Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

safety: add longitudinal pre-enable state for brake at a standstill #1123

Open
wants to merge 37 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
37 commits
Select commit Hold shift + click to select a range
95a5148
disallow longitudinal at a stop with brake held
sshane Oct 28, 2022
8563b63
comment
sshane Oct 28, 2022
b4b89dc
Merge remote-tracking branch 'upstream/master' into brake-preenable
sshane Nov 29, 2022
f66a28f
stash what we got so far
sshane Nov 29, 2022
a905664
so far
sshane Nov 29, 2022
c1df489
Merge remote-tracking branch 'upstream/master' into brake-preenable
sshane Nov 30, 2022
85235a7
stash
sshane Dec 1, 2022
1bc58d6
Merge remote-tracking branch 'upstream/master' into brake-preenable
sshane Dec 1, 2022
a0d1286
clean up
sshane Dec 1, 2022
5daf884
Merge remote-tracking branch 'upstream/master' into brake-preenable
sshane Dec 3, 2022
fc5c43f
lateral allowed
sshane Dec 3, 2022
7824cb0
Merge remote-tracking branch 'upstream/master' into brake-preenable
sshane Dec 15, 2022
7afb897
Merge remote-tracking branch 'upstream/master' into brake-preenable
sshane Oct 4, 2023
42c0c27
don't change lat
sshane Oct 4, 2023
e689d51
rename
sshane Oct 4, 2023
97f403c
this should work
sshane Oct 4, 2023
813750e
draft
sshane Oct 4, 2023
3c22fdb
need to do this for tesla to know where 0 accel point is
sshane Oct 4, 2023
8065c64
this is cleaner
sshane Oct 4, 2023
65aa62b
oh wait it does
sshane Oct 4, 2023
b5eaf9f
use _generic_limit_safety_check in ford
sshane Oct 4, 2023
a880f46
tests
sshane Oct 4, 2023
2e0e7a9
Revert "use _generic_limit_safety_check in ford"
sshane Oct 4, 2023
4fe2baa
all good
sshane Oct 4, 2023
60d5052
ford
sshane Oct 4, 2023
4c59318
messy
sshane Oct 4, 2023
c48473d
clean up
sshane Oct 4, 2023
40dcb1b
Merge remote-tracking branch 'upstream/master' into brake-preenable
sshane Nov 11, 2023
1c1c6c1
cando this, but this seems more confusing now
sshane Nov 11, 2023
423fe3e
or...
sshane Nov 11, 2023
55681c1
better
sshane Nov 11, 2023
57122bb
comments
sshane Nov 11, 2023
024663a
winning
sshane Nov 11, 2023
26a45ca
remove get_decel_allowed
sshane Nov 11, 2023
7ce2100
space up here
sshane Nov 11, 2023
2965bca
overkill
sshane Nov 11, 2023
31955d8
tests
sshane Nov 11, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Merge remote-tracking branch 'upstream/master' into brake-preenable
  • Loading branch information
sshane committed Nov 30, 2022
commit c1df489ff4ac67a9122436166f404f0e2194593c
38 changes: 7 additions & 31 deletions board/safety/safety_gm.h
Original file line number Diff line number Diff line change
Expand Up @@ -9,21 +9,6 @@ const SteeringLimits GM_STEERING_LIMITS = {
.type = TorqueDriverLimited,
};

const int GM_MAX_STEER = 300;
const int GM_MAX_RT_DELTA = 128; // max delta torque allowed for real time checks
const uint32_t GM_RT_INTERVAL = 250000; // 250ms between real time checks
const int GM_MAX_RATE_UP = 7;
const int GM_MAX_RATE_DOWN = 17;
const int GM_DRIVER_TORQUE_ALLOWANCE = 50;
const int GM_DRIVER_TORQUE_FACTOR = 4;

//typedef struct {
// const int max_gas;
// const int max_regen;
// const int inactive_regen;
// const int max_brake;
//} GmLongLimits;

const LongitudinalLimits GM_ASCM_LONG_LIMITS = {
.max_gas = 3072,
.min_gas = 1404,
Expand Down Expand Up @@ -200,22 +185,13 @@ static int gm_tx_hook(CANPacket_t *to_send, bool longitudinal_allowed, bool gas_
if (addr == 715) {
bool apply = GET_BIT(to_send, 0U) != 0U;
int gas_regen = ((GET_BYTE(to_send, 2) & 0x7FU) << 5) + ((GET_BYTE(to_send, 3) & 0xF8U) >> 3);
// Disabled message is !engaged with gas
// value that corresponds to inactive regen.
if (!gas_allowed) {
if (gas_regen != gm_long_limits->inactive_regen) {
tx = 0;
}
}
// Need to allow apply bit in pre-enabled and overriding states
if (!controls_allowed) {
bool apply = GET_BIT(to_send, 0U) != 0U;
if (apply) {
tx = 0;
}
}
// Enforce gas/regen actuation limits (max_regen <= gas_regen <= max_gas)
if ((gas_regen < gm_long_limits->max_regen) || (gas_regen > gm_long_limits->max_gas)) {

bool violation = false;
// Allow apply bit in pre-enabled and overriding states
violation |= !controls_allowed && apply;
violation |= longitudinal_gas_checks(gas_regen, *gm_long_limits, longitudinal_allowed);

if (violation) {
tx = 0;
}
}
Expand Down
22 changes: 7 additions & 15 deletions board/safety/safety_honda.h
Original file line number Diff line number Diff line change
Expand Up @@ -300,24 +300,16 @@ static int honda_tx_hook(CANPacket_t *to_send, bool longitudinal_allowed, bool g

// BRAKE/GAS: safety check (bosch)
if ((addr == 0x1DF) && (bus == bus_pt)) {
int accel = (GET_BYTE(to_send, 3) << 3) | ((GET_BYTE(to_send, 4) >> 5) & 0x7U); // used for brakes
if (!longitudinal_allowed) {
if (accel != 0) {
tx = 0;
}
}
if (accel < HONDA_BOSCH_ACCEL_MIN) {
tx = 0;
}
int accel = (GET_BYTE(to_send, 3) << 3) | ((GET_BYTE(to_send, 4) >> 5) & 0x7U);
accel = to_signed(accel, 11);

int gas = (GET_BYTE(to_send, 0) << 8) | GET_BYTE(to_send, 1);
gas = to_signed(gas, 16);
if (!gas_allowed) {
if (gas != HONDA_BOSCH_NO_GAS_VALUE) {
tx = 0;
}
}
if (gas > HONDA_BOSCH_GAS_MAX) {

bool violation = false;
violation |= longitudinal_accel_checks(accel, HONDA_BOSCH_LONG_LIMITS, longitudinal_allowed);
violation |= longitudinal_gas_checks(gas, HONDA_BOSCH_LONG_LIMITS, longitudinal_allowed);
if (violation) {
tx = 0;
}
}
Expand Down
17 changes: 1 addition & 16 deletions board/safety/safety_hyundai.h
Original file line number Diff line number Diff line change
Expand Up @@ -259,22 +259,7 @@ static int hyundai_tx_hook(CANPacket_t *to_send, bool longitudinal_allowed, bool
int aeb_decel_cmd = GET_BYTE(to_send, 2);
int aeb_req = GET_BIT(to_send, 54U);

bool violation = 0;

if (!longitudinal_allowed) {
if ((desired_accel_raw != 0) || (desired_accel_val != 0)) {
violation = 1;
}
}

if (!gas_allowed) {
if ((desired_accel_raw <= 0) || (desired_accel_val <= 0)) {
violation = 1;
}
}

violation |= max_limit_check(desired_accel_raw, HYUNDAI_MAX_ACCEL, HYUNDAI_MIN_ACCEL);
violation |= max_limit_check(desired_accel_val, HYUNDAI_MAX_ACCEL, HYUNDAI_MIN_ACCEL);
bool violation = false;

violation |= longitudinal_accel_checks(desired_accel_raw, HYUNDAI_LONG_LIMITS, longitudinal_allowed);
violation |= longitudinal_accel_checks(desired_accel_val, HYUNDAI_LONG_LIMITS, longitudinal_allowed);
Expand Down
26 changes: 4 additions & 22 deletions board/safety/safety_toyota.h
Original file line number Diff line number Diff line change
Expand Up @@ -16,14 +16,11 @@ const SteeringLimits TOYOTA_STEERING_LIMITS = {
};

// longitudinal limits
const int TOYOTA_MAX_ACCEL = 2000; // 2.0 m/s2
const int TOYOTA_MIN_ACCEL = -3500; // -3.5 m/s2
const LongitudinalLimits TOYOTA_LONG_LIMITS = {
.max_accel = 2000, // 2.0 m/s2
.min_accel = -2000, // -3.5 m/s2
.min_accel = -3500, // -3.5 m/s2
};


// panda interceptor threshold needs to be equivalent to openpilot threshold to avoid controls mismatches
// If thresholds are mismatched then it is possible for panda to see the gas fall and rise while openpilot is in the pre-enabled state
// Threshold calculated from DBC gains: round((((15 + 75.555) / 0.159375) + ((15 + 151.111) / 0.159375)) / 2) = 805
Expand Down Expand Up @@ -161,25 +158,10 @@ static int toyota_tx_hook(CANPacket_t *to_send, bool longitudinal_allowed, bool
if (addr == 0x343) {
int desired_accel = (GET_BYTE(to_send, 0) << 8) | GET_BYTE(to_send, 1);
desired_accel = to_signed(desired_accel, 16);
bool violation = false;

if (!longitudinal_allowed) {
if (desired_accel != 0) {
violation = true;
}
}

if (!gas_allowed) {
if (desired_accel > 0) {
violation = true;
}
}

if (!longitudinal_allowed || toyota_stock_longitudinal) {
if (desired_accel != 0) {
tx = 0;
}
}
bool violation = false;
violation |= longitudinal_accel_checks(desired_accel, TOYOTA_LONG_LIMITS, longitudinal_allowed);
violation |= longitudinal_accel_checks(desired_accel, TOYOTA_LONG_LIMITS, !toyota_stock_longitudinal);

// only ACC messages that cancel are allowed when openpilot is not controlling longitudinal
if (toyota_stock_longitudinal) {
Expand Down
5 changes: 1 addition & 4 deletions board/safety/safety_volkswagen_mqb.h
Original file line number Diff line number Diff line change
Expand Up @@ -202,10 +202,7 @@ static int volkswagen_mqb_rx_hook(CANPacket_t *to_push) {
return valid;
}

static int volkswagen_mqb_tx_hook(CANPacket_t *to_send, bool longitudinal_allowed, bool gas_allowed) {
UNUSED(longitudinal_allowed);
UNUSED(gas_allowed);

static int volkswagen_mqb_tx_hook(CANPacket_t *to_send, bool longitudinal_allowed) {
int addr = GET_ADDR(to_send);
int tx = 1;

Expand Down
8 changes: 5 additions & 3 deletions board/safety_declarations.h
Original file line number Diff line number Diff line change
Expand Up @@ -58,11 +58,13 @@ typedef struct {
// acceleration cmd limits
const int max_accel;
const int min_accel;
const int inactive_accel;

// gas/regen & brake cmd limits
// gas & brake cmd limits
// inactive and min gas are 0 on most safety modes
const int max_gas;
const int max_regen;
const int inactive_regen;
const int min_gas;
const int inactive_gas;
const int max_brake;
} LongitudinalLimits;

Expand Down
You are viewing a condensed version of this merge commit. You can view the full changes here.