2022-12-01 15:38:00 +08:00
|
|
|
#pragma once
|
|
|
|
|
2024-02-19 03:03:30 +08:00
|
|
|
#define GET_BIT(msg, b) ((bool)!!(((msg)->data[((b) / 8U)] >> ((b) % 8U)) & 0x1U))
|
CAN_FIFOMailBox to CANPacket struct + USB dynamic packet size (#739)
* Squashed commits, no cleanup
* Few fixes
* No init = garbage
* Only receive with new canpacket
* Add send with canpacket
* Revert "Add send with canpacket"
This reverts commit 7d06686ddd6d447c714b5289d31af24403d36931.
* Packet must be aligned to word, or bad performance
* Cleaner
* Fix tests
* Tests...
* MISRA 10.4
* More MISRA
* libpandasafety_py
* cffi
* even more tests...
* typo
* ...
* ...
* ...
* Slight cleanup
* MISRA 6.1
* MISRA 17.7
* Bug in bxcan + even style
* MISRA 10.1
* Revert "MISRA 10.1"
This reverts commit 404ae7fcc39556f80f528de9015702e69f4ea0a5.
* ...
* MISRA 10.1 and 10.4 suppress until next PR
* MISRA 20.1
* ...
* test_honda
* ...
* ...
* test_toyota
* test_volkswagen_mqb
* test_volkswagen_pq
* Sketchy thing...
* Revert "Sketchy thing..."
This reverts commit 3b2e5715bdc1954f7b7b3b7469ba3d0eaa06bdf9.
* remove comment
* bxcan extended address bug
* Concept, experimental dynamic usb packet size
* increase each buffer to 10240 bytes
* raise python bulk read/write limits
* ...
* Move packet size to start
* Experimental send, stream-like
* New receive test, stream-like
* cleanup
* cleanup + rebase fixes
* MISRA
* Extra receive method, stream-like, commented out
* type change
* Revert back to buffer for send, stream commented
* forgot ZLP
* lower buffer, add rx failsafe
* ... remove ZLP
* return ZLP back
* Add tx checks to panda fw
* TX stream with counter
* fix counter overflow
* 13 free slots should be enough
* limit tx usb packet
* ...
* Revert max_bulk_msg doubling
* python lib improve speed
* Stream with counter for RX, dirty, needs cleanup
* Increase chunk length to 4096 bytes
* cleanup fdcan.h
* cleanup __init__.py
* MISRA 12.1
* MISRA 10.8
* remove non-streaming usb functions
* more main.c cleanup
* MISRA 15.6
* MISRA 15.5
* MISRA 18.4 and suppress objectIndex
* handling usb pakcets > 63bytes, naming and cleanup
* Cleanup old from tests and update CANPacket_t struct
* Switch to 4 bit DLC instead of 6 bit length
* ops)
* ...
* pylint
* receive python buffer increase
* USB increase receive packet len
* tweak buffers
* No need for so high limits
* MISRA 20.1 workaround
* performance tweaks
* cleanup, dlc to data_len_code naming
* main.c naming
* comments and cleanup for main.c usb
* clean py lib
* pylint
* do not discard good rx messages on stream fail
* cleanups
* naming
* remove bitstruct lib and lower tx limit
* bitstruct lefovers
* fix bug in VW test
* remove adjusting data size and assert on wrong len
* ...
* test new memcpy before merging
* Revert "test new memcpy before merging"
This reverts commit 399465a264835061adabdd785718c4b6fc18c267.
* macros for to/fromuint8_t array
* MISRA hates me!
* tests.c include macros instead
* move CANPacket to can_definitions.h
* vw_pq python test fix
* new memcpy test, REMOVE
* check without alignment
* revert macros for uint8 arrays
* Revert "revert macros for uint8 arrays"
This reverts commit 581a9db735a42d0d68200bd270d87a8fd34e43fe.
* check assert
* Revert "check assert"
This reverts commit 9e970d029a50597a1718b2bb0260196c050fd77f.
* one more variation
* Revert "one more variation"
This reverts commit f6c0528b7ac7e125750dc0d9445c7ce97f6954b5.
* what about read performance
* Revert "what about read performance"
This reverts commit d2610f90958a816fe7f1822157a84f85e97d9249.
* check struct alignment to word
* check for aligned memcpy again
* cleanup
* add CANPacket structure diagram
* update CANPacket and add USB packet struct
* bugfix + refactoring of EP1
* move dlc_to_len to header
* missed include
* typo...
* MISRA
* fk
* lower MAX_CAN_MSGS_PER_BULK_TRANSFER
* bump CAN_PACKET_VERSION to 2
* bump python lib CAN_PACKET_VERSION to 2
* rename parse_can_buffer to unpack_can_buffer
* CANPacket_t const fields
* Revert "CANPacket_t const fields"
This reverts commit cf91c035b7706a14e317550c5f0501ae3fce7c70.
* test.c relative path
* cleanup
* move macros to safety_declarations
* Refactor pack/unpack funcs and add unittest
* usb_protocol.h
* oops
* Update .github/workflows/test.yaml
Co-authored-by: Adeeb Shihadeh <adeebshihadeh@gmail.com>
* remove print from unittest
Co-authored-by: Adeeb Shihadeh <adeebshihadeh@gmail.com>
2021-11-13 08:36:34 +08:00
|
|
|
#define GET_BYTE(msg, b) ((msg)->data[(b)])
|
2024-05-31 13:13:47 +08:00
|
|
|
#define GET_FLAG(value, mask) (((__typeof__(mask))(value) & (mask)) == (mask)) // cppcheck-suppress misra-c2012-1.2; allow __typeof__
|
CAN_FIFOMailBox to CANPacket struct + USB dynamic packet size (#739)
* Squashed commits, no cleanup
* Few fixes
* No init = garbage
* Only receive with new canpacket
* Add send with canpacket
* Revert "Add send with canpacket"
This reverts commit 7d06686ddd6d447c714b5289d31af24403d36931.
* Packet must be aligned to word, or bad performance
* Cleaner
* Fix tests
* Tests...
* MISRA 10.4
* More MISRA
* libpandasafety_py
* cffi
* even more tests...
* typo
* ...
* ...
* ...
* Slight cleanup
* MISRA 6.1
* MISRA 17.7
* Bug in bxcan + even style
* MISRA 10.1
* Revert "MISRA 10.1"
This reverts commit 404ae7fcc39556f80f528de9015702e69f4ea0a5.
* ...
* MISRA 10.1 and 10.4 suppress until next PR
* MISRA 20.1
* ...
* test_honda
* ...
* ...
* test_toyota
* test_volkswagen_mqb
* test_volkswagen_pq
* Sketchy thing...
* Revert "Sketchy thing..."
This reverts commit 3b2e5715bdc1954f7b7b3b7469ba3d0eaa06bdf9.
* remove comment
* bxcan extended address bug
* Concept, experimental dynamic usb packet size
* increase each buffer to 10240 bytes
* raise python bulk read/write limits
* ...
* Move packet size to start
* Experimental send, stream-like
* New receive test, stream-like
* cleanup
* cleanup + rebase fixes
* MISRA
* Extra receive method, stream-like, commented out
* type change
* Revert back to buffer for send, stream commented
* forgot ZLP
* lower buffer, add rx failsafe
* ... remove ZLP
* return ZLP back
* Add tx checks to panda fw
* TX stream with counter
* fix counter overflow
* 13 free slots should be enough
* limit tx usb packet
* ...
* Revert max_bulk_msg doubling
* python lib improve speed
* Stream with counter for RX, dirty, needs cleanup
* Increase chunk length to 4096 bytes
* cleanup fdcan.h
* cleanup __init__.py
* MISRA 12.1
* MISRA 10.8
* remove non-streaming usb functions
* more main.c cleanup
* MISRA 15.6
* MISRA 15.5
* MISRA 18.4 and suppress objectIndex
* handling usb pakcets > 63bytes, naming and cleanup
* Cleanup old from tests and update CANPacket_t struct
* Switch to 4 bit DLC instead of 6 bit length
* ops)
* ...
* pylint
* receive python buffer increase
* USB increase receive packet len
* tweak buffers
* No need for so high limits
* MISRA 20.1 workaround
* performance tweaks
* cleanup, dlc to data_len_code naming
* main.c naming
* comments and cleanup for main.c usb
* clean py lib
* pylint
* do not discard good rx messages on stream fail
* cleanups
* naming
* remove bitstruct lib and lower tx limit
* bitstruct lefovers
* fix bug in VW test
* remove adjusting data size and assert on wrong len
* ...
* test new memcpy before merging
* Revert "test new memcpy before merging"
This reverts commit 399465a264835061adabdd785718c4b6fc18c267.
* macros for to/fromuint8_t array
* MISRA hates me!
* tests.c include macros instead
* move CANPacket to can_definitions.h
* vw_pq python test fix
* new memcpy test, REMOVE
* check without alignment
* revert macros for uint8 arrays
* Revert "revert macros for uint8 arrays"
This reverts commit 581a9db735a42d0d68200bd270d87a8fd34e43fe.
* check assert
* Revert "check assert"
This reverts commit 9e970d029a50597a1718b2bb0260196c050fd77f.
* one more variation
* Revert "one more variation"
This reverts commit f6c0528b7ac7e125750dc0d9445c7ce97f6954b5.
* what about read performance
* Revert "what about read performance"
This reverts commit d2610f90958a816fe7f1822157a84f85e97d9249.
* check struct alignment to word
* check for aligned memcpy again
* cleanup
* add CANPacket structure diagram
* update CANPacket and add USB packet struct
* bugfix + refactoring of EP1
* move dlc_to_len to header
* missed include
* typo...
* MISRA
* fk
* lower MAX_CAN_MSGS_PER_BULK_TRANSFER
* bump CAN_PACKET_VERSION to 2
* bump python lib CAN_PACKET_VERSION to 2
* rename parse_can_buffer to unpack_can_buffer
* CANPacket_t const fields
* Revert "CANPacket_t const fields"
This reverts commit cf91c035b7706a14e317550c5f0501ae3fce7c70.
* test.c relative path
* cleanup
* move macros to safety_declarations
* Refactor pack/unpack funcs and add unittest
* usb_protocol.h
* oops
* Update .github/workflows/test.yaml
Co-authored-by: Adeeb Shihadeh <adeebshihadeh@gmail.com>
* remove print from unittest
Co-authored-by: Adeeb Shihadeh <adeebshihadeh@gmail.com>
2021-11-13 08:36:34 +08:00
|
|
|
|
2023-11-20 16:15:46 +08:00
|
|
|
#define BUILD_SAFETY_CFG(rx, tx) ((safety_config){(rx), (sizeof((rx)) / sizeof((rx)[0])), \
|
|
|
|
(tx), (sizeof((tx)) / sizeof((tx)[0]))})
|
2023-11-27 14:18:24 +08:00
|
|
|
#define SET_RX_CHECKS(rx, config) ((config).rx_checks = (rx), \
|
|
|
|
(config).rx_checks_len = sizeof((rx)) / sizeof((rx)[0]))
|
|
|
|
#define SET_TX_MSGS(tx, config) ((config).tx_msgs = (tx), \
|
|
|
|
(config).tx_msgs_len = sizeof((tx)) / sizeof((tx)[0]))
|
2023-12-07 10:05:07 +08:00
|
|
|
#define UPDATE_VEHICLE_SPEED(val_ms) (update_sample(&vehicle_speed, ROUND((val_ms) * VEHICLE_SPEED_FACTOR)))
|
2023-09-08 14:52:27 +08:00
|
|
|
|
2023-04-27 13:59:58 +08:00
|
|
|
uint32_t GET_BYTES(const CANPacket_t *msg, int start, int len) {
|
|
|
|
uint32_t ret = 0U;
|
|
|
|
for (int i = 0; i < len; i++) {
|
2024-02-19 03:56:44 +08:00
|
|
|
const uint32_t shift = i * 8;
|
2023-04-27 13:59:58 +08:00
|
|
|
ret |= (((uint32_t)msg->data[start + i]) << shift);
|
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2019-12-21 17:25:54 +08:00
|
|
|
const int MAX_WRONG_COUNTERS = 5;
|
|
|
|
const uint8_t MAX_MISSED_MSGS = 10U;
|
2023-04-27 10:43:30 +08:00
|
|
|
#define MAX_ADDR_CHECK_MSGS 3U
|
2023-10-03 18:15:16 +08:00
|
|
|
#define MAX_SAMPLE_VALS 6
|
2023-05-04 11:37:56 +08:00
|
|
|
// used to represent floating point vehicle speed in a sample_t
|
|
|
|
#define VEHICLE_SPEED_FACTOR 100.0
|
2019-12-21 17:25:54 +08:00
|
|
|
|
2023-11-20 16:15:46 +08:00
|
|
|
|
2022-04-22 11:11:13 +08:00
|
|
|
// sample struct that keeps 6 samples in memory
|
2019-06-12 21:35:47 +08:00
|
|
|
struct sample_t {
|
2023-10-03 18:15:16 +08:00
|
|
|
int values[MAX_SAMPLE_VALS];
|
2019-06-12 21:35:47 +08:00
|
|
|
int min;
|
|
|
|
int max;
|
2021-06-19 06:46:40 +08:00
|
|
|
} sample_t_default = {.values = {0}, .min = 0, .max = 0};
|
2019-06-12 21:35:47 +08:00
|
|
|
|
|
|
|
// safety code requires floats
|
|
|
|
struct lookup_t {
|
|
|
|
float x[3];
|
|
|
|
float y[3];
|
|
|
|
};
|
|
|
|
|
2019-11-17 16:24:19 +08:00
|
|
|
typedef struct {
|
|
|
|
int addr;
|
|
|
|
int bus;
|
2020-05-12 03:58:33 +08:00
|
|
|
int len;
|
|
|
|
} CanMsg;
|
2019-11-17 16:24:19 +08:00
|
|
|
|
2022-08-10 12:05:36 +08:00
|
|
|
typedef enum {
|
|
|
|
TorqueMotorLimited, // torque steering command, limited by EPS output torque
|
|
|
|
TorqueDriverLimited, // torque steering command, limited by driver's input torque
|
|
|
|
} SteeringControlType;
|
|
|
|
|
2022-08-10 10:53:15 +08:00
|
|
|
typedef struct {
|
2022-12-03 08:45:23 +08:00
|
|
|
// torque cmd limits
|
2022-08-10 10:53:15 +08:00
|
|
|
const int max_steer;
|
|
|
|
const int max_rate_up;
|
|
|
|
const int max_rate_down;
|
|
|
|
const int max_rt_delta;
|
|
|
|
const uint32_t max_rt_interval;
|
|
|
|
|
2022-08-10 12:05:36 +08:00
|
|
|
const SteeringControlType type;
|
|
|
|
|
2022-08-10 10:53:15 +08:00
|
|
|
// driver torque limits
|
|
|
|
const int driver_torque_allowance;
|
|
|
|
const int driver_torque_factor;
|
2022-08-10 12:05:36 +08:00
|
|
|
|
|
|
|
// motor torque limits
|
|
|
|
const int max_torque_error;
|
2022-09-07 10:12:06 +08:00
|
|
|
|
|
|
|
// safety around steer req bit
|
|
|
|
const int min_valid_request_frames;
|
2022-10-12 04:20:24 +08:00
|
|
|
const int max_invalid_request_frames;
|
2022-09-07 10:12:06 +08:00
|
|
|
const uint32_t min_valid_request_rt_interval;
|
|
|
|
const bool has_steer_req_tolerance;
|
2022-12-03 08:45:23 +08:00
|
|
|
|
|
|
|
// angle cmd limits
|
2023-07-07 08:06:31 +08:00
|
|
|
const float angle_deg_to_can;
|
2022-12-03 08:45:23 +08:00
|
|
|
const struct lookup_t angle_rate_up_lookup;
|
|
|
|
const struct lookup_t angle_rate_down_lookup;
|
2023-04-28 14:33:54 +08:00
|
|
|
const int max_angle_error; // used to limit error between meas and cmd while enabled
|
2023-05-03 11:45:33 +08:00
|
|
|
const float angle_error_min_speed; // minimum speed to start limiting angle error
|
2023-04-28 14:33:54 +08:00
|
|
|
|
|
|
|
const bool enforce_angle_error; // enables max_angle_error check
|
|
|
|
const bool inactive_angle_is_zero; // if false, enforces angle near meas when disabled (default)
|
2022-08-10 10:53:15 +08:00
|
|
|
} SteeringLimits;
|
|
|
|
|
2022-11-30 08:46:32 +08:00
|
|
|
typedef struct {
|
|
|
|
// acceleration cmd limits
|
|
|
|
const int max_accel;
|
|
|
|
const int min_accel;
|
|
|
|
const int inactive_accel;
|
2022-11-30 15:45:55 +08:00
|
|
|
|
|
|
|
// gas & brake cmd limits
|
|
|
|
// inactive and min gas are 0 on most safety modes
|
|
|
|
const int max_gas;
|
|
|
|
const int min_gas;
|
|
|
|
const int inactive_gas;
|
|
|
|
const int max_brake;
|
2022-12-01 10:56:05 +08:00
|
|
|
|
2023-08-16 08:25:44 +08:00
|
|
|
// transmission rpm limits
|
|
|
|
const int max_transmission_rpm;
|
|
|
|
const int min_transmission_rpm;
|
|
|
|
const int inactive_transmission_rpm;
|
2023-08-13 10:34:53 +08:00
|
|
|
|
2022-12-01 10:56:05 +08:00
|
|
|
// speed cmd limits
|
|
|
|
const int inactive_speed;
|
2022-11-30 08:46:32 +08:00
|
|
|
} LongitudinalLimits;
|
|
|
|
|
2019-12-21 17:25:54 +08:00
|
|
|
typedef struct {
|
2020-05-27 02:24:33 +08:00
|
|
|
const int addr;
|
|
|
|
const int bus;
|
|
|
|
const int len;
|
2019-12-21 17:25:54 +08:00
|
|
|
const bool check_checksum; // true is checksum check is performed
|
|
|
|
const uint8_t max_counter; // maximum value of the counter. 0 means that the counter check is skipped
|
2023-02-25 14:54:51 +08:00
|
|
|
const bool quality_flag; // true is quality flag check is performed
|
2023-12-01 11:20:08 +08:00
|
|
|
const uint32_t frequency; // expected frequency of the message [Hz]
|
2020-05-27 02:24:33 +08:00
|
|
|
} CanMsgCheck;
|
|
|
|
|
|
|
|
typedef struct {
|
2023-12-16 13:59:19 +08:00
|
|
|
// dynamic flags, reset on safety mode init
|
2020-05-27 02:24:33 +08:00
|
|
|
bool msg_seen;
|
|
|
|
int index; // if multiple messages are allowed to be checked, this stores the index of the first one seen. only msg[msg_index] will be used
|
2019-12-21 17:25:54 +08:00
|
|
|
bool valid_checksum; // true if and only if checksum check is passed
|
|
|
|
int wrong_counters; // counter of wrong counters, saturated between 0 and MAX_WRONG_COUNTERS
|
2023-03-02 11:17:40 +08:00
|
|
|
bool valid_quality_flag; // true if the message's quality/health/status signals are valid
|
2019-12-21 17:25:54 +08:00
|
|
|
uint8_t last_counter; // last counter value
|
|
|
|
uint32_t last_timestamp; // micro-s
|
|
|
|
bool lagging; // true if and only if the time between updates is excessive
|
2023-12-16 13:59:19 +08:00
|
|
|
} RxStatus;
|
|
|
|
|
|
|
|
// params and flags about checksum, counter and frequency checks for each monitored address
|
|
|
|
typedef struct {
|
|
|
|
const CanMsgCheck msg[MAX_ADDR_CHECK_MSGS]; // check either messages (e.g. honda steer)
|
|
|
|
RxStatus status;
|
2023-11-20 14:44:13 +08:00
|
|
|
} RxCheck;
|
2019-12-21 17:25:54 +08:00
|
|
|
|
2021-09-04 02:45:17 +08:00
|
|
|
typedef struct {
|
2023-11-20 16:15:46 +08:00
|
|
|
RxCheck *rx_checks;
|
|
|
|
int rx_checks_len;
|
|
|
|
const CanMsg *tx_msgs;
|
|
|
|
int tx_msgs_len;
|
2023-11-20 14:44:13 +08:00
|
|
|
} safety_config;
|
2021-09-04 02:45:17 +08:00
|
|
|
|
2024-01-21 14:22:11 +08:00
|
|
|
typedef uint32_t (*get_checksum_t)(const CANPacket_t *to_push);
|
|
|
|
typedef uint32_t (*compute_checksum_t)(const CANPacket_t *to_push);
|
|
|
|
typedef uint8_t (*get_counter_t)(const CANPacket_t *to_push);
|
|
|
|
typedef bool (*get_quality_flag_valid_t)(const CANPacket_t *to_push);
|
2023-11-20 12:03:35 +08:00
|
|
|
|
2024-01-22 08:19:16 +08:00
|
|
|
typedef safety_config (*safety_hook_init)(uint16_t param);
|
|
|
|
typedef void (*rx_hook)(const CANPacket_t *to_push);
|
|
|
|
typedef bool (*tx_hook)(const CANPacket_t *to_send);
|
|
|
|
typedef int (*fwd_hook)(int bus_num, int addr);
|
|
|
|
|
|
|
|
typedef struct {
|
|
|
|
safety_hook_init init;
|
|
|
|
rx_hook rx;
|
|
|
|
tx_hook tx;
|
|
|
|
fwd_hook fwd;
|
|
|
|
get_checksum_t get_checksum;
|
|
|
|
compute_checksum_t compute_checksum;
|
|
|
|
get_counter_t get_counter;
|
|
|
|
get_quality_flag_valid_t get_quality_flag_valid;
|
|
|
|
} safety_hooks;
|
|
|
|
|
2024-01-21 14:22:11 +08:00
|
|
|
bool safety_rx_hook(const CANPacket_t *to_push);
|
2023-11-20 08:47:09 +08:00
|
|
|
bool safety_tx_hook(CANPacket_t *to_send);
|
2019-06-12 21:35:47 +08:00
|
|
|
uint32_t get_ts_elapsed(uint32_t ts, uint32_t ts_last);
|
|
|
|
int to_signed(int d, int bits);
|
|
|
|
void update_sample(struct sample_t *sample, int sample_new);
|
2023-10-03 18:15:16 +08:00
|
|
|
void reset_sample(struct sample_t *sample);
|
2019-06-13 11:12:48 +08:00
|
|
|
bool max_limit_check(int val, const int MAX, const int MIN);
|
2023-04-27 15:40:29 +08:00
|
|
|
bool angle_dist_to_meas_check(int val, struct sample_t *val_meas,
|
|
|
|
const int MAX_ERROR, const int MAX_VAL);
|
2019-06-13 11:12:48 +08:00
|
|
|
bool dist_to_meas_check(int val, int val_last, struct sample_t *val_meas,
|
2019-06-12 21:35:47 +08:00
|
|
|
const int MAX_RATE_UP, const int MAX_RATE_DOWN, const int MAX_ERROR);
|
2024-01-21 13:50:42 +08:00
|
|
|
bool driver_limit_check(int val, int val_last, const struct sample_t *val_driver,
|
2019-06-12 21:35:47 +08:00
|
|
|
const int MAX, const int MAX_RATE_UP, const int MAX_RATE_DOWN,
|
|
|
|
const int MAX_ALLOWANCE, const int DRIVER_FACTOR);
|
2022-04-02 10:54:40 +08:00
|
|
|
bool get_longitudinal_allowed(void);
|
2019-06-13 11:12:48 +08:00
|
|
|
bool rt_rate_limit_check(int val, int val_last, const int MAX_RT_DELTA);
|
2019-06-12 21:35:47 +08:00
|
|
|
float interpolate(struct lookup_t xy, float x);
|
2023-05-07 12:25:25 +08:00
|
|
|
int ROUND(float val);
|
2022-05-20 06:59:58 +08:00
|
|
|
void gen_crc_lookup_table_8(uint8_t poly, uint8_t crc_lut[]);
|
|
|
|
void gen_crc_lookup_table_16(uint16_t poly, uint16_t crc_lut[]);
|
2024-01-21 13:50:42 +08:00
|
|
|
bool msg_allowed(const CANPacket_t *to_send, const CanMsg msg_list[], int len);
|
|
|
|
int get_addr_check_index(const CANPacket_t *to_push, RxCheck addr_list[], const int len);
|
2023-11-20 14:44:13 +08:00
|
|
|
void update_counter(RxCheck addr_list[], int index, uint8_t counter);
|
|
|
|
void update_addr_timestamp(RxCheck addr_list[], int index);
|
|
|
|
bool is_msg_valid(RxCheck addr_list[], int index);
|
2024-01-21 14:22:11 +08:00
|
|
|
bool rx_msg_safety_check(const CANPacket_t *to_push,
|
2024-01-22 08:19:16 +08:00
|
|
|
const safety_config *cfg,
|
|
|
|
const safety_hooks *safety_hooks);
|
2020-06-16 17:01:00 +08:00
|
|
|
void generic_rx_checks(bool stock_ecu_detected);
|
2020-04-10 06:53:46 +08:00
|
|
|
void relay_malfunction_set(void);
|
|
|
|
void relay_malfunction_reset(void);
|
2022-08-10 12:05:36 +08:00
|
|
|
bool steer_torque_cmd_checks(int desired_torque, int steer_req, const SteeringLimits limits);
|
2022-12-03 08:45:23 +08:00
|
|
|
bool steer_angle_cmd_checks(int desired_angle, bool steer_control_enabled, const SteeringLimits limits);
|
2022-12-01 14:09:13 +08:00
|
|
|
bool longitudinal_accel_checks(int desired_accel, const LongitudinalLimits limits);
|
|
|
|
bool longitudinal_speed_checks(int desired_speed, const LongitudinalLimits limits);
|
|
|
|
bool longitudinal_gas_checks(int desired_gas, const LongitudinalLimits limits);
|
2023-08-16 08:25:44 +08:00
|
|
|
bool longitudinal_transmission_rpm_checks(int desired_transmission_rpm, const LongitudinalLimits limits);
|
2022-12-01 14:09:13 +08:00
|
|
|
bool longitudinal_brake_checks(int desired_brake, const LongitudinalLimits limits);
|
2022-08-12 15:28:08 +08:00
|
|
|
void pcm_cruise_check(bool cruise_engaged);
|
2019-06-12 21:35:47 +08:00
|
|
|
|
2023-11-20 14:44:13 +08:00
|
|
|
void safety_tick(const safety_config *safety_config);
|
2019-12-21 17:25:54 +08:00
|
|
|
|
2019-11-15 16:32:45 +08:00
|
|
|
// This can be set by the safety hooks
|
|
|
|
bool controls_allowed = false;
|
|
|
|
bool relay_malfunction = false;
|
2020-06-16 17:01:00 +08:00
|
|
|
bool gas_pressed = false;
|
2020-03-09 14:48:00 +08:00
|
|
|
bool gas_pressed_prev = false;
|
2020-06-16 17:01:00 +08:00
|
|
|
bool brake_pressed = false;
|
2020-03-09 14:48:00 +08:00
|
|
|
bool brake_pressed_prev = false;
|
2022-09-13 12:32:06 +08:00
|
|
|
bool regen_braking = false;
|
|
|
|
bool regen_braking_prev = false;
|
2020-04-28 13:13:30 +08:00
|
|
|
bool cruise_engaged_prev = false;
|
2023-05-04 11:37:56 +08:00
|
|
|
struct sample_t vehicle_speed;
|
2020-04-28 12:36:56 +08:00
|
|
|
bool vehicle_moving = false;
|
2021-11-18 09:27:24 +08:00
|
|
|
bool acc_main_on = false; // referred to as "ACC off" in ISO 15622:2018
|
2022-03-17 01:37:48 +08:00
|
|
|
int cruise_button_prev = 0;
|
2022-10-04 07:05:16 +08:00
|
|
|
bool safety_rx_checks_invalid = false;
|
2019-06-12 21:35:47 +08:00
|
|
|
|
2020-05-27 05:23:39 +08:00
|
|
|
// for safety modes with torque steering control
|
2020-04-29 01:33:20 +08:00
|
|
|
int desired_torque_last = 0; // last desired steer torque
|
|
|
|
int rt_torque_last = 0; // last desired torque for real time check
|
2022-09-07 10:12:06 +08:00
|
|
|
int valid_steer_req_count = 0; // counter for steer request bit matching non-zero torque
|
2022-10-12 04:20:24 +08:00
|
|
|
int invalid_steer_req_count = 0; // counter to allow multiple frames of mismatching torque request bit
|
2022-04-22 11:11:13 +08:00
|
|
|
struct sample_t torque_meas; // last 6 motor torques produced by the eps
|
|
|
|
struct sample_t torque_driver; // last 6 driver torques measured
|
2022-09-07 10:12:06 +08:00
|
|
|
uint32_t ts_torque_check_last = 0;
|
|
|
|
uint32_t ts_steer_req_mismatch_last = 0; // last timestamp steer req was mismatched with torque
|
2020-04-29 01:33:20 +08:00
|
|
|
|
2022-07-14 05:20:00 +08:00
|
|
|
// state for controls_allowed timeout logic
|
|
|
|
bool heartbeat_engaged = false; // openpilot enabled, passed in heartbeat USB command
|
|
|
|
uint32_t heartbeat_engaged_mismatches = 0; // count of mismatches between heartbeat_engaged and controls_allowed
|
|
|
|
|
2020-05-27 05:23:39 +08:00
|
|
|
// for safety modes with angle steering control
|
|
|
|
uint32_t ts_angle_last = 0;
|
|
|
|
int desired_angle_last = 0;
|
2023-04-27 15:40:29 +08:00
|
|
|
struct sample_t angle_meas; // last 6 steer angles/curvatures
|
2020-05-27 05:23:39 +08:00
|
|
|
|
2020-03-31 09:18:44 +08:00
|
|
|
// This can be set with a USB command
|
2022-03-25 05:31:31 +08:00
|
|
|
// It enables features that allow alternative experiences, like not disengaging on gas press
|
|
|
|
// It is only either 0 or 1 on mainline comma.ai openpilot
|
2020-04-07 05:54:32 +08:00
|
|
|
|
2022-03-25 05:31:31 +08:00
|
|
|
#define ALT_EXP_DISABLE_DISENGAGE_ON_GAS 1
|
2020-04-07 05:54:32 +08:00
|
|
|
|
2020-04-07 06:01:48 +08:00
|
|
|
// If using this flag, make sure to communicate to your users that a stock safety feature is now disabled.
|
2022-03-25 05:31:31 +08:00
|
|
|
#define ALT_EXP_DISABLE_STOCK_AEB 2
|
2020-04-07 05:54:32 +08:00
|
|
|
|
2020-04-07 06:01:48 +08:00
|
|
|
// If using this flag, be aware that harder braking is more likely to lead to rear endings,
|
|
|
|
// and that alone this flag doesn't make braking compliant because there's also a time element.
|
2021-09-07 07:36:30 +08:00
|
|
|
// Setting this flag is used for allowing the full -5.0 to +4.0 m/s^2 at lower speeds
|
2020-04-07 06:12:01 +08:00
|
|
|
// See ISO 15622:2018 for more information.
|
2022-03-25 05:31:31 +08:00
|
|
|
#define ALT_EXP_RAISE_LONGITUDINAL_LIMITS_TO_ISO_MAX 8
|
2020-04-07 05:54:32 +08:00
|
|
|
|
2024-01-12 07:37:43 +08:00
|
|
|
// This flag allows AEB to be commanded from openpilot.
|
|
|
|
#define ALT_EXP_ALLOW_AEB 16
|
|
|
|
|
2022-03-25 05:31:31 +08:00
|
|
|
int alternative_experience = 0;
|
2020-03-31 09:18:44 +08:00
|
|
|
|
2019-11-27 13:19:54 +08:00
|
|
|
// time since safety mode has been changed
|
|
|
|
uint32_t safety_mode_cnt = 0U;
|
2019-11-27 16:19:41 +08:00
|
|
|
// allow 1s of transition timeout after relay changes state before assessing malfunctioning
|
|
|
|
const uint32_t RELAY_TRNS_TIMEOUT = 1U;
|