search

andrrocity / trafficflow

This repo contains resources for the TrafficFlow device.
8 stars 1 forks source link

Negative Speed Spoofing? #1

Open geohot opened 3 years ago

geohot commented 3 years ago

I'm a bit concerned that this is lying to the EPS module about the speed of the car to stay in parking mode, for example, telling the EPS the car is going 5 mph while actually on the highway going 65.

I hope this isn't true, but if it is, I strongly urge you to consider the safety implications of this. We've done tests like this in a parking lot with our Prius, and very minor mistakes make the car impossible to control. openpilot is certainly not designed to be used with anything like that.

Wrote a medium post elaborating on this: https://medium.com/@comma_ai/safer-control-of-steering-362f3526c9ab

andrrocity commented 3 years ago

Hello George,

Unfortunately this is the only way we can achieve full range steering control. I read your article and there is nothing I disagree with you about. I do realize this is pushing the power steering rack beyond it’s designed and safety tested operating conditions. The rack will never override the driver’s input torque. I believe I can use the word never pretty definitively because that would be unacceptable even during an active park assist maneuver. The wheel does respond much faster than when using haptic lane feedback torque overlay, but potentially dangerous conditions like this will be caught in the panda safety code as it already does.

Driving with active park assist torque overlay results in a much smoother and more responsive movement of the wheel. There is no other way to achieve this kind of control that is safer.

When the driver counteracts the requested active park assist torque overlay request, the EPS racks send a CAN message with a flag that basically indicates “drivers hands on the wheel”. If I continue to send a non-zero torque overlay request while this flag is true, the EPS rack will fault. Fault meaning it ignores all future APA requests until next drive. I then wait a brief period after the flag is cleared before sending a nonzero torque request again.

I completely understand your concerns, and I completely agree that could be potentially hazardous to use the power steering rack outside of what it was tested for by countless number of engineers. Could the rack go rogue and overpower the driver at 65 mph? I don’t know for sure. I really don’t know for sure even when just driving normally.

At least the solution lies within the rack itself and is not a man in the middle device between the torque sensor and the EPS module. I experimented with that years ago and I can truly appreciate the sheer unstoppable power of the EPS motor.

I very much value your input on this. Thank you for bringing OP to the world. Looking forward to talking more with you about this and hopefully other topics.