From 01072bec0b595b7354893e775d399b7f321911ba Mon Sep 17 00:00:00 2001 From: rbiasini Date: Wed, 10 Jul 2019 20:56:03 -0700 Subject: [PATCH] Misra 11.x: pointer usage. (#250) * RDLR, RDHR gone from safety * back at not failing misra safety * fix safety tests * did not mean this * Use get-bytes in pedal too * Ignore Misra 11.5 and Fix 11.8 violaitons * Fix 11.3 violations * Neglect Misra 11.4, fix pointer issue in bootstub and rutn on Werror for pedal builds * Fix Misra 11.6: can't assign number to void pointer * Fix test after changing honda_moving name * for loop is better * Fix bugs from fbck --- board/drivers/llcan.h | 7 ++++++ board/drivers/usb.h | 14 +++++------ board/main.c | 32 ++++++++++++------------- board/pedal/Makefile | 2 +- board/pedal/main.c | 13 ++++------- board/provision.h | 2 +- board/safety/safety_cadillac.h | 15 ++++++------ board/safety/safety_chrysler.h | 8 +++---- board/safety/safety_ford.h | 24 ++++++++++--------- board/safety/safety_gm.h | 31 +++++++++++------------- board/safety/safety_gm_ascm.h | 2 +- board/safety/safety_honda.h | 35 ++++++++++++++------------- board/safety/safety_hyundai.h | 8 +++---- board/safety/safety_subaru.h | 6 ++--- board/safety/safety_tesla.h | 24 +++++++++---------- board/safety/safety_toyota.h | 14 +++++------ board/safety/safety_toyota_ipas.h | 12 +++++----- board/safety_declarations.h | 4 ---- board/spi_flasher.h | 11 +++++---- tests/misra/suppressions.txt | 4 ++++ tests/misra/test_misra.sh | 39 ++++++++++++++----------------- tests/safety/libpandasafety_py.py | 2 +- tests/safety/test.c | 15 +++++++++--- tests/safety/test_honda.py | 4 ++-- 24 files changed, 168 insertions(+), 160 deletions(-) diff --git a/board/drivers/llcan.h b/board/drivers/llcan.h index 41f01762e0063d..0a698d4e8d9b93 100644 --- a/board/drivers/llcan.h +++ b/board/drivers/llcan.h @@ -8,6 +8,13 @@ // 5000 = 500 kbps #define can_speed_to_prescaler(x) (CAN_PCLK / CAN_QUANTA * 10U / (x)) +#define GET_BUS(msg) (((msg)->RDTR >> 4) & 0xFF) +#define GET_LEN(msg) ((msg)->RDTR & 0xF) +#define GET_ADDR(msg) ((((msg)->RIR & 4) != 0) ? ((msg)->RIR >> 3) : ((msg)->RIR >> 21)) +#define GET_BYTE(msg, b) (((int)(b) > 3) ? (((msg)->RDHR >> (8U * ((unsigned int)(b) % 4U))) & 0XFFU) : (((msg)->RDLR >> (8U * (unsigned int)(b))) & 0xFFU)) +#define GET_BYTES_04(msg) ((msg)->RDLR) +#define GET_BYTES_48(msg) ((msg)->RDHR) + void puts(const char *a); bool llcan_set_speed(CAN_TypeDef *CAN_obj, uint32_t speed, bool loopback, bool silent) { diff --git a/board/drivers/usb.h b/board/drivers/usb.h index 1beb51c1d12fe5..e55906d89eb8a2 100644 --- a/board/drivers/usb.h +++ b/board/drivers/usb.h @@ -25,9 +25,9 @@ USB_Setup_TypeDef; void usb_init(void); int usb_cb_control_msg(USB_Setup_TypeDef *setup, uint8_t *resp, bool hardwired); -int usb_cb_ep1_in(uint8_t *usbdata, int len, bool hardwired); -void usb_cb_ep2_out(uint8_t *usbdata, int len, bool hardwired); -void usb_cb_ep3_out(uint8_t *usbdata, int len, bool hardwired); +int usb_cb_ep1_in(void *usbdata, int len, bool hardwired); +void usb_cb_ep2_out(void *usbdata, int len, bool hardwired); +void usb_cb_ep3_out(void *usbdata, int len, bool hardwired); void usb_cb_enumeration_complete(void); // **** supporting defines **** @@ -404,7 +404,7 @@ void *USB_ReadPacket(void *dest, uint16_t len) { return ((void *)dest_copy); } -void USB_WritePacket(const uint8_t *src, uint16_t len, uint32_t ep) { +void USB_WritePacket(const void *src, uint16_t len, uint32_t ep) { #ifdef DEBUG_USB puts("writing "); hexdump(src, len); @@ -420,10 +420,10 @@ void USB_WritePacket(const uint8_t *src, uint16_t len, uint32_t ep) { USBx_INEP(ep)->DIEPCTL |= (USB_OTG_DIEPCTL_CNAK | USB_OTG_DIEPCTL_EPENA); // load the FIFO - const uint8_t *src_copy = src; + const uint32_t *src_copy = (const uint32_t *)src; for (uint32_t i = 0; i < count32b; i++) { - USBx_DFIFO(ep) = *((__attribute__((__packed__)) uint32_t *)src_copy); - src_copy += 4; + USBx_DFIFO(ep) = *src_copy; + src_copy++; } } diff --git a/board/main.c b/board/main.c index eeb0496b01e8c5..f962169123d7d2 100644 --- a/board/main.c +++ b/board/main.c @@ -140,7 +140,7 @@ int get_health_pkt(void *dat) { return sizeof(*health); } -int usb_cb_ep1_in(uint8_t *usbdata, int len, bool hardwired) { +int usb_cb_ep1_in(void *usbdata, int len, bool hardwired) { UNUSED(hardwired); CAN_FIFOMailBox_TypeDef *reply = (CAN_FIFOMailBox_TypeDef *)usbdata; int ilen = 0; @@ -151,13 +151,14 @@ int usb_cb_ep1_in(uint8_t *usbdata, int len, bool hardwired) { } // send on serial, first byte to select the ring -void usb_cb_ep2_out(uint8_t *usbdata, int len, bool hardwired) { +void usb_cb_ep2_out(void *usbdata, int len, bool hardwired) { UNUSED(hardwired); - uart_ring *ur = get_ring_by_number(usbdata[0]); + uint8_t *usbdata8 = (uint8_t *)usbdata; + uart_ring *ur = get_ring_by_number(usbdata8[0]); if ((len != 0) && (ur != NULL)) { - if ((usbdata[0] < 2U) || safety_tx_lin_hook(usbdata[0] - 2U, usbdata + 1, len - 1)) { + if ((usbdata8[0] < 2U) || safety_tx_lin_hook(usbdata8[0] - 2U, usbdata8 + 1, len - 1)) { for (int i = 1; i < len; i++) { - while (!putc(ur, usbdata[i])) { + while (!putc(ur, usbdata8[i])) { // wait } } @@ -166,18 +167,16 @@ void usb_cb_ep2_out(uint8_t *usbdata, int len, bool hardwired) { } // send on CAN -void usb_cb_ep3_out(uint8_t *usbdata, int len, bool hardwired) { +void usb_cb_ep3_out(void *usbdata, int len, bool hardwired) { UNUSED(hardwired); int dpkt = 0; - for (dpkt = 0; dpkt < len; dpkt += 0x10) { - uint32_t *tf = (uint32_t*)(&usbdata[dpkt]); - - // make a copy + uint32_t *d32 = (uint32_t *)usbdata; + for (dpkt = 0; dpkt < (len / 4); dpkt += 4) { CAN_FIFOMailBox_TypeDef to_push; - to_push.RDHR = tf[3]; - to_push.RDLR = tf[2]; - to_push.RDTR = tf[1]; - to_push.RIR = tf[0]; + to_push.RDHR = d32[dpkt + 3]; + to_push.RDLR = d32[dpkt + 2]; + to_push.RDTR = d32[dpkt + 1]; + to_push.RIR = d32[dpkt]; uint8_t bus_number = (to_push.RDTR >> 4) & CAN_BUS_NUM_MASK; can_send(&to_push, bus_number); @@ -213,7 +212,7 @@ int usb_cb_control_msg(USB_Setup_TypeDef *setup, uint8_t *resp, bool hardwired) case 0xd0: // addresses are OTP if (setup->b.wValue.w == 1U) { - (void)memcpy(resp, (void *)0x1fff79c0, 0x10); + (void)memcpy(resp, (uint8_t *)0x1fff79c0, 0x10); resp_len = 0x10; } else { get_provision_chunk(resp); @@ -492,6 +491,7 @@ int usb_cb_control_msg(USB_Setup_TypeDef *setup, uint8_t *resp, bool hardwired) return resp_len; } +#ifndef EON int spi_cb_rx(uint8_t *data, int len, uint8_t *data_out) { // data[0] = endpoint // data[2] = length @@ -521,7 +521,7 @@ int spi_cb_rx(uint8_t *data, int len, uint8_t *data_out) { } return resp_len; } - +#endif // ***************************** main code ***************************** diff --git a/board/pedal/Makefile b/board/pedal/Makefile index 63144fc92bda60..7ce6dd07684da5 100644 --- a/board/pedal/Makefile +++ b/board/pedal/Makefile @@ -1,7 +1,7 @@ # :set noet PROJ_NAME = comma -CFLAGS = -O2 -Wall -Wextra -Wstrict-prototypes -std=gnu11 -DPEDAL +CFLAGS = -O2 -Wall -Wextra -Wstrict-prototypes -Werror -std=gnu11 -DPEDAL CFLAGS += -mlittle-endian -mthumb -mcpu=cortex-m3 CFLAGS += -msoft-float -DSTM32F2 -DSTM32F205xx CFLAGS += -I ../inc -I ../ -I ../../ -nostdlib -fno-builtin diff --git a/board/pedal/main.c b/board/pedal/main.c index 522acfd1db42fb..21a3a59fa638de 100644 --- a/board/pedal/main.c +++ b/board/pedal/main.c @@ -155,11 +155,11 @@ void CAN1_RX0_IRQHandler(void) { int address = CAN->sFIFOMailBox[0].RIR >> 21; if (address == CAN_GAS_INPUT) { // softloader entry - if (CAN->sFIFOMailBox[0].RDLR == 0xdeadface) { - if (CAN->sFIFOMailBox[0].RDHR == 0x0ab00b1e) { + if (GET_BYTES_04(&CAN->sFIFOMailBox[0]) == 0xdeadface) { + if (GET_BYTES_48(&CAN->sFIFOMailBox[0]) == 0x0ab00b1e) { enter_bootloader_mode = ENTER_SOFTLOADER_MAGIC; NVIC_SystemReset(); - } else if (CAN->sFIFOMailBox[0].RDHR == 0x02b00b1e) { + } else if (GET_BYTES_48(&CAN->sFIFOMailBox[0]) == 0x02b00b1e) { enter_bootloader_mode = ENTER_BOOTLOADER_MAGIC; NVIC_SystemReset(); } else { @@ -169,11 +169,8 @@ void CAN1_RX0_IRQHandler(void) { // normal packet uint8_t dat[8]; - uint8_t *rdlr = (uint8_t *)&CAN->sFIFOMailBox[0].RDLR; - uint8_t *rdhr = (uint8_t *)&CAN->sFIFOMailBox[0].RDHR; - for (int i=0; i<4; i++) { - dat[i] = rdlr[i]; - dat[i+4] = rdhr[i]; + for (int i=0; i<8; i++) { + dat[i] = GET_BYTE(&CAN->sFIFOMailBox[0], i); } uint16_t value_0 = (dat[0] << 8) | dat[1]; uint16_t value_1 = (dat[2] << 8) | dat[3]; diff --git a/board/provision.h b/board/provision.h index 5b0a520d7f3890..9091322f1a1091 100644 --- a/board/provision.h +++ b/board/provision.h @@ -5,7 +5,7 @@ // SHA1 checksum = 0x1C - 0x20 void get_provision_chunk(uint8_t *resp) { - (void)memcpy(resp, (void *)0x1fff79e0, PROVISION_CHUNK_LEN); + (void)memcpy(resp, (uint8_t *)0x1fff79e0, PROVISION_CHUNK_LEN); if (memcmp(resp, "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff", 0x20) == 0) { (void)memcpy(resp, "unprovisioned\x00\x00\x00testing123\x00\x00\xa3\xa6\x99\xec", 0x20); } diff --git a/board/safety/safety_cadillac.h b/board/safety/safety_cadillac.h index ef114abfe9143e..ef63360955fe7f 100644 --- a/board/safety/safety_cadillac.h +++ b/board/safety/safety_cadillac.h @@ -10,13 +10,13 @@ const int CADILLAC_MAX_RATE_DOWN = 5; const int CADILLAC_DRIVER_TORQUE_ALLOWANCE = 50; const int CADILLAC_DRIVER_TORQUE_FACTOR = 4; -int cadillac_ign = 0; +bool cadillac_ign = 0; int cadillac_cruise_engaged_last = 0; int cadillac_rt_torque_last = 0; const int cadillac_torque_msgs_n = 4; int cadillac_desired_torque_last[CADILLAC_TORQUE_MSG_N] = {0}; uint32_t cadillac_ts_last = 0; -int cadillac_supercruise_on = 0; +bool cadillac_supercruise_on = 0; struct sample_t cadillac_torque_driver; // last few driver torques measured int cadillac_get_torque_idx(int addr, int array_size) { @@ -28,7 +28,8 @@ static void cadillac_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { int addr = GET_ADDR(to_push); if (addr == 356) { - int torque_driver_new = ((to_push->RDLR & 0x7) << 8) | ((to_push->RDLR >> 8) & 0xFF); + int torque_driver_new = ((GET_BYTE(to_push, 0) & 0x7U) << 8) | (GET_BYTE(to_push, 1)); + torque_driver_new = to_signed(torque_driver_new, 11); // update array of samples update_sample(&cadillac_torque_driver, torque_driver_new); @@ -36,12 +37,12 @@ static void cadillac_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { // this message isn't all zeros when ignition is on if ((addr == 0x160) && (bus == 0)) { - cadillac_ign = to_push->RDLR > 0; + cadillac_ign = GET_BYTES_04(to_push) != 0; } // enter controls on rising edge of ACC, exit controls on ACC off if ((addr == 0x370) && (bus == 0)) { - int cruise_engaged = to_push->RDLR & 0x800000; // bit 23 + int cruise_engaged = GET_BYTE(to_push, 2) & 0x80; // bit 23 if (cruise_engaged && !cadillac_cruise_engaged_last) { controls_allowed = 1; } @@ -53,7 +54,7 @@ static void cadillac_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { // know supercruise mode and block openpilot msgs if on if ((addr == 0x152) || (addr == 0x154)) { - cadillac_supercruise_on = (to_push->RDHR>>4) & 0x1; + cadillac_supercruise_on = (GET_BYTE(to_push, 4) & 0x10) != 0; } } @@ -63,7 +64,7 @@ static int cadillac_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { // steer cmd checks if ((addr == 0x151) || (addr == 0x152) || (addr == 0x153) || (addr == 0x154)) { - int desired_torque = ((to_send->RDLR & 0x3f) << 8) + ((to_send->RDLR & 0xff00) >> 8); + int desired_torque = ((GET_BYTE(to_send, 0) & 0x3f) << 8) | GET_BYTE(to_send, 1); int violation = 0; uint32_t ts = TIM2->CNT; int idx = cadillac_get_torque_idx(addr, CADILLAC_TORQUE_MSG_N); diff --git a/board/safety/safety_chrysler.h b/board/safety/safety_chrysler.h index 19149b6b7a7ae9..e608785739b109 100644 --- a/board/safety/safety_chrysler.h +++ b/board/safety/safety_chrysler.h @@ -18,8 +18,7 @@ static void chrysler_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { // Measured eps torque if (addr == 544) { - uint32_t rdhr = to_push->RDHR; - int torque_meas_new = ((rdhr & 0x7U) << 8) + ((rdhr & 0xFF00U) >> 8) - 1024U; + int torque_meas_new = ((GET_BYTE(to_push, 4) & 0x7U) << 8) + GET_BYTE(to_push, 5) - 1024U; // update array of samples update_sample(&chrysler_torque_meas, torque_meas_new); @@ -27,7 +26,7 @@ static void chrysler_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { // enter controls on rising edge of ACC, exit controls on ACC off if (addr == 0x1F4) { - int cruise_engaged = ((to_push->RDLR & 0x380000) >> 19) == 7; + int cruise_engaged = ((GET_BYTE(to_push, 2) & 0x38) >> 3) == 7; if (cruise_engaged && !chrysler_cruise_engaged_last) { controls_allowed = 1; } @@ -57,8 +56,7 @@ static int chrysler_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { // LKA STEER if (addr == 0x292) { - uint32_t rdlr = to_send->RDLR; - int desired_torque = ((rdlr & 0x7U) << 8) + ((rdlr & 0xFF00U) >> 8) - 1024U; + int desired_torque = ((GET_BYTE(to_send, 0) & 0x7U) << 8) + GET_BYTE(to_send, 1) - 1024U; uint32_t ts = TIM2->CNT; bool violation = 0; diff --git a/board/safety/safety_ford.h b/board/safety/safety_ford.h index 21c9c54db1300c..0bb839f2f6513d 100644 --- a/board/safety/safety_ford.h +++ b/board/safety/safety_ford.h @@ -9,7 +9,7 @@ int ford_brake_prev = 0; int ford_gas_prev = 0; -int ford_is_moving = 0; +bool ford_moving = false; static void ford_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { @@ -17,14 +17,16 @@ static void ford_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { if (addr == 0x217) { // wheel speeds are 14 bits every 16 - ford_is_moving = 0xFCFF & (to_push->RDLR | (to_push->RDLR >> 16) | - to_push->RDHR | (to_push->RDHR >> 16)); + ford_moving = false; + for (int i = 0; i < 8; i += 2) { + ford_moving |= GET_BYTE(to_push, i) | (GET_BYTE(to_push, (int)(i + 1)) & 0xFCU); + } } // state machine to enter and exit controls if (addr == 0x83) { - bool cancel = (to_push->RDLR >> 8) & 0x1; - bool set_or_resume = (to_push->RDLR >> 28) & 0x3; + bool cancel = GET_BYTE(to_push, 1) & 0x1; + bool set_or_resume = GET_BYTE(to_push, 3) & 0x30; if (cancel) { controls_allowed = 0; } @@ -36,8 +38,8 @@ static void ford_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { // exit controls on rising edge of brake press or on brake press when // speed > 0 if (addr == 0x165) { - int brake = to_push->RDLR & 0x20; - if (brake && (!(ford_brake_prev) || ford_is_moving)) { + int brake = GET_BYTE(to_push, 0) & 0x20; + if (brake && (!(ford_brake_prev) || ford_moving)) { controls_allowed = 0; } ford_brake_prev = brake; @@ -45,7 +47,7 @@ static void ford_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { // exit controls on rising edge of gas press if (addr == 0x204) { - int gas = to_push->RDLR & 0xFF03; + int gas = (GET_BYTE(to_push, 0) & 0x03) | GET_BYTE(to_push, 1); if (gas && !(ford_gas_prev)) { controls_allowed = 0; } @@ -64,7 +66,7 @@ static int ford_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { int tx = 1; // disallow actuator commands if gas or brake (with vehicle moving) are pressed // and the the latching controls_allowed flag is True - int pedal_pressed = ford_gas_prev || (ford_brake_prev && ford_is_moving); + int pedal_pressed = ford_gas_prev || (ford_brake_prev && ford_moving); bool current_controls_allowed = controls_allowed && !(pedal_pressed); int addr = GET_ADDR(to_send); @@ -72,7 +74,7 @@ static int ford_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { if (addr == 0x3CA) { if (!current_controls_allowed) { // bits 7-4 need to be 0xF to disallow lkas commands - if (((to_send->RDLR >> 4) & 0xF) != 0xF) { + if ((GET_BYTE(to_send, 0) & 0xF0) != 0xF0) { tx = 0; } } @@ -81,7 +83,7 @@ static int ford_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { // FORCE CANCEL: safety check only relevant when spamming the cancel button // ensuring that set and resume aren't sent if (addr == 0x83) { - if (((to_send->RDLR >> 28) & 0x3) != 0) { + if ((GET_BYTE(to_send, 3) & 0x30) != 0) { tx = 0; } } diff --git a/board/safety/safety_gm.h b/board/safety/safety_gm.h index 949f5c7e73f09f..9ca5ca32366e8d 100644 --- a/board/safety/safety_gm.h +++ b/board/safety/safety_gm.h @@ -21,7 +21,7 @@ const int GM_MAX_BRAKE = 350; int gm_brake_prev = 0; int gm_gas_prev = 0; -int gm_speed = 0; +bool gm_moving = false; // silence everything if stock car control ECUs are still online bool gm_ascm_detected = 0; bool gm_ignition_started = 0; @@ -35,7 +35,7 @@ static void gm_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { int addr = GET_ADDR(to_push); if (addr == 388) { - int torque_driver_new = (((to_push->RDHR >> 16) & 0x7) << 8) | ((to_push->RDHR >> 24) & 0xFF); + int torque_driver_new = ((GET_BYTE(to_push, 6) & 0x7) << 8) | GET_BYTE(to_push, 7); torque_driver_new = to_signed(torque_driver_new, 11); // update array of samples update_sample(&gm_torque_driver, torque_driver_new); @@ -44,14 +44,14 @@ static void gm_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { if ((addr == 0x1F1) && (bus_number == 0)) { //Bit 5 should be ignition "on" //Backup plan is Bit 2 (accessory power) - bool ign = ((to_push->RDLR) & 0x20) != 0; + bool ign = (GET_BYTE(to_push, 0) & 0x20) != 0; gm_ignition_started = ign; } // sample speed, really only care if car is moving or not // rear left wheel speed if (addr == 842) { - gm_speed = to_push->RDLR & 0xFFFF; + gm_moving = GET_BYTE(to_push, 0) | GET_BYTE(to_push, 1); } // Check if ASCM or LKA camera are online @@ -65,7 +65,7 @@ static void gm_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { // ACC steering wheel buttons if (addr == 481) { - int button = (to_push->RDHR >> 12) & 0x7; + int button = (GET_BYTE(to_push, 5) & 0x70) >> 4; switch (button) { case 2: // resume case 3: // set @@ -82,13 +82,13 @@ static void gm_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { // exit controls on rising edge of brake press or on brake press when // speed > 0 if (addr == 241) { - int brake = (to_push->RDLR & 0xFF00) >> 8; + int brake = GET_BYTE(to_push, 1); // Brake pedal's potentiometer returns near-zero reading // even when pedal is not pressed if (brake < 10) { brake = 0; } - if (brake && (!gm_brake_prev || gm_speed)) { + if (brake && (!gm_brake_prev || gm_moving)) { controls_allowed = 0; } gm_brake_prev = brake; @@ -96,7 +96,7 @@ static void gm_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { // exit controls on rising edge of gas press if (addr == 417) { - int gas = to_push->RDHR & 0xFF0000; + int gas = GET_BYTE(to_push, 6); if (gas && !gm_gas_prev && long_controls_allowed) { controls_allowed = 0; } @@ -105,7 +105,7 @@ static void gm_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { // exit controls on regen paddle if (addr == 189) { - bool regen = to_push->RDLR & 0x20; + bool regen = GET_BYTE(to_push, 0) & 0x20; if (regen) { controls_allowed = 0; } @@ -129,15 +129,14 @@ static int gm_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { // disallow actuator commands if gas or brake (with vehicle moving) are pressed // and the the latching controls_allowed flag is True - int pedal_pressed = gm_gas_prev || (gm_brake_prev && gm_speed); + int pedal_pressed = gm_gas_prev || (gm_brake_prev && gm_moving); bool current_controls_allowed = controls_allowed && !pedal_pressed; int addr = GET_ADDR(to_send); // BRAKE: safety check if (addr == 789) { - uint32_t rdlr = to_send->RDLR; - int brake = ((rdlr & 0xFU) << 8) + ((rdlr & 0xFF00U) >> 8); + int brake = ((GET_BYTE(to_send, 0) & 0xFU) << 8) + GET_BYTE(to_send, 1); brake = (0x1000 - brake) & 0xFFF; if (!current_controls_allowed || !long_controls_allowed) { if (brake != 0) { @@ -151,8 +150,7 @@ static int gm_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { // LKA STEER: safety check if (addr == 384) { - uint32_t rdlr = to_send->RDLR; - int desired_torque = ((rdlr & 0x7U) << 8) + ((rdlr & 0xFF00U) >> 8); + int desired_torque = ((GET_BYTE(to_send, 0) & 0x7U) << 8) + GET_BYTE(to_send, 1); uint32_t ts = TIM2->CNT; bool violation = 0; desired_torque = to_signed(desired_torque, 11); @@ -205,12 +203,11 @@ static int gm_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { // GAS/REGEN: safety check if (addr == 715) { - uint32_t rdlr = to_send->RDLR; - int gas_regen = ((rdlr & 0x7F0000U) >> 11) + ((rdlr & 0xF8000000U) >> 27); + int gas_regen = ((GET_BYTE(to_send, 2) & 0x7FU) << 5) + ((GET_BYTE(to_send, 3) & 0xF8U) >> 3); // Disabled message is !engaed with gas // value that corresponds to max regen. if (!current_controls_allowed || !long_controls_allowed) { - bool apply = (rdlr & 1U) != 0U; + bool apply = GET_BYTE(to_send, 0) & 1U; if (apply || (gas_regen != GM_MAX_REGEN)) { tx = 0; } diff --git a/board/safety/safety_gm_ascm.h b/board/safety/safety_gm_ascm.h index d452818d69b59d..82f1db6ae5741e 100644 --- a/board/safety/safety_gm_ascm.h +++ b/board/safety/safety_gm_ascm.h @@ -13,7 +13,7 @@ static int gm_ascm_fwd_hook(int bus_num, CAN_FIFOMailBox_TypeDef *to_fwd) { // block 0x315 and 0x2cb, which are the brake and accel commands from ASCM1 //if ((addr == 0x152) || (addr == 0x154) || (addr == 0x315) || (addr == 0x2cb)) { if ((addr == 0x152) || (addr == 0x154)) { - int supercruise_on = (to_fwd->RDHR >> 4) & 0x1; // bit 36 + bool supercruise_on = (GET_BYTE(to_fwd, 4) & 0x10) != 0; // bit 36 if (!supercruise_on) { bus_fwd = -1; } diff --git a/board/safety/safety_honda.h b/board/safety/safety_honda.h index 44a57ec978ff36..c36c60fe6aa763 100644 --- a/board/safety/safety_honda.h +++ b/board/safety/safety_honda.h @@ -10,7 +10,7 @@ const int HONDA_GAS_INTERCEPTOR_THRESHOLD = 328; // ratio between offset and gain from dbc file int honda_brake_prev = 0; int honda_gas_prev = 0; -int honda_ego_speed = 0; +bool honda_moving = false; bool honda_bosch_hardware = false; bool honda_alt_brake_msg = false; @@ -22,13 +22,13 @@ static void honda_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { // sample speed if (addr == 0x158) { // first 2 bytes - honda_ego_speed = to_push->RDLR & 0xFFFF; + honda_moving = GET_BYTE(to_push, 0) | GET_BYTE(to_push, 1); } // state machine to enter and exit controls // 0x1A6 for the ILX, 0x296 for the Civic Touring if ((addr == 0x1A6) || (addr == 0x296)) { - int button = (to_push->RDLR & 0xE0) >> 5; + int button = (GET_BYTE(to_push, 0) & 0xE0) >> 5; switch (button) { case 2: // cancel controls_allowed = 0; @@ -48,14 +48,11 @@ static void honda_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { // in these cases, this is used instead. // most hondas: 0x17C bit 53 // accord, crv: 0x1BE bit 4 - #define IS_USER_BRAKE_MSG(addr) (!honda_alt_brake_msg ? ((addr) == 0x17C) : ((addr) == 0x1BE)) - #define USER_BRAKE_VALUE(to_push) (!honda_alt_brake_msg ? ((to_push)->RDHR & 0x200000) : ((to_push)->RDLR & 0x10)) - // exit controls on rising edge of brake press or on brake press when - // speed > 0 - bool is_user_brake_msg = IS_USER_BRAKE_MSG(addr); // needed to enforce type + // exit controls on rising edge of brake press or on brake press when speed > 0 + bool is_user_brake_msg = honda_alt_brake_msg ? ((addr) == 0x1BE) : ((addr) == 0x17C); if (is_user_brake_msg) { - int brake = USER_BRAKE_VALUE(to_push); - if (brake && (!(honda_brake_prev) || honda_ego_speed)) { + int brake = honda_alt_brake_msg ? (GET_BYTE((to_push), 0) & 0x10) : (GET_BYTE((to_push), 6) & 0x20); + if (brake && (!(honda_brake_prev) || honda_moving)) { controls_allowed = 0; } honda_brake_prev = brake; @@ -65,7 +62,7 @@ static void honda_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { // length check because bosch hardware also uses this id (0x201 w/ len = 8) if ((addr == 0x201) && (len == 6)) { gas_interceptor_detected = 1; - int gas_interceptor = ((to_push->RDLR & 0xFF) << 8) | ((to_push->RDLR & 0xFF00) >> 8); + int gas_interceptor = (GET_BYTE(to_push, 0) << 8) | GET_BYTE(to_push, 1); if ((gas_interceptor > HONDA_GAS_INTERCEPTOR_THRESHOLD) && (gas_interceptor_prev <= HONDA_GAS_INTERCEPTOR_THRESHOLD) && long_controls_allowed) { @@ -77,7 +74,7 @@ static void honda_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { // exit controls on rising edge of gas press if no interceptor if (!gas_interceptor_detected) { if (addr == 0x17C) { - int gas = to_push->RDLR & 0xFF; + int gas = GET_BYTE(to_push, 0); if (gas && !(honda_gas_prev) && long_controls_allowed) { controls_allowed = 0; } @@ -101,17 +98,18 @@ static int honda_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { // disallow actuator commands if gas or brake (with vehicle moving) are pressed // and the the latching controls_allowed flag is True int pedal_pressed = honda_gas_prev || (gas_interceptor_prev > HONDA_GAS_INTERCEPTOR_THRESHOLD) || - (honda_brake_prev && honda_ego_speed); + (honda_brake_prev && honda_moving); bool current_controls_allowed = controls_allowed && !(pedal_pressed); // BRAKE: safety check if (addr == 0x1FA) { + int brake = (GET_BYTE(to_send, 0) << 2) + (GET_BYTE(to_send, 1) & 0x3); if (!current_controls_allowed || !long_controls_allowed) { - if ((to_send->RDLR & 0xFFFF0000) != to_send->RDLR) { + if (brake != 0) { tx = 0; } } - if ((to_send->RDLR & 0xFFFFFF3F) != to_send->RDLR) { + if (brake > 255) { tx = 0; } } @@ -119,7 +117,8 @@ static int honda_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { // STEER: safety check if ((addr == 0xE4) || (addr == 0x194)) { if (!current_controls_allowed) { - if ((to_send->RDLR & 0xFFFF0000) != to_send->RDLR) { + bool steer_applied = GET_BYTE(to_send, 0) | GET_BYTE(to_send, 1); + if (steer_applied) { tx = 0; } } @@ -128,7 +127,7 @@ static int honda_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { // GAS: safety check if (addr == 0x200) { if (!current_controls_allowed || !long_controls_allowed) { - if ((to_send->RDLR & 0xFFFF0000) != to_send->RDLR) { + if (GET_BYTE(to_send, 0) || GET_BYTE(to_send, 1)) { tx = 0; } } @@ -139,7 +138,7 @@ static int honda_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { // This avoids unintended engagements while still allowing resume spam if ((addr == 0x296) && honda_bosch_hardware && !current_controls_allowed && (bus == 0)) { - if (((to_send->RDLR >> 5) & 0x7) != 2) { + if (((GET_BYTE(to_send, 0) >> 5) & 0x7) != 2) { tx = 0; } } diff --git a/board/safety/safety_hyundai.h b/board/safety/safety_hyundai.h index c1b55359bdfe11..aed30621f44b00 100644 --- a/board/safety/safety_hyundai.h +++ b/board/safety/safety_hyundai.h @@ -20,7 +20,7 @@ static void hyundai_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { int addr = GET_ADDR(to_push); if (addr == 897) { - int torque_driver_new = ((to_push->RDLR >> 11) & 0xfff) - 2048; + int torque_driver_new = ((GET_BYTES_04(to_push) >> 11) & 0xfff) - 2048; // update array of samples update_sample(&hyundai_torque_driver, torque_driver_new); } @@ -39,7 +39,7 @@ static void hyundai_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { // enter controls on rising edge of ACC, exit controls on ACC off if (addr == 1057) { // 2 bits: 13-14 - int cruise_engaged = (to_push->RDLR >> 13) & 0x3; + int cruise_engaged = (GET_BYTES_04(to_push) >> 13) & 0x3; if (cruise_engaged && !hyundai_cruise_engaged_last) { controls_allowed = 1; } @@ -67,7 +67,7 @@ static int hyundai_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { // LKA STEER: safety check if (addr == 832) { - int desired_torque = ((to_send->RDLR >> 16) & 0x7ff) - 1024; + int desired_torque = ((GET_BYTES_04(to_send) >> 16) & 0x7ff) - 1024; uint32_t ts = TIM2->CNT; bool violation = 0; @@ -117,7 +117,7 @@ static int hyundai_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { // This avoids unintended engagements while still allowing resume spam // TODO: fix bug preventing the button msg to be fwd'd on bus 2 //if ((addr == 1265) && !controls_allowed && (bus == 0) { - // if ((to_send->RDLR & 0x7) != 4) { + // if ((GET_BYTES_04(to_send) & 0x7) != 4) { // tx = 0; // } //} diff --git a/board/safety/safety_subaru.h b/board/safety/safety_subaru.h index c7a8c20e52c963..3eda8369be4c49 100644 --- a/board/safety/safety_subaru.h +++ b/board/safety/safety_subaru.h @@ -20,7 +20,7 @@ static void subaru_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { int addr = GET_ADDR(to_push); if ((addr == 0x119) && (bus == 0)){ - int torque_driver_new = ((to_push->RDLR >> 16) & 0x7FF); + int torque_driver_new = ((GET_BYTES_04(to_push) >> 16) & 0x7FF); torque_driver_new = to_signed(torque_driver_new, 11); // update array of samples update_sample(&subaru_torque_driver, torque_driver_new); @@ -28,7 +28,7 @@ static void subaru_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { // enter controls on rising edge of ACC, exit controls on ACC off if ((addr == 0x240) && (bus == 0)) { - int cruise_engaged = (to_push->RDHR >> 9) & 1; + int cruise_engaged = GET_BYTE(to_push, 5) & 2; if (cruise_engaged && !subaru_cruise_engaged_last) { controls_allowed = 1; } @@ -45,7 +45,7 @@ static int subaru_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { // steer cmd checks if (addr == 0x122) { - int desired_torque = ((to_send->RDLR >> 16) & 0x1FFF); + int desired_torque = ((GET_BYTES_04(to_send) >> 16) & 0x1FFF); bool violation = 0; uint32_t ts = TIM2->CNT; desired_torque = to_signed(desired_torque, 13); diff --git a/board/safety/safety_tesla.h b/board/safety/safety_tesla.h index b58e6b2bbf7ad4..188b12ac481dfc 100644 --- a/board/safety/safety_tesla.h +++ b/board/safety/safety_tesla.h @@ -55,7 +55,7 @@ static void tesla_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { if (addr == 0x45) { // 6 bits starting at position 0 - int lever_position = (to_push->RDLR & 0x3F); + int lever_position = GET_BYTE(to_push, 0) & 0x3F; if (lever_position == 2) { // pull forward // activate openpilot controls_allowed = 1; @@ -69,7 +69,7 @@ static void tesla_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { // Detect drive rail on (ignition) (start recording) if (addr == 0x348) { // GTW_status - int drive_rail_on = (to_push->RDLR & 0x0001); + int drive_rail_on = GET_BYTE(to_push, 0) & 0x1; tesla_ignition_started = drive_rail_on == 1; } @@ -77,12 +77,12 @@ static void tesla_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { // DI_torque2::DI_brakePedal 0x118 if (addr == 0x118) { // 1 bit at position 16 - if ((((to_push->RDLR & 0x8000)) >> 15) == 1) { + if ((GET_BYTE(to_push, 1) & 0x80) != 0) { // disable break cancel by commenting line below controls_allowed = 0; } //get vehicle speed in m/s. Tesla gives MPH - tesla_speed = ((((((to_push->RDLR >> 24) & 0xF) << 8) + ((to_push->RDLR >> 16) & 0xFF)) * 0.05) - 25) * 1.609 / 3.6; + tesla_speed = (((((GET_BYTE(to_push, 3) & 0xF) << 8) + GET_BYTE(to_push, 2)) * 0.05) - 25) * 1.609 / 3.6; if (tesla_speed < 0) { tesla_speed = 0; } @@ -92,7 +92,7 @@ static void tesla_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { // EPAS_sysStatus::EPAS_eacStatus 0x370 if (addr == 0x370) { // if EPAS_eacStatus is not 1 or 2, disable control - eac_status = ((to_push->RDHR >> 21)) & 0x7; + eac_status = (GET_BYTE(to_push, 6) >> 5) & 0x7; // For human steering override we must not disable controls when eac_status == 0 // Additional safety: we could only allow eac_status == 0 when we have human steering allowed if (controls_allowed && (eac_status != 0) && (eac_status != 1) && (eac_status != 2)) { @@ -102,7 +102,7 @@ static void tesla_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { } //get latest steering wheel angle if (addr == 0x00E) { - float angle_meas_now = (int)(((((to_push->RDLR & 0x3F) << 8) + ((to_push->RDLR >> 8) & 0xFF)) * 0.1) - 819.2); + float angle_meas_now = (int)(((((GET_BYTE(to_push, 0) & 0x3F) << 8) + GET_BYTE(to_push, 1)) * 0.1) - 819.2); uint32_t ts = TIM2->CNT; uint32_t ts_elapsed = get_ts_elapsed(ts, tesla_ts_angle_last); @@ -146,10 +146,10 @@ static int tesla_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { // do not transmit CAN message if steering angle too high // DAS_steeringControl::DAS_steeringAngleRequest if (addr == 0x488) { - float angle_raw = ((to_send->RDLR & 0x7F) << 8) + ((to_send->RDLR & 0xFF00) >> 8); + float angle_raw = ((GET_BYTE(to_send, 0) & 0x7F) << 8) + GET_BYTE(to_send, 1); float desired_angle = (angle_raw * 0.1) - 1638.35; bool violation = 0; - int st_enabled = (to_send->RDLR & 0x400000) >> 22; + int st_enabled = GET_BYTE(to_send, 2) & 0x40; if (st_enabled == 0) { //steering is not enabled, do not check angles and do send @@ -204,10 +204,10 @@ static int tesla_fwd_hook(int bus_num, CAN_FIFOMailBox_TypeDef *to_fwd) { bus_fwd = 2; // Custom EPAS bus } if (addr == 0x101) { - to_fwd->RDLR = to_fwd->RDLR | 0x4000; // 0x4000: WITH_ANGLE, 0xC000: WITH_BOTH (angle and torque) - uint32_t checksum = (((to_fwd->RDLR & 0xFF00) >> 8) + (to_fwd->RDLR & 0xFF) + 2) & 0xFF; - to_fwd->RDLR = to_fwd->RDLR & 0xFFFF; - to_fwd->RDLR = to_fwd->RDLR + (checksum << 16); + to_fwd->RDLR = GET_BYTES_04(to_fwd) | 0x4000; // 0x4000: WITH_ANGLE, 0xC000: WITH_BOTH (angle and torque) + uint32_t checksum = (GET_BYTE(to_fwd, 1) + GET_BYTE(to_fwd, 0) + 2) & 0xFF; + to_fwd->RDLR = GET_BYTES_04(to_fwd) & 0xFFFF; + to_fwd->RDLR = GET_BYTES_04(to_fwd) + (checksum << 16); } } if (bus_num == 2) { diff --git a/board/safety/safety_toyota.h b/board/safety/safety_toyota.h index c4d57956314384..ac3184d39737b5 100644 --- a/board/safety/safety_toyota.h +++ b/board/safety/safety_toyota.h @@ -39,7 +39,7 @@ static void toyota_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { // get eps motor torque (0.66 factor in dbc) if (addr == 0x260) { - int torque_meas_new = (((to_push->RDHR) & 0xFF00) | ((to_push->RDHR >> 16) & 0xFF)); + int torque_meas_new = (GET_BYTE(to_push, 5) << 8) | GET_BYTE(to_push, 6); torque_meas_new = to_signed(torque_meas_new, 16); // scale by dbc_factor @@ -56,7 +56,7 @@ static void toyota_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { // enter controls on rising edge of ACC, exit controls on ACC off if (addr == 0x1D2) { // 5th bit is CRUISE_ACTIVE - int cruise_engaged = to_push->RDLR & 0x20; + int cruise_engaged = GET_BYTE(to_push, 0) & 0x20; if (!cruise_engaged) { controls_allowed = 0; } @@ -69,7 +69,7 @@ static void toyota_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { // exit controls on rising edge of interceptor gas press if (addr == 0x201) { gas_interceptor_detected = 1; - int gas_interceptor = ((to_push->RDLR & 0xFF) << 8) | ((to_push->RDLR & 0xFF00) >> 8); + int gas_interceptor = (GET_BYTE(to_push, 0) << 8) | GET_BYTE(to_push, 1); if ((gas_interceptor > TOYOTA_GAS_INTERCEPTOR_THRESHOLD) && (gas_interceptor_prev <= TOYOTA_GAS_INTERCEPTOR_THRESHOLD) && long_controls_allowed) { @@ -80,7 +80,7 @@ static void toyota_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { // exit controls on rising edge of gas press if (addr == 0x2C1) { - int gas = (to_push->RDHR >> 16) & 0xFF; + int gas = GET_BYTE(to_push, 6) & 0xFF; if ((gas > 0) && (toyota_gas_prev == 0) && !gas_interceptor_detected && long_controls_allowed) { controls_allowed = 0; } @@ -115,7 +115,7 @@ static int toyota_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { // GAS PEDAL: safety check if (addr == 0x200) { if (!controls_allowed || !long_controls_allowed) { - if ((to_send->RDLR & 0xFFFF0000) != to_send->RDLR) { + if (GET_BYTE(to_send, 0) || GET_BYTE(to_send, 1)) { tx = 0; } } @@ -123,7 +123,7 @@ static int toyota_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { // ACCEL: safety check on byte 1-2 if (addr == 0x343) { - int desired_accel = ((to_send->RDLR & 0xFF) << 8) | ((to_send->RDLR >> 8) & 0xFF); + int desired_accel = (GET_BYTE(to_send, 0) << 8) | GET_BYTE(to_send, 1); desired_accel = to_signed(desired_accel, 16); if (!controls_allowed || !long_controls_allowed) { if (desired_accel != 0) { @@ -138,7 +138,7 @@ static int toyota_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { // STEER: safety check on bytes 2-3 if (addr == 0x2E4) { - int desired_torque = (to_send->RDLR & 0xFF00) | ((to_send->RDLR >> 16) & 0xFF); + int desired_torque = (GET_BYTE(to_send, 1) << 8) | GET_BYTE(to_send, 2); desired_torque = to_signed(desired_torque, 16); bool violation = 0; diff --git a/board/safety/safety_toyota_ipas.h b/board/safety/safety_toyota_ipas.h index 99e6dae0587a9c..3e3a3b3a24134f 100644 --- a/board/safety/safety_toyota_ipas.h +++ b/board/safety/safety_toyota_ipas.h @@ -39,7 +39,7 @@ static void toyota_ipas_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { if (addr == 0x260) { // get driver steering torque - int16_t torque_driver_new = (((to_push->RDLR) & 0xFF00) | ((to_push->RDLR >> 16) & 0xFF)); + int16_t torque_driver_new = (GET_BYTE(to_push, 1) << 8) | GET_BYTE(to_push, 2); // update array of samples update_sample(&torque_driver, torque_driver_new); @@ -47,7 +47,7 @@ static void toyota_ipas_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { // get steer angle if (addr == 0x25) { - int angle_meas_new = ((to_push->RDLR & 0xf) << 8) + ((to_push->RDLR & 0xff00) >> 8); + int angle_meas_new = ((GET_BYTE(to_push, 0) & 0xF) << 8) | GET_BYTE(to_push, 1); uint32_t ts = TIM2->CNT; angle_meas_new = to_signed(angle_meas_new, 12); @@ -81,12 +81,12 @@ static void toyota_ipas_rx_hook(CAN_FIFOMailBox_TypeDef *to_push) { // get speed if (addr == 0xb4) { - speed = ((float) (((to_push->RDHR) & 0xFF00) | ((to_push->RDHR >> 16) & 0xFF))) * 0.01 / 3.6; + speed = ((float)((GET_BYTE(to_push, 5) << 8) | GET_BYTE(to_push, 6))) * 0.01 / 3.6; } // get ipas state if (addr == 0x262) { - ipas_state = (to_push->RDLR & 0xf); + ipas_state = GET_BYTE(to_push, 0) & 0xf; } // exit controls on high steering override @@ -111,8 +111,8 @@ static int toyota_ipas_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) { if ((addr == 0x266) || (addr == 0x167)) { angle_control = 1; // we are in angle control mode - int desired_angle = ((to_send->RDLR & 0xf) << 8) + ((to_send->RDLR & 0xff00) >> 8); - int ipas_state_cmd = ((to_send->RDLR & 0xff) >> 4); + int desired_angle = ((GET_BYTE(to_send, 0) & 0xF) << 8) | GET_BYTE(to_send, 1); + int ipas_state_cmd = GET_BYTE(to_send, 0) >> 4; bool violation = 0; desired_angle = to_signed(desired_angle, 12); diff --git a/board/safety_declarations.h b/board/safety_declarations.h index 21e863869bae54..2029a22593aa37 100644 --- a/board/safety_declarations.h +++ b/board/safety_declarations.h @@ -1,7 +1,3 @@ -#define GET_BUS(msg) (((msg)->RDTR >> 4) & 0xFF) -#define GET_LEN(msg) ((msg)->RDTR & 0xf) -#define GET_ADDR(msg) ((((msg)->RIR & 4) != 0) ? ((msg)->RIR >> 3) : ((msg)->RIR >> 21)) - // sample struct that keeps 3 samples in memory struct sample_t { int values[6]; diff --git a/board/spi_flasher.h b/board/spi_flasher.h index 44506b81888daf..aacea822cdfd3e 100644 --- a/board/spi_flasher.h +++ b/board/spi_flasher.h @@ -92,13 +92,13 @@ int usb_cb_control_msg(USB_Setup_TypeDef *setup, uint8_t *resp, bool hardwired) return resp_len; } -int usb_cb_ep1_in(uint8_t *usbdata, int len, bool hardwired) { +int usb_cb_ep1_in(void *usbdata, int len, bool hardwired) { UNUSED(usbdata); UNUSED(len); UNUSED(hardwired); return 0; } -void usb_cb_ep3_out(uint8_t *usbdata, int len, bool hardwired) { +void usb_cb_ep3_out(void *usbdata, int len, bool hardwired) { UNUSED(usbdata); UNUSED(len); UNUSED(hardwired); @@ -110,7 +110,7 @@ void usb_cb_enumeration_complete(void) { is_enumerated = 1; } -void usb_cb_ep2_out(uint8_t *usbdata, int len, bool hardwired) { +void usb_cb_ep2_out(void *usbdata, int len, bool hardwired) { UNUSED(hardwired); set_led(LED_RED, 0); for (int i = 0; i < len/4; i++) { @@ -182,8 +182,9 @@ void CAN1_RX0_IRQHandler(void) { while (CAN->RF0R & CAN_RF0R_FMP0) { if ((CAN->sFIFOMailBox[0].RIR>>21) == CAN_BL_INPUT) { uint8_t dat[8]; - ((uint32_t*)dat)[0] = CAN->sFIFOMailBox[0].RDLR; - ((uint32_t*)dat)[1] = CAN->sFIFOMailBox[0].RDHR; + for (int i = 0; i < 8; i++) { + dat[0] = GET_BYTE(&CAN->sFIFOMailBox[0], i); + } uint8_t odat[8]; uint8_t type = dat[0] & 0xF0; if (type == 0x30) { diff --git a/tests/misra/suppressions.txt b/tests/misra/suppressions.txt index 27a2cd7aaf9fe2..8e58b6e34024a4 100644 --- a/tests/misra/suppressions.txt +++ b/tests/misra/suppressions.txt @@ -2,3 +2,7 @@ misra.19.2 # FIXME: add it back when fixed in cppcheck. Macro identifiers are unique but it false triggers on defines in #ifdef..#else conditions misra.5.4 +# Advisory: casting from void pointer to type pointer is ok. Done by STM libraries as well +misra.11.4 +# Advisory: casting from void pointer to type pointer is ok. Done by STM libraries as well +misra.11.5 diff --git a/tests/misra/test_misra.sh b/tests/misra/test_misra.sh index b14bf570c3083b..4a6126781855c5 100755 --- a/tests/misra/test_misra.sh +++ b/tests/misra/test_misra.sh @@ -1,5 +1,6 @@ -#!/bin/bash +#!/bin/bash -e +mkdir /tmp/misra || true git clone https://github.com/danmar/cppcheck.git || true cd cppcheck git fetch @@ -14,16 +15,11 @@ tests/misra/cppcheck/cppcheck -DPANDA -UPEDAL -DCAN3 -DUID_BASE -DEON \ --dump --enable=all --inline-suppr --force \ board/main.c 2>/tmp/misra/cppcheck_output.txt -python tests/misra/cppcheck/addons/misra.py board/main.c.dump 2>/tmp/misra/misra_output.txt +python tests/misra/cppcheck/addons/misra.py board/main.c.dump 2> /tmp/misra/misra_output.txt -# violations in safety files -misra_output=$( cat /tmp/misra/misra_output.txt | grep safety); -cppcheck_output=$( cat /tmp/misra/cppcheck_output.txt | grep safety); -# TODO: remove safety only check when the whole panda code is MISRA compatible and replace with below # strip (information) lines -#misra_output=$(cat /tmp/misra/misra_output.txt | grep -v "(information) " || true) -#cppcheck_output=$(cat /tmp/misra/cppcheck_output.txt | grep -v "(information) " || true) - +cppcheck_output=$( cat /tmp/misra/cppcheck_output.txt | grep -v "(information) " ) || true +misra_output=$( cat /tmp/misra/misra_output.txt | grep -v "(information) " ) || true printf "\nPEDAL CODE\n" @@ -32,25 +28,26 @@ tests/misra/cppcheck/cppcheck -UPANDA -DPEDAL -UCAN3 \ -I board/ --dump --enable=all --inline-suppr --force \ board/pedal/main.c 2>/tmp/misra/cppcheck_pedal_output.txt -python tests/misra/cppcheck/addons/misra.py board/pedal/main.c.dump 2>/tmp/misra/misra_pedal_output.txt +python tests/misra/cppcheck/addons/misra.py board/pedal/main.c.dump 2> /tmp/misra/misra_pedal_output.txt || true # strip (information) lines -misra_pedal_output=$( cat /tmp/misra/misra_pedal_output.txt | grep -v "(information) ") -cppcheck_pedal_output=$( cat /tmp/misra/cppcheck_pedal_output.txt | grep -v "(information) ") +cppcheck_pedal_output=$( cat /tmp/misra/cppcheck_pedal_output.txt | grep -v "(information) " ) || true +misra_pedal_output=$( cat /tmp/misra/misra_pedal_output.txt | grep -v "(information) " ) || true if [[ -n "$misra_output" ]] || [[ -n "$cppcheck_output" ]] then - echo "Found Misra violations in the safety code:" + echo "Failed! found Misra violations in panda code:" echo "$misra_output" echo "$cppcheck_output" exit 1 fi -# TODO: enable pedal check when the whole pedal code is Misra compliant -#if [[ ! -z "$misra_pedal_output" ]] || [[ ! -z "$cppcheck_pedal_output" ]] -#then -# echo "Found Misra violations in the pedal code:" -# echo "$misra_pedal_output" -# echo "$cppcheck_pedal_output" -# exit 1 -#fi +if [[ -n "$misra_pedal_output" ]] || [[ -n "$cppcheck_pedal_output" ]] +then + echo "Failed! found Misra violations in pedal code:" + echo "$misra_pedal_output" + echo "$cppcheck_pedal_output" + exit 1 +fi + +echo "Success" diff --git a/tests/safety/libpandasafety_py.py b/tests/safety/libpandasafety_py.py index dc5e5be5afb29e..1345065cb4d103 100644 --- a/tests/safety/libpandasafety_py.py +++ b/tests/safety/libpandasafety_py.py @@ -55,7 +55,7 @@ void set_toyota_rt_torque_last(int t); void init_tests_honda(void); -int get_honda_ego_speed(void); +bool get_honda_moving(void); int get_honda_brake_prev(void); int get_honda_gas_prev(void); void set_honda_alt_brake_msg(bool); diff --git a/tests/safety/test.c b/tests/safety/test.c index be13d346afcf6b..dc3de55040b3d6 100644 --- a/tests/safety/test.c +++ b/tests/safety/test.c @@ -32,6 +32,7 @@ struct sample_t subaru_torque_driver; TIM_TypeDef timer; TIM_TypeDef *TIM2 = &timer; +// from config.h #define MIN(a,b) \ ({ __typeof__ (a) _a = (a); \ __typeof__ (b) _b = (b); \ @@ -42,6 +43,14 @@ TIM_TypeDef *TIM2 = &timer; __typeof__ (b) _b = (b); \ _a > _b ? _a : _b; }) +// from llcan.h +#define GET_BUS(msg) (((msg)->RDTR >> 4) & 0xFF) +#define GET_LEN(msg) ((msg)->RDTR & 0xf) +#define GET_ADDR(msg) ((((msg)->RIR & 4) != 0) ? ((msg)->RIR >> 3) : ((msg)->RIR >> 21)) +#define GET_BYTE(msg, b) (((int)(b) > 3) ? (((msg)->RDHR >> (8U * ((unsigned int)(b) % 4U))) & 0XFFU) : (((msg)->RDLR >> (8U * (unsigned int)(b))) & 0xFFU)) +#define GET_BYTES_04(msg) ((msg)->RDLR) +#define GET_BYTES_48(msg) ((msg)->RDHR) + #define UNUSED(x) (void)(x) #define PANDA @@ -199,8 +208,8 @@ void set_subaru_desired_torque_last(int t){ subaru_desired_torque_last = t; } -int get_honda_ego_speed(void){ - return honda_ego_speed; +bool get_honda_moving(void){ + return honda_moving; } int get_honda_brake_prev(void){ @@ -274,7 +283,7 @@ void init_tests_subaru(void){ } void init_tests_honda(void){ - honda_ego_speed = 0; + honda_moving = false; honda_brake_prev = 0; honda_gas_prev = 0; } diff --git a/tests/safety/test_honda.py b/tests/safety/test_honda.py index bc5e8d192f1712..f0562b8d4c1351 100755 --- a/tests/safety/test_honda.py +++ b/tests/safety/test_honda.py @@ -99,9 +99,9 @@ def test_cancel_button(self): self.assertFalse(self.safety.get_controls_allowed()) def test_sample_speed(self): - self.assertEqual(0, self.safety.get_honda_ego_speed()) + self.assertEqual(0, self.safety.get_honda_moving()) self.safety.safety_rx_hook(self._speed_msg(100)) - self.assertEqual(100, self.safety.get_honda_ego_speed()) + self.assertEqual(1, self.safety.get_honda_moving()) def test_prev_brake(self): self.assertFalse(self.safety.get_honda_brake_prev())