You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
329 lines
12 KiB
329 lines
12 KiB
#pragma once
|
|
|
|
#include <stdint.h>
|
|
#include <stdbool.h>
|
|
|
|
// from cereal.car.CarParams.SafetyModel
|
|
#define SAFETY_SILENT 0U
|
|
#define SAFETY_HONDA_NIDEC 1U
|
|
#define SAFETY_TOYOTA 2U
|
|
#define SAFETY_ELM327 3U
|
|
#define SAFETY_GM 4U
|
|
#define SAFETY_HONDA_BOSCH_GIRAFFE 5U
|
|
#define SAFETY_FORD 6U
|
|
#define SAFETY_HYUNDAI 8U
|
|
#define SAFETY_CHRYSLER 9U
|
|
#define SAFETY_TESLA 10U
|
|
#define SAFETY_SUBARU 11U
|
|
#define SAFETY_MAZDA 13U
|
|
#define SAFETY_NISSAN 14U
|
|
#define SAFETY_VOLKSWAGEN_MQB 15U
|
|
#define SAFETY_ALLOUTPUT 17U
|
|
#define SAFETY_GM_ASCM 18U
|
|
#define SAFETY_NOOUTPUT 19U
|
|
#define SAFETY_HONDA_BOSCH 20U
|
|
#define SAFETY_VOLKSWAGEN_PQ 21U
|
|
#define SAFETY_SUBARU_PREGLOBAL 22U
|
|
#define SAFETY_HYUNDAI_LEGACY 23U
|
|
#define SAFETY_HYUNDAI_COMMUNITY 24U
|
|
#define SAFETY_STELLANTIS 25U
|
|
#define SAFETY_FAW 26U
|
|
#define SAFETY_BODY 27U
|
|
#define SAFETY_HYUNDAI_CANFD 28U
|
|
#define SAFETY_RIVIAN 33U
|
|
#define SAFETY_VOLKSWAGEN_MEB 34U
|
|
|
|
#define GET_BIT(msg, b) ((bool)!!(((msg)->data[((b) / 8U)] >> ((b) % 8U)) & 0x1U))
|
|
#define GET_BYTE(msg, b) ((msg)->data[(b)])
|
|
#define GET_FLAG(value, mask) (((__typeof__(mask))(value) & (mask)) == (mask)) // cppcheck-suppress misra-c2012-1.2; allow __typeof__
|
|
|
|
#define BUILD_SAFETY_CFG(rx, tx) ((safety_config){(rx), (sizeof((rx)) / sizeof((rx)[0])), \
|
|
(tx), (sizeof((tx)) / sizeof((tx)[0])), \
|
|
false})
|
|
#define SET_RX_CHECKS(rx, config) \
|
|
do { \
|
|
(config).rx_checks = (rx); \
|
|
(config).rx_checks_len = sizeof((rx)) / sizeof((rx)[0]); \
|
|
(config).disable_forwarding = false; \
|
|
} while (0);
|
|
|
|
#define SET_TX_MSGS(tx, config) \
|
|
do { \
|
|
(config).tx_msgs = (tx); \
|
|
(config).tx_msgs_len = sizeof((tx)) / sizeof((tx)[0]); \
|
|
(config).disable_forwarding = false; \
|
|
} while(0);
|
|
|
|
#define UPDATE_VEHICLE_SPEED(val_ms) (update_sample(&vehicle_speed, ROUND((val_ms) * VEHICLE_SPEED_FACTOR)))
|
|
|
|
uint32_t GET_BYTES(const CANPacket_t *msg, int start, int len);
|
|
|
|
extern const int MAX_WRONG_COUNTERS;
|
|
#define MAX_ADDR_CHECK_MSGS 3U
|
|
#define MAX_SAMPLE_VALS 6
|
|
// used to represent floating point vehicle speed in a sample_t
|
|
#define VEHICLE_SPEED_FACTOR 1000.0
|
|
#define MAX_TORQUE_RT_INTERVAL 250000U
|
|
|
|
|
|
// sample struct that keeps 6 samples in memory
|
|
struct sample_t {
|
|
int values[MAX_SAMPLE_VALS];
|
|
int min;
|
|
int max;
|
|
};
|
|
|
|
// safety code requires floats
|
|
struct lookup_t {
|
|
float x[3];
|
|
float y[3];
|
|
};
|
|
|
|
typedef struct {
|
|
int addr;
|
|
int bus;
|
|
int len;
|
|
bool check_relay; // if true, trigger relay malfunction if existence on destination bus and block forwarding to destination bus
|
|
bool disable_static_blocking; // if true, static blocking is disabled so safety mode can dynamically handle it (e.g. selective AEB pass-through)
|
|
} CanMsg;
|
|
|
|
typedef enum {
|
|
TorqueMotorLimited, // torque steering command, limited by EPS output torque
|
|
TorqueDriverLimited, // torque steering command, limited by driver's input torque
|
|
} SteeringControlType;
|
|
|
|
typedef struct {
|
|
// torque cmd limits
|
|
const int max_torque; // this upper limit is always enforced
|
|
const bool dynamic_max_torque; // use max_torque_lookup to apply torque limit based on speed
|
|
const struct lookup_t max_torque_lookup;
|
|
|
|
const int max_rate_up;
|
|
const int max_rate_down;
|
|
const int max_rt_delta; // max change in torque per 250ms interval (MAX_TORQUE_RT_INTERVAL)
|
|
|
|
const SteeringControlType type;
|
|
|
|
// driver torque limits
|
|
const int driver_torque_allowance;
|
|
const int driver_torque_multiplier;
|
|
|
|
// motor torque limits
|
|
const int max_torque_error;
|
|
|
|
// safety around steer req bit
|
|
const int min_valid_request_frames;
|
|
const int max_invalid_request_frames;
|
|
const uint32_t min_valid_request_rt_interval;
|
|
const bool has_steer_req_tolerance;
|
|
} TorqueSteeringLimits;
|
|
|
|
typedef struct {
|
|
// angle cmd limits (also used by curvature control cars)
|
|
const int max_angle;
|
|
|
|
const float angle_deg_to_can;
|
|
const struct lookup_t angle_rate_up_lookup;
|
|
const struct lookup_t angle_rate_down_lookup;
|
|
const int max_angle_error; // used to limit error between meas and cmd while enabled
|
|
const float angle_error_min_speed; // minimum speed to start limiting angle error
|
|
|
|
const bool angle_is_curvature; // if true, we can apply max lateral acceleration limits
|
|
const bool enforce_angle_error; // enables max_angle_error check
|
|
const bool inactive_angle_is_zero; // if false, enforces angle near meas when disabled (default)
|
|
} AngleSteeringLimits;
|
|
|
|
typedef struct {
|
|
// acceleration cmd limits
|
|
const int max_accel;
|
|
const int min_accel;
|
|
const int inactive_accel;
|
|
|
|
// gas & brake cmd limits
|
|
// inactive and min gas are 0 on most safety modes
|
|
const int max_gas;
|
|
const int min_gas;
|
|
const int inactive_gas;
|
|
const int max_brake;
|
|
|
|
// transmission rpm limits
|
|
const int max_transmission_rpm;
|
|
const int min_transmission_rpm;
|
|
const int inactive_transmission_rpm;
|
|
|
|
// speed cmd limits
|
|
const int inactive_speed;
|
|
} LongitudinalLimits;
|
|
|
|
typedef struct {
|
|
const int addr;
|
|
const int bus;
|
|
const int len;
|
|
const bool ignore_checksum; // checksum check is not performed when set to true
|
|
const bool ignore_counter; // counter check is not performed when set to true
|
|
const uint8_t max_counter; // maximum value of the counter. 0 means that the counter check is skipped
|
|
const bool quality_flag; // true is quality flag check is performed
|
|
const uint32_t frequency; // expected frequency of the message [Hz]
|
|
} CanMsgCheck;
|
|
|
|
typedef struct {
|
|
// dynamic flags, reset on safety mode init
|
|
bool msg_seen;
|
|
int index; // if multiple messages are allowed to be checked, this stores the index of the first one seen. only msg[msg_index] will be used
|
|
bool valid_checksum; // true if and only if checksum check is passed
|
|
int wrong_counters; // counter of wrong counters, saturated between 0 and MAX_WRONG_COUNTERS
|
|
bool valid_quality_flag; // true if the message's quality/health/status signals are valid
|
|
uint8_t last_counter; // last counter value
|
|
uint32_t last_timestamp; // micro-s
|
|
bool lagging; // true if and only if the time between updates is excessive
|
|
} RxStatus;
|
|
|
|
// params and flags about checksum, counter and frequency checks for each monitored address
|
|
typedef struct {
|
|
const CanMsgCheck msg[MAX_ADDR_CHECK_MSGS]; // check either messages (e.g. honda steer)
|
|
RxStatus status;
|
|
} RxCheck;
|
|
|
|
typedef struct {
|
|
RxCheck *rx_checks;
|
|
int rx_checks_len;
|
|
const CanMsg *tx_msgs;
|
|
int tx_msgs_len;
|
|
bool disable_forwarding;
|
|
} safety_config;
|
|
|
|
typedef uint32_t (*get_checksum_t)(const CANPacket_t *to_push);
|
|
typedef uint32_t (*compute_checksum_t)(const CANPacket_t *to_push);
|
|
typedef uint8_t (*get_counter_t)(const CANPacket_t *to_push);
|
|
typedef bool (*get_quality_flag_valid_t)(const CANPacket_t *to_push);
|
|
|
|
typedef safety_config (*safety_hook_init)(uint16_t param);
|
|
typedef void (*rx_hook)(const CANPacket_t *to_push);
|
|
typedef bool (*tx_hook)(const CANPacket_t *to_send); // returns true if the message is allowed
|
|
typedef bool (*fwd_hook)(int bus_num, int addr); // returns true if the message should be blocked from forwarding
|
|
|
|
typedef struct {
|
|
safety_hook_init init;
|
|
rx_hook rx;
|
|
tx_hook tx;
|
|
fwd_hook fwd;
|
|
get_checksum_t get_checksum;
|
|
compute_checksum_t compute_checksum;
|
|
get_counter_t get_counter;
|
|
get_quality_flag_valid_t get_quality_flag_valid;
|
|
} safety_hooks;
|
|
|
|
bool safety_rx_hook(const CANPacket_t *to_push);
|
|
bool safety_tx_hook(CANPacket_t *to_send);
|
|
int to_signed(int d, int bits);
|
|
void update_sample(struct sample_t *sample, int sample_new);
|
|
bool get_longitudinal_allowed(void);
|
|
int ROUND(float val);
|
|
void gen_crc_lookup_table_8(uint8_t poly, uint8_t crc_lut[]);
|
|
#ifdef CANFD
|
|
void gen_crc_lookup_table_16(uint16_t poly, uint16_t crc_lut[]);
|
|
#endif
|
|
bool steer_torque_cmd_checks(int desired_torque, int steer_req, const TorqueSteeringLimits limits);
|
|
bool steer_angle_cmd_checks(int desired_angle, bool steer_control_enabled, const AngleSteeringLimits limits);
|
|
bool longitudinal_accel_checks(int desired_accel, const LongitudinalLimits limits);
|
|
bool longitudinal_speed_checks(int desired_speed, const LongitudinalLimits limits);
|
|
bool longitudinal_gas_checks(int desired_gas, const LongitudinalLimits limits);
|
|
bool longitudinal_transmission_rpm_checks(int desired_transmission_rpm, const LongitudinalLimits limits);
|
|
bool longitudinal_brake_checks(int desired_brake, const LongitudinalLimits limits);
|
|
void pcm_cruise_check(bool cruise_engaged);
|
|
|
|
void safety_tick(const safety_config *safety_config);
|
|
|
|
// This can be set by the safety hooks
|
|
extern bool controls_allowed;
|
|
extern bool relay_malfunction;
|
|
extern bool gas_pressed;
|
|
extern bool gas_pressed_prev;
|
|
extern bool brake_pressed;
|
|
extern bool brake_pressed_prev;
|
|
extern bool regen_braking;
|
|
extern bool regen_braking_prev;
|
|
extern bool steering_disengage;
|
|
extern bool steering_disengage_prev;
|
|
extern bool cruise_engaged_prev;
|
|
extern struct sample_t vehicle_speed;
|
|
extern bool vehicle_moving;
|
|
extern bool acc_main_on; // referred to as "ACC off" in ISO 15622:2018
|
|
extern int cruise_button_prev;
|
|
extern bool safety_rx_checks_invalid;
|
|
|
|
// for safety modes with torque steering control
|
|
extern int desired_torque_last; // last desired steer torque
|
|
extern int rt_torque_last; // last desired torque for real time check
|
|
extern int valid_steer_req_count; // counter for steer request bit matching non-zero torque
|
|
extern int invalid_steer_req_count; // counter to allow multiple frames of mismatching torque request bit
|
|
extern struct sample_t torque_meas; // last 6 motor torques produced by the eps
|
|
extern struct sample_t torque_driver; // last 6 driver torques measured
|
|
extern uint32_t ts_torque_check_last;
|
|
extern uint32_t ts_steer_req_mismatch_last; // last timestamp steer req was mismatched with torque
|
|
|
|
// state for controls_allowed timeout logic
|
|
extern bool heartbeat_engaged; // openpilot enabled, passed in heartbeat USB command
|
|
extern uint32_t heartbeat_engaged_mismatches; // count of mismatches between heartbeat_engaged and controls_allowed
|
|
|
|
// for safety modes with angle steering control
|
|
extern uint32_t ts_angle_last;
|
|
extern int desired_angle_last;
|
|
extern struct sample_t angle_meas; // last 6 steer angles/curvatures
|
|
|
|
// This can be set with a USB command
|
|
// It enables features that allow alternative experiences, like not disengaging on gas press
|
|
// It is only either 0 or 1 on mainline comma.ai openpilot
|
|
|
|
#define ALT_EXP_DISABLE_DISENGAGE_ON_GAS 1
|
|
|
|
// If using this flag, make sure to communicate to your users that a stock safety feature is now disabled.
|
|
#define ALT_EXP_DISABLE_STOCK_AEB 2
|
|
|
|
// If using this flag, be aware that harder braking is more likely to lead to rear endings,
|
|
// and that alone this flag doesn't make braking compliant because there's also a time element.
|
|
// Setting this flag is used for allowing the full -5.0 to +4.0 m/s^2 at lower speeds
|
|
// See ISO 15622:2018 for more information.
|
|
#define ALT_EXP_RAISE_LONGITUDINAL_LIMITS_TO_ISO_MAX 8
|
|
|
|
// This flag allows AEB to be commanded from openpilot.
|
|
#define ALT_EXP_ALLOW_AEB 16
|
|
|
|
extern int alternative_experience;
|
|
|
|
// time since safety mode has been changed
|
|
extern uint32_t safety_mode_cnt;
|
|
|
|
typedef struct {
|
|
uint16_t id;
|
|
const safety_hooks *hooks;
|
|
} safety_hook_config;
|
|
|
|
extern uint16_t current_safety_mode;
|
|
extern uint16_t current_safety_param;
|
|
extern safety_config current_safety_config;
|
|
|
|
int safety_fwd_hook(int bus_num, int addr);
|
|
int set_safety_hooks(uint16_t mode, uint16_t param);
|
|
|
|
extern const safety_hooks body_hooks;
|
|
extern const safety_hooks chrysler_hooks;
|
|
extern const safety_hooks elm327_hooks;
|
|
extern const safety_hooks nooutput_hooks;
|
|
extern const safety_hooks alloutput_hooks;
|
|
extern const safety_hooks ford_hooks;
|
|
extern const safety_hooks gm_hooks;
|
|
extern const safety_hooks honda_nidec_hooks;
|
|
extern const safety_hooks honda_bosch_hooks;
|
|
extern const safety_hooks hyundai_canfd_hooks;
|
|
extern const safety_hooks hyundai_hooks;
|
|
extern const safety_hooks hyundai_legacy_hooks;
|
|
extern const safety_hooks mazda_hooks;
|
|
extern const safety_hooks nissan_hooks;
|
|
extern const safety_hooks subaru_hooks;
|
|
extern const safety_hooks subaru_preglobal_hooks;
|
|
extern const safety_hooks tesla_hooks;
|
|
extern const safety_hooks toyota_hooks;
|
|
extern const safety_hooks volkswagen_mqb_hooks;
|
|
extern const safety_hooks volkswagen_pq_hooks;
|
|
extern const safety_hooks rivian_hooks;
|
|
|