It's unfeasible to engineer a self-driving car that won't ever get into a collision. But there is a silver lining for when they do. “When autonomous vehicles have accidents, we can't blame the driver and it will force us to focus on the electronics,” Todd Hubing, Professor Emeritus of Electrical and Computer Engineering at Clemson University, said.
Delivering a keynote at DesignCon 2018, “How Do We Make Autonomous Vehicles Safe Enough?” Hubing proposed that safety considerations for autonomous vehicles are going to radically change the way automotive engineers design automotive electronics systems. “Today's automotive electronics are much less reliable than we give them credit for,” he said. “Systems don't work according to standard, or they don't work at all. In the automotive world it's happening every day and even resulting in loss of life.”
|In his DesignCon 2018 keynote Todd Hubing said the automotive industry is going to experience a serious need for EMC/SI expertise because of autonomous vehicles. (Image source: Design News)|
There's an inherent issue when it comes to defining safety when it comes to autonomous cars, according to Hubing. It's generally understood that an autonomous system should, at least, be safer than a human driver. But, according to Hubing, “... worldwide more than 3000 people die every single day in car accidents. If autonomous vehicles were responsible for even one percent of that – if someone was being killing in an autonmous vehicle every day – it would get lots of attention and people wouldn't trust autonomous vehicles.”
Even proposing that autonomous cars never cause a fatality is far too unrealistic of a goal for Hubing. He said that in the United States alone, the grand sum of vehicles operate for a total of 50 billion operation hours per year. “Designing a system that is guaranteed not to fail in 50 billion hours is an undoable criteria,” he told the DesignCon audience. “If we tried to design to that cars would be too expensive.”
Even functional safety standards have to acknowledge this. ISO 26262 allows for about a one in ten billion chance that electronics failure can cause a fatality. “That means in the U.S. ISO 26262 is basically acknowledging electronics will kill about five people per year,” Hubing said. “But it's achievable. It puts the odds of dying in a vehicle down to the odds of dying of natural causes.”
The explosive growth of automotive electronics is creating more complex systems responsible for safety critical vehicle functions. This means the safety of the vehicle is subject to all the hazards of electronics – everything from water damage, mechanical deformations, and component failures, all the way to software errors and EMC problems. And the major issue in the incidence of an electronics failure, Hubing said, is that when electronics fail they largely leave no evidence, meaning that relying on testing to mitigate electronics issues is a failing proposition for engineers.
“If you look at aerospace and commercial aircraft they do a lot of testing, but the auto industry can't afford to do that,” Hubing said. “... The good news is that the auto industry has never relied on testing.”Hubing said that auto industry practices like failure mode effect management – essentially asking what could fail inside of car and how the effects of that failure can be mitigated, maintaining a compliance database, and performing recalls could allow automotive engineers to take the necessary steps to make future self-driving vehicles as safe as possible.
“[Typically] the idea is we start the design process with a management plan, establish vehicle requirements, then establish system level requirements. Then we design at the component level...” Hubing said. “Every step of the way we provide the requirements but also have to come up with how we're going to verify that the vehicle meets the requirements. It's the same at the system level. ... The problem is that process isn't working that way. We're designing vehicles but building prototypes while still making requirements.”
Hubing cautioned that this methodology creates a slippery slope in which engineers start designing components and systems with the sole objective of passing a test. But it's not possible to ensure safety by testing alone.
“We're going to have to rely on accident data and customer complaints,” Hubing said. Doing this will allow auto engineers to recognize and record failures and also establish a protocol of designing for compliance. “I think there's going to be significantly increased demand for EMC/SI engineering expertise. There's a serious lack in auto industry right now and we're about to need a whole lot of it.”
Pacific Design & Manufacturing, North America’s premier conference that connects you with thousands of professionals across the advanced design & manufacturing spectrum, is back at the Anaheim Convention Center February 6-8, 2018! Over three days, OKuncover software innovation, hardware breakthroughs, fresh IoT trends, product demos and more that will change how you spend time and money on your next project. CLICK HERE TO REGISTER TODAY!
Chris Wiltz is a Senior Editor at Design News, covering emerging technologies including AI, VR/AR, and robotics.