Skip to content

Commit

Permalink
Squashed 'panda/' changes from 0696730..62e4d3c
Browse files Browse the repository at this point in the history
62e4d3c Chrysler: fix missing button signal on TX (#490)
abce8f3 Safety Test Refactor: Toyota + support code (#491)
500370a Make sure relay faults make it to the health packet (#492)
bc90b60 toyota: use universal gas pressed bit (#488)
74d10cc Fixed possible race condition (#487)
a05361e cleanup safety_replay dockerfile (#486)
fe73dcc Openpilot-tools is deprecated (#484)
da8e00f TX message guaranteed delivery (#421)
d8f6184 Add ISO number for longitudinal limits flag comment
6a60b78 touch ups
2ce6536 comments on unsafe flags
d880134 remove from there as well
055ea07 remove that unsafe flag since it isn't implemented and it's unclear how to
4e98bbe Apply unsafe allow gas mode to all cars. (#480)
0c2c149 Fixing libusb busy error (#174)
753c42c Update Board Mac SDK Install script to work on clean mac (#146)
b9a9ea3 Unsafe gas disengage mods, fix test compile warning (#481)
08ef92d Safety model for Volkswagen PQ35/PQ46/NMS (#474)
51e0a55 Support code for unsafe mode unit tests (#478)
5325b62 current_safety_mode
7908b72 update updating unsafe mode
98503e8 disable stock honda AEB in unsafe mode (#477)
01b2ccb one more
9a30265 weak steering while not engaged
577f10b added options for unsafe mode
83cf7bf update comment
4556e74 enable unsafe mode, toggle for use by forks that so choose
de89fcd Nissan leaf (#473)

git-subtree-dir: panda
git-subtree-split: 62e4d3c
  • Loading branch information
Vehicle Researcher committed Apr 13, 2020
1 parent a3690e4 commit 0c54b8b
Show file tree
Hide file tree
Showing 41 changed files with 1,443 additions and 358 deletions.
2 changes: 1 addition & 1 deletion .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ jobs:
- run:
name: Run safety test
command: |
docker run panda_safety /bin/bash -c "cd /panda/tests/safety; PYTHONPATH=/ ./test.sh"
docker run panda_safety /bin/bash -c "cd /openpilot/panda/tests/safety; PYTHONPATH=/openpilot ./test.sh"
misra-c2012:
machine:
Expand Down
2 changes: 1 addition & 1 deletion VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
v1.7.3
v1.7.5
27 changes: 27 additions & 0 deletions board/drivers/can.h
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ void can_set_forwarding(int from, int to);

void can_init(uint8_t can_number);
void can_init_all(void);
bool can_tx_check_min_slots_free(uint32_t min);
void can_send(CAN_FIFOMailBox_TypeDef *to_push, uint8_t bus_number, bool skip_tx_hook);
bool can_pop(can_ring *q, CAN_FIFOMailBox_TypeDef *elem);

Expand Down Expand Up @@ -107,6 +108,20 @@ bool can_push(can_ring *q, CAN_FIFOMailBox_TypeDef *elem) {
return ret;
}

uint32_t can_slots_empty(can_ring *q) {
uint32_t ret = 0;

ENTER_CRITICAL();
if (q->w_ptr >= q->r_ptr) {
ret = q->fifo_size - 1U - q->w_ptr + q->r_ptr;
} else {
ret = q->r_ptr - q->w_ptr - 1U;
}
EXIT_CRITICAL();

return ret;
}

void can_clear(can_ring *q) {
ENTER_CRITICAL();
q->w_ptr = 0;
Expand Down Expand Up @@ -317,6 +332,10 @@ void process_can(uint8_t can_number) {
CAN->sTxMailBox[0].TDHR = to_send.RDHR;
CAN->sTxMailBox[0].TDTR = to_send.RDTR;
CAN->sTxMailBox[0].TIR = to_send.RIR;

if (can_tx_check_min_slots_free(MAX_CAN_MSGS_PER_BULK_TRANSFER)) {
usb_outep3_resume_if_paused();
}
}
}

Expand Down Expand Up @@ -405,6 +424,14 @@ void CAN3_TX_IRQ_Handler(void) { process_can(2); }
void CAN3_RX0_IRQ_Handler(void) { can_rx(2); }
void CAN3_SCE_IRQ_Handler(void) { can_sce(CAN3); }

bool can_tx_check_min_slots_free(uint32_t min) {
return
(can_slots_empty(&can_tx1_q) >= min) &&
(can_slots_empty(&can_tx2_q) >= min) &&
(can_slots_empty(&can_tx3_q) >= min) &&
(can_slots_empty(&can_txgmlan_q) >= min);
}

void can_send(CAN_FIFOMailBox_TypeDef *to_push, uint8_t bus_number, bool skip_tx_hook) {
if (skip_tx_hook || safety_tx_hook(to_push) != 0) {
if (bus_number < BUS_MAX) {
Expand Down
2 changes: 1 addition & 1 deletion board/drivers/llcan.h
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
#define GET_BUS(msg) (((msg)->RDTR >> 4) & 0xFF)
#define GET_LEN(msg) ((msg)->RDTR & 0xF)
#define GET_ADDR(msg) ((((msg)->RIR & 4) != 0) ? ((msg)->RIR >> 3) : ((msg)->RIR >> 21))
#define GET_BYTE(msg, b) (((int)(b) > 3) ? (((msg)->RDHR >> (8U * ((unsigned int)(b) % 4U))) & 0XFFU) : (((msg)->RDLR >> (8U * (unsigned int)(b))) & 0xFFU))
#define GET_BYTE(msg, b) (((int)(b) > 3) ? (((msg)->RDHR >> (8U * ((unsigned int)(b) % 4U))) & 0xFFU) : (((msg)->RDLR >> (8U * (unsigned int)(b))) & 0xFFU))
#define GET_BYTES_04(msg) ((msg)->RDLR)
#define GET_BYTES_48(msg) ((msg)->RDHR)

Expand Down
25 changes: 21 additions & 4 deletions board/drivers/usb.h
Original file line number Diff line number Diff line change
Expand Up @@ -23,12 +23,16 @@ typedef union _USB_Setup {
}
USB_Setup_TypeDef;

#define MAX_CAN_MSGS_PER_BULK_TRANSFER 4U

void usb_init(void);
int usb_cb_control_msg(USB_Setup_TypeDef *setup, uint8_t *resp, bool hardwired);
int usb_cb_ep1_in(void *usbdata, int len, bool hardwired);
void usb_cb_ep2_out(void *usbdata, int len, bool hardwired);
void usb_cb_ep3_out(void *usbdata, int len, bool hardwired);
void usb_cb_ep3_out_complete(void);
void usb_cb_enumeration_complete(void);
void usb_outep3_resume_if_paused(void);

// **** supporting defines ****

Expand Down Expand Up @@ -380,6 +384,7 @@ USB_Setup_TypeDef setup;
uint8_t usbdata[0x100];
uint8_t* ep0_txdata = NULL;
uint16_t ep0_txlen = 0;
bool outep3_processing = false;

// Store the current interface alt setting.
int current_int0_alt_setting = 0;
Expand Down Expand Up @@ -744,6 +749,7 @@ void usb_irqhandler(void) {
}

if (endpoint == 3) {
outep3_processing = true;
usb_cb_ep3_out(usbdata, len, 1);
}
} else if (status == STS_SETUP_UPDT) {
Expand Down Expand Up @@ -816,15 +822,17 @@ void usb_irqhandler(void) {
#ifdef DEBUG_USB
puts(" OUT3 PACKET XFRC\n");
#endif
USBx_OUTEP(3)->DOEPTSIZ = (1U << 19) | 0x40U;
USBx_OUTEP(3)->DOEPCTL |= USB_OTG_DOEPCTL_EPENA | USB_OTG_DOEPCTL_CNAK;
// NAK cleared by process_can (if tx buffers have room)
outep3_processing = false;
usb_cb_ep3_out_complete();
} else if ((USBx_OUTEP(3)->DOEPINT & 0x2000) != 0) {
#ifdef DEBUG_USB
puts(" OUT3 PACKET WTF\n");
#endif
// if NAK was set trigger this, unknown interrupt
USBx_OUTEP(3)->DOEPTSIZ = (1U << 19) | 0x40U;
USBx_OUTEP(3)->DOEPCTL |= USB_OTG_DOEPCTL_CNAK;
// TODO: why was this here? fires when TX buffers when we can't clear NAK
// USBx_OUTEP(3)->DOEPTSIZ = (1U << 19) | 0x40U;
// USBx_OUTEP(3)->DOEPCTL |= USB_OTG_DOEPCTL_CNAK;
} else if ((USBx_OUTEP(3)->DOEPINT) != 0) {
puts("OUTEP3 error ");
puth(USBx_OUTEP(3)->DOEPINT);
Expand Down Expand Up @@ -932,6 +940,15 @@ void usb_irqhandler(void) {
//USBx->GINTMSK = 0xFFFFFFFF & ~(USB_OTG_GINTMSK_NPTXFEM | USB_OTG_GINTMSK_PTXFEM | USB_OTG_GINTSTS_SOF | USB_OTG_GINTSTS_EOPF);
}

void usb_outep3_resume_if_paused() {
ENTER_CRITICAL();
if (!outep3_processing && (USBx_OUTEP(3)->DOEPCTL & USB_OTG_DOEPCTL_NAKSTS) != 0) {
USBx_OUTEP(3)->DOEPTSIZ = (1U << 19) | 0x40U;
USBx_OUTEP(3)->DOEPCTL |= USB_OTG_DOEPCTL_EPENA | USB_OTG_DOEPCTL_CNAK;
}
EXIT_CRITICAL();
}

void OTG_FS_IRQ_Handler(void) {
NVIC_DisableIRQ(OTG_FS_IRQn);
//__disable_irq();
Expand Down
2 changes: 2 additions & 0 deletions board/get_sdk_mac.sh
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
#!/bin/bash
# Need formula for gcc
sudo easy_install pip
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
brew tap ArmMbed/homebrew-formulae
brew install python dfu-util arm-none-eabi-gcc
pip install --user libusb1 pycrypto requests
15 changes: 15 additions & 0 deletions board/main.c
Original file line number Diff line number Diff line change
Expand Up @@ -235,6 +235,12 @@ void usb_cb_ep3_out(void *usbdata, int len, bool hardwired) {
}
}

void usb_cb_ep3_out_complete() {
if (can_tx_check_min_slots_free(MAX_CAN_MSGS_PER_BULK_TRANSFER)) {
usb_outep3_resume_if_paused();
}
}

void usb_cb_enumeration_complete() {
puts("USB enumeration complete\n");
is_enumerated = 1;
Expand Down Expand Up @@ -469,6 +475,15 @@ int usb_cb_control_msg(USB_Setup_TypeDef *setup, uint8_t *resp, bool hardwired)
can_init(CAN_NUM_FROM_BUS_NUM(setup->b.wValue.w));
}
break;
// **** 0xdf: set unsafe mode
case 0xdf:
// you can only set this if you are in a non car safety mode
if ((current_safety_mode == SAFETY_SILENT) ||
(current_safety_mode == SAFETY_NOOUTPUT) ||
(current_safety_mode == SAFETY_ELM327)) {
unsafe_mode = setup->b.wValue.w;
}
break;
// **** 0xe0: uart read
case 0xe0:
ur = get_ring_by_number(setup->b.wValue.w);
Expand Down
1 change: 1 addition & 0 deletions board/pedal/main.c
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ void usb_cb_ep3_out(void *usbdata, int len, bool hardwired) {
UNUSED(len);
UNUSED(hardwired);
}
void usb_cb_ep3_out_complete(void) {}
void usb_cb_enumeration_complete(void) {}

int usb_cb_control_msg(USB_Setup_TypeDef *setup, uint8_t *resp, bool hardwired) {
Expand Down
11 changes: 11 additions & 0 deletions board/safety.h
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@
#define SAFETY_GM_ASCM 18U
#define SAFETY_NOOUTPUT 19U
#define SAFETY_HONDA_BOSCH_HARNESS 20U
#define SAFETY_VOLKSWAGEN_PQ 21U
#define SAFETY_SUBARU_LEGACY 22U

uint16_t current_safety_mode = SAFETY_SILENT;
Expand Down Expand Up @@ -183,6 +184,15 @@ bool addr_safety_check(CAN_FIFOMailBox_TypeDef *to_push,
return is_msg_valid(rx_checks, index);
}

void relay_malfunction_set(void) {
relay_malfunction = true;
fault_occurred(FAULT_RELAY_MALFUNCTION);
}

void relay_malfunction_reset(void) {
relay_malfunction = false;
fault_recovered(FAULT_RELAY_MALFUNCTION);
}

typedef struct {
uint16_t id;
Expand All @@ -203,6 +213,7 @@ const safety_hook_config safety_hook_registry[] = {
{SAFETY_SUBARU_LEGACY, &subaru_legacy_hooks},
{SAFETY_MAZDA, &mazda_hooks},
{SAFETY_VOLKSWAGEN_MQB, &volkswagen_mqb_hooks},
{SAFETY_VOLKSWAGEN_PQ, &volkswagen_pq_hooks},
{SAFETY_NOOUTPUT, &nooutput_hooks},
#ifdef ALLOW_DEBUG
{SAFETY_CADILLAC, &cadillac_hooks},
Expand Down
8 changes: 5 additions & 3 deletions board/safety/safety_chrysler.h
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,8 @@ static int chrysler_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {
chrysler_get_checksum, chrysler_compute_checksum,
chrysler_get_counter);

bool unsafe_allow_gas = unsafe_mode & UNSAFE_DISABLE_DISENGAGE_ON_GAS;

if (valid && (GET_BUS(to_push) == 0)) {
int addr = GET_ADDR(to_push);

Expand Down Expand Up @@ -107,7 +109,7 @@ static int chrysler_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {
// exit controls on rising edge of gas press
if (addr == 308) {
bool gas_pressed = (GET_BYTE(to_push, 5) & 0x7F) != 0;
if (gas_pressed && !gas_pressed_prev && (chrysler_speed > CHRYSLER_GAS_THRSLD)) {
if (!unsafe_allow_gas && gas_pressed && !gas_pressed_prev && (chrysler_speed > CHRYSLER_GAS_THRSLD)) {
controls_allowed = 0;
}
gas_pressed_prev = gas_pressed;
Expand All @@ -124,7 +126,7 @@ static int chrysler_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {

// check if stock camera ECU is on bus 0
if ((safety_mode_cnt > RELAY_TRNS_TIMEOUT) && (addr == 0x292)) {
relay_malfunction = true;
relay_malfunction_set();
}
}
return valid;
Expand Down Expand Up @@ -192,7 +194,7 @@ static int chrysler_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {

// FORCE CANCEL: only the cancel button press is allowed
if (addr == 571) {
if (GET_BYTE(to_send, 0) != 1) {
if ((GET_BYTE(to_send, 0) != 1) || ((GET_BYTE(to_send, 1) & 1) == 1)) {
tx = 0;
}
}
Expand Down
4 changes: 2 additions & 2 deletions board/safety/safety_defaults.h
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ int default_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {
static void nooutput_init(int16_t param) {
UNUSED(param);
controls_allowed = false;
relay_malfunction = false;
relay_malfunction_reset();
}

static int nooutput_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
Expand Down Expand Up @@ -42,7 +42,7 @@ const safety_hooks nooutput_hooks = {
static void alloutput_init(int16_t param) {
UNUSED(param);
controls_allowed = true;
relay_malfunction = false;
relay_malfunction_reset();
}

static int alloutput_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
Expand Down
11 changes: 8 additions & 3 deletions board/safety/safety_ford.h
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ static int ford_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {

int addr = GET_ADDR(to_push);
int bus = GET_BUS(to_push);
bool unsafe_allow_gas = unsafe_mode & UNSAFE_DISABLE_DISENGAGE_ON_GAS;

if (addr == 0x217) {
// wheel speeds are 14 bits every 16
Expand Down Expand Up @@ -47,14 +48,14 @@ static int ford_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {
// exit controls on rising edge of gas press
if (addr == 0x204) {
bool gas_pressed = ((GET_BYTE(to_push, 0) & 0x03) | GET_BYTE(to_push, 1)) != 0;
if (gas_pressed && !gas_pressed_prev) {
if (!unsafe_allow_gas && gas_pressed && !gas_pressed_prev) {
controls_allowed = 0;
}
gas_pressed_prev = gas_pressed;
}

if ((safety_mode_cnt > RELAY_TRNS_TIMEOUT) && (bus == 0) && (addr == 0x3CA)) {
relay_malfunction = true;
relay_malfunction_set();
}
return 1;
}
Expand All @@ -72,7 +73,11 @@ static int ford_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {

// disallow actuator commands if gas or brake (with vehicle moving) are pressed
// and the the latching controls_allowed flag is True
int pedal_pressed = gas_pressed_prev || (brake_pressed_prev && ford_moving);
int pedal_pressed = brake_pressed_prev && ford_moving;
bool unsafe_allow_gas = unsafe_mode & UNSAFE_DISABLE_DISENGAGE_ON_GAS;
if (!unsafe_allow_gas) {
pedal_pressed = pedal_pressed || gas_pressed_prev;
}
bool current_controls_allowed = controls_allowed && !(pedal_pressed);

if (relay_malfunction) {
Expand Down
12 changes: 9 additions & 3 deletions board/safety/safety_gm.h
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,8 @@ static int gm_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {
bool valid = addr_safety_check(to_push, gm_rx_checks, GM_RX_CHECK_LEN,
NULL, NULL, NULL);

bool unsafe_allow_gas = unsafe_mode & UNSAFE_DISABLE_DISENGAGE_ON_GAS;

if (valid && (GET_BUS(to_push) == 0)) {
int addr = GET_ADDR(to_push);

Expand Down Expand Up @@ -91,7 +93,7 @@ static int gm_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {
// exit controls on rising edge of gas press
if (addr == 417) {
bool gas_pressed = GET_BYTE(to_push, 6) != 0;
if (gas_pressed && !gas_pressed_prev) {
if (!unsafe_allow_gas && gas_pressed && !gas_pressed_prev) {
controls_allowed = 0;
}
gas_pressed_prev = gas_pressed;
Expand All @@ -110,7 +112,7 @@ static int gm_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {
// 384 = ASCMLKASteeringCmd
// 715 = ASCMGasRegenCmd
if ((safety_mode_cnt > RELAY_TRNS_TIMEOUT) && ((addr == 384) || (addr == 715))) {
relay_malfunction = true;
relay_malfunction_set();
}
}
return valid;
Expand Down Expand Up @@ -138,7 +140,11 @@ static int gm_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {

// disallow actuator commands if gas or brake (with vehicle moving) are pressed
// and the the latching controls_allowed flag is True
int pedal_pressed = gas_pressed_prev || (brake_pressed_prev && gm_moving);
int pedal_pressed = brake_pressed_prev && gm_moving;
bool unsafe_allow_gas = unsafe_mode & UNSAFE_DISABLE_DISENGAGE_ON_GAS;
if (!unsafe_allow_gas) {
pedal_pressed = pedal_pressed || gas_pressed_prev;
}
bool current_controls_allowed = controls_allowed && !pedal_pressed;

// BRAKE: safety check
Expand Down
Loading

0 comments on commit 0c54b8b

Please sign in to comment.