sadmen
/
openpilot_comma
mirror of https://github.com/commaai/openpilot.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
openpilot is an open source driver assistance system. openpilot performs the functions of Automated Lane Centering and Adaptive Cruise Control for over 200 supported car makes and models.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
73 Commits
123 Branches
82 Tags
5.0 GiB
 
 
 
 
 
 
Tag: Branch: Tree: daf54ad54d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daf54ad54d'
${ noResults }
openpilot_comma/SAFETY.md

36 lines
1.8 KiB
Raw Blame History

openpilot Safety
======
openpilot is an Adaptive Cruise Control and Lane Keeping Assist System. Like
other ACC and LKAS systems, openpilot requires the driver to be alert and to pay
attention at all times. We repeat, **driver alertness is necessary, but not
sufficient, for openpilot to be used safely**.
Even with an attentive driver, we must make further efforts for the system to be
safe. We have designed openpilot with two other safety considerations.
1. The vehicle must always be controllable by the driver.
2. The vehicle must not alter its trajectory too quickly for the driver to safely
react.
To address these, we came up with two safety principles.
1. Enforced disengagements. Step on either pedal or press the cancel button to
retake manual control of the car immediately.
- These are hard enforced by the board, and soft enforced by the software. The
green led on the board signifies if the board is allowing control messages.
- Honda CAN uses both a counter and a checksum to ensure integrity and prevent
replay of the same message.
2. Actuation limits. While the system is engaged, the actuators are constrained
to operate within reasonable limits; the same limits used by the stock system on
the Honda.
- Without an interceptor, the gas is controlled by the PCM. The PCM limits
acceleration to what is reasonable for a cruise control system. With an
interceptor, the gas is clipped to 60% in longcontrol.py
- The brake is controlled by the 0x1FA CAN message. This message allows full
braking, although the board and the software clip it to 1/4th of the max.
This is around .3g of braking.
- Steering is controlled by the 0xE4 CAN message. The EPS controller in the
car limits the torque to a very small amount, so regardless of the message,
the controller cannot jerk the wheel.