cross-posted from: https://lemmy.world/post/1030687
EDIT: This PDF contains very detailed electrical information for the EEs who wanna go through the complaint: https://www.autoevolution.com/pdf/news_attachements/breaking-nhtsa-petition-shows-tesla-s-sudden-unintended-acceleration-is-real-and-curable-217525.pdf
Last year at /r/RealTesla, a Chinese video of a car rocketing at full speed for 1+ minutes before crashing / killing a pedestrian made the rounds. We all recognized it as one of the weirder cases of “Sudden Unintended Acceleration”, and I think that particular video really changed some minds.
While a lot of SUA events are from driver-error, it began a search into why Teslas seemed to be getting more SUA above-and-beyond the industry normal. This investigation (now filed under NHTSA) suggests that the ADC could be miscalibrated during a load-dump (or other electrical surge-like) scenario.
If the ADC associated with the accelerator pedal is off, then the Tesla will have the pedal at the wrong level of acceleration until the next calibration event, which is not going to happen until over a minute later.
This is extremely similar to that Chinese runaway Tesla, and perfectly seems to explain it. I’m glad that someone seems to have gotten to the bottom of this.
Lets put it this way.
There’s a 200-Amp high-voltage to low-voltage 12V DC-DC converter in Teslas today. Despite a 12V Lead-Acid Battery capable of 100-Amps + 200-Amps coming in from the main battery supply, this brownout occurs according to the .pdf above.
I don’t think a tiny 48V Li-ion secondary battery is going to help the issue, not at all.
This is a power-distribution / power engineering problem. I have to imagine its going to require a whole bunch of inductors and capacitors trying to isolate the load-dump / provide better isolation to the sensor network.
Right, the brownout in the electrical system isn’t ideal, but the unintended acceleration seems to be caused by the ADC attempting calibration when the voltage is near-zero. I have to wonder if there’s work that could be done in firmware on the inverter side or on the ADC side to detect and not re-calibrate during those conditions. The PDF specifically calls this out as a potential recall solution.
It wouldn’t solve the underlying electrical flaw, but could solve the bad signals getting generated and killing people. It’s also possible this flaw causes issues in other systems that haven’t been discovered yet. Much research to be done, I suppose.
I’d love a new inverter that doesn’t do this, but that seems… unlikely. Let me wish it’s easy to solve :P
I do think an electrical solution (ex: Pi-filters and T-filters over the microcontroller… not the whole 12V supply. Just enough to keep the ADCs working and non-glitchy) is the goal. Even if the rest of the circuit browns-out, a Pi-filter’d Capacitor next to the microcontroller / CANbus should remain steady.
Honestly, with this much of a voltage swing on the damn sensor network being detected, I don’t think its possible to prevent all glitches. Microcontrollers all use less than 1W of power, it shouldn’t be too hard to build a capacitor/inductor network + Voltage Regulator that keeps that voltage steady and isolated from the rest of the car.
That being said: there’s enough capacitance around those chips that they’re clearly still able to send CANbus messages for the (false) pedal state back to the central computer. Maybe they do have good filtering on the uCs, but they forgot to filter the analog components or something? I dunno, its all so very strange.
Maybe a pure software solution does exist, not to fix the fundamental issue of course, but to at least solve the SUA event. The 1.65V calibration event clearly is able to (wrongfully…), detect this brownout condition. At least based off of the description of the .pdf. So yeah, maybe software can solve it.
Yeah, I’m much more focused on actually solving the SUA issue, especially since the resale value on this car is fucked lol it’s not going anywhere anytime soon.
It definitely is all so very strange.