misra8.4: board/*.h (#2026)

* main

* can_comms

* main_declarations->main_definitions

* rename this also

* can_definitions

* faults

* power_saving

* provision

* gitversion

* not included

* no include for now
This commit is contained in:
Maxime Desroches 2024-09-19 21:15:08 -07:00 committed by GitHub
parent df5db3fdb5
commit 32eecd7211
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
18 changed files with 138 additions and 81 deletions

View File

@ -167,7 +167,9 @@ Export('base_project_f4', 'base_project_h7', 'build_project')
# Common autogenerated includes
with open("board/obj/gitversion.h", "w") as f:
f.write(f'const uint8_t gitversion[] = "{get_version(BUILDER, BUILD_TYPE)}";\n')
version = get_version(BUILDER, BUILD_TYPE)
f.write(f'extern const uint8_t gitversion[{len(version)}];\n')
f.write(f'const uint8_t gitversion[{len(version)}] = "{version}";\n')
with open("board/obj/version", "w") as f:
f.write(f'{get_version(BUILDER, BUILD_TYPE)}')

7
board/can.h Normal file
View File

@ -0,0 +1,7 @@
#pragma once
#include "can_declarations.h"
const uint8_t PANDA_CAN_CNT = 3U;
const uint8_t PANDA_BUS_CNT = 3U;
const unsigned char dlc_to_len[DLC_TO_LEN_ARRAY_SIZE] = {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 12U, 16U, 20U, 24U, 32U, 48U, 64U};

View File

@ -18,7 +18,7 @@ typedef struct {
uint8_t data[72];
} asm_buffer;
asm_buffer can_read_buffer = {.ptr = 0U, .tail_size = 0U};
static asm_buffer can_read_buffer = {.ptr = 0U, .tail_size = 0U};
int comms_can_read(uint8_t *data, uint32_t max_len) {
uint32_t pos = 0U;
@ -53,7 +53,7 @@ int comms_can_read(uint8_t *data, uint32_t max_len) {
return pos;
}
asm_buffer can_write_buffer = {.ptr = 0U, .tail_size = 0U};
static asm_buffer can_write_buffer = {.ptr = 0U, .tail_size = 0U};
// send on CAN
void comms_can_write(const uint8_t *data, uint32_t len) {

View File

@ -1,7 +1,7 @@
#pragma once
const uint8_t PANDA_CAN_CNT = 3U;
const uint8_t PANDA_BUS_CNT = 3U;
extern const uint8_t PANDA_CAN_CNT;
extern const uint8_t PANDA_BUS_CNT;
// bump this when changing the CAN packet
#define CAN_PACKET_VERSION 4
@ -27,7 +27,8 @@ typedef struct {
unsigned char data[CANPACKET_DATA_SIZE_MAX];
} __attribute__((packed, aligned(4))) CANPacket_t;
const unsigned char dlc_to_len[] = {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 12U, 16U, 20U, 24U, 32U, 48U, 64U};
#define DLC_TO_LEN_ARRAY_SIZE 16
extern const unsigned char dlc_to_len[DLC_TO_LEN_ARRAY_SIZE];
#define GET_BUS(msg) ((msg)->bus)
#define GET_LEN(msg) (dlc_to_len[(msg)->data_len_code])

View File

@ -1,5 +1,9 @@
#include "critical_declarations.h"
// ********************* Critical section helpers *********************
volatile bool interrupts_enabled = false;
uint8_t global_critical_depth = 0U;
static volatile bool interrupts_enabled = false;
void enable_interrupts(void) {
interrupts_enabled = true;
@ -10,14 +14,3 @@ void disable_interrupts(void) {
interrupts_enabled = false;
__disable_irq();
}
uint8_t global_critical_depth = 0U;
#define ENTER_CRITICAL() \
__disable_irq(); \
global_critical_depth += 1U;
#define EXIT_CRITICAL() \
global_critical_depth -= 1U; \
if ((global_critical_depth == 0U) && interrupts_enabled) { \
__enable_irq(); \
}

View File

@ -0,0 +1,17 @@
#pragma once
// ********************* Critical section helpers *********************
void enable_interrupts(void);
void disable_interrupts(void);
extern uint8_t global_critical_depth;
#define ENTER_CRITICAL() \
__disable_irq(); \
global_critical_depth += 1U;
#define EXIT_CRITICAL() \
global_critical_depth -= 1U; \
if ((global_critical_depth == 0U) && interrupts_enabled) { \
__enable_irq(); \
}

View File

@ -1,38 +1,4 @@
#define FAULT_STATUS_NONE 0U
#define FAULT_STATUS_TEMPORARY 1U
#define FAULT_STATUS_PERMANENT 2U
// Fault types, matches cereal.log.PandaState.FaultType
#define FAULT_RELAY_MALFUNCTION (1UL << 0)
#define FAULT_UNUSED_INTERRUPT_HANDLED (1UL << 1)
#define FAULT_INTERRUPT_RATE_CAN_1 (1UL << 2)
#define FAULT_INTERRUPT_RATE_CAN_2 (1UL << 3)
#define FAULT_INTERRUPT_RATE_CAN_3 (1UL << 4)
#define FAULT_INTERRUPT_RATE_TACH (1UL << 5)
#define FAULT_INTERRUPT_RATE_GMLAN (1UL << 6) // deprecated
#define FAULT_INTERRUPT_RATE_INTERRUPTS (1UL << 7)
#define FAULT_INTERRUPT_RATE_SPI_DMA (1UL << 8)
#define FAULT_INTERRUPT_RATE_SPI_CS (1UL << 9)
#define FAULT_INTERRUPT_RATE_UART_1 (1UL << 10)
#define FAULT_INTERRUPT_RATE_UART_2 (1UL << 11)
#define FAULT_INTERRUPT_RATE_UART_3 (1UL << 12)
#define FAULT_INTERRUPT_RATE_UART_5 (1UL << 13)
#define FAULT_INTERRUPT_RATE_UART_DMA (1UL << 14)
#define FAULT_INTERRUPT_RATE_USB (1UL << 15)
#define FAULT_INTERRUPT_RATE_TIM1 (1UL << 16)
#define FAULT_INTERRUPT_RATE_TIM3 (1UL << 17)
#define FAULT_REGISTER_DIVERGENT (1UL << 18)
#define FAULT_INTERRUPT_RATE_KLINE_INIT (1UL << 19)
#define FAULT_INTERRUPT_RATE_CLOCK_SOURCE (1UL << 20)
#define FAULT_INTERRUPT_RATE_TICK (1UL << 21)
#define FAULT_INTERRUPT_RATE_EXTI (1UL << 22)
#define FAULT_INTERRUPT_RATE_SPI (1UL << 23)
#define FAULT_INTERRUPT_RATE_UART_7 (1UL << 24)
#define FAULT_SIREN_MALFUNCTION (1UL << 25)
#define FAULT_HEARTBEAT_LOOP_WATCHDOG (1UL << 26)
// Permanent faults
#define PERMANENT_FAULTS 0U
#include "faults_declarations.h"
uint8_t fault_status = FAULT_STATUS_NONE;
uint32_t faults = 0U;

View File

@ -0,0 +1,43 @@
#pragma once
#define FAULT_STATUS_NONE 0U
#define FAULT_STATUS_TEMPORARY 1U
#define FAULT_STATUS_PERMANENT 2U
// Fault types, matches cereal.log.PandaState.FaultType
#define FAULT_RELAY_MALFUNCTION (1UL << 0)
#define FAULT_UNUSED_INTERRUPT_HANDLED (1UL << 1)
#define FAULT_INTERRUPT_RATE_CAN_1 (1UL << 2)
#define FAULT_INTERRUPT_RATE_CAN_2 (1UL << 3)
#define FAULT_INTERRUPT_RATE_CAN_3 (1UL << 4)
#define FAULT_INTERRUPT_RATE_TACH (1UL << 5)
#define FAULT_INTERRUPT_RATE_GMLAN (1UL << 6) // deprecated
#define FAULT_INTERRUPT_RATE_INTERRUPTS (1UL << 7)
#define FAULT_INTERRUPT_RATE_SPI_DMA (1UL << 8)
#define FAULT_INTERRUPT_RATE_SPI_CS (1UL << 9)
#define FAULT_INTERRUPT_RATE_UART_1 (1UL << 10)
#define FAULT_INTERRUPT_RATE_UART_2 (1UL << 11)
#define FAULT_INTERRUPT_RATE_UART_3 (1UL << 12)
#define FAULT_INTERRUPT_RATE_UART_5 (1UL << 13)
#define FAULT_INTERRUPT_RATE_UART_DMA (1UL << 14)
#define FAULT_INTERRUPT_RATE_USB (1UL << 15)
#define FAULT_INTERRUPT_RATE_TIM1 (1UL << 16)
#define FAULT_INTERRUPT_RATE_TIM3 (1UL << 17)
#define FAULT_REGISTER_DIVERGENT (1UL << 18)
#define FAULT_INTERRUPT_RATE_KLINE_INIT (1UL << 19)
#define FAULT_INTERRUPT_RATE_CLOCK_SOURCE (1UL << 20)
#define FAULT_INTERRUPT_RATE_TICK (1UL << 21)
#define FAULT_INTERRUPT_RATE_EXTI (1UL << 22)
#define FAULT_INTERRUPT_RATE_SPI (1UL << 23)
#define FAULT_INTERRUPT_RATE_UART_7 (1UL << 24)
#define FAULT_SIREN_MALFUNCTION (1UL << 25)
#define FAULT_HEARTBEAT_LOOP_WATCHDOG (1UL << 26)
// Permanent faults
#define PERMANENT_FAULTS 0U
extern uint8_t fault_status;
extern uint32_t faults;
void fault_occurred(uint32_t fault);
void fault_recovered(uint32_t fault);

View File

@ -31,7 +31,7 @@
// ********************* Serial debugging *********************
bool check_started(void) {
static bool check_started(void) {
bool started = current_board->check_ignition() || ignition_can;
return started;
}
@ -127,11 +127,12 @@ bool is_car_safety_mode(uint16_t mode) {
// ***************************** main code *****************************
// cppcheck-suppress unusedFunction ; used in headers not included in cppcheck
// cppcheck-suppress misra-c2012-8.4
void __initialize_hardware_early(void) {
early_initialization();
}
void __attribute__ ((noinline)) enable_fpu(void) {
static void __attribute__ ((noinline)) enable_fpu(void) {
// enable the FPU
SCB->CPACR |= ((3UL << (10U * 2U)) | (3UL << (11U * 2U)));
}
@ -141,9 +142,12 @@ void __attribute__ ((noinline)) enable_fpu(void) {
#define HEARTBEAT_IGNITION_CNT_OFF 2U
// called at 8Hz
uint8_t loop_counter = 0U;
uint8_t prev_harness_status = HARNESS_STATUS_NC;
void tick_handler(void) {
static void tick_handler(void) {
static uint32_t siren_countdown = 0; // siren plays while countdown > 0
static uint32_t controls_allowed_countdown = 0;
static uint8_t prev_harness_status = HARNESS_STATUS_NC;
static uint8_t loop_counter = 0U;
if (TICK_TIMER->SR != 0U) {
// siren

View File

@ -1,3 +1,5 @@
#pragma once
// ******************** Prototypes ********************
void print(const char *a);
void puth(unsigned int i);
@ -10,18 +12,15 @@ void pwm_init(TIM_TypeDef *TIM, uint8_t channel);
void pwm_set(TIM_TypeDef *TIM, uint8_t channel, uint8_t percentage);
// ********************* Globals **********************
uint8_t hw_type = 0;
board *current_board;
uint32_t uptime_cnt = 0;
bool green_led_enabled = false;
extern uint8_t hw_type;
extern board *current_board;
extern uint32_t uptime_cnt;
extern bool green_led_enabled;
// heartbeat state
uint32_t heartbeat_counter = 0;
bool heartbeat_lost = false;
bool heartbeat_disabled = false; // set over USB
extern uint32_t heartbeat_counter;
extern bool heartbeat_lost;
extern bool heartbeat_disabled; // set over USB
// siren state
bool siren_enabled = false;
uint32_t siren_countdown = 0; // siren plays while countdown > 0
uint32_t controls_allowed_countdown = 0;
extern bool siren_enabled;

15
board/main_definitions.h Normal file
View File

@ -0,0 +1,15 @@
#include "main_declarations.h"
// ********************* Globals **********************
uint8_t hw_type = 0;
board *current_board;
uint32_t uptime_cnt = 0;
bool green_led_enabled = false;
// heartbeat state
uint32_t heartbeat_counter = 0;
bool heartbeat_lost = false;
bool heartbeat_disabled = false; // set over USB
// siren state
bool siren_enabled = false;

View File

@ -1,9 +1,8 @@
#include "power_saving_declarations.h"
// WARNING: To stay in compliance with the SIL2 rules laid out in STM UM1840, we should never implement any of the available hardware low power modes.
// See rule: CoU_3
#define POWER_SAVE_STATUS_DISABLED 0
#define POWER_SAVE_STATUS_ENABLED 1
int power_save_status = POWER_SAVE_STATUS_DISABLED;
void set_power_save_state(int state) {

View File

@ -0,0 +1,11 @@
#pragma once
// WARNING: To stay in compliance with the SIL2 rules laid out in STM UM1840, we should never implement any of the available hardware low power modes.
// See rule: CoU_3
#define POWER_SAVE_STATUS_DISABLED 0
#define POWER_SAVE_STATUS_ENABLED 1
extern int power_save_status;
void set_power_save_state(int state);

View File

@ -3,9 +3,9 @@
#define PROVISION_CHUNK_LEN 0x20
void get_provision_chunk(uint8_t *resp) {
const unsigned char unprovisioned_text[] = "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff";
void get_provision_chunk(uint8_t *resp) {
(void)memcpy(resp, (uint8_t *)PROVISION_CHUNK_ADDRESS, PROVISION_CHUNK_LEN);
if (memcmp(resp, unprovisioned_text, 0x20) == 0) {
(void)memcpy(resp, "unprovisioned\x00\x00\x00testing123\x00\x00\xa3\xa6\x99\xec", 0x20);

View File

@ -1,5 +1,5 @@
#include "safety_declarations.h"
#include "can_definitions.h"
#include "can.h"
// include the safety policies.
#include "safety/safety_defaults.h"

View File

@ -33,11 +33,11 @@
#define PROVISION_CHUNK_ADDRESS 0x1FFF79E0U
#define DEVICE_SERIAL_NUMBER_ADDRESS 0x1FFF79C0U
#include "can_definitions.h"
#include "can.h"
#include "comms_definitions.h"
#ifndef BOOTSTUB
#include "main_declarations.h"
#include "main_definitions.h"
#else
#include "bootstub_declarations.h"
#endif

View File

@ -46,11 +46,11 @@ separate IRQs for RX and TX.
#define PROVISION_CHUNK_ADDRESS 0x080FFFE0U
#define DEVICE_SERIAL_NUMBER_ADDRESS 0x080FFFC0U
#include "can_definitions.h"
#include "can.h"
#include "comms_definitions.h"
#ifndef BOOTSTUB
#include "main_declarations.h"
#include "main_definitions.h"
#else
#include "bootstub_declarations.h"
#endif

View File

@ -1,6 +1,6 @@
#include "fake_stm.h"
#include "config.h"
#include "can_definitions.h"
#include "can.h"
bool can_init(uint8_t can_number) { return true; }
void process_can(uint8_t can_number) { }
@ -16,7 +16,7 @@ void can_tx_comms_resume_spi(void) { };
#include "libc.h"
#include "boards/board_declarations.h"
#include "safety.h"
#include "main_declarations.h"
#include "main_definitions.h"
#include "drivers/can_common.h"
can_ring *rx_q = &can_rx_q;