Safety

Definitions
Why emphasize CAV-System safety? Three reasons to emphasize safety are
  1. injuries and fatalities represent tragedies that adversely affect everyone touched by the event, directly or indirectly,
  2. CAVs are unlikely to attract wide ridership if they are perceived to be unsafe, and
  3. state governments are unlikely to assume liability for unsafe systems.
Measure of safety
One measure could be collisions / CAV-mile. Others might include traveler injuries and cargo damage, which might also depend on various factors.
Achieving CAV-System safety
Proponents assert that CAVs are (or soon will be) much safer than vehicles driven by humans. Based on the poor safety record of automobile drivers, that assertion is very likely to become reality.
However, the claim of safety for CAVs on CAVWAYs must go further than predictions, and further than comparisons to the poor safety record of cars with human drivers. Safety objectives for CAV Systems must be grounded in the vision of CAVs and CAVWAYs as safety-critical systems (see definition at right).
Safety by Design
As we see from his sixth commandment at right, Davius has strong convictions regarding safety in CAV Systems:
  1. Keep human drivers out;
  2. Design safety in;
  3. Build on a legacy of individual CAV safety innovations;
  4. Require that each CAV monitor its own status (fuel and lubricant levels, tire and oil pressures, engine temperatures, electrical currents and voltages, etc.) and report out-of-tolerance conditions;
  5. prevent any CC decision from endangering a CAV by building on CAV autonomy and assuring that CAVs use common protocols;
  6. Use radio navigation to mitigate visibility issues and enable any CAVWAY to establish a detour or a merge to bypass blockage;
  7. Design protocols such that lane changes are performed infrequently and only after CAVs determine that they are safe;
  8. Assure that required lane-changes (such as those which enable exiting CAVs to be in the local lane prior to their exit nodes and in the express lane otherwise) are always possible by mandating different constant speeds in adjacent lanes, .
Early warning
To protect each CAV against its own failure and from becoming a hazard to itself and other CAVs, meters and gauges (fuel, pressure, voltage, heat, etc.) on CAVs and at nodes are fundamental. Output from these devices will be available to each CAV controller: when all meters and gauges are within specified tolerances, a CAV controller will report that the health of that CAV is normal; otherwise, the controller will send an alert to CAVWAY Control (CC).
Situational awareness
CC and the CAVWAY Communication Network (CAVNET) will maintain a current system-level picture of the state of CAVs and CAVWAYs. Effective remedies to problems will rely on accurate, timely situational awareness.
Redundancy
Since all things electronic are vulnerable and all things mechanical are even more vulnerable, redundancy will be used to mask single points of failure. Once an element failure has been detected during operation, repair or replacement must follow in good time to restore redundancy and desired margins of safety (see definition at right). When restoration is not possible within a CAV, that CAV will be removed from traffic. When restoration is not possible within a CAVWAY, it must be reconfigured or shut down until a remedy which restores the required margin of safety has been found.
Common Protocols
Common protocols, observed by all CAVs, will ensure that each CAV anticipates the range of actions of CAVs close by and preserves all specified margins of safety (speed, spacing, etc.) at all times.
Autonomy
This concept, which relates to both security and safety, is intended to minimize the potential of accidents caused by faults at higher levels which could result in false guidance from CC. For example, CC may determine that it is time for a CAV (or multiple CAVs) to change lanes. However, no CAV will change lanes unless and until it has determined, using its own sensors, that it is safe to do so. In the event that a CAV loses its sensing ability, it will be warned to come to a stop and await rescue in its current lane. Note that this approach makes safety the primary consideration.
Fail safe
Concurrent or correlated faults and failures can cause potentially catastrophic events. Each CC must be designed to detect such situations, or fail in a safe way; a system-wide shut down may be necessary to prevent unpredictable and potentially hazardous outcomes. See fail-safe definition at right.
Human intervention (at multiple levels)
While, in general, CAVs on CAVWAYs will be much safer than vehicles with human drivers, there will be situations when human intervention will be necessary. This lesson, recently re-learned the hard way by the airline industry, should serve as a cautionary tale for designers of safety-critical CAV systems.
Davius' Sixth Commandment
Exclude human drivers and observe common CAV protocols so that CAV Systems may grant us safety.

The following definition is from Wikipedia:
"A safety-critical system or life-critical system is a system whose failure or malfunction may result in one (or more) of the following outcomes:
  • death or serious injury to people
  • loss or severe damage to equipment/property
  • environmental harm"

The following definition is also from Wikipedia:
The margin of safety is "a constant required value, imposed by law, standard, specification, contract or custom, to which a structure must conform or exceed. This can be referred to as a design factor, design factor of safety or required factor of safety."

The following definition is also from Wikipedia:
"A fail-safe in engineering is a design feature or practice that in the event of a specific type of failure, inherently responds in a way that will cause no or minimal harm to other equipment, the environment or to people."