Part of my work deals with medical patient safety but I study all sorts of safety including airlines, nuclear power, oil & gas drilling and refining, ....
There should be a mechanical fail-safe if the power cuts in this case.
In our DARPA Grand Challenge vehicle in 2005, we had a non-computerized system for an emergency stop. A hardware timer had to be reset every 120ms by the computers. If it timed out, a relay dropped out, and an electric motor with two sources of DC power (the main power system, and a battery) drove the brake pedal down until a hydraulic pressure switch detected full brake pressure and turned it off.
In addition, the throttle control went through a pull cable device with an electromagnet. With the electromagnet on, a servomotor could operate the throttle. The emergency stop system would drop power on the electromagnet if the stall timer timed out, or on some other fault conditions. That forced the throttle to idle.
Then we had an Eaton VORAD radar. That data went into the main mapping system, along with LIDAR data, but it also was processed by a simple separate process that computed time to collision from range and range rate, and if it didn't compute a safe distance, or didn't reset the watchdogs, tripped the emergency stop system. If this happened, the LED sign on the back of our vehicle displayed "COLLISION IMMINENT".
This happened once during the Grand Challenge preliminaries. Several vehicles were in the starting gates side by side. We were ready to go, all systems running and armed, waiting for DARPA to release the hold signal they were sending by radio. The organizers decided to release the CMU vehicle first, and it came out of the starting gate and cut in front of our vehicle. The safety systems tripped and "COLLISION IMMINENT" appeared in the sign. After a few seconds, with the threat gone, the system reset and the sign went dark.
This was all fully automatic. There was also a remote engine kill system, required by DARPA.
We didn't win. But we didn't crash or hit anything. There were Grand Challenge entries that ran away, including, in 2004, one from CMU. Another one ran away because they filled their disk with logging info and this stalled the software. Steering and throttle froze, and the vehicle ran away until it hit something.
If you work on automatic driving, you have to prepare for trouble like this.
If your battery dies while the car is running (say, even, that something causes a physical disconnect between the batteries and the rest of the car — a wiring fault, or whatever). Ideally you would be able to pull to the side of the road while your vehicle coasts, braking as necessary.
If the system detects a power disconnect and instantly engages all brakes, does that help or harm? Additionally, since powered items like anti-lock brakes are now unavailable, how hard should the brakes be engaged? Fully? Slightly?
Slamming on the brakes in a failure scenario is not automatically the right answer. Odds are it's probably the wrong answer more often than not.
To answer the question, it's quite possible to have a braking system that engages in the event of power failure. I've heard of even double-redundant braking systems, so three total systems have to fail before the brakes fail. It was on a Rolls Royce as I recall. The owner was crowing about how his brake job cost more than my car.
If there is no power than chances see there is limited steering as well. Probably safer to have motionlessn 2-ton rock rather than a 2-ton ballistic missile.
Power steering might be off, but that doesn't mean steering is limited.
A motionless 2-ton rock in the middle of a busy interstate because of a power blip is a terrible idea. And again, how hard exactly should the system brake? Pick a value between 0% braking and 100% braking that brakes maximally without locking up the brakes.
A 2-ton brick spinning down a busy interstate because the brakes locked up is arguably even worse than a motionless one.
Wait, do regular cars engage the emergency brake in a fail-safe way? I've always treated the emergency brake as a way to keep a stopped car from moving, not as a way to make a moving car stop.
No, a regular car will not engage brakes without human interaction. The fail-safe is having two independent systems - hydraulic for the foot brake and wire rope for the hand brake in most vehicles.
Additionally automatic transmissions have a transmission lock, but that won't work while the vehicle is in motion.
Some modern cars use electric systems for both, I'm not sure how that would work.
Also, the hydraulic brake system is built with redundancy (dual circuit), so even a sudden big leak in a brake line will leave you with some braking power.
And the power braking system, being pneumatic IIRC, keeps working for a couple of hard stomps on the pedal even if the engine stops running and you lose 12V.
Pretty much the only thing you can expect to lose is the ABS. Even then, I understand that system has a failsafe such that it keeps the car from spinning in the event of malfunction and brake lockup. You can see this in ABS-related accidents as straight skidmarks. But I don't think that works when you've lost electric power.
Edit: actually, the recent Koenigsegg One:1 high speed crash (driver not hurt) during testing at the Nurburgring was an ABS sensor failure, you can see the hallmarks in photos. Koenigsegg also deserve big props for having been completely open about it.
No, the handbrake (not emergency brake) is actually connected (mechanically) to a completely separate set of brakes on the rear wheels. Only on custom-built drift cars á la Ken Block is the handbrake connected to the normal brake calipers.
It depends on the car. Some of them engage the same calipers the hydraulic system uses. Some have a separate caliper or drum. Older, drum brake cars engaged the same shoes the hydraulic system used. And if you go back far enough, some had mechanical pawls or band type brakes that engaged at the transmission.
And drift cars use a separate hydraulic brake attached to the rear disks.
This is correct. Some emergency brakes uses a screw mechanism to activate the brake cylinder piston to push on the pads. Same stopping mechanism as if you push on the brake pedal.
Others (usually less expensive cars) have a set of drum brakes inside the disk brake that act as emergency brakes.
If you have rear drum brakes, it's the same as my first example. The emergency brake activates the normal braking system.
Maybe. But that's the main (traction) battery. Certainly regenerative breaking is out, but the 12V battery should not be disengaged and provide enough energy to apply the brakes. Not sure how the Tesla is actually engineered though, as I'm a Leaf owner.
