All 14.4 violations are gone (commaai#213)

avolmensky · Jun 13, 2019 · 78308c0 · 78308c0
1 parent 0dc4f6f
commit 78308c0
Show file tree

Hide file tree

Showing 14 changed files with 54 additions and 53 deletions.
diff --git a/board/safety.h b/board/safety.h
@@ -130,12 +130,12 @@ void update_sample(struct sample_t *sample, int sample_new) {
   }
 }
 
-int max_limit_check(int val, const int MAX, const int MIN) {
+bool max_limit_check(int val, const int MAX, const int MIN) {
   return (val > MAX) || (val < MIN);
 }
 
 // check that commanded value isn't too far from measured
-int dist_to_meas_check(int val, int val_last, struct sample_t *val_meas,
+bool dist_to_meas_check(int val, int val_last, struct sample_t *val_meas,
   const int MAX_RATE_UP, const int MAX_RATE_DOWN, const int MAX_ERROR) {
 
   // *** val rate limit check ***
@@ -151,7 +151,7 @@ int dist_to_meas_check(int val, int val_last, struct sample_t *val_meas,
 }
 
 // check that commanded value isn't fighting against driver
-int driver_limit_check(int val, int val_last, struct sample_t *val_driver,
+bool driver_limit_check(int val, int val_last, struct sample_t *val_driver,
   const int MAX, const int MAX_RATE_UP, const int MAX_RATE_DOWN,
   const int MAX_ALLOWANCE, const int DRIVER_FACTOR) {
 
@@ -173,7 +173,7 @@ int driver_limit_check(int val, int val_last, struct sample_t *val_driver,
 
 
 // real time check, mainly used for steer torque rate limiter
-int rt_rate_limit_check(int val, int val_last, const int MAX_RT_DELTA) {
+bool rt_rate_limit_check(int val, int val_last, const int MAX_RT_DELTA) {
 
   // *** torque real time rate limit check ***
   int highest_val = max(val_last, 0) + MAX_RT_DELTA;

diff --git a/board/safety/safety_chrysler.h b/board/safety/safety_chrysler.h
@@ -5,7 +5,7 @@ const int CHRYSLER_MAX_RATE_UP = 3;
 const int CHRYSLER_MAX_RATE_DOWN = 3;
 const int CHRYSLER_MAX_TORQUE_ERROR = 80;    // max torque cmd in excess of torque motor
 
-int chrysler_camera_detected = 0;             // is giraffe switch 2 high?
+bool chrysler_camera_detected = 0;             // is giraffe switch 2 high?
 int chrysler_rt_torque_last = 0;
 int chrysler_desired_torque_last = 0;
 int chrysler_cruise_engaged_last = 0;
@@ -15,7 +15,7 @@ struct sample_t chrysler_torque_meas;         // last few torques measured
 static void chrysler_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {
   int bus = (to_push->RDTR >> 4) & 0xFF;
   uint32_t addr;
-  if (to_push->RIR & 4) {
+  if ((to_push->RIR & 4) != 0) {
     // Extended
     // Not looked at, but have to be separated
     // to avoid address collision
@@ -62,7 +62,7 @@ static int chrysler_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
   }
 
   uint32_t addr;
-  if (to_send->RIR & 4) {
+  if ((to_send->RIR & 4) != 0) {
     // Extended
     addr = to_send->RIR >> 3;
   } else {
@@ -76,7 +76,7 @@ static int chrysler_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
     int rdlr = to_send->RDLR;
     int desired_torque = ((rdlr & 0x7) << 8) + ((rdlr & 0xFF00) >> 8) - 1024;
     uint32_t ts = TIM2->CNT;
-    int violation = 0;
+    bool violation = 0;
 
     if (controls_allowed) {
 

diff --git a/board/safety/safety_elm327.h b/board/safety/safety_elm327.h
@@ -12,7 +12,7 @@ static int elm327_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
     tx = 0;
   }
 
-  if (to_send->RIR & 4) {
+  if ((to_send->RIR & 4) != 0) {
     uint32_t addr = to_send->RIR >> 3;
     //Check valid 29 bit send addresses for ISO 15765-4
     if (!((addr == 0x18DB33F1) || ((addr & 0x1FFF00FF) == 0x18DA00F1))) {

diff --git a/board/safety/safety_ford.h b/board/safety/safety_ford.h
@@ -21,8 +21,8 @@ static void ford_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {
 
   // state machine to enter and exit controls
   if ((to_push->RIR>>21) == 0x83) {
-    int cancel = ((to_push->RDLR >> 8) & 0x1);
-    int set_or_resume = (to_push->RDLR >> 28) & 0x3;
+    bool cancel = (to_push->RDLR >> 8) & 0x1;
+    bool set_or_resume = (to_push->RDLR >> 28) & 0x3;
     if (cancel) {
       controls_allowed = 0;
     } else if (set_or_resume) {
@@ -62,7 +62,7 @@ static int ford_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
   // disallow actuator commands if gas or brake (with vehicle moving) are pressed
   // and the the latching controls_allowed flag is True
   int pedal_pressed = ford_gas_prev || (ford_brake_prev && ford_is_moving);
-  int current_controls_allowed = controls_allowed && !(pedal_pressed);
+  bool current_controls_allowed = controls_allowed && !(pedal_pressed);
   int addr = to_send->RIR >> 21;
 
   // STEER: safety check
@@ -80,7 +80,7 @@ static int ford_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
   // FORCE CANCEL: safety check only relevant when spamming the cancel button
   // ensuring that set and resume aren't sent
   if (addr == 0x83) {
-    if ((to_send->RDLR >> 28) & 0x3) {
+    if (((to_send->RDLR >> 28) & 0x3) != 0) {
       tx = 0;
     }
   }

diff --git a/board/safety/safety_gm.h b/board/safety/safety_gm.h
@@ -23,8 +23,8 @@ int gm_brake_prev = 0;
 int gm_gas_prev = 0;
 int gm_speed = 0;
 // silence everything if stock car control ECUs are still online
-int gm_ascm_detected = 0;
-int gm_ignition_started = 0;
+bool gm_ascm_detected = 0;
+bool gm_ignition_started = 0;
 int gm_rt_torque_last = 0;
 int gm_desired_torque_last = 0;
 uint32_t gm_ts_last = 0;
@@ -33,7 +33,7 @@ struct sample_t gm_torque_driver;         // last few driver torques measured
 static void gm_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {
   int bus_number = (to_push->RDTR >> 4) & 0xFF;
   uint32_t addr;
-  if (to_push->RIR & 4) {
+  if ((to_push->RIR & 4) != 0) {
     // Extended
     // Not looked at, but have to be separated
     // to avoid address collision
@@ -109,7 +109,7 @@ static void gm_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {
 
   // exit controls on regen paddle
   if (addr == 189) {
-    int regen = to_push->RDLR & 0x20;
+    bool regen = to_push->RDLR & 0x20;
     if (regen) {
       controls_allowed = 0;
     }
@@ -134,10 +134,10 @@ static int gm_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
   // disallow actuator commands if gas or brake (with vehicle moving) are pressed
   // and the the latching controls_allowed flag is True
   int pedal_pressed = gm_gas_prev || (gm_brake_prev && gm_speed);
-  int current_controls_allowed = controls_allowed && !pedal_pressed;
+  bool current_controls_allowed = controls_allowed && !pedal_pressed;
 
   uint32_t addr;
-  if (to_send->RIR & 4) {
+  if ((to_send->RIR & 4) != 0) {
     // Extended
     addr = to_send->RIR >> 3;
   } else {
@@ -166,7 +166,7 @@ static int gm_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
     int rdlr = to_send->RDLR;
     int desired_torque = ((rdlr & 0x7) << 8) + ((rdlr & 0xFF00) >> 8);
     uint32_t ts = TIM2->CNT;
-    int violation = 0;
+    bool violation = 0;
     desired_torque = to_signed(desired_torque, 11);
 
     if (current_controls_allowed) {

diff --git a/board/safety/safety_honda.h b/board/safety/safety_honda.h
@@ -45,7 +45,8 @@ static void honda_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {
   #define USER_BRAKE_VALUE(to_push)  (!honda_alt_brake_msg ? ((to_push)->RDHR & 0x200000)  : ((to_push)->RDLR & 0x10))
   // exit controls on rising edge of brake press or on brake press when
   // speed > 0
-  if (IS_USER_BRAKE_MSG(addr)) {
+  bool is_user_brake_msg = IS_USER_BRAKE_MSG(addr);  // needed to enforce type
+  if (is_user_brake_msg) {
     int brake = USER_BRAKE_VALUE(to_push);
     if (brake && (!(honda_brake_prev) || honda_ego_speed)) {
       controls_allowed = 0;
@@ -93,7 +94,7 @@ static int honda_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
   // and the the latching controls_allowed flag is True
   int pedal_pressed = honda_gas_prev || (gas_interceptor_prev > HONDA_GAS_INTERCEPTOR_THRESHOLD) ||
                       (honda_brake_prev && honda_ego_speed);
-  int current_controls_allowed = controls_allowed && !(pedal_pressed);
+  bool current_controls_allowed = controls_allowed && !(pedal_pressed);
 
   // BRAKE: safety check
   if (addr == 0x1FA) {

diff --git a/board/safety/safety_hyundai.h b/board/safety/safety_hyundai.h
@@ -6,9 +6,9 @@ const int HYUNDAI_MAX_RATE_DOWN = 7;
 const int HYUNDAI_DRIVER_TORQUE_ALLOWANCE = 50;
 const int HYUNDAI_DRIVER_TORQUE_FACTOR = 2;
 
-int hyundai_camera_detected = 0;
+bool hyundai_camera_detected = 0;
+bool hyundai_giraffe_switch_2 = 0;          // is giraffe switch 2 high?
 int hyundai_camera_bus = 0;
-int hyundai_giraffe_switch_2 = 0;          // is giraffe switch 2 high?
 int hyundai_rt_torque_last = 0;
 int hyundai_desired_torque_last = 0;
 int hyundai_cruise_engaged_last = 0;
@@ -18,7 +18,7 @@ struct sample_t hyundai_torque_driver;         // last few driver torques measur
 static void hyundai_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {
   int bus = (to_push->RDTR >> 4) & 0xFF;
   uint32_t addr;
-  if (to_push->RIR & 4) {
+  if ((to_push->RIR & 4) != 0) {
     // Extended
     // Not looked at, but have to be separated
     // to avoid address collision
@@ -73,7 +73,7 @@ static int hyundai_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
   }
 
   uint32_t addr;
-  if (to_send->RIR & 4) {
+  if ((to_send->RIR & 4) != 0) {
     // Extended
     addr = to_send->RIR >> 3;
   } else {
@@ -85,7 +85,7 @@ static int hyundai_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
   if (addr == 832) {
     int desired_torque = ((to_send->RDLR >> 16) & 0x7ff) - 1024;
     uint32_t ts = TIM2->CNT;
-    int violation = 0;
+    bool violation = 0;
 
     if (controls_allowed) {
 

diff --git a/board/safety/safety_subaru.h b/board/safety/safety_subaru.h
@@ -45,7 +45,7 @@ static int subaru_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
   // steer cmd checks
   if (addr == 0x122) {
     int desired_torque = ((to_send->RDLR >> 16) & 0x1FFF);
-    int violation = 0;
+    bool violation = 0;
     uint32_t ts = TIM2->CNT;
     desired_torque = to_signed(desired_torque, 13);
 

diff --git a/board/safety/safety_tesla.h b/board/safety/safety_tesla.h
@@ -8,7 +8,7 @@
 //      brake rising edge
 //      brake > 0mph
 //
-int fmax_limit_check(float val, const float MAX, const float MIN) {
+bool fmax_limit_check(float val, const float MAX, const float MIN) {
   return (val > MAX) || (val < MIN);
 }
 
@@ -53,7 +53,7 @@ static void tesla_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) {
 
   //int bus_number = (to_push->RDTR >> 4) & 0xFF;
   uint32_t addr;
-  if (to_push->RIR & 4) {
+  if ((to_push->RIR & 4) != 0) {
     // Extended
     // Not looked at, but have to be separated
     // to avoid address collision
@@ -161,7 +161,7 @@ static int tesla_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
   if (addr == 0x488) {
     angle_raw = ((to_send->RDLR & 0x7F) << 8) + ((to_send->RDLR & 0xFF00) >> 8);
     desired_angle = (angle_raw * 0.1) - 1638.35;
-    int16_t violation = 0;
+    bool violation = 0;
     int st_enabled = (to_send->RDLR & 0x400000) >> 22;
 
     if (st_enabled == 0) {

diff --git a/board/safety/safety_toyota.h b/board/safety/safety_toyota.h
@@ -127,7 +127,7 @@ static int toyota_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
       int desired_accel = ((to_send->RDLR & 0xFF) << 8) | ((to_send->RDLR >> 8) & 0xFF);
       desired_accel = to_signed(desired_accel, 16);
       if (controls_allowed && long_controls_allowed) {
-        int violation = max_limit_check(desired_accel, TOYOTA_MAX_ACCEL, TOYOTA_MIN_ACCEL);
+        bool violation = max_limit_check(desired_accel, TOYOTA_MAX_ACCEL, TOYOTA_MIN_ACCEL);
         if (violation) {
           tx = 0;
         }
@@ -140,7 +140,7 @@ static int toyota_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
     if (addr == 0x2E4) {
       int desired_torque = (to_send->RDLR & 0xFF00) | ((to_send->RDLR >> 16) & 0xFF);
       desired_torque = to_signed(desired_torque, 16);
-      int violation = 0;
+      bool violation = 0;
 
       uint32_t ts = TIM2->CNT;
 

diff --git a/board/safety/safety_toyota_ipas.h b/board/safety/safety_toyota_ipas.h
@@ -112,7 +112,7 @@ static int toyota_ipas_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
       angle_control = 1;   // we are in angle control mode
       int desired_angle = ((to_send->RDLR & 0xf) << 8) + ((to_send->RDLR & 0xff00) >> 8);
       int ipas_state_cmd = ((to_send->RDLR & 0xff) >> 4);
-      int16_t violation = 0;
+      bool violation = 0;
 
       desired_angle = to_signed(desired_angle, 12);
 

diff --git a/board/safety_declarations.h b/board/safety_declarations.h
@@ -18,13 +18,13 @@ int safety_ignition_hook();
 uint32_t get_ts_elapsed(uint32_t ts, uint32_t ts_last);
 int to_signed(int d, int bits);
 void update_sample(struct sample_t *sample, int sample_new);
-int max_limit_check(int val, const int MAX, const int MIN);
-int dist_to_meas_check(int val, int val_last, struct sample_t *val_meas,
+bool max_limit_check(int val, const int MAX, const int MIN);
+bool dist_to_meas_check(int val, int val_last, struct sample_t *val_meas,
   const int MAX_RATE_UP, const int MAX_RATE_DOWN, const int MAX_ERROR);
-int driver_limit_check(int val, int val_last, struct sample_t *val_driver,
+bool driver_limit_check(int val, int val_last, struct sample_t *val_driver,
   const int MAX, const int MAX_RATE_UP, const int MAX_RATE_DOWN,
   const int MAX_ALLOWANCE, const int DRIVER_FACTOR);
-int rt_rate_limit_check(int val, int val_last, const int MAX_RT_DELTA);
+bool rt_rate_limit_check(int val, int val_last, const int MAX_RT_DELTA);
 float interpolate(struct lookup_t xy, float x);
 
 typedef void (*safety_hook_init)(int16_t param);
@@ -44,9 +44,9 @@ typedef struct {
 } safety_hooks;
 
 // This can be set by the safety hooks.
-int controls_allowed = 0;
-int gas_interceptor_detected = 0;
+bool controls_allowed = 0;
+bool gas_interceptor_detected = 0;
 int gas_interceptor_prev = 0;
 
 // This is set by USB command 0xdf
-int long_controls_allowed = 1;
+bool long_controls_allowed = 1;
diff --git a/tests/safety/libpandasafety_py.py b/tests/safety/libpandasafety_py.py
@@ -30,12 +30,12 @@
   uint32_t CNT;
 } TIM_TypeDef;
 
-void set_controls_allowed(int c);
-int get_controls_allowed(void);
-void set_long_controls_allowed(int c);
-int get_long_controls_allowed(void);
-void set_gas_interceptor_detected(int c);
-int get_gas_interceptor_detetcted(void);
+void set_controls_allowed(bool c);
+bool get_controls_allowed(void);
+void set_long_controls_allowed(bool c);
+bool get_long_controls_allowed(void);
+void set_gas_interceptor_detected(bool c);
+bool get_gas_interceptor_detetcted(void);
 int get_gas_interceptor_prev(void);
 void set_timer(int t);
 void reset_angle_control(void);

diff --git a/tests/safety/test.c b/tests/safety/test.c
@@ -48,31 +48,31 @@ TIM_TypeDef *TIM2 = &timer;
 #define static
 #include "safety.h"
 
-void set_controls_allowed(int c){
+void set_controls_allowed(bool c){
   controls_allowed = c;
 }
 
-void set_long_controls_allowed(int c){
+void set_long_controls_allowed(bool c){
   long_controls_allowed = c;
 }
 
-void set_gas_interceptor_detected(int c){
+void set_gas_interceptor_detected(bool c){
   gas_interceptor_detected = c;
 }
 
 void reset_angle_control(void){
   angle_control = 0;
 }
 
-int get_controls_allowed(void){
+bool get_controls_allowed(void){
   return controls_allowed;
 }
 
-int get_long_controls_allowed(void){
+bool get_long_controls_allowed(void){
   return long_controls_allowed;
 }
 
-int get_gas_interceptor_detected(void){
+bool get_gas_interceptor_detected(void){
   return gas_interceptor_detected;
 }