retropilot
/
panda
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Hyundai safety: added Santa Fe safety: need to be tested. Removed some unnecessary funcitons

master
Riccardo 2018-08-28 16:01:40 -07:00
parent 4e9d08aabb
commit 8a1dcbec54
8 changed files with 136 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
board/safety/safety_cadillac.h
View File

@ -125,7 +125,7 @@ const safety_hooks cadillac_hooks = {
.init = cadillac_init,
.rx = cadillac_rx_hook,
.tx = cadillac_tx_hook,
.tx_lin = alloutput_tx_lin_hook,
.tx_lin = nooutput_tx_lin_hook,
.ignition = cadillac_ign_hook,
.fwd = alloutput_fwd_hook,
};

1
board/safety/safety_defaults.h
View File

@ -57,4 +57,3 @@ const safety_hooks alloutput_hooks = {
.ignition = default_ign_hook,
.fwd = alloutput_fwd_hook,
};

19
board/safety/safety_ford.h
View File

@ -83,24 +83,11 @@ static int ford_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
return true;
}
static int ford_tx_lin_hook(int lin_num, uint8_t *data, int len) {
// TODO: add safety if using LIN
return true;
}
static void ford_init(int16_t param) {
controls_allowed = 0;
}
static int ford_fwd_hook(int bus_num, CAN_FIFOMailBox_TypeDef *to_fwd) {
return -1;
}
const safety_hooks ford_hooks = {
.init = ford_init,
.init = nooutput_init,
.rx = ford_rx_hook,
.tx = ford_tx_hook,
.tx_lin = ford_tx_lin_hook,
.tx_lin = nooutput_tx_lin_hook,
.ignition = default_ign_hook,
.fwd = ford_fwd_hook,
.fwd = nooutput_fwd_hook,
};

13
board/safety/safety_gm.h
View File

@ -222,11 +222,6 @@ static int gm_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
return true;
}
static int gm_tx_lin_hook(int lin_num, uint8_t *data, int len) {
// LIN is not used in Volt
return false;
}
static void gm_init(int16_t param) {
controls_allowed = 0;
gm_ignition_started = 0;
@ -236,16 +231,12 @@ static int gm_ign_hook() {
return gm_ignition_started;
}
static int gm_fwd_hook(int bus_num, CAN_FIFOMailBox_TypeDef *to_fwd) {
return -1;
}
const safety_hooks gm_hooks = {
.init = gm_init,
.rx = gm_rx_hook,
.tx = gm_tx_hook,
.tx_lin = gm_tx_lin_hook,
.tx_lin = nooutput_tx_lin_hook,
.ignition = gm_ign_hook,
.fwd = gm_fwd_hook,
.fwd = nooutput_fwd_hook,
};

17
board/safety/safety_honda.h
View File

@ -119,7 +119,7 @@ static int honda_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
if ((to_send->RDLR & 0xFFFF0000) != to_send->RDLR) return 0;
}
}
// FORCE CANCEL: safety check only relevant when spamming the cancel button in Bosch HW
// ensuring that only the cancel button press is sent (VAL 2) when controls are off.
// This avoids unintended engagements while still allowing resume spam
@ -132,28 +132,19 @@ static int honda_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
return true;
}
static int honda_tx_lin_hook(int lin_num, uint8_t *data, int len) {
// TODO: add safety if using LIN
return true;
}
static void honda_init(int16_t param) {
controls_allowed = 0;
bosch_hardware = false;
honda_alt_brake_msg = false;
}
static int honda_fwd_hook(int bus_num, CAN_FIFOMailBox_TypeDef *to_fwd) {
return -1;
}
const safety_hooks honda_hooks = {
.init = honda_init,
.rx = honda_rx_hook,
.tx = honda_tx_hook,
.tx_lin = honda_tx_lin_hook,
.tx_lin = nooutput_tx_lin_hook,
.ignition = default_ign_hook,
.fwd = honda_fwd_hook,
.fwd = nooutput_fwd_hook,
};
static void honda_bosch_init(int16_t param) {
@ -175,7 +166,7 @@ const safety_hooks honda_bosch_hooks = {
.init = honda_bosch_init,
.rx = honda_rx_hook,
.tx = honda_tx_hook,
.tx_lin = honda_tx_lin_hook,
.tx_lin = nooutput_tx_lin_hook,
.ignition = default_ign_hook,
.fwd = honda_bosch_fwd_hook,
};

141
board/safety/safety_hyundai.h
View File

@ -1,36 +1,137 @@
int hyundai_giraffe_switch_1 = 0; // is giraffe switch 1 high?
const int HYUNDAI_MAX_STEER = 250;
const int HYUNDAI_MAX_RT_DELTA = 128; // max delta torque allowed for real time checks
const int32_t HYUNDAI_RT_INTERVAL = 250000; // 250ms between real time checks
const int HYUNDAI_MAX_RATE_UP = 4;
const int HYUNDAI_MAX_RATE_DOWN = 8;
const int HYUNDAI_DRIVER_TORQUE_ALLOWANCE = 50;
const int HYUNDAI_DRIVER_TORQUE_FACTOR = 4;
int hyundai_brake_prev = 0;
int hyundai_gas_prev = 0;
int hyundai_speed = 0;
int hyundai_camera_detected = 0;
int hyundai_rt_torque_last = 0;
int hyundai_desired_torque_last = 0;
int hyundai_cruise_engaged_last = 0;
uint32_t hyundai_ts_last = 0;
struct sample_t hyundai_torque_driver; // last few driver torques measured
static void hyundai_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {
int bus_number = (to_push->RDTR >> 4) & 0xFF;
uint32_t addr;
if (to_push->RIR & 4) {
// Extended
// Not looked at, but have to be separated
// to avoid address collision
addr = to_push->RIR >> 3;
} else {
// Normal
addr = to_push->RIR >> 21;
}
int bus = (to_push->RDTR >> 4) & 0xF;
// 832 is lkas cmd. If it is on bus 0, then giraffe switch 1 is high and we want stock
if ((to_push->RIR>>21) == 832 && (bus == 0)) {
hyundai_giraffe_switch_1 = 1;
if (addr == 897) {
int torque_driver_new = ((to_push->RDHR >> 11) & 0x7ff) - 2048;
// update array of samples
update_sample(&hyundai_torque_driver, torque_driver_new);
}
// check if stock camera ECU is still online
if (bus_number == 0 && addr == 832) {
hyundai_camera_detected = 1;
controls_allowed = 0;
}
// enter controls on rising edge of ACC, exit controls on ACC off
if ((to_push->RIR>>21) == 1057) {
// 2 bits: 13-14
int cruise_engaged = (to_push->RDLR >> 13) & 0x3;
if (cruise_engaged && !hyundai_cruise_engaged_last) {
controls_allowed = 1;
} else if (!cruise_engaged) {
controls_allowed = 0;
}
hyundai_cruise_engaged_last = cruise_engaged;
}
}
static void hyundai_init(int16_t param) {
controls_allowed = 1;
hyundai_giraffe_switch_1 = 0;
}
static int hyundai_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
static int hyundai_fwd_hook(int bus_num, CAN_FIFOMailBox_TypeDef *to_fwd) {
// forward camera to car and viceversa, excpet for lkas11 and mdps12
if ((bus_num == 0 || bus_num == 2) && !hyundai_giraffe_switch_1) {
int addr = to_fwd->RIR>>21;
bool is_lkas_msg = (addr == 832 && bus_num == 2) || (addr == 593 && bus_num == 0);
return is_lkas_msg? -1 : (uint8_t)(~bus_num & 0x2);
// There can be only one! (camera)
if (hyundai_camera_detected) {
return 0;
}
return -1;
// disallow actuator commands if gas or brake (with vehicle moving) are pressed
// and the the latching controls_allowed flag is True
int pedal_pressed = hyundai_gas_prev || (hyundai_brake_prev && hyundai_speed);
int current_controls_allowed = controls_allowed && !pedal_pressed;
uint32_t addr;
if (to_send->RIR & 4) {
// Extended
addr = to_send->RIR >> 3;
} else {
// Normal
addr = to_send->RIR >> 21;
}
// LKA STEER: safety check
if (addr == 832) {
int rdlr = to_send->RDLR;
int desired_torque = ((rdlr >> 16) & 0x7ff) - 1024;
uint32_t ts = TIM2->CNT;
int violation = 0;
if (current_controls_allowed) {
// *** global torque limit check ***
violation |= max_limit_check(desired_torque, HYUNDAI_MAX_STEER, -HYUNDAI_MAX_STEER);
// *** torque rate limit check ***
violation |= driver_limit_check(desired_torque, hyundai_desired_torque_last, &hyundai_torque_driver,
HYUNDAI_MAX_STEER, HYUNDAI_MAX_RATE_UP, HYUNDAI_MAX_RATE_DOWN,
HYUNDAI_DRIVER_TORQUE_ALLOWANCE, HYUNDAI_DRIVER_TORQUE_FACTOR);
// used next time
hyundai_desired_torque_last = desired_torque;
// *** torque real time rate limit check ***
violation |= rt_rate_limit_check(desired_torque, hyundai_rt_torque_last, HYUNDAI_MAX_RT_DELTA);
// every RT_INTERVAL set the new limits
uint32_t ts_elapsed = get_ts_elapsed(ts, hyundai_ts_last);
if (ts_elapsed > HYUNDAI_RT_INTERVAL) {
hyundai_rt_torque_last = desired_torque;
hyundai_ts_last = ts;
}
}
// no torque if controls is not allowed
if (!current_controls_allowed && (desired_torque != 0)) {
violation = 1;
}
// reset to 0 if either controls is not allowed or there's a violation
if (violation || !current_controls_allowed) {
hyundai_desired_torque_last = 0;
hyundai_rt_torque_last = 0;
hyundai_ts_last = ts;
}
if (violation) {
return false;
}
}
// 1 allows the message through
return true;
}
const safety_hooks hyundai_hooks = {
.init = hyundai_init,
.init = nooutput_init,
.rx = hyundai_rx_hook,
.tx = alloutput_tx_hook,
.tx = hyundai_tx_hook,
.tx_lin = nooutput_tx_lin_hook,
.ignition = default_ign_hook,
.fwd = hyundai_fwd_hook,
.fwd = nooutput_fwd_hook,
};

13
board/safety/safety_toyota.h
View File

@ -107,7 +107,7 @@ static int toyota_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
violation |= max_limit_check(desired_torque, TOYOTA_MAX_TORQUE, -TOYOTA_MAX_TORQUE);
// *** torque rate limit check ***
violation |= dist_to_meas_check(desired_torque, toyota_desired_torque_last,
violation |= dist_to_meas_check(desired_torque, toyota_desired_torque_last,
&toyota_torque_meas, TOYOTA_MAX_RATE_UP, TOYOTA_MAX_RATE_DOWN, TOYOTA_MAX_TORQUE_ERROR);
// used next time
@ -123,7 +123,7 @@ static int toyota_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
toyota_ts_last = ts;
}
}
// no torque if controls is not allowed
if (!controls_allowed && (desired_torque != 0)) {
violation = 1;
@ -146,11 +146,6 @@ static int toyota_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
return true;
}
static int toyota_tx_lin_hook(int lin_num, uint8_t *data, int len) {
// TODO: add safety if using LIN
return true;
}
static void toyota_init(int16_t param) {
controls_allowed = 0;
toyota_actuation_limits = 1;
@ -173,7 +168,7 @@ const safety_hooks toyota_hooks = {
.init = toyota_init,
.rx = toyota_rx_hook,
.tx = toyota_tx_hook,
.tx_lin = toyota_tx_lin_hook,
.tx_lin = nooutput_tx_lin_hook,
.ignition = default_ign_hook,
.fwd = toyota_fwd_hook,
};
@ -189,7 +184,7 @@ const safety_hooks toyota_nolimits_hooks = {
.init = toyota_nolimits_init,
.rx = toyota_rx_hook,
.tx = toyota_tx_hook,
.tx_lin = toyota_tx_lin_hook,
.tx_lin = nooutput_tx_lin_hook,
.ignition = default_ign_hook,
.fwd = toyota_fwd_hook,
};

2
board/safety/safety_toyota_ipas.h
View File

@ -149,7 +149,7 @@ const safety_hooks toyota_ipas_hooks = {
.init = toyota_init,
.rx = toyota_ipas_rx_hook,
.tx = toyota_ipas_tx_hook,
.tx_lin = toyota_tx_lin_hook,
.tx_lin = nooutput_tx_lin_hook,
.ignition = default_ign_hook,
.fwd = toyota_fwd_hook,
};