Misra 15 5 (commaai#210)

Remove 15.5 violations
avolmensky · Jun 13, 2019 · 67b831e · 67b831e
1 parent 3b496ee
commit 67b831e
Show file tree

Hide file tree

Showing 14 changed files with 224 additions and 149 deletions.
diff --git a/board/safety.h b/board/safety.h
@@ -81,16 +81,18 @@ const safety_hook_config safety_hook_registry[] = {
 #define HOOK_CONFIG_COUNT (sizeof(safety_hook_registry)/sizeof(safety_hook_config))
 
 int safety_set_mode(uint16_t mode, int16_t param) {
+  int set_status = -1;   // not set
   for (int i = 0; i < HOOK_CONFIG_COUNT; i++) {
     if (safety_hook_registry[i].id == mode) {
       current_hooks = safety_hook_registry[i].hooks;
-      if (current_hooks->init) {
-        current_hooks->init(param);
-      }
-      return 0;
+      set_status = 0;    // set
+      break;
     }
   }
-  return -1;
+  if ((set_status == 0) && (current_hooks->init != NULL)) {
+    current_hooks->init(param);
+  }
+  return set_status;
 }
 
 // compute the time elapsed (in microseconds) from 2 counter samples
@@ -118,7 +120,7 @@ void update_sample(struct sample_t *sample, int sample_new) {
   // get the minimum and maximum measured samples
   sample->min = sample->values[0];
   sample->max = sample->values[0];
-  for (int i = 1; i < sizeof(sample->values)/sizeof(sample->values[0]); i++) {
+  for (int i = 1; i < sizeof(sample->values) / sizeof(sample->values[0]); i++) {
     if (sample->values[i] < sample->min) {
       sample->min = sample->values[i];
     }
@@ -184,10 +186,13 @@ int rt_rate_limit_check(int val, int val_last, const int MAX_RT_DELTA) {
 
 // interp function that holds extreme values
 float interpolate(struct lookup_t xy, float x) {
+
   int size = sizeof(xy.x) / sizeof(xy.x[0]);
+  float ret = xy.y[size - 1];  // default output is last point
+
   // x is lower than the first point in the x array. Return the first point
   if (x <= xy.x[0]) {
-    return xy.y[0];
+    ret = xy.y[0];
 
   } else {
     // find the index such that (xy.x[i] <= x < xy.x[i+1]) and linearly interp
@@ -201,10 +206,10 @@ float interpolate(struct lookup_t xy, float x) {
         if (dx <= 0.) {
           dx = 0.0001;
         }
-        return (dy * (x - x0) / dx) + y0;
+        ret = (dy * (x - x0) / dx) + y0;
+        break;
       }
     }
-    // if no such point is found, then x > xy.x[size-1]. Return last point
-    return xy.y[size - 1];
   }
+  return ret;
 }
diff --git a/board/safety/safety_cadillac.h b/board/safety/safety_cadillac.h
@@ -54,6 +54,7 @@ static void cadillac_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {
 }
 
 static int cadillac_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
+  int tx = 1;
   uint32_t addr = to_send->RIR >> 21;
 
   // steer cmd checks
@@ -102,11 +103,11 @@ static int cadillac_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
     }
 
     if (violation || cadillac_supercruise_on) {
-      return false;
+      tx = 0;
     }
 
   }
-  return true;
+  return tx;
 }
 
 static void cadillac_init(int16_t param) {

diff --git a/board/safety/safety_chrysler.h b/board/safety/safety_chrysler.h
@@ -54,9 +54,11 @@ static void chrysler_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {
 
 static int chrysler_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
 
-  // There can be only one! (camera)
+  int tx = 1;
+
+  // If camera is on bus 0, then nothing can be sent
   if (chrysler_camera_detected) {
-    return 0;
+    tx = 0;
   }
 
   uint32_t addr;
@@ -112,7 +114,7 @@ static int chrysler_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
     }
 
     if (violation) {
-      return false;
+      tx = 0;
     }
   }
 
@@ -122,7 +124,7 @@ static int chrysler_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
   // TODO: fix bug preventing the button msg to be fwd'd on bus 2
 
   // 1 allows the message through
-  return true;
+  return tx;
 }
 
 static void chrysler_init(int16_t param) {
@@ -131,16 +133,18 @@ static void chrysler_init(int16_t param) {
 }
 
 static int chrysler_fwd_hook(int bus_num, CAN_FIFOMailBox_TypeDef *to_fwd) {
+
+  int bus_fwd = -1;
   int32_t addr = to_fwd->RIR >> 21;
   // forward CAN 0 -> 2 so stock LKAS camera sees messages
   if ((bus_num == 0) && !chrysler_camera_detected) {
-    return 2;
+    bus_fwd = 2;
   }
   // forward all messages from camera except LKAS_COMMAND and LKAS_HUD
   if ((bus_num == 2) && !chrysler_camera_detected && (addr != 658) && (addr != 678)) {
-    return 0;
+    bus_fwd = 0;
   }
-  return -1;  // do not forward
+  return bus_fwd;
 }
 
 

diff --git a/board/safety/safety_elm327.h b/board/safety/safety_elm327.h
@@ -1,28 +1,46 @@
 static int elm327_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
+
+  int tx = 1;
+
   //All ELM traffic must appear on CAN0
-  if(((to_send->RDTR >> 4) & 0xf) != 0) return 0;
+  if (((to_send->RDTR >> 4) & 0xf) != 0) {
+    tx = 0;
+  }
+
   //All ISO 15765-4 messages must be 8 bytes long
-  if((to_send->RDTR & 0xf) != 8) return 0;
+  if ((to_send->RDTR & 0xf) != 8) {
+    tx = 0;
+  }
 
-  if(to_send->RIR & 4){
+  if (to_send->RIR & 4) {
     uint32_t addr = to_send->RIR >> 3;
     //Check valid 29 bit send addresses for ISO 15765-4
-    if(!((addr == 0x18DB33F1) || ((addr & 0x1FFF00FF) == 0x18DA00F1))) return 0;
+    if (!((addr == 0x18DB33F1) || ((addr & 0x1FFF00FF) == 0x18DA00F1))) {
+      tx = 0;
+    }
   } else {
     uint32_t addr = to_send->RIR >> 21;
     //Check valid 11 bit send addresses for ISO 15765-4
-    if(!((addr == 0x7DF) || ((addr & 0x7F8) == 0x7E0))) return 0;
+    if (!((addr == 0x7DF) || ((addr & 0x7F8) == 0x7E0))) {
+      tx = 0;
+    }
   }
-
-  return true;
+  return tx;
 }
 
 static int elm327_tx_lin_hook(int lin_num, uint8_t *data, int len) {
-  if(lin_num != 0) return false; //Only operate on LIN 0, aka serial 2
-  if((len < 5) || (len > 11)) return false; //Valid KWP size
-  if(!(((data[0] & 0xF8) == 0xC0) && ((data[0] & 0x07) > 0) &&
-       (data[1] == 0x33) && (data[2] == 0xF1))) return false; //Bad msg
-  return true;
+  int tx = 1;
+  if (lin_num != 0) {
+    tx = 0;  //Only operate on LIN 0, aka serial 2
+  }
+  if ((len < 5) || (len > 11)) {
+    tx = 0;  //Valid KWP size
+  }
+  if (!(((data[0] & 0xF8) == 0xC0) && ((data[0] & 0x07) > 0) &&
+        (data[1] == 0x33) && (data[2] == 0xF1))) {
+    tx = 0;  //Bad msg
+  }
+  return tx;
 }
 
 const safety_hooks elm327_hooks = {

diff --git a/board/safety/safety_ford.h b/board/safety/safety_ford.h
@@ -58,29 +58,35 @@ static void ford_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {
 
 static int ford_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
 
+  int tx = 1;
   // disallow actuator commands if gas or brake (with vehicle moving) are pressed
   // and the the latching controls_allowed flag is True
   int pedal_pressed = ford_gas_prev || (ford_brake_prev && ford_is_moving);
   int current_controls_allowed = controls_allowed && !(pedal_pressed);
+  int addr = to_send->RIR >> 21;
 
   // STEER: safety check
-  if ((to_send->RIR>>21) == 0x3CA) {
+  if (addr == 0x3CA) {
     if (current_controls_allowed) {
       // all messages are fine here
     } else {
       // bits 7-4 need to be 0xF to disallow lkas commands
-      if (((to_send->RDLR >> 4) & 0xF) != 0xF) return 0;
+      if (((to_send->RDLR >> 4) & 0xF) != 0xF) {
+        tx = 0;
+      }
     }
   }
 
   // FORCE CANCEL: safety check only relevant when spamming the cancel button
   // ensuring that set and resume aren't sent
-  if ((to_send->RIR>>21) == 0x83) {
-    if ((to_send->RDLR >> 28) & 0x3) return 0;
+  if (addr == 0x83) {
+    if ((to_send->RDLR >> 28) & 0x3) {
+      tx = 0;
+    }
   }
 
   // 1 allows the message through
-  return true;
+  return tx;
 }
 
 const safety_hooks ford_hooks = {

diff --git a/board/safety/safety_gm.h b/board/safety/safety_gm.h
@@ -124,9 +124,11 @@ static void gm_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {
 
 static int gm_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
 
+  int tx = 1;
+
   // There can be only one! (ASCM)
   if (gm_ascm_detected) {
-    return 0;
+    tx = 0;
   }
 
   // disallow actuator commands if gas or brake (with vehicle moving) are pressed
@@ -149,9 +151,13 @@ static int gm_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
     int brake = ((rdlr & 0xF) << 8) + ((rdlr & 0xFF00) >> 8);
     brake = (0x1000 - brake) & 0xFFF;
     if (current_controls_allowed && long_controls_allowed) {
-      if (brake > GM_MAX_BRAKE) return 0;
+      if (brake > GM_MAX_BRAKE) {
+        tx = 0;
+      }
     } else {
-      if (brake != 0) return 0;
+      if (brake != 0) {
+        tx = 0;
+      }
     }
   }
 
@@ -200,29 +206,35 @@ static int gm_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
     }
 
     if (violation) {
-      return false;
+      tx = 0;
     }
   }
 
   // PARK ASSIST STEER: unlimited torque, no thanks
-  if (addr == 823) return 0;
+  if (addr == 823) {
+    tx = 0;
+  }
 
   // GAS/REGEN: safety check
   if (addr == 715) {
     int rdlr = to_send->RDLR;
     int gas_regen = ((rdlr & 0x7F0000) >> 11) + ((rdlr & 0xF8000000) >> 27);
     int apply = rdlr & 1;
     if (current_controls_allowed && long_controls_allowed) {
-      if (gas_regen > GM_MAX_GAS) return 0;
+      if (gas_regen > GM_MAX_GAS) {
+        tx = 0;
+      }
     } else {
       // Disabled message is !engaed with gas
       // value that corresponds to max regen.
-      if (apply || (gas_regen != GM_MAX_REGEN)) return 0;
+      if (apply || (gas_regen != GM_MAX_REGEN)) {
+        tx = 0;
+      }
     }
   }
 
   // 1 allows the message through
-  return true;
+  return tx;
 }
 
 static void gm_init(int16_t param) {

diff --git a/board/safety/safety_gm_ascm.h b/board/safety/safety_gm_ascm.h
@@ -3,42 +3,33 @@
 
 static int gm_ascm_fwd_hook(int bus_num, CAN_FIFOMailBox_TypeDef *to_fwd) {
 
-  uint32_t addr = to_fwd->RIR>>21;
+  int bus_fwd = -1;
 
   if (bus_num == 0) {
-
-    // do not propagate lkas messages from ascm to actuators
+    uint32_t addr = to_fwd->RIR >> 21;
+    bus_fwd = 2;
+    // do not propagate lkas messages from ascm to actuators, unless supercruise is on
     // block 0x152 and 0x154, which are the lkas command from ASCM1 and ASCM2
     // block 0x315 and 0x2cb, which are the brake and accel commands from ASCM1
     //if ((addr == 0x152) || (addr == 0x154) || (addr == 0x315) || (addr == 0x2cb)) {
     if ((addr == 0x152) || (addr == 0x154)) {
       int supercruise_on = (to_fwd->RDHR>>4) & 0x1;  // bit 36
-      if (!supercruise_on) return -1;
-    }
-
-    // on the chassis bus, the OBDII port is on the module side, so we need to read
-    // the lkas messages sent by openpilot (put on unused 0x151 ane 0x153 addrs) and send it to
-    // the actuator as 0x152 and 0x154
-    if (addr == 0x151) {
-      to_fwd->RIR = (0x152 << 21) | (to_fwd->RIR & 0x1fffff);
-    }
-    if (addr == 0x153) {
-      to_fwd->RIR = (0x154 << 21) | (to_fwd->RIR & 0x1fffff);
+      if (!supercruise_on) {
+        bus_fwd = -1;
+      }
+    } else if ((addr == 0x151) || (addr == 0x153) || (addr == 0x314)) {
+      // on the chassis bus, the OBDII port is on the module side, so we need to read
+      // the lkas messages sent by openpilot (put on unused 0x151 ane 0x153 addrs) and send it to
+      // the actuator as 0x152 and 0x154
+      to_fwd->RIR = ((addr + 1) << 21) | (to_fwd->RIR & 0x1fffff);
     }
-
-    // brake
-    if (addr == 0x314) {
-      to_fwd->RIR = (0x315 << 21) | (to_fwd->RIR & 0x1fffff);
-    }
-
-    return 2;
   }
 
   if (bus_num == 2) {
-    return 0;
+    bus_fwd = 0;
   }
 
-  return -1;
+  return bus_fwd;
 }
 
 const safety_hooks gm_ascm_hooks = {