Teslas don't have any clutch or transmission that would allow the motor to rev up without the car moving. Similarly, the only way for the motor to rev to maximum is when the car is going top speed. Her recollection seems flawed in this area, which isn't surprising, because traumatic events do strange things to memory. Also, if I heard my car rev up when I wasn't expecting it, I'd be on the brakes immediately, not after 5 seconds.
-
Want to remove ads? Register an account and login to see fewer ads, and become a Supporting Member to remove almost all ads.
There is no clutch in the Tesla, just a gear reduction. So a "motor rev" would have to correlate to motion, wouldn't it?
I'm not sure what a "motor rev" sound would be in this car?
GatorGuy
Member
This was posted by wk057 in a SUA thread in the Model 3 forum. I thought it had alot of good information.
Tesla's accelerator pedal is actually the exact same drive-by-wire pedal used in several other manufacturer's vehicles. It's highly proven technology over decades. Nothing special at this point. No Tesla secret sauce here. Just two hall effect sensors with slightly different curves for redundancy and position validation. If they don't agree, the car doesn't move. If one has an issue, the car reduces power and gives an error. I've personally never seen one of these throttle assemblies have a problem because they're literally as basic as these things can get. It's plastic, a spring to return the pedal to rest, and two hall effect sensors for positioning. They're rock solid on reliability and used in millions of vehicles.
Tesla's side for sensing this goes even further to improve safety. They have two independent systems monitoring and logging the pedal sensors, isolated from one another. They both log the read position from both sensors. If anything doesn't exactly agree, the car doesn't move, gives an error, and reduces power to the point where you can barely do 0-60 in a minute.
The autopilot side of things also is not capable of accelerating the car at any major speed. The AP system just tells the motor, "this is how fast I want to be going and this is how quickly I want to get there" and the inverter firmware maps out a curve to get the car there based on the data, clamped internally to extremely reasonable values as far as acceleration goes. (Deceleration is another story, since AP is capable of commanding full regen and full braking.) The fastest AP can do 0-60 on its own is pretty pathetic, overall. I've tried it. The car will not launch even when commanded to go to 90 MPH at max longitudinal acceleration rate. It just gradually ramps speed, just as if you were at a light behind a vehicle with AP engaged. Nothing sudden about it.
I went a step further and modified the section of inverter code that limits the acceleration rate. No dice. The two other systems inside the drive unit immediately sent the system into limp mode when I tried to command massive acceleration digitally. To be able to do a full digital launch with no pedal application I had to modify the firmware in three different systems to bypass probably two dozen different safety checks. Long story short, it's simply not possible for the car to command massive acceleration on its own.
Going even further, the throttle map for acceleration is super accurate. It can interpolate 2^16 throttle positions with reasonable accuracy... which is impressive, since the ADC is technically something like 10-bit, and we're working with a throw distance of maybe a couple of inches at the end of the pedal. (Edit: Correction/clarification: The crosscheck ADC is 10-bit, the primary is actually 16-bit and doubled for redundancy on each input... so the throttle position is actually read 8 times in hardware for comparison.)
Finally, if the brake is applied, three different devices report this. There's the brake pedal switch, the iBooster, and the ESP modules. All are able to sense and report brake pedal application, and the three systems in the drive unit accept these in a binary OR fashion (if any report the brake is applied, the brake is applied). If the brake is applied even a tiny bit, the car is incapable of accelerating at full power. At best, if the accelerator is already pressed, the car will apply something like 5% of power for about a second before fully cutting power due to both pedals being applied. Those that think they had their foot on the brake and suddenly accelerated, try it yourself. Go somewhere safe with open space in front of you, apply the brake, and mash the accelerator. You'll either go no where, or at most move at super low power for less than a second (depending on the exact internal state of the system, which would be too complicated to get into full detail here).
Overall, I have a lot of beef with Tesla over many things... but this is one aspect where they did their homework and did it right. I'd argue that Tesla's throttle setup is probably at least twice as safe if not more than any other drive-by-wire throttle system out there. There are some many independent checks that it is just impossible for the car to do something like full acceleration without the drive explicitly commanding it, either intentionally or unintentionally, via the throttle pedal.
Tesla's accelerator pedal is actually the exact same drive-by-wire pedal used in several other manufacturer's vehicles. It's highly proven technology over decades. Nothing special at this point. No Tesla secret sauce here. Just two hall effect sensors with slightly different curves for redundancy and position validation. If they don't agree, the car doesn't move. If one has an issue, the car reduces power and gives an error. I've personally never seen one of these throttle assemblies have a problem because they're literally as basic as these things can get. It's plastic, a spring to return the pedal to rest, and two hall effect sensors for positioning. They're rock solid on reliability and used in millions of vehicles.
Tesla's side for sensing this goes even further to improve safety. They have two independent systems monitoring and logging the pedal sensors, isolated from one another. They both log the read position from both sensors. If anything doesn't exactly agree, the car doesn't move, gives an error, and reduces power to the point where you can barely do 0-60 in a minute.
The autopilot side of things also is not capable of accelerating the car at any major speed. The AP system just tells the motor, "this is how fast I want to be going and this is how quickly I want to get there" and the inverter firmware maps out a curve to get the car there based on the data, clamped internally to extremely reasonable values as far as acceleration goes. (Deceleration is another story, since AP is capable of commanding full regen and full braking.) The fastest AP can do 0-60 on its own is pretty pathetic, overall. I've tried it. The car will not launch even when commanded to go to 90 MPH at max longitudinal acceleration rate. It just gradually ramps speed, just as if you were at a light behind a vehicle with AP engaged. Nothing sudden about it.
I went a step further and modified the section of inverter code that limits the acceleration rate. No dice. The two other systems inside the drive unit immediately sent the system into limp mode when I tried to command massive acceleration digitally. To be able to do a full digital launch with no pedal application I had to modify the firmware in three different systems to bypass probably two dozen different safety checks. Long story short, it's simply not possible for the car to command massive acceleration on its own.
Going even further, the throttle map for acceleration is super accurate. It can interpolate 2^16 throttle positions with reasonable accuracy... which is impressive, since the ADC is technically something like 10-bit, and we're working with a throw distance of maybe a couple of inches at the end of the pedal. (Edit: Correction/clarification: The crosscheck ADC is 10-bit, the primary is actually 16-bit and doubled for redundancy on each input... so the throttle position is actually read 8 times in hardware for comparison.)
Finally, if the brake is applied, three different devices report this. There's the brake pedal switch, the iBooster, and the ESP modules. All are able to sense and report brake pedal application, and the three systems in the drive unit accept these in a binary OR fashion (if any report the brake is applied, the brake is applied). If the brake is applied even a tiny bit, the car is incapable of accelerating at full power. At best, if the accelerator is already pressed, the car will apply something like 5% of power for about a second before fully cutting power due to both pedals being applied. Those that think they had their foot on the brake and suddenly accelerated, try it yourself. Go somewhere safe with open space in front of you, apply the brake, and mash the accelerator. You'll either go no where, or at most move at super low power for less than a second (depending on the exact internal state of the system, which would be too complicated to get into full detail here).
Overall, I have a lot of beef with Tesla over many things... but this is one aspect where they did their homework and did it right. I'd argue that Tesla's throttle setup is probably at least twice as safe if not more than any other drive-by-wire throttle system out there. There are some many independent checks that it is just impossible for the car to do something like full acceleration without the drive explicitly commanding it, either intentionally or unintentionally, via the throttle pedal.
Last edited:
artsci
Sponsor
I’ve made the mistake several times (always when coming to a stop) of accidentally tapping the accelerator instead of the brakes. When I’ve tapped both, the car provides a warning beep. Fortunately I’ve never done any damage. But If I did, I wouldn’t blame SUA — it would have been totally my fault.
I have seen this statement by wk057 before, and have asked wk057 for a clarification of it in a personal message. But he has not responded. Therefore, I will ask again here.
If one reads wk057’s document entitled “Tesla Model S CAN Bus Deciphering”, then one finds the following:
CAN3, ID 0x0154
Description: Rear drive unit measurement info
Value descriptions:
○ pedal_position_sensor_A = byte2 * 0.4
○ pedal_position_sensor_B = byte3 * 0.4
■ 0% to 102%
■ Max observed is 100%
■ Redundant potentiometers in pedal
CAN3, ID 0x0106
Description: Rear drive unit info
Value descriptions:
○ pedalPos = byte6 * 0.4
■ 0% to 102%
■ Max observed is 100%
Since the description of CAN3 ID 0x0154 is “rear drive measurement info”, it looks the two values of pedal_position_sensor_A and pedal_position_sensor_B are the 16-bit digitized outputs of the two pedal position sensors. And since the description of CAN3 ID 0x0106 is “rear drive unit info”, it looks like the value of pedalPos is the 16-bit input to the throttle map derived from the two pedal position sensors. All three of these parameters are 100 Hz data. If this is true, then I have the following questions:
1) why is each pedal position sensor output cross-check sampled twice to get two 10-bit cross-check values for each position sensor? After all, merely having a second sensor output to check against the primary sensor provides redundancy.
2) what are the CAN bus ID’s for the four 10-bit cross-check values of the two sensor outputs? If they are not accessible on a CAN bus, then how do we know they exist?
3) Are the 10-bit cross-check values also 100 Hz data?
4) Does a time-filtered version of pedalPos also exist? (Wk057’s statement above mentions 8 read values. This probably consists of one 16-bit value and two 10-bit cross-check values for each of the two sensors, giving 6 read values. The pedalPos value at ID 0x0106 gives a seventh read value. So an eighth read value is needed. I have seen wk057 mention elsewhere that a time-filtered version of pedalPos may also exist).
5) If a time-filtered version of pedalPos exists, what is the CAN bus ID for this parameter? If it is not accessible on the CAN bus, how do we know it exists?
6) How often do values of the time-filtered version of the pedalPos parameter appear on the CAN bus?
7) Finally, which of these 8 parameters appear in the log file stored in the SD card and read out to the Tesla mothership over the 3G cellular network? What is the data rate of each of the parameters in the log file? (i.e., 1 Hz, 10 Hz, 100 Hz, or each time they change?)
Here is a way to tell if Tesla vehicles can possibly have sudden acceleration without the driver pressing on the accelerator pedal. I urge some Tesla owner to perform these tests and report back to this thread what the results were.
Disconnect the cable from the accelerator pedal sensor and, with the vehicle power turned off, do a conductivity test on the two connector sockets mating to the two +5V APP sensor supply voltage input pins to see if the +5V sockets are connected inside the inverter assembly. Then do another conductivity test on the two connector sockets mating to the two ground (GND) APP sensor input pins to see if the two GND sockets are connected inside the inverter assembly. If the two +5V supply sockets in the connector are electrically connected and the two GND sockets in the connector are electrically connected, then this can allow a single voltage drop on the GND line to increase both sensor outputs by the same amount, causing sudden acceleration. If the two +5V supply sockets are not connected and the two GND sockets are not connected, then you have just disproven that ground drops are a possible cause of sudden acceleration.
Now, with the cable connected back onto the accelerator pedal sensor, and while the vehicle power is off, connect the leads of two voltage meters to read the two sensor output voltages relative to sensor GND. Then turn on the vehicle power and observe the two sensor output voltages as the vehicle is being driven while pressing the accelerator pedal by various amounts. If the two sensor output voltages always differ by the same amount regardless of the amount the accelerator pedal is pressed, then you have just verified that the response of the accelerator pedals looks like Figure 1. With this type of accelerator pedal sensor response, it is impossible for anyone to tell from the output voltages alone whether a higher sensor output voltage is caused by a parasitic increase in both sensor voltages or by the driver pressing on the accelerator pedal. If the two sensor output voltages differ various amounts as the accelerator pedal is pressed, then you have just proven that sudden acceleration cannot be caused by an increase in the sensor ground voltage because the vehicle would detect any increase in pedal sensor outputs.
Disconnect the cable from the accelerator pedal sensor and, with the vehicle power turned off, do a conductivity test on the two connector sockets mating to the two +5V APP sensor supply voltage input pins to see if the +5V sockets are connected inside the inverter assembly. Then do another conductivity test on the two connector sockets mating to the two ground (GND) APP sensor input pins to see if the two GND sockets are connected inside the inverter assembly. If the two +5V supply sockets in the connector are electrically connected and the two GND sockets in the connector are electrically connected, then this can allow a single voltage drop on the GND line to increase both sensor outputs by the same amount, causing sudden acceleration. If the two +5V supply sockets are not connected and the two GND sockets are not connected, then you have just disproven that ground drops are a possible cause of sudden acceleration.
Now, with the cable connected back onto the accelerator pedal sensor, and while the vehicle power is off, connect the leads of two voltage meters to read the two sensor output voltages relative to sensor GND. Then turn on the vehicle power and observe the two sensor output voltages as the vehicle is being driven while pressing the accelerator pedal by various amounts. If the two sensor output voltages always differ by the same amount regardless of the amount the accelerator pedal is pressed, then you have just verified that the response of the accelerator pedals looks like Figure 1. With this type of accelerator pedal sensor response, it is impossible for anyone to tell from the output voltages alone whether a higher sensor output voltage is caused by a parasitic increase in both sensor voltages or by the driver pressing on the accelerator pedal. If the two sensor output voltages differ various amounts as the accelerator pedal is pressed, then you have just proven that sudden acceleration cannot be caused by an increase in the sensor ground voltage because the vehicle would detect any increase in pedal sensor outputs.
Here's an easier solution: stop confusing the brake with the accelerator and you won't crash into things while parking.
The two graphs above represent the two common methods of providing fail-safe sensor feedback. If I remember correctly, @wk057 has mentioned that Tesla uses the opposing sensor method. Regardless, both methods work equally well in protecting against voltage fluctuations and SUA events caused by electrical faults.
In your example, you propose that a transient voltage spike would affect both sensors equally. However, both sensors being off by the same amount would cause an implausible signal fault and put the vehicle in limp mode.
Last edited:
Your two figures and my figure above constitute the THREE common methods of providing redundant sensors. You are correct that the two methods you showed would detect a voltage offset, caused by a common ground voltage drop, that affects both sensors equally. But the method I showed would NOT detect such equal voltage offsets in both sensors. This is why I am asking for someone to measure the sensor responses and determine experimentally which type of redundancy method is being used.
And, no, wk057 has not mentioned that Tesla uses the opposing sensor method. It was mongo who mentioned this, and he is apparently not so sure now after learning that wk057 said on Oct 4, 2016:
"The accelerator pedal uses two independent hall effect sensors. These are both routed through different wiring harnesses on each side of the car and eventually go directly to the inverter at the rear motor. These sensors each have their own offsets so they can be compared for consistency/accuracy. If the readings from the sensors don't perfectly pass sanity checks in the inverter then the car doesn't move and it throws an alert to the driver to that effect." See posts #405 and #406 in the discussion of Sudden Unexpected Acceleration at Sudden Unexpected Acceleration today. Notice that wk057 mentions "offsets" and not different slopes.
Looks like Porsches can have this "sudden unintended acceleration" problem too:
"0 to 100km/h in less than five seconds"
"0 to 100km/h in less than five seconds"
SucreTease
Teslarian
Well, yay!! Tesla has just introduced exactly what I proposed above in V9.0 of their new software, under the name "Obstacle-Aware Acceleration"!
They did it smartly too, letting people enable/disable the setting. My concern was Tesla facing liability if a sensor malfunctioned and stopped a person from accelerating when needed to avoid a possibly dangerous situation, but older people who are more vulnerable to pedal misapplication can enable the setting while others can keep it disabled.
+1
Knowing how bad TACC is, I'd hate to have my progress hindered by what'd probably feel like a constant mis-fire every time it thinks it's seen something ahead!
There's no line.
There is a correlation between age and pedal application errors. If the driver is older, they are more likely to happen.
Here is a relevant link: A Deep Dive Into Toyota Sudden Acceleration Accident Stats
There are plenty of other resources available, but this one is easy to digest.
Edit: found another easy summary of the NHTSA study. NHTSA: \'Pedal error\' causes 16K crashes each year
Short version, if you are under 20 or over 65 you are four times as likely to commit a pedal misapplication error.
There is a correlation between age and pedal application errors. If the driver is older, they are more likely to happen.
Here is a relevant link: A Deep Dive Into Toyota Sudden Acceleration Accident Stats
There are plenty of other resources available, but this one is easy to digest.
Edit: found another easy summary of the NHTSA study. NHTSA: \'Pedal error\' causes 16K crashes each year
Short version, if you are under 20 or over 65 you are four times as likely to commit a pedal misapplication error.
f205v
Member
that's way we need "single pedal" cars!
Apart from the joke, Since driving a Tesla I've been basically not using the break pedal at all, just for full stop at crosses, and a couple of emergency breaks. During normal driving the regenerative slow-down is enough for any standard situation.
Also, I keep the creep function on, so no need to accelerate and break when manouvering in parking, just let the creep move you slowly back or forth and just use the break pedal to stop the car.
This highly reduce the risk of miss-pedaling (which happened to me once a few years ago when I was driving an ICE Mercedes. Thankfully I made no damage, just hit the curb, but it was scary)
Apart from the joke, Since driving a Tesla I've been basically not using the break pedal at all, just for full stop at crosses, and a couple of emergency breaks. During normal driving the regenerative slow-down is enough for any standard situation.
Also, I keep the creep function on, so no need to accelerate and break when manouvering in parking, just let the creep move you slowly back or forth and just use the break pedal to stop the car.
This highly reduce the risk of miss-pedaling (which happened to me once a few years ago when I was driving an ICE Mercedes. Thankfully I made no damage, just hit the curb, but it was scary)
f205v
Member
Similar threads
