Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

safety: add longitudinal pre-enable state for brake at a standstill #1123

Open
wants to merge 37 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
37 commits
Select commit Hold shift + click to select a range
95a5148
disallow longitudinal at a stop with brake held
sshane Oct 28, 2022
8563b63
comment
sshane Oct 28, 2022
b4b89dc
Merge remote-tracking branch 'upstream/master' into brake-preenable
sshane Nov 29, 2022
f66a28f
stash what we got so far
sshane Nov 29, 2022
a905664
so far
sshane Nov 29, 2022
c1df489
Merge remote-tracking branch 'upstream/master' into brake-preenable
sshane Nov 30, 2022
85235a7
stash
sshane Dec 1, 2022
1bc58d6
Merge remote-tracking branch 'upstream/master' into brake-preenable
sshane Dec 1, 2022
a0d1286
clean up
sshane Dec 1, 2022
5daf884
Merge remote-tracking branch 'upstream/master' into brake-preenable
sshane Dec 3, 2022
fc5c43f
lateral allowed
sshane Dec 3, 2022
7824cb0
Merge remote-tracking branch 'upstream/master' into brake-preenable
sshane Dec 15, 2022
7afb897
Merge remote-tracking branch 'upstream/master' into brake-preenable
sshane Oct 4, 2023
42c0c27
don't change lat
sshane Oct 4, 2023
e689d51
rename
sshane Oct 4, 2023
97f403c
this should work
sshane Oct 4, 2023
813750e
draft
sshane Oct 4, 2023
3c22fdb
need to do this for tesla to know where 0 accel point is
sshane Oct 4, 2023
8065c64
this is cleaner
sshane Oct 4, 2023
65aa62b
oh wait it does
sshane Oct 4, 2023
b5eaf9f
use _generic_limit_safety_check in ford
sshane Oct 4, 2023
a880f46
tests
sshane Oct 4, 2023
2e0e7a9
Revert "use _generic_limit_safety_check in ford"
sshane Oct 4, 2023
4fe2baa
all good
sshane Oct 4, 2023
60d5052
ford
sshane Oct 4, 2023
4c59318
messy
sshane Oct 4, 2023
c48473d
clean up
sshane Oct 4, 2023
40dcb1b
Merge remote-tracking branch 'upstream/master' into brake-preenable
sshane Nov 11, 2023
1c1c6c1
cando this, but this seems more confusing now
sshane Nov 11, 2023
423fe3e
or...
sshane Nov 11, 2023
55681c1
better
sshane Nov 11, 2023
57122bb
comments
sshane Nov 11, 2023
024663a
winning
sshane Nov 11, 2023
26a45ca
remove get_decel_allowed
sshane Nov 11, 2023
7ce2100
space up here
sshane Nov 11, 2023
2965bca
overkill
sshane Nov 11, 2023
31955d8
tests
sshane Nov 11, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 17 additions & 6 deletions board/safety.h
Original file line number Diff line number Diff line change
Expand Up @@ -82,9 +82,20 @@ int safety_fwd_hook(int bus_num, CANPacket_t *to_fwd) {
}

bool get_longitudinal_allowed(void) {
// No longitudinal control when overriding with gas. Brake is allowed when pre-enabling at a standstill
return controls_allowed && !gas_pressed_prev;
}

bool get_lateral_allowed(void) {
// No steering allowed while pre-enabling at a standstill with brake
return controls_allowed && !brake_pressed_prev;
}
sshane marked this conversation as resolved.
Show resolved Hide resolved

bool get_gas_allowed(void) {
// No +acceleration/gas command while pre-enabled at a stop with brake
return get_longitudinal_allowed() && !brake_pressed_prev;
}

// Given a CRC-8 poly, generate a static lookup table to use with a fast CRC-8
// algorithm. Called at init time for safety modes using CRC-8.
void gen_crc_lookup_table_8(uint8_t poly, uint8_t crc_lut[]) {
Expand Down Expand Up @@ -486,7 +497,7 @@ float interpolate(struct lookup_t xy, float x) {
// Safety checks for longitudinal actuation
bool longitudinal_accel_checks(int desired_accel, const LongitudinalLimits limits) {
bool violation = false;
if (!get_longitudinal_allowed()) {
if (!get_gas_allowed()) {
violation |= desired_accel != limits.inactive_accel;
} else {
violation |= max_limit_check(desired_accel, limits.max_accel, limits.min_accel);
Expand All @@ -500,7 +511,7 @@ bool longitudinal_speed_checks(int desired_speed, const LongitudinalLimits limit

bool longitudinal_gas_checks(int desired_gas, const LongitudinalLimits limits) {
bool violation = false;
if (!get_longitudinal_allowed()) {
if (!get_gas_allowed()) {
violation |= desired_gas != limits.inactive_gas;
} else {
violation |= max_limit_check(desired_gas, limits.max_gas, limits.min_gas);
Expand All @@ -516,15 +527,15 @@ bool longitudinal_brake_checks(int desired_brake, const LongitudinalLimits limit
}

bool longitudinal_interceptor_checks(CANPacket_t *to_send) {
return !get_longitudinal_allowed() && (GET_BYTE(to_send, 0) || GET_BYTE(to_send, 1));
return !get_gas_allowed() && (GET_BYTE(to_send, 0) || GET_BYTE(to_send, 1));
}

// Safety checks for torque-based steering commands
bool steer_torque_cmd_checks(int desired_torque, int steer_req, const SteeringLimits limits) {
bool violation = false;
uint32_t ts = microsecond_timer_get();

if (controls_allowed) {
if (get_lateral_allowed()) {
// *** global torque limit check ***
violation |= max_limit_check(desired_torque, limits.max_steer, -limits.max_steer);

Expand All @@ -551,7 +562,7 @@ bool steer_torque_cmd_checks(int desired_torque, int steer_req, const SteeringLi
}

// no torque if controls is not allowed
if (!controls_allowed && (desired_torque != 0)) {
if (!get_lateral_allowed() && (desired_torque != 0)) {
violation = true;
}

Expand Down Expand Up @@ -593,7 +604,7 @@ bool steer_torque_cmd_checks(int desired_torque, int steer_req, const SteeringLi
}

// reset to 0 if either controls is not allowed or there's a violation
if (violation || !controls_allowed) {
if (violation || !get_lateral_allowed()) {
valid_steer_req_count = 0;
invalid_steer_req_count = 0;
desired_torque_last = 0;
Expand Down
2 changes: 1 addition & 1 deletion board/safety/safety_ford.h
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ static int ford_tx_hook(CANPacket_t *to_send) {
bool steer_control_enabled = steer_control_type != 0U;

// No steer control allowed when controls are not allowed
if (!controls_allowed && steer_control_enabled) {
if (!get_lateral_allowed() && steer_control_enabled) {
sshane marked this conversation as resolved.
Show resolved Hide resolved
tx = 0;
}
}
Expand Down
6 changes: 3 additions & 3 deletions board/safety/safety_nissan.h
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,7 @@ static int nissan_tx_hook(CANPacket_t *to_send) {
// offeset 1310 * NISSAN_DEG_TO_CAN
desired_angle = desired_angle - 131000;

if (controls_allowed && lka_active) {
if (get_lateral_allowed() && lka_active) {
// add 1 to not false trigger the violation
float delta_angle_float;
delta_angle_float = (interpolate(NISSAN_LOOKUP_ANGLE_RATE_UP, vehicle_speed) * NISSAN_DEG_TO_CAN) + 1.;
Expand All @@ -134,14 +134,14 @@ static int nissan_tx_hook(CANPacket_t *to_send) {
desired_angle_last = desired_angle;

// desired steer angle should be the same as steer angle measured when controls are off
if ((!controls_allowed) &&
if ((!get_lateral_allowed()) &&
((desired_angle < (angle_meas.min - 1)) ||
(desired_angle > (angle_meas.max + 1)))) {
violation = 1;
}

// no lka_enabled bit if controls not allowed
if (!controls_allowed && lka_active) {
if (!get_lateral_allowed() && lka_active) {
violation = 1;
}
}
Expand Down
6 changes: 3 additions & 3 deletions board/safety/safety_tesla.h
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@ static int tesla_tx_hook(CANPacket_t *to_send) {
(steer_control_type != 3); // DISABLED

// Rate limit while steering
if(controls_allowed && steer_control_enabled) {
if(get_lateral_allowed() && steer_control_enabled) {
// Add 1 to not false trigger the violation
float delta_angle_float;
delta_angle_float = (interpolate(TESLA_LOOKUP_ANGLE_RATE_UP, vehicle_speed) * TESLA_DEG_TO_CAN);
Expand All @@ -153,12 +153,12 @@ static int tesla_tx_hook(CANPacket_t *to_send) {
desired_angle_last = desired_angle;

// Angle should be the same as current angle while not steering
if(!controls_allowed && ((desired_angle < (angle_meas.min - 1)) || (desired_angle > (angle_meas.max + 1)))) {
if(!get_lateral_allowed() && ((desired_angle < (angle_meas.min - 1)) || (desired_angle > (angle_meas.max + 1)))) {
violation = true;
}

// No angle control allowed when controls are not allowed
if(!controls_allowed && steer_control_enabled) {
if(!get_lateral_allowed() && steer_control_enabled) {
violation = true;
}
}
Expand Down
2 changes: 2 additions & 0 deletions board/safety_declarations.h
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,8 @@ bool driver_limit_check(int val, int val_last, struct sample_t *val_driver,
const int MAX, const int MAX_RATE_UP, const int MAX_RATE_DOWN,
const int MAX_ALLOWANCE, const int DRIVER_FACTOR);
bool get_longitudinal_allowed(void);
bool get_lateral_allowed(void);
bool get_gas_allowed(void);
bool rt_rate_limit_check(int val, int val_last, const int MAX_RT_DELTA);
float interpolate(struct lookup_t xy, float x);
void gen_crc_lookup_table_8(uint8_t poly, uint8_t crc_lut[]);
Expand Down