The AP (Auto Pilot) architecture in Tesla's current vehicles is complex, but to break it down, there is what Tesla calls the APE (Auto Pilot ECU) which has 2 mostly identical processing sections, one as primary and one as secondary. They run identical software and if one fails, the other can instantly take over. They have internal cross-checking in each of them, so the "voting" is achieved internally in each unit, and if there is an issue, the system will instantly fail over to the other unit. Also, even when you aren't using AP, the system is "shadow driving" and comparing your inputs to what it would do, and logging any differences that are periodically packaged and sent to Tesla.
The APE is totally separate from the MCU (Multimedia Control Unit), which is what you interact with. It's on a different circuit board, but sharing a liquid-cooled housing called the ICE. The MCU circuit board contains all the infotainment stuff which is run by an Intel or AMD CPU and then there's a separate Automotive Power-PC processor called the Gateway. The interface to all the other systems in the vehicle is via the Gateway over CAN bus (multiple buses). The Gateway is connected to a 16GB Micro SD card where it uses this to continuously log everything happening on the CAN bus. This is totally separate from the other computers, including APE. Then there is the MCU. It also logs all user control inputs to a separate SQLite3 database stored in the MCUs filesystem (on eMMC or NVMe depending on year). The APE also has internal logs (so x2). Then there is the Bosch RCM (Restraint Control Module) that runs all the safety systems, and this has an EDR (Event Data Recorder) if there are any accidents, and it will record those. Tesla provides a free tool to download your EDR data from the Bosch RCM after an accident, but they do not release any other data to the public. In the event of an accident, the RCM will tell the BMS (Battery Management System) to blow the pyrotechnic HV fuse in the battery to "safe" the HV system, and it also triggers an upload of data from all systems to Tesla, including short video clips from all 9 cameras. This data also remains on the various systems and can be extracted without Tesla's involvement, but it's not easy. I have quite a few interesting crash videos I have recovered from salvage Teslas. Bosch developed the RCM, and it's pretty much the same as most other cars, and Tesla did not write the software here, nor can they obfuscate any data in the EDR, so it's sort of like an "independent verification". So in the event of a crash, it's pretty easy for Tesla to reconstruct what happened, there really is almost zero possibility that there could be a "dropout" of all logging on all systems at once. Tesla has but a lot of redundancies in the system. The various computers have multiple redundant power supplies, which are fed from different places in the vehicle, such that even is you lopped off one whole side of the car, the systems would still get power from the other. The RCM even has it's own internal power reservoir. In addition, all the critical systems in the car, have double redundancy, such as the electric steering rack, it has 2 separate controllers, each fed with it's own power feed, driving a dual motor, so if any one side fails, the other side can keep it going safely until the vehicle can be brought to a stop. Likewise, there are 5 ways braking can be achieved under electronic control, (7 if dual-motor). Sadly, I've seen a lot of Teslas totaled in accidents I can confidently surmise are due to pedal misapplication. (Pressing the accelerator when you meant to press the brake.) I myself have done this on several occasions, and I have recovered logs and video from many salvage cars that show this very graphically. All cars have a incidence of pedal misapplication, but in a Tesla the instant torque and high-performance, even on the base-models means you are through back wall of your garage before you know what happened. Tesla has added some features to mitigate this, but ultimately the driver can still cause this kind of accident. People have horrible memories, especially when something like this happens, and will swear they pressed the brake, when instead the pressed the accelerator. There are logs in multiple separate systems, and the accelerator pedal is a special dual-slope non-contact system that has an astronomical chance of a failure mode that could result in an erroneous acceleration signal being sent. (see my YouTube video about this here: https://www.youtube.com/watch?v=jrFphMKvuKw) The Pedal misapplication is why most manufacturers include artificial "creep" behavior, and make it mandatory, as it helps ensure your foot is already on the brake pedal in the event of panic. If you are concerned about safety, I advise you set your Tesla stopping mode to "creep" rather than "roll" or one-pedal. While I am critical of Elon Musk, Tesla does great engineering despite him. Currently, I think "FSD" is a toy, and it's sensationalism sells a lot of Teslas. Even with the latest improvements, It's not useful or stress-reliving on surface streets, but even basic autopilot is awesome on the highway, and a godsend if you are in stop-n-go traffic. I have doubts that the current hardware will ever be approved by regulators to go over Level 3. Humans wreck all the time, and we kill each other continuously in cars, but a computer driven car will have to be thousands of times safer to get approved for driving with no human oversight. In corollary, I can say that the safety systems that Tesla includes in every car as standard are awesome, and have saved my ass more times than I can count on both hands. (FCW, SCW, LDW, EAB, etc) Most of the people that get in accidents and claim it's AutoPilot's fault were either mis-using the system, or weren't even using it at the time of the accident, and I have direct evidence of that from a handful of cars. Despite Tesla's flawed marketing, it's a Level 2 driver ASSISTANCE system, not a "Self" driving system, and as long as you use it that way it's a great and useful aid. On Tue, Apr 9, 2024 at 8:19 AM John Lussmyer via EV <ev@lists.evdl.org> wrote: > On 4/9/2024 7:46 AM, Peri Hartman via EV wrote: > > So, I've never driven a tesla, or any car with some level of self > > driving. What I'm wondering is, if you keep your hands on the wheel and > > an eye on the road, are you driving or is FSD driving ? Alternatively, > > if you lapse your attention, even with hands on the wheel, and FSD makes > > a mistake, will you have time to regain control ? > > Generally, with FSD you need to put a tiny bit of pressure on the > steering wheel periodically. It does all the driving. > You can take control any time - as soon as you put a significant > steering, or press a pedal, it gives control to you. > Though it will override you if you do something like try to accelerate > into the back of another vehicle, or turn directly into another vehicle. > > One thing to keep in mind with all the stories of "FSD Killed my > friend", is that: > A) Many of those are very old, and the software is (literally) orders of > magnitude better now. > B) A large number of them have been verified that the driver was NOT > paying attention, and in some cases had done stupid things like hanging > a weight on the steering wheel so it thought they were paying attention. > (yeah, Tesla's are now using the cabin camera to try and prevent crap > like that.) > C) More of them have been tracked to the person NOT using FSD - but > claiming they were. This is usually easily discredited. > D) Yes, some accidents ARE due to FSD not making the correct decision - > but that is why it still requires you to pay attention. > > And in general, drivers using FSD are currently getting in FAR fewer > accidents that drivers that don't. > _______________________________________________ > Address messages to ev@lists.evdl.org > No other addresses in TO and CC fields > HELP: http://www.evdl.org/help/ > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.evdl.org/private.cgi/ev-evdl.org/attachments/20240409/beb587c6/attachment.htm> _______________________________________________ Address messages to ev@lists.evdl.org No other addresses in TO and CC fields HELP: http://www.evdl.org/help/
