Skip to content

Commit 0336f62

Browse files
robbederksrobbederks
authored
Pedal gas pressed safety limits (#507)
* Fixed toyota pedal gas disengage and increased pedal limits to OP limits +5% * Fix safety unit tests? * Fix imports * Fix imports #2
1 parent 715b1a1 commit 0336f62

File tree

6 files changed

+72
-53
lines changed

6 files changed

+72
-53
lines changed

board/safety/safety_honda.h

+10-2
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,15 @@
99
const AddrBus HONDA_N_TX_MSGS[] = {{0xE4, 0}, {0x194, 0}, {0x1FA, 0}, {0x200, 0}, {0x30C, 0}, {0x33D, 0}};
1010
const AddrBus HONDA_BG_TX_MSGS[] = {{0xE4, 2}, {0x296, 0}, {0x33D, 2}}; // Bosch Giraffe
1111
const AddrBus HONDA_BH_TX_MSGS[] = {{0xE4, 0}, {0x296, 1}, {0x33D, 0}}; // Bosch Harness
12-
const int HONDA_GAS_INTERCEPTOR_THRESHOLD = 328; // ratio between offset and gain from dbc file
12+
13+
// Roughly calculated using the offsets in openpilot +5%:
14+
// In openpilot: ((gas1_norm + gas2_norm)/2) > 15
15+
// gas_norm1 = ((gain_dbc1*gas1) + offset_dbc)
16+
// gas_norm2 = ((gain_dbc2*gas2) + offset_dbc)
17+
// assuming that 2*(gain_dbc1*gas1) == (gain_dbc2*gas2)
18+
// In this safety: ((gas1 + (gas2/2))/2) > THRESHOLD
19+
const int HONDA_GAS_INTERCEPTOR_THRESHOLD = 344;
20+
#define HONDA_GET_INTERCEPTOR(msg) (((GET_BYTE((msg), 0) << 8) + GET_BYTE((msg), 1) + ((GET_BYTE((msg), 2) << 8) + GET_BYTE((msg), 3)) / 2 ) / 2) // avg between 2 tracks
1321

1422
// Nidec and Bosch giraffe have pt on bus 0
1523
AddrCheckStruct honda_rx_checks[] = {
@@ -122,7 +130,7 @@ static int honda_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {
122130
// length check because bosch hardware also uses this id (0x201 w/ len = 8)
123131
if ((addr == 0x201) && (len == 6)) {
124132
gas_interceptor_detected = 1;
125-
int gas_interceptor = GET_INTERCEPTOR(to_push);
133+
int gas_interceptor = HONDA_GET_INTERCEPTOR(to_push);
126134
if (!unsafe_allow_gas && (gas_interceptor > HONDA_GAS_INTERCEPTOR_THRESHOLD) &&
127135
(gas_interceptor_prev <= HONDA_GAS_INTERCEPTOR_THRESHOLD)) {
128136
controls_allowed = 0;

board/safety/safety_toyota.h

+9-2
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,14 @@ const int TOYOTA_ISO_MAX_ACCEL = 2000; // 2.0 m/s2
2020
const int TOYOTA_ISO_MIN_ACCEL = -3500; // -3.5 m/s2
2121

2222
const int TOYOTA_STANDSTILL_THRSLD = 100; // 1kph
23-
const int TOYOTA_GAS_INTERCEPTOR_THRSLD = 475; // ratio between offset and gain from dbc file
23+
24+
// Roughly calculated using the offsets in openpilot +5%:
25+
// In openpilot: ((gas1_norm + gas2_norm)/2) > 15
26+
// gas_norm1 = ((gain_dbc*gas1) + offset1_dbc)
27+
// gas_norm2 = ((gain_dbc*gas2) + offset2_dbc)
28+
// In this safety: ((gas1 + gas2)/2) > THRESHOLD
29+
const int TOYOTA_GAS_INTERCEPTOR_THRSLD = 845;
30+
#define TOYOTA_GET_INTERCEPTOR(msg) (((GET_BYTE((msg), 0) << 8) + GET_BYTE((msg), 1) + (GET_BYTE((msg), 2) << 8) + GET_BYTE((msg), 3)) / 2) // avg between 2 tracks
2431

2532
const AddrBus TOYOTA_TX_MSGS[] = {{0x283, 0}, {0x2E6, 0}, {0x2E7, 0}, {0x33E, 0}, {0x344, 0}, {0x365, 0}, {0x366, 0}, {0x4CB, 0}, // DSU bus 0
2633
{0x128, 1}, {0x141, 1}, {0x160, 1}, {0x161, 1}, {0x470, 1}, // DSU bus 1
@@ -133,7 +140,7 @@ static int toyota_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {
133140
// exit controls on rising edge of interceptor gas press
134141
if (addr == 0x201) {
135142
gas_interceptor_detected = 1;
136-
int gas_interceptor = GET_INTERCEPTOR(to_push);
143+
int gas_interceptor = TOYOTA_GET_INTERCEPTOR(to_push);
137144
if (!unsafe_allow_gas && (gas_interceptor > TOYOTA_GAS_INTERCEPTOR_THRSLD) &&
138145
(gas_interceptor_prev <= TOYOTA_GAS_INTERCEPTOR_THRSLD)) {
139146
controls_allowed = 0;

board/safety_declarations.h

-3
Original file line numberDiff line numberDiff line change
@@ -112,6 +112,3 @@ int unsafe_mode = 0;
112112
uint32_t safety_mode_cnt = 0U;
113113
// allow 1s of transition timeout after relay changes state before assessing malfunctioning
114114
const uint32_t RELAY_TRNS_TIMEOUT = 1U;
115-
116-
// avg between 2 tracks
117-
#define GET_INTERCEPTOR(msg) (((GET_BYTE((msg), 0) << 8) + GET_BYTE((msg), 1) + ((GET_BYTE((msg), 2) << 8) + GET_BYTE((msg), 3)) / 2 ) / 2)

tests/safety/common.py

-7
Original file line numberDiff line numberDiff line change
@@ -36,13 +36,6 @@ def package_can_msg(msg):
3636
def make_msg(bus, addr, length=8):
3737
return package_can_msg([addr, 0, b'\x00'*length, bus])
3838

39-
def interceptor_msg(gas, addr):
40-
to_send = make_msg(0, addr, 6)
41-
gas2 = gas * 2
42-
to_send[0].RDLR = ((gas & 0xff) << 8) | ((gas & 0xff00) >> 8) | \
43-
((gas2 & 0xff) << 24) | ((gas2 & 0xff00) << 8)
44-
return to_send
45-
4639
class CANPackerPanda(CANPacker):
4740
def make_can_msg_panda(self, name_or_addr, bus, values, counter=-1):
4841
msg = self.make_can_msg(name_or_addr, bus, values, counter=-1)

tests/safety/test_honda.py

+30-23
Original file line numberDiff line numberDiff line change
@@ -3,12 +3,11 @@
33
import numpy as np
44
from panda import Panda
55
from panda.tests.safety import libpandasafety_py
6-
from panda.tests.safety.common import StdTest, make_msg, interceptor_msg, \
7-
MAX_WRONG_COUNTERS, UNSAFE_MODE
6+
from panda.tests.safety.common import StdTest, make_msg, MAX_WRONG_COUNTERS, UNSAFE_MODE
87

98
MAX_BRAKE = 255
109

11-
INTERCEPTOR_THRESHOLD = 328
10+
INTERCEPTOR_THRESHOLD = 344
1211
N_TX_MSGS = [[0xE4, 0], [0x194, 0], [0x1FA, 0], [0x200, 0], [0x30C, 0], [0x33D, 0]]
1312
BH_TX_MSGS = [[0xE4, 0], [0x296, 1], [0x33D, 0]] # Bosch Harness
1413
BG_TX_MSGS = [[0xE4, 2], [0x296, 0], [0x33D, 2]] # Bosch Giraffe
@@ -18,6 +17,14 @@
1817
HONDA_BG_HW = 1
1918
HONDA_BH_HW = 2
2019

20+
# Honda gas gains are the different
21+
def honda_interceptor_msg(gas, addr):
22+
to_send = make_msg(0, addr, 6)
23+
gas2 = gas * 2
24+
to_send[0].RDLR = ((gas & 0xff) << 8) | ((gas & 0xff00) >> 8) | \
25+
((gas2 & 0xff) << 24) | ((gas2 & 0xff00) << 8)
26+
return to_send
27+
2128
def honda_checksum(msg, addr, len_msg):
2229
checksum = 0
2330
while addr > 0:
@@ -170,11 +177,11 @@ def test_prev_gas(self):
170177
self.assertTrue(self.safety.get_gas_pressed_prev())
171178

172179
def test_prev_gas_interceptor(self):
173-
self.safety.safety_rx_hook(interceptor_msg(0x0, 0x201))
180+
self.safety.safety_rx_hook(honda_interceptor_msg(0x0, 0x201))
174181
self.assertFalse(self.safety.get_gas_interceptor_prev())
175-
self.safety.safety_rx_hook(interceptor_msg(0x1000, 0x201))
182+
self.safety.safety_rx_hook(honda_interceptor_msg(0x1000, 0x201))
176183
self.assertTrue(self.safety.get_gas_interceptor_prev())
177-
self.safety.safety_rx_hook(interceptor_msg(0x0, 0x201))
184+
self.safety.safety_rx_hook(honda_interceptor_msg(0x0, 0x201))
178185
self.safety.set_gas_interceptor_detected(False)
179186

180187
def test_disengage_on_gas(self):
@@ -199,31 +206,31 @@ def test_allow_engage_with_gas_pressed(self):
199206

200207
def test_disengage_on_gas_interceptor(self):
201208
for g in range(0, 0x1000):
202-
self.safety.safety_rx_hook(interceptor_msg(0, 0x201))
209+
self.safety.safety_rx_hook(honda_interceptor_msg(0, 0x201))
203210
self.safety.set_controls_allowed(True)
204-
self.safety.safety_rx_hook(interceptor_msg(g, 0x201))
211+
self.safety.safety_rx_hook(honda_interceptor_msg(g, 0x201))
205212
remain_enabled = g <= INTERCEPTOR_THRESHOLD
206213
self.assertEqual(remain_enabled, self.safety.get_controls_allowed())
207-
self.safety.safety_rx_hook(interceptor_msg(0, 0x201))
214+
self.safety.safety_rx_hook(honda_interceptor_msg(0, 0x201))
208215
self.safety.set_gas_interceptor_detected(False)
209216

210217
def test_unsafe_mode_no_disengage_on_gas_interceptor(self):
211218
self.safety.set_controls_allowed(True)
212219
self.safety.set_unsafe_mode(UNSAFE_MODE.DISABLE_DISENGAGE_ON_GAS)
213220
for g in range(0, 0x1000):
214-
self.safety.safety_rx_hook(interceptor_msg(g, 0x201))
221+
self.safety.safety_rx_hook(honda_interceptor_msg(g, 0x201))
215222
self.assertTrue(self.safety.get_controls_allowed())
216-
self.safety.safety_rx_hook(interceptor_msg(0, 0x201))
223+
self.safety.safety_rx_hook(honda_interceptor_msg(0, 0x201))
217224
self.safety.set_gas_interceptor_detected(False)
218225
self.safety.set_unsafe_mode(UNSAFE_MODE.DEFAULT)
219226
self.safety.set_controls_allowed(False)
220227

221228
def test_allow_engage_with_gas_interceptor_pressed(self):
222-
self.safety.safety_rx_hook(interceptor_msg(0x1000, 0x201))
229+
self.safety.safety_rx_hook(honda_interceptor_msg(0x1000, 0x201))
223230
self.safety.set_controls_allowed(1)
224-
self.safety.safety_rx_hook(interceptor_msg(0x1000, 0x201))
231+
self.safety.safety_rx_hook(honda_interceptor_msg(0x1000, 0x201))
225232
self.assertTrue(self.safety.get_controls_allowed())
226-
self.safety.safety_rx_hook(interceptor_msg(0, 0x201))
233+
self.safety.safety_rx_hook(honda_interceptor_msg(0, 0x201))
227234
self.safety.set_gas_interceptor_detected(False)
228235

229236
def test_brake_safety_check(self):
@@ -252,7 +259,7 @@ def test_gas_interceptor_safety_check(self):
252259
send = True
253260
else:
254261
send = gas == 0
255-
self.assertEqual(send, self.safety.safety_tx_hook(interceptor_msg(gas, 0x200)))
262+
self.assertEqual(send, self.safety.safety_tx_hook(honda_interceptor_msg(gas, 0x200)))
256263

257264
def test_steer_safety_check(self):
258265
self.safety.set_controls_allowed(0)
@@ -359,22 +366,22 @@ def test_tx_hook_on_pedal_pressed(self):
359366
self.safety.safety_rx_hook(self._gas_msg(1))
360367
elif pedal == 'interceptor':
361368
# gas_interceptor_prev > INTERCEPTOR_THRESHOLD
362-
self.safety.safety_rx_hook(interceptor_msg(INTERCEPTOR_THRESHOLD+1, 0x201))
363-
self.safety.safety_rx_hook(interceptor_msg(INTERCEPTOR_THRESHOLD+1, 0x201))
369+
self.safety.safety_rx_hook(honda_interceptor_msg(INTERCEPTOR_THRESHOLD+1, 0x201))
370+
self.safety.safety_rx_hook(honda_interceptor_msg(INTERCEPTOR_THRESHOLD+1, 0x201))
364371

365372
self.safety.set_controls_allowed(1)
366373
hw = self.safety.get_honda_hw()
367374
if hw == HONDA_N_HW:
368375
self.safety.set_honda_fwd_brake(False)
369376
self.assertFalse(self.safety.safety_tx_hook(self._send_brake_msg(MAX_BRAKE)))
370-
self.assertFalse(self.safety.safety_tx_hook(interceptor_msg(INTERCEPTOR_THRESHOLD, 0x200)))
377+
self.assertFalse(self.safety.safety_tx_hook(honda_interceptor_msg(INTERCEPTOR_THRESHOLD, 0x200)))
371378
self.assertFalse(self.safety.safety_tx_hook(self._send_steer_msg(0x1000)))
372379

373380
# reset status
374381
self.safety.set_controls_allowed(0)
375382
self.safety.safety_tx_hook(self._send_brake_msg(0))
376383
self.safety.safety_tx_hook(self._send_steer_msg(0))
377-
self.safety.safety_tx_hook(interceptor_msg(0, 0x200))
384+
self.safety.safety_tx_hook(honda_interceptor_msg(0, 0x200))
378385
if pedal == 'brake':
379386
self.safety.safety_rx_hook(self._speed_msg(0))
380387
self.safety.safety_rx_hook(self._brake_msg(0))
@@ -397,23 +404,23 @@ def test_tx_hook_on_pedal_pressed_on_unsafe_gas_mode(self):
397404
allow_ctrl = True
398405
elif pedal == 'interceptor':
399406
# gas_interceptor_prev > INTERCEPTOR_THRESHOLD
400-
self.safety.safety_rx_hook(interceptor_msg(INTERCEPTOR_THRESHOLD+1, 0x201))
401-
self.safety.safety_rx_hook(interceptor_msg(INTERCEPTOR_THRESHOLD+1, 0x201))
407+
self.safety.safety_rx_hook(honda_interceptor_msg(INTERCEPTOR_THRESHOLD+1, 0x201))
408+
self.safety.safety_rx_hook(honda_interceptor_msg(INTERCEPTOR_THRESHOLD+1, 0x201))
402409
allow_ctrl = True
403410

404411
self.safety.set_controls_allowed(1)
405412
hw = self.safety.get_honda_hw()
406413
if hw == HONDA_N_HW:
407414
self.safety.set_honda_fwd_brake(False)
408415
self.assertEqual(allow_ctrl, self.safety.safety_tx_hook(self._send_brake_msg(MAX_BRAKE)))
409-
self.assertEqual(allow_ctrl, self.safety.safety_tx_hook(interceptor_msg(INTERCEPTOR_THRESHOLD, 0x200)))
416+
self.assertEqual(allow_ctrl, self.safety.safety_tx_hook(honda_interceptor_msg(INTERCEPTOR_THRESHOLD, 0x200)))
410417
self.assertEqual(allow_ctrl, self.safety.safety_tx_hook(self._send_steer_msg(0x1000)))
411418
# reset status
412419
self.safety.set_controls_allowed(0)
413420
self.safety.set_unsafe_mode(UNSAFE_MODE.DEFAULT)
414421
self.safety.safety_tx_hook(self._send_brake_msg(0))
415422
self.safety.safety_tx_hook(self._send_steer_msg(0))
416-
self.safety.safety_tx_hook(interceptor_msg(0, 0x200))
423+
self.safety.safety_tx_hook(honda_interceptor_msg(0, 0x200))
417424
if pedal == 'brake':
418425
self.safety.safety_rx_hook(self._speed_msg(0))
419426
self.safety.safety_rx_hook(self._brake_msg(0))

tests/safety/test_toyota.py

+23-16
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
from panda import Panda
55
from panda.tests.safety import libpandasafety_py
66
import panda.tests.safety.common as common
7-
from panda.tests.safety.common import CANPackerPanda, interceptor_msg, UNSAFE_MODE
7+
from panda.tests.safety.common import CANPackerPanda, make_msg, UNSAFE_MODE
88

99
MAX_RATE_UP = 10
1010
MAX_RATE_DOWN = 25
@@ -20,7 +20,14 @@
2020
RT_INTERVAL = 250000
2121

2222
MAX_TORQUE_ERROR = 350
23-
INTERCEPTOR_THRESHOLD = 475
23+
INTERCEPTOR_THRESHOLD = 845
24+
25+
# Toyota gas gains are the same
26+
def toyota_interceptor_msg(gas, addr):
27+
to_send = make_msg(0, addr, 6)
28+
to_send[0].RDLR = ((gas & 0xff) << 8) | ((gas & 0xff00) >> 8) | \
29+
((gas & 0xff) << 24) | ((gas & 0xff00) << 8)
30+
return to_send
2431

2532
class TestToyotaSafety(common.PandaSafetyTest):
2633

@@ -77,38 +84,38 @@ def _pcm_status_msg(self, cruise_on):
7784
return self.packer.make_can_msg_panda("PCM_CRUISE", 0, values)
7885

7986
def test_prev_gas_interceptor(self):
80-
self._rx(interceptor_msg(0x0, 0x201))
87+
self._rx(toyota_interceptor_msg(0x0, 0x201))
8188
self.assertFalse(self.safety.get_gas_interceptor_prev())
82-
self._rx(interceptor_msg(0x1000, 0x201))
89+
self._rx(toyota_interceptor_msg(0x1000, 0x201))
8390
self.assertTrue(self.safety.get_gas_interceptor_prev())
84-
self._rx(interceptor_msg(0x0, 0x201))
91+
self._rx(toyota_interceptor_msg(0x0, 0x201))
8592

8693
def test_disengage_on_gas_interceptor(self):
8794
for g in range(0, 0x1000):
88-
self._rx(interceptor_msg(0, 0x201))
95+
self._rx(toyota_interceptor_msg(0, 0x201))
8996
self.safety.set_controls_allowed(True)
90-
self._rx(interceptor_msg(g, 0x201))
97+
self._rx(toyota_interceptor_msg(g, 0x201))
9198
remain_enabled = g <= INTERCEPTOR_THRESHOLD
9299
self.assertEqual(remain_enabled, self.safety.get_controls_allowed())
93-
self._rx(interceptor_msg(0, 0x201))
100+
self._rx(toyota_interceptor_msg(0, 0x201))
94101
self.safety.set_gas_interceptor_detected(False)
95102

96103
def test_unsafe_mode_no_disengage_on_gas_interceptor(self):
97104
self.safety.set_controls_allowed(True)
98105
self.safety.set_unsafe_mode(UNSAFE_MODE.DISABLE_DISENGAGE_ON_GAS)
99106
for g in range(0, 0x1000):
100-
self._rx(interceptor_msg(g, 0x201))
107+
self._rx(toyota_interceptor_msg(g, 0x201))
101108
self.assertTrue(self.safety.get_controls_allowed())
102-
self._rx(interceptor_msg(0, 0x201))
109+
self._rx(toyota_interceptor_msg(0, 0x201))
103110
self.safety.set_gas_interceptor_detected(False)
104111
self.safety.set_unsafe_mode(UNSAFE_MODE.DEFAULT)
105112

106113
def test_allow_engage_with_gas_interceptor_pressed(self):
107-
self._rx(interceptor_msg(0x1000, 0x201))
114+
self._rx(toyota_interceptor_msg(0x1000, 0x201))
108115
self.safety.set_controls_allowed(1)
109-
self._rx(interceptor_msg(0x1000, 0x201))
116+
self._rx(toyota_interceptor_msg(0x1000, 0x201))
110117
self.assertTrue(self.safety.get_controls_allowed())
111-
self._rx(interceptor_msg(0, 0x201))
118+
self._rx(toyota_interceptor_msg(0, 0x201))
112119

113120
def test_accel_actuation_limits(self):
114121
limits = ((MIN_ACCEL, MAX_ACCEL, UNSAFE_MODE.DEFAULT),
@@ -214,10 +221,10 @@ def test_torque_measurements(self):
214221

215222
def test_gas_interceptor_safety_check(self):
216223
self.safety.set_controls_allowed(0)
217-
self.assertTrue(self._tx(interceptor_msg(0, 0x200)))
218-
self.assertFalse(self._tx(interceptor_msg(0x1000, 0x200)))
224+
self.assertTrue(self._tx(toyota_interceptor_msg(0, 0x200)))
225+
self.assertFalse(self._tx(toyota_interceptor_msg(0x1000, 0x200)))
219226
self.safety.set_controls_allowed(1)
220-
self.assertTrue(self._tx(interceptor_msg(0x1000, 0x200)))
227+
self.assertTrue(self._tx(toyota_interceptor_msg(0x1000, 0x200)))
221228

222229
def test_rx_hook(self):
223230
# checksum checks

0 commit comments

Comments
 (0)