Squashed 'panda/' changes from 9cffa74..ef880b7

ef880b7 Merge pull request #116 from commaai/buy_panda
9311f0d update readme graphics
4150684 add javascript and bump pandacan version
ace4a22 Ford safety (#115)

git-subtree-dir: panda
git-subtree-split: ef880b76356a992509d809d3369b5954636969f3

README.md

@@ -15,7 +15,7 @@ It is 2nd gen hardware, reusing code and parts from the [NEO](https://github.com
 
 [![CircleCI](https://circleci.com/gh/commaai/panda.svg?style=svg)](https://circleci.com/gh/commaai/panda)
 
-Usage
+Usage (Python)
 ------
 
 To install the library:
@@ -37,6 +37,12 @@ And to send one on bus 0:
 ```
 Find user made scripts on the [wiki](https://community.comma.ai/wiki/index.php/Panda_scripts)
 
+Usage (JavaScript)
+-------
+
+See [PandaJS](https://github.com/commaai/pandajs)
+
+
 Software interface support
 ------
 

board/safety.h

@@ -30,6 +30,7 @@ int controls_allowed = 0;
 #include "safety/safety_toyota_ipas.h"
 #endif
 #include "safety/safety_gm.h"
+#include "safety/safety_ford.h"
 #include "safety/safety_elm327.h"
 
 const safety_hooks *current_hooks = &nooutput_hooks;
@@ -64,10 +65,11 @@ typedef struct {
 #define SAFETY_NOOUTPUT 0
 #define SAFETY_HONDA 1
 #define SAFETY_TOYOTA 2
-#define SAFETY_TOYOTA_IPAS 0x1335
-#define SAFETY_TOYOTA_NOLIMITS 0x1336
 #define SAFETY_GM 3
 #define SAFETY_HONDA_BOSCH 4
+#define SAFETY_FORD 5
+#define SAFETY_TOYOTA_IPAS 0x1335
+#define SAFETY_TOYOTA_NOLIMITS 0x1336
 #define SAFETY_ALLOUTPUT 0x1337
 #define SAFETY_ELM327 0xE327
 
@@ -76,11 +78,12 @@ const safety_hook_config safety_hook_registry[] = {
   {SAFETY_HONDA, &honda_hooks},
   {SAFETY_HONDA_BOSCH, &honda_bosch_hooks},
   {SAFETY_TOYOTA, &toyota_hooks},
+  {SAFETY_GM, &gm_hooks},
+  {SAFETY_FORD, &ford_hooks},
   {SAFETY_TOYOTA_NOLIMITS, &toyota_nolimits_hooks},
 #ifdef PANDA
   {SAFETY_TOYOTA_IPAS, &toyota_ipas_hooks},
 #endif
-  {SAFETY_GM, &gm_hooks},
   {SAFETY_ALLOUTPUT, &alloutput_hooks},
   {SAFETY_ELM327, &elm327_hooks},
 };

board/safety/safety_ford.h

@@ -0,0 +1,110 @@
+// board enforces
+//   in-state
+//      accel set/resume
+//   out-state
+//      cancel button
+//      accel rising edge
+//      brake rising edge
+//      brake > 0mph
+
+int ford_brake_prev = 0;
+int ford_gas_prev = 0;
+int ford_is_moving = 0;
+
+static void ford_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {
+
+  if ((to_push->RIR>>21) == 0x217) {
+    // wheel speeds are 14 bits every 16
+    ford_is_moving = 0xFCFF & (to_push->RDLR | (to_push->RDLR >> 16) |
+                               to_push->RDHR | (to_push->RDHR >> 16));
+  }
+
+  // state machine to enter and exit controls
+  if ((to_push->RIR>>21) == 0x83) {
+    int cancel = ((to_push->RDLR >> 8) & 0x1);
+    int set_or_resume = (to_push->RDLR >> 28) & 0x3;
+    if (cancel) {
+      controls_allowed = 0;
+    } else if (set_or_resume) {
+      controls_allowed = 1;
+    }
+  }
+
+  // exit controls on rising edge of brake press or on brake press when
+  // speed > 0
+  if ((to_push->RIR>>21) == 0x165) {
+    int brake = to_push->RDLR & 0x20;
+    if (brake && (!(ford_brake_prev) || ford_is_moving)) {
+      controls_allowed = 0;
+    }
+    ford_brake_prev = brake;
+  }
+
+  // exit controls on rising edge of gas press
+  if ((to_push->RIR>>21) == 0x204) {
+    int gas = to_push->RDLR & 0xFF03;
+    if (gas && !(ford_gas_prev)) {
+      controls_allowed = 0;
+    }
+    ford_gas_prev = gas;
+  }
+}
+
+// all commands: just steering
+// if controls_allowed and no pedals pressed
+//     allow all commands up to limit
+// else
+//     block all commands that produce actuation
+
+static int ford_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
+
+  // disallow actuator commands if gas or brake (with vehicle moving) are pressed
+  // and the the latching controls_allowed flag is True
+  int pedal_pressed = ford_gas_prev || (ford_brake_prev && ford_is_moving);
+  int current_controls_allowed = controls_allowed && !(pedal_pressed);
+
+  // STEER: safety check
+  if ((to_send->RIR>>21) == 0x3CA) {
+    if (current_controls_allowed) {
+      // all messages are fine here
+    } else {
+      // bits 7-4 need to be 0xF to disallow lkas commands
+      if (((to_send->RDLR >> 4) & 0xF) != 0xF) return 0;
+    }
+  }
+
+  // FORCE CANCEL: safety check only relevant when spamming the cancel button
+  // ensuring that set and resume aren't sent
+  if ((to_send->RIR>>21) == 0x83) {
+    if ((to_send->RDLR >> 28) & 0x3) return 0;
+  }
+
+  // 1 allows the message through
+  return true;
+}
+
+static int ford_tx_lin_hook(int lin_num, uint8_t *data, int len) {
+  // TODO: add safety if using LIN
+  return true;
+}
+
+static void ford_init(int16_t param) {
+  controls_allowed = 0;
+}
+
+static int ford_fwd_hook(int bus_num, CAN_FIFOMailBox_TypeDef *to_fwd) {
+  return -1;
+}
+
+static int ford_ign_hook() {
+  return -1;
+}
+
+const safety_hooks ford_hooks = {
+  .init = ford_init,
+  .rx = ford_rx_hook,
+  .tx = ford_tx_hook,
+  .tx_lin = ford_tx_lin_hook,
+  .ignition = ford_ign_hook,
+  .fwd = ford_fwd_hook,
+};

python/__init__.py

@@ -15,7 +15,7 @@ from update import ensure_st_up_to_date
 from serial import PandaSerial
 from isotp import isotp_send, isotp_recv
 
-__version__ = '0.0.7'
+__version__ = '0.0.8'
 
 BASEDIR = os.path.join(os.path.dirname(os.path.realpath(__file__)), "../")