Danfoss MultiAxis-Steer User guide

MultiAxis-SteerTM

EHI Electrohydraulic steering valve with PVED-CLS controller

Technical Information - user and safety manual FW 1.00

MultiAxis-Steer technical information

Document references

Revisions

Revision History

Table of Revisions

Date	Page	Changed	ECO No.	Rev.
04 Oct. 2019		First release:		0104
		FW 1.00

All trademarks in this material are properties of their respective owners.

PLUS+1, GUIDE and Sauer-Danfoss are trademarks of Danfoss A/S.

BC321571012557en-000104

MultiAxis-Steer technical information

Document references

Literature

Document	Revision
PVED-CLS MultiAxis-Steer communication protocol	Revision 1.02 29 Oct 2019
PVED-CLS KWP2000 protocol	Revision 1.79 02 May 2018
PVED-CLS Technical Specification	BC00000355
PVED-CLS User manual	Revision 1.7 14 Jan 2019
PVED-CLS MultiAxis-Steer firmware release note	1.02 29 Oct. 2019
EHi steering valve technical information	BC00000379

Software reference

This documentation is related to the following software version:

See MultiAxis-Steer firmware revision in Document references

Errata information

The latest errata information is always available on the Danfoss homepage: www.danfoss.com It contains errata information for:

•PVED-CLS boot loader

•PVED-CLS application

•Documentation

•PLUS+1® Service tool

•Other topics related to the steering system

If further information to any errata is required, please contact your nearest Danfoss Product

Application Engineer

Important User Information

Danfoss is not responsible or liable for indirect or consequential damages resulting from the use or application of this equipment.

The examples and diagrams in this manual are included for illustration purposes. Due to the many variables and requirements associated with any particular installation, Danfoss cannot assume responsibility or liability for the actual used bases on the examples and diagrams.

Reproduction of whole or part of the contents of this safety manual is prohibited.

The following notes are used to raise awareness of safety considerations.

	Warning	Identifies information about practices or circumstances that can

		cause a hazardous situation, which may lead to personal injury or
		death, damage or economic loss.

	Attention	Identifies information about practices or circumstances that can lead
		to personal injury or death, property damage, or economic loss.
		Attentions help you identify a hazard, avoid a hazard, and recognize
		the consequence.

		Identifies information that is critical for successful application and
	Important
	Important	understanding of the product.
		understanding of the product.

		Identifies a typical use of a functionality or parameter value. Use
Recommendation		recommendations as a starting point for the final configuration
		process of the system.

BC321571012557en-000104

MultiAxis-Steer technical information

Terms and abbreviations

	Abbiviation	Meaning
	AgPL	Agricultural Performance Level per ISO 25119
	CAT	Safety category per ISO 13849 and ISO 25119
	CCF	Common Cause Failure
	COV	Cut-Off Valve
	DC	Diagnostic Coverage
	de-power	Infers: Disconnect electrical power supply to PVED-
	de-power	CLS, includes the de-engergize
		CLS, includes the de-engergize
		Infers: Block hydraulic pilot pressure by switching off
	de-energize	electrical power supply to EHi and cut-off valve. The
		PVED-CLS will remain powered on.
	ECU	Electronic Control Unit
	EH	Electro-Hydraulic
	EHi-E	Electro-Hydraulic Inline Valve – Electronic Override
	FMEA	Failure Mode and Effects Analysis
	FMEDA	Failure Mode and Effects and Diagnostic Analysis
	IR	Internal Resolution [-1000;1000]
	MMI	Man-Machine Command Interface
	MTTFd	Mean time to potentially dangerous failure
	N-Axis	Multi-axis, more than one axis is steered
	OEM	Original Equipment Manufacturer
	OSPE	Orbital Steering Product – Electro-hydraulic
	PFD	Probability of dangerous failure on Demand
	PFH	Probability for dangerous failure per hour
	PL	Performance level per ISO 13849
	POST	Power On Self Test
	PSAC	Parameter Sector Access Code
	PVED-CLS	Proportional Valve Digital – Closed Loop - Safety –
	PVED-CLS	here the valve controller
		here the valve controller
	SASA	Steering Angle Sensor Absolute
	SC	Systematic capability
	SEHS	Safe Electro-Hydraulic Steering
	SFF	Safe Failure Fraction
	SIL	Safety Integrity Level
	SPN	Suspect Parameter Number
	SVB	Solenoid Valve Bridge
	SVC	Solenoid Valve Control – Control algorithm for PVED-
	SVC	CLS
		CLS
	VAA	Virtual Axis Angle
	VAP	Virtual Axis Position
	WAS	Wheel Angle Sensor

BC321571012557en-000104

MultiAxis-Steer technical information
Contents
Contents
Document references	3
Software reference .......................................................................................................................................................	3
Errata information.........................................................................................................................................................	3
Important User Information ......................................................................................................................................	3
Terms and abbreviations	4
Contents	5
Introduction	9
N-Axis system principal	10
N-Axis system configurations..................................................................................................................................	10
N-Axis master [hydrostatic] steering system................................................................................................	10
N-Axis master [electro hydraulic] steering system .....................................................................................	10
N-Axis master functions............................................................................................................................................	11
N-Axis slave function .................................................................................................................................................	11
Man Machine Interface (MMI) .................................................................................................................................	11
Vehicle speed sensor .................................................................................................................................................	11
Wheel angle sensor ....................................................................................................................................................	11
Road switch...................................................................................................................................................................	12
Active de-energize (immediate).......................................................................................................................	12
Active de-energize (automatic return to straight)......................................................................................	12
Full electrical de-power/de-energize..............................................................................................................	12
Advise for system integrators ...........................................................................................................................	12
Service tool ...................................................................................................................................................................	12
N-Axis CAN network...................................................................................................................................................	13
CAN message data flow ......................................................................................................................................	13
N-Axis CAN messages..........................................................................................................................................	13
Operation state machine....................................................................................................................................	14
States ..................................................................................................................................................................	14
Operation state machine – fault handling ....................................................................................................	17
States ..................................................................................................................................................................	17
Functional safety	18
Certification (pending)..............................................................................................................................................	18
System integrator responsibility............................................................................................................................	18
Safety function overview..........................................................................................................................................	19
Functional safety specification ...............................................................................................................................	20
Safe state .................................................................................................................................................................	20
N-Axis steering operation while in safe state.........................................................................................	20
Safe state leakage performance .................................................................................................................	20
Reset and recovery from safe state..................................................................................................................	20
Safety function response time ..........................................................................................................................	20
Monitoring function response time ................................................................................................................	21
N-Axis safe EH steering..............................................................................................................................................	22
Safe EH-steering / N-Axis closed loop cylinder position control......................................................	22
N-Axis safety related control functions................................................................................................................	24
Safe vehicle speed dependent Virtual Axis Position (VAP) limit.............................................................	24
Realizing a safe MMI interface.....................................................................................................................	24
Operation ..........................................................................................................................................................	24
Parameters ........................................................................................................................................................	25
Parameter tuning guideline.........................................................................................................................	26
Operation when number of slaves > 1.....................................................................................................	26
Safe vehicle speed dependent Virtual Axis Position (VAP) change rate ..............................................	27
Realizing a safe MMI interface.....................................................................................................................	27
Operation ..........................................................................................................................................................	27
Parameter ..........................................................................................................................................................	28
Parameter tuning guideline.........................................................................................................................	28
Operation when number of slaves > 1.....................................................................................................	29
Safe vehicle speed dependent Virtual Axis Angle (VAA) limit.................................................................	30
Realizing a safe MMI interface.....................................................................................................................	30
BC321571012557en-000104	© Danfoss \| Nov 2019 \| 5

MultiAxis-Steer technical information
Contents
Operation ..........................................................................................................................................................		30
Parameter ..........................................................................................................................................................		31
Parameter tuning guideline.........................................................................................................................		31
Operation when number of slaves > 1.....................................................................................................		32
Safe vehicle speed dependent Virtual Axis Angle (VAA) change rate ..................................................		32
Realizing a safe MMI interface.....................................................................................................................		32
Operation ..........................................................................................................................................................		32
Parameter ..........................................................................................................................................................		33
Parameter tuning guideline.........................................................................................................................		34
Operation when number of slaves > 1.....................................................................................................		34
Safe vehicle speed dependent closed loop gain limitation.....................................................................		35
Realizing a safe closed-loop position control of the slave axis.........................................................		35
Operation ..........................................................................................................................................................		35
Parameters ........................................................................................................................................................		36
Parameter tuning guideline.........................................................................................................................		36
Operation when number of slaves > 1.....................................................................................................		37
Safe vehicle speed dependent wheel angle setpoint limitation............................................................		37
Realizing a safe closed-loop position control of the slave axis.........................................................		37
Operation ..........................................................................................................................................................		37
Parameters ........................................................................................................................................................		38
Parameter tuning guideline.........................................................................................................................		38
Operation when number of slaves > 1.....................................................................................................		39
Safe N-Axis steering angle initialization (pre-operational) ......................................................................		39
Operation ..........................................................................................................................................................		39
Parameters ........................................................................................................................................................		39
Parameter tuning guideline.........................................................................................................................		39
Operation when number of slaves > 1.....................................................................................................		39
System Architecture		40
System diagrams.........................................................................................................................................................		40
N-Axis master [hydrostatic]................................................................................................................................		40
N-Axis master [electro-hydraulic].....................................................................................................................		40
PVED-CLS steering controller..................................................................................................................................		40
Connector interface .............................................................................................................................................		40
Technical specification........................................................................................................................................		40
DC Power supply...................................................................................................................................................		40
Road-switch de-power / de-energize architectures.........................................................................................		41
ON/OFF switch interface - Active de-energize (immediate)....................................................................		41
Operation ..........................................................................................................................................................		41
Interface .............................................................................................................................................................		42
Monitoring ........................................................................................................................................................		42
ON/OFF switch interface - Active de-energize (automatic return to straight)...................................		44
Operation ..........................................................................................................................................................		44
Monitoring ........................................................................................................................................................		45
ON/OFF switch interface - Full electrical de-power/de-energize...........................................................		45
Zero-leakage valve configuration (option) ...................................................................................................		46
Background.......................................................................................................................................................		46
Pilot operated check valves .........................................................................................................................		46
Architecture for zero-leakage performance ...........................................................................................		46
Reliability block diagram ..............................................................................................................................		47
Safety requirements for additional circuitry for SIL3/PL e........................................................................		48
Input - Sensor sub-system and monitoring........................................................................................................		49
N-Axis master - CAN interface...........................................................................................................................		49
CAN interface ...................................................................................................................................................		50
Monitoring ........................................................................................................................................................		50
Vehicle speed sensor – CAN interface ............................................................................................................		50
CAN interface ...................................................................................................................................................		51
Monitoring ........................................................................................................................................................		52
Man Machine Interface – CAN interface ........................................................................................................		52
CAN interface ...................................................................................................................................................		53
Monitoring ........................................................................................................................................................		54
BC321571012557en-000104	© Danfoss \| Nov 2019 \| 6

MultiAxis-Steer technical information
Contents
Wheel Angle Sensor (WAS) – Analog interface............................................................................................	54
Analogue interface .........................................................................................................................................	55
Monitoring ........................................................................................................................................................	55
Input range check ...........................................................................................................................................	55
WAS channel cross-check.............................................................................................................................	56
Micro-controller cross-check of scaled wheel angle ............................................................................	56
Out of calibration check................................................................................................................................	56
Wheel Angle Sensor (WAS) – CAN interface .................................................................................................	56
CAN interface ...................................................................................................................................................	57
Monitoring ........................................................................................................................................................	58
Input range check ...........................................................................................................................................	58
Micro-controller WAS channel cross-check ............................................................................................	58
Out of calibration check................................................................................................................................	59
Output - Valve sub-system and monitoring.......................................................................................................	59
Sensor 5V DC power supply...............................................................................................................................	59
EHi Cut-off valve....................................................................................................................................................	59
Interface .............................................................................................................................................................	60
Configuration for EHi-E valve sub-systems .............................................................................................	60
Monitoring for EHi-E valve sub-systems ..................................................................................................	61
EHi-valve monitoring...........................................................................................................................................	61
EH-valve main spool control principle .....................................................................................................	61
EH-valve main spool monitoring –EHi-E valve sub-systems..............................................................	61
Environmental control measures...........................................................................................................................	63
PCB overheating shut-down .............................................................................................................................	63
PCB average over-temperature warning.......................................................................................................	63
DC power supply...................................................................................................................................................	63
System set-up	65
Installation ....................................................................................................................................................................	65
PVED-CLS Connector interface .........................................................................................................................	65
LED diagnostic .......................................................................................................................................................	65
Calibration.....................................................................................................................................................................	65
Straight heading calibration..............................................................................................................................	65
System integration and testing..............................................................................................................................	65
Vehicle Fault Insertion Testing..........................................................................................................................	66
Safety validation testing .....................................................................................................................................	66
Service part handling and repair instruction......................................................................................................	66
Safety validation steps after replacing a PVED-CLS with a service part ...............................................	66
Service Tool (detailed)...............................................................................................................................................	67
Appendix	68
Component identification via CAN bus ...............................................................................................................	68
Valve assembly barcode label...........................................................................................................................	68
Bootloader and application software identification ..................................................................................	68
PVED-CLS component identification and serial number..........................................................................	69
PLUS+1 Service tool identification page .......................................................................................................	69
J1939 request PGN for software ID and component ID ............................................................................	69
EEPROM parameters ..................................................................................................................................................	70
EEPROM layout ......................................................................................................................................................	70
Safety parameterization............................................................................................................................................	71
Safety parameterization procedure ................................................................................................................	71
Boot Data.......................................................................................................................................................................	73
Sector CRC Sign Data.................................................................................................................................................	74
Hydraulic Config..........................................................................................................................................................	75
Valve Calibration Data...............................................................................................................................................	78
CAN WAS Calibration Data.......................................................................................................................................	78
Analog Sensor Calibration Data .............................................................................................................................	79
Peripherals Config ......................................................................................................................................................	79
N-Axis Protocol Data..................................................................................................................................................	80
Internal Monitoring....................................................................................................................................................	82
Production/Calibration Flag ....................................................................................................................................	84
Auto Calibration Config ............................................................................................................................................	84
BC321571012557en-000104	© Danfoss \| Nov 2019 \| 7

MultiAxis-Steer technical information

Contents

N-Axis..............................................................................................................................................................................	87
PLM metadata..............................................................................................................................................................	90
OEM Data.......................................................................................................................................................................	93
Signature CRC calculation........................................................................................................................................	95
Diagnostic Trouble Codes........................................................................................................................................	96
Error codes ..............................................................................................................................................................	96
FMI list.....................................................................................................................................................................	102
TROUBLESHOOTING – TYPICAL FAULTS............................................................................................................	103

BC321571012557en-000104

MultiAxis-Steer technical information

Introduction

MultiAxis vehicle steering is adding steering functionality to have steering on one or more steering axis than the master axis.

Throughout this document, and in referenced documentation, N-axis or NAXIS are used as synonyms for MultiAxis steering mainly referencing one or more additional (n) “slave” axis.

Any possibly vehicle steering mode can be achieved with N-Axis steering by the N-Axis MMI command

CAN message, containing the Virtual Axis Position (VAP) and the Virtual Axis Angle (VAA). See Figure 1.

The data set, given by VAP and VAA, can result in steering modes such as:

•2-wheel steering (normal)

•Round/4-wheel steering

•Crab steering

•Dog steering

•Customized steering modes

The steering modes can be altered dynamically and seamlessly by the operator during operation by transmitting VAP and VAA data set which results in the requested steering mode.

forward

VAP

VAA

Master axis	VA
		Slave axis 1	Slave axis 2
	Virtual Axis

	Figure 1 N-Axis steering variables VAP and VAA

The blue line is the Virtual Axis which can be shifted horizontally along the wheel base (VAP) and angled relative to the wheel base (VAA). Shifting VAP to the physical slave axis position in a single slave system will result in 2-wheel steering.

BC321571012557en-000104

MultiAxis-Steer technical information

N-Axis system principal

A N-Axis slave steering sub-system may work with both a N-Axis master [hydrostatic] and N-Axis master [electro hydraulic]. The below functions shall be performed by the system components outlined in N-Axis system configurations.

N-Axis system configurations

N-Axis master [hydrostatic] steering system

Vehicle speed

Master axis

Service tool

Slave axis

sensor	sensor
CAN

In a N-Axis master, [hydrostatic] steering sub-systems, the master axis is actuated by a hydro-static steering unit. All N-Axis master functions must be provided by the OEM controller working as N-Axis master.

N-Axis master [electro hydraulic] steering system

SASA

Master axis	Service tool	Slave axis
		ON/OFF

	N-axis
sensor	sensor
CAN	sensor

In a N-Axis master [electro hydraulic] steering system, both the master and slave axis are electrohydraulic steering sub-systems e.g. by applying a PVED-CLS with an OSPE valve or a PVED-CLS with an OSP and EHi inline valve enabling auto-guidance or other high level steering functionalities.

Refer to [PVED-CLS User manual ] for high-level electro-hydraulic steering master axis functionalites.

BC321571012557en-000104

MultiAxis-Steer technical information

N-Axis system principal

N-Axis master functions

An N-Axis master performs the following functions:

•Actuate the master steering axis

•Measure the master axis wheel angle and transmit it onto the CAN bus

•Transmit N-Axis master status information onto the CAN bus to the N-Axis slave

N-Axis master functionality shall be realized in the target system by the OEM or by applying a PVED-

CLS in ‘N-Axis master’ mode (planned software extension).

Refer to [PVED-CLS MultiAxis-Steer communication protocol].

N-Axis slave function

An N-Axis slave performs the following functions:

•Actuate the slave axis

•Receive N-Axis Man Machine Interface (MMI) commands

•Measure the slave axis wheel angle

•Execute slave-to-master wheel angle alignment initialization

•Perform closed-loop steering control of the slave axis cylinder

•Inputs for closed-loop steering control are:

o Master axis wheel angle

o Virtual Axis Position (VAP) from MMI o Virtual Axis Angle (VAA) from MMI

o Wheel angle limitations from other N-Axis slaves (n > 1)

oVehicle speed data

•Execute N-Axis safety related control functions

•On-road operation mode

•Apply wheel angle limitation on demand

•Apply self-centering (graceful degradation)

•Transmit N-Axis slave network status CAN message

•Auto-calibration functionality

Man Machine Interface (MMI)

The MMI performs the following functions:

•Cyclically transmission of the N-Axis MMI control message

•Control of the N-Axis steering mode set-point (VAP and VAA)

•Control of wheel angle limit on-demand

The MMI functionality shall be realized in the target system by the OEM.

Refer to [PVED-CLS MultiAxis-Steer communication protocol].

Vehicle speed sensor

The vehicle speed sensor sub-system performs the following function:

• Aqcusition and transmission of the vehicle propulsion speed onto the CAN bus The vehicle sensor sub-system shall be shall be realized in the target system by the OEM. Refer to [PVED-CLS MultiAxis-Steer communication protocol].

Wheel angle sensor

A wheel angle sensor shall acquire the wheel angle of the front and slave axis respectively. The wheel angle sensor may:

•Redundant analog 0-5V with crossed output characteristic

•CAN based

The vehicle sensor sub-system shall be shall be realized in the target system by the OEM.

Refer to [PVED-CLS MultiAxis-Steer communication protocol] for CAN based wheel angle sensors.

BC321571012557en-000104

MultiAxis-Steer technical information

N-Axis system principal

Road switch

The road switch performs the following functions in respect to slaves axis:

•Activate N-Axis slave steering

•De-activate N-Axis slave steering

More activation/de-activation options are possible:

Active de-energize (immediate)

Disable N-Axis slave steering for reaching a safe operation mode for public road usage. PVED-CLS will remain powered and transmit status and sensor information on the CAN bus. See [Road-switch de-power / de-energize architectures

ON/OFF switch interface - Active de-energize (immediate)] on page 41.

Active de-energize (automatic return to straight)

Disable N-Axis slave steering with auto-centering to straight and subsequent reaching a safe operation mode for public road usage

PVED-CLS will remain powered and transmit status and sensor information on the CAN bus. See [ON/OFF switch interface - Active de-energize (automatic return to straight)] on page 44.

Full electrical de-power/de-energize

Full electrically de-power/de-energize the N-Axis slave to assume a safe state. The PVED-CLS and valves are not powered. No slave axis functionality is available.

See [ON/OFF switch interface - Full electrical de-power/de-energize] on page 45.

Zero-leakage de-power/de-energize architecture option

Applications which require lower rear axis drift while N-Axis is inactive or de-energized, require additional zero-leakage check valves. See [Zero-leakage valve configuration (option)] on page 46.

Advise for system integrators

Important

•The road switch is optional in N-Axis steering systems.

•The OEM system integrator shall take the decision on the need for a road switch based on the hazard and risk analysis for the particular vehicle.

•Factors such as maximum vehicle speed, weights, vehicle use profiles may be part of the considerations.

•The road switch may also operate on N-axis master [electro-hydraulic] steering systems.

•See [Safe state leakage performance] on page 20 for cylinder drift during de-activation.

For systems, where a road switch is required, it must be analysed if cylinder drift, while de-energzied, is acceptable. If cylinder drift cannot be tolerated, additional check valves may be needed for zeroleakage performance.

The system integrator shall ensure that the PVED-CLS and valve sub-system are used in a suitable mode while the vehicle is being used on public roads.

Service tool

The service tool provides a mean to perform calibration and diagnostic during installation and performs the following functions:

•Configure parameter settings

•Read out error codes

•Diagnostic

•Valve spool auto-calibration

•Wheel angle sensor calibration

•Perform manual calibrations

•Program multiple parameters

•Flash firmware

BC321571012557en-000104

MultiAxis-Steer technical information

N-Axis system principal

N-Axis CAN network

CAN message data flow

Four levels of CAN messages are flowing in an N-Axis steering system.

MMI

Master axis controller

Slave #1

Slave #2

Slave #3


=		=
=	nAxis master network message
nAxis MMI message	nAxis master network message
nAxis MMI message
Message content: Placement of	Message content:
virtual axis position VAP, virtual axis	Message content:
virtual axis position VAP, virtual axis	Master axis wheel angle
anlgel VAA and enable/disable N-Axis	Master axis wheel angle
anlgel VAA and enable/disable N-Axis	Operation mode/Safe state
wheel angle limit"	Operation mode/Safe state
wheel angle limit"	indication
	indication


	=		=
nAxis slave network message		nAxis operational status message
Message content:		Message content:
Limiting slave (ID and WA Right)		N-axis operation status
Limiting slave (ID and WA Left)		Calibration status
Safe state indication		Safe state indication

Figure 2 N-Axis CAN message network

N-Axis CAN messages

	CAN message	Function description
	N-Axis MMI	The MMI message contains the VAP and VAA which sets the vehicle steering mode.
		A pre-configured wheel angle limit can be enabled/disabled by the MMI which will take
		priority over other wheel angle limitations in the N-Axis.
		The N-Axis MMI message is only received by the N-Axis slaves (one or more).
		NAXIS MMI PRIMARY MESSAGE [NAXIS_MMI_P]
		NAXIS MMI REDUNDANT MESSAGE [NAXIS_MMI_R]
		Refer to [PVED-CLS MultiAxis-Steer communication protocol].
	N-Axis master net work message	The N-Axis master message contains the master axis steering angle and the operation
		mode or safe state indication.
		NAXIS MASTER PRIMARY MESSAGE [NAXIS_MASTER_P]
		NAXIS MASTER REDUNDANT MESSAGE [NAXIS_MASTER_R]
		Refer to [PVED-CLS MultiAxis-Steer communication protocol].
	N-Axis slave network message	The N-Axis slave network message(s) contains the identifier of the slave which has
		reached its wheel angle limit (R/L) and the operation mode or safe state indication from
		that particular N-Axis slave.
		Any N-Axis can at some point reach a wheel angle restriction which limits the entire N-
		Axis steering behavior i.e. not allowing further N-Axis steering to the direction which has
		reached a limit.
		A slave shall receive and forward the received wheel angle limit from a slave or transmit
		its own limit if this is the tightest wheel angle limit.
		Note that the N-Axis slave network messages are only sent when the number of N-Axis
		slaves is > 1.
		NAXIS WHEEL ANGLE LIMIT PRIMARY MESSAGE [NAXIS_MWA_LIMIT_P]
		NAXIS WHEEL ANGLE LIMIT REDUNDANT MESSAGE [NAXIS_MWA_LIMIT_R]
		Refer to [PVED-CLS MultiAxis-Steer communication protocol].
	N-Axis master/slave operation	Primary and redundant master and slave(s) operation status message [STAT_MSG_OP]
	status message	Operational status message from the master and the slaves. Status message on N-Axis
		steering mode, calibration status and safe sate indication.
		N-Axis operation status messages are for information only.

BC321571012557en-000104		© Danfoss \| Nov 2019 \| 13

MultiAxis-Steer technical information

N-Axis system principal

N-Axis operation

Operation state machine

High-priority N-axis control

Road switch: N-axis active/ON

Road switch: N-axis inactive/OFF

Initialization

POST

Condition 1: Vehicle speed <

[NAXIS_ONROAD_VSP_TRIG_MEAN_KMPH (P3908) - 0.5·NAXIS_ONROAD_VSP_TRIG_HYSTER_KMPH (P3907)]

(P3237=255) AND Road switch state is ‘N-axis active/ON’

Operational

Vehicle speed >

[NAXIS_ONROAD_VSP_TRIG_MEAN_KMPH (P3908) + 0.5·NAXIS_ONROAD_VSP_TRIG_HYSTER_KMPH (P3907)]

Road switch is present (P3237=255)

AND

Road switch state is ‘N-axis inactive/OFF’

Condition 1: |wheel angle|≤ NAXIS_ONROAD_MAX_WA_dDeg(P3909)

Condition 2: NAXIS_WHEELS_STRAIGHT_ROAD_SWITCH_TIMEOUT_10MS (P3094)

On-road locked state

			Figure 3 N-axis operation state machine
States

	State	#	Description
	Initialization	1	Power-on-self-tests are executed to ensure that the hardware, software and valves work to the
	POST		specifications.
	POST		If a fault is detected the PVED-CLS enters the safe state (fail state) and issue a DTC on the CAN bus.

			After transmitting the address claim message, the application shall wait up to 10 seconds for N-Axis
			slave input signals:
			MMI messages, vehicle speed CAN messages, analogue WAS signals, CAN based WAS signals (if
			configured), N-Axis master messages, N-Axis master wheel angle limit messages (when the number
			of slave axis > 1) and road switch signals.

Monitoring is applied on each signal/message upon reception of the first valid signal or message.

		After a fixed 10 seconds time-out period, the software assumes that all signal and messages are
		present and starts individual monitoring of these. Should one or more sensors fail to be ready within
		10 seconds after address claim, the application shall enter the safe state.
	Pre-	2 Prior to executing closed-loop slave axis position control in Operation state, the slave axis angles are
	operational	aligned to the master axis steering angle for the current N-Axis steering mode set-point (VAP, VAA).
	operational

BC321571012557en-000104		© Danfoss \| Nov 2019 \| 14

MultiAxis-Steer technical information

N-Axis system principal

State	#	Description
		The alignment is performed by letting master axis steering motion work as a gate for closed-loop
		position control of the N-Axis slave; the slave axis steering angle will not change position unless the
		master axis is changing position similar to “inching” the slave axis to the correct position.
		This operation is continued until the slave axis position is inside a tolerable range given by the
		parameter P3910. Hereafter the N-Axis resumes to operational state.
Operational	3	Active closed-loop control of the slave axis position.
		The control parameters shall undergo tuning to achieve a controllable steering for any N-Axis
		steering mode change.
		The input for the closed-loop control algorithm is:
		•	Master axis wheel angle
		•	Virtual Axis Position (VAP) from MMI
		•	Virtual Axis Angle (VAA) from MMI
		•	Wheel angle limitations from other N-Axis slaves (n > 1)
		•	Vehicle speed data
		The closed-loop control performance is configurable by the parameters listed in [Safe vehicle speed
		dependent closed loop gain limitation].
		Typically the closed-loop control of the slave axis is configured to approach a sole front axis steering
		system (VAA=0 and VAP = slave axis position) proportionally to increasing vehicle speed.
		The maximum vehicle speed where N-Axis operation shall revert to a sole front axis steering system
		is set by parameter P3908. Exceeding this speed + 0.5·P3907 (half of the vehicle speed hysteresis
		band) will result in a jump to on-road state.
		The hysteresis band shall be configured to avoid state bouncing which may be useful for displaying
		stable information status on displays etc.
On-road	4	On-road state is an intermediate state where the slave axis is controlled to its straight position. Once
state		straight position is reached, the software automatically transits to ‘On-road locked state’ which is the
state		state suitable for higher vehicle speeds.
		state suitable for higher vehicle speeds.
		Two conditions trigger a transition to on-road state:
		1) A transition from Operation state (described above)
		2) Commanding ‘on-road’-mode by means of the manually operated road switch
			(parameter P3237)

On-road state operation:

•Command straight position by forcing VAA is forced to 0 and VAP is forced to the slave axis position (P3896).

•A timer (P3094) is started to open a time window in which the slave axis shall reach straight position

Setting P3094 = 0 will, on switching to on-road mode, disable closed-loop slave axis operation and result in an immediate transition to On-road locked state regardless of the slave axis position. No alarm will be raised if the slave axis angle is not centered. This setting shall be used when the road switch immediately cuts power to the cut-off solenoid valve and thus makes closed-loop control impossible. Important The surrounding system shall observe the slave axis position and take appropriate action in case the slave axis is not in a position which is suitable for operation at higher speeds.

Setting P3094 to a time (e.g. 5000ms) in which it can be expected that the slave axis has been steered to the straight position, enables achieving automatic slave axis self-centering and transition to onroad locked state. If a road switch is present in the system (P3237=255), then cutting power to the cutoff solenoid valve shall be equally delayed e.g. by applying timed delay relays.

If timer P3094 (set to a non-zero value) times out and the slave axis is not inside a configured straight range (P3909), then the N-Axis slave will enter safe state and issue a diagnostic trouble code.

Important The surrounding system shall take appropriate action in case the slave axis enters safe state.

Exit from on-road safe state:

•If the vehicle speed drops below P3908 – 0.5·P3907 (half of the vehicle speed hysteresis band), the software will exit and resume N-Axis operation by jumping to Pre-operational.

•If the road switch is set to ‘N-Axis active/ON’

BC321571012557en-000104

MultiAxis-Steer technical information

N-Axis system principal

State	#	Description
On-road	5	In on-road locked state, both the EH proportional valve and the cut-off valve are de-energized, to
locked state		block steering flows to the slave axis. The hardware is powered but N-Axis closed-loop control is
		suspended. Internal and external monitoring of the electronics and interfacing signals is active.
		Sensors are sampled and data is broadcast onto the CAN bus.
		The slave axis cylinder position is not monitored and purely hydro-mechanically fixed in its position.
		For leakage considerations, see Zero-leakage valve configuration (option) on page 46.
		Exit from On-road locked state:
		•	If the vehicle speed drops below P3908 – 0.5·P3907 (half of the vehicle speed hysteresis
			band), the software will exit and resume N-Axis operation by jumping to Pre-operational.
		•	If the road switch is set to ‘N-Axis active/ON’

BC321571012557en-000104

MultiAxis-Steer technical information

N-Axis system principal

Operation state machine – fault handling

Conidtion 1:	\|wheel angle\|	Max WA
Condition 2:	NAXIS(P3096_) Slave	_10MS (P3096)

Safe state

States

State	#		Description
Pre-safe state	6		Pre-safe state enables the N-Axis system to fail gracefully.
			On detecting any failure classified as ‘external’, the slave axis is steered to straight
			whereafter the software jumps to safe state.
			Operation in Pre-safe state:
			•	Command straight position by forcing VAA is forced to 0 and VAP is forced to
				the slave axis position (P3896).
			•	A timer (P3096) is started to open a time window in which the slave axis shall
				reach straight position.
		If timer P3096 times out and the slave axis is not inside a configured straight range (P3909),
		then the N-Axis slave will enter safe state.
		Failures on the following signals are classified as external:
			•	N-Axis MMI CAN message
			•	N-Axis master network CAN message
			•	N-Axis slave network CAN message
			•	Vehicle speed CAN message
Safe state	7		Safe state is reached when the no flow is output to the slave axis steering cylinder.
			The safe state is achieved by at least one of the below two actions:
			•	De-energizing the EH proportional valve (EH spool is pushed to neutral by a
			•	spring force)
			•	De-energizing the cut-off valve (COV spool is pushed to closed position by a
				spring force)

BC321571012557en-000104

MultiAxis-Steer technical information

Functional safety

Certification (pending)

The PVED-CLS N-Axis steering valve controller is certified for use in off-road safety applications up SIL2 according to IEC 61508, PL d according to ISO 13849 and AgPL d according to ISO 25119. Architectures for risk reduction up to SIL3/PL e/AgPL e is specified.

The certificate for the PVED-CLS valve controller can be found in the document PVED-CLS Functional Safety Annex. The PVED-CLS Functional Safety Annex can be found on the Danfoss homepage: www.danfoss.com

The certificate scope is for the generic PVED-CLS valve controller for use in safety-related applications as follows; for off-road applications, safe electro-hydraulic steering is ensured by metering out a safe steering flow as a function of selected steering mode, input steering command, vehicle speed and steered wheel angle.

For on-road operation, functional safety is achieved by de-energizing the PVED-CLS valve controller.

Important

The certificate does not cover safe on-road system to SIL 3, PL e and AgPL e in its entirety as it requires external circuitry, which is not in scope of the assessment.

The certification is not a guarantee for that the realized functional safety is sufficient for any machine. The OEM system integrator is responsible for analyzing the hazard and risks for a particular machine and evaluate if the risks are sufficiently reduced by the provided safety functions. The application of the PVED-CLS and valve sub-system is subject for a separate safety life-cycle.

System integrator responsibility

Attention

It is within the responsibility of the OEM system integrator to:

•Having an organization that is responsible for functional safety of the system.

•Ensuring that only authorized and trained personnel perform functional safety related work.

•Choosing reliable components.

•Completing a system hazard & risk analysis and derive the required risk reduction targets.

•Reassessing the hazard & risk every time the system is changed.

•Ensuring that the derived risks are properly reduced by the safety functions provided by the PVED-CLS valve controller.

•Certification and homologation of the entire system to the desired risk reduction level.

•Installation, set-up, safety assessment and validation of the interfacing sensor sub-systems.

•Parameter configuration of the application software in accordance with this safety manual.

•Validating that the safety functions reduce the risks as expected.

•Any related non-safety standards should be fulfilled for the application and its components.

•Verify the environmental robustness suitability of the PVED-CLS to installation in the final system in its surrounding environment.

•Periodically inspect for errata information updates.

BC321571012557en-000104

MultiAxis-Steer technical information

Functional safety

Safety function overview

System/Sensor interface

<![if ! IE]>

<![endif]>Road switch

<![if ! IE]>

<![endif]>Relay circuitry

<![if ! IE]>

<![endif]>N-Axis MMI message

<![if ! IE]>

<![endif]>Master wheel angle

<![if ! IE]>

<![endif]>N-Axis slave wheel

<![if ! IE]>

<![endif]>Vehicle speed sensor

<![if ! IE]>

<![endif]>SIL2, PL d, AgPL d

<![if ! IE]>

<![endif]>SIL3, PL e, AgPL e

Safety function/safety related control function

Safe on-road mode / active de-energization

•

On-road mode (no road switch installed)

•

Safe EH N-Axis steering

•

Safe vehicle speed dependent virtual axis position (VAP) limit

Safe vehicle speed dependent virtual axis position (VAP) change

rate.

Safe vehicle speed dependent virtual axis angle (VAA) limit.

Safe vehicle speed dependent virtual axis angle (VAA) change

•

rate.

Safe vehicle speed dependent closed-loop control gain

limitation

Safe vehicle speed dependent wheel angle set-point limitation

Safe N-Axis steering angle initialization (pre-operational).

•

Element of safety function

Highest achievable risk reduction

BC321571012557en-000104

MultiAxis-Steer technical information

Functional safety

Functional safety specification

Safe state

The safe state is achieved when no steering flow is provided to/from the steering cylinder and the N- Axis slave cylinder is fixed at its position.

Achieving the safe state relies on a de-energize/fail safe princicple.

To reach the safe state, all safety controlled outputs, i.e. solid state power switches controlling the EHi valve, are de-energized.

For the EHi valve, the safe state is achieved by one or both of the following states:

•The EH-valve main spool of the EH steering valve is in neutral position.

•Cut-off valve spool is in blocked position.

If the PVED-CLS hardware or software detects a failure or fails to function, the safe state will be demanded. One or more diagnostic trouble codes related to the detected failure will be broadcast on the CAN bus. Refer to [Diagnostic Trouble Codes] on page 96.

N-Axis steering operation while in safe state

If an N-Axis steering system enters safe state, N-Axis angle(s) closed-loop control of all N-Axis stops, and the respective N-Axis slave steering angles will freeze.

The operator will detect this as a different vehicle steering behavior when steering the vehicle. The difference in perceived steering behavior will increase with the operators steering input command change. This property shall be considered for ensuring vehicle steering controllability in N-Axis safe state.

Important

The surrounding system shall take appropriate action if an N-Axis slave enters safe state e.g. raising the attention at the operator by means of an acoustic and visual alarm.

Safe state leakage performance

In the safe state the cylinder is isolated and fixed in position. External forces on the steered wheels may cause slow cylinder position drift due to hydraulic leakage.

The maximum leakage is 150ml/min at 150bar cylinder port pressure at ~21cSt (Tellus 32, 50°C).

In application where ~zero cylinder drift is required, additional pilot-operated check valves shall be considered on the cylinder ports. See page 46.

Reset and recovery from safe state

The PVED-CLS cannot leave the safe state by normal application interaction but requires a reset. Resetting the PVED-CLS valve controller from safe state can be done by any of the below methods:

•Power-cycling battery supply to the PVED-CLS

•Performing a soft-reset by J1939 CAN command [PVED-CLS MultiAxis-Steer communication protocol].

•Perform a jump to and out of boot-loader via KWP2000 start and stop diagnostic session services [PVED-CLS KWP2000 protocol].

All the above-mentioned methods to reset the PVED-CLS from safe state, will force a full Power-on-Self-

Test (POST) of the PVED-CLS and valve.

Safety function response time

The safety response time is defined as the period of time between a failure is first observed by the diagnostics and the time by which the safe state has been achieved, e.g. de-energizing the solenoid valves to bring the valve spool(s) within the hydraulic deadband (no steering flow output).

		Fault reaction/risk
	Safety function	mitigation		Safety response time
	Safe on-road mode / active de-energization	Safe on-road mode		70 ms
	(immediate)	Safe on-road mode		70 ms
	(immediate)

BC321571012557en-000104			© Danfoss \| Nov 2019 \| 20

MultiAxis-Steer technical information

Functional safety

Safe EH-steering / N-Axis closed loop
cylinder position control	Safe state	160 ms
Control loop time: 10ms

The safety related control function ‘Safe EH-steering’ is executed every 10ms and executes safe closedloop cylinder position control.

The reaction time for the EHi valve spool to reach neutral position (safe state) from full stroke is typically 60ms for normal working temperature/viscosity.

The ‘Safe on-road mode’ is demanded by the road switch and switches to safe on-road mode within a 10ms control loop period (react and switch off valve drivers) plus the time it takes for the valve spool to close the steering flows (maximum spool stroke).

Monitoring function response time

The monitoring funciton response time is defined as the period of time between a failure is first observed by the diagnostics and the time by which the safe state has been achieved, e.g. deenergizing the solenoid valves to bring the valve spool(s) within the hydraulic deadband (no steering flow output).

The reaction time for the EHi valve spool to reach neutral position (safe state) from full stroke is typically 60ms for normal working temperature/viscosity.

	Fault reaction/risk	Monitoring response time
	Fault reaction/risk	EHi valve
Monitoring	mitigation	EHi valve
Internal hardware and
software		160 ms
External sensor monitoring
(note 1)		160 ms
Valve main spool monitoring		250 ms (note 2)
Solenoid valve connection
monitoring	Safe state	560 ms

Note 1: Sensor CAN message time-outs are configurable which has a direct impact on the fault reaction time.

Note 2: The spool monitoring fault reaction times are valid when the hydraulics has reached normal working temperature/viscosity.

BC321571012557en-000104

MultiAxis-Steer technical information

Functional safety

N-Axis safe EH steering

The safety functions of the N-Axis steering system is to provide :

•“Safe EH steering” (in general) and

•“Safe N-Axis on-road mode”

in multiple axis steering systems.

Safe EH-steering / N-Axis closed loop cylinder position control

The probabilistic calculations are based on FMEDA calculations according to IEC 61508. The calculations are valid for off-road application mode and related safety functions. All safety functions and related hardware are included.

Sensor sub-systems as well as road switch are not included as it depends on the system.

The CAN bus contributes less than 1% of SIL2 due to the applied safety protocol and is thus omitted in safety related calculations.

Ext. Primary					EH-valve
	sensor				EH-valve
	sensor
		Ext.	PVED-CLS



					Cut-off valve
Redundant
Redundant
	sensor

		Figure 4 Simplified reliability block diagram

Safety parameter		Specification		Description
SIL	2
PFH		5.77∙10-8 [1/h]
Component type		B
SFF	98 %			IEC 61508 ed. 1
DC	97 %			The FMEDA calculation assumes the use of
Architecture /category (IEC 61508)		1oo2		redundant analogue WAS with inverted
Proof test interval/mission time		20 years		characteristics.
				Calculations are performed at an average
Reliability handbook		Siemens SN29500		temperature equal to 80 °C
		Mechanical	valve
		parts (EH-valve, EH-		On demanding the safe state, both valves do not
		main spool, cut-off		fail simultaneously. At least one valve will always
Fault exclusion		valve, cut-off spool)		block the EH steering flow to the cylinder.
OSPE EH-valve test		On-line testing		Direct monitoring by a LVDT sensor.
				Indirect monitoring by test pilot pressure test. Test
		Intermittent	full	performed on changing to off-road mode and
OSPE Cut-off valve test		stroke test.		prior to executing off-road steering functionality.
AgPL/PL		d		Maximum achievable performance level
MTTFd per channel		36 years		ISO 13849, ISO 25119
DCavg per channel	97 % / (95 %)			ISO 13849 / (ISO 25119, lowest of the two channels)
Category	3			ISO 13849, ISO 25119
PVED-CLS and valve sub-system		2		When using with EHPS valve. ISO 13849, ISO 25119
CCF analysis	>65			ISO 13849, ISO 25119
Software Requirement Level		SIL2 / SRL3		IEC 61508, ISO 13849 / ISO 25119
Systematic Capability (SC)	2			IEC 61508

Source: Danfoss PVED-CLS/OSPE/EHPS/EHi FMEDA.

BC321571012557en-000104

MultiAxis-Steer technical information

Functional safety

Safe N-Axis on-road mode / N-Axis active de-energize (shut-off)

Additional circuitry is needed for systems where the hazard & risk outcome points to a higher risk reduction (avoiding unintended steering) than the PVED-CLS can provide. External logic shall be installed to have the PVED-CLS powered while being in a de-energized state.

The probabilistic calculations are based on FMEDA calculations according to IEC 61508. Non-relevant safety parts in the PVED-CLS are excluded in the calculation of the safety related specifications.

PVED-CLS		EH-valve

Road switch

External logic		Cut-off valve
External logic		Cut-off valve

Figure 5 Simplified reliability block diagram

The below data is valid for the safe on-road switch channel containing the PVED-CLS and solenoid valve bridge. For specification on the electro-mechanical channel see section Safety requirements for additional circuitry for SIL3/PL e on page 48.

Safety parameter	Specification			Description
SIL	2
PFH	6.08∙10-8 [1/h]			IEC 61508 ed. 1
Component type	B
SFF	98 %			The FMEDA calculation assumes the use of redundant
DC	97 %			analogue WAS with inverted characteristics.
Architecture /category (IEC				All circuitry including circuitry for diagnostics is
61508)	1oo2			included except LED, temperature sensor and JTAG
Proof test interval/mission time	20 years			interface.
				Calculations are performed at an average temperature
Reliability handbook	Siemens SN29500			equal to 80 °C
	Mechanical		valve	On demanding the safe state, both valves do not fail
	parts	(EH-valve,		simultaneously. At least one valve will always block the
	EH-main		spool,	EH steering flow to the cylinder. Fault accumulation is
	cut-off valve, cut-			addressed by OSPE EH-valve and OSPE Cut-off valve
Fault exclusion	off spool)			test.
OSPE EH-valve test	On-line testing			Direct monitoring by a LVDT sensor.
				Indirect monitoring by test pilot pressure test. Test
	Intermittent		full	performed on changing to off-road mode and prior to
OSPE Cut-off valve test	stroke test.			executing off-road steering functionality.
AgPL/PL	d			Maximum achievable performance level
				Optimized value for this Safety function.
MTTFd per channel	57 years			ISO 13849, ISO 25119.
DCavg per channel	97 % / (95 %)			ISO 13849 / (ISO 25119, lowest of the two channels)
				When using with OSPE, EHi-E or EHi-H valve. ISO 13849,
Category	3			ISO 25119
PVED-CLS and valve sub-system	2			When using with EHPS valve. ISO 13849, ISO 25119
CCF analysis	>65			ISO 13849, ISO 25119
Software Requirement Level	SIL2 / SRL3			IEC 61508, ISO 13849 / ISO 25119
Systematic Capability (SC)	2			IEC 61508

Source: Danfoss PVED-CLS/OSPE/EHPS/EHi FMEDA.

BC321571012557en-000104

MultiAxis-Steer technical information

Functional safety

N-Axis safety related control functions

External

interface

VSP_P

Vehicle speed

Safe vehicle speed

dependent closed-loop

VSP_R

CAN monitoring

control gain limitation

VAP

Safe vehicle speed

dependent VAP

Safe vehicle

limit

change rate limit

N-axis slave

MMI_P

MMI CAN

∫

Calculateflow

MMI_R

monitoring

command

VAA

Safe vehicle speed

Safe vehicle

point limitation

dependent VAA

P3923

limit

change rate limit

Calculatelimited

Wheel angle limit on demand (on/off )

MASTER_P

N-axis master

flow command as

CAN monitoring

Front axis wheel angle

function of frontaxis

MASTER_R

steeringspeed

MWA_LIMIT_P

N-axis slave

N-axis network – wheel angle limitation fromother slaves

MWA_LIMIT_R

CAN monitoring

WAS_P

WAS CAN

Calibration

WAS_R

monitoring

AD1

WAS Analog

Calibration

AD2

monitoring

P3239

Flow command to

spool set- SVC point transfer

function

PRE_OPERATIONAL/

N-AXIS OPERATIONAL

Figure 6 N-Axis EH safe steering block diagram

Blue blocks ( ) provide a link to the related chapter

Safe vehicle speed dependent Virtual Axis Position (VAP) limit

Realizing a safe MMI interface

The safety related control function ‘Safe vehicle speed dependent Virtual Axis Position limit’ is an instance of the safety functions for realizing a safe N-Axis MMI interface and work in a coordinated fashion with

•[Safe vehicle speed dependent Virtual Axis Position (VAP) change rate],

•[Safe vehicle speed dependent Virtual Axis Angle (VAA) limit] and

•[Safe vehicle speed dependent Virtual Axis Angle (VAA) change rate].

A correctly configured safe MMI interface will allow any random VAP and VAA input value and change rate while maintaining controllable N-Axis operation. No unintended change will lead to loss of steering controllability.

The N-axis MMI interface can in such a case be regarded as non-critical for safe N-Axis operation.

Operation

The received VAP set-point is limited in accordance with a programmable safe VAP range envelope. This may be useful in advanced N-Axis steering modes where VAP can be changed dynamically during N-Axis operation and where there is no expectation to the VAP set-point. In such cases, a safe VAP envelope can be configured.

The safe VAP range is configurable as a three-piece linear characteristic as shown in Figure 8. The software performs linear interpolation to calculate the limited VAP set-point which is used by the N- Axis control algorithm.

BC321571012557en-000104

MultiAxis-Steer technical information

Functional safety

(+P3868 [mm], P3871 [kmph])

(-P3868 [m m], P3871 [kmph])

(+P3864 [mm], 0 [km ph])

(+P3866 [mm], P3870 [kmph])

(-P3866 [m m], P3870 [kmph])

(-P3864 [m m], 0 [kmph])

Master axis
Master axis		Slave axis
		Slave axis
	P3896 [mm]




	P3898 [mm]
	P3898 [mm]

Figure 7 Safe vehicle speed dependent Virtual Axis Position (VAP) limit operation

Parameters

The received VAP is limited to the range defined by the envelope shown in Figure 8.

	N-Axis Virtual		Clamp
			0
			1
		P3868			2		Vehicle Speed
			P3870			P3871


			Figure 8 Safe vehicle speed dependent VAP range envelope

	Address		Name	Unit		Description of parameter
						Clamp the Virtual Axis Position at vehicle
	P3864	N-Axis - Virtual axis position clamp at		mm		speed 0 to the range defined by N-Axis
	P3864	vehicle speed 0		mm		center postion (P3898) +/- this
						value (P3864)
						Clamp the Virtual Axis Position at vehicle
	P3866	N-Axis - Virtual axis position clamp at		mm		speed 1 to the range defined by N-Axis
	P3866	vehicle speed 1		mm		center postion (P3898) +/- this
						value (P3866)
						Clamp the Virtual Axis Position at vehicle
	P3868	N-Axis - Virtual axis position clamp at		mm		speed 2 to the range defined by N-Axis
	P3868	vehicle speed 2		mm		center postion (P3898) +/- this
						value (P3868)


BC321571012557en-000104							© Danfoss \| Nov 2019 \| 25

MultiAxis-Steer technical information

Functional safety

P3870	N-Axis - Vehicle speed 1 for virtual	kmph	Vehicle speed 1 for Virtual Axis Position
	axis position clamp		clamp
P3871	N-Axis - Vehicle speed 2 for virtual	kmph	Vehicle speed 2 for Virtual Axis Position
	axis position clamp		clamp
P3896	Slave position with respect to the	mm	Slave Position with respect to the master
P3896	master	mm	Slave Position with respect to the master
	master
P3898	Virtual axis mean position with	mm	Virtual axis mean position with resoect to
P3898	respect to the master	mm	the master

Note: The PVED-CLS performs a plausibility check at start-up on all parameters according to the following rule: P3864 ≥ P3866 ≥ P3868 AND P3870 < P3871

Parameter tuning guideline

Scenario 1: Advanced N-Axis steering - dynamic changing VAP during operation

The ‘VAP clamp at vehicle speed 0 kmph’ -range (P3864) is typically set to the maximum possible VAP set-point for the vehicle. This value is often determined by the vehicle geometry and the desired maximum turning radius in N-Axis steering mode at low speeds.

At higher vehicle speeds, it may be desired to change the N-Axis steering to a mode which provides better steering stability and controllability at higher speeds. This may be achieved by moving the virtual axis position towards the defined NAXIS_VA_MEAN_POSITION_MM (P3898) as the vehicle speed increases.

The ‘Virtual Axis Position clamp at vehicle speed VSP1 and VSP2’-ranges (P3866, P3868) shall progressively made smaller. The resulting VAP set-points are expected to follow this trend.

Setting the ‘Virtual Axis Position clamp at vehicle speed VSP2’-range (P3868) to 0 will clamp any non-0 VAP set-point at vehicle speed = VSP2 (P3871) to 0. Consequently, the clamped VAP set-point will be equal to the NAXIS_VA_MEAN_POSITION_MM (P3898). If in addition to this the NAXIS_VA_MEAN_POSITION_MM is identical to the physical slave position the steering behavior will resemble a traditional two-wheel steering system.

Tests shall be performed to validate the safety of the settings.

Scenario 2 Advanced N-Axis steering – static VAP during operation

For N-Axis steering systems where only one N-Axis steering behavior, e.g. round-steering, is desired, the MMI may send a static VAP.

If the static VAP is safe at all vehicle speeds, then P3864, P3866, P3868 can be set equal to the expected static VAP set-point and P3870 and P3871 can be set to the maximum allowed vehicle speed in N-Axis mode.

If the safety validation tests indicate that N-Axis steering is not safe at all vehicle speeds, then adjust

P3864, P3866, P3868 until steering controllability is reached at all vehicle speeds.

Operation when number of slaves > 1

P3864, P3866, P3868, P3780, P3871 and P3898 shall be set to the same value in all N-Axis slaves.

BC321571012557en-000104

MultiAxis-Steer technical information

Functional safety

Safe vehicle speed dependent Virtual Axis Position (VAP) change rate

With the VAP change rate it is possible to set up a relaxed system at high vehicle speed so that any change from the operator will be accepted but will happen at a slow rate moving the Virtual Axis position from one point to another more relaxed.

Realizing a safe MMI interface

The safety related control function ‘Safe vehicle speed dependent Virtual Axis Position change rate’ is an instance of the safety functions for realizing a safe N-Axis MMI interface and works in a coordinated fashion with:

•[Safe vehicle speed dependent Virtual Axis Position (VAP) limit]

•[Safe vehicle speed dependent Virtual Axis Angle (VAA) limit]

•[Safe vehicle speed dependent Virtual Axis Angle (VAA) change rate]

A correctly configured safe MMI interface will allow any random VAP change rate while maintaining a stable and controllable N-Axis operation.

The N-Axis MMI interface can in such case be regarded as non-critical for safe N-Axis operation after safety validation testing.

Operation

The safety related control function ‘Safe vehicle speed dependent Virtual Axis Position (VAP) change rate’ operates on the output of safety related control function [Safe vehicle speed dependent Virtual

Axis Position (VAP) limit]. See also [Figure 6 N-Axis EH safe steering block diagram].

A VAP set-point change is limited in accordance with a programmable ‘safe VAP change rate’ -range

shown in [Figure 10 Safe vehicle speed dependent VAP change range envelop]. This may be useful for advanced N-

Axis steering modes where the VAP set-point can be changed dynamically during N-Axis operation. In such cases, a safe VAP change rate range can be configured while allowing some freedom to the generation of the VAP set-point.

The safe VAP change rate range is configurable as a three-piece linear characteristic. The software performs linear interpolation to calculate the limited VAP set-point change rate limit at any vehicle speed.

		VAP		VAP set-point
		VAP		VAP

t=0

VAP set-point changestep from →



Master axis		Slave axis

Figure 9 Safe vehicle speed dependent Virtual Axis Position (VAP) change rate operation

BC321571012557en-000104

MultiAxis-Steer technical information

Functional safety

Parameter

	N-Axis Virtual Axis Position		[mm/s]
		0
			1
	P3876				2		Vehicle Speed
			P3878			P3879


			Figure 10 Safe vehicle speed dependent VAP change range envelop

Address	Name			Unit			Description of parameter
P3872	N-Axis - Virtual axis position ramp at vehicle speed 0			mm/s		Virtual Axis Position ramp at Vehicle speed 0.
P3874	N-Axis - Virtual axis position ramp at vehicle speed 1			mm/s		Virtual Axis Position ramp at Vehicle speed 1
P3876	N-Axis - Virtual axis position ramp at vehicle speed 2			mm/s		Virtual Axis Position ramp at Vehicle speed 2

P3878	N-Axis - Vehicle speed 1 for virtual axis position ramp			kmph		Vehicle speed 1 for Virtual Axis Position ramp
P3879	N-Axis - Vehicle speed 2 for virtual axis position ramp			kmph		Vehicle speed 2 for Virtual Axis Position ramp

Note: The PVED-CLS performs a plausibility check at start-up on all parameters according to the following rule: P3872 ≥ P3874 ≥ P3876 AND P3878 < P3879

Parameter tuning guideline

Scenario 1: Dynamically changing VAP during operation

Changing the VAP will alter the vehicle steering mode. A VAP change is typically easier to control at lower speeds than at higher vehicle speeds. The below tuning guideline may serve as a starting point for system integrators.

Refer to Figure 10 Safe vehicle speed dependent VAP change range envelop:

1.Adjust point : The possible range at which the VAP can change is given by ±P3864 (refer to [Safe vehicle speed dependent Virtual Axis Position (VAP) limit]). Observe, while toggling the VAP set-point between the outer range values ±P3864, that that the steering mode changes at a controllable speed for all front axis steering angles. Tune P3872 as high as possible while achieving the desired steering mode change response when the vehicle is at still-stand.

2.Adjust point : As a starting point, set P3876 to e.g. 100 (10mm/s) and set P3879 to the maximum vehicle speed at which N-axis operation is allowed. The possible range of VAP set-points are limited (refer to [Safe vehicle speed dependent Virtual Axis Position (VAP) limit]). Observe, while toggling the VAP set-point between the maximum possible limited values, that that the steering mode changes at controllable speed for all front axis steering angles. Tune P3876 as high as possible while achieving the desired controllable steering mode change response while driving at P3879 kmph.

3.Adjust point :As a starting point, set P3878 to 0.5 x P3879 and set P3874 to 0.5 x P3872. The possible range of VAP set-points are limited by [Safe vehicle speed dependent Virtual Axis Position (VAP) limit)]. Observe, while toggling the VAP set-point between the maximum possible limited values, that that the steering mode changes at a controllable speed for all front axis steering angles. Tune P3874 as low as possible while achieving the desired controllable steering mode change response while driving at P3878 kmph.

BC321571012557en-000104

MultiAxis-Steer technical information

Functional safety

Scenario 2: Fixed VAP during operation

For N-axis steering systems where a constant VAP set-point is applied during operation, the MMI shall transmit a fixed VAP set-point. Limiting the rate of change for this VAP is only relevant to control an unintended VAP change. Set P3872, P3874 and P3876 to e.g. 100 [mm/s] to achieve a slow changing steering system in the event of receiving an unintended VAP set-point.

P3878 and P3879 are not relevant and shall be set to valid values.

Scenario 3: Disable VAP change rate limiting

VAP change rate limitation can be disabled by setting P3872, P3874 and P3876 to 10000.

P3878 and P3879 are not relevant and shall be set to valid values. Any limited VAP set-point change will take immediate effect.

Operation when number of slaves > 1

P3872, P3874, P3876, P3878, P3879 shall be set to the same value in all N-Axis slaves.

Important

•P3872, P3874, P3876 shall be set to values > 0. VAP rate change limitation will not work when 0 is used.

•The parameter tuning guideline may not apply to all steering systems.

BC321571012557en-000104

MultiAxis-Steer technical information

Functional safety

Safe vehicle speed dependent Virtual Axis Angle (VAA) limit

Realizing a safe MMI interface

The safety related control function ‘Safe vehicle speed dependent Virtual Axis Angle limit’ is an instance of the safety functions for realizing a safe N-Axis MMI interface and work in a coordinated fashion with

•[Safe vehicle speed dependent Virtual Axis Position (VAP) limit],

•[Safe vehicle speed dependent Virtual Axis Position (VAP) change rate],

•[Safe vehicle speed dependent Virtual Axis Angle (VAA) change rate].

The N-axis MMI interface can in such a case be regarded as non-critical for safe N-Axis operation.

Operation

The received VAA set-point is limited in accordance with a programmable safe VAA range envelope. This may be useful in advanced N-Axis steering modes where VAA can be changed dynamically during N-Axis operation and where there is no expectation to the VAA set-point. In such cases, a safe VAA envelope can be configured.

The safe VAA range is configurable as a three-piece linear characteristic. The software performs linear interpolation to calculate the limited VAA set-point which is used by the N-Axis control algorithm.

Virtual Axis Position

Master axis

Slave axis

(-P3880 [dDeg], 0 [kmph])

(+P3880 [dDeg], 0 [kmph])

(-P3882 [dDeg], P3886 [kmph])

(+P3882 [dDeg], P3886 [kmph])

(-P3884 [dDeg], P3887 [kmph])

(+P3884 [dDeg], P3887 [kmph])

Figure 11 Safe vehicle speed dependent Virtual Axis Angle (VAA) limit operation

BC321571012557en-000104

+ 74 hidden pages