Panda safety: minor generalization of the function max_limit_check

2018-06-20 18:34:31 -07:00 · 2018-06-20 18:34:31 -07:00 · 1a94543a22
parent 6b316011b3
commit 1a94543a22
4 changed files with 8 additions and 9 deletions
--- a/board/safety.h
+++ b/board/safety.h
@ -12,7 +12,7 @@ int safety_ignition_hook();
 uint32_t get_ts_elapsed(uint32_t ts, uint32_t ts_last);
 int to_signed(int d, int bits);
 void update_sample(struct sample_t *sample, int sample_new);
-int max_limit_check(int val, const int MAX);
+int max_limit_check(int val, const int MAX, const int MIN);
 int dist_to_meas_check(int val, int val_last, struct sample_t *val_meas,
  const int MAX_RATE_UP, const int MAX_RATE_DOWN, const int MAX_ERROR);
 int driver_limit_check(int val, int val_last, struct sample_t *val_driver,
@ -149,8 +149,8 @@ void update_sample(struct sample_t *sample, int sample_new) {
  }
 }

-int max_limit_check(int val, const int MAX) {
-  return (val > MAX) | (val < -MAX);
+int max_limit_check(int val, const int MAX, const int MIN) {
+  return (val > MAX) || (val < MIN);
 }

 // check that commanded value isn't too far from measured
--- a/board/safety/safety_cadillac.h
+++ b/board/safety/safety_cadillac.h
@ -70,7 +70,7 @@ static int cadillac_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
    if (controls_allowed) {

      // *** global torque limit check ***
-      violation |= max_limit_check(desired_torque, CADILLAC_MAX_STEER);
+      violation |= max_limit_check(desired_torque, CADILLAC_MAX_STEER, -CADILLAC_MAX_STEER);

      // *** torque rate limit check ***
      int desired_torque_last = cadillac_desired_torque_last[idx];
--- a/board/safety/safety_gm.h
+++ b/board/safety/safety_gm.h
@ -163,7 +163,7 @@ static int gm_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
    if (current_controls_allowed) {

      // *** global torque limit check ***
-      violation |= max_limit_check(desired_torque, GM_MAX_STEER);
+      violation |= max_limit_check(desired_torque, GM_MAX_STEER, -GM_MAX_STEER);

      // *** torque rate limit check ***
      violation |= driver_limit_check(desired_torque, gm_desired_torque_last, &gm_torque_driver,
--- a/board/safety/safety_toyota.h
+++ b/board/safety/safety_toyota.h
@ -71,9 +71,8 @@ static int toyota_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
      int desired_accel = ((to_send->RDLR & 0xFF) << 8) | ((to_send->RDLR >> 8) & 0xFF);
      desired_accel = to_signed(desired_accel, 16);
      if (controls_allowed && actuation_limits) {
-        if ((desired_accel > MAX_ACCEL) || (desired_accel < MIN_ACCEL)) {
-          return 0;
-        }
+        int violation = max_limit_check(desired_accel, MAX_ACCEL, MIN_ACCEL);
+        if (violation) return 0;
      } else if (!controls_allowed && (desired_accel != 0)) {
        return 0;
      }
@ -91,7 +90,7 @@ static int toyota_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
      if (controls_allowed && actuation_limits) {

        // *** global torque limit check ***
-        violation |= max_limit_check(desired_torque, MAX_TORQUE);
+        violation |= max_limit_check(desired_torque, MAX_TORQUE, -MAX_TORQUE);

        // *** torque rate limit check ***
        violation |= dist_to_meas_check(desired_torque, desired_torque_last, &torque_meas, MAX_RATE_UP, MAX_RATE_DOWN, MAX_TORQUE_ERROR);