Runaway Throttle, Interlocks, and Regulation

methods

1 GW
Joined
Aug 8, 2008
Messages
5,555
Location
Santa Cruz CA
THIS IS A LONG ONE...

SKIP IT :eek:



Let me start by saying, that the only real meat and potatoes regulation I have come up with looks like this:

1) Throttle (Single Point Failure)
2) Battery (Charge, discharge, and fire)



1)
"The throttle shall be interlocked with a secondary, such that more than just the analog input can propel you forward" (as in some cases there is a clutch or tranny - so motor current not primary)

This is the situation where either a drip of water, a hair of wire, a failed POT, a failed Hall, a loose magnet, a broken spring, or some other failure in the throttle output or controller throttle input causes current to be sent to the motors when it is not wanted. This is VERY SERIOUS... as I have learned with two runaway bikes and... now that I am riding the fastest Zero around... eh...

Either a switch at the bottom of the throttle which opens with a broken throttle
A pair of differential hall signals
A secondary "foot pedal" or other switch like that found on a fork lift seat...

This is a REQUIREMENT and it is not found in all OEM vehicles... especially those found... a few years back.

2)
"The battery shall not catch on fire in the event that a user attempts to apply a charge voltage (or current) in excess of what is called for - so within reasonable limits - a contactor or reliable switch of some kind guarantees that charge will be terminated".

This should apply to a window of reason... such that yes... if someone applies 1000V to a 30V battery fire may occur... but if someone applies a 100V charger to a 36V battery... it can charge up in CC mode then blow open before any cells go critical.

We must bound the upper limit else components get really expensive. So... some percentage or some absolute value within a range... like:

Ebikes - can handle up to a 120V charge input without catching fire
Motorcycles - can handle up to a XXX charge input without catching fire
Cars - can handle....

Same for discharge - but only in the case where it could case fire - so mostly temperature sensor based.

ANYHOW... why I am blathering on about this is that I had my second runaway last night.

First Runaway:
It is posted somewhere here on the sphere.
I was running a Tadpole trike with a hall throttle
I was riding hard and pulling on the split-twist throttle
The throttle came loose...

The design of the hall throttles we use depend on the magnet being ON the hall sensor for 0% throttle output (1.2V or whatever)
When the throttle pulls away, the magnet pulls away, and you get FULL THROTTLE.

As you know... my bikes are POWERFUL... and that was a real handful to get control over.
The controller was not bound such that an over-throttle voltage could be detected... as with a higher end controller like a Sevcon... that accepts throttle inside of a window only:

Example: Sevcon Throttle voltage, 10V
Will accept 0.5V to 9.5V
0V to 0.5V equates to dead band
Above 9.5V equates to Fault

So... that is an example of a throttle based runaway situation.
I literally ripped my throttle apart during "normal use" and it resulted in FULL THROTTLE>


Next Story....

Last night I resurrected an Ebike out of the pile.
It had a controller I am not familiar with... sketch is how I would describe it... but in reality the components inside were high end. There were no expenses spared on caps, connectors, etc.
This controller had sat in the rain so long that the power switch rusted completely (I have pics of all this)
Some corrosion must have occurred in the throttle input section... and I suspect I know how it happened

DISPLAY THROTTLES - UNACCEPTABLE

Wiring Order: 5V, GND, THrottle, Full Pack Voltage

So... on this tiny JST-SM connector... with only 0.1" of space... we have 50V riding right next to our 0-5V throttle input :shock: :roll:

Yea... so this controller "runs away" in an inconsistent and unpredictable way.
It will be fine for 5 minutes... then all of a sudden it will start applying 30% or more throttle
If the throttle is removed via the connector... it will still keep going

Lucky on this bike that the front and rear hydraulic brakes, along with the heavy frame and second rider (two up), along with the low current limit, along with wet tarmac... allowed us to overcome the runaway... BUT IT HAPPENED.

Had it happened on one of my "serious ebikes" someone would be broken in the hospital.

Which... brings me around to the Zero Motorcycle.

I am currently riding a race prepped 2013 SR.
It is pimped out with a drilled motor and whatever the last "track day" guy could do to it.
IT IS POWERFUL

Like... THIS kind of powerful (time 1:30
[youtube]9o15EALghp0[/youtube]

Ok... not quote that powerful... but wreck your body powerful.

So - the modern Zero Motorcycles have multiple interlocks on the throttle (AFAIK).
But... when I was at Zero... eh... I am not so sure this was the case.

Having had a runaway bike before... I approached the then Director of EE with my concerns.
Basically... I was told that "He has never seen it happen and until he did it was not a problem"
Ok... he is not the director anymore.

I remember driving a box of throttles over the hill for the assembly line. I poked through them... they were... "meh quality".

If these earlier model bikes can still apply current to the motors in the event of a SINGLE POINT FAILURE... like a drip of water between the pins, a hair of wire shorting over, rubbing wires, induced current... well... that needs to be recalled and dealt with.

The throttle needs to be such that if there is a fault and the user lets go that no motor current is applied.
This may or may not depend on the spring... I am ok with it depending on the spring for now... as with an ICE engine.

Normally I keep things like this to myself - for a lot of reasons... but I have had some time to reflect on my time working as a Quality Engineer, what I dealt with, how my observations were dealt with, changes that took moving forward, changes that took moving backwards... One must be patient in these matters... but one must also follow up.

The Quality Engineer is the equivalent of an MP on a military base.
I don't care if you are a Bird colonel... if you have done wrong and I can prove it then I have the power to shut you down... at least temporarily until evidence can be collected.
I dont take the responsibility lightly and I am about the most lenient around safety you could possibly imagine - especially in this emerging market.

But...
When when we release something into the wild under the umbrella of OEM (meaning it looks like a refined and professional product with stylized plastics and brand names) we have a responsibility that lasts the lifetime of the product.

Food for thought.
Yes I realize this is a very large block of text. Its that way on purpose so that it will be skimmed over by most.

Note: I have no insight into Zero or what corrective action they may have taken by now. I am just compiling my Open Letter... out in the open.

I have never accepted a bribe in the form of Sex, Money, Favors, Goods, Favor, Contracts, Promises, leniency, or anything like it.
Thats important to say... as looks can be deceiving.


I now have in my possession (not under my ownership) two items that may appear to imply that my views have been skewed.
I assure you they have not.

* One is a 2013 SR. It is the property of Doug Smith (one of my Hero's) and I have access to the bike in order to try and swap out the unpotted cell boxes that are in it along with handling Registration. Doug has quietly been changing the minds of people all around him in an awesome way. He is an accomplished racer of all sorts of things... and he runs a serious hot-rod shop. When I was at the shop a few weeks ago there was a RHD Silvia there getting bigger turbos etc. Anyhow - Doug has thrown himself at the Electric Revolution like nobody else I know. His garage is a tornado of lead acid mowers being coverted over to Lithium, Bikes built up out of scrap, insane GoKarts, DIY batteries... yea... he has a Leaf in the driveway and 4 or 5 early Prius models... he is going for it and I respect him. When the tide turns... and ICE falls into the past... he will be at the front of the pack as far as I am concerned. But I digress...

* One is Justin's fancy Xtracycle that he left at my house after riding it from Canada. It has all sorts of bells and whistles... I rode it only once back around 2014 with my kid on the back. The deal was that I could play with the bike if I made it available to him the next time he was riding North from CA. At the time... he had ridden it down to CA then caught a plane to South America (IIRC) to unicycle across the continent with his lady friend. Anyhow - I just dug this bike up and rigged it up... as it was the fastest to get running... but lets be clear that I have never accepted favor from Ebikes.ca or Grin Tech in any form. Quite the opposite... I have tried to shower them with favor as I truly respect the man and the company and believe they can rock the world.

So my point:

I am stirring the shit pot again - as I do during transition periods. This may bring me under fire.
If anyone implies at any time that "methods can be bought"... well.. have that man/woman step forward.
My integrity, ethics, and opinion can not be skewed by material items.
I base my opinions and views on hundreds of hours of interaction with people/companies.

So.. wow that was a long one... now... whats is on the docket for the rest of the day?

-methods

P.S. I have an open dialog with some of the best people at Zero Motorcycles and I can say that some hero's there spend 120% of what they have all day every day trying to improve the product. I have every confidence that the product is safe and reliable. I also worked there... so I know that when you are supporting 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, working on pushing 2017 into production, designing 2018,... eh... yea... that is a lot to deal with... and under that much pressure people have to think "IF IT AIN'T BROKE DON'T FIX IT"... and I truly understand. My hope is that someone will jump in and correct me :wink:

An SR can not have a single point failure. Its just too much bike for that. Prove me wrong please so I can delete this long ass ranting thread.
 
Regulation Part 2


"A battery shall not spontaneously burst into flames while in storage if it has been stored and used in accordance with its IP rating"

So...
If a battery is IP67 and it gets a little wet out in Utah where they salt the roads... then it sits wet in a garage for 6mo... it may not catch fire due to corrosion or any other natural purpose.

If a battery is intended for "dry use" and through the normal condensation cycle it becomes compromised and starts to corrode... it may not catch fire

Its very simple...
But not so simple

99.999% of the battery fires we have seen have been related to Charge....
Either over charge in the voltage domain...
Or over thermal due to increased IR...
This is acceptable to some degree. We understand that while a battery is being charged it is vulnerable... and that vulnerability is converging on Zero as the BMS's on the market get better.

The real scary thing is a battery that can catch fire hours, days, weeks, months, or years after being abused.
So - eh.. its OK if an abused battery catches fire.

So... we must be very clear with our IP ratings, what that means in the field, how we deal with extreme conditions, accelerated ageing, etc.
I have never had a Lithium Fire... but that does not mean that I will not have one at some time in the future.

I have seen some GNARLY electrolysis in my personal experimentation. With as little as 3V... and a drip of water... you can watch in real time as copper becomes salt, salt dissolves into liquid, liquid becomes a conductor, and... the exponential runaway occurs.

The worlds leading expert is probably LFP - So I defer to him on this subject.
I hold strong on the point that a battery must never act as a time bomb.

I have no indication that any OEM battery does.

At Tesla... if you look closely at their pack... there are two volumes.
The lower volume which gets heated and cooled... creating pressure and vacuum... which is sealed with a sheet of plastic.
This is augmented with a dead-space to take up this expansion and contraction... thereby eliminating the failure mode of sucking in water.
:!:

Desiccant also plays an important role. Having a sacrificial material that absorbs water, indicates, and can be viewed... (like the sticker on a cell phone) is ... probably going to be in the regulations at some point in time.

Yes... I have regs on the mind... we are working on Electric Aircraft.
Its super stressful being the guy who cuts through the bushes first, second, third, or otherwise.
I have produced system(s) that will fly... and it is a huge responsibility that I do not take lightly.

-methods
 
The controller has to fail very specifically on a typical 3wire throttle right (for runaway)? Unless you physically break the throttle, and the magnet gets 'random' on you?
I assume a hall failure would cause 0v return, and a short would be protected by controller? I do like the idea of some reduncancy- both have to read the same to work to go. Just two wires sets and two sets of halls and magnets.
I don't think that controller you mentioned should be trusted- it's good that the problem was noticed early.


Anyway, the idea of 'E' runaway throttle is way scarier than something with a standard 5 or 6 spd transmission. Am I correct in assuming an 'infineon' style 3 spd switch added into the mix would be a valid addional safeguard? For instance, unless I'm drag racing I keep it in the 'gear' (speed limit) most appropriate.
 
2014+ bikes have a micro switch on the closed throttle position, and a upward voltage sweeping Hall effect and downwards voltage sweeping signals it watches. If the halls get out or sync (eg, one should be 1v while others is 4v, then 2v while other is 3v etc), or if the micro switch isn't closed (closes when you begin to move the throttle, then it faults and doesn't move.

The very old magura type (like cold war era) still has two safety fault modes, it faults if it goes above 10kOhm, and it faults if the throttle voltage goes to the full high side of the pot voltage (~10vdc I think). That said, it's got a pot with a gear drive inside it and every moving part fails with adequate use.

You gotta come race my DSR before you can claim fastest Zero. :) I'm thrilled you're enjoying the beastlyness of the SR. I've never once missed my old fleet of ICE bikes.
 
Lucky the killacycle didn't actual kill bill (Billy Dube)

When I worked on a drag bike we had a push button where your thumb goes on the handlebar. If you didn't press the push button continuously while using the throttle; the throttle would not work. Also protected from idiots coming up and cranking the throttle and making vroom vroom sounds when the bike was live and being wrenched on (but but but I didn't hear a motor running...fuukk its happened more than once)

In addition there was a wrist strap switch inline that opened the contactor
 
Methods or anyone do you have any links for dual opposing hall throttles?

I got a Toyota dual hall throttle from a pretty recent car (think it was a camry )
and unfortunately its dual signals both going from 0-5v where I want 1 to be 0-5v and the other to be 5-0v...

I don't know what car to find a used throttle from to make my EV more safer....
 
Arlo1 said:
and unfortunately its dual signals both going from 0-5v where I want 1 to be 0-5v and the other to be 5-0v...
Would it work to reverse one of the magnets, or one of the halls?
 
amberwolf said:
Arlo1 said:
and unfortunately its dual signals both going from 0-5v where I want 1 to be 0-5v and the other to be 5-0v...
Would it work to reverse one of the magnets, or one of the halls?
You can't change either.

The senor board is 1 board with 1 ic for both signals.

The magnets are super custom fancy moulded junk.
 
So much for that idea. :/

The only other "easy" way I can think of is to use an op-amp or similar to invert one of the signals, but i'm not sure that's really providing the safety you're after.
 
Story time:

I recently had a bad throttle situation on my dune buggy. When driving around the previous day, my controller cutoff... so I knew something wasn't right.

I pulled over safely, checked things out and couldn't find anything obvious, so I restarted the controller and everything seemed normal.

I make it home, and I decide to do some diagnosing. Even though my car is "clutchless", you can still pop it in neutral. I ALWAYS put it in neutral before I start the controller, no exceptions.

I go to turn on the controller to get the fault readout from my controller software, and the motor goes WOT.

Had I left it in first, it would have lurched forward and destroyed my garage. It should have had a throttle fault, but it turns out that it was an intermittent connection in the ampseal harness adapter. It read properly on startup then went crazy.

So, even with a large gigavac manual switch and a proper controller contactor, it could have ended in disaster had I not placed it in neutral. In retrospect, I could have gone a step further and disconnected the actual motor terminals, but I didn't want to add a bunch of controller faults to the list before I could find out the initial problem.

Just saying: do EVERYTHING in your power to address every bad possible situation. It only takes one catastrophic failure to result in injury or death.
 
Back
Top