* improvements on the state machine for exiting controls and improvements on replay drive, and optimizations
* New tests on hyundai for now to see how they behave with lkas and main button pressed interchangeably
* cleaning up hyundai tests and ensuring we always cleanup mads states at the end of the tests
* Adjusting tests
* Adjusting the tests a bit more to ensure clean states
* Cleaning up and simplifying logic
* ensuring all tests always cleanup
* improving the state
* make static happy
* Refactor safety replay script for better debugging and update Honda safety code
The commit performs a comprehensive revision of the safety replay script, specifically focusing on introducing debug variables and enhancing the logging capabilities for improved debugging. Furthermore, changes were made to the Honda safety code. The test helpers within libpanda were also expanded for inclusion of additional test conditions.
* Introduce 'ACC_MAIN_OFF' as a new disengagement reason in Sunnypilot's 'safety_mads.h'
The Sunnypilot's 'safety_mads.h' file has been updated to include 'ACC_MAIN_OFF' as a new cause for disconnection in the 'DisengageReason' enumeration. If an 'acc_main_off' signal is received, the 'mads_exit_controls' function halts all requests for lateral control engagement. Additionally, the status of 'controls_requested_lat' now mirrors 'controls_allowed_lat' after a button press.
* simpler logic cleaner
* reorder code for readability
* tmp
* Refactor state transitions and add event handlers
Renamed StateTransition to EdgeTransition for clarity and updated related logic. Introduced event handlers for button presses and ACC state changes, reducing duplicated control flow code. Improved encapsulation and maintainability by restructuring state update functions.
* reorder
* Refactor MADS state handling logic
Removed redundant event handler functions and unnecessary timestamp fields to streamline the code. Simplified button and binary state updates by integrating logic directly into transition checks. Commented out unused fields
* adding some more tests
* split init
* format
* update naming
* Refine lateral control request logic in safety_mads.h
The logic for setting the `controls_requested_lat` variable in safety_mads.h has been refined. Previously, it switched state based on the current value of `controls_allowed_lat`. Now, it also takes into account the current state of `acc_main`, ensuring a more nuanced control request mechanism that accounts for different operational scenarios.
* Fix button state handling in mads_exit_controls logic.
Refactor button state transitions to better handle lateral control requests when ACC is active. Ensure controls are correctly disengaged under specific conditions, by setting `controls_requested_lat` more reliably during state transitions. This change improves safety by preventing inadvertent disengagement when ACC is not active.
* Add test for LKAS button press with ACC main on
This commit introduces a new test to ensure that controls remain enabled when the LKAS/LFA button is pressed while ACC main is on. It checks that LKAS button operations don't interfere with control permissions in this specific configuration, improving test coverage and preventing potential safety issues.
* Add mismatch detection and change mads_acc_main to bool
Enhanced mismatch detection logic by tracking cases where 'controls_allowed' is true while 'controls_allowed_lat' is false, updating the script to print relevant debug information. Additionally, changed the data type of 'mads_acc_main' and 'mads_acc_main_prev' from int to bool for improved type accuracy and consistency.
* update controls_allowed_lat_pkt on health pkt to actually follow is_lat_active() which has the final word on whether we can allow lat or not.
* Can't perform this test on toyota as we never really process a button disengagement for toyota
* wow, we forgot about pcm hyundai can-fd
* nuke nuke nuke
* Revert "nuke nuke nuke"
This reverts commit 9bf0de640a3439ac43c27bcbc6568853966d370b.
* update name
* event driven update states
* add get_pcm_main_cruise_available
* split PCM and non-PCM main cruise tets
* fix some
* pcm main cruise availability mutation
* toyota pass fake lkas btn pressed
* more
* make pcm acc main rising edge on init
* only falling edge when actually 0 (need test for mutation)
* misra
* remove state flags, main button related
* skip lkas related tests with toyota and subaru fake button
* need for honda
* static
* mutation
* misra
* skip nidec pcm alt
* engage mads if controls allowed rising
* static
* remove non pcm properties
* fixup! engage mads if controls allowed rising
* move back
* fix static
* move around
* Hyundai openpilot longitudinal main cruise button state handling
* main button unit test
* acc_main_on mismatch unit tests
* clean up old main cruise button unit tests
* add more reasons
* cleanup
* rename
* rearrange
* Revert "rearrange"
This reverts commit f07caaa5b98b74c23667b387430ac48ba95bf21c.
* more rearrange
* rename
* more
* too slow
* Revert "too slow"
This reverts commit 31a249aebfa9c985e37be050e525b6924ca9e83d.
* too slow v2
* cleanup
* rename
* more cleanup
* Parse more flags from alt exp, more tests, hyundai main cruise allowed
* missed
* mutation for controls allowed rising edge
* ford mutation
* Update tests/safety/test.sh
Co-authored-by: DevTekVE <devtekve@gmail.com>
* license
* unused
* remove
* comment
* Apply suggestions from code review
Co-authored-by: DevTekVE <devtekve@gmail.com>
* comment
* refactor alternative experience handling with helper function
* use always allowed mads button alt exp
* rename
* parenthesis
* use alternative experience for unit tests inits
* cleanup
* rename
* mutation tests for alternative experience flags
* bump timer
* test for disengage and no disengage lateral on brake
* test allow MADS engage with brake pressed
* rename
* move around
* button combo test
* use acc_main_on directly from global
* fix caught failures from last commit's fix
* Revert "use acc_main_on directly from global"
This reverts commit 346964f55d020a287a1a679e22691ad8873e2a64.
* Properly fix lmao
* Add support for LKAS button handling across Chrysler platforms
Introduced LKAS button message parsing for multiple Chrysler platforms, including specific handling for center stack button messages. Updated tests and safety configurations to reflect these changes, ensuring compatibility with different vehicle variants. This enhances modularity and improves safety feature integration.
* Dockerfile: point to sunnypilot/opendbc
* Happy days :)
* clean
* testx
* Revert "Happy days :)"
This reverts commit 7ea27b53c8f3b1e37677c1ce9498229fceac9de6.
* symlink prior building
* comment
* only parse mads lateral, not stock op's lateral
* do not allow controls allowed if acc_main_on is off
* expose system_enabled, do not allow controls allowed to steer if system_mads is off
* fix hyundai tests with acc_main_on requirement
* fix test with new controls allowed with system_mads off
* fix replay drive
* Change 'DISABLE_DISENGAGE_LATERAL_ON_BRAKE' to 'DISENGAGE_LATERAL_ON_BRAKE'
The commit modifies the usage of the 'DISABLE_DISENGAGE_LATERAL_ON_BRAKE' variable globally and replaces it with 'DISENGAGE_LATERAL_ON_BRAKE'. This change promotes correct and clear semantics, since the variable now indicates a state rather than the negation of a state.
* Adding some more debug printouts on replay drive
* remove unified engagement mode in panda
* treat MADS button as user entry
* controls allow should be allowed at all times
* squash! treat MADS button as user entry
* heartbeat for mads
* heartbeat mismatch exit control
* remove always allow mads button from alt
* move to safety_mads
* check heartbeat directly in main
* remove main cruise allowed from alt
* uint
* squash! check heartbeat directly in main
* update tests
* not needed
* fix mads_exit_controls sometimes not assigning disengage reason
* more disengage lateral on brake tests
* extern
* missesd
* honda mutation test
* again
* rename
* more dlob test
* update name
* fix tests
* fix panda tests
* Refactor MADS state management to simplify pointer usage.
This change replaces many pointer-based state variables with direct ones, improving code readability and reducing complexity. It also standardizes the use of `const` for parameters and updates function implementations accordingly. These improvements enhance maintainability and reduce potential for pointer-related errors.
* Simplify braking logic in m_mads_check_braking function
Removed redundant conditions to streamline braking logic. This change maintains functionality while improving code readability and maintainability. Only necessary checks are now performed to determine disengagement.
* Prevent lateral control engagement during braking
Added a condition to disable lateral control engagement when braking with disengage-on-brake enabled. This change is marked as a demonstration and is not final for merging. Moved the disengage_reason to be set only when an actual disengagement occurred.
* Refactor MADS state handling and fix type consistency
Remove redundant `get_mads_state` inline definition and migrate it to a static function. Fix return type syntax in `get_mads_pending_disengage_reason`. Minor formatting adjustments improve readability and code clarity.
Refactor disengagement logic with enhanced reason tracking
Added distinction between active and pending disengagement reasons to improve system state tracking. Updated related enums, structs, and logic to ensure proper handling during control transitions. Added new safety tests to verify behavior under braking and ACC conditions.
Refactoring lateral control permissions and brake checks in MADS
This revision refactors the MADS safety code. The aim is to simplify and improve readability. Operations and checks for brake states and lateral control permissions have been consolidated into fewer methods. In addition, unused 'previous_disengage' state tracking has been removed from MADSState structure to avoid unnecessary state tracking. Moreover, the 'can_allow_controls_lat' function has been removed entirely and its functionality has been incorporated into other functions, reducing the function count and complexity of the code. The braking status is now tracked with BinaryStateTracking for consistency. These changes maintain the system's functionality while optimizing the code and improving maintainability.
* Why MISRA, why!? WHY!???? I DIDNT EVEN TOUCH THIS FILE OR NOWHERE NEAR!
* Some format
* no more messing with misra
* const
* more generic names
* revert to validate
* are you srs
* make gpio.h stock again and add to supression lists the check on gpio.h since we are not even touching it and we don't plan on ever doing so
* hard code to skip heartbeat check
* update comment
* cleanup
* Update tests/safety/test_honda.py
---------
Co-authored-by: DevTekVE <devtekve@gmail.com>
* alternative experience
* safety init
* fix
* more update
* not really
* misra
* Add Custom MIT License (#38)
* brake check was not handled
* revert
* alt -> lkas
* explicit checks
* support toyota and ford
* rename
* hyundai can-fd support
* only allow lkas if enabled
* hyundai: main button handling
* revert
* hyundai: main button heartbeat
* add logging for controls allowed lateral
* fix panda safety
* ford btn
* toyota btn
* fca btn
* honda btn
* mads safety tests
* more tests
* safety misra
* safety mutation
* misra
* mutation experiment
* fix
* ford test main button
* ford test lkas button
* more ford test
* hyundai lkas and main
* more ford
* hyundai canfd
* rename
* rename
* cleaner
* more fixes
* more hyundai tests
* no longer needed
* thanks for tests!
* more tests for lat
* more explicit
* make sure to reset
* try this out
* probably needed
* move
* misra
* not needed
* move to safety_mads
* not really needed
* remove
* MADS: Refactor MADS safety with improved state management (pull request #46)
Refactor MADS safety with improved state management
This commit introduces a major refactoring of the MADS safety module, improving state management and control flow. Key changes include:
Core Changes:
- Introduced a MADSState struct to centralize state management
- Removed global state variables in favor of structured state
- Implemented button transition handling with explicit state tracking (PRESSED/RELEASED/NO_CHANGE)
- Added state flags for button availability detection
- Simplified lateral control permission logic
Button Handling:
- Separated main button and LKAS button state tracking
- Added independent engagement states for each button
- Improved button press detection across multiple platforms
- Added support for main and LKAS buttons on Hyundai platforms
- Modified ACC main state handling
Testing:
- Added comprehensive test coverage for MADS state transitions
- Added new MADS-specific test base class for consistent testing across platforms
- Added mutation testing for state management
- Extended timeout for mutation tests from 5 to 8 minutes
- Added extensive button press validation tests
- Enhanced debugging output in replay drive tests
The refactored code provides a more organized implementation of MADS safety features while maintaining compatibility with existing safety checks.
* adding note
* adding ford (WIP)
* adding honda (WIP)
* adding toyota (WIP)
* adding chrysler (WIP)
* Standardize Button State Handling Across Platforms
Refactor button state handling by replacing integer constants with an enumerated `ButtonState` type and updating logic to improve readability and maintainability. This change affects button press detection in Ford, Honda, Hyundai, and Toyota safety modules and aligns them with a unified MADS button state approach. Enums provide a clearer understanding of button states and transitions, facilitating easier maintenance and future enhancements.
* Disable LKAS button press logic in Honda and Toyota safety.
The code for processing LKAS button presses has been commented out in both Honda and Toyota safety implementations. This change aims to investigate or temporarily halt the button press effects without removing the logic altogether. It will be important to test for any impacts this may have on vehicle control functionality.
* Remove commented out code in toyota_rx_hook function
This commit cleans up the toyota_rx_hook function by removing unnecessary commented-out code that checks for LKAS button presses on bus 2. This helps improve code readability and maintainability without altering the existing functionality.
* GM, mazda, nissan, subaru (global & preglobal)
* Honda LKAS
* Revert "Remove commented out code in toyota_rx_hook function"
This reverts commit d6b012c01a08118d91fad56c9f6ac2f92b671968.
* Toyota, Subaru Global LKAS
* nissan fix
* gm fix
* use speed msg to force rx
* im bored
* misra
* subaru/toyota/honda
* nope
* attempt
* go through all buttons
* try nissan
* more nissan
* nissan tests passed!
* subaru lkas test (not sure why it's not passing 2 and 3 values)
* Improved code organization in safety_subaru.h and test_subaru.py
This commit includes a minor restructuring in safety_subaru.h and test_subaru.py for better readability and flow. The condition check in safety_subaru.h for lkas_hud now has explicit parentheses. With regard to test_subaru.py, an unnecessary import was removed, and the sequence of steps in the test was reordered - now enabling mads and cleaning up mads_states happens before each subtest.
* Refactor tests to use _speed_msg instead of _user_brake_msg.
Updated the MADS safety tests to utilize the _speed_msg(0) function call in place of _user_brake_msg(False).
* Reworking the tests a little for clarity
* disabling lkas again on toyota temporarily
* fix mads condition to engage
* hyundai and honda good with new tests
* Redoing more tests
* update for safety tick ensuring mads control is exited while lagging
* Updating tests for toyota
* cleaning up tests on hkg
* commenting out temp_debug for future use
* revert
* constants
* cleanup
* format!
* match yota
* Apply suggestions from code review
* force
* explicit checks
* revert
---------
Co-authored-by: Jason Wen <haibin.wen3@gmail.com>
* mutation
* clone
* origin
* get diff
* better example
* better
* fix docker
* work on push
* make test fail
* real change
* test all modes
* ignore
* better
* reco
* fix
* no libpanda on device
* curl
* nl
* nl again
* delete
* clean
* clean
* this
* add this back
* cleanup
* update to ubuntu 24.04
* Apply suggestions from code review
* Update .github/workflows/repo.yml
* Update test.yaml
* docker builds
* bump
* no pyenv
* ugh this should just be removed
* fix
* add release/
* no openpilot
* remove those too
* build in the docker
* cleanup
* need the addons
* 9 added tests
* test speed with new del header
* mypy
* cleanup
* fix error in delete
* random
* change
* works on local
* sorted
* with order
* add pytest randomly
* test with ci
* remove sort
* cleanup
* all files
* no obj
* another bootstub
* fix
* cleanup
---------
Co-authored-by: Adeeb Shihadeh <adeebshihadeh@gmail.com>
* run in CI
* test
* make report optional
* 100% GM coverage
comments
* more coverage: these are unhittable lines
* vw mqb: convert switch to if, consistent with all other safety modes
* we don't check any of these yet
* rm
* ensure honda_fwd_brake is reset
* can rm this
* test honda brake latching
* honda: add rx brake function
* use loops for more coverage and more compact code
* other honda stuff
* remove car-specific stuff from init_tests
* don't need to have car safety modes reset interceptor detected (global init does)
* use get_bit
* ahh ford counter is unhittable: counter check disabled due to skipping
* misra
* test nooutput and alloutput
* required changes for that
* fix test
* more all/nooutput coverage
* start on lin
* rx coverage
* lin tx coverage
* some barebones body test
* double negative
* draft elm327 safety (git stash)
* fixes from merge
* clean up test cov
* add rm
* no body
* failed grep returns exit code 1
* more clear msgs
* try 1
* some fixes
* fix some misra
* first poc working
* more things
* more misra fixes
* fix misra
* add rate limiting
* fix misra
* add some unit tests through libpanda
* add more tests and fix some stuff
* fix misra again
* add startup log hitl test
* list
* don't fail on wrong timestamps
* improvements
* fix tests
* expected logs test?
* not sure why this passed
* oh, it doesn't reset
* only show last few
* guess at expected logs
* needs this
* ugh
* reduce compiler warnings
* adjust expected logs
* this is correct
* is it really 1?
* min max
* reduce spam in SPI test
* some cleanup
* cleanup is_enumerated, rename comms and init spi
* big comms refactor, building now
* misra fixes
* more fixes
* misra try 3
* cleanup
* this belongs in a separate PR
* remove unneccesary file
* revert llspi changes
* llspi misra fix
* enable SPI on F4 and setup gpio
* duh
* wip: spi comms
* more spi wip
* dynamic sector erasing
* Revert "dynamic sector erasing"
This reverts commit fce1215a2ede45e5e2a0e97ca23a86c1d8bfa94a.
* more sectors to be erased
* debugging
* woah, this works
* cleanup on the panda side
* add sync and checksum checks, and fix recovery on errors
* this seems relatively stable
* add retrying
* this is stabler
* some endianness and endpoint fixes
* builds
* revert that
* add that back
* checksum start
* start splitting up driver
* spi behind flag
* cleanup test
* bump up timeout
Co-authored-by: Comma Device <device@comma.ai>
Co-authored-by: Adeeb Shihadeh <adeebshihadeh@gmail.com>
* use docker buildkit
* enable push
* try this caching
* no regressions
* don't copy into the image
* move that
* getting there
* debug
* little smaller
* debug
* configure safe dir
* no sudo
* cleanup
* another timeout
* remove unused wifi tests
* remove that one too
* no bootmode from ESP
* clean that up
* remove two more wifi tests
* remove boardesp and esptool
* esp_gps -> gps
* missed those
* remove esptool refs
* remove esp certs
* no more wifi
* that was old
* cleanup jenkins dockerfile
* fix linter
* remove more wifi refs
* clone panda jungle from github
* no copy
* always default esp to off
