Safer Control of Steering

By | October 27, 2020

I’ve seen several very sketchy experiments around lately where people are controlling the steering of cars in unsafe ways. Let me break down a few of these ways, and discuss concerns. This is not safety advice, this is educational background info. If you do not understand what you are doing, don’t do it. Certainly don’t do it on public roads.

Electronic power steering requires an ASIL-D rating, which is the highest safety rating in cars. And it’s easy to see why, the motor is around 1 HP, and can put more torque on the steering wheel than you can. Bad software or poorly done mods can result in a car that you are not capable of steering, despite putting as much force as you can on the wheel. Imagine being on a split road and the car steers hard left into oncoming traffic. You fight the wheel as hard as you can, but you are powerless. It is stronger than you.

Fortunately, there are ways to avoid this. All cars with EPS have the capability to overpower you, but almost none ever do. That’s because a lot of engineering has been put into making these systems safe. Be careful not to bypass it.

Using ADAS Messages (the intended way)

All the code in upstream openpilot controls steering like this. The manufacturer of the steering rack has commands designed for ADAS features. These commands are torque limited, usually with the speed taken into consideration. Even Tesla FSD is using ADAS messages provided by the steering rack manufacturer.

The beauty of using these messages, particularly after confirming you aren’t using them outside the stock system limits, is that you get the benefit of the manufacturer safety and testing. Upstream openpilot only steers cars in this way.

Even minor EPS firmware mods mostly retain the safety. If you insist on more torque, a small data only change to a table in the EPS firmware is likely much safer than the other two options.

Torque Interceptor (safety critical HW required)

Power steering is a fairly simple system. At the core, it uses a sensor to detect if the user is applying torque to the wheel, multiplies that torque appropriately in software, and applies that torque with a motor to the steering column.

You can build a hardware device to intercept the torque sensor and change its output value. This will put torque on the wheel by pretending the user is putting that torque on the wheel.

This is how Waymo controlled their early cars, and it is possible to do this safely, but it is not easy. Unless you have experience with ASIL-D hardware and software engineering, you shouldn’t be messing with this. Even at comma we don’t feel comfortable doing it.

Parking Modes (very dangerous at high speeds!)

Many cars have a parking mode which allows high torques to be put on the wheel at low speeds for self parking features. Using this for low speed control is fine.

So you get an idea, why not always tell the car it is parking? NO. If you are driving on the highway while telling the EPS your car is going 5 mph, this is extremely dangerous. Think of how hard it is to steer a car at low speeds without power steering, now realize that’s how much torque the car would steer with on the highway. The EPS is using that 5 mph speed to compute the output torque, and the amount of torque used to steer at 5 mph is orders of magnitude off from what you need to apply ever on the highway. This should never be used outside a private test environment. The EPS was not designed for this, and there’s no way to make it safe. The user torque detection disengage will not save you, as the EPS is being used so far outside what it is was engineered for.

A possible area for investigation here is a firmware mod, allowing it to remain in parking mode without lying to the EPS about the speed. You have to make sure the normal torque speed curve still applies, and you have to make sure the angle rate limit scales with speed. You also have to consider what happens if the angle sensor or speed sensor fails. Do not use on road until you’ve done proper injection and safety testing.

Safety in general

Safety isn’t when you tested it once and it was okay. Safety isn’t when you tested it three times and it was okay. Safety is when you have thought through every possible scenario, tested the worst possible thing that can happen, and it was still safe. By driving something for 10 miles, you have no idea if it fails catastrophically every 10³ miles, 10⁶ miles, or 10¹⁰⁰. There’s a huge difference between those three that you have no insight into by just testing in normal conditions. Imagine the worst possible scenarios, and test them all. Nature may still come up with something worse, but at least then you are on the path to safety.

Read the original article

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.