retropilot
/
panda
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
panda/board/safety/safety_hyundai.h

190 lines
5.9 KiB
C
Raw Blame History

const int HYUNDAI_MAX_STEER = 255; // like stock
const int HYUNDAI_MAX_RT_DELTA = 112; // max delta torque allowed for real time checks
const uint32_t HYUNDAI_RT_INTERVAL = 250000; // 250ms between real time checks
const int HYUNDAI_MAX_RATE_UP = 3;
const int HYUNDAI_MAX_RATE_DOWN = 7;
const int HYUNDAI_DRIVER_TORQUE_ALLOWANCE = 50;
const int HYUNDAI_DRIVER_TORQUE_FACTOR = 2;
const int HYUNDAI_STANDSTILL_THRSLD = 30; // ~1kph
const AddrBus HYUNDAI_TX_MSGS[] = {{832, 0}, {1265, 0}};
// TODO: do checksum and counter checks
AddrCheckStruct hyundai_rx_checks[] = {
{.addr = {608}, .bus = 0, .expected_timestep = 10000U},
{.addr = {897}, .bus = 0, .expected_timestep = 10000U},
{.addr = {902}, .bus = 0, .expected_timestep = 10000U},
{.addr = {916}, .bus = 0, .expected_timestep = 10000U},
{.addr = {1057}, .bus = 0, .expected_timestep = 20000U},
};
const int HYUNDAI_RX_CHECK_LEN = sizeof(hyundai_rx_checks) / sizeof(hyundai_rx_checks[0]);
int hyundai_rt_torque_last = 0;
int hyundai_desired_torque_last = 0;
int hyundai_cruise_engaged_last = 0;
int hyundai_speed = 0;
uint32_t hyundai_ts_last = 0;
struct sample_t hyundai_torque_driver; // last few driver torques measured
static int hyundai_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {
bool valid = addr_safety_check(to_push, hyundai_rx_checks, HYUNDAI_RX_CHECK_LEN,
NULL, NULL, NULL);
bool unsafe_allow_gas = unsafe_mode & UNSAFE_DISABLE_DISENGAGE_ON_GAS;
if (valid && GET_BUS(to_push) == 0) {
int addr = GET_ADDR(to_push);
if (addr == 897) {
int torque_driver_new = ((GET_BYTES_04(to_push) >> 11) & 0xfff) - 2048;
// update array of samples
update_sample(&hyundai_torque_driver, torque_driver_new);
}
// enter controls on rising edge of ACC, exit controls on ACC off
if (addr == 1057) {
// 2 bits: 13-14
int cruise_engaged = (GET_BYTES_04(to_push) >> 13) & 0x3;
if (cruise_engaged && !hyundai_cruise_engaged_last) {
controls_allowed = 1;
}
if (!cruise_engaged) {
controls_allowed = 0;
}
hyundai_cruise_engaged_last = cruise_engaged;
}
// exit controls on rising edge of gas press
if (addr == 608) {
bool gas_pressed = (GET_BYTE(to_push, 7) >> 6) != 0;
if (!unsafe_allow_gas && gas_pressed && !gas_pressed_prev) {
controls_allowed = 0;
}
gas_pressed_prev = gas_pressed;
}
// sample subaru wheel speed, averaging opposite corners
if (addr == 902) {
hyundai_speed = GET_BYTES_04(to_push) & 0x3FFF; // FL
hyundai_speed += (GET_BYTES_48(to_push) >> 16) & 0x3FFF; // RL
hyundai_speed /= 2;
}
// exit controls on rising edge of brake press
if (addr == 916) {
bool brake_pressed = (GET_BYTE(to_push, 6) >> 7) != 0;
if (brake_pressed && (!brake_pressed_prev || (hyundai_speed > HYUNDAI_STANDSTILL_THRSLD))) {
controls_allowed = 0;
}
brake_pressed_prev = brake_pressed;
}
// check if stock camera ECU is on bus 0
if ((safety_mode_cnt > RELAY_TRNS_TIMEOUT) && (addr == 832)) {
relay_malfunction_set();
}
}
return valid;
}
static int hyundai_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
int tx = 1;
int addr = GET_ADDR(to_send);
int bus = GET_BUS(to_send);
if (!msg_allowed(addr, bus, HYUNDAI_TX_MSGS, sizeof(HYUNDAI_TX_MSGS)/sizeof(HYUNDAI_TX_MSGS[0]))) {
tx = 0;
}
if (relay_malfunction) {
tx = 0;
}
// LKA STEER: safety check
if (addr == 832) {
int desired_torque = ((GET_BYTES_04(to_send) >> 16) & 0x7ff) - 1024;
uint32_t ts = TIM2->CNT;
bool violation = 0;
if (controls_allowed) {
// *** global torque limit check ***
violation |= max_limit_check(desired_torque, HYUNDAI_MAX_STEER, -HYUNDAI_MAX_STEER);
// *** torque rate limit check ***
violation |= driver_limit_check(desired_torque, hyundai_desired_torque_last, &hyundai_torque_driver,
HYUNDAI_MAX_STEER, HYUNDAI_MAX_RATE_UP, HYUNDAI_MAX_RATE_DOWN,
HYUNDAI_DRIVER_TORQUE_ALLOWANCE, HYUNDAI_DRIVER_TORQUE_FACTOR);
// used next time
hyundai_desired_torque_last = desired_torque;
// *** torque real time rate limit check ***
violation |= rt_rate_limit_check(desired_torque, hyundai_rt_torque_last, HYUNDAI_MAX_RT_DELTA);
// every RT_INTERVAL set the new limits
uint32_t ts_elapsed = get_ts_elapsed(ts, hyundai_ts_last);
if (ts_elapsed > HYUNDAI_RT_INTERVAL) {
hyundai_rt_torque_last = desired_torque;
hyundai_ts_last = ts;
}
}
// no torque if controls is not allowed
if (!controls_allowed && (desired_torque != 0)) {
violation = 1;
}
// reset to 0 if either controls is not allowed or there's a violation
if (violation || !controls_allowed) {
hyundai_desired_torque_last = 0;
hyundai_rt_torque_last = 0;
hyundai_ts_last = ts;
}
if (violation) {
tx = 0;
}
}
// FORCE CANCEL: safety check only relevant when spamming the cancel button.
// ensuring that only the cancel button press is sent (VAL 4) when controls are off.
// This avoids unintended engagements while still allowing resume spam
if ((addr == 1265) && !controls_allowed) {
if ((GET_BYTES_04(to_send) & 0x7) != 4) {
tx = 0;
}
}
// 1 allows the message through
return tx;
}
static int hyundai_fwd_hook(int bus_num, CAN_FIFOMailBox_TypeDef *to_fwd) {
int bus_fwd = -1;
int addr = GET_ADDR(to_fwd);
// forward cam to ccan and viceversa, except lkas cmd
if (!relay_malfunction) {
if (bus_num == 0) {
bus_fwd = 2;
}
if ((bus_num == 2) && (addr != 832)) {
bus_fwd = 0;
}
}
return bus_fwd;
}
const safety_hooks hyundai_hooks = {
.init = nooutput_init,
.rx = hyundai_rx_hook,
.tx = hyundai_tx_hook,
.tx_lin = nooutput_tx_lin_hook,
.fwd = hyundai_fwd_hook,
.addr_check = hyundai_rx_checks,
.addr_check_len = sizeof(hyundai_rx_checks) / sizeof(hyundai_rx_checks[0]),
};
Reference in New Issue View Git Blame Copy Permalink