigation PE 16-007), the results of which were released on 19 January 2017.
The full report can be downloaded from the NHTSA website.
The summary from this report reads as follows:
On May 7, 2016, a 2015 Tesla Model S collided with a tractor trailer crossing an uncontrolled intersection on a highway west of Williston, Florida, resulting in fatal injuries to the Tesla driver. Data obtained from the Model S indicated that: 1) the Tesla was being operated in Autopilot mode at the time of the collision; 2) the Automatic Emergency Braking (AEB) system did not provide any warning or automated braking for the collision event; and 3) the driver took no braking, steering or other actions to avoid the collision. On June 28, 2016, NHTSA opened PE16-007 to “examine the design and performance of any automated driving systems in use at the time of the crash.”
The Office of Defects Investigation (ODI) analyzed the following subjects as part of NHTSA’s examination of the design and performance of Tesla’s Autopilot system: 1) Automatic Emergency Braking (AEB) system design and performance in the subject Tesla and peer vehicles; 2) human-machine interface issues related to Autopilot operating mode; 3) data from crash incidents related to Tesla’s Autopilot and AEB systems; and 4) changes Tesla has implemented in the Autopilot and AEB systems.
NHTSA’s examination did not identify any defects in the design or performance of the AEB or Autopilot systems of the subject vehicles nor any incidents in which the systems did not perform as designed. AEB systems used in the automotive industry through MY 2016 are rear-end collision avoidance technologies that are not designed to reliably perform in all crash modes, including crossing path collisions. The Autopilot system is an Advanced Driver Assistance System (ADAS) that requires the continual and full attention of the driver to monitor the traffic environment and be prepared to take action to avoid crashes. Tesla’s design included a hands-on the steering wheel system for monitoring driver engagement. That system has been updated to further reinforce the need for driver engagement through a “strike out” strategy. Drivers that do not respond to visual cues in the driver monitoring system alerts may “strike out” and lose Autopilot function for the remainder of the drive cycle.
A safety-related defect trend has not been identified at this time and further examination of this issue does not appear to be warranted. Accordingly, this investigation is closed. The closing of this investigation does not constitute a finding by NHTSA that no safety-related defect exists. The agency will monitor the issue and reserves the right to take future action if warranted by the circumstances.
According to reports on Reuters:
Legal experts said the agency’s decision does not mean automakers would escape liability claims in cases where driver assistance systems fail to prevent a crash.
“If it is known that drivers are misusing and being confused by your self-driving system, then that in and of itself can be a safety-related defect,” product liability lawyer Jason Stephens said.
[23 January 2017]
India Andhra Pradesh train crash leaves 36 dead and scores injured
According to reports on the BBC News website, another fatal train crash occurred in India on 22 January.
At least 36 people have been killed and many others injured after a train derailed in the Indian state of Andhra Pradesh, officials say.
Nine coaches and the engine left the tracks near Kuneru station in Vizianagaram district, the head of East Coast Railway, JP Mishra, said.
At the time of the BBC report (22 January), many people were still trapped in the wreckage and rescuers warned that the death toll could rise.
It is not yet clear what caused the train to derail.
Unfortunately, such crashes are not unusual in India.
In November 2016, more than 140 people were killed in a derailment in India’s northern Uttar Pradesh state.
In March 2015 another accident in Uttar Pradesh killed 39 people and injured 150.
It appears that significant investment is required in India’s railway infrastructure.
[22 January 2017]
Volkswagon recalling 135,689 vehicles because of ABS problems
According to the “Part 573 Safety Recall Report 16V-913” from the US ‘National Highway Traffic Safety Administration’ (NHTSA), Volkswagon is recalling more than 135,000 (US) vehicles because of potential safety concerns related to the ABS units.
According to the report, a specific fault within the antilock brake system (ABS) control module may cause the module to fail during ABS and/or electronic stability control (ESC) activation. If this happens, the brake system-related vehicle stabilising functions (ABS/ESC) may not be available, increasing the risk of a loss of vehicle control and could lead to a crash.
The problem is attributed to use of an incorrect solder compound during the manufacturing process, with the result that a ground connection of a power controller unit/chip (PCU) may be broken during vehicle use.
[22 January 2017]
US EPA accuses Fiat Chrysler of secretly violating emissions standards
According to a report on the NY Times website (12 January 2017), the US ‘Environmental Protection Agency’ has accused Fiat Chrysler of installing secret software that allowed more than 100,000 of its diesel vehicles to emit pollutants above legal levels.
The report notes that this case has echoes of one against Volkswagen (noted previously in this Blog).
In both cases, the government focused on software in vehicles that can adjust emissions levels.
[22 January 2017]
Uber cars jumping red lights?
According to The Guardian (newspaper) UK [Thursday 15 December 2016]:
California regulators ordered Uber to remove its self-driving vehicles from the road on the same day that the company’s vehicles were caught running red lights – violations the company immediately blamed on “human error”.
“It is essential that Uber takes appropriate measures to ensure safety of the public,” the California department of motor vehicles (DMV) wrote to Uber on Wednesday after it defied government officials and began piloting the cars in San Francisco without permits. “If Uber does not confirm immediately that it will stop its launch and seek a testing permit, DMV will initiate legal action.”
The full article is here.[We are grateful to Peter Ladkin for drawing this article to our attention.]
[15 December 2016]
What happened to EgyptAir Flight 804?
EgyptAir Flight 804 was flying between Paris (Charles de Gaulle) and Cairo on 19 May 2016 when it crashed into the sea. There were no survivors.
No mayday call was received by air traffic control. Messages indicating that smoke had been detected in one of the aircraft’s lavatories and in the avionics bay were automatically transmitted via ACARS shortly before the aircraft disappeared from radar.
Reports in ‘The Times’ newspaper (London) on 15 August 2016 quote Sebastien Busy (a lawyer with the French National Federation of Victims of Attacks and Collective Accidents) as follows:
“The preliminary investigation has confirmed the existence on this aircraft of technical failures which preceded the May 19 Paris-Cairo flight and EgyptAir should have been aware.”
Stephane Gicquel, head of the above federation, is quoted as saying:
“This aircraft should never have taken off from Roissy [Paris] without a repair.”
The Times reports that EgyptAir declined to comment.
[20 August 2016]
Uber to deploy self-driving cars in Pittsburgh (USA) from September 2016
According to a report on the BBC website:
A spokeswoman … told the BBC: “Starting later this month, Uber will allow customers in downtown Pittsburgh to summon self-driving cars from their phones, crossing an important milestone that no automotive or technology company has yet achieved.
“In Pittsburgh, customers will request cars the normal way, via Uber’s app, and will be paired with a driverless car at random. Trips will be free for the time being, rather than the standard local rate of $1.30 [£0.98] per mile.”
She added that Volvo had already sent a small number of sensor-equipped XC90 sports utility vehicles (SUVs) to Uber, which would be used in the initial trials. The carmaker intends to have delivered 100 such cars to its partner by the end of the year.
You can find the full report here.
[19 August 2016]
ERA report on rail accident at Santiago de Compostela (Spain) on 23 July 2013
On 24 July 2013, a rail accident occurred at Santiago de Compostela.
This accident is the subject of Report ERA/ADV/2015-6 from the European Rail Agency: this makes interesting reading (there are, in our view, lessons to be learned).
The ERA report can be found here.
We are grateful to Javier Echarte for drawing this report to our attention.
[19 August 2016]
Derailment at Paddington (UK), 16 June 2016
From the introduction of the Rail Accident Investigation Branch (RAIB) report published 18 August 2016:
At 18:12 hrs on Thursday 16 June 2016, a two-car diesel multiple unit train, operated by Great Western Railway (GWR), was driven through open trap points immediately outside Paddington station and derailed. It struck an overhead line equipment (OLE) mast, damaging it severely and causing part of the structure supported by the mast to drop to a position where it was blocking the lines. There were no passengers on the train, and the driver was unhurt. All the the lines at Paddington were closed for the rest of that evening, with some services affected until Sunday 19 June.
The full RAIB report on this incident is now available here.
[18 August 2016]
Fatal train crash near Bad Aibling (Germany) on Monday 8 February 2016
A fatal train crash is reported to have taken place near Bad Aibling on Monday 8 February.
The crash appears to have involved two trains travelling in opposite directions on a single-track commuter line.
We would expect this track to be fitted with a ‘Linienzugbeeinflussung’ (LZB) train protection system. Assuming that this system was installed, it should have been able to prevent such a crash: it is not yet clear why this did not happen.
We will say more about this event when further information becomes available.
[10 February 2016]
NHTSA letter to Google provides support for ‘driverless’ vehicles
The US National Highway Traffic Safety Administration (NHTSA) has written to Google in a manner that appears to represent a significant step forward in the introduction of ‘driverless’ vehicles.
In the letter the NHTSA says:
“As a foundational starting point … NHTSA will interpret ‘driver’ in the context of Google’s described motor vehicle design as referring to the SDS [Self-Driving System], and not to any of the vehicle occupants. We agree with Google its SDV will not have a ‘driver’ in the traditional sense that vehicles have had drivers during the last more than one hundred years.”
[10 February 2016]
California DMV: Draft Autonomous Vehicles Deployment Regulations
The Department of Motor Vehicles in California (USA) issued a draft release of their “Autonomous Vehicles Deployment Regulations” on 16 December 2015.
You can download a copy here.
[8 January 2016]
Amazon is now selling its own ARM-based chips
According to a report The Verge (dated 7 January 2016):
“An Israeli company acquired by Amazon last year has announced a new line of semiconductors, marking Amazon’s first foray into the chipmaking market. The company, Annapurna Labs, announced its Alpine line of ARM-based processors on Wednesday, nearly a year after Amazon acquired it for a reported $350 million. The company says its chips are designed for Wi-Fi routers, media streaming devices, connected home products, and data storage gear, and that they’ve already been used in commercial products from Asus, Netgear, and Synology.
The Alpine chips carry up to four processors and various networking technology, which the company says will boost the performance of routers and home products that are currently limited in computing power. As Bloomberg reports, the chips are targeted more toward low-power devices for storage and networking, rather than the high-end server market currently dominated by Intel. Intel is the world’s biggest supplier of PC chips and continues to command the market for data center computing, while ARM has a strong hold over the mobile market.”
You’ll find further information here.
[8 January 2016]
Are airlines about to jettison co-pilots?
In The Times newspaper (London, 2015-12-28) it is suggested that future aircraft could be flown without a co-pilot as a result of an EU-backed research project that is intended to reduce the number of air accidents – and reduce the cost of flying.
The project referred to is known as “Advanced Cockpit for Reduction of Stress and Workload” (abbreviated as “ACROSS”). The goal of the project (as summarised by The Times) is to develop more sophisticated autopilot technology that can take over the control of aircraft during bad weather, emergency situations, and in congested skies.
This is another interesting example of the ways in which autonomous embedded systems may have an influence on our world in the coming years.
Further information about the ACROSS project can be found here.
[28 December 2015]
The VW scandal rumbles on
If you are reading this page, you are probably already well aware of the problems at VW.
Reports on the BBC News website now suggest that the emissions-control software was supplied by Bosch. This report suggests that Bosch “had warned Volkswagen not to use its software illegally”.
Overall, this seems to be a very unfortunate (and unnecessary) development at a major car manufacturer.
There may – perhaps – be one positive outcome? As a result of discussions about this scandal, there may be greater public awareness of the use of software in cars (and the importance of this software). This must – surely – be A Good Thing.
[28 September 2015]
AAIB report on Boeing 787 fire at Heathrow Airport in 2013
The UK’s Air Accident Investigation Board (AAIB) has today [19 August 2015] published a report on the Boeing 787 fire that occurred at Heathrow Airport in 2013.
The full report can be downloaded here.
Extracts adapted from the Introduction and Summary of the report are reproduced below.
On the afternoon of Friday 12 July 2013 the Air Accidents Investigation Branch (AAIB) was notified of a ground fire in a parked and unoccupied Boeing 787-8 on Stand 592 at London Heathrow Airport.
The aircraft suffered extensive heat damage in the upper portion of the aircraft’s rear fuselage, in an area coincident with the location of the Emergency Locator Transmitter (ELT).
The ground fire on ET-AOP was initiated by the uncontrolled release of stored energy from the lithium-metal battery in the ELT. It was identified early in the investigation that ELT battery wires, crossed and trapped under the battery compartment cover-plate, probably created a short-circuit current path which could allow a rapid, uncontrolled discharge of the battery. Root Cause testing performed by the aircraft and ELT manufacturers confirmed this latent fault as the most likely cause of the ELT battery fire, most probably in combination with the early depletion of a single cell.
Neither the cell-level nor battery-level safety features prevented this single-cell failure, which propagated to adjacent cells, resulting in a cascading thermal runaway, rupture of the cells and consequent release of smoke, fire and flammable electrolyte.
Fourteen Safety Recommendations have been made during the course of the investigation. In addition the ELT manufacturer carried out several safety actions and is redesigning the ELT unit taking into account the findings of this investigation. Boeing and the FAA have also undertaken safety actions.
[19 August 2015]
Robot kills worker at Volkswagen plant in Germany
According to a report on the UK’s Guardian newspaper WWW site, a robot has killed a contractor at one of Volkswagen’s production plants in Germany.
The 22-year-old man died on on Monday (30 June 2015) at the plant in Baunatal, about 100km north of Frankfurt.
The man is reported to have been part of a team that was setting up the stationary robot when it grabbed and crushed him against a metal plate.
The Guardian suggests that prosecutors are considering whether to bring charges and, if so, against whom.
[2 July 2015]
Pilot of TransAsia Flight 235 may have shut down wrong engine
TransAsia Airways Flight 235 (GE235/TNA235) was a domestic flight that crashed into the Keelung River on 4 February 2015, shortly after takeoff from Taipei Songshan Airport. The TransAsia Airways flight, operated with a ten-month-old ATR 72-600 aircraft, was flying from Taipei to Kinmen (Quemoy), a Taiwanese island off the coast of mainland Fujian, with 53 passengers and five crew on board. There were 15 survivors. [Wikipedia]
According to a report on the CNN WWW site, it appears that one of the plane’s engines failed during takeoff. The plane is able to fly with a single engine: however, it is reported that the pilot shut down the operational engine (by mistake). Such an action during takeoff would make a crash almost inevitable.
The final report on the crash is expected from Taiwan’s Aviation Safety Council (ASC) in November this year.
[2 July 2015]
KPMG report forecasts that 25% of UK vehicles will be fully autonomous by 2030
KPMG recently conducted a study on behalf of the UK’s Society of Motor Manufacturers and Traders (SMMT) entitled “Connected and Autonomous Vehicles – The UK Economic Opportunity“.
The report defines six levels of automation: L0 (“Driver only”) through to L5 (“System performs the lateral and longitudinal dynamic driving task in all situations encountered during the entire journey. No driver required.”).
The report argues that 25% of UK vehicles will reach L5 (and be fully autonomous) by 2030, with projected economic benefits of £51 billion (annually) to the UK economy by this time.
[1 July 2015]
US FAA is investigating a mix-up between passenger planes at Chicago airport
According to a report on the Fox News WWW site, the US Federal Aviation Authority (FAA) is investigating a close call earlier this week between two passenger jets that attempted to take off at the same time on intersecting runways at Chicago’s Midway International Airport.
It appears that Southwest Airlines Flight 3828 to Tulsa, Oklahoma, had been cleared for takeoff and was accelerating down the runway. An air traffic controller then saw Delta Air Lines Flight 1328 to Atlanta beginning to take off on the intersecting runway without proper clearance, the FAA said.
“1328, stop, stop stop!” the controller shouted, according to audio posted on the website LiveATC.net.
“1328 stopping,” the pilot answered in a calm voice, before the controller directed both planes to different taxiways.
It would appear that this incident may have arisen because of confusion between the aircraft call signs (“3828” and “1328”).
As we noted recently in this Blog, the US National Transportation Safety Board (NTSB) has recommended the installation of automated collision-avoidance systems on all new passenger cars. It now appears that such a feature may also be useful on passenger aircraft …
[19 June 2015]
Faulty household appliances cause around 4000 fires per year in the UK
According to a report on the BBC News website, faulty household appliances caused around 4000 fires per year in the UK in the period from January 2011 to March 2014.
Citing a report by the consumer-group “Which?”, the BBC website identifies washing machines, tumble dryers and dishwashers as the most likely source of problems. Fires included in the figures were those caused by appliances that were “faulty, incorrectly installed or improperly maintained”.
Richard Lloyd (Executive Director, Which?) is reported as saying that it was “shocking” that everyday appliances could “pose such a danger”.
We agree completely.
If a modern dishwasher (for example) is faulty, incorrectly installed or has been improperly maintained then – surely – the device should be able to detect this and shut itself down safely?
[14 June 2015]
US NTSB report recommends use of collision-avoidance systems on all passenger cars
The US National Transportation Safety Board (NTSB) has recently [19 May 2015] issued a new Special Investigation Report (SIR) that may have significant implications for manufacturers of road vehicles across much of the world.
The report (SIR 15/01) states that in 2012 alone, more than 1.7 million rear-end crashes occurred on US highways, resulting in more than 1,700 fatalities and 500,000 injured people.
The report investigates the extent to which the use of forward collision-avoidance (FCA) systems could help to prevent such crashes. The report concludes that the impact of many of these crashes could have been mitigated – or the crashes could have been prevented altogether – had appropriate FCA technology been employed on the vehicles concerned.
The main recommendation of the report is that manufacturers should install FCA systems as standard features on all newly-manufactured passenger and commercial motor vehicles.
The full report (SIR 15/01) is available here.
[10 June 2015]
Intel® to buy Altera®
It has been reported that Intel (the world’s largest chipmaker) is to acquire Altera (the world’s second-largest manufacturer of FPGAs) in a deal worth around US $16.7 billion.
Most press reports have focussed on the possible impact of integrating Intel processors and FPGAs in “datacentres” and related high-end computing applications (such as web searches based on image matching).
It remains to be seen whether this acquisition will also have implications for processor offerings by Intel in the “embedded PC” sector, where there may also be some very interesting opportunities (not least in the areas of multi-core designs, safety and security).
[7 June 2015]
Rollercoaster crash at Alton Towers
We’ve received a number of questions about the rollercoaster incident at Alton Towers in the last few days.
At this time, very little information is available about this incident.
Alton Towers is a theme park in the county of Staffordshire, UK. The Smiler ride is described on the park WWW site as “the world’s first 14-looping rollercoaster”. It is a computer-controlled, multi-car design. It opened in May 2013.
On Tuesday 2 June 2015, there was a crash involving one car (in which there were passengers) and an empty car on the track. Several of the passengers in the occupied car suffered serious injuries.
It should – clearly – not be possible for two cars to be present on the same track section at the same time. It therefore appears that there was a serious malfunction in the rollercoaster control system.
An investigation is currently under way by the UK’s Health and Safety Executive (HSE).
A further post will follow when more information is available.
[7 June 2015]
Did incorrect software configuration cause A400M crash?
On 9 May, an Airbus A400M military airlifter crashed in Spain on its maiden test flight, resulting in the deaths of several flight crew.
This appears to be the first reported crash involving an A400M aircraft.
Recent reports (29 May 2015) on the Aviation Week website – attributed to Airbus Chief Strategy Officer Marwan Lahoud – suggest that incorrect installation of the engine-control software took place during final assembly of the aircraft and that this led to engine failure and the resulting crash.
Further information can be found here.
[30 May 2015]
Airworthiness Directive for Boeing 787
Mike Ellims drew a recent [1 May 2015] Airworthiness Directive from the (US) Federal Aviation Administration to our attention:
“SUMMARY: We are adopting a new airworthiness directive (AD) for all The Boeing Company Model 787 airplanes. This AD requires a repetitive maintenance task for electrical power deactivation on Model 787 airplanes. This AD was prompted by the determination that a Model 787 airplane that has been powered continuously for 248 days can lose all alternating current (AC) electrical power due to the generator control units (GCUs) simultaneously going into failsafe mode. This condition is caused by a software counter internal to the GCUs that will overflow after 248 days of continuous power. We are issuing this AD to prevent loss of all AC electrical power, which could result in loss of control of the airplane.[Emphasis added.]
You’ll find the complete document here.
Overall, you might have hoped that – by now – we’d be beyond the point when we faced this type of “counter overflow” problem when developing code for use in high-integrity embedded systems. However, the cause of this problem may not simply lie with the coding team involved (or – indeed – with the teams involved in reviewing this code).
For example, the requirements specification for the GCU design may have stated “maximum 10-day continuous operation” (or equivalent) – in which case, the counter implementation may be considered acceptable. However – even if this was the case – then the “user manual” for the GCU should have recorded this 10-day limit, which should then have resulted in a daily reset (or similar) of the GCU being included in scheduled maintenance activities for the aicraft: this doesn’t appear to have happened in this case.
Many modern embedded systems are complicated things …
[3 May 2015]
Autonomous vehicles in the UK (further thoughts)
Some interesting comments in the Times newspaper (London) yesterday.
It is suggested (apparently based on a UK government report that is due out later this week) that the cost of insurance for drivers will be reduced as the advent of autonomous vehicles means that “human error would be all but eliminated”.
This is (presumably) a reference to human error by the driver, not to human error by the designers of the vehicles concerned …
Comments from the UK’s former science minister (David Willetts) are also reported in this article, as follows:
“I think the technology for you to just get on the M1 [a UK motorway] and ask the car to drive along at 60mph and exit at Junction 19, while you’re on your iPad, I think that should be do-able with five years. The technology of saying: take me to the Vue cinema at Westfield, find a parking space and collect me at 10pm, that’s 10 or 15 years away.”
The general consensus here is that the timescales are a little optimistic (but the “motorway first” approach is sensible).
[10 February 2015]
Hacking threat to drivers?
Today, “The Times” newspaper (London, UK) ran a front-page headline as follows:
“Hacking threat to drivers: Wireless networks let cyber-criminals seize control of cars”.
The article begins:
“Millions of cars are at risk of being hacked by criminal gangs or terrorists who could steal information, extort money from drivers or even cause vehicles to crash, motoring experts have warned.”
This sounds very serious, but – while comments in the article are attributed to various “experts” – the evidence provided in support of the claims made is rather limited (and not at the level that one might expect from a newspaper of this quality, even in the “silly season” between Christmas and New Year).
As the degree of connectivity between embedded devices grows, there are very legitimate concerns about security and safety. However, it is very difficult to see that the main threats highlighted in this article are at all realistic at this point in time.
[27 December 2014]
Philae has landed!
Many congratulations to everyone behind the Philae probe from all at SafeTTy Systems.
Jean-Jacques Dordain, Director-General of the European Space Agency is quoted as saying “This is a big step for human civilisation.”
We couldn’t agree more.
[12 November 2014]