Skip to main content
Firmware Stable

Redundant Accelerator System

Disambiguation

The term 'throttle' originates from gas/combustion engines, where it refers to a control element for acceleration. As we transition to electric vehicles, we prefer the term 'accelerator'. Both terms can be used interchangeably as synonyms.

Two redundancy options available for enhanced Ride-by-Wire safety:

  • Dual analog signal accelerator
  • Single analog signal with end-stop switch

Either configuration sets sig_acc to NaN on error, triggering vehicle disarm. Recovery behavior controlled by safetyopts parameter - default setting maintains disarm until power cycle.

info

Parameters located in /acc folder

tip

Test system with single accelerator before implementing redundancy to isolate potential issues.

Configuration Parameter

dual_err

  • 0:1 - Error threshold for dual analog signals
  • -1 - Enables end-stop switch monitoring

Dual Analog Implementation

Compares primary and secondary accelerator signals (post-ASC processing). Disables acceleration if signal difference exceeds dual_err threshold.

safety system

Setup Process

  1. Configure inputs:
    • Set /io/IN_acc: GPIO ID for primary signal
    • Set /io/IN_acc_2: GPIO ID for secondary signal
  2. Monitor via Scope: /acc/asc/out, /acc/asc_2/out, /acc/acc_err
  3. Adjust ASC values for signal matching (minimize acc_err)
  4. Set dual_err slightly above maximum observed acc_err

End-Stop Switch Implementation

Monitors single analog signal with end-stop switch. Disarms if accelerator value exceeds dual_err when end-stop activated.

Setup Process

warning

Note distinction between GPIO ID and GDIN ID

  1. Configure inputs:
    • Set /io/IN_acc: GPIO ID for accelerator
    • Set /io/IN_acc_2: GDIN ID for end-stop
  2. Monitor via Scope: /acc/asc/out, /acc/acc_err
  3. Note /acc/asc/out value at end-stop activation
  4. Set dual_err to negative of noted value
  5. Verify acc_err remains zero during operation

Input ID Reference

See Input mapping for details.

GPIO IDInput
8 (default)GPIO0
9GPIO1
10GPIO2
11GPIO3
12GPIO4
warning

Configure GPIO as floating input: set /common/ioconfX to 0. GPIO details

GDIN IDInputType
16GDIN0
17GDIN1
18GDIN2
19GDIN3
20GDIN4
32DIN1uint8
33DIN2uint8
......
39DIN8uint8
tip
  • End-stop compatible with GDIN or DIN
  • Enable pull-up for end-stop: set /common/ioconfX to 1. GPIO details