Danfoss MultiAxis-Steer User guide
MultiAxis
-Steer
EHI Electrohydraulic steering valve with PVED
controller
Technical Information
FW 1.00
TM
-CLS
- user and safety manual
MultiAxis-Steer technical information
Document references
Date
Page
Changed
ECO No.
Rev.
Revisions
Revision History
Table of Revisions
04 Oct. 2019 First release:
FW 1.00
© 2019 Danfoss A/S. All rights reserved
All trademarks in this material are properties of their respective owners.
PLUS+1, GUIDE and Sauer-Danfoss are trademarks of Danfoss A/S.
0104
BC321571012557en-000104 © Danfoss | Nov 2019 | 2
MultiAxis-Steer technical information
Document references
PVED-CLS MultiAxis-Steer communication protocol
Revision 1.02 29 Oct 2019
PVED-CLS Technical Specification
BC00000355
PVED-CLS MultiAxis-Steer firmware release note
1.02 29 Oct. 2019
This documentation is related to the following software version:
See MultiAxis-Steer firmware revision in Document references
Warning
Identifies information about practices or circumstances that can lead
Identifies a typical use of a functionality or parameter value. Use
process of the system.
Document references
Software reference
Errata information
Literature
Document Revision
PVED-CLS KWP2000 protocol Revision 1.79 02 May 2018
PVED-CLS User manual Revision 1.7 14 Jan 2019
EHi steering valve technical information BC00000379
The latest errata information is always available on the Danfoss homepage: www.danfoss.com
It contains errata information for:
• PVED-CLS boot loader
• PVED-CLS application
• Documentation
• PLUS+1® Service tool
• Other topics related to the steering system
If further information to any errata is required, please contact your nearest Danfoss Product
Application Engineer
Important User Information
Danfoss is not responsible or liable for indirect or consequential damages resulting from the use or application of
this equipment.
The examples and diagrams in this manual are included for illustration purposes. Due to the many variables and
requirements associated with any particular installation, Danfoss cannot assume responsibility or liability for the
actual used bases on the examples and diagrams.
Reproduction of whole or part of the contents of this safety manual is prohibited.
The following notes are used to raise awareness of safety considerations.
Identifies information about practices or circumstances that can
cause a hazardous situation, which may lead to personal injury or
death, damage or economic loss.
Attention
to personal injury or death, property damage, or economic loss.
Attentions help you identify a hazard, avoid a hazard, and recognize
the consequence.
Important
Recommendation
Identifies information that is critical for successful application and
understanding of the product.
recommendations as a starting point for the final configuration
BC321571012557en-000104 © Danfoss | Nov 2019 | 3
MultiAxis-Steer technical information
Terms and abbreviations
Abbiviation
Meaning
AgPL
Agricultural Performance Level per ISO 25119
CAT
Safety category per ISO 13849 and ISO 25119
CCF
Common Cause Failure
COV
Cut-Off Valve
DC
Diagnostic Coverage
CLS, includes the de-engergize
Infers: Block hydraulic pilot pressure by switching off
PVED-CLS will remain powered on.
ECU
Electronic Control Unit
EH
Electro-Hydraulic
EHi-E
Electro-Hydraulic Inline Valve – Electronic Override
FMEA
Failure Mode and Effects Analysis
FMEDA
Failure Mode and Effects and Diagnostic Analysis
IR
Internal Resolution [-1000;1000]
MMI
Man-Machine Command Interface
MTTFd
Mean time to potentially dangerous failure
N-Axis
Multi-axis, more than one axis is steered
OEM
Original Equipment Manufacturer
OSPE
Orbital Steering Product – Electro-hydraulic
PFD
Probability of dangerous failure on Demand
PFH
Probability for dangerous failure per hour
PL
Performance level per ISO 13849
POST
Power On Self Test
PSAC
Parameter Sector Access Code
here the valve controller
SASA
Steering Angle Sensor Absolute
SC
Systematic capability
SEHS
Safe Electro-Hydraulic Steering
SFF
Safe Failure Fraction
SIL
Safety Integrity Level
SPN
Suspect Parameter Number
SVB
Solenoid Valve Bridge
Solenoid Valve Control – Control algorithm for PVEDCLS
VAA
Virtual Axis Angle
VAP
Virtual Axis Position
WAS
Wheel Angle Sensor
Terms and abbreviations
de-power
de-energize
PVED-CLS
Infers: Disconnect electrical power supply to PVED-
electrical power supply to EHi and cut-off valve. The
Proportional Valve Digital – Closed Loop - Safety –
BC321571012557en-000104 © Danfoss | Nov 2019 | 4
SVC
MultiAxis-Steer technical information
Contents
Contents
Document references 3
Software reference ....................................................................................................................................................... 3
Errata information......................................................................................................................................................... 3
Important User Information ...................................................................................................................................... 3
Terms and abbreviations 4
Contents 5
Introduction 9
N-Axis system principal 10
N-Axis system configurations.................................................................................................................................. 10
N-Axis master [hydrostatic] steering system ................................................................................................ 10
N-Axis master [electro hydraulic] steering system ..................................................................................... 10
N-Axis master functions ............................................................................................................................................ 11
N-Axis slave function ................................................................................................................................................. 11
Man Machine Interface (MMI) ................................................................................................................................. 11
Vehicle speed sensor ................................................................................................................................................. 11
Wheel angle sensor .................................................................................................................................................... 11
Road switch................................................................................................................................................................... 12
Active de-energize (immediate) ....................................................................................................................... 12
Active de-energize (automatic return to straight) ...................................................................................... 12
Full electrical de-power/de-energize .............................................................................................................. 12
Advise for system integrators ........................................................................................................................... 12
Service tool ................................................................................................................................................................... 12
N-Axis CAN network ................................................................................................................................................... 13
CAN message data flow ...................................................................................................................................... 13
N-Axis CAN messages .......................................................................................................................................... 13
Operation state machine .................................................................................................................................... 14
States .................................................................................................................................................................. 14
Operation state machine – fault handling .................................................................................................... 17
States .................................................................................................................................................................. 17
Functional safety 18
Certification (pending) .............................................................................................................................................. 18
System integrator responsibility ............................................................................................................................ 18
Safety function overview .......................................................................................................................................... 19
Functional safety specification ............................................................................................................................... 20
Safe state ................................................................................................................................................................. 20
N-Axis steering operation while in safe state ......................................................................................... 20
Safe state leakage performance ................................................................................................................. 20
Reset and recovery from safe state.................................................................................................................. 20
Safety function response time .......................................................................................................................... 20
Monitoring function response time ................................................................................................................ 21
N-Axis safe EH steering.............................................................................................................................................. 22
Safe EH-steering / N-Axis closed loop cylinder position control ...................................................... 22
N-Axis safety related control functions ................................................................................................................ 24
Safe vehicle speed dependent Virtual Axis Position (VAP) limit ............................................................. 24
Realizing a safe MMI interface ..................................................................................................................... 24
Operation .......................................................................................................................................................... 24
Parameters ........................................................................................................................................................ 25
Parameter tuning guideline ......................................................................................................................... 26
Operation when number of slaves > 1 ..................................................................................................... 26
Safe vehicle speed dependent Virtual Axis Position (VAP) change rate .............................................. 27
Realizing a safe MMI interface ..................................................................................................................... 27
Operation .......................................................................................................................................................... 27
Parameter .......................................................................................................................................................... 28
Parameter tuning guideline ......................................................................................................................... 28
Operation when number of slaves > 1 ..................................................................................................... 29
Safe vehicle speed dependent Virtual Axis Angle (VAA) limit................................................................. 30
Realizing a safe MMI interface ..................................................................................................................... 30
BC321571012557en-000104 © Danfoss | Nov 2019 | 5
MultiAxis-Steer technical information
Contents
Operation .......................................................................................................................................................... 30
Parameter .......................................................................................................................................................... 31
Parameter tuning guideline ......................................................................................................................... 31
Operation when number of slaves > 1 ..................................................................................................... 32
Safe vehicle speed dependent Virtual Axis Angle (VAA) change rate .................................................. 32
Realizing a safe MMI interface ..................................................................................................................... 32
Operation .......................................................................................................................................................... 32
Parameter .......................................................................................................................................................... 33
Parameter tuning guideline ......................................................................................................................... 34
Operation when number of slaves > 1 ..................................................................................................... 34
Safe vehicle speed dependent closed loop gain limitation ..................................................................... 35
Realizing a safe closed-loop position control of the slave axis ......................................................... 35
Operation .......................................................................................................................................................... 35
Parameters ........................................................................................................................................................ 36
Parameter tuning guideline ......................................................................................................................... 36
Operation when number of slaves > 1 ..................................................................................................... 37
Safe vehicle speed dependent wheel angle setpoint limitation ............................................................ 37
Realizing a safe closed-loop position control of the slave axis ......................................................... 37
Operation .......................................................................................................................................................... 37
Parameters ........................................................................................................................................................ 38
Parameter tuning guideline ......................................................................................................................... 38
Operation when number of slaves > 1 ..................................................................................................... 39
Safe N-Axis steering angle initialization (pre-operational) ...................................................................... 39
Operation .......................................................................................................................................................... 39
Parameters ........................................................................................................................................................ 39
Parameter tuning guideline ......................................................................................................................... 39
Operation when number of slaves > 1 ..................................................................................................... 39
System Architecture 40
System diagrams ......................................................................................................................................................... 40
N-Axis master [hydrostatic] ................................................................................................................................ 40
N-Axis master [electro-hydraulic]..................................................................................................................... 40
PVED-CLS steering controller .................................................................................................................................. 40
Connector interface ............................................................................................................................................. 40
Technical specification ........................................................................................................................................ 40
DC Power supply ................................................................................................................................................... 40
Road-switch de-power / de-energize architectures ......................................................................................... 41
ON/OFF switch interface - Active de-energize (immediate) .................................................................... 41
Operation .......................................................................................................................................................... 41
Interface ............................................................................................................................................................. 42
Monitoring ........................................................................................................................................................ 42
ON/OFF switch interface - Active de-energize (automatic return to straight) ................................... 44
Operation .......................................................................................................................................................... 44
Monitoring ........................................................................................................................................................ 45
ON/OFF switch interface - Full electrical de-power/de-energize ........................................................... 45
Zero-leakage valve configuration (option) ................................................................................................... 46
Background ....................................................................................................................................................... 46
Pilot operated check valves ......................................................................................................................... 46
Architecture for zero-leakage performance ........................................................................................... 46
Reliability block diagram .............................................................................................................................. 47
Safety requirements for additional circuitry for SIL3/PL e ........................................................................ 48
Input - Sensor sub-system and monitoring ........................................................................................................ 49
N-Axis master - CAN interface ........................................................................................................................... 49
CAN interface ................................................................................................................................................... 50
Monitoring ........................................................................................................................................................ 50
Vehicle speed sensor – CAN interface ............................................................................................................ 50
CAN interface ................................................................................................................................................... 51
Monitoring ........................................................................................................................................................ 52
Man Machine Interface – CAN interface ........................................................................................................ 52
CAN interface ................................................................................................................................................... 53
Monitoring ........................................................................................................................................................ 54
BC321571012557en-000104 © Danfoss | Nov 2019 | 6
MultiAxis-Steer technical information
Contents
Wheel Angle Sensor (WAS) – Analog interface ............................................................................................ 54
Analogue interface ......................................................................................................................................... 55
Monitoring ........................................................................................................................................................ 55
Input range check ........................................................................................................................................... 55
WAS channel cross-check ............................................................................................................................. 56
Micro-controller cross-check of scaled wheel angle ............................................................................ 56
Out of calibration check ................................................................................................................................ 56
Wheel Angle Sensor (WAS) – CAN interface ................................................................................................. 56
CAN interface ................................................................................................................................................... 57
Monitoring ........................................................................................................................................................ 58
Input range check ........................................................................................................................................... 58
Micro-controller WAS channel cross-check ............................................................................................ 58
Out of calibration check ................................................................................................................................ 59
Output - Valve sub-system and monitoring ....................................................................................................... 59
Sensor 5V DC power supply............................................................................................................................... 59
EHi Cut-off valve .................................................................................................................................................... 59
Interface ............................................................................................................................................................. 60
Configuration for EHi-E valve sub-systems ............................................................................................. 60
Monitoring for EHi-E valve sub-systems .................................................................................................. 61
EHi-valve monitoring ........................................................................................................................................... 61
EH-valve main spool control principle ..................................................................................................... 61
EH-valve main spool monitoring –EHi-E valve sub-systems .............................................................. 61
Environmental control measures ........................................................................................................................... 63
PCB overheating shut-down ............................................................................................................................. 63
PCB average over-temperature warning ....................................................................................................... 63
DC power supply ................................................................................................................................................... 63
System set-up 65
Installation .................................................................................................................................................................... 65
PVED-CLS Connector interface ......................................................................................................................... 65
LED diagnostic ....................................................................................................................................................... 65
Calibration ..................................................................................................................................................................... 65
Straight heading calibration .............................................................................................................................. 65
System integration and testing .............................................................................................................................. 65
Vehicle Fault Insertion Testing .......................................................................................................................... 66
Safety validation testing ..................................................................................................................................... 66
Service part handling and repair instruction ...................................................................................................... 66
Safety validation steps after replacing a PVED-CLS with a service part ............................................... 66
Service Tool (detailed) ............................................................................................................................................... 67
Appendix 68
Component identification via CAN bus ............................................................................................................... 68
Valve assembly barcode label ........................................................................................................................... 68
Bootloader and application software identification .................................................................................. 68
PVED-CLS component identification and serial number .......................................................................... 69
PLUS+1 Service tool identification page ....................................................................................................... 69
J1939 request PGN for software ID and component ID ............................................................................ 69
EEPROM parameters .................................................................................................................................................. 70
EEPROM layout ...................................................................................................................................................... 70
Safety parameterization............................................................................................................................................ 71
Safety parameterization procedure ................................................................................................................ 71
Boot Data ....................................................................................................................................................................... 73
Sector CRC Sign Data ................................................................................................................................................. 74
Hydraulic Config .......................................................................................................................................................... 75
Valve Calibration Data ............................................................................................................................................... 78
CAN WAS Calibration Data ....................................................................................................................................... 78
Analog Sensor Calibration Data ............................................................................................................................. 79
Peripherals Config ...................................................................................................................................................... 79
N-Axis Protocol Data .................................................................................................................................................. 80
Internal Monitoring .................................................................................................................................................... 82
Production/Calibration Flag .................................................................................................................................... 84
Auto Calibration Config ............................................................................................................................................ 84
BC321571012557en-000104 © Danfoss | Nov 2019 | 7
MultiAxis-Steer technical information
Contents
N-Axis .............................................................................................................................................................................. 87
PLM metadata .............................................................................................................................................................. 90
OEM Data ....................................................................................................................................................................... 93
Signature CRC calculation ........................................................................................................................................ 95
Diagnostic Trouble Codes ........................................................................................................................................ 96
Error codes .............................................................................................................................................................. 96
FMI list..................................................................................................................................................................... 102
TROUBLESHOOTING – TYPICAL FAULTS ............................................................................................................ 103
BC321571012557en-000104 © Danfoss | Nov 2019 | 8
MultiAxis-Steer technical information
Introduction
Master axis
Slave axis 1
Slave axis 2
VA
Virtual Ax is
VAP
VAA
forward
Introduction
MultiAxis vehicle steering is adding steering functionality to have steering on one or more steering axis
than the master axis.
Throughout this document, and in referenced documentation, N-axis or NAXIS are used as
synonyms for MultiAxis steering mainly referencing one or more additional (n) “slave” axis.
Any possibly vehicle steering mode can be achieved with N-Axis steering by the N-Axis MMI command
CAN message, containing the Virtual Axis Position (VAP) and the Virtual Axis Angle (VAA). See Figure 1.
The data set, given by VAP and VAA, can result in steering modes such as:
• 2-wheel steering (normal)
• Round/4-wheel steering
• Crab steering
• Dog steering
• Customized steering modes
The steering modes can be altered dynamically and seamlessly by the operator during operation by
transmitting VAP and VAA data set which results in the requested steering mode.
BC321571012557en-000104 © Danfoss | Nov 2019 | 9
Figure 1 N-Axis steering variables VAP and VAA
The blue line is the Virtual Axis which can be shifted horizontally along the wheel base (VAP) and
angled relative to the wheel base (VAA). Shifting VAP to the physical slave axis position in a single slave
system will result in 2-wheel steering.
MultiAxis-Steer technical information
N-Axis system principal
Wheel an gle
sensor
N-axis s lave
PVE D
-CLS
EHi Valve
Man machine
int erfac e
CAN bus
Slave axis
Mas ter axi s
Road mode
swi tch
Steering wheel
OSP
Wheel an gle
sensor
N-axis m aster
(OEM )
Veh icle speed
ON/ OF F
Service tool
ON/ OF F
Veh icle speed
Wheel an gle
sensor
N-axis s lave
PVED-CLS &
EHi valve
Man machine
int erfac e
CAN bus
Slave axis
Mas ter axi s
Road mode
swi tch
Steering wheel
OSP (E)
Wheel an gle
sensor
N-axis m aster
PVED-CLS &
OSPE/EHi valve
SASA
Service tool
ON/ OF F
N-Axis system principal
A N-Axis slave steering sub-system may work with both a N-Axis master [hydrostatic] and N-Axis
master [electro hydraulic]. The below functions shall be performed by the system components outlined
in N-Axis system configurations.
N-Axis system configurations
N-Axis master [hydrostatic] steering system
In a N-Axis master, [hydrostatic] steering sub-systems, the master axis is actuated by a hydro-static
steering unit. All N-Axis master functions must be provided by the OEM controller working as N-Axis
master.
N-Axis master [electro hydraulic] steering system
In a N-Axis master [electro hydraulic] steering system, both the master and slave axis are electrohydraulic steering sub-systems e.g. by applying a PVED-CLS with an OSPE valve or a PVED-CLS with an
OSP and EHi inline valve enabling auto-guidance or other high level steering functionalities.
Refer to [PVED-CLS User manual ] for high-level electro-hydraulic steering master axis functionalites.
BC321571012557en-000104 © Danfoss | Nov 2019 | 10
MultiAxis-Steer technical information
N-Axis system principal
N-Axis master functions
N-Axis slave function
An N-Axis master performs the following functions:
• Actuate the master steering axis
• Measure the master axis wheel angle and transmit it onto the CAN bus
• Transmit N-Axis master status information onto the CAN bus to the N-Axis slave
N-Axis master functionality shall be realized in the target system by the OEM or by applying a PVEDCLS in ‘N-Axis master’ mode (planned software extension).
Refer to [PVED-CLS MultiAxis-Steer communication protocol].
An N-Axis slave performs the following functions:
• Actuate the slave axis
• Receive N-Axis Man Machine Interface (MMI) commands
• Measure the slave axis wheel angle
• Execute slave-to-master wheel angle alignment initialization
• Perform closed-loop steering control of the slave axis cylinder
• Inputs for closed-loop steering control are:
o Master axis wheel angle
o Virtual Axis Position (VAP) from MMI
o Virtual Axis Angle (VAA) from MMI
o Wheel angle limitations from other N-Axis slaves (n > 1)
o Vehicle speed data
• Execute N-Axis safety related control functions
• On-road operation mode
• Apply wheel angle limitation on demand
• Apply self-centering (graceful degradation)
• Transmit N-Axis slave network status CAN message
• Auto-calibration functionality
Man Machine Interface (MMI)
The MMI performs the following functions:
The MMI functionality shall be realized in the target system by the OEM.
Refer to [PVED-CLS MultiAxis-Steer communication protocol].
Vehicle speed sensor
The vehicle speed sensor sub-system performs the following function:
The vehicle sensor sub-system shall be shall be realized in the target system by the OEM.
Refer to [PVED-CLS MultiAxis-Steer communication protocol].
Wheel angle sensor
A wheel angle sensor shall acquire the wheel angle of the front and slave axis respectively.
The wheel angle sensor may:
The vehicle sensor sub-system shall be shall be realized in the target system by the OEM.
Refer to [PVED-CLS MultiAxis-Steer communication protocol] for CAN based wheel angle sensors.
• Cyclically transmission of the N-Axis MMI control message
• Control of the N-Axis steering mode set-point (VAP and VAA)
• Control of wheel angle limit on-demand
• Aqcusition and transmission of the vehicle propulsion speed onto the CAN bus
• Redundant analog 0-5V with crossed output characteristic
• CAN based
BC321571012557en-000104 © Danfoss | Nov 2019 | 11
MultiAxis-Steer technical information
N-Axis system principal
Road switch
The road switch performs the following functions in respect to slaves axis:
• Activate N-Axis slave steering
• De-activate N-Axis slave steering
More activation/de-activation options are possible:
Active de-energize (immediate)
Disable N-Axis slave steering for reaching a safe operation mode for public road usage.
PVED-CLS will remain powered and transmit status and sensor information on the CAN bus.
See [Road-switch de-power / de-energize architectures
ON/OFF switch interface - Active de-energize (immediate)] on page 41.
Active de-energize (automatic return to straight)
Disable N-Axis slave steering with auto-centering to straight and subsequent reaching a safe operation
mode for public road usage
PVED-CLS will remain powered and transmit status and sensor information on the CAN bus.
See [ON/OFF switch interface - Active de-energize (automatic return to straight)] on page 44.
Full electrical de-power/de-energize
Full electrically de-power/de-energize the N-Axis slave to assume a safe state. The PVED-CLS and valves
are not powered. No slave axis functionality is available.
See [ON/OFF switch interface - Full electrical de-power/de-energize] on page 45.
Zero-leakage de-power/de-energize architecture option
Applications which require lower rear axis drift while N-Axis is inactive or de-energized, require
additional zero-leakage check valves. See [Zero-leakage valve configuration (option)] on page 46.
Advise for system integrators
Important
For systems, where a road switch is required, it must be analysed if cylinder drift, while de-energzied, is
acceptable. If cylinder drift cannot be tolerated, additional check valves may be needed for zeroleakage performance.
Service tool
The service tool provides a mean to perform calibration and diagnostic during installation and
performs the following functions:
• The road switch is optional in N-Axis steering systems.
• The OEM system integrator shall take the decision on the need for a road switch based on the
hazard and risk analysis for the particular vehicle.
• Factors such as maximum vehicle speed, weights, vehicle use profiles may be part of the
considerations.
• The road switch may also operate on N-axis master [electro-hydraulic] steering systems.
• See [Safe state leakage performance] on page 20 for cylinder drift during de-activation.
The system integrator shall ensure that the PVED-CLS and valve sub-system are used in a
suitable mode while the vehicle is being used on public roads.
• Configure parameter settings
• Read out error codes
• Diagnostic
• Valve spool auto-calibration
• Wheel angle sensor calibration
• Perform manual calibrations
• Program multiple parameters
• Flash firmware
BC321571012557en-000104 © Danfoss | Nov 2019 | 12
MultiAxis-Steer technical information
N-Axis system principal
=
nAxis master network message
Message content:
Master axis wheel angle
Operation mode/Safe state
indica tion
MMI
Master axis c ontroller Slave #1 Slave #2 Slave #3
=
nAxis MMI message
Message content: Placement of
virtual axis positi on VAP, virtual axis
anlgel VAA and enable/dis able N-Axis
wheel angle li mit"
=
nAxis slave network message
Message conten t:
Limiting slave (ID and WA Right)
Limiting slave (ID and WA Left)
Safe state indication
=
nAxis operational status message
Message conten t:
N-axis operatio n status
Calibration status
Safe state indication
CAN message
Function description
N-Axis MMI
The MMI message contains the VAP and VAA which sets the vehicle steering mode.
Refer to [PVED-CLS MultiAxis-Steer communication protocol].
N-Axis master net work message
The N-Axis master message contains the master axis steering angle and the operation
Refer to [PVED-CLS MultiAxis-Steer communication protocol].
N-Axis slave network message
The N-Axis slave network message(s) contains the identifier of the slave which has
Refer to [PVED-CLS MultiAxis-Steer communication protocol].
N-Axis master/slave operation
Primary and redundant master and slave(s) operation status message [STAT_MSG_OP]
N-Axis operation status messages are for information only.
N-Axis CAN network
CAN message data flow
Four levels of CAN messages are flowing in an N-Axis steering system.
Figure 2 N-Axis CAN message network
N-Axis CAN messages
A pre-configured wheel angle limit can be enabled/disabled by the MMI which will take
priority over other wheel angle limitations in the N-Axis.
The N-Axis MMI message is only received by the N-Axis slaves (one or more).
NAXIS MMI PRIMARY MESSAGE [NAXIS_MMI_P]
NAXIS MMI REDUNDANT MESSAGE [NAXIS_MMI_R]
mode or safe state indication.
NAXIS MASTER PRIMARY MESSAGE [NAXIS_MASTER_P]
NAXIS MASTER REDUNDANT MESSAGE [NAXIS_MASTER_R]
reached its wheel angle limit (R/L) and the operation mode or safe state indication from
that particular N-Axis slave.
Any N-Axis can at some point reach a wheel angle restriction which limits the entire NAxis steering behavior i.e. not allowing further N-Axis steering to the direction which has
reached a limit.
A slave shall receive and forward the received wheel angle limit from a slave or transmit
its own limit if this is the tightest wheel angle limit.
Note that the N-Axis slave network messages are only sent when the number of N-Axis
slaves is > 1.
NAXIS WHEEL ANGLE LIMIT PRIMARY MESSAGE [NAXIS_MWA_LIMIT_P]
NAXIS WHEEL ANGLE LIMIT REDUNDANT MESSAGE [NAXIS_MWA_LIMIT_R]
BC321571012557en-000104 © Danfoss | Nov 2019 | 13
status message
Operational status message from the master and the slaves. Status message on N-Axis
steering mode, calibration status and safe sate indication.
MultiAxis-Steer technical information
N-Axis system principal
Pre
-operational
Power on
application start
Reset/soft
-reset
No error
|Wheel angle| <
NAXIS_PREOP_EXIT_WA_TOL_dDeg (P3910)
②
Initializat ion
POST
①
Condi tion 1: Vehicle speed <
[NAXIS_ONROAD_VSP_TRIG_MEAN_KMPH (P3908) - 0.5·NAXIS_ONROAD_VSP_T RIG_HYSTER_KMPH (P3907)]
OR
Condi tion 2: Road swit ch is present (P 3237=255) AND Road swit ch state is ‘N-axis act ive/ ON’
Operational
③
On-road stat e
④
On-road locked sta te
⑤
Condi tion 1: |wheel angle| ≤ NAXIS_ONROAD_MAX_WA_dDeg (P3909)
OR
Condi tion 2: NAXIS_ WHEELS_STRAIGHT _ROAD_SWITCH_TIMEOUT_10MS (P 3094)
Vehicle speed >
[NAXIS_ONROAD_VSP_TRIG_MEAN_KMPH (P3908) + 0.5·NAXIS_ONROAD_VSP_T RIG_HYSTER_KMPH (P3907)]
Ro ad swi tc h: N -axis ac tive /ON
Ro ad swi tc h: N -axis ina ct ive/OFF
Hig h-prio rity N-axis control
Road switch i s present (P3237=255)
AND
Road switch state is ‘N-axis in acti ve /OFF’
Power-on-self-tests are executed to ensure that the hardware, software and valves work to the
10 seconds after address claim, the application shall enter the safe state.
Prior to executing closed-loop slave axis position control in Operation state, the slave axis angles are
N-Axis operation
Operation state machine
Figure 3 N-axis operation state machine
States
State # Description
Initialization
POST
1
specifications.
If a fault is detected the PVED-CLS enters the safe state (fail state) and issue a DTC on the CAN bus.
After transmitting the address claim message, the application shall wait up to 10 seconds for N-Axis
slave input signals:
MMI messages, vehicle speed CAN messages, analogue WAS signals, CAN based WAS signals (if
configured), N-Axis master messages, N-Axis master wheel angle limit messages (when the number
of slave axis > 1) and road switch signals.
Monitoring is applied on each signal/message upon reception of the first valid signal or message.
After a fixed 10 seconds time-out period, the software assumes that all signal and messages are
Preoperational
BC321571012557en-000104 © Danfoss | Nov 2019 | 14
present and starts individual monitoring of these. Should one or more sensors fail to be ready within
2
aligned to the master axis steering angle for the current N-Axis steering mode set-point (VAP, VAA).
MultiAxis-Steer technical information
N-Axis system principal
State
#
Description
The alignment is performed by letting master axis steering motion work as a gate for closed-loop
parameter P3910. Hereafter the N-Axis resumes to operational state.
stable information status on displays etc.
On-road state is an intermediate state where the slave axis is controlled to its straight position. Once
The surrounding system shall take appropriate action in case the slave axis enters safe
position control of the N-Axis slave; the slave axis steering angle will not change position unless the
master axis is changing position similar to “inching” the slave axis to the correct position.
This operation is continued until the slave axis position is inside a tolerable range given by the
Operational 3 Active closed-loop control of the slave axis position.
The control parameters shall undergo tuning to achieve a controllable steering for any N-Axis
steering mode change.
The input for the closed-loop control algorithm is:
• Master axis wheel angle
• Virtual Axis Position (VAP) from MMI
• Virtual Axis Angle (VAA) from MMI
• Wheel angle limitations from other N-Axis slaves (n > 1)
• Vehicle speed data
The closed-loop control performance is configurable by the parameters listed in [Safe vehicle speed
dependent closed loop gain limitation].
Typically the closed-loop control of the slave axis is configured to approach a sole front axis steering
system (VAA=0 and VAP = slave axis position) proportionally to increasing vehicle speed.
The maximum vehicle speed where N-Axis operation shall revert to a sole front axis steering system
is set by parameter P3908. Exceeding this speed + 0.5·P3907 (half of the vehicle speed hysteresis
band) will result in a jump to on-road state.
The hysteresis band shall be configured to avoid state bouncing which may be useful for displaying
On-road
state
4
straight position is reached, the software automatically transits to ‘On-road locked state’ which is the
state suitable for higher vehicle speeds.
Two conditions trigger a transition to on-road state:
1) A transition from Operation state (described above)
2) Commanding ‘on-road’-mode by means of the manually operated road switch
(parameter P3237)
On-road state operation:
• Command straight position by forcing VAA is forced to 0 and VAP is forced to the slave
axis position (P3896).
• A timer (P3094) is started to open a time window in which the slave axis shall reach
straight position
Setting P3094 = 0 will, on switching to on-road mode, disable closed-loop slave axis operation and
result in an immediate transition to On-road locked state regardless of the slave axis position. No alarm
will be raised if the slave axis angle is not centered. This setting shall be used when the road switch
immediately cuts power to the cut-off solenoid valve and thus makes closed-loop control impossible.
Important The surrounding system shall observe the slave axis position and take appropriate action
in case the slave axis is not in a position which is suitable for operation at higher speeds.
Setting P3094 to a time (e.g. 5000ms) in which it can be expected that the slave axis has been steered
to the straight position, enables achieving automatic slave axis self-centering and transition to onroad locked state. If a road switch is present in the system (P3237=255), then cutting power to the cutoff solenoid valve shall be equally delayed e.g. by applying timed delay relays.
If timer P3094 (set to a non-zero value) times out and the slave axis is not inside a configured straight
range (P3909), then the N-Axis slave will enter safe state and issue a diagnostic trouble code.
Important
state.
Exit from on-road safe state:
• If the vehicle speed drops below P3908 – 0.5·P3907 (half of the vehicle speed hysteresis
band), the software will exit and resume N-Axis operation by jumping to Pre-operational.
• If the road switch is set to ‘N-Axis active/ON’
BC321571012557en-000104 © Danfoss | Nov 2019 | 15
MultiAxis-Steer technical information
N-Axis system principal
State
#
Description
• If the road switch is set to ‘N-Axis active/ON’
On-road
locked state
5 In on-road locked state, both the EH proportional valve and the cut-off valve are de-energized, to
block steering flows to the slave axis. The hardware is powered but N-Axis closed-loop control is
suspended. Internal and external monitoring of the electronics and interfacing signals is active.
Sensors are sampled and data is broadcast onto the CAN bus.
The slave axis cylinder position is not monitored and purely hydro-mechanically fixed in its position.
For leakage considerations, see Zero-leakage valve configuration (option) on page 46.
Exit from On-road locked state:
• If the vehicle speed drops below P3908 – 0.5·P3907 (half of the vehicle speed hysteresis
band), the software will exit and resume N-Axis operation by jumping to Pre-operational.
BC321571012557en-000104 © Danfoss | Nov 2019 | 16
MultiAxis-Steer technical information
N-Axis system principal
Pre-safe state enables the N-Axis system to fail gracefully.
Vehicle speed CAN message
Safe state is reached when the no flow is output to the slave axis steering cylinder.
spring force)
Co nidti on 1: |wheel angle|≤ NAXIS_ONROAD_MAX_WA_dDeg (P3909)
OR
Co nditi on 2: NAXIS_WHEELS_STRAIGHT_VSP_SAFESTATE_TIMEOUT_10MS (P3096)
Reset, soft-rese t, power-cycle
External failures
Pre-safe stat e
⑥
Safe st ate
⑦
Int erna l f ail ures
Co nidt ion 1: |wheel angle|≤ (P3909) On-R o ad t o O n -R oad -locked Max WA
OR
Co ndit ion 2: (P3096) Sl av e positi on with re spec t to mast er
Reset, soft-rese t, power
-cycle
External failures
Pre-safe stat e
⑥
Safe st ate
⑦
Int erna l f ail ures
Operation state machine – fault handling
States
State # Description
Pre-safe state 6
Safe state 7
On detecting any failure classified as ‘external’, the slave axis is steered to straight
whereafter the software jumps to safe state.
Operation in Pre-safe state:
• Command straight position by forcing VAA is forced to 0 and VAP is forced to
the slave axis position (P3896).
• A timer (P3096) is started to open a time window in which the slave axis shall
reach straight position.
If timer P3096 times out and the slave axis is not inside a configured straight range (P3909),
then the N-Axis slave will enter safe state.
Failures on the following signals are classified as external:
• N-Axis MMI CAN message
• N-Axis master network CAN message
• N-Axis slave network CAN message
•
The safe state is achieved by at least one of the below two actions:
• De-energizing the EH proportional valve (EH spool is pushed to neutral by a
spring force)
• De-energizing the cut-off valve (COV spool is pushed to closed position by a
BC321571012557en-000104 © Danfoss | Nov 2019 | 17
MultiAxis-Steer technical information
Functional safety
Functional safety
Certification (pending)
The PVED-CLS N-Axis steering valve controller is certified for use in off-road safety applications up SIL2
according to IEC 61508, PL d according to ISO 13849 and AgPL d according to ISO 25119.
Architectures for risk reduction up to SIL3/PL e/AgPL e is specified.
The certificate for the PVED-CLS valve controller can be found in the document PVED-CLS Functional
Safety Annex. The PVED-CLS Functional Safety Annex can be found on the Danfoss homepage:
www.danfoss.com
The certificate scope is for the generic PVED-CLS valve controller for use in safety-related applications
as follows; for off-road applications, safe electro-hydraulic steering is ensured by metering out a safe
steering flow as a function of selected steering mode, input steering command, vehicle speed and
steered wheel angle.
For on-road operation, functional safety is achieved by de-energizing the PVED-CLS valve controller.
Important
The certificate does not cover safe on-road system to SIL 3, PL e and AgPL e in its entirety as it requires
external circuitry, which is not in scope of the assessment.
The certification is not a guarantee for that the realized functional safety is sufficient for any machine.
The OEM system integrator is responsible for analyzing the hazard and risks for a particular machine
and evaluate if the risks are sufficiently reduced by the provided safety functions. The application of
the PVED-CLS and valve sub-system is subject for a separate safety life-cycle.
System integrator responsibility
Attention
It is within the responsibility of the OEM system integrator to:
• Having an organization that is responsible for functional safety of the system.
• Ensuring that only authorized and trained personnel perform functional safety related work.
• Choosing reliable components.
• Completing a system hazard & risk analysis and derive the required risk reduction targets.
• Reassessing the hazard & risk every time the system is changed.
• Ensuring that the derived risks are properly reduced by the safety functions provided by the
PVED-CLS valve controller.
• Certification and homologation of the entire system to the desired risk reduction level.
• Installation, set-up, safety assessment and validation of the interfacing sensor sub-systems.
• Parameter configuration of the application software in accordance with this safety manual.
• Validating that the safety functions reduce the risks as expected.
• Any related non-safety standards should be fulfilled for the application and its components.
• Verify the environmental robustness suitability of the PVED-CLS to installation in the final
system in its surrounding environment.
• Periodically inspect for errata information updates.
BC321571012557en-000104 © Danfoss | Nov 2019 | 18
MultiAxis-Steer technical information
Functional safety
System/Sensor interface
Road switch Relay circuitry
Master wheel angle
N-Axis slave wheel
Vehicle speed sensor SIL2, PL d, AgPL d
SIL3, PL e, AgPL e
Safety function/safety related control function
Safe on-road mode / active de-energization
• • x On-road mode (no road switch installed)
• • • • x Safe EH N-Axis steering
• • • • x Safe vehicle speed dependent virtual axis position (VAP) limit
Safe vehicle speed dependent virtual axis position (VAP) change
rate.
Safe vehicle speed dependent virtual axis angle (VAA) limit.
Safe vehicle speed dependent virtual axis angle (VAA) change
rate.
Safe vehicle speed dependent closed-loop control gain
limitation
Safe vehicle speed dependent wheel angle set-point limitation
Safe N-Axis steering angle initialization (pre-operational).
•
Element of safety function
x
Highest achievable risk reduction
Safety function overview
N-Axis MMI message
• • • • x
BC321571012557en-000104 © Danfoss | Nov 2019 | 19
MultiAxis-Steer technical information
Functional safety
Safety function
Fault reaction/risk
mitigation
Safety response time
Safe on-road mode / active de-energization
(immediate)
Functional safety specification
Safe state
N-Axis steering operation while in safe state
Safe state leakage performance
The safe state is achieved when no steering flow is provided to/from the steering cylinder and the NAxis slave cylinder is fixed at its position.
Achieving the safe state relies on a de-energize/fail safe princicple.
To reach the safe state, all safety controlled outputs, i.e. solid state power switches controlling the EHi
valve, are de-energized.
For the EHi valve, the safe state is achieved by one or both of the following states:
• The EH-valve main spool of the EH steering valve is in neutral position.
• Cut-off valve spool is in blocked position.
If the PVED-CLS hardware or software detects a failure or fails to function, the safe state will be
demanded. One or more diagnostic trouble codes related to the detected failure will be broadcast on
the CAN bus. Refer to [Diagnostic Trouble Codes] on page 96.
If an N-Axis steering system enters safe state, N-Axis angle(s) closed-loop control of all N-Axis stops,
and the respective N-Axis slave steering angles will freeze.
The operator will detect this as a different vehicle steering behavior when steering the vehicle. The
difference in perceived steering behavior will increase with the operators steering input command
change. This property shall be considered for ensuring vehicle steering controllability in N-Axis safe
state.
Important
The surrounding system shall take appropriate action if an N-Axis slave enters safe state e.g. raising the
attention at the operator by means of an acoustic and visual alarm.
In the safe state the cylinder is isolated and fixed in position. External forces on the steered wheels may
cause slow cylinder position drift due to hydraulic leakage.
The maximum leakage is 150ml/min at 150bar cylinder port pressure at ~21cSt (Tellus 32, 50°C).
In application where ~zero cylinder drift is required, additional pilot-operated check valves shall be
considered on the cylinder ports. See page 46.
Reset and recovery from safe state
Safety function response time
BC321571012557en-000104 © Danfoss | Nov 2019 | 20
The PVED-CLS cannot leave the safe state by normal application interaction but requires a reset.
Resetting the PVED-CLS valve controller from safe state can be done by any of the below methods:
• Power-cycling battery supply to the PVED-CLS
• Performing a soft-reset by J1939 CAN command [PVED-CLS MultiAxis-Steer communication
protocol].
• Perform a jump to and out of boot-loader via KWP2000 start and stop diagnostic session
services [PVED-CLS KWP2000 protocol].
All the above-mentioned methods to reset the PVED-CLS from safe state, will force a full Power-on-SelfTest (POST) of the PVED-CLS and valve.
The safety response time is defined as the period of time between a failure is first observed by the
diagnostics and the time by which the safe state has been achieved, e.g. de-energizing the solenoid
valves to bring the valve spool(s) within the hydraulic deadband (no steering flow output).
Safe on-road mode 70 ms
MultiAxis-Steer technical information
Functional safety
Safe EH-steering / N-Axis closed loop
Control loop time: 10ms
Monitoring
mitigation
Monitoring response time
EHi valve
Internal hardware and
software
Safe state
160 ms
External sensor monitoring
(note 1)
160 ms
Valve main spool monitoring
250 ms (note 2)
Solenoid valve connection
monitoring
560 ms
cylinder position control
The safety related control function ‘Safe EH-steering’ is executed every 10ms and executes safe closedloop cylinder position control.
The reaction time for the EHi valve spool to reach neutral position (safe state) from full stroke is
typically 60ms for normal working temperature/viscosity.
The ‘Safe on-road mode’ is demanded by the road switch and switches to safe on-road mode within a
10ms control loop period (react and switch off valve drivers) plus the time it takes for the valve spool to
close the steering flows (maximum spool stroke).
Monitoring function response time
The monitoring funciton response time is defined as the period of time between a failure is first
observed by the diagnostics and the time by which the safe state has been achieved, e.g. deenergizing the solenoid valves to bring the valve spool(s) within the hydraulic deadband (no steering
flow output).
The reaction time for the EHi valve spool to reach neutral position (safe state) from full stroke is
typically 60ms for normal working temperature/viscosity.
Safe state 160 ms
Fault reaction/risk
Note 1: Sensor CAN message time-outs are configurable which has a direct impact on the fault reaction
time.
Note 2: The spool monitoring fault reaction times are valid when the hydraulics has reached normal
working temperature/viscosity.
BC321571012557en-000104 © Danfoss | Nov 2019 | 21
MultiAxis-Steer technical information
Functional safety
PVED-CLS
Ext. Primary
sensor
Ext.
Redundant
sensor
EH-valve
Cut-off valve
Safety parameter
Specification
Description
SIL
2
characteristics.
PFH
5.77∙10-8 [1/h]
Component type
B
SFF
98 %
DC
97 %
Architecture /category (IEC 61508)
1oo2
Proof test interval/mission time
20 years
Reliability handbook
Siemens SN29500
Calculations are performed at an average
temperature equal to 80 °C
Fault exclusion
Mechanical valve
valve, cut-off spool)
block the EH steering flow to the cylinder.
OSPE EH-valve test
On-line testing
Direct monitoring by a LVDT sensor.
OSPE Cut-off valve test
Intermittent full
stroke test.
Indirect monitoring by test pilot pressure test. Test
road mode and
prior to executing off-road steering functionality.
AgPL/PL
d
Maximum achievable performance level
MTTFd per channel
36 years
ISO 13849, ISO 25119
DCavg per channel
97 % / (95 %)
ISO 13849 / (ISO 25119, lowest of the two channels)
PVED-CLS and valve sub-system
3
ISO 13849, ISO 25119
2
When using with EHPS valve. ISO 13849, ISO 25119
CCF analysis
>65
ISO 13849, ISO 25119
Software Requirement Level
SIL2 / SRL3
IEC 61508, ISO 13849 / ISO 25119
Systematic Capability (SC)
2
IEC 61508
N-Axis safe EH steering
Safe EH-steering / N-Axis closed loop cylinder position control
The safety functions of the N-Axis steering system is to provide :
• “Safe EH steering” (in general) and
• “Safe N-Axis on-road mode”
in multiple axis steering systems.
The probabilistic calculations are based on FMEDA calculations according to IEC 61508.
The calculations are valid for off-road application mode and related safety functions.
All safety functions and related hardware are included.
Sensor sub-systems as well as road switch are not included as it depends on the system.
The CAN bus contributes less than 1% of SIL2 due to the applied safety protocol and is thus omitted in
safety related calculations.
Category
Figure 4 Simplified reliability block diagram
IEC 61508 ed. 1
The FMEDA calculation assumes the use of
redundant analogue WAS with inverted
parts (EH-valve, EHmain spool, cut-off
On demanding the safe state, both valves do not
fail simultaneously. At least one valve will always
performed on changing to off-
Source: Danfoss PVED-CLS/OSPE/EHPS/EHi FMEDA.
BC321571012557en-000104 © Danfoss | Nov 2019 | 22
MultiAxis-Steer technical information
Functional safety
PVED-CLS
Road switch
EH-valve
Cut-off valve
External logic
Safety parameter
Specification
Description
SIL
2
interface.
PFH
6.08∙10-8 [1/h]
Component type
B
SFF
98 %
DC
97 %
Architecture /category (IEC
61508)
1oo2
Proof test interval/mission time
20 years
Reliability handbook
Siemens SN29500
Calculations are performed at an average temperature
equal to 80 °C
Fault exclusion
Mechanical valve
main spool,
off spool)
On demanding the safe state, both valves do not fail
test.
OSPE EH-valve test
On-line testing
Direct monitoring by a LVDT sensor.
OSPE Cut-off valve test
Intermittent full
stroke test.
Indirect monitoring by test pilot pressure test. Test
executing off-road steering functionality.
AgPL/PL
d
Maximum achievable performance level
MTTFd per channel
57 years
Optimized value for this Safety function.
ISO 13849, ISO 25119.
DCavg per channel
97 % / (95 %)
ISO 13849 / (ISO 25119, lowest of the two channels)
PVED-CLS and valve sub-system
3
When using with OSPE, EHi-E or EHi-H valve. ISO 13849,
ISO 25119
2
When using with EHPS valve. ISO 13849, ISO 25119
CCF analysis
>65
ISO 13849, ISO 25119
Software Requirement Level
SIL2 / SRL3
IEC 61508, ISO 13849 / ISO 25119
Systematic Capability (SC)
2
IEC 61508
Safe N-Axis on-road mode / N-Axis active de-energize (shut-off)
Additional circuitry is needed for systems where the hazard & risk outcome points to a higher risk
reduction (avoiding unintended steering) than the PVED-CLS can provide. External logic shall be
installed to have the PVED-CLS powered while being in a de-energized state.
The probabilistic calculations are based on FMEDA calculations according to IEC 61508.
Non-relevant safety parts in the PVED-CLS are excluded in the calculation of the safety related
specifications.
Figure 5 Simplified reliability block diagram
The below data is valid for the safe on-road switch channel containing the PVED-CLS and solenoid
valve bridge. For specification on the electro-mechanical channel see section Safety requirements for
additional circuitry for SIL3/PL e on page 48.
IEC 61508 ed. 1
The FMEDA calculation assumes the use of redundant
analogue WAS with inverted characteristics.
All circuitry including circuitry for diagnostics is
included except LED, temperature sensor and JTAG
parts (EH-valve,
EHcut-off valve, cut-
simultaneously. At least one valve will always block the
EH steering flow to the cylinder. Fault accumulation is
addressed by OSPE EH-valve and OSPE Cut-off valve
performed on changing to off-road mode and prior to
Category
Source: Danfoss PVED-CLS/OSPE/EHPS/EHi FMEDA.
BC321571012557en-000104 © Danfoss | Nov 2019 | 23
MultiAxis-Steer technical information
Functional safety
VAP
VAA
M MI CAN
monitoring
WAS CAN
monitoring
WAS Analog
monitoring
Safe v ehic l e speed
d epend ent
VA P
limit
Safe v ehic l e speed
d epe nd ent V A P
cha nge ra te limit
Safe v ehic l e speed
d epend ent
VAA
limit
Safe v ehic l e speed
d epe nd ent V A A
cha nge ra te limit
Whe el angle limit on demand (on/off)
N-axi s sl av e
WA s et
p oint
cal cula tio n
Safe v ehic l e
spe ed
d epend ent
whe el a n gle s et -
point limitation
Safe v ehic l e speed
d epe nd ent c l os ed -l oop
control gain limitation
Cali bration
+
-
∫
G
Cali bration
Veh ic le s pe ed
C AN m on i to ri n g
WAS_P
WAS_R
AD1
AD2
M MI_ P
M MI_ R
VS P_P
VS P_R
P323 9
Fro nt ax i s whee l angl e
P3923
Ca lcu la t e fl ow
com man d
Fl ow
com man d to
spool set-
p oi nt tra nsfe r
fu nct ion
Ca lcu la t e l im it ed
fl ow c o mma nd as
function of fr ont axis
steer in g s p eed
PRE _OPE RATI O NAL/
N-AXIS OPERATIONAL
SVC
N-axis master
C AN m on i to ri n g
MAS TER_P
MAS TER_R
N-axi s s lave
C AN m on i to ri n g
MWA_LIMIT_P
MWA_LIMIT_R
N
-ax i s netw ork – whe el an gle lim itat ion fro m ot he r sl aves
Ext ern al
i nte rfac e
N-Axis safety related control functions
Figure 6 N-Axis EH safe steering block diagram
Blue blocks ( ) provide a link to the related chapter
Safe vehicle speed dependent Virtual Axis Position (VAP) limit
Realizing a safe MMI interface
Operation
BC321571012557en-000104 © Danfoss | Nov 2019 | 24
The safety related control function ‘Safe vehicle speed dependent Virtual Axis Position limit’ is an
instance of the safety functions for realizing a safe N-Axis MMI interface and work in a coordinated
fashion with
• [Safe vehicle speed dependent Virtual Axis Position (VAP) change rate],
• [Safe vehicle speed dependent Virtual Axis Angle (VAA) limit] and
• [Safe vehicle speed dependent Virtual Axis Angle (VAA) change rate].
A correctly configured safe MMI interface will allow any random VAP and VAA input value and change
rate while maintaining controllable N-Axis operation. No unintended change will lead to loss of
steering controllability.
The N-axis MMI interface can in such a case be regarded as non-critical for safe N-Axis operation.
The received VAP set-point is limited in accordance with a programmable safe VAP range envelope.
This may be useful in advanced N-Axis steering modes where VAP can be changed dynamically during
N-Axis operation and where there is no expectation to the VAP set-point. In such cases, a safe VAP
envelope can be configured.
The safe VAP range is configurable as a three-piece linear characteristic as shown in Figure 8. The
software performs linear interpolation to calculate the limited VAP set-point which is used by the NAxis control algorithm.
MultiAxis-Steer technical information
Functional safety
Mast er a xis
Slave axis
P3896 [ mm]
P3898 [ mm]
(+P3864 [mm], 0 [kmph])
(-P3864 [m m], 0 [kmph])
(+P3866 [mm], P3870 [kmph])
(-P3866 [m m], P3870 [kmph])
(-P3868 [m m], P3871 [kmph])
(+P3868 [mm], P3871 [kmph])
N-Axis Virtual Axis Po sition Clamp
Vehicle Speed
P3864
P3870
P3866
P3868
P3871
0
1
2
Address
Name
Unit
Description of parameter
Clamp the Virtual Axis Position at vehicle
value (P3864)
Clamp the Virtual Axis Position at vehicle
value (P3866)
Clamp the Virtual Axis Position at vehicle
value (P3868)
Parameters
The received VAP is limited to the range defined by the envelope shown in Figure 8.
P3864
Figure 7 Safe vehicle speed dependent Virtual Axis Position (VAP) limit operation
Figure 8 Safe vehicle speed dependent VAP range envelope
N-Axis - Virtual axis position clamp at
vehicle speed 0
speed 0 to the range defined by N-Axis
mm
center postion (P3898) +/- this
BC321571012557en-000104 © Danfoss | Nov 2019 | 25
P3866
P3868
N-Axis - Virtual axis position clamp at
vehicle speed 1
N-Axis - Virtual axis position clamp at
vehicle speed 2
speed 1 to the range defined by N-Axis
mm
center postion (P3898) +/- this
speed 2 to the range defined by N-Axis
mm
center postion (P3898) +/- this
MultiAxis-Steer technical information
Functional safety
N-Axis - Vehicle speed 1 for virtual
axis position clamp
Vehicle speed 1 for Virtual Axis Position
clamp
N-Axis - Vehicle speed 2 for virtual
axis position clamp
Vehicle speed 2 for Virtual Axis Position
clamp
Slave position with respect to the
master
Virtual axis mean position with
respect to the master
Virtual axis mean position with resoect to
the master
P3870
P3871
P3896
P3898
Note: The PVED-CLS performs a plausibility check at start-up on all parameters according to the
following rule: P3864 ≥ P3866 ≥ P3868 AND P3870 < P3871
Parameter tuning guideline
Scenario 1: Advanced N-Axis steering - dynamic changing VAP during operation
The ‘VAP clamp at vehicle speed 0 kmph’ -range (P3864) is typically set to the maximum possible VAP
set-point for the vehicle. This value is often determined by the vehicle geometry and the desired
maximum turning radius in N-Axis steering mode at low speeds.
At higher vehicle speeds, it may be desired to change the N-Axis steering to a mode which provides
better steering stability and controllability at higher speeds. This may be achieved by moving the
virtual axis position towards the defined NAXIS_VA_MEAN_POSITION_MM (P3898) as the vehicle speed
increases.
The ‘Virtual Axis Position clamp at vehicle speed VSP1 and VSP2’-ranges (P3866, P3868) shall
progressively made smaller. The resulting VAP set-points are expected to follow this trend.
Setting the ‘Virtual Axis Position clamp at vehicle speed VSP2’-range (P3868) to 0 will clamp any non-0
VAP set-point at vehicle speed = VSP2 (P3871) to 0. Consequently, the clamped VAP set-point will be
equal to the NAXIS_VA_MEAN_POSITION_MM (P3898). If in addition to this the
NAXIS_VA_MEAN_POSITION_MM is identical to the physical slave position the steering behavior will
resemble a traditional two-wheel steering system.
Tests shall be performed to validate the safety of the settings.
Scenario 2 Advanced N-Axis steering – static VAP during operation
For N-Axis steering systems where only one N-Axis steering behavior, e.g. round-steering, is desired,
the MMI may send a static VAP.
If the static VAP is safe at all vehicle speeds, then P3864, P3866, P3868 can be set equal to the expected
static VAP set-point and P3870 and P3871 can be set to the maximum allowed vehicle speed in N-Axis
mode.
If the safety validation tests indicate that N-Axis steering is not safe at all vehicle speeds, then adjust
P3864, P3866, P3868 until steering controllability is reached at all vehicle speeds.
Operation when number of slaves > 1
P3864, P3866, P3868, P3780, P3871 and P3898 shall be set to the same value in all N-Axis slaves.
kmph
kmph
mm Slave Position with respect to the master
mm
BC321571012557en-000104 © Danfoss | Nov 2019 | 26
MultiAxis-Steer technical information
Functional safety
Master axis
Slave axis
(P3 87 2 [ mm/ s], 0 [ kmph ]
(P3 87 6 [ mm/ s], P38 79 [kmp h]
t= 0
(P3 87 4 [ mm/ s], P38 78 [kmp h]
VA P ②
VA P ①
VAP se t-poi nt
VAP s et-p oi nt ch ang e ste p fro m ①→ ②
Safe vehicle speed dependent Virtual Axis Position (VAP) change rate
With the VAP change rate it is possible to set up a relaxed system at high vehicle speed so that any
change from the operator will be accepted but will happen at a slow rate moving the Virtual Axis
position from one point to another more relaxed.
Realizing a safe MMI interface
The safety related control function ‘Safe vehicle speed dependent Virtual Axis Position change rate’ is
an instance of the safety functions for realizing a safe N-Axis MMI interface and works in a coordinated
fashion with:
• [Safe vehicle speed dependent Virtual Axis Position (VAP) limit]
• [Safe vehicle speed dependent Virtual Axis Angle (VAA) limit]
• [Safe vehicle speed dependent Virtual Axis Angle (VAA) change rate]
A correctly configured safe MMI interface will allow any random VAP change rate while maintaining a
stable and controllable N-Axis operation.
The N-Axis MMI interface can in such case be regarded as non-critical for safe N-Axis operation after
safety validation testing.
Operation
The safety related control function ‘Safe vehicle speed dependent Virtual Axis Position (VAP) change
rate’ operates on the output of safety related control function [Safe vehicle speed dependent Virtual
Axis Position (VAP) limit]. See also [
A VAP set-point change is limited in accordance with a programmable ‘safe VAP change rate’ -range
shown in [
Figure 10 Safe vehicle speed dependent VAP change range envelop]. This may be useful for advanced N-
Axis steering modes where the VAP set-point can be changed dynamically during N-Axis operation. In
such cases, a safe VAP change rate range can be configured while allowing some freedom to the
generation of the VAP set-point.
The safe VAP change rate range is configurable as a three-piece linear characteristic. The software
performs linear interpolation to calculate the limited VAP set-point change rate limit at any vehicle
speed.
Figure 6 N-Axis EH safe steering block diagram].
BC321571012557en-000104 © Danfoss | Nov 2019 | 27
Figure 9 Safe vehicle speed dependent Virtual Axis Position (VAP) change rate operation
MultiAxis-Steer technical information
Functional safety
N-Axis Virtual Axis Po sition change rate [mm/s]
Vehicle Speed
P3872
P3878
P3874
P3876
P3879
0
1
2
Address
Name
Unit
Description of parameter
P3872
N-Axis - Virtual axis position ramp at vehicle speed 0
mm/s
Virtual Axis Position ramp at Vehicle speed 0.
P3874
N-Axis - Virtual axis position ramp at vehicle speed 1
mm/s
Virtual Axis Position ramp at Vehicle speed 1
P3876
N-Axis - Virtual axis position ramp at vehicle speed 2
mm/s
Virtual Axis Position ramp at Vehicle speed 2
P3878
N-Axis - Vehicle speed 1 for virtual axis position ramp
kmph
Vehicle speed 1 for Virtual Axis Position ramp
P3879
N-Axis - Vehicle speed 2 for virtual axis position ramp
kmph
Vehicle speed 2 for Virtual Axis Position ramp
Parameter
Parameter tuning guideline
Figure 10 Safe vehicle speed dependent VAP change range envelop
Note: The PVED-CLS performs a plausibility check at start-up on all parameters according to the
following rule: P3872 ≥ P3874 ≥ P3876 AND P3878 < P3879
Scenario 1: Dynamically changing VAP during operation
Changing the VAP will alter the vehicle steering mode. A VAP change is typically easier to control at
lower speeds than at higher vehicle speeds. The below tuning guideline may serve as a starting point
for system integrators.
Refer to Figure 10 Safe vehicle speed dependent VAP change range envelop:
1. Adjust point ⓪: The possible range at which the VAP can change is given by ±P3864 (refer to
[Safe vehicle speed dependent Virtual Axis Position (VAP) limit]). Observe, while toggling the VAP
set-point between the outer range values ±P3864, that that the steering mode changes at a
controllable speed for all front axis steering angles. Tune P3872 as high as possible while achieving
the desired steering mode change response when the vehicle is at still-stand.
2. Adjust point ②: As a starting point, set P3876 to e.g. 100 (10mm/s) and set P3879 to the
maximum vehicle speed at which N-axis operation is allowed. The possible range of VAP set-points
are limited (refer to [Safe vehicle speed dependent Virtual Axis Position (VAP) limit]). Observe,
while toggling the VAP set-point between the maximum possible limited values, that that the
steering mode changes at controllable speed for all front axis steering angles. Tune P3876 as high
as possible while achieving the desired controllable steering mode change response while driving
at P3879 kmph.
3. Adjust point ①: As a starting point, set P3878 to 0.5 x P3879 and set P3874 to 0.5 x P3872. The
possible range of VAP set-points are limited by [Safe vehicle speed dependent Virtual Axis Position
(VAP) limit)]. Observe, while toggling the VAP set-point between the maximum possible limited
values, that that the steering mode changes at a controllable speed for all front axis steering
angles. Tune P3874 as low as possible while achieving the desired controllable steering mode
change response while driving at P3878 kmph.
BC321571012557en-000104 © Danfoss | Nov 2019 | 28
MultiAxis-Steer technical information
Functional safety
Scenario 2: Fixed VAP during operation
For N-axis steering systems where a constant VAP set-point is applied during operation, the MMI shall
transmit a fixed VAP set-point. Limiting the rate of change for this VAP is only relevant to control an
unintended VAP change. Set P3872, P3874 and P3876 to e.g. 100 [mm/s] to achieve a slow changing
steering system in the event of receiving an unintended VAP set-point.
P3878 and P3879 are not relevant and shall be set to valid values.
Scenario 3: Disable VAP change rate limiting
VAP change rate limitation can be disabled by setting P3872, P3874 and P3876 to 10000.
P3878 and P3879 are not relevant and shall be set to valid values. Any limited VAP set-point change
will take immediate effect.
Operation when number of slaves > 1
P3872, P3874, P3876, P3878, P3879 shall be set to the same value in all N-Axis slaves.
Important
• P3872, P3874, P3876 shall be set to values > 0. VAP rate change limitation will not work when
0 is used.
• The parameter tuning guideline may not apply to all steering systems.
BC321571012557en-000104 © Danfoss | Nov 2019 | 29
MultiAxis-Steer technical information
Functional safety
Maste r axis
Virtual
Axis Angle
Slave axis
(+P 3880 [dDeg], 0 [km ph])
(-P38 82 [d Deg], P 3886 [kmph])
(-P38 84 [d Deg], P 3887 [kmph])
(-P38 80 [d Deg], 0 [km ph])
(+P38 82 [dD eg], P38 86 [kmph])
(+P38 84 [dD eg], P38
87 [kmph])
Virtual Axis Position
Safe vehicle speed dependent Virtual Axis Angle (VAA) limit
Realizing a safe MMI interface
The safety related control function ‘Safe vehicle speed dependent Virtual Axis Angle limit’ is an
instance of the safety functions for realizing a safe N-Axis MMI interface and work in a coordinated
fashion with
• [Safe vehicle speed dependent Virtual Axis Position (VAP) limit],
• [Safe vehicle speed dependent Virtual Axis Position (VAP) change rate],
• [Safe vehicle speed dependent Virtual Axis Angle (VAA) change rate].
A correctly configured safe MMI interface will allow any random VAP and VAA input value and change
rate while maintaining controllable N-Axis operation. No unintended change will lead to loss of
steering controllability.
The N-axis MMI interface can in such a case be regarded as non-critical for safe N-Axis operation.
Operation
The received VAA set-point is limited in accordance with a programmable safe VAA range envelope.
This may be useful in advanced N-Axis steering modes where VAA can be changed dynamically during
N-Axis operation and where there is no expectation to the VAA set-point. In such cases, a safe VAA
envelope can be configured.
The safe VAA range is configurable as a three-piece linear characteristic. The software performs linear
interpolation to calculate the limited VAA set-point which is used by the N-Axis control algorithm.
BC321571012557en-000104 © Danfoss | Nov 2019 | 30
Figure 11 Safe vehicle speed dependent Virtual Axis Angle (VAA) limit operation
Loading...