I really enjoyed the videos.

Excellent breakdown on a solution moving forward with assisted and autonomous driving safety.

Is it acceptable to have common cause for redundancy if the common causes are somehow monitored? or is there still a quantitative requirement on common cause? e.g. the common power supply can be monitored. For a fail-safe system.

Very Good Explanation

amazing

Perfect

perfect

Thank you very much, it's very informative, much appreciated

Myth of Men~!

Nvidia Qualcomm think that they can realise Automated Driving SAE L5 but they don’t have any automotive system and software safety knowledge. They may be good at mobile phones and Video games😂😂😂😂

Clear.

Great summary. Thanks you.

😇

Isnt the CRC / Polynomial Value 0x25 6 Bits long, yet it says "5-Bit CRC.." ? Anyways, super helpful video, thanks!👍

thank you

Very Interesting

Thanks for the lecture :)

I agree in general and all heartedly when it comes to Tesla. That being said, there may be a legitimate reason for this not to be entirely so simple. Take for example, how many miles or hrs of operation should the company test their AV to secure ALL the risks and ALL the conditions. The truth is nobody knows. If we brute force this, the number of miles approaches abysmal, which is also not only impractical but also does not secure handling of all unknowns. I realize that this video is aimed at the companies that disregard even the bare minimum, but we should also have a conversation about the best case and its limitations.

I'm someone who wants to transition from a rapid-prototype style to a more formal environment.. perhaps not for FAA/FDA/DOE approval, but to develop high quality/safe products for any industry.. aerospace (like Lockhead's SEAL Level X, Boeing , DDPMAS etc) , Medical, or Nuclear industries. I'd love to see a trivial example that shows all the steps and outputs. For example, assuming I document the process on how the code is generated, what constitutes proof that it's safe? Static Analysis, Code Coverage - Statement (Level C), Decision (Level B), MCDC (Level A)? Who defines the unit tests? I imagine there are differences between the industries.. FAA : DO-178X , DO 331 , ARP4754A , ED-12C FDA : 13485 , ISO14971 , IEC 62304 , SaMD and DOE : 414.1x, but what are the typical tools/software needed, and the typical document/artifacts in the various stages of the software life cycle? I saw a good video by CEMILAC Education Program "Airborne Software Development & Certification Process" and it's a bit overwhelming: Requirement Management - (IBM Ration) DOORS, JAMA, Xebrio, rmtoo florath , doorstop-dev / doorstop , reqview Static Source Code Analysis - Parasoft, PolySpace, CodeSonar, horusec , sonar cloud, veracode PREFast Dynamic Analysis / Modified Condition/Decision Coverage (MC/DC) - VectorCAST, RapiTest Configuration Management / Storage and Version Control System - Git, SourceSafe, Mercurial, MS TFS QA - Helix ALM V&V / Test Automation - VectorCAST, LDRA Testbed , Mathworks Simulink DO Qualification Kit Continuous Integration / CD - Continuous Delivery/Deployment And what is the general attitude towards open source software (ex. FreeRTOS) and code-generation tools (ex. ST's Cube MX)? How do CPLD and FPGAs fit in to the picture.. since not exactly software, but they are programmable devices written in an programming language like VHDL , (system) verilog?

Great video thanks

I am truly sick of being beta (and yes alpha) testers for individuals or enterprises/industries wasting money either trying to get "it" to work and or, as you say, leaving us a with the bag labelled you are to blame. grrr

At about 2:05 I say "in theory it would be unsafe" but should have said "in theory it would be safe"

These are the easy wins. They go with the grain of human nature - the human is active and "in the bubble" but assisted by computer based warnings. Another easy win would be to detect bad/drunk driving which is a significant source of accidents.

Interesting: the risk of degraded safety diagram is almost a dual (in OR/MS terms) of the Don Norman diagram of difficulty in using products, with the automated driving capability taking the role of the difficulties coming from the increasing number of features and the driver attention taking the role of novelty of technology. (Like a true dual, what is a negative here, the valley of degraded supervision, is a positive in Norman's diagram, the "temperate zone" of usability.)

For more on reasons why AutoPilot does not appear to improve safety beyond Automated Emergency Braking: safeautonomy.blogspot.com/2022/12/take-tesla-safety-claims-with-about.html

great content as always 😇

Is the preprint mentioned at 9 minutes (the Cruise pedestrian incident) available somewhere (i.e. link please)? Thx in advance.

I love your presentations, Very informative 👌

autonomousvehicle pipeline my rough understanding high resolution camera gives images which become inputs to the perception network, stero camera gives images with depth info which become inputs to density map generating network like sceneflow, Lidar radar imu etc also give info also becomes part of perception network to track identify, segment, bound and track object. Now the output of the above becomes the input for the slam algorithm where slam determines the localization of the vehicle in the environment and the approximate position of static landmarks and nearby dynamic objects. Given slam provides us with an updated map of the environment, the output map goes as input to an RL agent which decides at what speed, at what steering angle in which direction the vehicle has to move Now that the vehicle is moving a route map keeps track of whether the vehicle is following a desired path to reach the destination Is the rough outline of the pipeline correct or incorrect? looking forward to you comments

it is Bhopal not Bophal

Thats not true the PATRIOT was designed to be an ABM system since it’s first testing against corporal missiles and also testings of the pac-1 and pac-2 systems against lance missiles.

So you're supposed to PREpend the init? Opposite of the remainder bits? That makes no sense to me but I'll give it a shot. Thanks!

This diagram is a lot more understandable than the table on the website, thank you! One more important aspect is that would the checksum be valid on full zero or FF data.

素敵な映像ありがとうございました！！ またよろしくお願いいたします。

❤️ "PromoSM"

As a safety engineer, thank you for this content, especially for saying safety must be engineered, not assumed.

Is it not the case that while this is relevant for questions such as who is culpable for an accident, if the question is: how to maximise safety, statistical safety *is* enough. In fact statistical safety is the output of all other factors (notwithstanding your later point about risk transfer).

Phil, thank you so much for making these videos!

Excellent al article

Thanks truly for your help with understanding this topic.

Thank you and Happy new year.

Why are most AV tests being done in San Franciso ?

🎉🎉

Thank you Prof. Koopman. This was realy helpful. I am a developer in Nigeria with a lot of wild ideas for global products. I am trying to bootstrap a new company for this and this playlist is such a great foundation.

Thank you Mr Phil. This content is very useful and instructive.

I read in one of the accounts of the Oct. 2 incident in S.F. that the pedestrian who was struck by the human-driven Nissan was not in the crosswalk. She was jaywalking just beyond the crosswalk when she was struck.

saying thank you 🙏 good sir. i’m an iso26262 safety engineer in detroit. love your material - both the videos and the pdf lectures (especially the cartoons :) keep up the good work

People are still being blamed for this. Look at the Mackenzie Shirila trial in Ohio where she was just convicted of murder of her boyfriend and their friend after hitting a brick while travelling over 100 mph. She was 17 years old at the time and was sentenced at 19 years old after serving many months in incarcerated for 15 years to life. It is so obvious to me that this was the cause. She was driving a 2018 toyota camry. Someone needs to help this girl. Her family has appealed but it is a small town in Ohio and I feel that she is not going to have much luck changing the judges verdict - it was a bench trial.

We had to sell out Camry for parts because we couldn’t rightfully sell it to anyone to drive. So sad!