commaai
/
panda
mirror of https://github.com/commaai/panda.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

All 14.4 violations are gone (#213)

This commit is contained in:
rbiasini 2019-06-12 20:12:48 -07:00 committed by GitHub
parent 0dc4f6fd30
commit 78308c0bc5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 54 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
board/safety.h
View File

@ -130,12 +130,12 @@ void update_sample(struct sample_t *sample, int sample_new) {
}
}
int max_limit_check(int val, const int MAX, const int MIN) {
bool max_limit_check(int val, const int MAX, const int MIN) {
return (val > MAX) || (val < MIN);
}
// check that commanded value isn't too far from measured
int dist_to_meas_check(int val, int val_last, struct sample_t *val_meas,
bool dist_to_meas_check(int val, int val_last, struct sample_t *val_meas,
const int MAX_RATE_UP, const int MAX_RATE_DOWN, const int MAX_ERROR) {
// *** val rate limit check ***
@ -151,7 +151,7 @@ int dist_to_meas_check(int val, int val_last, struct sample_t *val_meas,
}
// check that commanded value isn't fighting against driver
int driver_limit_check(int val, int val_last, struct sample_t *val_driver,
bool driver_limit_check(int val, int val_last, struct sample_t *val_driver,
const int MAX, const int MAX_RATE_UP, const int MAX_RATE_DOWN,
const int MAX_ALLOWANCE, const int DRIVER_FACTOR) {
@ -173,7 +173,7 @@ int driver_limit_check(int val, int val_last, struct sample_t *val_driver,
// real time check, mainly used for steer torque rate limiter
int rt_rate_limit_check(int val, int val_last, const int MAX_RT_DELTA) {
bool rt_rate_limit_check(int val, int val_last, const int MAX_RT_DELTA) {
// *** torque real time rate limit check ***
int highest_val = max(val_last, 0) + MAX_RT_DELTA;

8
board/safety/safety_chrysler.h
View File

@ -5,7 +5,7 @@ const int CHRYSLER_MAX_RATE_UP = 3;
const int CHRYSLER_MAX_RATE_DOWN = 3;
const int CHRYSLER_MAX_TORQUE_ERROR = 80; // max torque cmd in excess of torque motor
int chrysler_camera_detected = 0; // is giraffe switch 2 high?
bool chrysler_camera_detected = 0; // is giraffe switch 2 high?
int chrysler_rt_torque_last = 0;
int chrysler_desired_torque_last = 0;
int chrysler_cruise_engaged_last = 0;
@ -15,7 +15,7 @@ struct sample_t chrysler_torque_meas; // last few torques measured
static void chrysler_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {
int bus = (to_push->RDTR >> 4) & 0xFF;
uint32_t addr;
if (to_push->RIR & 4) {
if ((to_push->RIR & 4) != 0) {
// Extended
// Not looked at, but have to be separated
// to avoid address collision
@ -62,7 +62,7 @@ static int chrysler_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
}
uint32_t addr;
if (to_send->RIR & 4) {
if ((to_send->RIR & 4) != 0) {
// Extended
addr = to_send->RIR >> 3;
} else {
@ -76,7 +76,7 @@ static int chrysler_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
int rdlr = to_send->RDLR;
int desired_torque = ((rdlr & 0x7) << 8) + ((rdlr & 0xFF00) >> 8) - 1024;
uint32_t ts = TIM2->CNT;
int violation = 0;
bool violation = 0;
if (controls_allowed) {

2
board/safety/safety_elm327.h
View File

@ -12,7 +12,7 @@ static int elm327_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
tx = 0;
}
if (to_send->RIR & 4) {
if ((to_send->RIR & 4) != 0) {
uint32_t addr = to_send->RIR >> 3;
//Check valid 29 bit send addresses for ISO 15765-4
if (!((addr == 0x18DB33F1) || ((addr & 0x1FFF00FF) == 0x18DA00F1))) {

8
board/safety/safety_ford.h
View File

@ -21,8 +21,8 @@ static void ford_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {
// state machine to enter and exit controls
if ((to_push->RIR>>21) == 0x83) {
int cancel = ((to_push->RDLR >> 8) & 0x1);
int set_or_resume = (to_push->RDLR >> 28) & 0x3;
bool cancel = (to_push->RDLR >> 8) & 0x1;
bool set_or_resume = (to_push->RDLR >> 28) & 0x3;
if (cancel) {
controls_allowed = 0;
} else if (set_or_resume) {
@ -62,7 +62,7 @@ static int ford_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
// disallow actuator commands if gas or brake (with vehicle moving) are pressed
// and the the latching controls_allowed flag is True
int pedal_pressed = ford_gas_prev || (ford_brake_prev && ford_is_moving);
int current_controls_allowed = controls_allowed && !(pedal_pressed);
bool current_controls_allowed = controls_allowed && !(pedal_pressed);
int addr = to_send->RIR >> 21;
// STEER: safety check
@ -80,7 +80,7 @@ static int ford_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
// FORCE CANCEL: safety check only relevant when spamming the cancel button
// ensuring that set and resume aren't sent
if (addr == 0x83) {
if ((to_send->RDLR >> 28) & 0x3) {
if (((to_send->RDLR >> 28) & 0x3) != 0) {
tx = 0;
}
}

14
board/safety/safety_gm.h
View File

@ -23,8 +23,8 @@ int gm_brake_prev = 0;
int gm_gas_prev = 0;
int gm_speed = 0;
// silence everything if stock car control ECUs are still online
int gm_ascm_detected = 0;
int gm_ignition_started = 0;
bool gm_ascm_detected = 0;
bool gm_ignition_started = 0;
int gm_rt_torque_last = 0;
int gm_desired_torque_last = 0;
uint32_t gm_ts_last = 0;
@ -33,7 +33,7 @@ struct sample_t gm_torque_driver; // last few driver torques measured
static void gm_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {
int bus_number = (to_push->RDTR >> 4) & 0xFF;
uint32_t addr;
if (to_push->RIR & 4) {
if ((to_push->RIR & 4) != 0) {
// Extended
// Not looked at, but have to be separated
// to avoid address collision
@ -109,7 +109,7 @@ static void gm_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {
// exit controls on regen paddle
if (addr == 189) {
int regen = to_push->RDLR & 0x20;
bool regen = to_push->RDLR & 0x20;
if (regen) {
controls_allowed = 0;
}
@ -134,10 +134,10 @@ static int gm_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
// disallow actuator commands if gas or brake (with vehicle moving) are pressed
// and the the latching controls_allowed flag is True
int pedal_pressed = gm_gas_prev || (gm_brake_prev && gm_speed);
int current_controls_allowed = controls_allowed && !pedal_pressed;
bool current_controls_allowed = controls_allowed && !pedal_pressed;
uint32_t addr;
if (to_send->RIR & 4) {
if ((to_send->RIR & 4) != 0) {
// Extended
addr = to_send->RIR >> 3;
} else {
@ -166,7 +166,7 @@ static int gm_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
int rdlr = to_send->RDLR;
int desired_torque = ((rdlr & 0x7) << 8) + ((rdlr & 0xFF00) >> 8);
uint32_t ts = TIM2->CNT;
int violation = 0;
bool violation = 0;
desired_torque = to_signed(desired_torque, 11);
if (current_controls_allowed) {

5
board/safety/safety_honda.h
View File

@ -45,7 +45,8 @@ static void honda_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {
#define USER_BRAKE_VALUE(to_push) (!honda_alt_brake_msg ? ((to_push)->RDHR & 0x200000) : ((to_push)->RDLR & 0x10))
// exit controls on rising edge of brake press or on brake press when
// speed > 0
if (IS_USER_BRAKE_MSG(addr)) {
bool is_user_brake_msg = IS_USER_BRAKE_MSG(addr); // needed to enforce type
if (is_user_brake_msg) {
int brake = USER_BRAKE_VALUE(to_push);
if (brake && (!(honda_brake_prev) || honda_ego_speed)) {
controls_allowed = 0;
@ -93,7 +94,7 @@ static int honda_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
// and the the latching controls_allowed flag is True
int pedal_pressed = honda_gas_prev || (gas_interceptor_prev > HONDA_GAS_INTERCEPTOR_THRESHOLD) ||
(honda_brake_prev && honda_ego_speed);
int current_controls_allowed = controls_allowed && !(pedal_pressed);
bool current_controls_allowed = controls_allowed && !(pedal_pressed);
// BRAKE: safety check
if (addr == 0x1FA) {

10
board/safety/safety_hyundai.h
View File

@ -6,9 +6,9 @@ const int HYUNDAI_MAX_RATE_DOWN = 7;
const int HYUNDAI_DRIVER_TORQUE_ALLOWANCE = 50;
const int HYUNDAI_DRIVER_TORQUE_FACTOR = 2;
int hyundai_camera_detected = 0;
bool hyundai_camera_detected = 0;
bool hyundai_giraffe_switch_2 = 0; // is giraffe switch 2 high?
int hyundai_camera_bus = 0;
int hyundai_giraffe_switch_2 = 0; // is giraffe switch 2 high?
int hyundai_rt_torque_last = 0;
int hyundai_desired_torque_last = 0;
int hyundai_cruise_engaged_last = 0;
@ -18,7 +18,7 @@ struct sample_t hyundai_torque_driver; // last few driver torques measur
static void hyundai_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {
int bus = (to_push->RDTR >> 4) & 0xFF;
uint32_t addr;
if (to_push->RIR & 4) {
if ((to_push->RIR & 4) != 0) {
// Extended
// Not looked at, but have to be separated
// to avoid address collision
@ -73,7 +73,7 @@ static int hyundai_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
}
uint32_t addr;
if (to_send->RIR & 4) {
if ((to_send->RIR & 4) != 0) {
// Extended
addr = to_send->RIR >> 3;
} else {
@ -85,7 +85,7 @@ static int hyundai_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
if (addr == 832) {
int desired_torque = ((to_send->RDLR >> 16) & 0x7ff) - 1024;
uint32_t ts = TIM2->CNT;
int violation = 0;
bool violation = 0;
if (controls_allowed) {

2
board/safety/safety_subaru.h
View File

@ -45,7 +45,7 @@ static int subaru_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
// steer cmd checks
if (addr == 0x122) {
int desired_torque = ((to_send->RDLR >> 16) & 0x1FFF);
int violation = 0;
bool violation = 0;
uint32_t ts = TIM2->CNT;
desired_torque = to_signed(desired_torque, 13);

6
board/safety/safety_tesla.h
View File

@ -8,7 +8,7 @@
// brake rising edge
// brake > 0mph
//
int fmax_limit_check(float val, const float MAX, const float MIN) {
bool fmax_limit_check(float val, const float MAX, const float MIN) {
return (val > MAX) || (val < MIN);
}
@ -53,7 +53,7 @@ static void tesla_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {
//int bus_number = (to_push->RDTR >> 4) & 0xFF;
uint32_t addr;
if (to_push->RIR & 4) {
if ((to_push->RIR & 4) != 0) {
// Extended
// Not looked at, but have to be separated
// to avoid address collision
@ -161,7 +161,7 @@ static int tesla_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
if (addr == 0x488) {
angle_raw = ((to_send->RDLR & 0x7F) << 8) + ((to_send->RDLR & 0xFF00) >> 8);
desired_angle = (angle_raw * 0.1) - 1638.35;
int16_t violation = 0;
bool violation = 0;
int st_enabled = (to_send->RDLR & 0x400000) >> 22;
if (st_enabled == 0) {

4
board/safety/safety_toyota.h
View File

@ -127,7 +127,7 @@ static int toyota_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
int desired_accel = ((to_send->RDLR & 0xFF) << 8) | ((to_send->RDLR >> 8) & 0xFF);
desired_accel = to_signed(desired_accel, 16);
if (controls_allowed && long_controls_allowed) {
int violation = max_limit_check(desired_accel, TOYOTA_MAX_ACCEL, TOYOTA_MIN_ACCEL);
bool violation = max_limit_check(desired_accel, TOYOTA_MAX_ACCEL, TOYOTA_MIN_ACCEL);
if (violation) {
tx = 0;
}
@ -140,7 +140,7 @@ static int toyota_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
if (addr == 0x2E4) {
int desired_torque = (to_send->RDLR & 0xFF00) | ((to_send->RDLR >> 16) & 0xFF);
desired_torque = to_signed(desired_torque, 16);
int violation = 0;
bool violation = 0;
uint32_t ts = TIM2->CNT;

2
board/safety/safety_toyota_ipas.h
View File

@ -112,7 +112,7 @@ static int toyota_ipas_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
angle_control = 1; // we are in angle control mode
int desired_angle = ((to_send->RDLR & 0xf) << 8) + ((to_send->RDLR & 0xff00) >> 8);
int ipas_state_cmd = ((to_send->RDLR & 0xff) >> 4);
int16_t violation = 0;
bool violation = 0;
desired_angle = to_signed(desired_angle, 12);

14
board/safety_declarations.h
View File

@ -18,13 +18,13 @@ int safety_ignition_hook();
uint32_t get_ts_elapsed(uint32_t ts, uint32_t ts_last);
int to_signed(int d, int bits);
void update_sample(struct sample_t *sample, int sample_new);
int max_limit_check(int val, const int MAX, const int MIN);
int dist_to_meas_check(int val, int val_last, struct sample_t *val_meas,
bool max_limit_check(int val, const int MAX, const int MIN);
bool dist_to_meas_check(int val, int val_last, struct sample_t *val_meas,
const int MAX_RATE_UP, const int MAX_RATE_DOWN, const int MAX_ERROR);
int driver_limit_check(int val, int val_last, struct sample_t *val_driver,
bool driver_limit_check(int val, int val_last, struct sample_t *val_driver,
const int MAX, const int MAX_RATE_UP, const int MAX_RATE_DOWN,
const int MAX_ALLOWANCE, const int DRIVER_FACTOR);
int rt_rate_limit_check(int val, int val_last, const int MAX_RT_DELTA);
bool rt_rate_limit_check(int val, int val_last, const int MAX_RT_DELTA);
float interpolate(struct lookup_t xy, float x);
typedef void (*safety_hook_init)(int16_t param);
@ -44,9 +44,9 @@ typedef struct {
} safety_hooks;
// This can be set by the safety hooks.
int controls_allowed = 0;
int gas_interceptor_detected = 0;
bool controls_allowed = 0;
bool gas_interceptor_detected = 0;
int gas_interceptor_prev = 0;
// This is set by USB command 0xdf
int long_controls_allowed = 1;
bool long_controls_allowed = 1;

12
tests/safety/libpandasafety_py.py
View File

@ -30,12 +30,12 @@ typedef struct
uint32_t CNT;
} TIM_TypeDef;
void set_controls_allowed(int c);
int get_controls_allowed(void);
void set_long_controls_allowed(int c);
int get_long_controls_allowed(void);
void set_gas_interceptor_detected(int c);
int get_gas_interceptor_detetcted(void);
void set_controls_allowed(bool c);
bool get_controls_allowed(void);
void set_long_controls_allowed(bool c);
bool get_long_controls_allowed(void);
void set_gas_interceptor_detected(bool c);
bool get_gas_interceptor_detetcted(void);
int get_gas_interceptor_prev(void);
void set_timer(int t);
void reset_angle_control(void);

12
tests/safety/test.c
View File

@ -48,15 +48,15 @@ TIM_TypeDef *TIM2 = &timer;
#define static
#include "safety.h"
void set_controls_allowed(int c){
void set_controls_allowed(bool c){
controls_allowed = c;
}
void set_long_controls_allowed(int c){
void set_long_controls_allowed(bool c){
long_controls_allowed = c;
}
void set_gas_interceptor_detected(int c){
void set_gas_interceptor_detected(bool c){
gas_interceptor_detected = c;
}
@ -64,15 +64,15 @@ void reset_angle_control(void){
angle_control = 0;
}
int get_controls_allowed(void){
bool get_controls_allowed(void){
return controls_allowed;
}
int get_long_controls_allowed(void){
bool get_long_controls_allowed(void){
return long_controls_allowed;
}
int get_gas_interceptor_detected(void){
bool get_gas_interceptor_detected(void){
return gas_interceptor_detected;
}