2019-06-12 21:35:47 +08:00
|
|
|
#include "safety_declarations.h"
|
2022-11-30 07:56:43 +08:00
|
|
|
#include "can_definitions.h"
|
2022-01-28 09:46:24 +08:00
|
|
|
|
|
|
|
// include the safety policies.
|
2017-07-18 01:20:08 +08:00
|
|
|
#include "safety/safety_defaults.h"
|
|
|
|
#include "safety/safety_honda.h"
|
2017-08-25 13:31:34 +08:00
|
|
|
#include "safety/safety_toyota.h"
|
2018-10-05 01:22:10 +08:00
|
|
|
#include "safety/safety_tesla.h"
|
2018-02-23 16:19:22 +08:00
|
|
|
#include "safety/safety_gm.h"
|
2018-05-03 13:45:23 +08:00
|
|
|
#include "safety/safety_ford.h"
|
2018-08-18 12:31:00 +08:00
|
|
|
#include "safety/safety_hyundai.h"
|
2018-11-07 04:28:33 +08:00
|
|
|
#include "safety/safety_chrysler.h"
|
2019-01-29 13:42:06 +08:00
|
|
|
#include "safety/safety_subaru.h"
|
2022-07-20 06:53:08 +08:00
|
|
|
#include "safety/safety_subaru_legacy.h"
|
2019-09-10 06:58:41 +08:00
|
|
|
#include "safety/safety_mazda.h"
|
2020-02-27 03:11:56 +08:00
|
|
|
#include "safety/safety_nissan.h"
|
2022-01-19 05:27:48 +08:00
|
|
|
#include "safety/safety_volkswagen_mqb.h"
|
|
|
|
#include "safety/safety_volkswagen_pq.h"
|
2017-08-12 07:17:43 +08:00
|
|
|
#include "safety/safety_elm327.h"
|
2022-04-01 03:02:19 +08:00
|
|
|
#include "safety/safety_body.h"
|
2017-07-15 12:17:32 +08:00
|
|
|
|
2022-05-20 06:59:58 +08:00
|
|
|
// CAN-FD only safety modes
|
|
|
|
#ifdef CANFD
|
2022-08-12 13:06:54 +08:00
|
|
|
#include "safety/safety_hyundai_canfd.h"
|
2022-05-20 06:59:58 +08:00
|
|
|
#endif
|
|
|
|
|
2019-10-05 04:30:00 +08:00
|
|
|
// from cereal.car.CarParams.SafetyModel
|
2019-11-21 03:56:26 +08:00
|
|
|
#define SAFETY_SILENT 0U
|
2019-12-21 07:51:32 +08:00
|
|
|
#define SAFETY_HONDA_NIDEC 1U
|
2019-10-05 04:30:00 +08:00
|
|
|
#define SAFETY_TOYOTA 2U
|
|
|
|
#define SAFETY_ELM327 3U
|
|
|
|
#define SAFETY_GM 4U
|
2019-12-21 07:51:32 +08:00
|
|
|
#define SAFETY_HONDA_BOSCH_GIRAFFE 5U
|
2019-10-05 04:30:00 +08:00
|
|
|
#define SAFETY_FORD 6U
|
|
|
|
#define SAFETY_HYUNDAI 8U
|
|
|
|
#define SAFETY_CHRYSLER 9U
|
|
|
|
#define SAFETY_TESLA 10U
|
|
|
|
#define SAFETY_SUBARU 11U
|
|
|
|
#define SAFETY_MAZDA 13U
|
2020-02-27 03:11:56 +08:00
|
|
|
#define SAFETY_NISSAN 14U
|
2020-02-20 04:37:38 +08:00
|
|
|
#define SAFETY_VOLKSWAGEN_MQB 15U
|
2019-10-05 04:30:00 +08:00
|
|
|
#define SAFETY_ALLOUTPUT 17U
|
|
|
|
#define SAFETY_GM_ASCM 18U
|
2019-11-21 03:56:26 +08:00
|
|
|
#define SAFETY_NOOUTPUT 19U
|
2021-11-22 06:49:44 +08:00
|
|
|
#define SAFETY_HONDA_BOSCH 20U
|
2020-04-02 03:38:27 +08:00
|
|
|
#define SAFETY_VOLKSWAGEN_PQ 21U
|
2020-02-28 07:28:24 +08:00
|
|
|
#define SAFETY_SUBARU_LEGACY 22U
|
2020-06-13 09:03:31 +08:00
|
|
|
#define SAFETY_HYUNDAI_LEGACY 23U
|
2020-08-10 17:58:06 +08:00
|
|
|
#define SAFETY_HYUNDAI_COMMUNITY 24U
|
2021-11-16 08:19:30 +08:00
|
|
|
#define SAFETY_STELLANTIS 25U
|
2022-04-01 03:02:19 +08:00
|
|
|
#define SAFETY_FAW 26U
|
|
|
|
#define SAFETY_BODY 27U
|
2022-08-12 13:06:54 +08:00
|
|
|
#define SAFETY_HYUNDAI_CANFD 28U
|
2019-10-05 04:30:00 +08:00
|
|
|
|
2019-11-21 03:56:26 +08:00
|
|
|
uint16_t current_safety_mode = SAFETY_SILENT;
|
2022-05-03 04:36:19 +08:00
|
|
|
uint16_t current_safety_param = 0;
|
2017-07-15 12:17:32 +08:00
|
|
|
const safety_hooks *current_hooks = &nooutput_hooks;
|
2021-09-04 02:45:17 +08:00
|
|
|
const addr_checks *current_rx_checks = &default_rx_checks;
|
2017-07-15 12:17:32 +08:00
|
|
|
|
CAN_FIFOMailBox to CANPacket struct + USB dynamic packet size (#739)
* Squashed commits, no cleanup
* Few fixes
* No init = garbage
* Only receive with new canpacket
* Add send with canpacket
* Revert "Add send with canpacket"
This reverts commit 7d06686ddd6d447c714b5289d31af24403d36931.
* Packet must be aligned to word, or bad performance
* Cleaner
* Fix tests
* Tests...
* MISRA 10.4
* More MISRA
* libpandasafety_py
* cffi
* even more tests...
* typo
* ...
* ...
* ...
* Slight cleanup
* MISRA 6.1
* MISRA 17.7
* Bug in bxcan + even style
* MISRA 10.1
* Revert "MISRA 10.1"
This reverts commit 404ae7fcc39556f80f528de9015702e69f4ea0a5.
* ...
* MISRA 10.1 and 10.4 suppress until next PR
* MISRA 20.1
* ...
* test_honda
* ...
* ...
* test_toyota
* test_volkswagen_mqb
* test_volkswagen_pq
* Sketchy thing...
* Revert "Sketchy thing..."
This reverts commit 3b2e5715bdc1954f7b7b3b7469ba3d0eaa06bdf9.
* remove comment
* bxcan extended address bug
* Concept, experimental dynamic usb packet size
* increase each buffer to 10240 bytes
* raise python bulk read/write limits
* ...
* Move packet size to start
* Experimental send, stream-like
* New receive test, stream-like
* cleanup
* cleanup + rebase fixes
* MISRA
* Extra receive method, stream-like, commented out
* type change
* Revert back to buffer for send, stream commented
* forgot ZLP
* lower buffer, add rx failsafe
* ... remove ZLP
* return ZLP back
* Add tx checks to panda fw
* TX stream with counter
* fix counter overflow
* 13 free slots should be enough
* limit tx usb packet
* ...
* Revert max_bulk_msg doubling
* python lib improve speed
* Stream with counter for RX, dirty, needs cleanup
* Increase chunk length to 4096 bytes
* cleanup fdcan.h
* cleanup __init__.py
* MISRA 12.1
* MISRA 10.8
* remove non-streaming usb functions
* more main.c cleanup
* MISRA 15.6
* MISRA 15.5
* MISRA 18.4 and suppress objectIndex
* handling usb pakcets > 63bytes, naming and cleanup
* Cleanup old from tests and update CANPacket_t struct
* Switch to 4 bit DLC instead of 6 bit length
* ops)
* ...
* pylint
* receive python buffer increase
* USB increase receive packet len
* tweak buffers
* No need for so high limits
* MISRA 20.1 workaround
* performance tweaks
* cleanup, dlc to data_len_code naming
* main.c naming
* comments and cleanup for main.c usb
* clean py lib
* pylint
* do not discard good rx messages on stream fail
* cleanups
* naming
* remove bitstruct lib and lower tx limit
* bitstruct lefovers
* fix bug in VW test
* remove adjusting data size and assert on wrong len
* ...
* test new memcpy before merging
* Revert "test new memcpy before merging"
This reverts commit 399465a264835061adabdd785718c4b6fc18c267.
* macros for to/fromuint8_t array
* MISRA hates me!
* tests.c include macros instead
* move CANPacket to can_definitions.h
* vw_pq python test fix
* new memcpy test, REMOVE
* check without alignment
* revert macros for uint8 arrays
* Revert "revert macros for uint8 arrays"
This reverts commit 581a9db735a42d0d68200bd270d87a8fd34e43fe.
* check assert
* Revert "check assert"
This reverts commit 9e970d029a50597a1718b2bb0260196c050fd77f.
* one more variation
* Revert "one more variation"
This reverts commit f6c0528b7ac7e125750dc0d9445c7ce97f6954b5.
* what about read performance
* Revert "what about read performance"
This reverts commit d2610f90958a816fe7f1822157a84f85e97d9249.
* check struct alignment to word
* check for aligned memcpy again
* cleanup
* add CANPacket structure diagram
* update CANPacket and add USB packet struct
* bugfix + refactoring of EP1
* move dlc_to_len to header
* missed include
* typo...
* MISRA
* fk
* lower MAX_CAN_MSGS_PER_BULK_TRANSFER
* bump CAN_PACKET_VERSION to 2
* bump python lib CAN_PACKET_VERSION to 2
* rename parse_can_buffer to unpack_can_buffer
* CANPacket_t const fields
* Revert "CANPacket_t const fields"
This reverts commit cf91c035b7706a14e317550c5f0501ae3fce7c70.
* test.c relative path
* cleanup
* move macros to safety_declarations
* Refactor pack/unpack funcs and add unittest
* usb_protocol.h
* oops
* Update .github/workflows/test.yaml
Co-authored-by: Adeeb Shihadeh <adeebshihadeh@gmail.com>
* remove print from unittest
Co-authored-by: Adeeb Shihadeh <adeebshihadeh@gmail.com>
2021-11-13 08:36:34 +08:00
|
|
|
int safety_rx_hook(CANPacket_t *to_push) {
|
2022-07-14 05:20:00 +08:00
|
|
|
bool controls_allowed_prev = controls_allowed;
|
|
|
|
int ret = current_hooks->rx(to_push);
|
|
|
|
|
|
|
|
// reset mismatches on rising edge of controls_allowed to avoid rare race condition
|
|
|
|
if (controls_allowed && !controls_allowed_prev) {
|
|
|
|
heartbeat_engaged_mismatches = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
2017-07-15 12:17:32 +08:00
|
|
|
}
|
|
|
|
|
CAN_FIFOMailBox to CANPacket struct + USB dynamic packet size (#739)
* Squashed commits, no cleanup
* Few fixes
* No init = garbage
* Only receive with new canpacket
* Add send with canpacket
* Revert "Add send with canpacket"
This reverts commit 7d06686ddd6d447c714b5289d31af24403d36931.
* Packet must be aligned to word, or bad performance
* Cleaner
* Fix tests
* Tests...
* MISRA 10.4
* More MISRA
* libpandasafety_py
* cffi
* even more tests...
* typo
* ...
* ...
* ...
* Slight cleanup
* MISRA 6.1
* MISRA 17.7
* Bug in bxcan + even style
* MISRA 10.1
* Revert "MISRA 10.1"
This reverts commit 404ae7fcc39556f80f528de9015702e69f4ea0a5.
* ...
* MISRA 10.1 and 10.4 suppress until next PR
* MISRA 20.1
* ...
* test_honda
* ...
* ...
* test_toyota
* test_volkswagen_mqb
* test_volkswagen_pq
* Sketchy thing...
* Revert "Sketchy thing..."
This reverts commit 3b2e5715bdc1954f7b7b3b7469ba3d0eaa06bdf9.
* remove comment
* bxcan extended address bug
* Concept, experimental dynamic usb packet size
* increase each buffer to 10240 bytes
* raise python bulk read/write limits
* ...
* Move packet size to start
* Experimental send, stream-like
* New receive test, stream-like
* cleanup
* cleanup + rebase fixes
* MISRA
* Extra receive method, stream-like, commented out
* type change
* Revert back to buffer for send, stream commented
* forgot ZLP
* lower buffer, add rx failsafe
* ... remove ZLP
* return ZLP back
* Add tx checks to panda fw
* TX stream with counter
* fix counter overflow
* 13 free slots should be enough
* limit tx usb packet
* ...
* Revert max_bulk_msg doubling
* python lib improve speed
* Stream with counter for RX, dirty, needs cleanup
* Increase chunk length to 4096 bytes
* cleanup fdcan.h
* cleanup __init__.py
* MISRA 12.1
* MISRA 10.8
* remove non-streaming usb functions
* more main.c cleanup
* MISRA 15.6
* MISRA 15.5
* MISRA 18.4 and suppress objectIndex
* handling usb pakcets > 63bytes, naming and cleanup
* Cleanup old from tests and update CANPacket_t struct
* Switch to 4 bit DLC instead of 6 bit length
* ops)
* ...
* pylint
* receive python buffer increase
* USB increase receive packet len
* tweak buffers
* No need for so high limits
* MISRA 20.1 workaround
* performance tweaks
* cleanup, dlc to data_len_code naming
* main.c naming
* comments and cleanup for main.c usb
* clean py lib
* pylint
* do not discard good rx messages on stream fail
* cleanups
* naming
* remove bitstruct lib and lower tx limit
* bitstruct lefovers
* fix bug in VW test
* remove adjusting data size and assert on wrong len
* ...
* test new memcpy before merging
* Revert "test new memcpy before merging"
This reverts commit 399465a264835061adabdd785718c4b6fc18c267.
* macros for to/fromuint8_t array
* MISRA hates me!
* tests.c include macros instead
* move CANPacket to can_definitions.h
* vw_pq python test fix
* new memcpy test, REMOVE
* check without alignment
* revert macros for uint8 arrays
* Revert "revert macros for uint8 arrays"
This reverts commit 581a9db735a42d0d68200bd270d87a8fd34e43fe.
* check assert
* Revert "check assert"
This reverts commit 9e970d029a50597a1718b2bb0260196c050fd77f.
* one more variation
* Revert "one more variation"
This reverts commit f6c0528b7ac7e125750dc0d9445c7ce97f6954b5.
* what about read performance
* Revert "what about read performance"
This reverts commit d2610f90958a816fe7f1822157a84f85e97d9249.
* check struct alignment to word
* check for aligned memcpy again
* cleanup
* add CANPacket structure diagram
* update CANPacket and add USB packet struct
* bugfix + refactoring of EP1
* move dlc_to_len to header
* missed include
* typo...
* MISRA
* fk
* lower MAX_CAN_MSGS_PER_BULK_TRANSFER
* bump CAN_PACKET_VERSION to 2
* bump python lib CAN_PACKET_VERSION to 2
* rename parse_can_buffer to unpack_can_buffer
* CANPacket_t const fields
* Revert "CANPacket_t const fields"
This reverts commit cf91c035b7706a14e317550c5f0501ae3fce7c70.
* test.c relative path
* cleanup
* move macros to safety_declarations
* Refactor pack/unpack funcs and add unittest
* usb_protocol.h
* oops
* Update .github/workflows/test.yaml
Co-authored-by: Adeeb Shihadeh <adeebshihadeh@gmail.com>
* remove print from unittest
Co-authored-by: Adeeb Shihadeh <adeebshihadeh@gmail.com>
2021-11-13 08:36:34 +08:00
|
|
|
int safety_tx_hook(CANPacket_t *to_send) {
|
2022-12-01 14:09:13 +08:00
|
|
|
return (relay_malfunction ? -1 : current_hooks->tx(to_send));
|
2017-07-15 12:17:32 +08:00
|
|
|
}
|
|
|
|
|
2021-09-04 02:45:17 +08:00
|
|
|
int safety_tx_lin_hook(int lin_num, uint8_t *data, int len) {
|
2017-07-21 14:36:06 +08:00
|
|
|
return current_hooks->tx_lin(lin_num, data, len);
|
2017-07-15 12:17:32 +08:00
|
|
|
}
|
|
|
|
|
2023-04-09 07:45:59 +08:00
|
|
|
int safety_fwd_hook(int bus_num, int addr) {
|
|
|
|
return (relay_malfunction ? -1 : current_hooks->fwd(bus_num, addr));
|
2018-02-28 15:27:47 +08:00
|
|
|
}
|
|
|
|
|
2022-04-02 10:54:40 +08:00
|
|
|
bool get_longitudinal_allowed(void) {
|
|
|
|
return controls_allowed && !gas_pressed_prev;
|
|
|
|
}
|
|
|
|
|
2020-02-21 05:57:07 +08:00
|
|
|
// Given a CRC-8 poly, generate a static lookup table to use with a fast CRC-8
|
|
|
|
// algorithm. Called at init time for safety modes using CRC-8.
|
2022-05-20 06:59:58 +08:00
|
|
|
void gen_crc_lookup_table_8(uint8_t poly, uint8_t crc_lut[]) {
|
2020-02-21 05:57:07 +08:00
|
|
|
for (int i = 0; i < 256; i++) {
|
|
|
|
uint8_t crc = i;
|
|
|
|
for (int j = 0; j < 8; j++) {
|
2022-05-20 06:59:58 +08:00
|
|
|
if ((crc & 0x80U) != 0U) {
|
2020-02-21 05:57:07 +08:00
|
|
|
crc = (uint8_t)((crc << 1) ^ poly);
|
2022-05-20 06:59:58 +08:00
|
|
|
} else {
|
2020-02-21 05:57:07 +08:00
|
|
|
crc <<= 1;
|
2022-05-20 06:59:58 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
crc_lut[i] = crc;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void gen_crc_lookup_table_16(uint16_t poly, uint16_t crc_lut[]) {
|
|
|
|
for (uint16_t i = 0; i < 256U; i++) {
|
|
|
|
uint16_t crc = i << 8U;
|
|
|
|
for (uint16_t j = 0; j < 8U; j++) {
|
|
|
|
if ((crc & 0x8000U) != 0U) {
|
|
|
|
crc = (uint16_t)((crc << 1) ^ poly);
|
|
|
|
} else {
|
|
|
|
crc <<= 1;
|
|
|
|
}
|
2020-02-21 05:57:07 +08:00
|
|
|
}
|
|
|
|
crc_lut[i] = crc;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
CAN_FIFOMailBox to CANPacket struct + USB dynamic packet size (#739)
* Squashed commits, no cleanup
* Few fixes
* No init = garbage
* Only receive with new canpacket
* Add send with canpacket
* Revert "Add send with canpacket"
This reverts commit 7d06686ddd6d447c714b5289d31af24403d36931.
* Packet must be aligned to word, or bad performance
* Cleaner
* Fix tests
* Tests...
* MISRA 10.4
* More MISRA
* libpandasafety_py
* cffi
* even more tests...
* typo
* ...
* ...
* ...
* Slight cleanup
* MISRA 6.1
* MISRA 17.7
* Bug in bxcan + even style
* MISRA 10.1
* Revert "MISRA 10.1"
This reverts commit 404ae7fcc39556f80f528de9015702e69f4ea0a5.
* ...
* MISRA 10.1 and 10.4 suppress until next PR
* MISRA 20.1
* ...
* test_honda
* ...
* ...
* test_toyota
* test_volkswagen_mqb
* test_volkswagen_pq
* Sketchy thing...
* Revert "Sketchy thing..."
This reverts commit 3b2e5715bdc1954f7b7b3b7469ba3d0eaa06bdf9.
* remove comment
* bxcan extended address bug
* Concept, experimental dynamic usb packet size
* increase each buffer to 10240 bytes
* raise python bulk read/write limits
* ...
* Move packet size to start
* Experimental send, stream-like
* New receive test, stream-like
* cleanup
* cleanup + rebase fixes
* MISRA
* Extra receive method, stream-like, commented out
* type change
* Revert back to buffer for send, stream commented
* forgot ZLP
* lower buffer, add rx failsafe
* ... remove ZLP
* return ZLP back
* Add tx checks to panda fw
* TX stream with counter
* fix counter overflow
* 13 free slots should be enough
* limit tx usb packet
* ...
* Revert max_bulk_msg doubling
* python lib improve speed
* Stream with counter for RX, dirty, needs cleanup
* Increase chunk length to 4096 bytes
* cleanup fdcan.h
* cleanup __init__.py
* MISRA 12.1
* MISRA 10.8
* remove non-streaming usb functions
* more main.c cleanup
* MISRA 15.6
* MISRA 15.5
* MISRA 18.4 and suppress objectIndex
* handling usb pakcets > 63bytes, naming and cleanup
* Cleanup old from tests and update CANPacket_t struct
* Switch to 4 bit DLC instead of 6 bit length
* ops)
* ...
* pylint
* receive python buffer increase
* USB increase receive packet len
* tweak buffers
* No need for so high limits
* MISRA 20.1 workaround
* performance tweaks
* cleanup, dlc to data_len_code naming
* main.c naming
* comments and cleanup for main.c usb
* clean py lib
* pylint
* do not discard good rx messages on stream fail
* cleanups
* naming
* remove bitstruct lib and lower tx limit
* bitstruct lefovers
* fix bug in VW test
* remove adjusting data size and assert on wrong len
* ...
* test new memcpy before merging
* Revert "test new memcpy before merging"
This reverts commit 399465a264835061adabdd785718c4b6fc18c267.
* macros for to/fromuint8_t array
* MISRA hates me!
* tests.c include macros instead
* move CANPacket to can_definitions.h
* vw_pq python test fix
* new memcpy test, REMOVE
* check without alignment
* revert macros for uint8 arrays
* Revert "revert macros for uint8 arrays"
This reverts commit 581a9db735a42d0d68200bd270d87a8fd34e43fe.
* check assert
* Revert "check assert"
This reverts commit 9e970d029a50597a1718b2bb0260196c050fd77f.
* one more variation
* Revert "one more variation"
This reverts commit f6c0528b7ac7e125750dc0d9445c7ce97f6954b5.
* what about read performance
* Revert "what about read performance"
This reverts commit d2610f90958a816fe7f1822157a84f85e97d9249.
* check struct alignment to word
* check for aligned memcpy again
* cleanup
* add CANPacket structure diagram
* update CANPacket and add USB packet struct
* bugfix + refactoring of EP1
* move dlc_to_len to header
* missed include
* typo...
* MISRA
* fk
* lower MAX_CAN_MSGS_PER_BULK_TRANSFER
* bump CAN_PACKET_VERSION to 2
* bump python lib CAN_PACKET_VERSION to 2
* rename parse_can_buffer to unpack_can_buffer
* CANPacket_t const fields
* Revert "CANPacket_t const fields"
This reverts commit cf91c035b7706a14e317550c5f0501ae3fce7c70.
* test.c relative path
* cleanup
* move macros to safety_declarations
* Refactor pack/unpack funcs and add unittest
* usb_protocol.h
* oops
* Update .github/workflows/test.yaml
Co-authored-by: Adeeb Shihadeh <adeebshihadeh@gmail.com>
* remove print from unittest
Co-authored-by: Adeeb Shihadeh <adeebshihadeh@gmail.com>
2021-11-13 08:36:34 +08:00
|
|
|
bool msg_allowed(CANPacket_t *to_send, const CanMsg msg_list[], int len) {
|
2020-05-12 03:58:33 +08:00
|
|
|
int addr = GET_ADDR(to_send);
|
|
|
|
int bus = GET_BUS(to_send);
|
|
|
|
int length = GET_LEN(to_send);
|
|
|
|
|
2019-11-17 16:24:19 +08:00
|
|
|
bool allowed = false;
|
|
|
|
for (int i = 0; i < len; i++) {
|
2020-05-12 03:58:33 +08:00
|
|
|
if ((addr == msg_list[i].addr) && (bus == msg_list[i].bus) && (length == msg_list[i].len)) {
|
2019-11-17 16:24:19 +08:00
|
|
|
allowed = true;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return allowed;
|
|
|
|
}
|
|
|
|
|
CAN_FIFOMailBox to CANPacket struct + USB dynamic packet size (#739)
* Squashed commits, no cleanup
* Few fixes
* No init = garbage
* Only receive with new canpacket
* Add send with canpacket
* Revert "Add send with canpacket"
This reverts commit 7d06686ddd6d447c714b5289d31af24403d36931.
* Packet must be aligned to word, or bad performance
* Cleaner
* Fix tests
* Tests...
* MISRA 10.4
* More MISRA
* libpandasafety_py
* cffi
* even more tests...
* typo
* ...
* ...
* ...
* Slight cleanup
* MISRA 6.1
* MISRA 17.7
* Bug in bxcan + even style
* MISRA 10.1
* Revert "MISRA 10.1"
This reverts commit 404ae7fcc39556f80f528de9015702e69f4ea0a5.
* ...
* MISRA 10.1 and 10.4 suppress until next PR
* MISRA 20.1
* ...
* test_honda
* ...
* ...
* test_toyota
* test_volkswagen_mqb
* test_volkswagen_pq
* Sketchy thing...
* Revert "Sketchy thing..."
This reverts commit 3b2e5715bdc1954f7b7b3b7469ba3d0eaa06bdf9.
* remove comment
* bxcan extended address bug
* Concept, experimental dynamic usb packet size
* increase each buffer to 10240 bytes
* raise python bulk read/write limits
* ...
* Move packet size to start
* Experimental send, stream-like
* New receive test, stream-like
* cleanup
* cleanup + rebase fixes
* MISRA
* Extra receive method, stream-like, commented out
* type change
* Revert back to buffer for send, stream commented
* forgot ZLP
* lower buffer, add rx failsafe
* ... remove ZLP
* return ZLP back
* Add tx checks to panda fw
* TX stream with counter
* fix counter overflow
* 13 free slots should be enough
* limit tx usb packet
* ...
* Revert max_bulk_msg doubling
* python lib improve speed
* Stream with counter for RX, dirty, needs cleanup
* Increase chunk length to 4096 bytes
* cleanup fdcan.h
* cleanup __init__.py
* MISRA 12.1
* MISRA 10.8
* remove non-streaming usb functions
* more main.c cleanup
* MISRA 15.6
* MISRA 15.5
* MISRA 18.4 and suppress objectIndex
* handling usb pakcets > 63bytes, naming and cleanup
* Cleanup old from tests and update CANPacket_t struct
* Switch to 4 bit DLC instead of 6 bit length
* ops)
* ...
* pylint
* receive python buffer increase
* USB increase receive packet len
* tweak buffers
* No need for so high limits
* MISRA 20.1 workaround
* performance tweaks
* cleanup, dlc to data_len_code naming
* main.c naming
* comments and cleanup for main.c usb
* clean py lib
* pylint
* do not discard good rx messages on stream fail
* cleanups
* naming
* remove bitstruct lib and lower tx limit
* bitstruct lefovers
* fix bug in VW test
* remove adjusting data size and assert on wrong len
* ...
* test new memcpy before merging
* Revert "test new memcpy before merging"
This reverts commit 399465a264835061adabdd785718c4b6fc18c267.
* macros for to/fromuint8_t array
* MISRA hates me!
* tests.c include macros instead
* move CANPacket to can_definitions.h
* vw_pq python test fix
* new memcpy test, REMOVE
* check without alignment
* revert macros for uint8 arrays
* Revert "revert macros for uint8 arrays"
This reverts commit 581a9db735a42d0d68200bd270d87a8fd34e43fe.
* check assert
* Revert "check assert"
This reverts commit 9e970d029a50597a1718b2bb0260196c050fd77f.
* one more variation
* Revert "one more variation"
This reverts commit f6c0528b7ac7e125750dc0d9445c7ce97f6954b5.
* what about read performance
* Revert "what about read performance"
This reverts commit d2610f90958a816fe7f1822157a84f85e97d9249.
* check struct alignment to word
* check for aligned memcpy again
* cleanup
* add CANPacket structure diagram
* update CANPacket and add USB packet struct
* bugfix + refactoring of EP1
* move dlc_to_len to header
* missed include
* typo...
* MISRA
* fk
* lower MAX_CAN_MSGS_PER_BULK_TRANSFER
* bump CAN_PACKET_VERSION to 2
* bump python lib CAN_PACKET_VERSION to 2
* rename parse_can_buffer to unpack_can_buffer
* CANPacket_t const fields
* Revert "CANPacket_t const fields"
This reverts commit cf91c035b7706a14e317550c5f0501ae3fce7c70.
* test.c relative path
* cleanup
* move macros to safety_declarations
* Refactor pack/unpack funcs and add unittest
* usb_protocol.h
* oops
* Update .github/workflows/test.yaml
Co-authored-by: Adeeb Shihadeh <adeebshihadeh@gmail.com>
* remove print from unittest
Co-authored-by: Adeeb Shihadeh <adeebshihadeh@gmail.com>
2021-11-13 08:36:34 +08:00
|
|
|
int get_addr_check_index(CANPacket_t *to_push, AddrCheckStruct addr_list[], const int len) {
|
2019-12-21 17:25:54 +08:00
|
|
|
int bus = GET_BUS(to_push);
|
|
|
|
int addr = GET_ADDR(to_push);
|
2020-05-12 03:58:33 +08:00
|
|
|
int length = GET_LEN(to_push);
|
2019-12-21 17:25:54 +08:00
|
|
|
|
|
|
|
int index = -1;
|
|
|
|
for (int i = 0; i < len; i++) {
|
2020-05-27 02:24:33 +08:00
|
|
|
// if multiple msgs are allowed, determine which one is present on the bus
|
|
|
|
if (!addr_list[i].msg_seen) {
|
2023-04-27 10:43:30 +08:00
|
|
|
for (uint8_t j = 0U; (j < MAX_ADDR_CHECK_MSGS) && (addr_list[i].msg[j].addr != 0); j++) {
|
2020-05-27 02:24:33 +08:00
|
|
|
if ((addr == addr_list[i].msg[j].addr) && (bus == addr_list[i].msg[j].bus) &&
|
|
|
|
(length == addr_list[i].msg[j].len)) {
|
|
|
|
addr_list[i].index = j;
|
|
|
|
addr_list[i].msg_seen = true;
|
|
|
|
break;
|
|
|
|
}
|
2019-12-21 17:25:54 +08:00
|
|
|
}
|
|
|
|
}
|
2020-05-27 02:24:33 +08:00
|
|
|
|
2023-04-27 12:15:55 +08:00
|
|
|
if (addr_list[i].msg_seen) {
|
|
|
|
int idx = addr_list[i].index;
|
|
|
|
if ((addr == addr_list[i].msg[idx].addr) && (bus == addr_list[i].msg[idx].bus) &&
|
|
|
|
(length == addr_list[i].msg[idx].len)) {
|
|
|
|
index = i;
|
|
|
|
break;
|
|
|
|
}
|
2020-05-27 02:24:33 +08:00
|
|
|
}
|
2019-12-21 17:25:54 +08:00
|
|
|
}
|
|
|
|
return index;
|
|
|
|
}
|
|
|
|
|
|
|
|
// 1Hz safety function called by main. Now just a check for lagging safety messages
|
2021-09-04 02:45:17 +08:00
|
|
|
void safety_tick(const addr_checks *rx_checks) {
|
2022-10-04 07:05:16 +08:00
|
|
|
bool rx_checks_invalid = false;
|
2021-07-15 01:59:28 +08:00
|
|
|
uint32_t ts = microsecond_timer_get();
|
2021-09-04 02:45:17 +08:00
|
|
|
if (rx_checks != NULL) {
|
|
|
|
for (int i=0; i < rx_checks->len; i++) {
|
|
|
|
uint32_t elapsed_time = get_ts_elapsed(ts, rx_checks->check[i].last_timestamp);
|
2019-12-21 17:25:54 +08:00
|
|
|
// lag threshold is max of: 1s and MAX_MISSED_MSGS * expected timestep.
|
|
|
|
// Quite conservative to not risk false triggers.
|
|
|
|
// 2s of lag is worse case, since the function is called at 1Hz
|
2021-09-04 02:45:17 +08:00
|
|
|
bool lagging = elapsed_time > MAX(rx_checks->check[i].msg[rx_checks->check[i].index].expected_timestep * MAX_MISSED_MSGS, 1e6);
|
|
|
|
rx_checks->check[i].lagging = lagging;
|
2019-12-21 17:25:54 +08:00
|
|
|
if (lagging) {
|
|
|
|
controls_allowed = 0;
|
|
|
|
}
|
2022-10-04 07:05:16 +08:00
|
|
|
|
|
|
|
if (lagging || !is_msg_valid(rx_checks->check, i)) {
|
|
|
|
rx_checks_invalid = true;
|
|
|
|
}
|
2019-12-21 17:25:54 +08:00
|
|
|
}
|
|
|
|
}
|
2022-10-04 07:05:16 +08:00
|
|
|
|
|
|
|
safety_rx_checks_invalid = rx_checks_invalid;
|
2019-12-21 17:25:54 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
void update_counter(AddrCheckStruct addr_list[], int index, uint8_t counter) {
|
|
|
|
if (index != -1) {
|
2020-05-27 02:24:33 +08:00
|
|
|
uint8_t expected_counter = (addr_list[index].last_counter + 1U) % (addr_list[index].msg[addr_list[index].index].max_counter + 1U);
|
2019-12-21 17:25:54 +08:00
|
|
|
addr_list[index].wrong_counters += (expected_counter == counter) ? -1 : 1;
|
|
|
|
addr_list[index].wrong_counters = MAX(MIN(addr_list[index].wrong_counters, MAX_WRONG_COUNTERS), 0);
|
|
|
|
addr_list[index].last_counter = counter;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
bool is_msg_valid(AddrCheckStruct addr_list[], int index) {
|
|
|
|
bool valid = true;
|
|
|
|
if (index != -1) {
|
2023-02-25 14:54:51 +08:00
|
|
|
if (!addr_list[index].valid_checksum || !addr_list[index].valid_quality_flag || (addr_list[index].wrong_counters >= MAX_WRONG_COUNTERS)) {
|
2019-12-21 17:25:54 +08:00
|
|
|
valid = false;
|
|
|
|
controls_allowed = 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return valid;
|
|
|
|
}
|
|
|
|
|
|
|
|
void update_addr_timestamp(AddrCheckStruct addr_list[], int index) {
|
|
|
|
if (index != -1) {
|
2021-07-15 01:59:28 +08:00
|
|
|
uint32_t ts = microsecond_timer_get();
|
2019-12-21 17:25:54 +08:00
|
|
|
addr_list[index].last_timestamp = ts;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
CAN_FIFOMailBox to CANPacket struct + USB dynamic packet size (#739)
* Squashed commits, no cleanup
* Few fixes
* No init = garbage
* Only receive with new canpacket
* Add send with canpacket
* Revert "Add send with canpacket"
This reverts commit 7d06686ddd6d447c714b5289d31af24403d36931.
* Packet must be aligned to word, or bad performance
* Cleaner
* Fix tests
* Tests...
* MISRA 10.4
* More MISRA
* libpandasafety_py
* cffi
* even more tests...
* typo
* ...
* ...
* ...
* Slight cleanup
* MISRA 6.1
* MISRA 17.7
* Bug in bxcan + even style
* MISRA 10.1
* Revert "MISRA 10.1"
This reverts commit 404ae7fcc39556f80f528de9015702e69f4ea0a5.
* ...
* MISRA 10.1 and 10.4 suppress until next PR
* MISRA 20.1
* ...
* test_honda
* ...
* ...
* test_toyota
* test_volkswagen_mqb
* test_volkswagen_pq
* Sketchy thing...
* Revert "Sketchy thing..."
This reverts commit 3b2e5715bdc1954f7b7b3b7469ba3d0eaa06bdf9.
* remove comment
* bxcan extended address bug
* Concept, experimental dynamic usb packet size
* increase each buffer to 10240 bytes
* raise python bulk read/write limits
* ...
* Move packet size to start
* Experimental send, stream-like
* New receive test, stream-like
* cleanup
* cleanup + rebase fixes
* MISRA
* Extra receive method, stream-like, commented out
* type change
* Revert back to buffer for send, stream commented
* forgot ZLP
* lower buffer, add rx failsafe
* ... remove ZLP
* return ZLP back
* Add tx checks to panda fw
* TX stream with counter
* fix counter overflow
* 13 free slots should be enough
* limit tx usb packet
* ...
* Revert max_bulk_msg doubling
* python lib improve speed
* Stream with counter for RX, dirty, needs cleanup
* Increase chunk length to 4096 bytes
* cleanup fdcan.h
* cleanup __init__.py
* MISRA 12.1
* MISRA 10.8
* remove non-streaming usb functions
* more main.c cleanup
* MISRA 15.6
* MISRA 15.5
* MISRA 18.4 and suppress objectIndex
* handling usb pakcets > 63bytes, naming and cleanup
* Cleanup old from tests and update CANPacket_t struct
* Switch to 4 bit DLC instead of 6 bit length
* ops)
* ...
* pylint
* receive python buffer increase
* USB increase receive packet len
* tweak buffers
* No need for so high limits
* MISRA 20.1 workaround
* performance tweaks
* cleanup, dlc to data_len_code naming
* main.c naming
* comments and cleanup for main.c usb
* clean py lib
* pylint
* do not discard good rx messages on stream fail
* cleanups
* naming
* remove bitstruct lib and lower tx limit
* bitstruct lefovers
* fix bug in VW test
* remove adjusting data size and assert on wrong len
* ...
* test new memcpy before merging
* Revert "test new memcpy before merging"
This reverts commit 399465a264835061adabdd785718c4b6fc18c267.
* macros for to/fromuint8_t array
* MISRA hates me!
* tests.c include macros instead
* move CANPacket to can_definitions.h
* vw_pq python test fix
* new memcpy test, REMOVE
* check without alignment
* revert macros for uint8 arrays
* Revert "revert macros for uint8 arrays"
This reverts commit 581a9db735a42d0d68200bd270d87a8fd34e43fe.
* check assert
* Revert "check assert"
This reverts commit 9e970d029a50597a1718b2bb0260196c050fd77f.
* one more variation
* Revert "one more variation"
This reverts commit f6c0528b7ac7e125750dc0d9445c7ce97f6954b5.
* what about read performance
* Revert "what about read performance"
This reverts commit d2610f90958a816fe7f1822157a84f85e97d9249.
* check struct alignment to word
* check for aligned memcpy again
* cleanup
* add CANPacket structure diagram
* update CANPacket and add USB packet struct
* bugfix + refactoring of EP1
* move dlc_to_len to header
* missed include
* typo...
* MISRA
* fk
* lower MAX_CAN_MSGS_PER_BULK_TRANSFER
* bump CAN_PACKET_VERSION to 2
* bump python lib CAN_PACKET_VERSION to 2
* rename parse_can_buffer to unpack_can_buffer
* CANPacket_t const fields
* Revert "CANPacket_t const fields"
This reverts commit cf91c035b7706a14e317550c5f0501ae3fce7c70.
* test.c relative path
* cleanup
* move macros to safety_declarations
* Refactor pack/unpack funcs and add unittest
* usb_protocol.h
* oops
* Update .github/workflows/test.yaml
Co-authored-by: Adeeb Shihadeh <adeebshihadeh@gmail.com>
* remove print from unittest
Co-authored-by: Adeeb Shihadeh <adeebshihadeh@gmail.com>
2021-11-13 08:36:34 +08:00
|
|
|
bool addr_safety_check(CANPacket_t *to_push,
|
2021-09-04 02:45:17 +08:00
|
|
|
const addr_checks *rx_checks,
|
2022-05-16 14:46:04 +08:00
|
|
|
uint32_t (*get_checksum)(CANPacket_t *to_push),
|
|
|
|
uint32_t (*compute_checksum)(CANPacket_t *to_push),
|
2023-02-25 14:54:51 +08:00
|
|
|
uint8_t (*get_counter)(CANPacket_t *to_push),
|
|
|
|
bool (*get_quality_flag_valid)(CANPacket_t *to_push)) {
|
2019-12-21 17:25:54 +08:00
|
|
|
|
2021-09-04 02:45:17 +08:00
|
|
|
int index = get_addr_check_index(to_push, rx_checks->check, rx_checks->len);
|
|
|
|
update_addr_timestamp(rx_checks->check, index);
|
2019-12-21 17:25:54 +08:00
|
|
|
|
|
|
|
if (index != -1) {
|
|
|
|
// checksum check
|
2021-09-04 02:45:17 +08:00
|
|
|
if ((get_checksum != NULL) && (compute_checksum != NULL) && rx_checks->check[index].msg[rx_checks->check[index].index].check_checksum) {
|
2022-05-16 14:46:04 +08:00
|
|
|
uint32_t checksum = get_checksum(to_push);
|
|
|
|
uint32_t checksum_comp = compute_checksum(to_push);
|
2021-09-04 02:45:17 +08:00
|
|
|
rx_checks->check[index].valid_checksum = checksum_comp == checksum;
|
2020-01-19 05:26:34 +08:00
|
|
|
} else {
|
2021-09-04 02:45:17 +08:00
|
|
|
rx_checks->check[index].valid_checksum = true;
|
2019-12-21 17:25:54 +08:00
|
|
|
}
|
|
|
|
|
2020-01-19 05:26:34 +08:00
|
|
|
// counter check (max_counter == 0 means skip check)
|
2021-09-04 02:45:17 +08:00
|
|
|
if ((get_counter != NULL) && (rx_checks->check[index].msg[rx_checks->check[index].index].max_counter > 0U)) {
|
2020-01-19 05:26:34 +08:00
|
|
|
uint8_t counter = get_counter(to_push);
|
2021-09-04 02:45:17 +08:00
|
|
|
update_counter(rx_checks->check, index, counter);
|
2020-01-19 05:26:34 +08:00
|
|
|
} else {
|
2021-09-04 02:45:17 +08:00
|
|
|
rx_checks->check[index].wrong_counters = 0U;
|
2019-12-21 17:25:54 +08:00
|
|
|
}
|
2023-02-25 14:54:51 +08:00
|
|
|
|
2023-03-02 11:17:40 +08:00
|
|
|
// quality flag check
|
2023-02-25 14:54:51 +08:00
|
|
|
if ((get_quality_flag_valid != NULL) && rx_checks->check[index].msg[rx_checks->check[index].index].quality_flag) {
|
|
|
|
rx_checks->check[index].valid_quality_flag = get_quality_flag_valid(to_push);
|
|
|
|
} else {
|
|
|
|
rx_checks->check[index].valid_quality_flag = true;
|
|
|
|
}
|
2019-12-21 17:25:54 +08:00
|
|
|
}
|
2021-09-04 02:45:17 +08:00
|
|
|
return is_msg_valid(rx_checks->check, index);
|
2019-12-21 17:25:54 +08:00
|
|
|
}
|
|
|
|
|
2020-06-16 17:01:00 +08:00
|
|
|
void generic_rx_checks(bool stock_ecu_detected) {
|
|
|
|
// exit controls on rising edge of gas press
|
2022-03-25 05:31:31 +08:00
|
|
|
if (gas_pressed && !gas_pressed_prev && !(alternative_experience & ALT_EXP_DISABLE_DISENGAGE_ON_GAS)) {
|
2020-06-16 17:01:00 +08:00
|
|
|
controls_allowed = 0;
|
|
|
|
}
|
|
|
|
gas_pressed_prev = gas_pressed;
|
|
|
|
|
|
|
|
// exit controls on rising edge of brake press
|
|
|
|
if (brake_pressed && (!brake_pressed_prev || vehicle_moving)) {
|
|
|
|
controls_allowed = 0;
|
|
|
|
}
|
|
|
|
brake_pressed_prev = brake_pressed;
|
|
|
|
|
2022-09-13 12:32:06 +08:00
|
|
|
// exit controls on rising edge of regen paddle
|
|
|
|
if (regen_braking && (!regen_braking_prev || vehicle_moving)) {
|
|
|
|
controls_allowed = 0;
|
|
|
|
}
|
|
|
|
regen_braking_prev = regen_braking;
|
|
|
|
|
2020-06-16 17:01:00 +08:00
|
|
|
// check if stock ECU is on bus broken by car harness
|
|
|
|
if ((safety_mode_cnt > RELAY_TRNS_TIMEOUT) && stock_ecu_detected) {
|
|
|
|
relay_malfunction_set();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-04-10 06:53:46 +08:00
|
|
|
void relay_malfunction_set(void) {
|
|
|
|
relay_malfunction = true;
|
|
|
|
fault_occurred(FAULT_RELAY_MALFUNCTION);
|
|
|
|
}
|
|
|
|
|
|
|
|
void relay_malfunction_reset(void) {
|
|
|
|
relay_malfunction = false;
|
|
|
|
fault_recovered(FAULT_RELAY_MALFUNCTION);
|
|
|
|
}
|
2019-12-21 17:25:54 +08:00
|
|
|
|
2017-07-15 12:17:32 +08:00
|
|
|
typedef struct {
|
|
|
|
uint16_t id;
|
|
|
|
const safety_hooks *hooks;
|
|
|
|
} safety_hook_config;
|
|
|
|
|
|
|
|
const safety_hook_config safety_hook_registry[] = {
|
2019-11-21 03:56:26 +08:00
|
|
|
{SAFETY_SILENT, &nooutput_hooks},
|
2019-12-21 07:51:32 +08:00
|
|
|
{SAFETY_HONDA_NIDEC, &honda_nidec_hooks},
|
2017-08-25 13:31:34 +08:00
|
|
|
{SAFETY_TOYOTA, &toyota_hooks},
|
2019-10-03 09:20:32 +08:00
|
|
|
{SAFETY_ELM327, &elm327_hooks},
|
2018-05-03 13:45:23 +08:00
|
|
|
{SAFETY_GM, &gm_hooks},
|
2021-11-22 06:49:44 +08:00
|
|
|
{SAFETY_HONDA_BOSCH, &honda_bosch_hooks},
|
2018-08-18 12:31:00 +08:00
|
|
|
{SAFETY_HYUNDAI, &hyundai_hooks},
|
2018-11-07 04:28:33 +08:00
|
|
|
{SAFETY_CHRYSLER, &chrysler_hooks},
|
2019-01-29 13:42:06 +08:00
|
|
|
{SAFETY_SUBARU, &subaru_hooks},
|
2020-02-20 04:37:38 +08:00
|
|
|
{SAFETY_VOLKSWAGEN_MQB, &volkswagen_mqb_hooks},
|
2020-05-12 14:41:43 +08:00
|
|
|
{SAFETY_NISSAN, &nissan_hooks},
|
2019-11-21 03:56:26 +08:00
|
|
|
{SAFETY_NOOUTPUT, &nooutput_hooks},
|
2020-06-13 09:03:31 +08:00
|
|
|
{SAFETY_HYUNDAI_LEGACY, &hyundai_legacy_hooks},
|
2021-10-31 06:42:02 +08:00
|
|
|
{SAFETY_MAZDA, &mazda_hooks},
|
2022-04-01 03:02:19 +08:00
|
|
|
{SAFETY_BODY, &body_hooks},
|
2022-05-20 06:59:58 +08:00
|
|
|
#ifdef CANFD
|
2022-08-12 13:06:54 +08:00
|
|
|
{SAFETY_HYUNDAI_CANFD, &hyundai_canfd_hooks},
|
2022-05-20 06:59:58 +08:00
|
|
|
#endif
|
2019-11-16 04:20:15 +08:00
|
|
|
#ifdef ALLOW_DEBUG
|
2021-07-14 22:51:48 +08:00
|
|
|
{SAFETY_TESLA, &tesla_hooks},
|
2020-06-12 06:31:52 +08:00
|
|
|
{SAFETY_SUBARU_LEGACY, &subaru_legacy_hooks},
|
|
|
|
{SAFETY_VOLKSWAGEN_PQ, &volkswagen_pq_hooks},
|
2017-07-18 01:48:16 +08:00
|
|
|
{SAFETY_ALLOUTPUT, &alloutput_hooks},
|
2019-11-16 04:20:15 +08:00
|
|
|
{SAFETY_FORD, &ford_hooks},
|
|
|
|
#endif
|
2017-07-15 12:17:32 +08:00
|
|
|
};
|
|
|
|
|
2022-05-03 04:36:19 +08:00
|
|
|
int set_safety_hooks(uint16_t mode, uint16_t param) {
|
2020-05-27 05:23:39 +08:00
|
|
|
// reset state set by safety mode
|
|
|
|
safety_mode_cnt = 0U;
|
|
|
|
relay_malfunction = false;
|
|
|
|
gas_interceptor_detected = false;
|
|
|
|
gas_interceptor_prev = 0;
|
2020-06-16 17:01:00 +08:00
|
|
|
gas_pressed = false;
|
2020-05-27 05:23:39 +08:00
|
|
|
gas_pressed_prev = false;
|
2020-06-16 17:01:00 +08:00
|
|
|
brake_pressed = false;
|
2020-05-27 05:23:39 +08:00
|
|
|
brake_pressed_prev = false;
|
2022-09-13 12:32:06 +08:00
|
|
|
regen_braking = false;
|
|
|
|
regen_braking_prev = false;
|
2020-05-27 05:23:39 +08:00
|
|
|
cruise_engaged_prev = false;
|
|
|
|
vehicle_speed = 0;
|
|
|
|
vehicle_moving = false;
|
2021-11-20 06:39:44 +08:00
|
|
|
acc_main_on = false;
|
2022-03-17 01:37:48 +08:00
|
|
|
cruise_button_prev = 0;
|
2020-05-27 05:23:39 +08:00
|
|
|
desired_torque_last = 0;
|
|
|
|
rt_torque_last = 0;
|
|
|
|
ts_angle_last = 0;
|
|
|
|
desired_angle_last = 0;
|
2022-09-07 10:12:06 +08:00
|
|
|
ts_torque_check_last = 0;
|
|
|
|
ts_steer_req_mismatch_last = 0;
|
|
|
|
valid_steer_req_count = 0;
|
2022-10-12 04:20:24 +08:00
|
|
|
invalid_steer_req_count = 0;
|
2020-05-27 05:23:39 +08:00
|
|
|
|
|
|
|
torque_meas.max = 0;
|
|
|
|
torque_meas.max = 0;
|
|
|
|
torque_driver.min = 0;
|
|
|
|
torque_driver.max = 0;
|
|
|
|
angle_meas.min = 0;
|
|
|
|
angle_meas.max = 0;
|
|
|
|
|
2022-05-20 05:03:43 +08:00
|
|
|
controls_allowed = false;
|
|
|
|
relay_malfunction_reset();
|
2022-10-04 07:05:16 +08:00
|
|
|
safety_rx_checks_invalid = false;
|
2022-05-20 05:03:43 +08:00
|
|
|
|
2019-11-27 13:19:54 +08:00
|
|
|
int set_status = -1; // not set
|
2019-06-15 01:57:14 +08:00
|
|
|
int hook_config_count = sizeof(safety_hook_registry) / sizeof(safety_hook_config);
|
|
|
|
for (int i = 0; i < hook_config_count; i++) {
|
2017-07-18 01:27:34 +08:00
|
|
|
if (safety_hook_registry[i].id == mode) {
|
2017-07-15 12:17:32 +08:00
|
|
|
current_hooks = safety_hook_registry[i].hooks;
|
2021-03-17 21:19:22 +08:00
|
|
|
current_safety_mode = mode;
|
|
|
|
current_safety_param = param;
|
2019-11-27 13:19:54 +08:00
|
|
|
set_status = 0; // set
|
2020-05-27 05:23:39 +08:00
|
|
|
}
|
2017-07-15 12:17:32 +08:00
|
|
|
}
|
2019-06-13 09:18:07 +08:00
|
|
|
if ((set_status == 0) && (current_hooks->init != NULL)) {
|
2021-09-04 02:45:17 +08:00
|
|
|
current_rx_checks = current_hooks->init(param);
|
|
|
|
// reset message index and seen flags in addr struct
|
|
|
|
for (int j = 0; j < current_rx_checks->len; j++) {
|
|
|
|
current_rx_checks->check[j].index = 0;
|
|
|
|
current_rx_checks->check[j].msg_seen = false;
|
|
|
|
}
|
2019-06-13 09:18:07 +08:00
|
|
|
}
|
|
|
|
return set_status;
|
2017-07-15 12:17:32 +08:00
|
|
|
}
|
2017-08-24 03:49:56 +08:00
|
|
|
|
2018-05-26 08:52:37 +08:00
|
|
|
// convert a trimmed integer to signed 32 bit int
|
|
|
|
int to_signed(int d, int bits) {
|
2019-06-11 15:58:22 +08:00
|
|
|
int d_signed = d;
|
2019-06-18 04:48:14 +08:00
|
|
|
if (d >= (1 << MAX((bits - 1), 0))) {
|
|
|
|
d_signed = d - (1 << MAX(bits, 0));
|
2018-05-26 08:52:37 +08:00
|
|
|
}
|
2019-06-11 15:58:22 +08:00
|
|
|
return d_signed;
|
2018-05-26 08:52:37 +08:00
|
|
|
}
|
2018-06-01 09:49:12 +08:00
|
|
|
|
2022-04-22 11:11:13 +08:00
|
|
|
// given a new sample, update the sample_t struct
|
2018-06-01 09:49:12 +08:00
|
|
|
void update_sample(struct sample_t *sample, int sample_new) {
|
2019-06-15 01:57:14 +08:00
|
|
|
int sample_size = sizeof(sample->values) / sizeof(sample->values[0]);
|
|
|
|
for (int i = sample_size - 1; i > 0; i--) {
|
2018-06-01 09:49:12 +08:00
|
|
|
sample->values[i] = sample->values[i-1];
|
|
|
|
}
|
|
|
|
sample->values[0] = sample_new;
|
|
|
|
|
|
|
|
// get the minimum and maximum measured samples
|
2019-06-11 16:10:45 +08:00
|
|
|
sample->min = sample->values[0];
|
|
|
|
sample->max = sample->values[0];
|
2019-06-15 01:57:14 +08:00
|
|
|
for (int i = 1; i < sample_size; i++) {
|
2019-06-11 16:07:41 +08:00
|
|
|
if (sample->values[i] < sample->min) {
|
|
|
|
sample->min = sample->values[i];
|
|
|
|
}
|
|
|
|
if (sample->values[i] > sample->max) {
|
|
|
|
sample->max = sample->values[i];
|
|
|
|
}
|
2018-06-01 09:49:12 +08:00
|
|
|
}
|
|
|
|
}
|
2018-06-13 15:56:29 +08:00
|
|
|
|
2019-06-18 09:48:38 +08:00
|
|
|
bool max_limit_check(int val, const int MAX_VAL, const int MIN_VAL) {
|
|
|
|
return (val > MAX_VAL) || (val < MIN_VAL);
|
2018-06-13 16:37:36 +08:00
|
|
|
}
|
|
|
|
|
2023-04-27 15:40:29 +08:00
|
|
|
// check that commanded angle value isn't too far from measured
|
|
|
|
bool angle_dist_to_meas_check(int val, struct sample_t *val_meas, const int MAX_ERROR, const int MAX_VAL) {
|
|
|
|
|
|
|
|
// val must always be near val_meas, limited to the maximum value
|
|
|
|
// add 1 to not false trigger the violation
|
|
|
|
int highest_allowed = CLAMP(val_meas->max + MAX_ERROR + 1, -MAX_VAL, MAX_VAL);
|
|
|
|
int lowest_allowed = CLAMP(val_meas->min - MAX_ERROR - 1, -MAX_VAL, MAX_VAL);
|
|
|
|
|
|
|
|
// check for violation
|
|
|
|
return max_limit_check(val, highest_allowed, lowest_allowed);
|
|
|
|
}
|
|
|
|
|
|
|
|
// check that commanded torque value isn't too far from measured
|
2019-06-13 11:12:48 +08:00
|
|
|
bool dist_to_meas_check(int val, int val_last, struct sample_t *val_meas,
|
2022-06-24 04:41:22 +08:00
|
|
|
const int MAX_RATE_UP, const int MAX_RATE_DOWN, const int MAX_ERROR) {
|
2018-06-13 16:37:36 +08:00
|
|
|
|
|
|
|
// *** val rate limit check ***
|
2019-06-18 06:29:04 +08:00
|
|
|
int highest_allowed_rl = MAX(val_last, 0) + MAX_RATE_UP;
|
|
|
|
int lowest_allowed_rl = MIN(val_last, 0) - MAX_RATE_UP;
|
2018-06-13 16:37:36 +08:00
|
|
|
|
|
|
|
// if we've exceeded the meas val, we must start moving toward 0
|
2019-06-18 06:29:04 +08:00
|
|
|
int highest_allowed = MIN(highest_allowed_rl, MAX(val_last - MAX_RATE_DOWN, MAX(val_meas->max, 0) + MAX_ERROR));
|
|
|
|
int lowest_allowed = MAX(lowest_allowed_rl, MIN(val_last + MAX_RATE_DOWN, MIN(val_meas->min, 0) - MAX_ERROR));
|
2018-06-13 16:37:36 +08:00
|
|
|
|
|
|
|
// check for violation
|
2023-04-27 14:55:04 +08:00
|
|
|
return max_limit_check(val, highest_allowed, lowest_allowed);
|
2018-06-13 16:37:36 +08:00
|
|
|
}
|
|
|
|
|
2018-06-14 06:23:56 +08:00
|
|
|
// check that commanded value isn't fighting against driver
|
2019-06-13 11:12:48 +08:00
|
|
|
bool driver_limit_check(int val, int val_last, struct sample_t *val_driver,
|
2022-06-24 04:41:22 +08:00
|
|
|
const int MAX_VAL, const int MAX_RATE_UP, const int MAX_RATE_DOWN,
|
|
|
|
const int MAX_ALLOWANCE, const int DRIVER_FACTOR) {
|
2018-06-14 06:23:56 +08:00
|
|
|
|
2022-06-24 04:41:22 +08:00
|
|
|
// torque delta/rate limits
|
2019-06-18 06:29:04 +08:00
|
|
|
int highest_allowed_rl = MAX(val_last, 0) + MAX_RATE_UP;
|
|
|
|
int lowest_allowed_rl = MIN(val_last, 0) - MAX_RATE_UP;
|
2018-06-14 06:23:56 +08:00
|
|
|
|
2022-06-24 04:41:22 +08:00
|
|
|
// driver
|
2019-06-18 09:48:38 +08:00
|
|
|
int driver_max_limit = MAX_VAL + (MAX_ALLOWANCE + val_driver->max) * DRIVER_FACTOR;
|
|
|
|
int driver_min_limit = -MAX_VAL + (-MAX_ALLOWANCE + val_driver->min) * DRIVER_FACTOR;
|
2018-06-14 06:23:56 +08:00
|
|
|
|
|
|
|
// if we've exceeded the applied torque, we must start moving toward 0
|
2019-06-18 06:29:04 +08:00
|
|
|
int highest_allowed = MIN(highest_allowed_rl, MAX(val_last - MAX_RATE_DOWN,
|
2019-06-18 04:48:14 +08:00
|
|
|
MAX(driver_max_limit, 0)));
|
2019-06-18 06:29:04 +08:00
|
|
|
int lowest_allowed = MAX(lowest_allowed_rl, MIN(val_last + MAX_RATE_DOWN,
|
2019-06-18 04:48:14 +08:00
|
|
|
MIN(driver_min_limit, 0)));
|
2018-06-14 06:23:56 +08:00
|
|
|
|
|
|
|
// check for violation
|
2023-04-27 14:55:04 +08:00
|
|
|
return max_limit_check(val, highest_allowed, lowest_allowed);
|
2018-06-14 06:23:56 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2018-06-13 15:56:29 +08:00
|
|
|
// real time check, mainly used for steer torque rate limiter
|
2019-06-13 11:12:48 +08:00
|
|
|
bool rt_rate_limit_check(int val, int val_last, const int MAX_RT_DELTA) {
|
2018-06-13 15:56:29 +08:00
|
|
|
|
2018-06-13 15:57:36 +08:00
|
|
|
// *** torque real time rate limit check ***
|
2019-06-18 04:48:14 +08:00
|
|
|
int highest_val = MAX(val_last, 0) + MAX_RT_DELTA;
|
|
|
|
int lowest_val = MIN(val_last, 0) - MAX_RT_DELTA;
|
2018-06-13 15:56:29 +08:00
|
|
|
|
2018-06-13 16:37:36 +08:00
|
|
|
// check for violation
|
2023-04-27 14:55:04 +08:00
|
|
|
return max_limit_check(val, highest_val, lowest_val);
|
2018-06-13 15:56:29 +08:00
|
|
|
}
|
2018-08-14 13:52:31 +08:00
|
|
|
|
|
|
|
|
|
|
|
// interp function that holds extreme values
|
|
|
|
float interpolate(struct lookup_t xy, float x) {
|
2019-06-13 09:18:07 +08:00
|
|
|
|
2018-08-14 13:52:31 +08:00
|
|
|
int size = sizeof(xy.x) / sizeof(xy.x[0]);
|
2019-06-13 09:18:07 +08:00
|
|
|
float ret = xy.y[size - 1]; // default output is last point
|
|
|
|
|
2018-08-14 13:52:31 +08:00
|
|
|
// x is lower than the first point in the x array. Return the first point
|
|
|
|
if (x <= xy.x[0]) {
|
2019-06-13 09:18:07 +08:00
|
|
|
ret = xy.y[0];
|
2018-08-14 13:52:31 +08:00
|
|
|
|
|
|
|
} else {
|
|
|
|
// find the index such that (xy.x[i] <= x < xy.x[i+1]) and linearly interp
|
2019-06-12 12:23:48 +08:00
|
|
|
for (int i=0; i < (size - 1); i++) {
|
2018-08-14 13:52:31 +08:00
|
|
|
if (x < xy.x[i+1]) {
|
|
|
|
float x0 = xy.x[i];
|
|
|
|
float y0 = xy.y[i];
|
|
|
|
float dx = xy.x[i+1] - x0;
|
|
|
|
float dy = xy.y[i+1] - y0;
|
2019-12-13 10:23:03 +08:00
|
|
|
// dx should not be zero as xy.x is supposed to be monotonic
|
2019-06-11 16:07:41 +08:00
|
|
|
if (dx <= 0.) {
|
|
|
|
dx = 0.0001;
|
|
|
|
}
|
2019-06-13 09:18:07 +08:00
|
|
|
ret = (dy * (x - x0) / dx) + y0;
|
|
|
|
break;
|
2018-08-14 13:52:31 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2019-06-13 09:18:07 +08:00
|
|
|
return ret;
|
2018-08-14 13:52:31 +08:00
|
|
|
}
|
2022-08-10 10:53:15 +08:00
|
|
|
|
2022-11-30 08:46:32 +08:00
|
|
|
// Safety checks for longitudinal actuation
|
2022-12-01 14:09:13 +08:00
|
|
|
bool longitudinal_accel_checks(int desired_accel, const LongitudinalLimits limits) {
|
2023-04-14 08:28:33 +08:00
|
|
|
bool accel_valid = get_longitudinal_allowed() && !max_limit_check(desired_accel, limits.max_accel, limits.min_accel);
|
|
|
|
bool accel_inactive = desired_accel == limits.inactive_accel;
|
|
|
|
return !(accel_valid || accel_inactive);
|
2022-11-30 08:46:32 +08:00
|
|
|
}
|
2022-08-10 12:05:36 +08:00
|
|
|
|
2022-12-01 14:09:13 +08:00
|
|
|
bool longitudinal_speed_checks(int desired_speed, const LongitudinalLimits limits) {
|
|
|
|
return !get_longitudinal_allowed() && (desired_speed != limits.inactive_speed);
|
2022-12-01 10:56:05 +08:00
|
|
|
}
|
|
|
|
|
2022-12-01 14:09:13 +08:00
|
|
|
bool longitudinal_gas_checks(int desired_gas, const LongitudinalLimits limits) {
|
2022-11-30 15:45:55 +08:00
|
|
|
bool violation = false;
|
2022-12-01 14:09:13 +08:00
|
|
|
if (!get_longitudinal_allowed()) {
|
2022-11-30 15:45:55 +08:00
|
|
|
violation |= desired_gas != limits.inactive_gas;
|
|
|
|
} else {
|
|
|
|
violation |= max_limit_check(desired_gas, limits.max_gas, limits.min_gas);
|
|
|
|
}
|
|
|
|
return violation;
|
|
|
|
}
|
|
|
|
|
2022-12-01 14:09:13 +08:00
|
|
|
bool longitudinal_brake_checks(int desired_brake, const LongitudinalLimits limits) {
|
2022-11-30 15:45:55 +08:00
|
|
|
bool violation = false;
|
2022-12-01 14:09:13 +08:00
|
|
|
violation |= !get_longitudinal_allowed() && (desired_brake != 0);
|
2022-11-30 15:45:55 +08:00
|
|
|
violation |= desired_brake > limits.max_brake;
|
|
|
|
return violation;
|
|
|
|
}
|
|
|
|
|
2022-12-01 14:09:13 +08:00
|
|
|
bool longitudinal_interceptor_checks(CANPacket_t *to_send) {
|
|
|
|
return !get_longitudinal_allowed() && (GET_BYTE(to_send, 0) || GET_BYTE(to_send, 1));
|
2022-12-01 09:22:42 +08:00
|
|
|
}
|
|
|
|
|
2022-08-10 12:05:36 +08:00
|
|
|
// Safety checks for torque-based steering commands
|
|
|
|
bool steer_torque_cmd_checks(int desired_torque, int steer_req, const SteeringLimits limits) {
|
2022-08-10 10:53:15 +08:00
|
|
|
bool violation = false;
|
|
|
|
uint32_t ts = microsecond_timer_get();
|
|
|
|
|
|
|
|
if (controls_allowed) {
|
|
|
|
// *** global torque limit check ***
|
|
|
|
violation |= max_limit_check(desired_torque, limits.max_steer, -limits.max_steer);
|
|
|
|
|
|
|
|
// *** torque rate limit check ***
|
2022-08-10 12:05:36 +08:00
|
|
|
if (limits.type == TorqueDriverLimited) {
|
|
|
|
violation |= driver_limit_check(desired_torque, desired_torque_last, &torque_driver,
|
|
|
|
limits.max_steer, limits.max_rate_up, limits.max_rate_down,
|
|
|
|
limits.driver_torque_allowance, limits.driver_torque_factor);
|
|
|
|
} else {
|
|
|
|
violation |= dist_to_meas_check(desired_torque, desired_torque_last, &torque_meas,
|
|
|
|
limits.max_rate_up, limits.max_rate_down, limits.max_torque_error);
|
|
|
|
}
|
2022-08-10 10:53:15 +08:00
|
|
|
desired_torque_last = desired_torque;
|
|
|
|
|
|
|
|
// *** torque real time rate limit check ***
|
|
|
|
violation |= rt_rate_limit_check(desired_torque, rt_torque_last, limits.max_rt_delta);
|
|
|
|
|
|
|
|
// every RT_INTERVAL set the new limits
|
2022-09-07 10:12:06 +08:00
|
|
|
uint32_t ts_elapsed = get_ts_elapsed(ts, ts_torque_check_last);
|
2022-08-10 10:53:15 +08:00
|
|
|
if (ts_elapsed > limits.max_rt_interval) {
|
|
|
|
rt_torque_last = desired_torque;
|
2022-09-07 10:12:06 +08:00
|
|
|
ts_torque_check_last = ts;
|
2022-08-10 10:53:15 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// no torque if controls is not allowed
|
|
|
|
if (!controls_allowed && (desired_torque != 0)) {
|
|
|
|
violation = true;
|
|
|
|
}
|
|
|
|
|
2022-10-12 04:20:24 +08:00
|
|
|
// certain safety modes set their steer request bit low for one or more frame at a
|
2022-09-07 10:12:06 +08:00
|
|
|
// predefined max frequency to avoid steering faults in certain situations
|
|
|
|
bool steer_req_mismatch = (steer_req == 0) && (desired_torque != 0);
|
2022-10-12 04:20:24 +08:00
|
|
|
if (!limits.has_steer_req_tolerance) {
|
|
|
|
if (steer_req_mismatch) {
|
2022-09-07 10:12:06 +08:00
|
|
|
violation = true;
|
2022-10-12 04:20:24 +08:00
|
|
|
}
|
2022-09-07 10:12:06 +08:00
|
|
|
|
2022-10-12 04:20:24 +08:00
|
|
|
} else {
|
|
|
|
if (steer_req_mismatch) {
|
|
|
|
if (invalid_steer_req_count == 0) {
|
|
|
|
// disallow torque cut if not enough recent matching steer_req messages
|
|
|
|
if (valid_steer_req_count < limits.min_valid_request_frames) {
|
|
|
|
violation = true;
|
|
|
|
}
|
2022-09-07 10:12:06 +08:00
|
|
|
|
2022-10-12 04:20:24 +08:00
|
|
|
// or we've cut torque too recently in time
|
|
|
|
uint32_t ts_elapsed = get_ts_elapsed(ts, ts_steer_req_mismatch_last);
|
|
|
|
if (ts_elapsed < limits.min_valid_request_rt_interval) {
|
|
|
|
violation = true;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
// or we're cutting more frames consecutively than allowed
|
|
|
|
if (invalid_steer_req_count >= limits.max_invalid_request_frames) {
|
|
|
|
violation = true;
|
|
|
|
}
|
2022-09-07 10:12:06 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
valid_steer_req_count = 0;
|
|
|
|
ts_steer_req_mismatch_last = ts;
|
2022-10-12 04:20:24 +08:00
|
|
|
invalid_steer_req_count = MIN(invalid_steer_req_count + 1, limits.max_invalid_request_frames);
|
|
|
|
} else {
|
|
|
|
valid_steer_req_count = MIN(valid_steer_req_count + 1, limits.min_valid_request_frames);
|
|
|
|
invalid_steer_req_count = 0;
|
2022-09-07 10:12:06 +08:00
|
|
|
}
|
2022-08-10 12:05:36 +08:00
|
|
|
}
|
|
|
|
|
2022-08-10 10:53:15 +08:00
|
|
|
// reset to 0 if either controls is not allowed or there's a violation
|
|
|
|
if (violation || !controls_allowed) {
|
2022-09-07 10:12:06 +08:00
|
|
|
valid_steer_req_count = 0;
|
2022-10-12 04:20:24 +08:00
|
|
|
invalid_steer_req_count = 0;
|
2022-08-10 10:53:15 +08:00
|
|
|
desired_torque_last = 0;
|
|
|
|
rt_torque_last = 0;
|
2022-09-07 10:12:06 +08:00
|
|
|
ts_torque_check_last = ts;
|
|
|
|
ts_steer_req_mismatch_last = ts;
|
2022-08-10 10:53:15 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
return violation;
|
|
|
|
}
|
2022-08-12 15:28:08 +08:00
|
|
|
|
2022-12-03 08:45:23 +08:00
|
|
|
// Safety checks for angle-based steering commands
|
|
|
|
bool steer_angle_cmd_checks(int desired_angle, bool steer_control_enabled, const SteeringLimits limits) {
|
|
|
|
bool violation = false;
|
|
|
|
|
|
|
|
if (controls_allowed && steer_control_enabled) {
|
|
|
|
// convert floating point angle rate limits to integers in the scale of the desired angle on CAN,
|
2023-02-23 12:05:33 +08:00
|
|
|
// add 1 to not false trigger the violation. also fudge the speed by 1 m/s so rate limits are
|
|
|
|
// always slightly above openpilot's in case we read an updated speed in between angle commands
|
|
|
|
// TODO: this speed fudge can be much lower, look at data to determine the lowest reasonable offset
|
|
|
|
int delta_angle_up = (interpolate(limits.angle_rate_up_lookup, vehicle_speed - 1.) * limits.angle_deg_to_can) + 1.;
|
|
|
|
int delta_angle_down = (interpolate(limits.angle_rate_down_lookup, vehicle_speed - 1.) * limits.angle_deg_to_can) + 1.;
|
2022-12-03 08:45:23 +08:00
|
|
|
|
|
|
|
int highest_desired_angle = desired_angle_last + ((desired_angle_last > 0) ? delta_angle_up : delta_angle_down);
|
|
|
|
int lowest_desired_angle = desired_angle_last - ((desired_angle_last >= 0) ? delta_angle_down : delta_angle_up);
|
|
|
|
|
|
|
|
// check for violation;
|
|
|
|
violation |= max_limit_check(desired_angle, highest_desired_angle, lowest_desired_angle);
|
|
|
|
}
|
|
|
|
desired_angle_last = desired_angle;
|
|
|
|
|
|
|
|
// Angle should be the same as current angle while not steering
|
2023-04-28 12:41:38 +08:00
|
|
|
violation |= (!steer_control_enabled &&
|
2022-12-03 08:45:23 +08:00
|
|
|
((desired_angle < (angle_meas.min - 1)) ||
|
|
|
|
(desired_angle > (angle_meas.max + 1))));
|
|
|
|
|
|
|
|
// No angle control allowed when controls are not allowed
|
|
|
|
violation |= !controls_allowed && steer_control_enabled;
|
|
|
|
|
|
|
|
return violation;
|
|
|
|
}
|
|
|
|
|
2022-08-12 15:28:08 +08:00
|
|
|
void pcm_cruise_check(bool cruise_engaged) {
|
|
|
|
// Enter controls on rising edge of stock ACC, exit controls if stock ACC disengages
|
|
|
|
if (!cruise_engaged) {
|
|
|
|
controls_allowed = false;
|
|
|
|
}
|
|
|
|
if (cruise_engaged && !cruise_engaged_prev) {
|
|
|
|
controls_allowed = true;
|
|
|
|
}
|
|
|
|
cruise_engaged_prev = cruise_engaged;
|
|
|
|
}
|