retropilot
/
panda
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

NOOUTPUT safety mode is now SILENT. NOOUTPUT still exists but keeps C… (#388) 

* NOOUTPUT safety mode is now SILENT. NOOUTPUT still exists but keeps CAN live

* README mention of 'no output'

* mispelled
master
rbiasini 2019-11-20 11:56:26 -08:00 committed by GitHub
parent d229f8dcd3
commit 597436d32a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 41 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -87,7 +87,7 @@ To print out the serial console from the ESP8266, run PORT=1 tests/debug_console
Safety Model
------
When a panda powers up, by default it's in `SAFETY_NOOUTPUT` mode. While in no output mode, the buses are also forced to be silent. In order to send messages, you have to select a safety mode. Currently, setting safety modes is only supported over USB.
When a panda powers up, by default it's in `SAFETY_SILENT` mode. While in `SAFETY_SILENT` mode, the buses are also forced to be silent. In order to send messages, you have to select a safety mode. Currently, setting safety modes is only supported over USB.
Safety modes optionally supports `controls_allowed`, which allows or blocks a subset of messages based on a customizable state in the board.

2
VERSION
View File

@ -1 +1 @@
v1.6.3
v1.6.4

29
board/main.c
View File

@ -121,13 +121,20 @@ void set_safety_mode(uint16_t mode, int16_t param) {
while (true) {} // ERROR: we can't continue if safety mode isn't succesfully set
} else {
switch (mode) {
case SAFETY_NOOUTPUT:
case SAFETY_SILENT:
set_intercept_relay(false);
if(board_has_obd()){
current_board->set_can_mode(CAN_MODE_NORMAL);
}
can_silent = ALL_CAN_SILENT;
break;
case SAFETY_NOOUTPUT:
set_intercept_relay(false);
if(board_has_obd()){
current_board->set_can_mode(CAN_MODE_NORMAL);
}
can_silent = ALL_CAN_LIVE;
break;
case SAFETY_ELM327:
set_intercept_relay(false);
heartbeat_counter = 0U;
@ -434,8 +441,10 @@ int usb_cb_control_msg(USB_Setup_TypeDef *setup, uint8_t *resp, bool hardwired)
// **** 0xdc: set safety mode
case 0xdc:
// Blocked over WiFi.
// Allow NOOUTPUT and ELM security mode to be set over wifi.
if (hardwired || (setup->b.wValue.w == SAFETY_NOOUTPUT) || (setup->b.wValue.w == SAFETY_ELM327)) {
// Allow SILENT, NOOUTPUT and ELM security mode to be set over wifi.
if (hardwired || (setup->b.wValue.w == SAFETY_SILENT) ||
(setup->b.wValue.w == SAFETY_NOOUTPUT) ||
(setup->b.wValue.w == SAFETY_ELM327)) {
set_safety_mode(setup->b.wValue.w, (uint16_t) setup->b.wIndex.w);
}
break;
@ -649,7 +658,7 @@ void __attribute__ ((noinline)) enable_fpu(void) {
uint64_t tcnt = 0;
// go into NOOUTPUT when the EON does not send a heartbeat for this amount of seconds.
// go into SILENT when the EON does not send a heartbeat for this amount of seconds.
#define EON_HEARTBEAT_IGNITION_CNT_ON 5U
#define EON_HEARTBEAT_IGNITION_CNT_OFF 2U
@ -690,12 +699,12 @@ void TIM1_BRK_TIM9_IRQHandler(void) {
heartbeat_counter += 1U;
}
// check heartbeat counter if we are running EON code. If the heartbeat has been gone for a while, go to NOOUTPUT safety mode.
// check heartbeat counter if we are running EON code. If the heartbeat has been gone for a while, go to SILENT safety mode.
#ifdef EON
if (heartbeat_counter >= (check_started() ? EON_HEARTBEAT_IGNITION_CNT_ON : EON_HEARTBEAT_IGNITION_CNT_OFF)) {
puts("EON hasn't sent a heartbeat for 0x"); puth(heartbeat_counter); puts(" seconds. Safety is set to NOOUTPUT mode.\n");
if(current_safety_mode != SAFETY_NOOUTPUT){
set_safety_mode(SAFETY_NOOUTPUT, 0U);
puts("EON hasn't sent a heartbeat for 0x"); puth(heartbeat_counter); puts(" seconds. Safety is set to SILENT mode.\n");
if(current_safety_mode != SAFETY_SILENT){
set_safety_mode(SAFETY_SILENT, 0U);
}
}
#endif
@ -767,8 +776,8 @@ int main(void) {
TIM2->EGR = TIM_EGR_UG;
// use TIM2->CNT to read
// init to NOOUTPUT and can silent
set_safety_mode(SAFETY_NOOUTPUT, 0);
// init to SILENT and can silent
set_safety_mode(SAFETY_SILENT, 0);
#ifndef EON
spi_init();

8
board/safety.h
View File

@ -18,7 +18,7 @@
#include "safety/safety_elm327.h"
// from cereal.car.CarParams.SafetyModel
#define SAFETY_NOOUTPUT 0U
#define SAFETY_SILENT 0U
#define SAFETY_HONDA 1U
#define SAFETY_TOYOTA 2U
#define SAFETY_ELM327 3U
@ -35,8 +35,9 @@
#define SAFETY_TOYOTA_IPAS 16U
#define SAFETY_ALLOUTPUT 17U
#define SAFETY_GM_ASCM 18U
#define SAFETY_NOOUTPUT 19U
uint16_t current_safety_mode = SAFETY_NOOUTPUT;
uint16_t current_safety_mode = SAFETY_SILENT;
const safety_hooks *current_hooks = &nooutput_hooks;
void safety_rx_hook(CAN_FIFOMailBox_TypeDef *to_push){
@ -72,7 +73,7 @@ typedef struct {
} safety_hook_config;
const safety_hook_config safety_hook_registry[] = {
{SAFETY_NOOUTPUT, &nooutput_hooks},
{SAFETY_SILENT, &nooutput_hooks},
{SAFETY_HONDA, &honda_hooks},
{SAFETY_TOYOTA, &toyota_hooks},
{SAFETY_ELM327, &elm327_hooks},
@ -83,6 +84,7 @@ const safety_hook_config safety_hook_registry[] = {
{SAFETY_SUBARU, &subaru_hooks},
{SAFETY_MAZDA, &mazda_hooks},
{SAFETY_VOLKSWAGEN, &volkswagen_hooks},
{SAFETY_NOOUTPUT, &nooutput_hooks},
#ifdef ALLOW_DEBUG
{SAFETY_CADILLAC, &cadillac_hooks},
{SAFETY_TOYOTA_IPAS, &toyota_ipas_hooks},

4
drivers/linux/panda.c
View File

@ -39,7 +39,7 @@
#define PANDA_DLC_MASK 0x0F
#define SAFETY_ALLOUTPUT 17
#define SAFETY_NOOUTPUT 0
#define SAFETY_SILENT 0
struct panda_usb_ctx {
struct panda_inf_priv *priv;
@ -159,7 +159,7 @@ static int panda_set_output_enable(struct panda_inf_priv* priv, bool enable){
return usb_control_msg(priv->priv_dev->udev,
usb_sndctrlpipe(priv->priv_dev->udev, 0),
0xDC, USB_TYPE_VENDOR | USB_RECIP_DEVICE,
enable ? SAFETY_ALLOUTPUT : SAFETY_NOOUTPUT, 0, NULL, 0, USB_CTRL_SET_TIMEOUT);
enable ? SAFETY_ALLOUTPUT : SAFETY_SILENT, 0, NULL, 0, USB_CTRL_SET_TIMEOUT);
}
static void panda_usb_write_bulk_callback(struct urb *urb)

2
drivers/windows/panda_shared/panda.cpp
View File

@ -277,7 +277,7 @@ bool Panda::esp_reset(uint16_t bootmode = 0) {
return this->control_transfer(REQUEST_OUT, 0xda, bootmode, 0, NULL, 0, 0) != -1;
}
bool Panda::set_safety_mode(PANDA_SAFETY_MODE mode = SAFETY_NOOUTPUT) {
bool Panda::set_safety_mode(PANDA_SAFETY_MODE mode = SAFETY_SILENT) {
return this->control_transfer(REQUEST_OUT, 0xdc, mode, 0, NULL, 0, 0) != -1;
}

2
drivers/windows/panda_shared/panda.h
View File

@ -38,7 +38,7 @@
namespace panda {
typedef enum _PANDA_SAFETY_MODE : uint16_t {
SAFETY_NOOUTPUT = 0,
SAFETY_SILENT = 0,
SAFETY_HONDA = 1,
SAFETY_ALLOUTPUT = 17,
} PANDA_SAFETY_MODE;

4
examples/tesla_tester.py
View File

@ -22,7 +22,7 @@ def tesla_tester():
body_bus_num = 1 # My TDC to OBD adapter has PT on bus0 BDY on bus1 and CH on bus2
p.set_can_speed_kbps(body_bus_num, body_bus_speed)
# Now set the panda from its default of SAFETY_NOOUTPUT (read only) to SAFETY_ALLOUTPUT
# Now set the panda from its default of SAFETY_SILENT (read only) to SAFETY_ALLOUTPUT
# Careful, as this will let us send any CAN messages we want (which could be very bad!)
print("Setting Panda to output mode...")
p.set_safety_mode(Panda.SAFETY_ALLOUTPUT)
@ -37,7 +37,7 @@ def tesla_tester():
#Back to safety...
print("Disabling output on Panda...")
p.set_safety_mode(Panda.SAFETY_NOOUTPUT)
p.set_safety_mode(Panda.SAFETY_SILENT)
print("Reading VIN from 0x568. This is painfully slow and can take up to 3 minutes (1 minute per message; 3 messages needed for full VIN)...")

9
python/__init__.py
View File

@ -110,7 +110,7 @@ class WifiHandle(object):
class Panda(object):
# matches cereal.car.CarParams.SafetyModel
SAFETY_NOOUTPUT = 0
SAFETY_SILENT = 0
SAFETY_HONDA = 1
SAFETY_TOYOTA = 2
SAFETY_ELM327 = 3
@ -127,6 +127,7 @@ class Panda(object):
SAFETY_TOYOTA_IPAS = 16
SAFETY_ALLOUTPUT = 17
SAFETY_GM_ASCM = 18
SAFETY_NOOUTPUT = 19
SERIAL_DEBUG = 0
SERIAL_ESP = 1
@ -354,7 +355,7 @@ class Panda(object):
"can_fwd_errs": a[3],
"gmlan_send_errs": a[4],
"ignition_line": a[5],
"ignition_can": a[6],
"ignition_can": a[6],
"controls_allowed": a[7],
"gas_interceptor_detected": a[8],
"car_harness_status": a[9],
@ -414,7 +415,7 @@ class Panda(object):
self._handle.controlWrite(Panda.REQUEST_OUT, 0xda, int(bootmode), 0, b'')
time.sleep(0.2)
def set_safety_mode(self, mode=SAFETY_NOOUTPUT):
def set_safety_mode(self, mode=SAFETY_SILENT):
self._handle.controlWrite(Panda.REQUEST_OUT, 0xdc, mode, 0, b'')
def set_can_forwarding(self, from_bus, to_bus):
@ -634,4 +635,4 @@ class Panda(object):
# ****************** Phone *****************
def set_phone_power(self, enabled):
self._handle.controlWrite(Panda.REQUEST_OUT, 0xb3, int(enabled), 0, b'')
self._handle.controlWrite(Panda.REQUEST_OUT, 0xb3, int(enabled), 0, b'')

2
tests/automated/2_usb_to_can.py
View File

@ -41,7 +41,7 @@ def test_can_loopback(p):
@panda_connect_and_init
def test_safety_nooutput(p):
# enable output mode
p.set_safety_mode(Panda.SAFETY_NOOUTPUT)
p.set_safety_mode(Panda.SAFETY_SILENT)
# enable CAN loopback mode
p.set_can_loopback(True)

2
tests/black_white_loopback_test.py
View File

@ -67,7 +67,7 @@ def run_test(sleep_duration):
print("Number of cycles:", counter, "Non-zero bus errors:", nonzero_bus_errors, "Zero bus errors:", zero_bus_errors, "Content errors:", content_errors)
# Toggle relay
black_panda.set_safety_mode(Panda.SAFETY_NOOUTPUT)
black_panda.set_safety_mode(Panda.SAFETY_SILENT)
time.sleep(1)
black_panda.set_safety_mode(Panda.SAFETY_ALLOUTPUT)
time.sleep(1)

2
tests/black_white_relay_endurance.py
View File

@ -72,7 +72,7 @@ def run_test(sleep_duration):
if (time.time() - temp_start_time) > 3600*6:
# Toggle relay
black_panda.set_safety_mode(Panda.SAFETY_NOOUTPUT)
black_panda.set_safety_mode(Panda.SAFETY_SILENT)
time.sleep(1)
black_panda.set_safety_mode(Panda.SAFETY_ALLOUTPUT)
time.sleep(1)

2
tests/black_white_relay_test.py
View File

@ -74,7 +74,7 @@ def run_test(sleep_duration):
assert False
# Switch off relay
black_panda.set_safety_mode(Panda.SAFETY_NOOUTPUT)
black_panda.set_safety_mode(Panda.SAFETY_SILENT)
time.sleep(0.05)
if not test_buses(black_panda, other_panda, (0, False, [0, 2])):