You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1057 lines
42 KiB
1057 lines
42 KiB
import os
|
|
import abc
|
|
import math
|
|
import unittest
|
|
import importlib
|
|
import numpy as np
|
|
from collections.abc import Callable
|
|
|
|
from opendbc.can.packer import CANPacker # pylint: disable=import-error
|
|
from opendbc.safety import ALTERNATIVE_EXPERIENCE
|
|
from opendbc.safety.tests.libsafety import libsafety_py
|
|
|
|
MAX_WRONG_COUNTERS = 5
|
|
MAX_SAMPLE_VALS = 6
|
|
VEHICLE_SPEED_FACTOR = 1000
|
|
|
|
MessageFunction = Callable[[float], libsafety_py.CANPacket]
|
|
|
|
|
|
def sign_of(a):
|
|
return 1 if a > 0 else -1
|
|
|
|
|
|
def away_round(x):
|
|
# non-banker's/away from zero rounding, C++ CANParser uses this style
|
|
return math.floor(x + 0.5) if x >= 0 else math.ceil(x - 0.5)
|
|
|
|
|
|
def round_speed(v):
|
|
return round(v * VEHICLE_SPEED_FACTOR) / VEHICLE_SPEED_FACTOR
|
|
|
|
|
|
def make_msg(bus, addr, length=8, dat=None):
|
|
if dat is None:
|
|
dat = b'\x00' * length
|
|
return libsafety_py.make_CANPacket(addr, bus, dat)
|
|
|
|
|
|
class CANPackerPanda(CANPacker):
|
|
def make_can_msg_panda(self, name_or_addr, bus, values, fix_checksum=None):
|
|
msg = self.make_can_msg(name_or_addr, bus, values)
|
|
if fix_checksum is not None:
|
|
msg = fix_checksum(msg)
|
|
addr, dat, bus = msg
|
|
return libsafety_py.make_CANPacket(addr, bus, dat)
|
|
|
|
|
|
def add_regen_tests(cls):
|
|
"""Dynamically adds regen tests for all user brake tests."""
|
|
|
|
# only rx/user brake tests, not brake command
|
|
found_tests = [func for func in dir(cls) if func.startswith("test_") and "user_brake" in func]
|
|
assert len(found_tests) >= 3, "Failed to detect known brake tests"
|
|
|
|
for test in found_tests:
|
|
def _make_regen_test(brake_func):
|
|
def _regen_test(self):
|
|
# only for safety modes with a regen message
|
|
if self._user_regen_msg(0) is None:
|
|
raise unittest.SkipTest("Safety mode implements no _user_regen_msg")
|
|
|
|
getattr(self, brake_func)(self._user_regen_msg, self.safety.get_regen_braking_prev)
|
|
return _regen_test
|
|
|
|
setattr(cls, test.replace("brake", "regen"), _make_regen_test(test))
|
|
|
|
return cls
|
|
|
|
|
|
class PandaSafetyTestBase(unittest.TestCase):
|
|
safety: libsafety_py.Panda
|
|
|
|
@classmethod
|
|
def setUpClass(cls):
|
|
if cls.__name__ == "PandaSafetyTestBase":
|
|
cls.safety = None
|
|
raise unittest.SkipTest
|
|
|
|
def _reset_safety_hooks(self):
|
|
self.safety.set_safety_hooks(self.safety.get_current_safety_mode(),
|
|
self.safety.get_current_safety_param())
|
|
|
|
def _rx(self, msg):
|
|
return self.safety.safety_rx_hook(msg)
|
|
|
|
def _tx(self, msg):
|
|
return self.safety.safety_tx_hook(msg)
|
|
|
|
def _generic_limit_safety_check(self, msg_function: MessageFunction, min_allowed_value: float, max_allowed_value: float,
|
|
min_possible_value: float, max_possible_value: float, test_delta: float = 1, inactive_value: float = 0,
|
|
msg_allowed = True, additional_setup: Callable[[float], None] | None = None):
|
|
"""
|
|
Enforces that a signal within a message is only allowed to be sent within a specific range, min_allowed_value -> max_allowed_value.
|
|
Tests the range of min_possible_value -> max_possible_value with a delta of test_delta.
|
|
Message is also only allowed to be sent when controls_allowed is true, unless the value is equal to inactive_value.
|
|
Message is never allowed if msg_allowed is false, for example when stock longitudinal is enabled and you are sending acceleration requests.
|
|
additional_setup is used for extra setup before each _tx, ex: for setting the previous torque for rate limits
|
|
"""
|
|
|
|
# Ensure that we at least test the allowed_value range
|
|
self.assertGreater(max_possible_value, max_allowed_value)
|
|
self.assertLessEqual(min_possible_value, min_allowed_value)
|
|
|
|
for controls_allowed in [False, True]:
|
|
# enforce we don't skip over 0 or inactive
|
|
for v in np.concatenate((np.arange(min_possible_value, max_possible_value, test_delta), np.array([0, inactive_value]))):
|
|
v = round(v, 2) # floats might not hit exact boundary conditions without rounding
|
|
self.safety.set_controls_allowed(controls_allowed)
|
|
if additional_setup is not None:
|
|
additional_setup(v)
|
|
should_tx = controls_allowed and min_allowed_value <= v <= max_allowed_value
|
|
should_tx = (should_tx or v == inactive_value) and msg_allowed
|
|
self.assertEqual(self._tx(msg_function(v)), should_tx, (controls_allowed, should_tx, v))
|
|
|
|
def _common_measurement_test(self, msg_func: Callable, min_value: float, max_value: float, factor: float,
|
|
meas_min_func: Callable[[], int], meas_max_func: Callable[[], int]):
|
|
"""Tests accurate measurement parsing, and that the struct is reset on safety mode init"""
|
|
for val in np.arange(min_value, max_value, 0.5):
|
|
for i in range(MAX_SAMPLE_VALS):
|
|
self.assertTrue(self._rx(msg_func(val + i * 0.1)))
|
|
|
|
# assert close by one decimal place
|
|
self.assertAlmostEqual(meas_min_func() / factor, val, delta=0.1)
|
|
self.assertAlmostEqual(meas_max_func() / factor - 0.5, val, delta=0.1)
|
|
|
|
# ensure sample_t is reset on safety init
|
|
self._reset_safety_hooks()
|
|
self.assertEqual(meas_min_func(), 0)
|
|
self.assertEqual(meas_max_func(), 0)
|
|
|
|
|
|
class LongitudinalAccelSafetyTest(PandaSafetyTestBase, abc.ABC):
|
|
|
|
LONGITUDINAL = True
|
|
MAX_ACCEL: float = 2.0
|
|
MIN_ACCEL: float = -3.5
|
|
INACTIVE_ACCEL: float = 0.0
|
|
|
|
@classmethod
|
|
def setUpClass(cls):
|
|
if cls.__name__ == "LongitudinalAccelSafetyTest":
|
|
cls.safety = None
|
|
raise unittest.SkipTest
|
|
|
|
@abc.abstractmethod
|
|
def _accel_msg(self, accel: float):
|
|
pass
|
|
|
|
def test_accel_limits_correct(self):
|
|
self.assertGreater(self.MAX_ACCEL, 0)
|
|
self.assertLess(self.MIN_ACCEL, 0)
|
|
|
|
def test_accel_actuation_limits(self):
|
|
limits = ((self.MIN_ACCEL, self.MAX_ACCEL, ALTERNATIVE_EXPERIENCE.DEFAULT),
|
|
(self.MIN_ACCEL, self.MAX_ACCEL, ALTERNATIVE_EXPERIENCE.RAISE_LONGITUDINAL_LIMITS_TO_ISO_MAX))
|
|
|
|
for min_accel, max_accel, alternative_experience in limits:
|
|
# enforce we don't skip over 0 or inactive accel
|
|
for accel in np.concatenate((np.arange(min_accel - 1, max_accel + 1, 0.05), [0, self.INACTIVE_ACCEL])):
|
|
accel = round(accel, 2) # floats might not hit exact boundary conditions without rounding
|
|
for controls_allowed in [True, False]:
|
|
self.safety.set_controls_allowed(controls_allowed)
|
|
self.safety.set_alternative_experience(alternative_experience)
|
|
if self.LONGITUDINAL:
|
|
should_tx = controls_allowed and min_accel <= accel <= max_accel
|
|
should_tx = should_tx or accel == self.INACTIVE_ACCEL
|
|
else:
|
|
should_tx = False
|
|
self.assertEqual(should_tx, self._tx(self._accel_msg(accel)))
|
|
|
|
|
|
class LongitudinalGasBrakeSafetyTest(PandaSafetyTestBase, abc.ABC):
|
|
|
|
MIN_BRAKE: int = 0
|
|
MAX_BRAKE: int | None = None
|
|
MAX_POSSIBLE_BRAKE: int | None = None
|
|
|
|
MIN_GAS: int = 0
|
|
MAX_GAS: int | None = None
|
|
INACTIVE_GAS = 0
|
|
MIN_POSSIBLE_GAS: int = 0.
|
|
MAX_POSSIBLE_GAS: int | None = None
|
|
|
|
def test_gas_brake_limits_correct(self):
|
|
self.assertIsNotNone(self.MAX_POSSIBLE_BRAKE)
|
|
self.assertIsNotNone(self.MAX_POSSIBLE_GAS)
|
|
|
|
self.assertGreater(self.MAX_BRAKE, self.MIN_BRAKE)
|
|
self.assertGreater(self.MAX_GAS, self.MIN_GAS)
|
|
|
|
@abc.abstractmethod
|
|
def _send_gas_msg(self, gas: int):
|
|
pass
|
|
|
|
@abc.abstractmethod
|
|
def _send_brake_msg(self, brake: int):
|
|
pass
|
|
|
|
def test_brake_safety_check(self):
|
|
self._generic_limit_safety_check(self._send_brake_msg, self.MIN_BRAKE, self.MAX_BRAKE, 0, self.MAX_POSSIBLE_BRAKE, 1)
|
|
|
|
def test_gas_safety_check(self):
|
|
self._generic_limit_safety_check(self._send_gas_msg, self.MIN_GAS, self.MAX_GAS, self.MIN_POSSIBLE_GAS, self.MAX_POSSIBLE_GAS, 1, self.INACTIVE_GAS)
|
|
|
|
|
|
class TorqueSteeringSafetyTestBase(PandaSafetyTestBase, abc.ABC):
|
|
|
|
MAX_RATE_UP = 0
|
|
MAX_RATE_DOWN = 0
|
|
MAX_TORQUE_LOOKUP: tuple[list[float], list[int]] = ([0], [0])
|
|
DYNAMIC_MAX_TORQUE = False
|
|
MAX_RT_DELTA = 0
|
|
RT_INTERVAL = 250000
|
|
|
|
NO_STEER_REQ_BIT = False
|
|
|
|
@classmethod
|
|
def setUpClass(cls):
|
|
if cls.__name__ == "TorqueSteeringSafetyTestBase":
|
|
cls.safety = None
|
|
raise unittest.SkipTest
|
|
|
|
@property
|
|
def MAX_TORQUE(self):
|
|
return max(self.MAX_TORQUE_LOOKUP[1])
|
|
|
|
@property
|
|
def _torque_speed_range(self):
|
|
if not self.DYNAMIC_MAX_TORQUE:
|
|
return [0]
|
|
else:
|
|
# test with more precision inside breakpoint range
|
|
min_speed = min(self.MAX_TORQUE_LOOKUP[0])
|
|
max_speed = max(self.MAX_TORQUE_LOOKUP[0])
|
|
return np.concatenate([np.arange(0, min_speed, 5), np.arange(min_speed, max_speed, 0.5), np.arange(max_speed, 40, 5)])
|
|
|
|
def _get_max_torque(self, speed):
|
|
# matches safety fudge
|
|
torque = int(np.interp(speed - 1, self.MAX_TORQUE_LOOKUP[0], self.MAX_TORQUE_LOOKUP[1]) + 1)
|
|
return min(torque, self.MAX_TORQUE)
|
|
|
|
@abc.abstractmethod
|
|
def _torque_cmd_msg(self, torque, steer_req=1):
|
|
pass
|
|
|
|
@abc.abstractmethod
|
|
def _speed_msg(self, speed):
|
|
pass
|
|
|
|
def _reset_speed_measurement(self, speed):
|
|
for _ in range(MAX_SAMPLE_VALS):
|
|
self._rx(self._speed_msg(speed))
|
|
|
|
def _set_prev_torque(self, t):
|
|
self.safety.set_desired_torque_last(t)
|
|
self.safety.set_rt_torque_last(t)
|
|
|
|
def test_steer_safety_check(self):
|
|
for speed in self._torque_speed_range:
|
|
self._reset_speed_measurement(speed)
|
|
max_torque = self._get_max_torque(speed)
|
|
for enabled in [0, 1]:
|
|
for t in range(int(-max_torque * 1.5), int(max_torque * 1.5)):
|
|
self.safety.set_controls_allowed(enabled)
|
|
self._set_prev_torque(t)
|
|
if abs(t) > max_torque or (not enabled and abs(t) > 0):
|
|
self.assertFalse(self._tx(self._torque_cmd_msg(t)))
|
|
else:
|
|
self.assertTrue(self._tx(self._torque_cmd_msg(t)))
|
|
|
|
def test_non_realtime_limit_up(self):
|
|
self.safety.set_controls_allowed(True)
|
|
|
|
self._set_prev_torque(0)
|
|
self.assertTrue(self._tx(self._torque_cmd_msg(self.MAX_RATE_UP)))
|
|
self._set_prev_torque(0)
|
|
self.assertTrue(self._tx(self._torque_cmd_msg(-self.MAX_RATE_UP)))
|
|
|
|
self._set_prev_torque(0)
|
|
self.assertFalse(self._tx(self._torque_cmd_msg(self.MAX_RATE_UP + 1)))
|
|
self.safety.set_controls_allowed(True)
|
|
self._set_prev_torque(0)
|
|
self.assertFalse(self._tx(self._torque_cmd_msg(-self.MAX_RATE_UP - 1)))
|
|
|
|
def test_steer_req_bit(self):
|
|
"""Asserts all torque safety modes check the steering request bit"""
|
|
if self.NO_STEER_REQ_BIT:
|
|
raise unittest.SkipTest("No steering request bit")
|
|
|
|
self.safety.set_controls_allowed(True)
|
|
self._set_prev_torque(self.MAX_TORQUE)
|
|
|
|
# Send torque successfully, then only drop the request bit and ensure it stays blocked
|
|
for _ in range(10):
|
|
self.assertTrue(self._tx(self._torque_cmd_msg(self.MAX_TORQUE, 1)))
|
|
|
|
self.assertFalse(self._tx(self._torque_cmd_msg(self.MAX_TORQUE, 0)))
|
|
for _ in range(10):
|
|
self.assertFalse(self._tx(self._torque_cmd_msg(self.MAX_TORQUE, 1)))
|
|
|
|
|
|
class SteerRequestCutSafetyTest(TorqueSteeringSafetyTestBase, abc.ABC):
|
|
|
|
@classmethod
|
|
def setUpClass(cls):
|
|
if cls.__name__ == "SteerRequestCutSafetyTest":
|
|
cls.safety = None
|
|
raise unittest.SkipTest
|
|
|
|
# Safety around steering request bit mismatch tolerance
|
|
MIN_VALID_STEERING_FRAMES: int
|
|
MAX_INVALID_STEERING_FRAMES: int
|
|
STEER_STEP: int = 1
|
|
|
|
@property
|
|
def MIN_VALID_STEERING_RT_INTERVAL(self):
|
|
# a ~10% buffer
|
|
return int((self.MIN_VALID_STEERING_FRAMES + 1) * self.STEER_STEP * 10000 * 0.9)
|
|
|
|
def test_steer_req_bit_frames(self):
|
|
"""
|
|
Certain safety modes implement some tolerance on their steer request bits matching the
|
|
requested torque to avoid a steering fault or lockout and maintain torque. This tests:
|
|
- We can't cut torque for more than one frame
|
|
- We can't cut torque until at least the minimum number of matching steer_req messages
|
|
- We can always recover from violations if steer_req=1
|
|
"""
|
|
|
|
for min_valid_steer_frames in range(self.MIN_VALID_STEERING_FRAMES * 2):
|
|
# Reset match count and rt timer to allow cut (valid_steer_req_count, ts_steer_req_mismatch_last)
|
|
self.safety.init_tests()
|
|
self.safety.set_timer(self.MIN_VALID_STEERING_RT_INTERVAL)
|
|
|
|
# Allow torque cut
|
|
self.safety.set_controls_allowed(True)
|
|
self._set_prev_torque(self.MAX_TORQUE)
|
|
for _ in range(min_valid_steer_frames):
|
|
self.assertTrue(self._tx(self._torque_cmd_msg(self.MAX_TORQUE, steer_req=1)))
|
|
|
|
# should tx if we've sent enough valid frames, and we're not cutting torque for too many frames consecutively
|
|
should_tx = min_valid_steer_frames >= self.MIN_VALID_STEERING_FRAMES
|
|
for idx in range(self.MAX_INVALID_STEERING_FRAMES * 2):
|
|
tx = self._tx(self._torque_cmd_msg(self.MAX_TORQUE, steer_req=0))
|
|
self.assertEqual(should_tx and idx < self.MAX_INVALID_STEERING_FRAMES, tx)
|
|
|
|
# Keep blocking after one steer_req mismatch
|
|
for _ in range(100):
|
|
self.assertFalse(self._tx(self._torque_cmd_msg(self.MAX_TORQUE, steer_req=0)))
|
|
|
|
# Make sure we can recover
|
|
self.assertTrue(self._tx(self._torque_cmd_msg(0, steer_req=1)))
|
|
self._set_prev_torque(self.MAX_TORQUE)
|
|
self.assertTrue(self._tx(self._torque_cmd_msg(self.MAX_TORQUE, steer_req=1)))
|
|
|
|
def test_steer_req_bit_multi_invalid(self):
|
|
"""
|
|
For safety modes allowing multiple consecutive invalid frames, this ensures that once a valid frame
|
|
is sent after an invalid frame (even without sending the max number of allowed invalid frames),
|
|
all counters are reset.
|
|
"""
|
|
for max_invalid_steer_frames in range(1, self.MAX_INVALID_STEERING_FRAMES * 2):
|
|
self.safety.init_tests()
|
|
self.safety.set_timer(self.MIN_VALID_STEERING_RT_INTERVAL)
|
|
|
|
# Allow torque cut
|
|
self.safety.set_controls_allowed(True)
|
|
self._set_prev_torque(self.MAX_TORQUE)
|
|
for _ in range(self.MIN_VALID_STEERING_FRAMES):
|
|
self.assertTrue(self._tx(self._torque_cmd_msg(self.MAX_TORQUE, steer_req=1)))
|
|
|
|
# Send partial amount of allowed invalid frames
|
|
for idx in range(max_invalid_steer_frames):
|
|
should_tx = idx < self.MAX_INVALID_STEERING_FRAMES
|
|
self.assertEqual(should_tx, self._tx(self._torque_cmd_msg(self.MAX_TORQUE, steer_req=0)))
|
|
|
|
# Send one valid frame, and subsequent invalid should now be blocked
|
|
self._set_prev_torque(self.MAX_TORQUE)
|
|
self.assertTrue(self._tx(self._torque_cmd_msg(self.MAX_TORQUE, steer_req=1)))
|
|
for _ in range(self.MIN_VALID_STEERING_FRAMES + 1):
|
|
self.assertFalse(self._tx(self._torque_cmd_msg(self.MAX_TORQUE, steer_req=0)))
|
|
|
|
def test_steer_req_bit_realtime(self):
|
|
"""
|
|
Realtime safety for cutting steer request bit. This tests:
|
|
- That we allow messages with mismatching steer request bit if time from last is >= MIN_VALID_STEERING_RT_INTERVAL
|
|
- That frame mismatch safety does not interfere with this test
|
|
"""
|
|
for rt_us in np.arange(self.MIN_VALID_STEERING_RT_INTERVAL - 50000, self.MIN_VALID_STEERING_RT_INTERVAL + 50000, 10000):
|
|
# Reset match count and rt timer (valid_steer_req_count, ts_steer_req_mismatch_last)
|
|
self.safety.init_tests()
|
|
|
|
# Make sure valid_steer_req_count doesn't affect this test
|
|
self.safety.set_controls_allowed(True)
|
|
self._set_prev_torque(self.MAX_TORQUE)
|
|
for _ in range(self.MIN_VALID_STEERING_FRAMES):
|
|
self.assertTrue(self._tx(self._torque_cmd_msg(self.MAX_TORQUE, steer_req=1)))
|
|
|
|
# Normally, sending MIN_VALID_STEERING_FRAMES valid frames should always allow
|
|
self.safety.set_timer(max(rt_us, 0))
|
|
should_tx = rt_us >= self.MIN_VALID_STEERING_RT_INTERVAL
|
|
for _ in range(self.MAX_INVALID_STEERING_FRAMES):
|
|
self.assertEqual(should_tx, self._tx(self._torque_cmd_msg(self.MAX_TORQUE, steer_req=0)))
|
|
|
|
# Keep blocking after one steer_req mismatch
|
|
for _ in range(100):
|
|
self.assertFalse(self._tx(self._torque_cmd_msg(self.MAX_TORQUE, steer_req=0)))
|
|
|
|
# Make sure we can recover
|
|
self.assertTrue(self._tx(self._torque_cmd_msg(0, steer_req=1)))
|
|
self._set_prev_torque(self.MAX_TORQUE)
|
|
self.assertTrue(self._tx(self._torque_cmd_msg(self.MAX_TORQUE, steer_req=1)))
|
|
|
|
|
|
class DriverTorqueSteeringSafetyTest(TorqueSteeringSafetyTestBase, abc.ABC):
|
|
|
|
DRIVER_TORQUE_ALLOWANCE = 0
|
|
DRIVER_TORQUE_FACTOR = 0
|
|
|
|
@classmethod
|
|
def setUpClass(cls):
|
|
if cls.__name__ == "DriverTorqueSteeringSafetyTest":
|
|
cls.safety = None
|
|
raise unittest.SkipTest
|
|
|
|
@abc.abstractmethod
|
|
def _torque_driver_msg(self, torque):
|
|
pass
|
|
|
|
def _reset_torque_driver_measurement(self, torque):
|
|
for _ in range(MAX_SAMPLE_VALS):
|
|
self._rx(self._torque_driver_msg(torque))
|
|
|
|
def test_non_realtime_limit_up(self):
|
|
self._reset_torque_driver_measurement(0)
|
|
super().test_non_realtime_limit_up()
|
|
|
|
def test_against_torque_driver(self):
|
|
# Tests down limits and driver torque blending
|
|
self.safety.set_controls_allowed(True)
|
|
|
|
for speed in self._torque_speed_range:
|
|
self._reset_speed_measurement(speed)
|
|
max_torque = self._get_max_torque(speed)
|
|
|
|
# Cannot stay at MAX_TORQUE if above DRIVER_TORQUE_ALLOWANCE
|
|
for sign in [-1, 1]:
|
|
for driver_torque in np.arange(0, self.DRIVER_TORQUE_ALLOWANCE * 2, 1):
|
|
self._reset_torque_driver_measurement(-driver_torque * sign)
|
|
self._set_prev_torque(max_torque * sign)
|
|
should_tx = abs(driver_torque) <= self.DRIVER_TORQUE_ALLOWANCE
|
|
self.assertEqual(should_tx, self._tx(self._torque_cmd_msg(max_torque * sign)))
|
|
|
|
# arbitrary high driver torque to ensure max steer torque is allowed
|
|
max_driver_torque = int(max_torque / self.DRIVER_TORQUE_FACTOR + self.DRIVER_TORQUE_ALLOWANCE + 1)
|
|
|
|
# spot check some individual cases
|
|
for sign in [-1, 1]:
|
|
# Ensure we wind down factor units for every unit above allowance
|
|
driver_torque = (self.DRIVER_TORQUE_ALLOWANCE + 10) * sign
|
|
torque_desired = (max_torque - 10 * self.DRIVER_TORQUE_FACTOR) * sign
|
|
delta = 1 * sign
|
|
self._set_prev_torque(torque_desired)
|
|
self._reset_torque_driver_measurement(-driver_torque)
|
|
self.assertTrue(self._tx(self._torque_cmd_msg(torque_desired)))
|
|
self._set_prev_torque(torque_desired + delta)
|
|
self._reset_torque_driver_measurement(-driver_torque)
|
|
self.assertFalse(self._tx(self._torque_cmd_msg(torque_desired + delta)))
|
|
|
|
# If we're well past the allowance, minimum wind down is MAX_RATE_DOWN
|
|
self._set_prev_torque(max_torque * sign)
|
|
self._reset_torque_driver_measurement(-max_driver_torque * sign)
|
|
self.assertTrue(self._tx(self._torque_cmd_msg((max_torque - self.MAX_RATE_DOWN) * sign)))
|
|
self._set_prev_torque(max_torque * sign)
|
|
self._reset_torque_driver_measurement(-max_driver_torque * sign)
|
|
self.assertTrue(self._tx(self._torque_cmd_msg(0)))
|
|
self._set_prev_torque(max_torque * sign)
|
|
self._reset_torque_driver_measurement(-max_driver_torque * sign)
|
|
self.assertFalse(self._tx(self._torque_cmd_msg((max_torque - self.MAX_RATE_DOWN + 1) * sign)))
|
|
|
|
def test_realtime_limits(self):
|
|
self.safety.set_controls_allowed(True)
|
|
|
|
for sign in [-1, 1]:
|
|
self.safety.init_tests()
|
|
self._set_prev_torque(0)
|
|
self._reset_torque_driver_measurement(0)
|
|
for t in np.arange(0, self.MAX_RT_DELTA, 1):
|
|
t *= sign
|
|
self.assertTrue(self._tx(self._torque_cmd_msg(t)))
|
|
self.assertFalse(self._tx(self._torque_cmd_msg(sign * (self.MAX_RT_DELTA + 1))))
|
|
|
|
self._set_prev_torque(0)
|
|
for t in np.arange(0, self.MAX_RT_DELTA, 1):
|
|
t *= sign
|
|
self.assertTrue(self._tx(self._torque_cmd_msg(t)))
|
|
|
|
# Increase timer to update rt_torque_last
|
|
self.safety.set_timer(self.RT_INTERVAL + 1)
|
|
self.assertTrue(self._tx(self._torque_cmd_msg(sign * (self.MAX_RT_DELTA - 1))))
|
|
self.assertTrue(self._tx(self._torque_cmd_msg(sign * (self.MAX_RT_DELTA + 1))))
|
|
|
|
def test_reset_driver_torque_measurements(self):
|
|
# Tests that the driver torque measurement sample_t is reset on safety mode init
|
|
for t in np.linspace(-self.MAX_TORQUE, self.MAX_TORQUE, MAX_SAMPLE_VALS):
|
|
self.assertTrue(self._rx(self._torque_driver_msg(t)))
|
|
|
|
self.assertNotEqual(self.safety.get_torque_driver_min(), 0)
|
|
self.assertNotEqual(self.safety.get_torque_driver_max(), 0)
|
|
|
|
self._reset_safety_hooks()
|
|
self.assertEqual(self.safety.get_torque_driver_min(), 0)
|
|
self.assertEqual(self.safety.get_torque_driver_max(), 0)
|
|
|
|
|
|
class MotorTorqueSteeringSafetyTest(TorqueSteeringSafetyTestBase, abc.ABC):
|
|
|
|
MAX_TORQUE_ERROR = 0
|
|
TORQUE_MEAS_TOLERANCE = 0
|
|
|
|
@classmethod
|
|
def setUpClass(cls):
|
|
if cls.__name__ == "MotorTorqueSteeringSafetyTest":
|
|
cls.safety = None
|
|
raise unittest.SkipTest
|
|
|
|
@abc.abstractmethod
|
|
def _torque_meas_msg(self, torque):
|
|
pass
|
|
|
|
def _set_prev_torque(self, t):
|
|
super()._set_prev_torque(t)
|
|
self.safety.set_torque_meas(t, t)
|
|
|
|
def test_torque_absolute_limits(self):
|
|
for speed in self._torque_speed_range:
|
|
self._reset_speed_measurement(speed)
|
|
max_torque = self._get_max_torque(speed)
|
|
for controls_allowed in [True, False]:
|
|
for torque in np.arange(-max_torque - 1000, max_torque + 1000, self.MAX_RATE_UP):
|
|
self.safety.set_controls_allowed(controls_allowed)
|
|
self.safety.set_rt_torque_last(torque)
|
|
self.safety.set_torque_meas(torque, torque)
|
|
self.safety.set_desired_torque_last(torque - self.MAX_RATE_UP)
|
|
|
|
if controls_allowed:
|
|
send = (-max_torque <= torque <= max_torque)
|
|
else:
|
|
send = torque == 0
|
|
|
|
self.assertEqual(send, self._tx(self._torque_cmd_msg(torque)))
|
|
|
|
def test_non_realtime_limit_down(self):
|
|
self.safety.set_controls_allowed(True)
|
|
|
|
for speed in self._torque_speed_range:
|
|
self._reset_speed_measurement(speed)
|
|
max_torque = self._get_max_torque(speed)
|
|
|
|
torque_meas = max_torque - self.MAX_TORQUE_ERROR - 50
|
|
|
|
self.safety.set_rt_torque_last(max_torque)
|
|
self.safety.set_torque_meas(torque_meas, torque_meas)
|
|
self.safety.set_desired_torque_last(max_torque)
|
|
self.assertTrue(self._tx(self._torque_cmd_msg(max_torque - self.MAX_RATE_DOWN)))
|
|
|
|
self.safety.set_rt_torque_last(max_torque)
|
|
self.safety.set_torque_meas(torque_meas, torque_meas)
|
|
self.safety.set_desired_torque_last(max_torque)
|
|
self.assertFalse(self._tx(self._torque_cmd_msg(max_torque - self.MAX_RATE_DOWN + 1)))
|
|
|
|
def test_exceed_torque_sensor(self):
|
|
self.safety.set_controls_allowed(True)
|
|
|
|
for sign in [-1, 1]:
|
|
self._set_prev_torque(0)
|
|
for t in np.arange(0, self.MAX_TORQUE_ERROR + 2, 2): # step needs to be smaller than MAX_TORQUE_ERROR
|
|
t *= sign
|
|
self.assertTrue(self._tx(self._torque_cmd_msg(t)))
|
|
|
|
self.assertFalse(self._tx(self._torque_cmd_msg(sign * (self.MAX_TORQUE_ERROR + 2))))
|
|
|
|
def test_realtime_limit_up(self):
|
|
self.safety.set_controls_allowed(True)
|
|
|
|
for sign in [-1, 1]:
|
|
self.safety.init_tests()
|
|
self._set_prev_torque(0)
|
|
for t in np.arange(0, self.MAX_RT_DELTA + 1, 1):
|
|
t *= sign
|
|
self.safety.set_torque_meas(t, t)
|
|
self.assertTrue(self._tx(self._torque_cmd_msg(t)))
|
|
self.assertFalse(self._tx(self._torque_cmd_msg(sign * (self.MAX_RT_DELTA + 1))))
|
|
|
|
self._set_prev_torque(0)
|
|
for t in np.arange(0, self.MAX_RT_DELTA + 1, 1):
|
|
t *= sign
|
|
self.safety.set_torque_meas(t, t)
|
|
self.assertTrue(self._tx(self._torque_cmd_msg(t)))
|
|
|
|
# Increase timer to update rt_torque_last
|
|
self.safety.set_timer(self.RT_INTERVAL + 1)
|
|
self.assertTrue(self._tx(self._torque_cmd_msg(sign * self.MAX_RT_DELTA)))
|
|
self.assertTrue(self._tx(self._torque_cmd_msg(sign * (self.MAX_RT_DELTA + 1))))
|
|
|
|
def test_torque_measurements(self):
|
|
trq = 50
|
|
for t in [trq, -trq, 0, 0, 0, 0]:
|
|
self._rx(self._torque_meas_msg(t))
|
|
|
|
max_range = range(trq, trq + self.TORQUE_MEAS_TOLERANCE + 1)
|
|
min_range = range(-(trq + self.TORQUE_MEAS_TOLERANCE), -trq + 1)
|
|
self.assertTrue(self.safety.get_torque_meas_min() in min_range)
|
|
self.assertTrue(self.safety.get_torque_meas_max() in max_range)
|
|
|
|
max_range = range(self.TORQUE_MEAS_TOLERANCE + 1)
|
|
min_range = range(-(trq + self.TORQUE_MEAS_TOLERANCE), -trq + 1)
|
|
self._rx(self._torque_meas_msg(0))
|
|
self.assertTrue(self.safety.get_torque_meas_min() in min_range)
|
|
self.assertTrue(self.safety.get_torque_meas_max() in max_range)
|
|
|
|
max_range = range(self.TORQUE_MEAS_TOLERANCE + 1)
|
|
min_range = range(-self.TORQUE_MEAS_TOLERANCE, 0 + 1)
|
|
self._rx(self._torque_meas_msg(0))
|
|
self.assertTrue(self.safety.get_torque_meas_min() in min_range)
|
|
self.assertTrue(self.safety.get_torque_meas_max() in max_range)
|
|
|
|
def test_reset_torque_measurements(self):
|
|
# Tests that the torque measurement sample_t is reset on safety mode init
|
|
for t in np.linspace(-self.MAX_TORQUE, self.MAX_TORQUE, MAX_SAMPLE_VALS):
|
|
self.assertTrue(self._rx(self._torque_meas_msg(t)))
|
|
|
|
self.assertNotEqual(self.safety.get_torque_meas_min(), 0)
|
|
self.assertNotEqual(self.safety.get_torque_meas_max(), 0)
|
|
|
|
self._reset_safety_hooks()
|
|
self.assertEqual(self.safety.get_torque_meas_min(), 0)
|
|
self.assertEqual(self.safety.get_torque_meas_max(), 0)
|
|
|
|
|
|
class VehicleSpeedSafetyTest(PandaSafetyTestBase):
|
|
@classmethod
|
|
def setUpClass(cls):
|
|
if cls.__name__ == "VehicleSpeedSafetyTest":
|
|
cls.safety = None
|
|
raise unittest.SkipTest
|
|
|
|
@abc.abstractmethod
|
|
def _speed_msg(self, speed):
|
|
pass
|
|
|
|
def test_vehicle_speed_measurements(self):
|
|
# TODO: lower tolerance on these tests
|
|
self._common_measurement_test(self._speed_msg, 0, 80, 1, self.safety.get_vehicle_speed_min, self.safety.get_vehicle_speed_max)
|
|
|
|
|
|
class AngleSteeringSafetyTest(VehicleSpeedSafetyTest):
|
|
|
|
STEER_ANGLE_MAX: float = 300
|
|
DEG_TO_CAN: float
|
|
ANGLE_RATE_BP: list[float]
|
|
ANGLE_RATE_UP: list[float] # windup limit
|
|
ANGLE_RATE_DOWN: list[float] # unwind limit
|
|
|
|
@classmethod
|
|
def setUpClass(cls):
|
|
if cls.__name__ == "AngleSteeringSafetyTest":
|
|
cls.safety = None
|
|
raise unittest.SkipTest
|
|
|
|
@abc.abstractmethod
|
|
def _angle_cmd_msg(self, angle: float, enabled: bool):
|
|
pass
|
|
|
|
@abc.abstractmethod
|
|
def _angle_meas_msg(self, angle: float):
|
|
pass
|
|
|
|
def _set_prev_desired_angle(self, t):
|
|
t = round(t * self.DEG_TO_CAN)
|
|
self.safety.set_desired_angle_last(t)
|
|
|
|
def _reset_angle_measurement(self, angle):
|
|
for _ in range(MAX_SAMPLE_VALS):
|
|
self._rx(self._angle_meas_msg(angle))
|
|
|
|
def _reset_speed_measurement(self, speed):
|
|
for _ in range(MAX_SAMPLE_VALS):
|
|
self._rx(self._speed_msg(speed))
|
|
|
|
def test_steering_angle_measurements(self):
|
|
self._common_measurement_test(self._angle_meas_msg, -self.STEER_ANGLE_MAX, self.STEER_ANGLE_MAX, self.DEG_TO_CAN,
|
|
self.safety.get_angle_meas_min, self.safety.get_angle_meas_max)
|
|
|
|
def test_angle_cmd_when_enabled(self):
|
|
# when controls are allowed, angle cmd rate limit is enforced
|
|
speeds = [0., 1., 5., 10., 15., 50.]
|
|
angles = np.concatenate((np.arange(-self.STEER_ANGLE_MAX * 2, self.STEER_ANGLE_MAX * 2, 5), [0]))
|
|
for a in angles:
|
|
for s in speeds:
|
|
max_delta_up = np.interp(s, self.ANGLE_RATE_BP, self.ANGLE_RATE_UP)
|
|
max_delta_down = np.interp(s, self.ANGLE_RATE_BP, self.ANGLE_RATE_DOWN)
|
|
|
|
# first test against false positives
|
|
self._reset_angle_measurement(a)
|
|
self._reset_speed_measurement(s)
|
|
|
|
self._set_prev_desired_angle(a)
|
|
self.safety.set_controls_allowed(1)
|
|
|
|
# Stay within limits
|
|
# Up
|
|
self.assertTrue(self._tx(self._angle_cmd_msg(a + sign_of(a) * max_delta_up, True)))
|
|
self.assertTrue(self.safety.get_controls_allowed())
|
|
|
|
# Don't change
|
|
self.assertTrue(self._tx(self._angle_cmd_msg(a, True)))
|
|
self.assertTrue(self.safety.get_controls_allowed())
|
|
|
|
# Down
|
|
self.assertTrue(self._tx(self._angle_cmd_msg(a - sign_of(a) * max_delta_down, True)))
|
|
self.assertTrue(self.safety.get_controls_allowed())
|
|
|
|
# Inject too high rates
|
|
# Up
|
|
self.assertFalse(self._tx(self._angle_cmd_msg(a + sign_of(a) * (max_delta_up + 1.1), True)))
|
|
|
|
# Don't change
|
|
self.safety.set_controls_allowed(1)
|
|
self._set_prev_desired_angle(a)
|
|
self.assertTrue(self.safety.get_controls_allowed())
|
|
self.assertTrue(self._tx(self._angle_cmd_msg(a, True)))
|
|
self.assertTrue(self.safety.get_controls_allowed())
|
|
|
|
# Down
|
|
self.assertFalse(self._tx(self._angle_cmd_msg(a - sign_of(a) * (max_delta_down + 1.1), True)))
|
|
|
|
# Check desired steer should be the same as steer angle when controls are off
|
|
self.safety.set_controls_allowed(0)
|
|
should_tx = abs(a) <= abs(self.STEER_ANGLE_MAX)
|
|
self.assertEqual(should_tx, self._tx(self._angle_cmd_msg(a, False)))
|
|
|
|
def test_angle_cmd_when_disabled(self):
|
|
# Tests that only angles close to the meas are allowed while
|
|
# steer actuation bit is 0, regardless of controls allowed.
|
|
for controls_allowed in (True, False):
|
|
self.safety.set_controls_allowed(controls_allowed)
|
|
|
|
for steer_control_enabled in (True, False):
|
|
for angle_meas in np.arange(-90, 91, 10):
|
|
self._reset_angle_measurement(angle_meas)
|
|
|
|
for angle_cmd in np.arange(-90, 91, 10):
|
|
self._set_prev_desired_angle(angle_cmd)
|
|
|
|
# controls_allowed is checked if actuation bit is 1, else the angle must be close to meas (inactive)
|
|
should_tx = controls_allowed if steer_control_enabled else angle_cmd == angle_meas
|
|
self.assertEqual(should_tx, self._tx(self._angle_cmd_msg(angle_cmd, steer_control_enabled)))
|
|
|
|
|
|
class PandaSafetyTest(PandaSafetyTestBase):
|
|
TX_MSGS: list[list[int]] | None = None
|
|
SCANNED_ADDRS = [*range(0x800), # Entire 11-bit CAN address space
|
|
*range(0x18DA00F1, 0x18DB00F1, 0x100), # 29-bit UDS physical addressing
|
|
*range(0x18DB00F1, 0x18DC00F1, 0x100), # 29-bit UDS functional addressing
|
|
*range(0x3300, 0x3400)] # Honda
|
|
FWD_BLACKLISTED_ADDRS: dict[int, list[int]] = {} # {bus: [addr]}
|
|
FWD_BUS_LOOKUP: dict[int, int] = {0: 2, 2: 0}
|
|
|
|
@classmethod
|
|
def setUpClass(cls):
|
|
if cls.__name__ == "PandaSafetyTest" or cls.__name__.endswith('Base'):
|
|
cls.safety = None
|
|
raise unittest.SkipTest
|
|
|
|
# ***** standard tests for all safety modes *****
|
|
|
|
def test_tx_msg_in_scanned_range(self):
|
|
# the relay malfunction, fwd hook, and spam can tests don't exhaustively
|
|
# scan the entire 29-bit address space, only some known important ranges
|
|
# make sure SCANNED_ADDRS stays up to date with car port TX_MSGS; new
|
|
# model ports should expand the range if needed
|
|
for msg in self.TX_MSGS:
|
|
self.assertTrue(msg[0] in self.SCANNED_ADDRS, f"{msg[0]=:#x}")
|
|
|
|
def test_fwd_hook(self):
|
|
# some safety modes don't forward anything, while others blacklist msgs
|
|
for bus in range(3):
|
|
for addr in self.SCANNED_ADDRS:
|
|
# assume len 8
|
|
fwd_bus = self.FWD_BUS_LOOKUP.get(bus, -1)
|
|
if bus in self.FWD_BLACKLISTED_ADDRS and addr in self.FWD_BLACKLISTED_ADDRS[bus]:
|
|
fwd_bus = -1
|
|
self.assertEqual(fwd_bus, self.safety.safety_fwd_hook(bus, addr), f"{addr=:#x} from {bus=} to {fwd_bus=}")
|
|
|
|
def test_spam_can_buses(self):
|
|
for bus in range(4):
|
|
for addr in self.SCANNED_ADDRS:
|
|
if [addr, bus] not in self.TX_MSGS:
|
|
self.assertFalse(self._tx(make_msg(bus, addr, 8)), f"allowed TX {addr=} {bus=}")
|
|
|
|
def test_default_controls_not_allowed(self):
|
|
self.assertFalse(self.safety.get_controls_allowed())
|
|
|
|
def test_manually_enable_controls_allowed(self):
|
|
self.safety.set_controls_allowed(1)
|
|
self.assertTrue(self.safety.get_controls_allowed())
|
|
self.safety.set_controls_allowed(0)
|
|
self.assertFalse(self.safety.get_controls_allowed())
|
|
|
|
def test_tx_hook_on_wrong_safety_mode(self):
|
|
files = os.listdir(os.path.dirname(os.path.realpath(__file__)))
|
|
test_files = [f for f in files if f.startswith("test_") and f.endswith(".py")]
|
|
|
|
current_test = self.__class__.__name__
|
|
|
|
all_tx = []
|
|
for tf in test_files:
|
|
test = importlib.import_module("opendbc.safety.tests."+tf[:-3])
|
|
for attr in dir(test):
|
|
if attr.startswith("Test") and attr != current_test:
|
|
tc = getattr(test, attr)
|
|
tx = tc.TX_MSGS
|
|
if tx is not None and not attr.endswith('Base'):
|
|
# No point in comparing different Tesla safety modes
|
|
if 'Tesla' in attr and 'Tesla' in current_test:
|
|
continue
|
|
# No point in comparing to ALLOUTPUT which allows all messages
|
|
if attr.startswith('TestAllOutput'):
|
|
continue
|
|
if attr.startswith('TestToyota') and current_test.startswith('TestToyota'):
|
|
continue
|
|
if attr.startswith('TestSubaruGen') and current_test.startswith('TestSubaruGen'):
|
|
continue
|
|
if attr.startswith('TestSubaruPreglobal') and current_test.startswith('TestSubaruPreglobal'):
|
|
continue
|
|
if {attr, current_test}.issubset({'TestVolkswagenPqSafety', 'TestVolkswagenPqStockSafety', 'TestVolkswagenPqLongSafety'}):
|
|
continue
|
|
if {attr, current_test}.issubset({'TestGmCameraSafety', 'TestGmCameraLongitudinalSafety', 'TestGmAscmSafety',
|
|
'TestGmCameraEVSafety', 'TestGmCameraLongitudinalEVSafety', 'TestGmAscmEVSafety'}):
|
|
continue
|
|
if attr.startswith('TestFord') and current_test.startswith('TestFord'):
|
|
continue
|
|
if attr.startswith('TestHyundaiCanfd') and current_test.startswith('TestHyundaiCanfd'):
|
|
continue
|
|
if {attr, current_test}.issubset({'TestHyundaiLongitudinalSafety', 'TestHyundaiLongitudinalSafetyCameraSCC', 'TestHyundaiSafetyFCEVLong'}):
|
|
continue
|
|
if {attr, current_test}.issubset({'TestVolkswagenMqbSafety', 'TestVolkswagenMqbStockSafety', 'TestVolkswagenMqbLongSafety'}):
|
|
continue
|
|
|
|
# overlapping TX addrs, but they're not actuating messages for either car
|
|
if attr == 'TestHyundaiCanfdLKASteeringLongEV' and current_test.startswith('TestToyota'):
|
|
tx = list(filter(lambda m: m[0] not in [0x160, ], tx))
|
|
|
|
# Volkswagen MQB longitudinal actuating message overlaps with the Subaru lateral actuating message
|
|
if attr == 'TestVolkswagenMqbLongSafety' and current_test.startswith('TestSubaru'):
|
|
tx = list(filter(lambda m: m[0] not in [0x122, ], tx))
|
|
|
|
# Volkswagen MQB and Honda Nidec ACC HUD messages overlap
|
|
if attr == 'TestVolkswagenMqbLongSafety' and current_test.startswith('TestHondaNidec'):
|
|
tx = list(filter(lambda m: m[0] not in [0x30c, ], tx))
|
|
|
|
# Volkswagen MQB and Honda Bosch Radarless ACC HUD messages overlap
|
|
if attr == 'TestVolkswagenMqbLongSafety' and current_test.startswith('TestHondaBoschRadarless'):
|
|
tx = list(filter(lambda m: m[0] not in [0x30c, ], tx))
|
|
|
|
# TODO: Temporary, should be fixed in panda firmware, safety_honda.h
|
|
if attr.startswith('TestHonda'):
|
|
# exceptions for common msgs across different hondas
|
|
tx = list(filter(lambda m: m[0] not in [0x1FA, 0x30C, 0x33D, 0x33DB], tx))
|
|
|
|
if attr.startswith('TestHyundaiLongitudinal'):
|
|
# exceptions for common msgs across different Hyundai CAN platforms
|
|
tx = list(filter(lambda m: m[0] not in [0x420, 0x50A, 0x389, 0x4A2], tx))
|
|
all_tx.append([[m[0], m[1], attr] for m in tx])
|
|
|
|
# make sure we got all the msgs
|
|
self.assertTrue(len(all_tx) >= len(test_files)-1)
|
|
|
|
for tx_msgs in all_tx:
|
|
for addr, bus, test_name in tx_msgs:
|
|
msg = make_msg(bus, addr)
|
|
self.safety.set_controls_allowed(1)
|
|
# TODO: this should be blocked
|
|
if current_test in ["TestNissanSafety", "TestNissanSafetyAltEpsBus", "TestNissanLeafSafety"] and [addr, bus] in self.TX_MSGS:
|
|
continue
|
|
self.assertFalse(self._tx(msg), f"transmit of {addr=:#x} {bus=} from {test_name} during {current_test} was allowed")
|
|
|
|
|
|
@add_regen_tests
|
|
class PandaCarSafetyTest(PandaSafetyTest):
|
|
STANDSTILL_THRESHOLD: float = 0.0
|
|
GAS_PRESSED_THRESHOLD = 0
|
|
RELAY_MALFUNCTION_ADDRS: dict[int, tuple[int, ...]] | None = None
|
|
|
|
@classmethod
|
|
def setUpClass(cls):
|
|
if cls.__name__ == "PandaCarSafetyTest" or cls.__name__.endswith('Base'):
|
|
cls.safety = None
|
|
raise unittest.SkipTest
|
|
|
|
@abc.abstractmethod
|
|
def _user_brake_msg(self, brake):
|
|
pass
|
|
|
|
def _user_regen_msg(self, regen):
|
|
pass
|
|
|
|
@abc.abstractmethod
|
|
def _speed_msg(self, speed):
|
|
pass
|
|
|
|
# Safety modes can override if vehicle_moving is driven by a different message
|
|
def _vehicle_moving_msg(self, speed: float):
|
|
return self._speed_msg(speed)
|
|
|
|
@abc.abstractmethod
|
|
def _user_gas_msg(self, gas):
|
|
pass
|
|
|
|
@abc.abstractmethod
|
|
def _pcm_status_msg(self, enable):
|
|
pass
|
|
|
|
# ***** standard tests for all car-specific safety modes *****
|
|
|
|
def test_relay_malfunction(self):
|
|
# each car has an addr that is used to detect relay malfunction
|
|
# if that addr is seen on specified bus, triggers the relay malfunction
|
|
# protection logic: both tx_hook and fwd_hook are expected to return failure
|
|
self.assertFalse(self.safety.get_relay_malfunction())
|
|
for bus in range(3):
|
|
for addr in self.SCANNED_ADDRS:
|
|
self.safety.set_relay_malfunction(False)
|
|
self._rx(make_msg(bus, addr, 8))
|
|
should_relay_malfunction = addr in self.RELAY_MALFUNCTION_ADDRS.get(bus, ())
|
|
self.assertEqual(should_relay_malfunction, self.safety.get_relay_malfunction(), (bus, hex(addr)))
|
|
|
|
# test relay malfunction protection logic
|
|
self.safety.set_relay_malfunction(True)
|
|
for bus in range(3):
|
|
for addr in self.SCANNED_ADDRS:
|
|
self.assertFalse(self._tx(make_msg(bus, addr, 8)))
|
|
self.assertEqual(-1, self.safety.safety_fwd_hook(bus, addr))
|
|
|
|
def test_prev_gas(self):
|
|
self.assertFalse(self.safety.get_gas_pressed_prev())
|
|
for pressed in [self.GAS_PRESSED_THRESHOLD + 1, 0]:
|
|
self._rx(self._user_gas_msg(pressed))
|
|
self.assertEqual(bool(pressed), self.safety.get_gas_pressed_prev())
|
|
|
|
def test_allow_engage_with_gas_pressed(self):
|
|
self._rx(self._user_gas_msg(1))
|
|
self.safety.set_controls_allowed(True)
|
|
self._rx(self._user_gas_msg(1))
|
|
self.assertTrue(self.safety.get_controls_allowed())
|
|
self._rx(self._user_gas_msg(1))
|
|
self.assertTrue(self.safety.get_controls_allowed())
|
|
|
|
def test_no_disengage_on_gas(self):
|
|
self._rx(self._user_gas_msg(0))
|
|
self.safety.set_controls_allowed(True)
|
|
self._rx(self._user_gas_msg(self.GAS_PRESSED_THRESHOLD + 1))
|
|
# Test we allow lateral, but not longitudinal
|
|
self.assertTrue(self.safety.get_controls_allowed())
|
|
self.assertFalse(self.safety.get_longitudinal_allowed())
|
|
# Make sure we can re-gain longitudinal actuation
|
|
self._rx(self._user_gas_msg(0))
|
|
self.assertTrue(self.safety.get_longitudinal_allowed())
|
|
|
|
def test_prev_user_brake(self, _user_brake_msg=None, get_brake_pressed_prev=None):
|
|
if _user_brake_msg is None:
|
|
_user_brake_msg = self._user_brake_msg
|
|
get_brake_pressed_prev = self.safety.get_brake_pressed_prev
|
|
|
|
self.assertFalse(get_brake_pressed_prev())
|
|
for pressed in [True, False]:
|
|
self._rx(_user_brake_msg(not pressed))
|
|
self.assertEqual(not pressed, get_brake_pressed_prev())
|
|
self._rx(_user_brake_msg(pressed))
|
|
self.assertEqual(pressed, get_brake_pressed_prev())
|
|
|
|
def test_enable_control_allowed_from_cruise(self):
|
|
self._rx(self._pcm_status_msg(False))
|
|
self.assertFalse(self.safety.get_controls_allowed())
|
|
self._rx(self._pcm_status_msg(True))
|
|
self.assertTrue(self.safety.get_controls_allowed())
|
|
|
|
def test_disable_control_allowed_from_cruise(self):
|
|
self.safety.set_controls_allowed(1)
|
|
self._rx(self._pcm_status_msg(False))
|
|
self.assertFalse(self.safety.get_controls_allowed())
|
|
|
|
def test_cruise_engaged_prev(self):
|
|
for engaged in [True, False]:
|
|
self._rx(self._pcm_status_msg(engaged))
|
|
self.assertEqual(engaged, self.safety.get_cruise_engaged_prev())
|
|
self._rx(self._pcm_status_msg(not engaged))
|
|
self.assertEqual(not engaged, self.safety.get_cruise_engaged_prev())
|
|
|
|
def test_allow_user_brake_at_zero_speed(self, _user_brake_msg=None, get_brake_pressed_prev=None):
|
|
if _user_brake_msg is None:
|
|
_user_brake_msg = self._user_brake_msg
|
|
|
|
# Brake was already pressed
|
|
self._rx(self._vehicle_moving_msg(0))
|
|
self._rx(_user_brake_msg(1))
|
|
self.safety.set_controls_allowed(1)
|
|
self._rx(_user_brake_msg(1))
|
|
self.assertTrue(self.safety.get_controls_allowed())
|
|
self.assertTrue(self.safety.get_longitudinal_allowed())
|
|
self._rx(_user_brake_msg(0))
|
|
self.assertTrue(self.safety.get_controls_allowed())
|
|
self.assertTrue(self.safety.get_longitudinal_allowed())
|
|
# rising edge of brake should disengage
|
|
self._rx(_user_brake_msg(1))
|
|
self.assertFalse(self.safety.get_controls_allowed())
|
|
self.assertFalse(self.safety.get_longitudinal_allowed())
|
|
self._rx(_user_brake_msg(0)) # reset no brakes
|
|
|
|
def test_not_allow_user_brake_when_moving(self, _user_brake_msg=None, get_brake_pressed_prev=None):
|
|
if _user_brake_msg is None:
|
|
_user_brake_msg = self._user_brake_msg
|
|
|
|
# Brake was already pressed
|
|
self._rx(_user_brake_msg(1))
|
|
self.safety.set_controls_allowed(1)
|
|
self._rx(self._vehicle_moving_msg(self.STANDSTILL_THRESHOLD))
|
|
self._rx(_user_brake_msg(1))
|
|
self.assertTrue(self.safety.get_controls_allowed())
|
|
self.assertTrue(self.safety.get_longitudinal_allowed())
|
|
self._rx(self._vehicle_moving_msg(self.STANDSTILL_THRESHOLD + 1))
|
|
self._rx(_user_brake_msg(1))
|
|
self.assertFalse(self.safety.get_controls_allowed())
|
|
self.assertFalse(self.safety.get_longitudinal_allowed())
|
|
self._rx(self._vehicle_moving_msg(0))
|
|
|
|
def test_vehicle_moving(self):
|
|
self.assertFalse(self.safety.get_vehicle_moving())
|
|
|
|
# not moving
|
|
self._rx(self._vehicle_moving_msg(0))
|
|
self.assertFalse(self.safety.get_vehicle_moving())
|
|
|
|
# speed is at threshold
|
|
self._rx(self._vehicle_moving_msg(self.STANDSTILL_THRESHOLD))
|
|
self.assertFalse(self.safety.get_vehicle_moving())
|
|
|
|
# past threshold
|
|
self._rx(self._vehicle_moving_msg(self.STANDSTILL_THRESHOLD + 1))
|
|
self.assertTrue(self.safety.get_vehicle_moving())
|
|
|
|
def test_safety_tick(self):
|
|
self.safety.set_timer(int(2e6))
|
|
self.safety.set_controls_allowed(True)
|
|
self.safety.safety_tick_current_safety_config()
|
|
self.assertFalse(self.safety.get_controls_allowed())
|
|
self.assertFalse(self.safety.safety_config_valid())
|
|
|