2018-06-01 09:49:12 +08:00
|
|
|
// sample struct that keeps 3 samples in memory
|
|
|
|
struct sample_t {
|
2018-06-04 08:39:57 +08:00
|
|
|
int values[6];
|
2018-06-01 09:49:12 +08:00
|
|
|
int min;
|
|
|
|
int max;
|
2018-06-04 08:39:57 +08:00
|
|
|
} sample_t_default = {{0}, 0, 0};
|
2018-06-01 09:49:12 +08:00
|
|
|
|
2019-05-22 09:14:30 +08:00
|
|
|
// safety code requires floats
|
2018-08-14 13:52:31 +08:00
|
|
|
struct lookup_t {
|
|
|
|
float x[3];
|
|
|
|
float y[3];
|
|
|
|
};
|
|
|
|
|
2017-07-15 12:17:32 +08:00
|
|
|
void safety_rx_hook(CAN_FIFOMailBox_TypeDef *to_push);
|
2017-07-21 14:36:06 +08:00
|
|
|
int safety_tx_hook(CAN_FIFOMailBox_TypeDef *to_send);
|
|
|
|
int safety_tx_lin_hook(int lin_num, uint8_t *data, int len);
|
2018-04-11 08:55:55 +08:00
|
|
|
int safety_ignition_hook();
|
2018-05-26 04:57:19 +08:00
|
|
|
uint32_t get_ts_elapsed(uint32_t ts, uint32_t ts_last);
|
2018-05-26 08:52:37 +08:00
|
|
|
int to_signed(int d, int bits);
|
2018-06-01 09:49:12 +08:00
|
|
|
void update_sample(struct sample_t *sample, int sample_new);
|
2018-06-21 09:34:31 +08:00
|
|
|
int max_limit_check(int val, const int MAX, const int MIN);
|
2018-06-13 16:37:36 +08:00
|
|
|
int dist_to_meas_check(int val, int val_last, struct sample_t *val_meas,
|
|
|
|
const int MAX_RATE_UP, const int MAX_RATE_DOWN, const int MAX_ERROR);
|
2018-06-14 06:23:56 +08:00
|
|
|
int driver_limit_check(int val, int val_last, struct sample_t *val_driver,
|
2018-08-14 13:52:31 +08:00
|
|
|
const int MAX, const int MAX_RATE_UP, const int MAX_RATE_DOWN,
|
2018-06-14 06:23:56 +08:00
|
|
|
const int MAX_ALLOWANCE, const int DRIVER_FACTOR);
|
2018-06-13 16:37:36 +08:00
|
|
|
int rt_rate_limit_check(int val, int val_last, const int MAX_RT_DELTA);
|
2018-08-14 13:52:31 +08:00
|
|
|
float interpolate(struct lookup_t xy, float x);
|
L-line relay (#166)
* Initial version of L-Line Relay
* lline relay fix build, add to health
* Add lline relay to safety
* Lline relay fix build
* Fix tests
* Add lline safety init. Dont fwd with relay closed
* Turn on relay with CAN
* relay hook
* More reliable lline relay
* Longer LLine timeout
* Only turn on wifi if not eon
* Dont disable ESP in early
* Allow CAN to be turned off
- CAN is turned off via USB.
- CAN is turned on when either try to transmit or can is received
- If only transmit is asleep, all messages should send okay
- If receive is alseep, will miss first message while waking up
- Sometimes will report error on second message while CAN perif wakes up
- Saves 130mW!
* Power Saver Mode
- Gray Panda power consumption 650mw -> 325mW
- Turns off CAN, GMLAN, LIN, GPS when no activity for 10s
- No acitvity is no CAN send, CAN Recv, Write to GPS
* Fix power_saving to better turn off can
- On some cars when the can is turned off, it triggers a wakeup.
Delaying the automatic wakeup seems to fix this
* Don't save power in pedal
* Fix relay clicking on startup
* Fix duplicate include
* consistent relay setting
* relay_status can be added when needed, as it's started_alt was consumed in other places
* need to skip forwarding only if relay control is claimed
* unneded change
* make lline_relay.h not depending on can.h
* less spaghetti I guess
* less lines
* reset pedal changes
* no unused input
* update version
2019-04-12 12:03:15 +08:00
|
|
|
|
2018-01-26 15:57:04 +08:00
|
|
|
typedef void (*safety_hook_init)(int16_t param);
|
2017-07-15 12:17:32 +08:00
|
|
|
typedef void (*rx_hook)(CAN_FIFOMailBox_TypeDef *to_push);
|
2017-07-21 14:36:06 +08:00
|
|
|
typedef int (*tx_hook)(CAN_FIFOMailBox_TypeDef *to_send);
|
|
|
|
typedef int (*tx_lin_hook)(int lin_num, uint8_t *data, int len);
|
2018-04-11 08:55:55 +08:00
|
|
|
typedef int (*ign_hook)();
|
2018-02-28 15:27:47 +08:00
|
|
|
typedef int (*fwd_hook)(int bus_num, CAN_FIFOMailBox_TypeDef *to_fwd);
|
2017-07-15 12:17:32 +08:00
|
|
|
|
|
|
|
typedef struct {
|
|
|
|
safety_hook_init init;
|
2018-04-11 08:55:55 +08:00
|
|
|
ign_hook ignition;
|
2017-07-15 12:17:32 +08:00
|
|
|
rx_hook rx;
|
|
|
|
tx_hook tx;
|
|
|
|
tx_lin_hook tx_lin;
|
2018-02-28 15:27:47 +08:00
|
|
|
fwd_hook fwd;
|
2017-07-15 12:17:32 +08:00
|
|
|
} safety_hooks;
|
|
|
|
|
2017-07-22 02:48:03 +08:00
|
|
|
// This can be set by the safety hooks.
|
|
|
|
int controls_allowed = 0;
|
2019-06-05 04:36:46 +08:00
|
|
|
int gas_interceptor_detected = 0;
|
2019-06-06 04:38:59 +08:00
|
|
|
int gas_interceptor_prev = 0;
|
2017-07-22 02:48:03 +08:00
|
|
|
|
2019-06-06 05:00:07 +08:00
|
|
|
// This is set by USB command 0xdf
|
|
|
|
int long_controls_allowed = 1;
|
|
|
|
|
2017-07-15 12:17:32 +08:00
|
|
|
// Include the actual safety policies.
|
2017-07-18 01:20:08 +08:00
|
|
|
#include "safety/safety_defaults.h"
|
|
|
|
#include "safety/safety_honda.h"
|
2017-08-25 13:31:34 +08:00
|
|
|
#include "safety/safety_toyota.h"
|
2018-04-12 05:31:45 +08:00
|
|
|
#include "safety/safety_toyota_ipas.h"
|
2018-10-05 01:22:10 +08:00
|
|
|
#include "safety/safety_tesla.h"
|
2019-02-06 10:37:02 +08:00
|
|
|
#include "safety/safety_gm_ascm.h"
|
2018-02-23 16:19:22 +08:00
|
|
|
#include "safety/safety_gm.h"
|
2018-05-03 13:45:23 +08:00
|
|
|
#include "safety/safety_ford.h"
|
2018-05-26 01:36:25 +08:00
|
|
|
#include "safety/safety_cadillac.h"
|
2018-08-18 12:31:00 +08:00
|
|
|
#include "safety/safety_hyundai.h"
|
2018-11-07 04:28:33 +08:00
|
|
|
#include "safety/safety_chrysler.h"
|
2019-01-29 13:42:06 +08:00
|
|
|
#include "safety/safety_subaru.h"
|
2017-08-12 07:17:43 +08:00
|
|
|
#include "safety/safety_elm327.h"
|
2017-07-15 12:17:32 +08:00
|
|
|
|
|
|
|
const safety_hooks *current_hooks = &nooutput_hooks;
|
|
|
|
|
|
|
|
void safety_rx_hook(CAN_FIFOMailBox_TypeDef *to_push){
|
|
|
|
current_hooks->rx(to_push);
|
|
|
|
}
|
|
|
|
|
2017-07-21 14:36:06 +08:00
|
|
|
int safety_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
|
|
|
|
return current_hooks->tx(to_send);
|
2017-07-15 12:17:32 +08:00
|
|
|
}
|
|
|
|
|
2017-07-21 14:36:06 +08:00
|
|
|
int safety_tx_lin_hook(int lin_num, uint8_t *data, int len){
|
|
|
|
return current_hooks->tx_lin(lin_num, data, len);
|
2017-07-15 12:17:32 +08:00
|
|
|
}
|
|
|
|
|
2018-04-11 08:55:55 +08:00
|
|
|
// -1 = Disabled (Use GPIO to determine ignition)
|
|
|
|
// 0 = Off (not started)
|
|
|
|
// 1 = On (started)
|
|
|
|
int safety_ignition_hook() {
|
|
|
|
return current_hooks->ignition();
|
|
|
|
}
|
2018-02-28 15:27:47 +08:00
|
|
|
int safety_fwd_hook(int bus_num, CAN_FIFOMailBox_TypeDef *to_fwd) {
|
|
|
|
return current_hooks->fwd(bus_num, to_fwd);
|
|
|
|
}
|
|
|
|
|
2017-07-15 12:17:32 +08:00
|
|
|
typedef struct {
|
|
|
|
uint16_t id;
|
|
|
|
const safety_hooks *hooks;
|
|
|
|
} safety_hook_config;
|
|
|
|
|
2017-07-18 01:48:16 +08:00
|
|
|
#define SAFETY_NOOUTPUT 0
|
|
|
|
#define SAFETY_HONDA 1
|
2017-08-25 13:31:34 +08:00
|
|
|
#define SAFETY_TOYOTA 2
|
2018-02-23 16:19:22 +08:00
|
|
|
#define SAFETY_GM 3
|
2018-02-28 15:27:47 +08:00
|
|
|
#define SAFETY_HONDA_BOSCH 4
|
2018-05-03 13:45:23 +08:00
|
|
|
#define SAFETY_FORD 5
|
2018-05-26 01:36:25 +08:00
|
|
|
#define SAFETY_CADILLAC 6
|
2018-08-18 12:31:00 +08:00
|
|
|
#define SAFETY_HYUNDAI 7
|
2018-10-05 01:22:10 +08:00
|
|
|
#define SAFETY_TESLA 8
|
2018-11-07 04:28:33 +08:00
|
|
|
#define SAFETY_CHRYSLER 9
|
2019-01-29 13:42:06 +08:00
|
|
|
#define SAFETY_SUBARU 10
|
2019-02-06 10:37:02 +08:00
|
|
|
#define SAFETY_GM_ASCM 0x1334
|
2018-05-03 13:45:23 +08:00
|
|
|
#define SAFETY_TOYOTA_IPAS 0x1335
|
2017-07-18 01:48:16 +08:00
|
|
|
#define SAFETY_ALLOUTPUT 0x1337
|
2017-08-12 07:17:43 +08:00
|
|
|
#define SAFETY_ELM327 0xE327
|
2017-07-18 01:48:16 +08:00
|
|
|
|
2017-07-15 12:17:32 +08:00
|
|
|
const safety_hook_config safety_hook_registry[] = {
|
2017-07-18 01:48:16 +08:00
|
|
|
{SAFETY_NOOUTPUT, &nooutput_hooks},
|
|
|
|
{SAFETY_HONDA, &honda_hooks},
|
2018-02-28 15:27:47 +08:00
|
|
|
{SAFETY_HONDA_BOSCH, &honda_bosch_hooks},
|
2017-08-25 13:31:34 +08:00
|
|
|
{SAFETY_TOYOTA, &toyota_hooks},
|
2018-05-03 13:45:23 +08:00
|
|
|
{SAFETY_GM, &gm_hooks},
|
|
|
|
{SAFETY_FORD, &ford_hooks},
|
2018-05-26 01:36:25 +08:00
|
|
|
{SAFETY_CADILLAC, &cadillac_hooks},
|
2018-08-18 12:31:00 +08:00
|
|
|
{SAFETY_HYUNDAI, &hyundai_hooks},
|
2018-11-07 04:28:33 +08:00
|
|
|
{SAFETY_CHRYSLER, &chrysler_hooks},
|
2019-01-29 13:42:06 +08:00
|
|
|
{SAFETY_SUBARU, &subaru_hooks},
|
2018-04-12 05:31:45 +08:00
|
|
|
{SAFETY_TOYOTA_IPAS, &toyota_ipas_hooks},
|
2019-02-06 10:37:02 +08:00
|
|
|
{SAFETY_GM_ASCM, &gm_ascm_hooks},
|
2018-10-05 01:22:10 +08:00
|
|
|
{SAFETY_TESLA, &tesla_hooks},
|
2017-07-18 01:48:16 +08:00
|
|
|
{SAFETY_ALLOUTPUT, &alloutput_hooks},
|
2017-08-12 07:17:43 +08:00
|
|
|
{SAFETY_ELM327, &elm327_hooks},
|
2017-07-15 12:17:32 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
#define HOOK_CONFIG_COUNT (sizeof(safety_hook_registry)/sizeof(safety_hook_config))
|
|
|
|
|
2018-01-26 15:57:04 +08:00
|
|
|
int safety_set_mode(uint16_t mode, int16_t param) {
|
2017-07-18 01:27:34 +08:00
|
|
|
for (int i = 0; i < HOOK_CONFIG_COUNT; i++) {
|
|
|
|
if (safety_hook_registry[i].id == mode) {
|
2017-07-15 12:17:32 +08:00
|
|
|
current_hooks = safety_hook_registry[i].hooks;
|
2019-06-11 16:07:41 +08:00
|
|
|
if (current_hooks->init) {
|
|
|
|
current_hooks->init(param);
|
|
|
|
}
|
2017-07-15 12:17:32 +08:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return -1;
|
|
|
|
}
|
2017-08-24 03:49:56 +08:00
|
|
|
|
2018-05-26 04:57:19 +08:00
|
|
|
// compute the time elapsed (in microseconds) from 2 counter samples
|
|
|
|
uint32_t get_ts_elapsed(uint32_t ts, uint32_t ts_last) {
|
|
|
|
return ts > ts_last ? ts - ts_last : (0xFFFFFFFF - ts_last) + 1 + ts;
|
|
|
|
}
|
2018-05-26 08:52:37 +08:00
|
|
|
|
|
|
|
// convert a trimmed integer to signed 32 bit int
|
|
|
|
int to_signed(int d, int bits) {
|
2019-06-11 15:58:22 +08:00
|
|
|
int d_signed = d;
|
2018-05-26 08:52:37 +08:00
|
|
|
if (d >= (1 << (bits - 1))) {
|
2019-06-11 15:58:22 +08:00
|
|
|
d_signed = d - (1 << bits);
|
2018-05-26 08:52:37 +08:00
|
|
|
}
|
2019-06-11 15:58:22 +08:00
|
|
|
return d_signed;
|
2018-05-26 08:52:37 +08:00
|
|
|
}
|
2018-06-01 09:49:12 +08:00
|
|
|
|
|
|
|
// given a new sample, update the smaple_t struct
|
|
|
|
void update_sample(struct sample_t *sample, int sample_new) {
|
|
|
|
for (int i = sizeof(sample->values)/sizeof(sample->values[0]) - 1; i > 0; i--) {
|
|
|
|
sample->values[i] = sample->values[i-1];
|
|
|
|
}
|
|
|
|
sample->values[0] = sample_new;
|
|
|
|
|
|
|
|
// get the minimum and maximum measured samples
|
2019-06-11 16:10:45 +08:00
|
|
|
sample->min = sample->values[0];
|
|
|
|
sample->max = sample->values[0];
|
2018-06-01 09:49:12 +08:00
|
|
|
for (int i = 1; i < sizeof(sample->values)/sizeof(sample->values[0]); i++) {
|
2019-06-11 16:07:41 +08:00
|
|
|
if (sample->values[i] < sample->min) {
|
|
|
|
sample->min = sample->values[i];
|
|
|
|
}
|
|
|
|
if (sample->values[i] > sample->max) {
|
|
|
|
sample->max = sample->values[i];
|
|
|
|
}
|
2018-06-01 09:49:12 +08:00
|
|
|
}
|
|
|
|
}
|
2018-06-13 15:56:29 +08:00
|
|
|
|
2018-06-21 09:34:31 +08:00
|
|
|
int max_limit_check(int val, const int MAX, const int MIN) {
|
|
|
|
return (val > MAX) || (val < MIN);
|
2018-06-13 16:37:36 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
// check that commanded value isn't too far from measured
|
|
|
|
int dist_to_meas_check(int val, int val_last, struct sample_t *val_meas,
|
|
|
|
const int MAX_RATE_UP, const int MAX_RATE_DOWN, const int MAX_ERROR) {
|
|
|
|
|
|
|
|
// *** val rate limit check ***
|
2018-06-21 09:19:08 +08:00
|
|
|
int highest_allowed_val = max(val_last, 0) + MAX_RATE_UP;
|
|
|
|
int lowest_allowed_val = min(val_last, 0) - MAX_RATE_UP;
|
2018-06-13 16:37:36 +08:00
|
|
|
|
|
|
|
// if we've exceeded the meas val, we must start moving toward 0
|
|
|
|
highest_allowed_val = min(highest_allowed_val, max(val_last - MAX_RATE_DOWN, max(val_meas->max, 0) + MAX_ERROR));
|
|
|
|
lowest_allowed_val = max(lowest_allowed_val, min(val_last + MAX_RATE_DOWN, min(val_meas->min, 0) - MAX_ERROR));
|
|
|
|
|
|
|
|
// check for violation
|
|
|
|
return (val < lowest_allowed_val) || (val > highest_allowed_val);
|
|
|
|
}
|
|
|
|
|
2018-06-14 06:23:56 +08:00
|
|
|
// check that commanded value isn't fighting against driver
|
|
|
|
int driver_limit_check(int val, int val_last, struct sample_t *val_driver,
|
|
|
|
const int MAX, const int MAX_RATE_UP, const int MAX_RATE_DOWN,
|
|
|
|
const int MAX_ALLOWANCE, const int DRIVER_FACTOR) {
|
|
|
|
|
|
|
|
int highest_allowed = max(val_last, 0) + MAX_RATE_UP;
|
|
|
|
int lowest_allowed = min(val_last, 0) - MAX_RATE_UP;
|
|
|
|
|
|
|
|
int driver_max_limit = MAX + (MAX_ALLOWANCE + val_driver->max) * DRIVER_FACTOR;
|
|
|
|
int driver_min_limit = -MAX + (-MAX_ALLOWANCE + val_driver->min) * DRIVER_FACTOR;
|
|
|
|
|
|
|
|
// if we've exceeded the applied torque, we must start moving toward 0
|
|
|
|
highest_allowed = min(highest_allowed, max(val_last - MAX_RATE_DOWN,
|
|
|
|
max(driver_max_limit, 0)));
|
|
|
|
lowest_allowed = max(lowest_allowed, min(val_last + MAX_RATE_DOWN,
|
|
|
|
min(driver_min_limit, 0)));
|
|
|
|
|
|
|
|
// check for violation
|
|
|
|
return (val < lowest_allowed) || (val > highest_allowed);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2018-06-13 15:56:29 +08:00
|
|
|
// real time check, mainly used for steer torque rate limiter
|
|
|
|
int rt_rate_limit_check(int val, int val_last, const int MAX_RT_DELTA) {
|
|
|
|
|
2018-06-13 15:57:36 +08:00
|
|
|
// *** torque real time rate limit check ***
|
2018-06-21 09:19:08 +08:00
|
|
|
int highest_val = max(val_last, 0) + MAX_RT_DELTA;
|
|
|
|
int lowest_val = min(val_last, 0) - MAX_RT_DELTA;
|
2018-06-13 15:56:29 +08:00
|
|
|
|
2018-06-13 16:37:36 +08:00
|
|
|
// check for violation
|
2018-06-13 15:57:36 +08:00
|
|
|
return (val < lowest_val) || (val > highest_val);
|
2018-06-13 15:56:29 +08:00
|
|
|
}
|
2018-08-14 13:52:31 +08:00
|
|
|
|
|
|
|
|
|
|
|
// interp function that holds extreme values
|
|
|
|
float interpolate(struct lookup_t xy, float x) {
|
|
|
|
int size = sizeof(xy.x) / sizeof(xy.x[0]);
|
|
|
|
// x is lower than the first point in the x array. Return the first point
|
|
|
|
if (x <= xy.x[0]) {
|
|
|
|
return xy.y[0];
|
|
|
|
|
|
|
|
} else {
|
|
|
|
// find the index such that (xy.x[i] <= x < xy.x[i+1]) and linearly interp
|
|
|
|
for (int i=0; i < size-1; i++) {
|
|
|
|
if (x < xy.x[i+1]) {
|
|
|
|
float x0 = xy.x[i];
|
|
|
|
float y0 = xy.y[i];
|
|
|
|
float dx = xy.x[i+1] - x0;
|
|
|
|
float dy = xy.y[i+1] - y0;
|
|
|
|
// dx should not be zero as xy.x is supposed ot be monotonic
|
2019-06-11 16:07:41 +08:00
|
|
|
if (dx <= 0.) {
|
|
|
|
dx = 0.0001;
|
|
|
|
}
|
2018-08-14 13:52:31 +08:00
|
|
|
return dy * (x - x0) / dx + y0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// if no such point is found, then x > xy.x[size-1]. Return last point
|
|
|
|
return xy.y[size - 1];
|
|
|
|
}
|
|
|
|
}
|