January 12th, 2020

The Tesla Autonomy Day left me a little bit perplexed.

Here Elon says:

"The general principle here is that any part of this could fail and the car will keep driving. So you could have cameras fail, you could have power circuits fail, you could have one of the Tesla FSD computer chips fail and car keeps driving. The probability of this computer failing is substantially lower than someone losing consciousness. That's the key metric. At least my an order of magnitude."

And then Pete Bannon follows up with:

"Both chips receive all of the video and process it independently. In terms of driving the car, the basic sequence is collect lots of information from the world around you. Not only do we have cameras, we have RADAR, GPS, Maps, the IMUs, ultrasonic sensors around the car, we have wheel ticks, steering angle, we know what the acceleration and deceleration of the car is supposed to be. All of that gets integrated together to form a plan. Once we have a plan, the two machines exchange their independent version of the plan to make sure it's the same and assuming that we agree, we then act and drive the car."

If you didn't catch the contradiction which I highlighted allow me to explain.

The question is, what happens if an FSD chip fails? If this chip fails, then it would no longer be capable of providing "a plan" to be compared with the other FSD chip. And if the FSD chips don't agree, then what?

Pete Bannon only explains what happens if they agree. He doesn't specifically state what occurs if they don't agree, but having driven the Model 3, I would expect that the outcome is that the car tells the human to take over.

But if the car tells the human to take over, then Elon is wrong when he says that one of the FSD chips can fail and the car will keep driving.

One method which could explain how they are both right would be to have an exception layer which detects system failure and switches the algorithm from forcing agreement to full dependency on the redundant system.

I am not certain that they did this, and if the chips behave as they claim, it would be quite difficult to detect this failure within the timeline of processing a single one of the 2300 fps. It would seemingly require that the failure detection system be in the hardware level which they didn't mention and pre-process frame inputs.

So, in conclusion, I am not entirely sure how they can meet both claims. But I will give Tesla the benefit of the doubt because they have solved way more difficult problems than this (one if statement) solution.

Posted In:

Software Developer always striving to be better. Learn from others' mistakes, learn by doing, fail fast, maximize productivity, and really think hard about good defaults. Computer developers have the power to add an entire infinite dimension with a single Int (or maybe BigInt). The least we can do with that power is be creative.