[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Race condition...

Hi Denis

I wasn't referring to the Prius case but the general accelerator problem.

What I also used to do was to digitally filter all signal inputs to reduce spurious signals and interference.

Ian 
>> wrote that using the brake switch made it into a safety component. This would be true if it was critical and used for braking; however, used as a secondary signal it is less critical, and as I cited it would only be critical if both the accelerator signal AND the brake signal failed simultaneously. 

I also used to build in physical limits. For example, I would take measurements on how fast someone could actually depress the accelerator pedal, then (say) double it for someone being really quick, and then take this as the maximum throttle change rate. There are a large number of parameters that have physical limits on them.

By the way, the issue of using the brake signal may well come from another sensor these days, but somewhere I recently read that other manufacturers were using a braking sensor to override the accelerator. My 9 year old A-class has a manual gearbox and a box of electronics controlling the clutch; hitting the brake disengages the clutch, and this is pretty safety critical.


Tony Gore 
email  tony@xxxxxxxxxxxx 
tel +44-1278-761000  FAX +44-1278-760006  GSM +44-7768-598570 
URL: www.aspen.uk.com 
Aspen Enterprises Limited 
Registered in England and Wales no. 3055963 Reg.Office Aspen House, Burton Row, Brent Knoll, Somerset TA9 4BW.  UK 




-----Original Message-----
From: Denis A Nicole [mailto:dan@xxxxxxxxxxxxxxx] 
Sent: 19 March 2010 18:18
To: Tony Gore
Cc: occam-com@xxxxxxxxxx
Subject: RE: Race condition...

On Fri, 19 Mar 2010, Tony Gore wrote:

> Not on this one, but the original Toyota accelerator problem does appear to 
> have been a poor piece of software. It is normal when writing an engine 
> controller to take account of other inputs. Thus, if the brake is pressed 
> (in my days, detected by the same switch that puts the brake light on) then 
> you cut the fuel injection down to a small level to sustain combustion and 
> keep the engine ticking over and this also helps keep emissions down.
> 
> In the case of Toyota, they do not appear to have done this, or if they 
> have, the conflict between the signals has been mismanaged. This is why the 
> engine can have full throttle and is not overridden by the brake. Modern 
> engines (especially in US cars) are more powerful than the brakes, and this 
> is why people are finding it impossible to stop the car in some 
> circumstances.

Hi Tony/

Is the Prius case that simple? It's a hybrid. I had assumed that the problems 
were probably associated with the hand-off between regenerative and frictional 
braking. Presumably it tries not to use engine braking at all? Don't these 
systems have a smooth electric restart for the engine and shut it down 
completely under braking?

I've never looked inside a Prius (currently riding a bike while I repair 
the Land Rover) but I did go to school with Cedric Lynch.

PS Are you going back into the wave power industry now it's taking off?

Cheers,

Denis A Nicole              WWW:   http://www.hpcc.ecs.soton.ac.uk/~dan
School of Electronics       Email: dan@xxxxxxxxxxxxxxx
       & Computer Science   Phone: +44 23 8059 2703
University of Southampton   Fax:   +44 23 8059 3045
SO17  1BJ
United Kingdom