From 2771c074fbe31a61ff5fad2a59932fc4ca174727 Mon Sep 17 00:00:00 2001 From: savojovic Date: Wed, 6 Mar 2024 23:15:57 +0100 Subject: [PATCH] Enabling misra-c2012-8.4 --- SConscript | 2 +- board/boards/black.h | 4 +- board/boards/cuatro.h | 3 + board/boards/dos.h | 4 +- board/boards/grey.h | 2 + board/boards/red.h | 5 +- board/boards/red_chiplet.h | 4 +- board/boards/tres.h | 7 +- board/boards/uno.h | 4 +- board/boards/white.h | 4 +- board/can_comms.h | 4 +- board/can_definitions.h | 6 + board/critical.h | 4 +- board/drivers/bootkick.h | 18 +- board/drivers/bxcan.h | 11 +- board/drivers/can_common.h | 17 +- board/drivers/fake_siren.h | 9 +- board/drivers/fan.h | 12 +- board/drivers/fdcan.h | 13 +- board/drivers/gmlan_alt.h | 27 ++- board/drivers/harness.h | 2 +- board/drivers/interrupts.h | 16 +- board/drivers/registers.h | 2 +- board/drivers/simple_watchdog.h | 2 +- board/drivers/spi.h | 27 +-- board/drivers/uart.h | 4 +- board/drivers/usb.h | 22 ++- board/faults.h | 4 +- board/main.c | 4 +- board/main_declarations.h | 10 +- board/power_saving.h | 2 +- board/provision.h | 3 +- board/safety.h | 209 ++++++++++++++++++---- board/safety/safety_body.h | 21 +-- board/safety/safety_chrysler.h | 189 ++++++++++---------- board/safety/safety_defaults.h | 18 +- board/safety/safety_elm327.h | 9 +- board/safety/safety_ford.h | 147 ++++++++-------- board/safety/safety_gm.h | 114 ++++++------ board/safety/safety_honda.h | 146 ++++++++-------- board/safety/safety_hyundai.h | 105 +++++------- board/safety/safety_hyundai_canfd.h | 219 ++++++++++++------------ board/safety/safety_hyundai_common.h | 26 +-- board/safety/safety_mazda.h | 47 +++-- board/safety/safety_nissan.h | 87 +++++----- board/safety/safety_subaru.h | 90 +++++----- board/safety/safety_subaru_preglobal.h | 51 +++--- board/safety/safety_tesla.h | 134 +++++++-------- board/safety/safety_toyota.h | 183 ++++++++++---------- board/safety/safety_volkswagen_common.h | 4 +- board/safety/safety_volkswagen_mqb.h | 86 +++++----- board/safety/safety_volkswagen_pq.h | 77 ++++----- board/safety_declarations.h | 4 +- board/stm32fx/llbxcan.h | 3 + board/stm32fx/llusb.h | 2 + board/stm32h7/llfdcan.h | 5 +- board/stm32h7/llusb.h | 2 +- tests/misra/suppressions.txt | 1 - 58 files changed, 1162 insertions(+), 1075 deletions(-) diff --git a/SConscript b/SConscript index 357daba954..2d6206b70c 100644 --- a/SConscript +++ b/SConscript @@ -167,7 +167,7 @@ Export('base_project_f4', 'base_project_h7', 'build_project') # Common autogenerated includes with open("board/obj/gitversion.h", "w") as f: - f.write(f'const uint8_t gitversion[] = "{get_version(BUILDER, BUILD_TYPE)}";\n') + f.write(f'const uint8_t gitversion[] = "{get_version(BUILDER, BUILD_TYPE)}"; // cppcheck-suppress misra-c2012-8.4\n') with open("board/obj/version", "w") as f: f.write(f'{get_version(BUILDER, BUILD_TYPE)}') diff --git a/board/boards/black.h b/board/boards/black.h index ea636334d2..ab47367b41 100644 --- a/board/boards/black.h +++ b/board/boards/black.h @@ -148,7 +148,7 @@ void black_init_bootloader(void) { set_gpio_output(GPIOC, 12, 0); } -const harness_configuration black_harness_config = { +static const harness_configuration black_harness_config = { .has_harness = true, .GPIO_SBU1 = GPIOC, .GPIO_SBU2 = GPIOC, @@ -162,6 +162,8 @@ const harness_configuration black_harness_config = { .adc_channel_SBU2 = 13 }; +// Unable to use extern becaouse of a composite struct dos_harness_config +// cppcheck-suppress misra-c2012-8.4 const board board_black = { .set_bootkick = unused_set_bootkick, .harness_config = &black_harness_config, diff --git a/board/boards/cuatro.h b/board/boards/cuatro.h index b8cd3d035a..6a4feca9d7 100644 --- a/board/boards/cuatro.h +++ b/board/boards/cuatro.h @@ -103,6 +103,9 @@ void cuatro_init(void) { clock_source_init(); } +// To be able to use extern and separate declaration +// all of the functions should have separated declaration from implementation +// cppcheck-suppress misra-c2012-8.4 const board board_cuatro = { .harness_config = &red_chiplet_harness_config, .has_obd = true, diff --git a/board/boards/dos.h b/board/boards/dos.h index 428bbf2a5e..b02a449379 100644 --- a/board/boards/dos.h +++ b/board/boards/dos.h @@ -173,7 +173,7 @@ void dos_init(void) { clock_source_init(); } -const harness_configuration dos_harness_config = { +static const harness_configuration dos_harness_config = { .has_harness = true, .GPIO_SBU1 = GPIOC, .GPIO_SBU2 = GPIOC, @@ -187,6 +187,8 @@ const harness_configuration dos_harness_config = { .adc_channel_SBU2 = 13 }; +// Unable to use extern becaouse of a composite struct dos_harness_config +// cppcheck-suppress misra-c2012-8.4 const board board_dos = { .harness_config = &dos_harness_config, .has_obd = true, diff --git a/board/boards/grey.h b/board/boards/grey.h index 8b3bd8aed5..4149407a2e 100644 --- a/board/boards/grey.h +++ b/board/boards/grey.h @@ -4,6 +4,8 @@ // Most hardware functionality is similar to white panda +// If used extern and struct implemented in board.h purpose of this file vanishes +// cppcheck-suppress misra-c2012-8.4 const board board_grey = { .set_bootkick = unused_set_bootkick, .harness_config = &white_harness_config, diff --git a/board/boards/red.h b/board/boards/red.h index aa8c91be79..3972f21950 100644 --- a/board/boards/red.h +++ b/board/boards/red.h @@ -160,7 +160,7 @@ void red_init(void) { } } -const harness_configuration red_harness_config = { +static const harness_configuration red_harness_config = { .has_harness = true, .GPIO_SBU1 = GPIOC, .GPIO_SBU2 = GPIOA, @@ -174,6 +174,9 @@ const harness_configuration red_harness_config = { .adc_channel_SBU2 = 17 //ADC1_INP17 }; +// To be able to use extern and separate declaration +// all of the functions should have separated declaration from implementation +// cppcheck-suppress misra-c2012-8.4 const board board_red = { .set_bootkick = unused_set_bootkick, .harness_config = &red_harness_config, diff --git a/board/boards/red_chiplet.h b/board/boards/red_chiplet.h index eec3d95cdf..c0a77e6408 100644 --- a/board/boards/red_chiplet.h +++ b/board/boards/red_chiplet.h @@ -138,7 +138,9 @@ void red_chiplet_init(void) { can_flip_buses(0, 2); } } - +// Extern should be used for declaration, but at the current moment there is no appropriate place for +// the implementation +// cppcheck-suppress misra-c2012-8.4 const harness_configuration red_chiplet_harness_config = { .has_harness = true, .GPIO_SBU1 = GPIOC, diff --git a/board/boards/tres.h b/board/boards/tres.h index 959c93b5d2..caed1ea175 100644 --- a/board/boards/tres.h +++ b/board/boards/tres.h @@ -2,8 +2,8 @@ // Tres (STM32H7) + Harness // // /////////////////////////// -bool tres_ir_enabled; -bool tres_fan_enabled; +static bool tres_ir_enabled; +static bool tres_fan_enabled; void tres_update_fan_ir_power(void) { red_chiplet_set_fan_or_usb_load_switch(tres_ir_enabled || tres_fan_enabled); } @@ -70,6 +70,9 @@ void tres_init(void) { clock_source_init(); } +// To be able to use extern and separate declaration +// all of the functions should have separated declaration from implementation +// cppcheck-suppress misra-c2012-8.4 const board board_tres = { .harness_config = &red_chiplet_harness_config, .has_obd = true, diff --git a/board/boards/uno.h b/board/boards/uno.h index f4e2016bd1..a421195d7f 100644 --- a/board/boards/uno.h +++ b/board/boards/uno.h @@ -184,7 +184,7 @@ void uno_init_bootloader(void) { set_gpio_output(GPIOC, 12, 0); } -const harness_configuration uno_harness_config = { +static const harness_configuration uno_harness_config = { .has_harness = true, .GPIO_SBU1 = GPIOC, .GPIO_SBU2 = GPIOC, @@ -198,6 +198,8 @@ const harness_configuration uno_harness_config = { .adc_channel_SBU2 = 13 }; +// Unable to use extern becaouse of a composite struct uno_harness_config +// cppcheck-suppress misra-c2012-8.4 const board board_uno = { .harness_config = &uno_harness_config, .has_obd = true, diff --git a/board/boards/white.h b/board/boards/white.h index 0de29a39be..809219520a 100644 --- a/board/boards/white.h +++ b/board/boards/white.h @@ -221,10 +221,12 @@ void white_grey_init_bootloader(void) { set_gpio_output(GPIOC, 14, 0); } -const harness_configuration white_harness_config = { +static const harness_configuration white_harness_config = { .has_harness = false }; +// Unable to use extern because of composite struct white_harness_config +// cppcheck-suppress misra-c2012-8.4 const board board_white = { .set_bootkick = unused_set_bootkick, .harness_config = &white_harness_config, diff --git a/board/can_comms.h b/board/can_comms.h index 56ca912f8e..493cee856f 100644 --- a/board/can_comms.h +++ b/board/can_comms.h @@ -18,7 +18,7 @@ typedef struct { uint8_t data[72]; } asm_buffer; -asm_buffer can_read_buffer = {.ptr = 0U, .tail_size = 0U}; +static asm_buffer can_read_buffer = {.ptr = 0U, .tail_size = 0U}; int comms_can_read(uint8_t *data, uint32_t max_len) { uint32_t pos = 0U; @@ -53,7 +53,7 @@ int comms_can_read(uint8_t *data, uint32_t max_len) { return pos; } -asm_buffer can_write_buffer = {.ptr = 0U, .tail_size = 0U}; +static asm_buffer can_write_buffer = {.ptr = 0U, .tail_size = 0U}; // send on CAN void comms_can_write(const uint8_t *data, uint32_t len) { diff --git a/board/can_definitions.h b/board/can_definitions.h index b3631d8071..1628b615d3 100644 --- a/board/can_definitions.h +++ b/board/can_definitions.h @@ -1,6 +1,10 @@ #pragma once +// Unable to use extern, because of initialization +// cppcheck-suppress misra-c2012-8.4 const uint8_t PANDA_CAN_CNT = 3U; +// Unable to use extern, because of initialization +// cppcheck-suppress misra-c2012-8.4 const uint8_t PANDA_BUS_CNT = 4U; // bump this when changing the CAN packet @@ -27,6 +31,8 @@ typedef struct { unsigned char data[CANPACKET_DATA_SIZE_MAX]; } __attribute__((packed, aligned(4))) CANPacket_t; +// Unable to use extern, because of initialization +// cppcheck-suppress misra-c2012-8.4 const unsigned char dlc_to_len[] = {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 12U, 16U, 20U, 24U, 32U, 48U, 64U}; #define GET_BUS(msg) ((msg)->bus) diff --git a/board/critical.h b/board/critical.h index c8cf52c7a1..c9a4e10ea1 100644 --- a/board/critical.h +++ b/board/critical.h @@ -1,5 +1,5 @@ // ********************* Critical section helpers ********************* -volatile bool interrupts_enabled = false; +static volatile bool interrupts_enabled = false; void enable_interrupts(void) { interrupts_enabled = true; @@ -11,6 +11,8 @@ void disable_interrupts(void) { __disable_irq(); } +// Used across multiple files, unable to use extern +// cppcheck-suppress misra-c2012-8.4 uint8_t global_critical_depth = 0U; #define ENTER_CRITICAL() \ __disable_irq(); \ diff --git a/board/drivers/bootkick.h b/board/drivers/bootkick.h index acae3616af..3a6fb744ac 100644 --- a/board/drivers/bootkick.h +++ b/board/drivers/bootkick.h @@ -1,13 +1,14 @@ -bool bootkick_ign_prev = false; -BootState boot_state = BOOT_BOOTKICK; -uint8_t bootkick_harness_status_prev = HARNESS_STATUS_NC; - -uint8_t boot_reset_countdown = 0; -uint8_t waiting_to_boot_countdown = 0; +// Unable to use extern keyword at initialization +// cppcheck-suppress misra-c2012-8.4 bool bootkick_reset_triggered = false; -uint16_t bootkick_last_serial_ptr = 0; void bootkick_tick(bool ignition, bool recent_heartbeat) { + static bool bootkick_ign_prev = false; + static uint8_t bootkick_harness_status_prev = HARNESS_STATUS_NC; + static BootState boot_state = BOOT_BOOTKICK; + static uint8_t boot_reset_countdown = 0; + static uint8_t waiting_to_boot_countdown = 0; + uint16_t bootkick_last_serial_ptr = 0; BootState boot_state_prev = boot_state; const bool harness_inserted = (harness.status != bootkick_harness_status_prev) && (harness.status != HARNESS_STATUS_NC); @@ -56,6 +57,9 @@ void bootkick_tick(bool ignition, bool recent_heartbeat) { // update state bootkick_ign_prev = ignition; bootkick_harness_status_prev = harness.status; + + // misra-c2012-8.4 exposed this assignment + // cppcheck-suppress unreadVariable bootkick_last_serial_ptr = uart_ring_som_debug.w_ptr_tx; if (waiting_to_boot_countdown > 0U) { waiting_to_boot_countdown--; diff --git a/board/drivers/bxcan.h b/board/drivers/bxcan.h index ea2705d9d0..c94b320ccd 100644 --- a/board/drivers/bxcan.h +++ b/board/drivers/bxcan.h @@ -2,12 +2,8 @@ // CAN2_TX, CAN2_RX0, CAN2_SCE // CAN3_TX, CAN3_RX0, CAN3_SCE +// cppcheck-suppress misra-c2012-8.4 CAN_TypeDef *cans[] = {CAN1, CAN2, CAN3}; -uint8_t can_irq_number[3][3] = { - { CAN1_TX_IRQn, CAN1_RX0_IRQn, CAN1_SCE_IRQn }, - { CAN2_TX_IRQn, CAN2_RX0_IRQn, CAN2_SCE_IRQn }, - { CAN3_TX_IRQn, CAN3_RX0_IRQn, CAN3_SCE_IRQn }, -}; bool can_set_speed(uint8_t can_number) { bool ret = true; @@ -24,6 +20,11 @@ bool can_set_speed(uint8_t can_number) { } void update_can_health_pkt(uint8_t can_number, uint32_t ir_reg) { + uint8_t can_irq_number[3][3] = { + { CAN1_TX_IRQn, CAN1_RX0_IRQn, CAN1_SCE_IRQn }, + { CAN2_TX_IRQn, CAN2_RX0_IRQn, CAN2_SCE_IRQn }, + { CAN3_TX_IRQn, CAN3_RX0_IRQn, CAN3_SCE_IRQn }, + }; CAN_TypeDef *CANx = CANIF_FROM_CAN_NUM(can_number); uint32_t esr_reg = CANx->ESR; diff --git a/board/drivers/can_common.h b/board/drivers/can_common.h index bc9adde7ce..cb149f1dab 100644 --- a/board/drivers/can_common.h +++ b/board/drivers/can_common.h @@ -16,13 +16,17 @@ typedef struct { bool canfd_non_iso; } bus_config_t; +// cppcheck-suppress-begin misra-c2012-8.4 uint32_t safety_tx_blocked = 0; uint32_t safety_rx_invalid = 0; uint32_t tx_buffer_overflow = 0; uint32_t rx_buffer_overflow = 0; uint32_t gmlan_send_errs = 0; - can_health_t can_health[] = {{0}, {0}, {0}}; +// Ignition detected from CAN meessages +bool ignition_can = false; +uint32_t ignition_can_cnt = 0U; +// cppcheck-suppress-end misra-c2012-8.4 extern int can_live; extern int pending_can_live; @@ -31,10 +35,6 @@ extern int pending_can_live; extern int can_silent; extern bool can_loopback; -// Ignition detected from CAN meessages -bool ignition_can = false; -uint32_t ignition_can_cnt = 0U; - #define ALL_CAN_SILENT 0xFF #define ALL_CAN_LIVE 0 @@ -56,6 +56,8 @@ void process_can(uint8_t can_number); #define CAN_TX_BUFFER_SIZE 416U #define GMLAN_TX_BUFFER_SIZE 416U +// It is not practical to implement changes to comply with misra, because of initialization of buffers +// cppcheck-suppress-begin misra-c2012-8.4 #ifdef STM32H7 // ITCM RAM and DTCM RAM are the fastest for Cortex-M7 core access __attribute__((section(".axisram"))) can_buffer(rx_q, CAN_RX_BUFFER_SIZE) @@ -68,8 +70,11 @@ can_buffer(tx2_q, CAN_TX_BUFFER_SIZE) #endif can_buffer(tx3_q, CAN_TX_BUFFER_SIZE) can_buffer(txgmlan_q, GMLAN_TX_BUFFER_SIZE) +// cppcheck-suppress-end misra-c2012-8.4 + // FIXME: // cppcheck-suppress misra-c2012-9.3 +// cppcheck-suppress misra-c2012-8.4 can_ring *can_queues[] = {&can_tx1_q, &can_tx2_q, &can_tx3_q, &can_txgmlan_q}; // helpers @@ -167,7 +172,7 @@ void can_clear(can_ring *q) { // Helpers // Panda: Bus 0=CAN1 Bus 1=CAN2 Bus 2=CAN3 -bus_config_t bus_config[] = { +static bus_config_t bus_config[] = { { .bus_lookup = 0U, .can_num_lookup = 0U, .forwarding_bus = -1, .can_speed = 5000U, .can_data_speed = 20000U, .canfd_enabled = false, .brs_enabled = false, .canfd_non_iso = false }, { .bus_lookup = 1U, .can_num_lookup = 1U, .forwarding_bus = -1, .can_speed = 5000U, .can_data_speed = 20000U, .canfd_enabled = false, .brs_enabled = false, .canfd_non_iso = false }, { .bus_lookup = 2U, .can_num_lookup = 2U, .forwarding_bus = -1, .can_speed = 5000U, .can_data_speed = 20000U, .canfd_enabled = false, .brs_enabled = false, .canfd_non_iso = false }, diff --git a/board/drivers/fake_siren.h b/board/drivers/fake_siren.h index 38c87deb0c..1cb9cda0b6 100644 --- a/board/drivers/fake_siren.h +++ b/board/drivers/fake_siren.h @@ -2,11 +2,6 @@ #define CODEC_I2C_ADDR 0x10 -// 1Vpp sine wave with 1V offset -const uint8_t fake_siren_lut[360] = { 134U, 135U, 137U, 138U, 139U, 140U, 141U, 143U, 144U, 145U, 146U, 148U, 149U, 150U, 151U, 152U, 154U, 155U, 156U, 157U, 158U, 159U, 160U, 162U, 163U, 164U, 165U, 166U, 167U, 168U, 169U, 170U, 171U, 172U, 174U, 175U, 176U, 177U, 177U, 178U, 179U, 180U, 181U, 182U, 183U, 184U, 185U, 186U, 186U, 187U, 188U, 189U, 190U, 190U, 191U, 192U, 193U, 193U, 194U, 195U, 195U, 196U, 196U, 197U, 197U, 198U, 199U, 199U, 199U, 200U, 200U, 201U, 201U, 202U, 202U, 202U, 203U, 203U, 203U, 203U, 204U, 204U, 204U, 204U, 204U, 204U, 204U, 205U, 205U, 205U, 205U, 205U, 205U, 205U, 204U, 204U, 204U, 204U, 204U, 204U, 204U, 203U, 203U, 203U, 203U, 202U, 202U, 202U, 201U, 201U, 200U, 200U, 199U, 199U, 199U, 198U, 197U, 197U, 196U, 196U, 195U, 195U, 194U, 193U, 193U, 192U, 191U, 190U, 190U, 189U, 188U, 187U, 186U, 186U, 185U, 184U, 183U, 182U, 181U, 180U, 179U, 178U, 177U, 177U, 176U, 175U, 174U, 172U, 171U, 170U, 169U, 168U, 167U, 166U, 165U, 164U, 163U, 162U, 160U, 159U, 158U, 157U, 156U, 155U, 154U, 152U, 151U, 150U, 149U, 148U, 146U, 145U, 144U, 143U, 141U, 140U, 139U, 138U, 137U, 135U, 134U, 133U, 132U, 130U, 129U, 128U, 127U, 125U, 124U, 123U, 122U, 121U, 119U, 118U, 117U, 116U, 115U, 113U, 112U, 111U, 110U, 109U, 108U, 106U, 105U, 104U, 103U, 102U, 101U, 100U, 99U, 98U, 97U, 96U, 95U, 94U, 93U, 92U, 91U, 90U, 89U, 88U, 87U, 86U, 85U, 84U, 83U, 82U, 82U, 81U, 80U, 79U, 78U, 78U, 77U, 76U, 76U, 75U, 74U, 74U, 73U, 72U, 72U, 71U, 71U, 70U, 70U, 69U, 69U, 68U, 68U, 67U, 67U, 67U, 66U, 66U, 66U, 65U, 65U, 65U, 65U, 64U, 64U, 64U, 64U, 64U, 64U, 64U, 64U, 64U, 63U, 64U, 64U, 64U, 64U, 64U, 64U, 64U, 64U, 64U, 65U, 65U, 65U, 65U, 66U, 66U, 66U, 67U, 67U, 67U, 68U, 68U, 69U, 69U, 70U, 70U, 71U, 71U, 72U, 72U, 73U, 74U, 74U, 75U, 76U, 76U, 77U, 78U, 78U, 79U, 80U, 81U, 82U, 82U, 83U, 84U, 85U, 86U, 87U, 88U, 89U, 90U, 91U, 92U, 93U, 94U, 95U, 96U, 97U, 98U, 99U, 100U, 101U, 102U, 103U, 104U, 105U, 106U, 108U, 109U, 110U, 111U, 112U, 113U, 115U, 116U, 117U, 118U, 119U, 121U, 122U, 123U, 124U, 125U, 127U, 128U, 129U, 130U, 132U, 133U }; - -bool fake_siren_enabled = false; - void fake_siren_codec_enable(bool enabled) { if (enabled) { bool success = true; @@ -33,6 +28,7 @@ void fake_siren_codec_enable(bool enabled) { void fake_siren_set(bool enabled) { + static bool fake_siren_enabled = false; if (enabled != fake_siren_enabled) { fake_siren_codec_enable(enabled); } @@ -46,6 +42,9 @@ void fake_siren_set(bool enabled) { } void fake_siren_init(void) { + // 1Vpp sine wave with 1V offset + const uint8_t fake_siren_lut[360] = { 134U, 135U, 137U, 138U, 139U, 140U, 141U, 143U, 144U, 145U, 146U, 148U, 149U, 150U, 151U, 152U, 154U, 155U, 156U, 157U, 158U, 159U, 160U, 162U, 163U, 164U, 165U, 166U, 167U, 168U, 169U, 170U, 171U, 172U, 174U, 175U, 176U, 177U, 177U, 178U, 179U, 180U, 181U, 182U, 183U, 184U, 185U, 186U, 186U, 187U, 188U, 189U, 190U, 190U, 191U, 192U, 193U, 193U, 194U, 195U, 195U, 196U, 196U, 197U, 197U, 198U, 199U, 199U, 199U, 200U, 200U, 201U, 201U, 202U, 202U, 202U, 203U, 203U, 203U, 203U, 204U, 204U, 204U, 204U, 204U, 204U, 204U, 205U, 205U, 205U, 205U, 205U, 205U, 205U, 204U, 204U, 204U, 204U, 204U, 204U, 204U, 203U, 203U, 203U, 203U, 202U, 202U, 202U, 201U, 201U, 200U, 200U, 199U, 199U, 199U, 198U, 197U, 197U, 196U, 196U, 195U, 195U, 194U, 193U, 193U, 192U, 191U, 190U, 190U, 189U, 188U, 187U, 186U, 186U, 185U, 184U, 183U, 182U, 181U, 180U, 179U, 178U, 177U, 177U, 176U, 175U, 174U, 172U, 171U, 170U, 169U, 168U, 167U, 166U, 165U, 164U, 163U, 162U, 160U, 159U, 158U, 157U, 156U, 155U, 154U, 152U, 151U, 150U, 149U, 148U, 146U, 145U, 144U, 143U, 141U, 140U, 139U, 138U, 137U, 135U, 134U, 133U, 132U, 130U, 129U, 128U, 127U, 125U, 124U, 123U, 122U, 121U, 119U, 118U, 117U, 116U, 115U, 113U, 112U, 111U, 110U, 109U, 108U, 106U, 105U, 104U, 103U, 102U, 101U, 100U, 99U, 98U, 97U, 96U, 95U, 94U, 93U, 92U, 91U, 90U, 89U, 88U, 87U, 86U, 85U, 84U, 83U, 82U, 82U, 81U, 80U, 79U, 78U, 78U, 77U, 76U, 76U, 75U, 74U, 74U, 73U, 72U, 72U, 71U, 71U, 70U, 70U, 69U, 69U, 68U, 68U, 67U, 67U, 67U, 66U, 66U, 66U, 65U, 65U, 65U, 65U, 64U, 64U, 64U, 64U, 64U, 64U, 64U, 64U, 64U, 63U, 64U, 64U, 64U, 64U, 64U, 64U, 64U, 64U, 64U, 65U, 65U, 65U, 65U, 66U, 66U, 66U, 67U, 67U, 67U, 68U, 68U, 69U, 69U, 70U, 70U, 71U, 71U, 72U, 72U, 73U, 74U, 74U, 75U, 76U, 76U, 77U, 78U, 78U, 79U, 80U, 81U, 82U, 82U, 83U, 84U, 85U, 86U, 87U, 88U, 89U, 90U, 91U, 92U, 93U, 94U, 95U, 96U, 97U, 98U, 99U, 100U, 101U, 102U, 103U, 104U, 105U, 106U, 108U, 109U, 110U, 111U, 112U, 113U, 115U, 116U, 117U, 118U, 119U, 121U, 122U, 123U, 124U, 125U, 127U, 128U, 129U, 130U, 132U, 133U }; + // Init DAC register_set(&DAC1->MCR, 0U, 0xFFFFFFFFU); register_set(&DAC1->CR, DAC_CR_TEN1 | (6U << DAC_CR_TSEL1_Pos) | DAC_CR_DMAEN1, 0xFFFFFFFFU); diff --git a/board/drivers/fan.h b/board/drivers/fan.h index 15296079ae..5125c4d3fb 100644 --- a/board/drivers/fan.h +++ b/board/drivers/fan.h @@ -8,14 +8,12 @@ struct fan_state_t { uint8_t stall_threshold; uint8_t total_stall_count; uint8_t cooldown_counter; -} fan_state_t; -struct fan_state_t fan_state; +}; +static struct fan_state_t fan_state; -const float FAN_I = 0.001f; -const uint8_t FAN_TICK_FREQ = 8U; -const uint8_t FAN_STALL_THRESHOLD_MIN = 3U; -const uint8_t FAN_STALL_THRESHOLD_MAX = 8U; +static const uint8_t FAN_TICK_FREQ = 8U; +static const uint8_t FAN_STALL_THRESHOLD_MIN = 3U; void fan_set_power(uint8_t percentage) { @@ -31,6 +29,8 @@ void fan_init(void) { // Call this at FAN_TICK_FREQ void fan_tick(void) { + const float FAN_I = 0.001f; + const uint8_t FAN_STALL_THRESHOLD_MAX = 8U; if (current_board->fan_max_rpm > 0U) { // Measure fan RPM uint16_t fan_rpm_fast = fan_state.tach_counter * (60U * FAN_TICK_FREQ / 4U); // 4 interrupts per rotation diff --git a/board/drivers/fdcan.h b/board/drivers/fdcan.h index 9e2e0df7f0..57e12988a8 100644 --- a/board/drivers/fdcan.h +++ b/board/drivers/fdcan.h @@ -9,14 +9,10 @@ typedef struct { volatile uint32_t data_word[CANPACKET_DATA_SIZE_MAX/4U]; } canfd_fifo; +// Unable to use extern keyword along initialization +// cppcheck-suppress misra-c2012-8.4 FDCAN_GlobalTypeDef *cans[] = {FDCAN1, FDCAN2, FDCAN3}; -uint8_t can_irq_number[3][2] = { - { FDCAN1_IT0_IRQn, FDCAN1_IT1_IRQn }, - { FDCAN2_IT0_IRQn, FDCAN2_IT1_IRQn }, - { FDCAN3_IT0_IRQn, FDCAN3_IT1_IRQn }, -}; - #define CAN_ACK_ERROR 3U bool can_set_speed(uint8_t can_number) { @@ -36,6 +32,11 @@ bool can_set_speed(uint8_t can_number) { } void update_can_health_pkt(uint8_t can_number, uint32_t ir_reg) { + uint8_t can_irq_number[3][2] = { + { FDCAN1_IT0_IRQn, FDCAN1_IT1_IRQn }, + { FDCAN2_IT0_IRQn, FDCAN2_IT1_IRQn }, + { FDCAN3_IT0_IRQn, FDCAN3_IT1_IRQn }, + }; FDCAN_GlobalTypeDef *FDCANx = CANIF_FROM_CAN_NUM(can_number); uint32_t psr_reg = FDCANx->PSR; uint32_t ecr_reg = FDCANx->ECR; diff --git a/board/drivers/gmlan_alt.h b/board/drivers/gmlan_alt.h index 2dbc381bd2..e6696611c4 100644 --- a/board/drivers/gmlan_alt.h +++ b/board/drivers/gmlan_alt.h @@ -9,7 +9,7 @@ #define MAX_BITS_CAN_PACKET (200) -int gmlan_alt_mode = DISABLED; +static int gmlan_alt_mode = DISABLED; // returns out_len int do_bitstuff(char *out, const char *in, int in_len) { @@ -140,12 +140,6 @@ void setup_timer(void) { TIM12->SR = 0; } -int gmlan_timeout_counter = GMLAN_TICKS_PER_TIMEOUT_TICKLE; //GMLAN transceiver times out every 17ms held high; tickle every 15ms -int can_timeout_counter = GMLAN_TICKS_PER_SECOND; //1 second - -int inverted_bit_to_send = GMLAN_HIGH; -int gmlan_switch_below_timeout = -1; -int gmlan_switch_timeout_enable = 0; void set_bitbanged_gmlan(int val) { if (val != 0) { @@ -155,17 +149,22 @@ void set_bitbanged_gmlan(int val) { } } -char pkt_stuffed[MAX_BITS_CAN_PACKET]; -int gmlan_sending = -1; -int gmlan_sendmax = -1; -bool gmlan_send_ok = true; +static char pkt_stuffed[MAX_BITS_CAN_PACKET]; +static int gmlan_sending = -1; +static int gmlan_sendmax = -1; +static bool gmlan_send_ok = true; -int gmlan_silent_count = 0; -int gmlan_fail_count = 0; +static int gmlan_silent_count = 0; +static int gmlan_fail_count = 0; #define REQUIRED_SILENT_TIME 10 #define MAX_FAIL_COUNT 10 void TIM12_IRQ_Handler(void) { + static int gmlan_timeout_counter = GMLAN_TICKS_PER_TIMEOUT_TICKLE; //GMLAN transceiver times out every 17ms held high; tickle every 15ms + static int gmlan_switch_below_timeout = -1; + static int gmlan_switch_timeout_enable = 0; + static int inverted_bit_to_send = GMLAN_HIGH; + static int can_timeout_counter = GMLAN_TICKS_PER_SECOND; //1 second if (gmlan_alt_mode == BITBANG) { if ((TIM12->SR & TIM_SR_UIF) && (gmlan_sendmax != -1)) { int read = get_gpio_input(GPIOB, 12); @@ -216,7 +215,7 @@ void TIM12_IRQ_Handler(void) { } } else if (gmlan_alt_mode == GPIO_SWITCH) { if ((TIM12->SR & TIM_SR_UIF) && (gmlan_switch_below_timeout != -1)) { - if ((can_timeout_counter == 0) && gmlan_switch_timeout_enable) { + if ((can_timeout_counter == 0) && gmlan_switch_timeout_enable) { // cppcheck-suppress knownConditionTrueFalse //it has been more than 1 second since timeout was reset; disable timer and restore the GMLAN output set_gpio_output(GPIOB, 13, GMLAN_LOW); gmlan_switch_below_timeout = -1; diff --git a/board/drivers/harness.h b/board/drivers/harness.h index 60f99fc85c..d019d4b48a 100644 --- a/board/drivers/harness.h +++ b/board/drivers/harness.h @@ -9,7 +9,7 @@ struct harness_t { bool relay_driven; bool sbu_adc_lock; }; -struct harness_t harness; +static struct harness_t harness; struct harness_configuration { const bool has_harness; diff --git a/board/drivers/interrupts.h b/board/drivers/interrupts.h index d4c72be1df..ecd72a2824 100644 --- a/board/drivers/interrupts.h +++ b/board/drivers/interrupts.h @@ -16,7 +16,7 @@ void unused_interrupt_handler(void) { fault_occurred(FAULT_UNUSED_INTERRUPT_HANDLED); } -interrupt interrupts[NUM_INTERRUPTS]; +static interrupt interrupts[NUM_INTERRUPTS]; #define REGISTER_INTERRUPT(irq_num, func_ptr, call_rate_max, rate_fault) \ interrupts[irq_num].irq_type = (irq_num); \ @@ -26,15 +26,19 @@ interrupt interrupts[NUM_INTERRUPTS]; interrupts[irq_num].max_call_rate = (call_rate_max); \ interrupts[irq_num].call_rate_fault = (rate_fault); -bool check_interrupt_rate = false; -uint8_t interrupt_depth = 0U; -uint32_t last_time = 0U; -uint32_t idle_time = 0U; -uint32_t busy_time = 0U; +static bool check_interrupt_rate = false; + +static uint32_t idle_time = 0U; +static uint32_t busy_time = 0U; + +// decalred and initialized, unable to use extern +// cppcheck-suppress misra-c2012-8.4 float interrupt_load = 0.0f; void handle_interrupt(IRQn_Type irq_type){ + static uint32_t last_time = 0U; + static uint8_t interrupt_depth = 0U; ENTER_CRITICAL(); if (interrupt_depth == 0U) { uint32_t time = microsecond_timer_get(); diff --git a/board/drivers/registers.h b/board/drivers/registers.h index a5f8b0280c..40c0f13a38 100644 --- a/board/drivers/registers.h +++ b/board/drivers/registers.h @@ -10,7 +10,7 @@ typedef struct reg { #define HASHING_PRIME 23U #define CHECK_COLLISION(hash, addr) (((uint32_t) register_map[hash].address != 0U) && (register_map[hash].address != (addr))) -reg register_map[REGISTER_MAP_SIZE]; +static reg register_map[REGISTER_MAP_SIZE]; // Hash spread in first and second iterations seems to be reasonable. // See: tests/development/register_hashmap_spread.py diff --git a/board/drivers/simple_watchdog.h b/board/drivers/simple_watchdog.h index fe0c856afc..7f4aa5b3b9 100644 --- a/board/drivers/simple_watchdog.h +++ b/board/drivers/simple_watchdog.h @@ -4,7 +4,7 @@ typedef struct simple_watchdog_state_t { uint32_t threshold; } simple_watchdog_state_t; -simple_watchdog_state_t wd_state; +static simple_watchdog_state_t wd_state; void simple_watchdog_kick(void) { diff --git a/board/drivers/spi.h b/board/drivers/spi.h index 1a7b9be590..038f22daa7 100644 --- a/board/drivers/spi.h +++ b/board/drivers/spi.h @@ -8,16 +8,19 @@ // in a tight loop, plus some buffer #define SPI_IRQ_RATE 16000U +// spi_buf_tx should be declared at function scope, but the block can not be put in the scope bcs of spi_buf_rx +// cppcheck-suppress-begin misra-c2012-8.9 #ifdef STM32H7 #define SPI_BUF_SIZE 2048U // H7 DMA2 located in D2 domain, so we need to use SRAM1/SRAM2 -__attribute__((section(".sram12"))) uint8_t spi_buf_rx[SPI_BUF_SIZE]; -__attribute__((section(".sram12"))) uint8_t spi_buf_tx[SPI_BUF_SIZE]; +static __attribute__((section(".sram12"))) uint8_t spi_buf_rx[SPI_BUF_SIZE]; +static __attribute__((section(".sram12"))) uint8_t spi_buf_tx[SPI_BUF_SIZE]; #else #define SPI_BUF_SIZE 1024U -uint8_t spi_buf_rx[SPI_BUF_SIZE]; -uint8_t spi_buf_tx[SPI_BUF_SIZE]; +static uint8_t spi_buf_rx[SPI_BUF_SIZE]; +static uint8_t spi_buf_tx[SPI_BUF_SIZE]; #endif +// cppcheck-suppress-end misra-c2012-8.9 #define SPI_CHECKSUM_START 0xABU #define SPI_SYNC_BYTE 0x5AU @@ -35,15 +38,17 @@ enum { SPI_STATE_DATA_TX }; +// Variables used in other files, unable to use extern with present initialization +// cppcheck-suppress-begin misra-c2012-8.4 bool spi_tx_dma_done = false; -uint8_t spi_state = SPI_STATE_HEADER; -uint8_t spi_endpoint; -uint16_t spi_data_len_mosi; -uint16_t spi_data_len_miso; uint16_t spi_checksum_error_count = 0; -bool spi_can_tx_ready = false; +// cppcheck-suppress-end misra-c2012-8.4 -const char version_text[] = "VERSION"; +static uint8_t spi_state = SPI_STATE_HEADER; +static uint16_t spi_data_len_mosi; +static bool spi_can_tx_ready = false; + +static const char version_text[] = "VERSION"; #define SPI_HEADER_SIZE 7U @@ -121,6 +126,8 @@ bool validate_checksum(const uint8_t *data, uint16_t len) { } void spi_rx_done(void) { + static uint8_t spi_endpoint; + static uint16_t spi_data_len_miso; uint16_t response_len = 0U; uint8_t next_rx_state = SPI_STATE_HEADER_NACK; bool checksum_valid = false; diff --git a/board/drivers/uart.h b/board/drivers/uart.h index 01d8c2ac05..57dfb0c65a 100644 --- a/board/drivers/uart.h +++ b/board/drivers/uart.h @@ -40,7 +40,8 @@ void uart_tx_ring(uart_ring *q); void uart_send_break(uart_ring *u); // ******************************** UART buffers ******************************** - +// It is not practical to implement changes to comply with misra, because of initialization of buffers +// cppcheck-suppress-begin misra-c2012-8.4 // debug = USART2 UART_BUFFER(debug, FIFO_SIZE_INT, FIFO_SIZE_INT, USART2, debug_ring_callback, true) @@ -51,6 +52,7 @@ UART_BUFFER(debug, FIFO_SIZE_INT, FIFO_SIZE_INT, USART2, debug_ring_callback, tr // UART7 is not available on F4 UART_BUFFER(som_debug, 1U, 1U, NULL, NULL, true) #endif +// cppcheck-suppress-end misra-c2012-8.4 uart_ring *get_ring_by_number(int a) { uart_ring *ring = NULL; diff --git a/board/drivers/usb.h b/board/drivers/usb.h index 5ecbea2197..bb0cc31f1e 100644 --- a/board/drivers/usb.h +++ b/board/drivers/usb.h @@ -23,8 +23,9 @@ typedef union _USB_Setup { } USB_Setup_TypeDef; +// Variable used in main.c, extern could not be used while initializing variable +// cppcheck-suppress misra-c2012-8.4 bool usb_enumerated = false; -uint16_t usb_last_frame_num = 0U; void usb_init(void); void refresh_can_tx_slots_available(void); @@ -79,7 +80,7 @@ void refresh_can_tx_slots_available(void); #define STS_SETUP_COMP 4 #define STS_SETUP_UPDT 6 -uint8_t response[USBPACKET_MAX_SIZE]; +static uint8_t response[USBPACKET_MAX_SIZE]; // for the repeating interfaces #define DSCR_INTERFACE_LEN 9 @@ -110,6 +111,8 @@ uint8_t response[USBPACKET_MAX_SIZE]; #define STRING_DESCRIPTOR_HEADER(size)\ (((((size) * 2) + 2) & 0xFF) | 0x0300) +// Surppressing warnings, if those variables were declared at function scope, readability would be compromised +// cppcheck-suppress-begin misra-c2012-8.4 uint8_t device_desc[] = { DSCR_DEVICE_LEN, USB_DESC_TYPE_DEVICE, //Length, Type 0x10, 0x02, // bcdUSB max version of USB supported (2.1) @@ -349,16 +352,16 @@ uint8_t winusb_20_desc[WINUSB_PLATFORM_DESCRIPTOR_LENGTH] = { '-', 0x00, '2', 0x00, 'a', 0x00, 'e', 0x00, '5', 0x00, '7', 0x00, 'a', 0x00, '5', 0x00, // 64 '1', 0x00, 'a', 0x00, 'd', 0x00, 'e', 0x00, '9', 0x00, '}', 0x00, 0x00, 0x00 // 78 bytes }; +// cppcheck-suppress-end misra-c2012-8.4 // current packet -USB_Setup_TypeDef setup; -uint8_t usbdata[0x100] __attribute__((aligned(4))); -uint8_t* ep0_txdata = NULL; -uint16_t ep0_txlen = 0; -bool outep3_processing = false; +static USB_Setup_TypeDef setup; +static uint8_t* ep0_txdata = NULL; +static uint16_t ep0_txlen = 0; +static bool outep3_processing = false; // Store the current interface alt setting. -int current_int0_alt_setting = 0; +static int current_int0_alt_setting = 0; // packet read and write @@ -472,6 +475,7 @@ char to_hex_char(uint8_t a) { } void usb_tick(void) { + static uint16_t usb_last_frame_num = 0U; uint16_t current_frame_num = (USBx_DEVICE->DSTS & USB_OTG_DSTS_FNSOF_Msk) >> USB_OTG_DSTS_FNSOF_Pos; usb_enumerated = (current_frame_num != usb_last_frame_num); usb_last_frame_num = current_frame_num; @@ -658,7 +662,7 @@ void usb_setup(void) { void usb_irqhandler(void) { //USBx->GINTMSK = 0; - + static uint8_t usbdata[0x100] __attribute__((aligned(4))); unsigned int gintsts = USBx->GINTSTS; unsigned int gotgint = USBx->GOTGINT; unsigned int daint = USBx_DEVICE->DAINT; diff --git a/board/faults.h b/board/faults.h index a7f437dee5..42b762463d 100644 --- a/board/faults.h +++ b/board/faults.h @@ -34,8 +34,8 @@ // Permanent faults #define PERMANENT_FAULTS 0U -uint8_t fault_status = FAULT_STATUS_NONE; -uint32_t faults = 0U; +static uint8_t fault_status = FAULT_STATUS_NONE; +static uint32_t faults = 0U; void fault_occurred(uint32_t fault) { if ((faults & fault) == 0U) { diff --git a/board/main.c b/board/main.c index 061a913814..b3687f2c17 100644 --- a/board/main.c +++ b/board/main.c @@ -144,8 +144,8 @@ void __attribute__ ((noinline)) enable_fpu(void) { #define HEARTBEAT_IGNITION_CNT_OFF 2U // called at 8Hz -uint8_t loop_counter = 0U; void tick_handler(void) { + static uint8_t loop_counter = 0U; if (TICK_TIMER->SR != 0) { // siren current_board->set_siren((loop_counter & 1U) && (siren_enabled || (siren_countdown > 0U))); @@ -294,8 +294,8 @@ void EXTI_IRQ_Handler(void) { } } -uint8_t rtc_counter = 0; void RTC_WKUP_IRQ_Handler(void) { + static uint8_t rtc_counter = 0; exti_irq_clear(); clock_init(); diff --git a/board/main_declarations.h b/board/main_declarations.h index 4570c6e67d..16c24ce934 100644 --- a/board/main_declarations.h +++ b/board/main_declarations.h @@ -9,7 +9,13 @@ typedef struct harness_configuration harness_configuration; void can_flip_buses(uint8_t bus1, uint8_t bus2); void pwm_init(TIM_TypeDef *TIM, uint8_t channel); void pwm_set(TIM_TypeDef *TIM, uint8_t channel, uint8_t percentage); - +void RTC_WKUP_IRQ_Handler(void); +void tick_handler(void); +void __attribute__ ((noinline)) enable_fpu(void); +void __initialize_hardware_early(void); +bool check_started(void); +// Intentionally created file and declared variables, defining them in main.c would be a step back +// cppcheck-suppress-begin misra-c2012-8.4 // ********************* Globals ********************** uint8_t hw_type = 0; const board *current_board; @@ -29,4 +35,4 @@ bool ignition_seen = false; bool siren_enabled = false; uint32_t siren_countdown = 0; // siren plays while countdown > 0 uint32_t controls_allowed_countdown = 0; - +// cppcheck-suppress-end misra-c2012-8.4 diff --git a/board/power_saving.h b/board/power_saving.h index 61541cae9e..9cc25318fc 100644 --- a/board/power_saving.h +++ b/board/power_saving.h @@ -4,7 +4,7 @@ #define POWER_SAVE_STATUS_DISABLED 0 #define POWER_SAVE_STATUS_ENABLED 1 -int power_save_status = POWER_SAVE_STATUS_DISABLED; +int power_save_status = POWER_SAVE_STATUS_DISABLED; // cppcheck-suppress misra-c2012-8.4 void set_power_save_state(int state) { diff --git a/board/provision.h b/board/provision.h index 02768c93d0..db4dde467a 100644 --- a/board/provision.h +++ b/board/provision.h @@ -3,9 +3,8 @@ #define PROVISION_CHUNK_LEN 0x20 -const char unprovisioned_text[] = "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"; - void get_provision_chunk(uint8_t *resp) { + const char unprovisioned_text[] = "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"; (void)memcpy(resp, (uint8_t *)PROVISION_CHUNK_ADDRESS, PROVISION_CHUNK_LEN); if (memcmp(resp, unprovisioned_text, 0x20) == 0) { (void)memcpy(resp, "unprovisioned\x00\x00\x00testing123\x00\x00\xa3\xa6\x99\xec", 0x20); diff --git a/board/safety.h b/board/safety.h index 1e95244099..680c406782 100644 --- a/board/safety.h +++ b/board/safety.h @@ -52,9 +52,161 @@ #define SAFETY_BODY 27U #define SAFETY_HYUNDAI_CANFD 28U +const safety_hooks nooutput_hooks = { + .init = nooutput_init, + .rx = default_rx_hook, + .tx = nooutput_tx_hook, + .fwd = default_fwd_hook, +}; +const safety_hooks alloutput_hooks = { + .init = alloutput_init, + .rx = default_rx_hook, + .tx = alloutput_tx_hook, + .fwd = alloutput_fwd_hook, +}; +const safety_hooks honda_nidec_hooks = { + .init = honda_nidec_init, + .rx = honda_rx_hook, + .tx = honda_tx_hook, + .fwd = honda_nidec_fwd_hook, + .get_counter = honda_get_counter, + .get_checksum = honda_get_checksum, + .compute_checksum = honda_compute_checksum, +}; +const safety_hooks honda_bosch_hooks = { + .init = honda_bosch_init, + .rx = honda_rx_hook, + .tx = honda_tx_hook, + .fwd = honda_bosch_fwd_hook, + .get_counter = honda_get_counter, + .get_checksum = honda_get_checksum, + .compute_checksum = honda_compute_checksum, +}; +const safety_hooks toyota_hooks = { + .init = toyota_init, + .rx = toyota_rx_hook, + .tx = toyota_tx_hook, + .fwd = toyota_fwd_hook, + .get_checksum = toyota_get_checksum, + .compute_checksum = toyota_compute_checksum, + .get_counter = toyota_get_counter, + .get_quality_flag_valid = toyota_get_quality_flag_valid, +}; +const safety_hooks tesla_hooks = { + .init = tesla_init, + .rx = tesla_rx_hook, + .tx = tesla_tx_hook, + .fwd = tesla_fwd_hook, +}; +const safety_hooks gm_hooks = { + .init = gm_init, + .rx = gm_rx_hook, + .tx = gm_tx_hook, + .fwd = gm_fwd_hook, +}; +const safety_hooks ford_hooks = { + .init = ford_init, + .rx = ford_rx_hook, + .tx = ford_tx_hook, + .fwd = ford_fwd_hook, + .get_counter = ford_get_counter, + .get_checksum = ford_get_checksum, + .compute_checksum = ford_compute_checksum, + .get_quality_flag_valid = ford_get_quality_flag_valid, +}; +const safety_hooks hyundai_hooks = { + .init = hyundai_init, + .rx = hyundai_rx_hook, + .tx = hyundai_tx_hook, + .fwd = hyundai_fwd_hook, + .get_counter = hyundai_get_counter, + .get_checksum = hyundai_get_checksum, + .compute_checksum = hyundai_compute_checksum, +}; +const safety_hooks hyundai_legacy_hooks = { + .init = hyundai_legacy_init, + .rx = hyundai_rx_hook, + .tx = hyundai_tx_hook, + .fwd = hyundai_fwd_hook, + .get_counter = hyundai_get_counter, + .get_checksum = hyundai_get_checksum, + .compute_checksum = hyundai_compute_checksum, +}; +const safety_hooks chrysler_hooks = { + .init = chrysler_init, + .rx = chrysler_rx_hook, + .tx = chrysler_tx_hook, + .fwd = chrysler_fwd_hook, + .get_counter = chrysler_get_counter, + .get_checksum = chrysler_get_checksum, + .compute_checksum = chrysler_compute_checksum, +}; +const safety_hooks subaru_hooks = { + .init = subaru_init, + .rx = subaru_rx_hook, + .tx = subaru_tx_hook, + .fwd = subaru_fwd_hook, + .get_counter = subaru_get_counter, + .get_checksum = subaru_get_checksum, + .compute_checksum = subaru_compute_checksum, +}; +const safety_hooks subaru_preglobal_hooks = { + .init = subaru_preglobal_init, + .rx = subaru_preglobal_rx_hook, + .tx = subaru_preglobal_tx_hook, + .fwd = subaru_preglobal_fwd_hook, +}; +const safety_hooks mazda_hooks = { + .init = mazda_init, + .rx = mazda_rx_hook, + .tx = mazda_tx_hook, + .fwd = mazda_fwd_hook, +}; +const safety_hooks nissan_hooks = { + .init = nissan_init, + .rx = nissan_rx_hook, + .tx = nissan_tx_hook, + .fwd = nissan_fwd_hook, +}; +const safety_hooks body_hooks = { + .init = body_init, + .rx = body_rx_hook, + .tx = body_tx_hook, + .fwd = default_fwd_hook, +}; +const safety_hooks elm327_hooks = { + .init = nooutput_init, + .rx = default_rx_hook, + .tx = elm327_tx_hook, + .fwd = default_fwd_hook, +}; +const safety_hooks volkswagen_pq_hooks = { + .init = volkswagen_pq_init, + .rx = volkswagen_pq_rx_hook, + .tx = volkswagen_pq_tx_hook, + .fwd = volkswagen_pq_fwd_hook, + .get_counter = volkswagen_pq_get_counter, + .get_checksum = volkswagen_pq_get_checksum, + .compute_checksum = volkswagen_pq_compute_checksum, +}; +const safety_hooks volkswagen_mqb_hooks = { + .init = volkswagen_mqb_init, + .rx = volkswagen_mqb_rx_hook, + .tx = volkswagen_mqb_tx_hook, + .fwd = volkswagen_mqb_fwd_hook, + .get_counter = volkswagen_mqb_get_counter, + .get_checksum = volkswagen_mqb_get_checksum, + .compute_checksum = volkswagen_mqb_compute_crc, +}; + +// cppcheck-suppress-begin misra-c2012-8.4 uint16_t current_safety_mode = SAFETY_SILENT; uint16_t current_safety_param = 0; -const safety_hooks *current_hooks = &nooutput_hooks; +// cppcheck-suppress-end misra-c2012-8.4 + +static const safety_hooks *current_hooks = &nooutput_hooks; + +// cppcheck-suppress misra-c2012-8.4 safety_config current_safety_config; bool safety_rx_hook(const CANPacket_t *to_push) { @@ -295,35 +447,34 @@ typedef struct { const safety_hooks *hooks; } safety_hook_config; -const safety_hook_config safety_hook_registry[] = { - {SAFETY_SILENT, &nooutput_hooks}, - {SAFETY_HONDA_NIDEC, &honda_nidec_hooks}, - {SAFETY_TOYOTA, &toyota_hooks}, - {SAFETY_ELM327, &elm327_hooks}, - {SAFETY_GM, &gm_hooks}, - {SAFETY_HONDA_BOSCH, &honda_bosch_hooks}, - {SAFETY_HYUNDAI, &hyundai_hooks}, - {SAFETY_CHRYSLER, &chrysler_hooks}, - {SAFETY_SUBARU, &subaru_hooks}, - {SAFETY_VOLKSWAGEN_MQB, &volkswagen_mqb_hooks}, - {SAFETY_NISSAN, &nissan_hooks}, - {SAFETY_NOOUTPUT, &nooutput_hooks}, - {SAFETY_HYUNDAI_LEGACY, &hyundai_legacy_hooks}, - {SAFETY_MAZDA, &mazda_hooks}, - {SAFETY_BODY, &body_hooks}, - {SAFETY_FORD, &ford_hooks}, -#ifdef CANFD - {SAFETY_HYUNDAI_CANFD, &hyundai_canfd_hooks}, -#endif -#ifdef ALLOW_DEBUG - {SAFETY_TESLA, &tesla_hooks}, - {SAFETY_SUBARU_PREGLOBAL, &subaru_preglobal_hooks}, - {SAFETY_VOLKSWAGEN_PQ, &volkswagen_pq_hooks}, - {SAFETY_ALLOUTPUT, &alloutput_hooks}, -#endif -}; - int set_safety_hooks(uint16_t mode, uint16_t param) { + const safety_hook_config safety_hook_registry[] = { + {SAFETY_SILENT, &nooutput_hooks}, + {SAFETY_HONDA_NIDEC, &honda_nidec_hooks}, + {SAFETY_TOYOTA, &toyota_hooks}, + {SAFETY_ELM327, &elm327_hooks}, + {SAFETY_GM, &gm_hooks}, + {SAFETY_HONDA_BOSCH, &honda_bosch_hooks}, + {SAFETY_HYUNDAI, &hyundai_hooks}, + {SAFETY_CHRYSLER, &chrysler_hooks}, + {SAFETY_SUBARU, &subaru_hooks}, + {SAFETY_VOLKSWAGEN_MQB, &volkswagen_mqb_hooks}, + {SAFETY_NISSAN, &nissan_hooks}, + {SAFETY_NOOUTPUT, &nooutput_hooks}, + {SAFETY_HYUNDAI_LEGACY, &hyundai_legacy_hooks}, + {SAFETY_MAZDA, &mazda_hooks}, + {SAFETY_BODY, &body_hooks}, + {SAFETY_FORD, &ford_hooks}, + #ifdef CANFD + {SAFETY_HYUNDAI_CANFD, &hyundai_canfd_hooks}, + #endif + #ifdef ALLOW_DEBUG + {SAFETY_TESLA, &tesla_hooks}, + {SAFETY_SUBARU_PREGLOBAL, &subaru_preglobal_hooks}, + {SAFETY_VOLKSWAGEN_PQ, &volkswagen_pq_hooks}, + {SAFETY_ALLOUTPUT, &alloutput_hooks}, + #endif + }; // reset state set by safety mode safety_mode_cnt = 0U; relay_malfunction = false; diff --git a/board/safety/safety_body.h b/board/safety/safety_body.h index 2ebca280f1..6bfe363deb 100644 --- a/board/safety/safety_body.h +++ b/board/safety/safety_body.h @@ -1,11 +1,3 @@ -const CanMsg BODY_TX_MSGS[] = {{0x250, 0, 8}, {0x250, 0, 6}, {0x251, 0, 5}, // body - {0x350, 0, 8}, {0x350, 0, 6}, {0x351, 0, 5}, // knee - {0x1, 0, 8}}; // CAN flasher - -RxCheck body_rx_checks[] = { - {.msg = {{0x201, 0, 8, .check_checksum = false, .max_counter = 0U, .frequency = 100U}, { 0 }, { 0 }}}, -}; - static void body_rx_hook(const CANPacket_t *to_push) { // body is never at standstill vehicle_moving = true; @@ -34,13 +26,14 @@ static bool body_tx_hook(const CANPacket_t *to_send) { } static safety_config body_init(uint16_t param) { + const CanMsg BODY_TX_MSGS[] = {{0x250, 0, 8}, {0x250, 0, 6}, {0x251, 0, 5}, // body + {0x350, 0, 8}, {0x350, 0, 6}, {0x351, 0, 5}, // knee + {0x1, 0, 8}}; // CAN flasher + RxCheck body_rx_checks[] = { + {.msg = {{0x201, 0, 8, .check_checksum = false, .max_counter = 0U, .frequency = 100U}, { 0 }, { 0 }}}, +}; UNUSED(param); return BUILD_SAFETY_CFG(body_rx_checks, BODY_TX_MSGS); } -const safety_hooks body_hooks = { - .init = body_init, - .rx = body_rx_hook, - .tx = body_tx_hook, - .fwd = default_fwd_hook, -}; +extern const safety_hooks body_hooks; \ No newline at end of file diff --git a/board/safety/safety_chrysler.h b/board/safety/safety_chrysler.h index fa0e1532d5..b0557daa74 100644 --- a/board/safety/safety_chrysler.h +++ b/board/safety/safety_chrysler.h @@ -1,32 +1,3 @@ -const SteeringLimits CHRYSLER_STEERING_LIMITS = { - .max_steer = 261, - .max_rt_delta = 112, - .max_rt_interval = 250000, - .max_rate_up = 3, - .max_rate_down = 3, - .max_torque_error = 80, - .type = TorqueMotorLimited, -}; - -const SteeringLimits CHRYSLER_RAM_DT_STEERING_LIMITS = { - .max_steer = 350, - .max_rt_delta = 112, - .max_rt_interval = 250000, - .max_rate_up = 6, - .max_rate_down = 6, - .max_torque_error = 80, - .type = TorqueMotorLimited, -}; - -const SteeringLimits CHRYSLER_RAM_HD_STEERING_LIMITS = { - .max_steer = 361, - .max_rt_delta = 182, - .max_rt_interval = 250000, - .max_rate_up = 14, - .max_rate_down = 14, - .max_torque_error = 80, - .type = TorqueMotorLimited, -}; typedef struct { const int EPS_2; @@ -40,7 +11,8 @@ typedef struct { } ChryslerAddrs; // CAN messages for Chrysler/Jeep platforms -const ChryslerAddrs CHRYSLER_ADDRS = { +// cppcheck-suppress misra-c2012-8.9 +static const ChryslerAddrs CHRYSLER_ADDRS = { .EPS_2 = 0x220, // EPS driver input torque .ESP_1 = 0x140, // Brake pedal and vehicle speed .ESP_8 = 0x11C, // Brake pedal and vehicle speed @@ -51,20 +23,8 @@ const ChryslerAddrs CHRYSLER_ADDRS = { .CRUISE_BUTTONS = 0x23B, // Cruise control buttons }; -// CAN messages for the 5th gen RAM DT platform -const ChryslerAddrs CHRYSLER_RAM_DT_ADDRS = { - .EPS_2 = 0x31, // EPS driver input torque - .ESP_1 = 0x83, // Brake pedal and vehicle speed - .ESP_8 = 0x79, // Brake pedal and vehicle speed - .ECM_5 = 0x9D, // Throttle position sensor - .DAS_3 = 0x99, // ACC engagement states from DASM - .DAS_6 = 0xFA, // LKAS HUD and auto headlight control from DASM - .LKAS_COMMAND = 0xA6, // LKAS controls from DASM - .CRUISE_BUTTONS = 0xB1, // Cruise control buttons -}; - // CAN messages for the 5th gen RAM HD platform -const ChryslerAddrs CHRYSLER_RAM_HD_ADDRS = { +static const ChryslerAddrs CHRYSLER_RAM_HD_ADDRS = { .EPS_2 = 0x220, // EPS driver input torque .ESP_1 = 0x140, // Brake pedal and vehicle speed .ESP_8 = 0x11C, // Brake pedal and vehicle speed @@ -75,60 +35,12 @@ const ChryslerAddrs CHRYSLER_RAM_HD_ADDRS = { .CRUISE_BUTTONS = 0x23A, // Cruise control buttons }; -const CanMsg CHRYSLER_TX_MSGS[] = { - {CHRYSLER_ADDRS.CRUISE_BUTTONS, 0, 3}, - {CHRYSLER_ADDRS.LKAS_COMMAND, 0, 6}, - {CHRYSLER_ADDRS.DAS_6, 0, 8}, -}; - -const CanMsg CHRYSLER_RAM_DT_TX_MSGS[] = { - {CHRYSLER_RAM_DT_ADDRS.CRUISE_BUTTONS, 2, 3}, - {CHRYSLER_RAM_DT_ADDRS.LKAS_COMMAND, 0, 8}, - {CHRYSLER_RAM_DT_ADDRS.DAS_6, 0, 8}, -}; - -const CanMsg CHRYSLER_RAM_HD_TX_MSGS[] = { - {CHRYSLER_RAM_HD_ADDRS.CRUISE_BUTTONS, 2, 3}, - {CHRYSLER_RAM_HD_ADDRS.LKAS_COMMAND, 0, 8}, - {CHRYSLER_RAM_HD_ADDRS.DAS_6, 0, 8}, -}; - -RxCheck chrysler_rx_checks[] = { - {.msg = {{CHRYSLER_ADDRS.EPS_2, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 100U}, { 0 }, { 0 }}}, - {.msg = {{CHRYSLER_ADDRS.ESP_1, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, - //{.msg = {{ESP_8, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}}}, - {.msg = {{514, 0, 8, .check_checksum = false, .max_counter = 0U, .frequency = 100U}, { 0 }, { 0 }}}, - {.msg = {{CHRYSLER_ADDRS.ECM_5, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, - {.msg = {{CHRYSLER_ADDRS.DAS_3, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, -}; - -RxCheck chrysler_ram_dt_rx_checks[] = { - {.msg = {{CHRYSLER_RAM_DT_ADDRS.EPS_2, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 100U}, { 0 }, { 0 }}}, - {.msg = {{CHRYSLER_RAM_DT_ADDRS.ESP_1, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, - {.msg = {{CHRYSLER_RAM_DT_ADDRS.ESP_8, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, - {.msg = {{CHRYSLER_RAM_DT_ADDRS.ECM_5, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, - {.msg = {{CHRYSLER_RAM_DT_ADDRS.DAS_3, 2, 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, -}; - -RxCheck chrysler_ram_hd_rx_checks[] = { - {.msg = {{CHRYSLER_RAM_HD_ADDRS.EPS_2, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 100U}, { 0 }, { 0 }}}, - {.msg = {{CHRYSLER_RAM_HD_ADDRS.ESP_1, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, - {.msg = {{CHRYSLER_RAM_HD_ADDRS.ESP_8, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, - {.msg = {{CHRYSLER_RAM_HD_ADDRS.ECM_5, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, - {.msg = {{CHRYSLER_RAM_HD_ADDRS.DAS_3, 2, 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, -}; - - - -const uint32_t CHRYSLER_PARAM_RAM_DT = 1U; // set for Ram DT platform -const uint32_t CHRYSLER_PARAM_RAM_HD = 2U; // set for Ram HD platform - enum { CHRYSLER_RAM_DT, CHRYSLER_RAM_HD, CHRYSLER_PACIFICA, // plus Jeep } chrysler_platform = CHRYSLER_PACIFICA; -const ChryslerAddrs *chrysler_addrs = &CHRYSLER_ADDRS; +static const ChryslerAddrs *chrysler_addrs = &CHRYSLER_ADDRS; static uint32_t chrysler_get_checksum(const CANPacket_t *to_push) { int checksum_byte = GET_LEN(to_push) - 1U; @@ -214,6 +126,35 @@ static void chrysler_rx_hook(const CANPacket_t *to_push) { } static bool chrysler_tx_hook(const CANPacket_t *to_send) { + const SteeringLimits CHRYSLER_STEERING_LIMITS = { + .max_steer = 261, + .max_rt_delta = 112, + .max_rt_interval = 250000, + .max_rate_up = 3, + .max_rate_down = 3, + .max_torque_error = 80, + .type = TorqueMotorLimited, + }; + + const SteeringLimits CHRYSLER_RAM_DT_STEERING_LIMITS = { + .max_steer = 350, + .max_rt_delta = 112, + .max_rt_interval = 250000, + .max_rate_up = 6, + .max_rate_down = 6, + .max_torque_error = 80, + .type = TorqueMotorLimited, + }; + + const SteeringLimits CHRYSLER_RAM_HD_STEERING_LIMITS = { + .max_steer = 361, + .max_rt_delta = 182, + .max_rt_interval = 250000, + .max_rate_up = 14, + .max_rate_down = 14, + .max_torque_error = 80, + .type = TorqueMotorLimited, + }; bool tx = true; int addr = GET_ADDR(to_send); @@ -263,6 +204,55 @@ static int chrysler_fwd_hook(int bus_num, int addr) { } static safety_config chrysler_init(uint16_t param) { + // CAN messages for the 5th gen RAM DT platform + const ChryslerAddrs CHRYSLER_RAM_DT_ADDRS = { + .EPS_2 = 0x31, // EPS driver input torque + .ESP_1 = 0x83, // Brake pedal and vehicle speed + .ESP_8 = 0x79, // Brake pedal and vehicle speed + .ECM_5 = 0x9D, // Throttle position sensor + .DAS_3 = 0x99, // ACC engagement states from DASM + .DAS_6 = 0xFA, // LKAS HUD and auto headlight control from DASM + .LKAS_COMMAND = 0xA6, // LKAS controls from DASM + .CRUISE_BUTTONS = 0xB1, // Cruise control buttons + }; + const CanMsg CHRYSLER_TX_MSGS[] = { + {CHRYSLER_ADDRS.CRUISE_BUTTONS, 0, 3}, + {CHRYSLER_ADDRS.LKAS_COMMAND, 0, 6}, + {CHRYSLER_ADDRS.DAS_6, 0, 8}, + }; + const CanMsg CHRYSLER_RAM_DT_TX_MSGS[] = { + {CHRYSLER_RAM_DT_ADDRS.CRUISE_BUTTONS, 2, 3}, + {CHRYSLER_RAM_DT_ADDRS.LKAS_COMMAND, 0, 8}, + {CHRYSLER_RAM_DT_ADDRS.DAS_6, 0, 8}, + }; + RxCheck chrysler_rx_checks[] = { + {.msg = {{CHRYSLER_ADDRS.EPS_2, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 100U}, { 0 }, { 0 }}}, + {.msg = {{CHRYSLER_ADDRS.ESP_1, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, + //{.msg = {{ESP_8, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}}}, + {.msg = {{514, 0, 8, .check_checksum = false, .max_counter = 0U, .frequency = 100U}, { 0 }, { 0 }}}, + {.msg = {{CHRYSLER_ADDRS.ECM_5, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, + {.msg = {{CHRYSLER_ADDRS.DAS_3, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, + }; + + RxCheck chrysler_ram_dt_rx_checks[] = { + {.msg = {{CHRYSLER_RAM_DT_ADDRS.EPS_2, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 100U}, { 0 }, { 0 }}}, + {.msg = {{CHRYSLER_RAM_DT_ADDRS.ESP_1, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, + {.msg = {{CHRYSLER_RAM_DT_ADDRS.ESP_8, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, + {.msg = {{CHRYSLER_RAM_DT_ADDRS.ECM_5, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, + {.msg = {{CHRYSLER_RAM_DT_ADDRS.DAS_3, 2, 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, + }; + + const uint32_t CHRYSLER_PARAM_RAM_DT = 1U; // set for Ram DT platform +#ifdef ALLOW_DEBUG + RxCheck chrysler_ram_hd_rx_checks[] = { + {.msg = {{CHRYSLER_RAM_HD_ADDRS.EPS_2, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 100U}, { 0 }, { 0 }}}, + {.msg = {{CHRYSLER_RAM_HD_ADDRS.ESP_1, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, + {.msg = {{CHRYSLER_RAM_HD_ADDRS.ESP_8, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, + {.msg = {{CHRYSLER_RAM_HD_ADDRS.ECM_5, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, + {.msg = {{CHRYSLER_RAM_HD_ADDRS.DAS_3, 2, 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, + }; + const uint32_t CHRYSLER_PARAM_RAM_HD = 2U; // set for Ram HD platform +#endif safety_config ret; bool enable_ram_dt = GET_FLAG(param, CHRYSLER_PARAM_RAM_DT); @@ -272,6 +262,11 @@ static safety_config chrysler_init(uint16_t param) { ret = BUILD_SAFETY_CFG(chrysler_ram_dt_rx_checks, CHRYSLER_RAM_DT_TX_MSGS); #ifdef ALLOW_DEBUG } else if (GET_FLAG(param, CHRYSLER_PARAM_RAM_HD)) { + const CanMsg CHRYSLER_RAM_HD_TX_MSGS[] = { + {CHRYSLER_RAM_HD_ADDRS.CRUISE_BUTTONS, 2, 3}, + {CHRYSLER_RAM_HD_ADDRS.LKAS_COMMAND, 0, 8}, + {CHRYSLER_RAM_HD_ADDRS.DAS_6, 0, 8}, + }; chrysler_platform = CHRYSLER_RAM_HD; chrysler_addrs = &CHRYSLER_RAM_HD_ADDRS; ret = BUILD_SAFETY_CFG(chrysler_ram_hd_rx_checks, CHRYSLER_RAM_HD_TX_MSGS); @@ -284,12 +279,4 @@ static safety_config chrysler_init(uint16_t param) { return ret; } -const safety_hooks chrysler_hooks = { - .init = chrysler_init, - .rx = chrysler_rx_hook, - .tx = chrysler_tx_hook, - .fwd = chrysler_fwd_hook, - .get_counter = chrysler_get_counter, - .get_checksum = chrysler_get_checksum, - .compute_checksum = chrysler_compute_checksum, -}; +extern const safety_hooks chrysler_hooks; diff --git a/board/safety/safety_defaults.h b/board/safety/safety_defaults.h index 6c47dba3d6..648726906f 100644 --- a/board/safety/safety_defaults.h +++ b/board/safety/safety_defaults.h @@ -20,20 +20,15 @@ static int default_fwd_hook(int bus_num, int addr) { return -1; } -const safety_hooks nooutput_hooks = { - .init = nooutput_init, - .rx = default_rx_hook, - .tx = nooutput_tx_hook, - .fwd = default_fwd_hook, -}; +extern const safety_hooks nooutput_hooks; // *** all output safety mode *** // Enables passthrough mode where relay is open and bus 0 gets forwarded to bus 2 and vice versa -const uint16_t ALLOUTPUT_PARAM_PASSTHROUGH = 1; -bool alloutput_passthrough = false; +static bool alloutput_passthrough = false; static safety_config alloutput_init(uint16_t param) { + const uint16_t ALLOUTPUT_PARAM_PASSTHROUGH = 1; controls_allowed = true; alloutput_passthrough = GET_FLAG(param, ALLOUTPUT_PARAM_PASSTHROUGH); return (safety_config){NULL, 0, NULL, 0}; @@ -60,9 +55,4 @@ static int alloutput_fwd_hook(int bus_num, int addr) { return bus_fwd; } -const safety_hooks alloutput_hooks = { - .init = alloutput_init, - .rx = default_rx_hook, - .tx = alloutput_tx_hook, - .fwd = alloutput_fwd_hook, -}; +extern const safety_hooks alloutput_hooks; diff --git a/board/safety/safety_elm327.h b/board/safety/safety_elm327.h index 954efca8d5..ca3d55accb 100644 --- a/board/safety/safety_elm327.h +++ b/board/safety/safety_elm327.h @@ -1,6 +1,6 @@ -const int GM_CAMERA_DIAG_ADDR = 0x24B; static bool elm327_tx_hook(const CANPacket_t *to_send) { + const int GM_CAMERA_DIAG_ADDR = 0x24B; bool tx = true; int addr = GET_ADDR(to_send); int len = GET_LEN(to_send); @@ -29,9 +29,4 @@ static bool elm327_tx_hook(const CANPacket_t *to_send) { } // If current_board->has_obd and safety_param == 0, bus 1 is multiplexed to the OBD-II port -const safety_hooks elm327_hooks = { - .init = nooutput_init, - .rx = default_rx_hook, - .tx = elm327_tx_hook, - .fwd = default_fwd_hook, -}; +extern const safety_hooks elm327_hooks; diff --git a/board/safety/safety_ford.h b/board/safety/safety_ford.h index d6ee208036..a229230195 100644 --- a/board/safety/safety_ford.h +++ b/board/safety/safety_ford.h @@ -17,58 +17,9 @@ #define FORD_MAIN_BUS 0U #define FORD_CAM_BUS 2U -const CanMsg FORD_STOCK_TX_MSGS[] = { - {FORD_Steering_Data_FD1, 0, 8}, - {FORD_Steering_Data_FD1, 2, 8}, - {FORD_ACCDATA_3, 0, 8}, - {FORD_Lane_Assist_Data1, 0, 8}, - {FORD_LateralMotionControl, 0, 8}, - {FORD_IPMA_Data, 0, 8}, -}; -const CanMsg FORD_LONG_TX_MSGS[] = { - {FORD_Steering_Data_FD1, 0, 8}, - {FORD_Steering_Data_FD1, 2, 8}, - {FORD_ACCDATA, 0, 8}, - {FORD_ACCDATA_3, 0, 8}, - {FORD_Lane_Assist_Data1, 0, 8}, - {FORD_LateralMotionControl, 0, 8}, - {FORD_IPMA_Data, 0, 8}, -}; -const CanMsg FORD_CANFD_STOCK_TX_MSGS[] = { - {FORD_Steering_Data_FD1, 0, 8}, - {FORD_Steering_Data_FD1, 2, 8}, - {FORD_ACCDATA_3, 0, 8}, - {FORD_Lane_Assist_Data1, 0, 8}, - {FORD_LateralMotionControl2, 0, 8}, - {FORD_IPMA_Data, 0, 8}, -}; - -const CanMsg FORD_CANFD_LONG_TX_MSGS[] = { - {FORD_Steering_Data_FD1, 0, 8}, - {FORD_Steering_Data_FD1, 2, 8}, - {FORD_ACCDATA, 0, 8}, - {FORD_ACCDATA_3, 0, 8}, - {FORD_Lane_Assist_Data1, 0, 8}, - {FORD_LateralMotionControl2, 0, 8}, - {FORD_IPMA_Data, 0, 8}, -}; -// warning: quality flags are not yet checked in openpilot's CAN parser, -// this may be the cause of blocked messages -RxCheck ford_rx_checks[] = { - {.msg = {{FORD_BrakeSysFeatures, 0, 8, .check_checksum = true, .max_counter = 15U, .quality_flag=true, .frequency = 50U}, { 0 }, { 0 }}}, - // FORD_EngVehicleSpThrottle2 has a counter that either randomly skips or by 2, likely ECU bug - // Some hybrid models also experience a bug where this checksum mismatches for one or two frames under heavy acceleration with ACC - // It has been confirmed that the Bronco Sport's camera only disallows ACC for bad quality flags, not counters or checksums, so we match that - {.msg = {{FORD_EngVehicleSpThrottle2, 0, 8, .check_checksum = false, .quality_flag=true, .frequency = 50U}, { 0 }, { 0 }}}, - {.msg = {{FORD_Yaw_Data_FD1, 0, 8, .check_checksum = true, .max_counter = 255U, .quality_flag=true, .frequency = 100U}, { 0 }, { 0 }}}, - // These messages have no counter or checksum - {.msg = {{FORD_EngBrakeData, 0, 8, .frequency = 10U}, { 0 }, { 0 }}}, - {.msg = {{FORD_EngVehicleSpThrottle, 0, 8, .frequency = 100U}, { 0 }, { 0 }}}, - {.msg = {{FORD_DesiredTorqBrk, 0, 8, .frequency = 50U}, { 0 }, { 0 }}}, -}; static uint8_t ford_get_counter(const CANPacket_t *to_push) { int addr = GET_ADDR(to_push); @@ -137,25 +88,9 @@ static bool ford_get_quality_flag_valid(const CANPacket_t *to_push) { return valid; } -const uint16_t FORD_PARAM_LONGITUDINAL = 1; -const uint16_t FORD_PARAM_CANFD = 2; - -bool ford_longitudinal = false; -bool ford_canfd = false; -const LongitudinalLimits FORD_LONG_LIMITS = { - // acceleration cmd limits (used for brakes) - // Signal: AccBrkTot_A_Rq - .max_accel = 5641, // 1.9999 m/s^s - .min_accel = 4231, // -3.4991 m/s^2 - .inactive_accel = 5128, // -0.0008 m/s^2 +static bool ford_longitudinal = false; - // gas cmd limits - // Signal: AccPrpl_A_Rq & AccPrpl_A_Pred - .max_gas = 700, // 2.0 m/s^2 - .min_gas = 450, // -0.5 m/s^2 - .inactive_gas = 0, // -5.0 m/s^2 -}; #define FORD_INACTIVE_CURVATURE 1000U #define FORD_INACTIVE_CURVATURE_RATE 4096U @@ -175,7 +110,7 @@ static bool ford_lkas_msg_check(int addr) { } // Curvature rate limits -const SteeringLimits FORD_STEERING_LIMITS = { +static const SteeringLimits FORD_STEERING_LIMITS = { .max_steer = 1000, .angle_deg_to_can = 50000, // 1 / (2e-5) rad to can .max_angle_error = 100, // 0.002 * FORD_STEERING_LIMITS.angle_deg_to_can @@ -261,6 +196,19 @@ static void ford_rx_hook(const CANPacket_t *to_push) { } static bool ford_tx_hook(const CANPacket_t *to_send) { + const LongitudinalLimits FORD_LONG_LIMITS = { + // acceleration cmd limits (used for brakes) + // Signal: AccBrkTot_A_Rq + .max_accel = 5641, // 1.9999 m/s^s + .min_accel = 4231, // -3.4991 m/s^2 + .inactive_accel = 5128, // -0.0008 m/s^2 + + // gas cmd limits + // Signal: AccPrpl_A_Rq & AccPrpl_A_Pred + .max_gas = 700, // 2.0 m/s^2 + .min_gas = 450, // -0.5 m/s^2 + .inactive_gas = 0, // -5.0 m/s^2 + }; bool tx = true; int addr = GET_ADDR(to_send); @@ -394,13 +342,67 @@ static int ford_fwd_hook(int bus_num, int addr) { } static safety_config ford_init(uint16_t param) { + const CanMsg FORD_STOCK_TX_MSGS[] = { + {FORD_Steering_Data_FD1, 0, 8}, + {FORD_Steering_Data_FD1, 2, 8}, + {FORD_ACCDATA_3, 0, 8}, + {FORD_Lane_Assist_Data1, 0, 8}, + {FORD_LateralMotionControl, 0, 8}, + {FORD_IPMA_Data, 0, 8}, + }; + + const CanMsg FORD_LONG_TX_MSGS[] = { + {FORD_Steering_Data_FD1, 0, 8}, + {FORD_Steering_Data_FD1, 2, 8}, + {FORD_ACCDATA, 0, 8}, + {FORD_ACCDATA_3, 0, 8}, + {FORD_Lane_Assist_Data1, 0, 8}, + {FORD_LateralMotionControl, 0, 8}, + {FORD_IPMA_Data, 0, 8}, + }; + const CanMsg FORD_CANFD_STOCK_TX_MSGS[] = { + {FORD_Steering_Data_FD1, 0, 8}, + {FORD_Steering_Data_FD1, 2, 8}, + {FORD_ACCDATA_3, 0, 8}, + {FORD_Lane_Assist_Data1, 0, 8}, + {FORD_LateralMotionControl2, 0, 8}, + {FORD_IPMA_Data, 0, 8}, + }; + const CanMsg FORD_CANFD_LONG_TX_MSGS[] = { + {FORD_Steering_Data_FD1, 0, 8}, + {FORD_Steering_Data_FD1, 2, 8}, + {FORD_ACCDATA, 0, 8}, + {FORD_ACCDATA_3, 0, 8}, + {FORD_Lane_Assist_Data1, 0, 8}, + {FORD_LateralMotionControl2, 0, 8}, + {FORD_IPMA_Data, 0, 8}, + }; + // warning: quality flags are not yet checked in openpilot's CAN parser, + // this may be the cause of blocked messages + RxCheck ford_rx_checks[] = { + {.msg = {{FORD_BrakeSysFeatures, 0, 8, .check_checksum = true, .max_counter = 15U, .quality_flag=true, .frequency = 50U}, { 0 }, { 0 }}}, + // FORD_EngVehicleSpThrottle2 has a counter that either randomly skips or by 2, likely ECU bug + // Some hybrid models also experience a bug where this checksum mismatches for one or two frames under heavy acceleration with ACC + // It has been confirmed that the Bronco Sport's camera only disallows ACC for bad quality flags, not counters or checksums, so we match that + {.msg = {{FORD_EngVehicleSpThrottle2, 0, 8, .check_checksum = false, .quality_flag=true, .frequency = 50U}, { 0 }, { 0 }}}, + {.msg = {{FORD_Yaw_Data_FD1, 0, 8, .check_checksum = true, .max_counter = 255U, .quality_flag=true, .frequency = 100U}, { 0 }, { 0 }}}, + // These messages have no counter or checksum + {.msg = {{FORD_EngBrakeData, 0, 8, .frequency = 10U}, { 0 }, { 0 }}}, + {.msg = {{FORD_EngVehicleSpThrottle, 0, 8, .frequency = 100U}, { 0 }, { 0 }}}, + {.msg = {{FORD_DesiredTorqBrk, 0, 8, .frequency = 50U}, { 0 }, { 0 }}}, + }; + bool ford_canfd = false; UNUSED(param); #ifdef ALLOW_DEBUG + const uint16_t FORD_PARAM_LONGITUDINAL = 1; + const uint16_t FORD_PARAM_CANFD = 2; ford_longitudinal = GET_FLAG(param, FORD_PARAM_LONGITUDINAL); ford_canfd = GET_FLAG(param, FORD_PARAM_CANFD); #endif safety_config ret; + // ford_canfd can be changed in ifdef + // cppcheck-suppress knownConditionTrueFalse if (ford_canfd) { ret = ford_longitudinal ? BUILD_SAFETY_CFG(ford_rx_checks, FORD_CANFD_LONG_TX_MSGS) : \ BUILD_SAFETY_CFG(ford_rx_checks, FORD_CANFD_STOCK_TX_MSGS); @@ -411,13 +413,4 @@ static safety_config ford_init(uint16_t param) { return ret; } -const safety_hooks ford_hooks = { - .init = ford_init, - .rx = ford_rx_hook, - .tx = ford_tx_hook, - .fwd = ford_fwd_hook, - .get_counter = ford_get_counter, - .get_checksum = ford_get_checksum, - .compute_checksum = ford_compute_checksum, - .get_quality_flag_valid = ford_get_quality_flag_valid, -}; +extern const safety_hooks ford_hooks; diff --git a/board/safety/safety_gm.h b/board/safety/safety_gm.h index 82a5d9cd3e..c6433f3af0 100644 --- a/board/safety/safety_gm.h +++ b/board/safety/safety_gm.h @@ -1,57 +1,4 @@ -const SteeringLimits GM_STEERING_LIMITS = { - .max_steer = 300, - .max_rate_up = 10, - .max_rate_down = 15, - .driver_torque_allowance = 65, - .driver_torque_factor = 4, - .max_rt_delta = 128, - .max_rt_interval = 250000, - .type = TorqueDriverLimited, -}; - -const LongitudinalLimits GM_ASCM_LONG_LIMITS = { - .max_gas = 3072, - .min_gas = 1404, - .inactive_gas = 1404, - .max_brake = 400, -}; - -const LongitudinalLimits GM_CAM_LONG_LIMITS = { - .max_gas = 3400, - .min_gas = 1514, - .inactive_gas = 1554, - .max_brake = 400, -}; - -const LongitudinalLimits *gm_long_limits; - -const int GM_STANDSTILL_THRSLD = 10; // 0.311kph - -const CanMsg GM_ASCM_TX_MSGS[] = {{0x180, 0, 4}, {0x409, 0, 7}, {0x40A, 0, 7}, {0x2CB, 0, 8}, {0x370, 0, 6}, // pt bus - {0xA1, 1, 7}, {0x306, 1, 8}, {0x308, 1, 7}, {0x310, 1, 2}, // obs bus - {0x315, 2, 5}, // ch bus - {0x104c006c, 3, 3}, {0x10400060, 3, 5}}; // gmlan - -const CanMsg GM_CAM_TX_MSGS[] = {{0x180, 0, 4}, // pt bus - {0x1E1, 2, 7}, {0x184, 2, 8}}; // camera bus - -const CanMsg GM_CAM_LONG_TX_MSGS[] = {{0x180, 0, 4}, {0x315, 0, 5}, {0x2CB, 0, 8}, {0x370, 0, 6}, // pt bus - {0x184, 2, 8}}; // camera bus - -// TODO: do checksum and counter checks. Add correct timestep, 0.1s for now. -RxCheck gm_rx_checks[] = { - {.msg = {{0x184, 0, 8, .frequency = 10U}, { 0 }, { 0 }}}, - {.msg = {{0x34A, 0, 5, .frequency = 10U}, { 0 }, { 0 }}}, - {.msg = {{0x1E1, 0, 7, .frequency = 10U}, { 0 }, { 0 }}}, - {.msg = {{0xBE, 0, 6, .frequency = 10U}, // Volt, Silverado, Acadia Denali - {0xBE, 0, 7, .frequency = 10U}, // Bolt EUV - {0xBE, 0, 8, .frequency = 10U}}}, // Escalade - {.msg = {{0x1C4, 0, 8, .frequency = 10U}, { 0 }, { 0 }}}, - {.msg = {{0xC9, 0, 8, .frequency = 10U}, { 0 }, { 0 }}}, -}; - -const uint16_t GM_PARAM_HW_CAM = 1; -const uint16_t GM_PARAM_HW_CAM_LONG = 2; +static const LongitudinalLimits *gm_long_limits; enum { GM_BTN_UNPRESS = 1, @@ -61,10 +8,11 @@ enum { }; enum {GM_ASCM, GM_CAM} gm_hw = GM_ASCM; -bool gm_cam_long = false; -bool gm_pcm_cruise = false; +static bool gm_cam_long = false; +static bool gm_pcm_cruise = false; static void gm_rx_hook(const CANPacket_t *to_push) { + const int GM_STANDSTILL_THRSLD = 10; // 0.311kph if (GET_BUS(to_push) == 0U) { int addr = GET_ADDR(to_push); @@ -136,6 +84,16 @@ static void gm_rx_hook(const CANPacket_t *to_push) { } static bool gm_tx_hook(const CANPacket_t *to_send) { + const SteeringLimits GM_STEERING_LIMITS = { + .max_steer = 300, + .max_rate_up = 10, + .max_rate_down = 15, + .driver_torque_allowance = 65, + .driver_torque_factor = 4, + .max_rt_delta = 128, + .max_rt_interval = 250000, + .type = TorqueDriverLimited, + }; bool tx = true; int addr = GET_ADDR(to_send); @@ -215,6 +173,40 @@ static int gm_fwd_hook(int bus_num, int addr) { } static safety_config gm_init(uint16_t param) { + const LongitudinalLimits GM_ASCM_LONG_LIMITS = { + .max_gas = 3072, + .min_gas = 1404, + .inactive_gas = 1404, + .max_brake = 400, + }; + + const LongitudinalLimits GM_CAM_LONG_LIMITS = { + .max_gas = 3400, + .min_gas = 1514, + .inactive_gas = 1554, + .max_brake = 400, + }; + const CanMsg GM_ASCM_TX_MSGS[] = {{0x180, 0, 4}, {0x409, 0, 7}, {0x40A, 0, 7}, {0x2CB, 0, 8}, {0x370, 0, 6}, // pt bus + {0xA1, 1, 7}, {0x306, 1, 8}, {0x308, 1, 7}, {0x310, 1, 2}, // obs bus + {0x315, 2, 5}, // ch bus + {0x104c006c, 3, 3}, {0x10400060, 3, 5}}; // gmlan + const CanMsg GM_CAM_TX_MSGS[] = {{0x180, 0, 4}, // pt bus + {0x1E1, 2, 7}, {0x184, 2, 8}}; // camera bus + + const CanMsg GM_CAM_LONG_TX_MSGS[] = {{0x180, 0, 4}, {0x315, 0, 5}, {0x2CB, 0, 8}, {0x370, 0, 6}, // pt bus + {0x184, 2, 8}}; // camera bus + // TODO: do checksum and counter checks. Add correct timestep, 0.1s for now. + RxCheck gm_rx_checks[] = { + {.msg = {{0x184, 0, 8, .frequency = 10U}, { 0 }, { 0 }}}, + {.msg = {{0x34A, 0, 5, .frequency = 10U}, { 0 }, { 0 }}}, + {.msg = {{0x1E1, 0, 7, .frequency = 10U}, { 0 }, { 0 }}}, + {.msg = {{0xBE, 0, 6, .frequency = 10U}, // Volt, Silverado, Acadia Denali + {0xBE, 0, 7, .frequency = 10U}, // Bolt EUV + {0xBE, 0, 8, .frequency = 10U}}}, // Escalade + {.msg = {{0x1C4, 0, 8, .frequency = 10U}, { 0 }, { 0 }}}, + {.msg = {{0xC9, 0, 8, .frequency = 10U}, { 0 }, { 0 }}}, + }; + const uint16_t GM_PARAM_HW_CAM = 1; gm_hw = GET_FLAG(param, GM_PARAM_HW_CAM) ? GM_CAM : GM_ASCM; if (gm_hw == GM_ASCM) { @@ -225,20 +217,18 @@ static safety_config gm_init(uint16_t param) { } #ifdef ALLOW_DEBUG + const uint16_t GM_PARAM_HW_CAM_LONG = 2; gm_cam_long = GET_FLAG(param, GM_PARAM_HW_CAM_LONG); #endif gm_pcm_cruise = (gm_hw == GM_CAM) && !gm_cam_long; safety_config ret = BUILD_SAFETY_CFG(gm_rx_checks, GM_ASCM_TX_MSGS); if (gm_hw == GM_CAM) { + // gm_cam_long can be changed in ifdef + // cppcheck-suppress knownConditionTrueFalse ret = gm_cam_long ? BUILD_SAFETY_CFG(gm_rx_checks, GM_CAM_LONG_TX_MSGS) : BUILD_SAFETY_CFG(gm_rx_checks, GM_CAM_TX_MSGS); } return ret; } -const safety_hooks gm_hooks = { - .init = gm_init, - .rx = gm_rx_hook, - .tx = gm_tx_hook, - .fwd = gm_fwd_hook, -}; +extern const safety_hooks gm_hooks; diff --git a/board/safety/safety_honda.h b/board/safety/safety_honda.h index 78bbb7f0bf..8959c26ea6 100644 --- a/board/safety/safety_honda.h +++ b/board/safety/safety_honda.h @@ -1,31 +1,8 @@ -const CanMsg HONDA_N_TX_MSGS[] = {{0xE4, 0, 5}, {0x194, 0, 4}, {0x1FA, 0, 8}, {0x30C, 0, 8}, {0x33D, 0, 5}}; -const CanMsg HONDA_N_INTERCEPTOR_TX_MSGS[] = {{0xE4, 0, 5}, {0x194, 0, 4}, {0x1FA, 0, 8}, {0x200, 0, 6}, {0x30C, 0, 8}, {0x33D, 0, 5}}; -const CanMsg HONDA_BOSCH_TX_MSGS[] = {{0xE4, 0, 5}, {0xE5, 0, 8}, {0x296, 1, 4}, {0x33D, 0, 5}, {0x33DA, 0, 5}, {0x33DB, 0, 8}}; // Bosch -const CanMsg HONDA_BOSCH_LONG_TX_MSGS[] = {{0xE4, 1, 5}, {0x1DF, 1, 8}, {0x1EF, 1, 8}, {0x1FA, 1, 8}, {0x30C, 1, 8}, {0x33D, 1, 5}, {0x33DA, 1, 5}, {0x33DB, 1, 8}, {0x39F, 1, 8}, {0x18DAB0F1, 1, 8}}; // Bosch w/ gas and brakes -const CanMsg HONDA_RADARLESS_TX_MSGS[] = {{0xE4, 0, 5}, {0x296, 2, 4}, {0x33D, 0, 8}}; // Bosch radarless -const CanMsg HONDA_RADARLESS_LONG_TX_MSGS[] = {{0xE4, 0, 5}, {0x33D, 0, 8}, {0x1C8, 0, 8}, {0x30C, 0, 8}}; // Bosch radarless w/ gas and brakes - // panda interceptor threshold needs to be equivalent to openpilot threshold to avoid controls mismatches // If thresholds are mismatched then it is possible for panda to see the gas fall and rise while openpilot is in the pre-enabled state // Threshold calculated from DBC gains: round(((83.3 / 0.253984064) + (83.3 / 0.126992032)) / 2) = 492 -const int HONDA_GAS_INTERCEPTOR_THRESHOLD = 492; #define HONDA_GET_INTERCEPTOR(msg) (((GET_BYTE((msg), 0) << 8) + GET_BYTE((msg), 1) + (GET_BYTE((msg), 2) << 8) + GET_BYTE((msg), 3)) / 2U) // avg between 2 tracks -const LongitudinalLimits HONDA_BOSCH_LONG_LIMITS = { - .max_accel = 200, // accel is used for brakes - .min_accel = -350, - - .max_gas = 2000, - .inactive_gas = -30000, -}; - -const LongitudinalLimits HONDA_NIDEC_LONG_LIMITS = { - .max_gas = 198, // 0xc6 - .max_brake = 255, - - .inactive_speed = 0, -}; - // All common address checks except SCM_BUTTONS which isn't on one Nidec safety configuration #define HONDA_COMMON_NO_SCM_FEEDBACK_RX_CHECKS(pt_bus) \ {.msg = {{0x1A6, (pt_bus), 8, .check_checksum = true, .max_counter = 3U, .frequency = 25U}, /* SCM_BUTTONS */ \ @@ -43,46 +20,10 @@ const LongitudinalLimits HONDA_NIDEC_LONG_LIMITS = { // Nidec and bosch radarless has the powertrain bus on bus 0 -RxCheck honda_common_rx_checks[] = { - HONDA_COMMON_RX_CHECKS(0) -}; - -RxCheck honda_common_interceptor_rx_checks[] = { - HONDA_COMMON_RX_CHECKS(0) - {.msg = {{0x201, 0, 6, .check_checksum = false, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, -}; - -RxCheck honda_common_alt_brake_rx_checks[] = { +static RxCheck honda_common_rx_checks[] = { HONDA_COMMON_RX_CHECKS(0) - HONDA_ALT_BRAKE_ADDR_CHECK(0) }; -// For Nidecs with main on signal on an alternate msg (missing 0x326) -RxCheck honda_nidec_alt_rx_checks[] = { - HONDA_COMMON_NO_SCM_FEEDBACK_RX_CHECKS(0) -}; - -RxCheck honda_nidec_alt_interceptor_rx_checks[] = { - HONDA_COMMON_NO_SCM_FEEDBACK_RX_CHECKS(0) - {.msg = {{0x201, 0, 6, .check_checksum = false, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, -}; - -// Bosch has pt on bus 1, verified 0x1A6 does not exist -RxCheck honda_bosch_rx_checks[] = { - HONDA_COMMON_RX_CHECKS(1) -}; - -RxCheck honda_bosch_alt_brake_rx_checks[] = { - HONDA_COMMON_RX_CHECKS(1) - HONDA_ALT_BRAKE_ADDR_CHECK(1) -}; - -const uint16_t HONDA_PARAM_ALT_BRAKE = 1; -const uint16_t HONDA_PARAM_BOSCH_LONG = 2; -const uint16_t HONDA_PARAM_NIDEC_ALT = 4; -const uint16_t HONDA_PARAM_RADARLESS = 8; -const uint16_t HONDA_PARAM_GAS_INTERCEPTOR = 16; - enum { HONDA_BTN_NONE = 0, HONDA_BTN_MAIN = 1, @@ -91,12 +32,15 @@ enum { HONDA_BTN_RESUME = 4, }; -int honda_brake = 0; +static int honda_brake = 0; +// Unable to use extern keyword, variables are initialized and used in this as well as in other files +// cppcheck-suppress-begin misra-c2012-8.4 bool honda_brake_switch_prev = false; bool honda_alt_brake_msg = false; bool honda_fwd_brake = false; bool honda_bosch_long = false; bool honda_bosch_radarless = false; +// cppcheck-suppress-end misra-c2012-8.4 enum {HONDA_NIDEC, HONDA_BOSCH} honda_hw = HONDA_NIDEC; @@ -141,6 +85,10 @@ static uint8_t honda_get_counter(const CANPacket_t *to_push) { } static void honda_rx_hook(const CANPacket_t *to_push) { + // panda interceptor threshold needs to be equivalent to openpilot threshold to avoid controls mismatches + // If thresholds are mismatched then it is possible for panda to see the gas fall and rise while openpilot is in the pre-enabled state + // Threshold calculated from DBC gains: round(((83.3 / 0.253984064) + (83.3 / 0.126992032)) / 2) = 492 + const int HONDA_GAS_INTERCEPTOR_THRESHOLD = 492; const bool pcm_cruise = ((honda_hw == HONDA_BOSCH) && !honda_bosch_long) || \ ((honda_hw == HONDA_NIDEC) && !enable_gas_interceptor); int pt_bus = honda_get_pt_bus(); @@ -270,6 +218,19 @@ static void honda_rx_hook(const CANPacket_t *to_push) { } static bool honda_tx_hook(const CANPacket_t *to_send) { + const LongitudinalLimits HONDA_BOSCH_LONG_LIMITS = { + .max_accel = 200, // accel is used for brakes + .min_accel = -350, + + .max_gas = 2000, + .inactive_gas = -30000, + }; + const LongitudinalLimits HONDA_NIDEC_LONG_LIMITS = { + .max_gas = 198, // 0xc6 + .max_brake = 255, + + .inactive_speed = 0, + }; bool tx = true; int addr = GET_ADDR(to_send); int bus = GET_BUS(to_send); @@ -373,6 +334,25 @@ static bool honda_tx_hook(const CANPacket_t *to_send) { } static safety_config honda_nidec_init(uint16_t param) { + const CanMsg HONDA_N_TX_MSGS[] = {{0xE4, 0, 5}, {0x194, 0, 4}, {0x1FA, 0, 8}, {0x30C, 0, 8}, {0x33D, 0, 5}}; + const CanMsg HONDA_N_INTERCEPTOR_TX_MSGS[] = {{0xE4, 0, 5}, {0x194, 0, 4}, {0x1FA, 0, 8}, {0x200, 0, 6}, {0x30C, 0, 8}, {0x33D, 0, 5}}; + // if arrays were declared inside if...else code readability would be compromised + // cppcheck-suppress-begin variableScope + RxCheck honda_common_interceptor_rx_checks[] = { + HONDA_COMMON_RX_CHECKS(0) + {.msg = {{0x201, 0, 6, .check_checksum = false, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, + }; + // For Nidecs with main on signal on an alternate msg (missing 0x326) + RxCheck honda_nidec_alt_rx_checks[] = { + HONDA_COMMON_NO_SCM_FEEDBACK_RX_CHECKS(0) + }; + RxCheck honda_nidec_alt_interceptor_rx_checks[] = { + HONDA_COMMON_NO_SCM_FEEDBACK_RX_CHECKS(0) + {.msg = {{0x201, 0, 6, .check_checksum = false, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, + }; + // cppcheck-suppress-end variableScope + const uint16_t HONDA_PARAM_GAS_INTERCEPTOR = 16; + const uint16_t HONDA_PARAM_NIDEC_ALT = 4; honda_hw = HONDA_NIDEC; honda_brake = 0; honda_brake_switch_prev = false; @@ -402,6 +382,30 @@ static safety_config honda_nidec_init(uint16_t param) { } static safety_config honda_bosch_init(uint16_t param) { + const CanMsg HONDA_BOSCH_TX_MSGS[] = {{0xE4, 0, 5}, {0xE5, 0, 8}, {0x296, 1, 4}, {0x33D, 0, 5}, {0x33DA, 0, 5}, {0x33DB, 0, 8}}; // Bosch + const CanMsg HONDA_BOSCH_LONG_TX_MSGS[] = {{0xE4, 1, 5}, {0x1DF, 1, 8}, {0x1EF, 1, 8}, {0x1FA, 1, 8}, {0x30C, 1, 8}, {0x33D, 1, 5}, {0x33DA, 1, 5}, {0x33DB, 1, 8}, {0x39F, 1, 8}, {0x18DAB0F1, 1, 8}}; // Bosch w/ gas and brakes + const CanMsg HONDA_RADARLESS_TX_MSGS[] = {{0xE4, 0, 5}, {0x296, 2, 4}, {0x33D, 0, 8}}; // Bosch radarless + const CanMsg HONDA_RADARLESS_LONG_TX_MSGS[] = {{0xE4, 0, 5}, {0x33D, 0, 8}, {0x1C8, 0, 8}, {0x30C, 0, 8}}; // Bosch radarless w/ gas and brakes + + RxCheck honda_common_alt_brake_rx_checks[] = { + HONDA_COMMON_RX_CHECKS(0) + HONDA_ALT_BRAKE_ADDR_CHECK(0) + }; + // Bosch has pt on bus 1, verified 0x1A6 does not exist + RxCheck honda_bosch_rx_checks[] = { + HONDA_COMMON_RX_CHECKS(1) + }; + + RxCheck honda_bosch_alt_brake_rx_checks[] = { + HONDA_COMMON_RX_CHECKS(1) + HONDA_ALT_BRAKE_ADDR_CHECK(1) + }; + const uint16_t HONDA_PARAM_ALT_BRAKE = 1; + // variable used inside ifdef + // cppcheck-suppress unreadVariable + const uint16_t HONDA_PARAM_BOSCH_LONG = 2; + const uint16_t HONDA_PARAM_RADARLESS = 8; + honda_hw = HONDA_BOSCH; honda_brake_switch_prev = false; honda_bosch_radarless = GET_FLAG(param, HONDA_PARAM_RADARLESS); @@ -476,22 +480,6 @@ static int honda_bosch_fwd_hook(int bus_num, int addr) { return bus_fwd; } -const safety_hooks honda_nidec_hooks = { - .init = honda_nidec_init, - .rx = honda_rx_hook, - .tx = honda_tx_hook, - .fwd = honda_nidec_fwd_hook, - .get_counter = honda_get_counter, - .get_checksum = honda_get_checksum, - .compute_checksum = honda_compute_checksum, -}; +extern const safety_hooks honda_nidec_hooks; -const safety_hooks honda_bosch_hooks = { - .init = honda_bosch_init, - .rx = honda_rx_hook, - .tx = honda_tx_hook, - .fwd = honda_bosch_fwd_hook, - .get_counter = honda_get_counter, - .get_checksum = honda_get_checksum, - .compute_checksum = honda_compute_checksum, -}; +extern const safety_hooks honda_bosch_hooks; diff --git a/board/safety/safety_hyundai.h b/board/safety/safety_hyundai.h index 5a324bff29..0ddcf37951 100644 --- a/board/safety/safety_hyundai.h +++ b/board/safety/safety_hyundai.h @@ -17,39 +17,20 @@ .has_steer_req_tolerance = true, \ } -const SteeringLimits HYUNDAI_STEERING_LIMITS = HYUNDAI_LIMITS(384, 3, 7); -const SteeringLimits HYUNDAI_STEERING_LIMITS_ALT = HYUNDAI_LIMITS(270, 2, 3); +// cppcheck-suppress misra-c2012-8.4 const LongitudinalLimits HYUNDAI_LONG_LIMITS = { .max_accel = 200, // 1/100 m/s2 .min_accel = -350, // 1/100 m/s2 }; -const CanMsg HYUNDAI_TX_MSGS[] = { +static const CanMsg HYUNDAI_TX_MSGS[] = { {0x340, 0, 8}, // LKAS11 Bus 0 {0x4F1, 0, 4}, // CLU11 Bus 0 {0x485, 0, 4}, // LFAHDA_MFC Bus 0 }; -const CanMsg HYUNDAI_LONG_TX_MSGS[] = { - {0x340, 0, 8}, // LKAS11 Bus 0 - {0x4F1, 0, 4}, // CLU11 Bus 0 - {0x485, 0, 4}, // LFAHDA_MFC Bus 0 - {0x420, 0, 8}, // SCC11 Bus 0 - {0x421, 0, 8}, // SCC12 Bus 0 - {0x50A, 0, 8}, // SCC13 Bus 0 - {0x389, 0, 8}, // SCC14 Bus 0 - {0x4A2, 0, 2}, // FRT_RADAR11 Bus 0 - {0x38D, 0, 8}, // FCA11 Bus 0 - {0x483, 0, 8}, // FCA12 Bus 0 - {0x7D0, 0, 8}, // radar UDS TX addr Bus 0 (for radar disable) -}; -const CanMsg HYUNDAI_CAMERA_SCC_TX_MSGS[] = { - {0x340, 0, 8}, // LKAS11 Bus 0 - {0x4F1, 2, 4}, // CLU11 Bus 2 - {0x485, 0, 4}, // LFAHDA_MFC Bus 0 -}; #define HYUNDAI_COMMON_RX_CHECKS(legacy) \ {.msg = {{0x260, 0, 8, .check_checksum = true, .max_counter = 3U, .frequency = 100U}, \ @@ -60,29 +41,9 @@ const CanMsg HYUNDAI_CAMERA_SCC_TX_MSGS[] = { #define HYUNDAI_SCC12_ADDR_CHECK(scc_bus) \ {.msg = {{0x421, (scc_bus), 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, \ -RxCheck hyundai_rx_checks[] = { - HYUNDAI_COMMON_RX_CHECKS(false) - HYUNDAI_SCC12_ADDR_CHECK(0) -}; - -RxCheck hyundai_cam_scc_rx_checks[] = { - HYUNDAI_COMMON_RX_CHECKS(false) - HYUNDAI_SCC12_ADDR_CHECK(2) -}; - -RxCheck hyundai_long_rx_checks[] = { - HYUNDAI_COMMON_RX_CHECKS(false) - // Use CLU11 (buttons) to manage controls allowed instead of SCC cruise state - {.msg = {{0x4F1, 0, 4, .check_checksum = false, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, -}; -// older hyundai models have less checks due to missing counters and checksums -RxCheck hyundai_legacy_rx_checks[] = { - HYUNDAI_COMMON_RX_CHECKS(true) - HYUNDAI_SCC12_ADDR_CHECK(0) -}; -bool hyundai_legacy = false; +static bool hyundai_legacy = false; static uint8_t hyundai_get_counter(const CANPacket_t *to_push) { @@ -251,6 +212,8 @@ static bool hyundai_tx_hook(const CANPacket_t *to_send) { // LKA STEER: safety check if (addr == 0x340) { + const SteeringLimits HYUNDAI_STEERING_LIMITS = HYUNDAI_LIMITS(384, 3, 7); + const SteeringLimits HYUNDAI_STEERING_LIMITS_ALT = HYUNDAI_LIMITS(270, 2, 3); int desired_torque = ((GET_BYTES(to_send, 0, 4) >> 16) & 0x7ffU) - 1024U; bool steer_req = GET_BIT(to_send, 27U); @@ -297,6 +260,34 @@ static int hyundai_fwd_hook(int bus_num, int addr) { } static safety_config hyundai_init(uint16_t param) { + const CanMsg HYUNDAI_LONG_TX_MSGS[] = { + {0x340, 0, 8}, // LKAS11 Bus 0 + {0x4F1, 0, 4}, // CLU11 Bus 0 + {0x485, 0, 4}, // LFAHDA_MFC Bus 0 + {0x420, 0, 8}, // SCC11 Bus 0 + {0x421, 0, 8}, // SCC12 Bus 0 + {0x50A, 0, 8}, // SCC13 Bus 0 + {0x389, 0, 8}, // SCC14 Bus 0 + {0x4A2, 0, 2}, // FRT_RADAR11 Bus 0 + {0x38D, 0, 8}, // FCA11 Bus 0 + {0x483, 0, 8}, // FCA12 Bus 0 + {0x7D0, 0, 8}, // radar UDS TX addr Bus 0 (for radar disable) + }; + const CanMsg HYUNDAI_CAMERA_SCC_TX_MSGS[] = { + {0x340, 0, 8}, // LKAS11 Bus 0 + {0x4F1, 2, 4}, // CLU11 Bus 2 + {0x485, 0, 4}, // LFAHDA_MFC Bus 0 + }; + RxCheck hyundai_rx_checks[] = { + HYUNDAI_COMMON_RX_CHECKS(false) + HYUNDAI_SCC12_ADDR_CHECK(0) + }; + + RxCheck hyundai_cam_scc_rx_checks[] = { + HYUNDAI_COMMON_RX_CHECKS(false) + HYUNDAI_SCC12_ADDR_CHECK(2) + }; + hyundai_common_init(param); hyundai_legacy = false; @@ -306,6 +297,11 @@ static safety_config hyundai_init(uint16_t param) { safety_config ret; if (hyundai_longitudinal) { + RxCheck hyundai_long_rx_checks[] = { + HYUNDAI_COMMON_RX_CHECKS(false) + // Use CLU11 (buttons) to manage controls allowed instead of SCC cruise state + {.msg = {{0x4F1, 0, 4, .check_checksum = false, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, + }; ret = BUILD_SAFETY_CFG(hyundai_long_rx_checks, HYUNDAI_LONG_TX_MSGS); } else if (hyundai_camera_scc) { ret = BUILD_SAFETY_CFG(hyundai_cam_scc_rx_checks, HYUNDAI_CAMERA_SCC_TX_MSGS); @@ -316,6 +312,11 @@ static safety_config hyundai_init(uint16_t param) { } static safety_config hyundai_legacy_init(uint16_t param) { + // older hyundai models have less checks due to missing counters and checksums + RxCheck hyundai_legacy_rx_checks[] = { + HYUNDAI_COMMON_RX_CHECKS(true) + HYUNDAI_SCC12_ADDR_CHECK(0) + }; hyundai_common_init(param); hyundai_legacy = true; hyundai_longitudinal = false; @@ -323,22 +324,6 @@ static safety_config hyundai_legacy_init(uint16_t param) { return BUILD_SAFETY_CFG(hyundai_legacy_rx_checks, HYUNDAI_TX_MSGS); } -const safety_hooks hyundai_hooks = { - .init = hyundai_init, - .rx = hyundai_rx_hook, - .tx = hyundai_tx_hook, - .fwd = hyundai_fwd_hook, - .get_counter = hyundai_get_counter, - .get_checksum = hyundai_get_checksum, - .compute_checksum = hyundai_compute_checksum, -}; +extern const safety_hooks hyundai_hooks; -const safety_hooks hyundai_legacy_hooks = { - .init = hyundai_legacy_init, - .rx = hyundai_rx_hook, - .tx = hyundai_tx_hook, - .fwd = hyundai_fwd_hook, - .get_counter = hyundai_get_counter, - .get_checksum = hyundai_get_checksum, - .compute_checksum = hyundai_compute_checksum, -}; +extern const safety_hooks hyundai_legacy_hooks; diff --git a/board/safety/safety_hyundai_canfd.h b/board/safety/safety_hyundai_canfd.h index fb6ccf55a0..be640db2a9 100644 --- a/board/safety/safety_hyundai_canfd.h +++ b/board/safety/safety_hyundai_canfd.h @@ -1,59 +1,5 @@ #include "safety_hyundai_common.h" -const SteeringLimits HYUNDAI_CANFD_STEERING_LIMITS = { - .max_steer = 270, - .max_rt_delta = 112, - .max_rt_interval = 250000, - .max_rate_up = 2, - .max_rate_down = 3, - .driver_torque_allowance = 250, - .driver_torque_factor = 2, - .type = TorqueDriverLimited, - - // the EPS faults when the steering angle is above a certain threshold for too long. to prevent this, - // we allow setting torque actuation bit to 0 while maintaining the requested torque value for two consecutive frames - .min_valid_request_frames = 89, - .max_invalid_request_frames = 2, - .min_valid_request_rt_interval = 810000, // 810ms; a ~10% buffer on cutting every 90 frames - .has_steer_req_tolerance = true, -}; - -const CanMsg HYUNDAI_CANFD_HDA2_TX_MSGS[] = { - {0x50, 0, 16}, // LKAS - {0x1CF, 1, 8}, // CRUISE_BUTTON - {0x2A4, 0, 24}, // CAM_0x2A4 -}; - -const CanMsg HYUNDAI_CANFD_HDA2_ALT_STEERING_TX_MSGS[] = { - {0x110, 0, 32}, // LKAS_ALT - {0x1CF, 1, 8}, // CRUISE_BUTTON - {0x362, 0, 32}, // CAM_0x362 -}; - -const CanMsg HYUNDAI_CANFD_HDA2_LONG_TX_MSGS[] = { - {0x50, 0, 16}, // LKAS - {0x1CF, 1, 8}, // CRUISE_BUTTON - {0x2A4, 0, 24}, // CAM_0x2A4 - {0x51, 0, 32}, // ADRV_0x51 - {0x730, 1, 8}, // tester present for ADAS ECU disable - {0x12A, 1, 16}, // LFA - {0x160, 1, 16}, // ADRV_0x160 - {0x1E0, 1, 16}, // LFAHDA_CLUSTER - {0x1A0, 1, 32}, // CRUISE_INFO - {0x1EA, 1, 32}, // ADRV_0x1ea - {0x200, 1, 8}, // ADRV_0x200 - {0x345, 1, 8}, // ADRV_0x345 - {0x1DA, 1, 32}, // ADRV_0x1da -}; - -const CanMsg HYUNDAI_CANFD_HDA1_TX_MSGS[] = { - {0x12A, 0, 16}, // LFA - {0x1A0, 0, 32}, // CRUISE_INFO - {0x1CF, 2, 8}, // CRUISE_BUTTON - {0x1E0, 0, 16}, // LFAHDA_CLUSTER -}; - - // *** Addresses checked in rx hook *** // EV, ICE, HYBRID: ACCELERATOR (0x35), ACCELERATOR_BRAKE_ALT (0x100), ACCELERATOR_ALT (0x105) #define HYUNDAI_CANFD_COMMON_RX_CHECKS(pt_bus) \ @@ -75,62 +21,8 @@ const CanMsg HYUNDAI_CANFD_HDA1_TX_MSGS[] = { {.msg = {{0x1a0, (scc_bus), 32, .check_checksum = true, .max_counter = 0xffU, .frequency = 50U}, { 0 }, { 0 }}}, \ -// *** Non-HDA2 checks *** -// Camera sends SCC messages on HDA1. -// Both button messages exist on some platforms, so we ensure we track the correct one using flag -RxCheck hyundai_canfd_rx_checks[] = { - HYUNDAI_CANFD_COMMON_RX_CHECKS(0) - HYUNDAI_CANFD_BUTTONS_ADDR_CHECK(0) - HYUNDAI_CANFD_SCC_ADDR_CHECK(2) -}; -RxCheck hyundai_canfd_alt_buttons_rx_checks[] = { - HYUNDAI_CANFD_COMMON_RX_CHECKS(0) - HYUNDAI_CANFD_ALT_BUTTONS_ADDR_CHECK(0) - HYUNDAI_CANFD_SCC_ADDR_CHECK(2) -}; - -// Longitudinal checks for HDA1 -RxCheck hyundai_canfd_long_rx_checks[] = { - HYUNDAI_CANFD_COMMON_RX_CHECKS(0) - HYUNDAI_CANFD_BUTTONS_ADDR_CHECK(0) -}; -RxCheck hyundai_canfd_long_alt_buttons_rx_checks[] = { - HYUNDAI_CANFD_COMMON_RX_CHECKS(0) - HYUNDAI_CANFD_ALT_BUTTONS_ADDR_CHECK(0) -}; - -// Radar sends SCC messages on these cars instead of camera -RxCheck hyundai_canfd_radar_scc_rx_checks[] = { - HYUNDAI_CANFD_COMMON_RX_CHECKS(0) - HYUNDAI_CANFD_BUTTONS_ADDR_CHECK(0) - HYUNDAI_CANFD_SCC_ADDR_CHECK(0) -}; -RxCheck hyundai_canfd_radar_scc_alt_buttons_rx_checks[] = { - HYUNDAI_CANFD_COMMON_RX_CHECKS(0) - HYUNDAI_CANFD_ALT_BUTTONS_ADDR_CHECK(0) - HYUNDAI_CANFD_SCC_ADDR_CHECK(0) -}; - - -// *** HDA2 checks *** -// E-CAN is on bus 1, ADAS unit sends SCC messages on HDA2. -// Does not use the alt buttons message -RxCheck hyundai_canfd_hda2_rx_checks[] = { - HYUNDAI_CANFD_COMMON_RX_CHECKS(1) - HYUNDAI_CANFD_BUTTONS_ADDR_CHECK(1) - HYUNDAI_CANFD_SCC_ADDR_CHECK(1) -}; -RxCheck hyundai_canfd_hda2_long_rx_checks[] = { - HYUNDAI_CANFD_COMMON_RX_CHECKS(1) - HYUNDAI_CANFD_BUTTONS_ADDR_CHECK(1) -}; - - - -const int HYUNDAI_PARAM_CANFD_ALT_BUTTONS = 32; -const int HYUNDAI_PARAM_CANFD_HDA2_ALT_STEERING = 128; -bool hyundai_canfd_alt_buttons = false; -bool hyundai_canfd_hda2_alt_steering = false; +static bool hyundai_canfd_alt_buttons = false; +static bool hyundai_canfd_hda2_alt_steering = false; int hyundai_canfd_hda2_get_lkas_addr(void) { @@ -228,6 +120,23 @@ static void hyundai_canfd_rx_hook(const CANPacket_t *to_push) { } static bool hyundai_canfd_tx_hook(const CANPacket_t *to_send) { + const SteeringLimits HYUNDAI_CANFD_STEERING_LIMITS = { + .max_steer = 270, + .max_rt_delta = 112, + .max_rt_interval = 250000, + .max_rate_up = 2, + .max_rate_down = 3, + .driver_torque_allowance = 250, + .driver_torque_factor = 2, + .type = TorqueDriverLimited, + + // the EPS faults when the steering angle is above a certain threshold for too long. to prevent this, + // we allow setting torque actuation bit to 0 while maintaining the requested torque value for two consecutive frames + .min_valid_request_frames = 89, + .max_invalid_request_frames = 2, + .min_valid_request_rt_interval = 810000, // 810ms; a ~10% buffer on cutting every 90 frames + .has_steer_req_tolerance = true, + }; bool tx = true; int addr = GET_ADDR(to_send); @@ -314,6 +223,93 @@ static int hyundai_canfd_fwd_hook(int bus_num, int addr) { } static safety_config hyundai_canfd_init(uint16_t param) { + const CanMsg HYUNDAI_CANFD_HDA2_TX_MSGS[] = { + {0x50, 0, 16}, // LKAS + {0x1CF, 1, 8}, // CRUISE_BUTTON + {0x2A4, 0, 24}, // CAM_0x2A4 + }; + + const CanMsg HYUNDAI_CANFD_HDA2_ALT_STEERING_TX_MSGS[] = { + {0x110, 0, 32}, // LKAS_ALT + {0x1CF, 1, 8}, // CRUISE_BUTTON + {0x362, 0, 32}, // CAM_0x362 + }; + + const CanMsg HYUNDAI_CANFD_HDA2_LONG_TX_MSGS[] = { + {0x50, 0, 16}, // LKAS + {0x1CF, 1, 8}, // CRUISE_BUTTON + {0x2A4, 0, 24}, // CAM_0x2A4 + {0x51, 0, 32}, // ADRV_0x51 + {0x730, 1, 8}, // tester present for ADAS ECU disable + {0x12A, 1, 16}, // LFA + {0x160, 1, 16}, // ADRV_0x160 + {0x1E0, 1, 16}, // LFAHDA_CLUSTER + {0x1A0, 1, 32}, // CRUISE_INFO + {0x1EA, 1, 32}, // ADRV_0x1ea + {0x200, 1, 8}, // ADRV_0x200 + {0x345, 1, 8}, // ADRV_0x345 + {0x1DA, 1, 32}, // ADRV_0x1da + }; + + const CanMsg HYUNDAI_CANFD_HDA1_TX_MSGS[] = { + {0x12A, 0, 16}, // LFA + {0x1A0, 0, 32}, // CRUISE_INFO + {0x1CF, 2, 8}, // CRUISE_BUTTON + {0x1E0, 0, 16}, // LFAHDA_CLUSTER + }; + // *** Non-HDA2 checks *** + // Camera sends SCC messages on HDA1. + // Both button messages exist on some platforms, so we ensure we track the correct one using flag + RxCheck hyundai_canfd_rx_checks[] = { + HYUNDAI_CANFD_COMMON_RX_CHECKS(0) + HYUNDAI_CANFD_BUTTONS_ADDR_CHECK(0) + HYUNDAI_CANFD_SCC_ADDR_CHECK(2) + }; + RxCheck hyundai_canfd_alt_buttons_rx_checks[] = { + HYUNDAI_CANFD_COMMON_RX_CHECKS(0) + HYUNDAI_CANFD_ALT_BUTTONS_ADDR_CHECK(0) + HYUNDAI_CANFD_SCC_ADDR_CHECK(2) + }; + // Longitudinal checks for HDA1 + // Surppressing warnings, if the variable was declared inside if...else, readability would be compromised + // cppcheck-suppress variableScope + RxCheck hyundai_canfd_long_rx_checks[] = { + HYUNDAI_CANFD_COMMON_RX_CHECKS(0) + HYUNDAI_CANFD_BUTTONS_ADDR_CHECK(0) + }; + // Surppressing warnings, if the variable was declared inside if...else, readability would be compromised + // cppcheck-suppress variableScope + RxCheck hyundai_canfd_long_alt_buttons_rx_checks[] = { + HYUNDAI_CANFD_COMMON_RX_CHECKS(0) + HYUNDAI_CANFD_ALT_BUTTONS_ADDR_CHECK(0) + }; + // Radar sends SCC messages on these cars instead of camera + RxCheck hyundai_canfd_radar_scc_rx_checks[] = { + HYUNDAI_CANFD_COMMON_RX_CHECKS(0) + HYUNDAI_CANFD_BUTTONS_ADDR_CHECK(0) + HYUNDAI_CANFD_SCC_ADDR_CHECK(0) + }; + RxCheck hyundai_canfd_radar_scc_alt_buttons_rx_checks[] = { + HYUNDAI_CANFD_COMMON_RX_CHECKS(0) + HYUNDAI_CANFD_ALT_BUTTONS_ADDR_CHECK(0) + HYUNDAI_CANFD_SCC_ADDR_CHECK(0) + }; + // *** HDA2 checks *** + // E-CAN is on bus 1, ADAS unit sends SCC messages on HDA2. + // Does not use the alt buttons message + RxCheck hyundai_canfd_hda2_rx_checks[] = { + HYUNDAI_CANFD_COMMON_RX_CHECKS(1) + HYUNDAI_CANFD_BUTTONS_ADDR_CHECK(1) + HYUNDAI_CANFD_SCC_ADDR_CHECK(1) + }; + // Surppressing warnings, if the variable was declared inside if...else, readability would be compromised + // cppcheck-suppress variableScope + RxCheck hyundai_canfd_hda2_long_rx_checks[] = { + HYUNDAI_CANFD_COMMON_RX_CHECKS(1) + HYUNDAI_CANFD_BUTTONS_ADDR_CHECK(1) + }; + static const int HYUNDAI_PARAM_CANFD_ALT_BUTTONS = 32; + static const int HYUNDAI_PARAM_CANFD_HDA2_ALT_STEERING = 128; hyundai_common_init(param); gen_crc_lookup_table_16(0x1021, hyundai_canfd_crc_lut); @@ -349,6 +345,9 @@ static safety_config hyundai_canfd_init(uint16_t param) { return ret; } +// Implementation limit, all of the functions should be declared as extern, and their implementation should be +// separated from the declaration +// cppcheck-suppress misra-c2012-8.4 const safety_hooks hyundai_canfd_hooks = { .init = hyundai_canfd_init, .rx = hyundai_canfd_rx_hook, diff --git a/board/safety/safety_hyundai_common.h b/board/safety/safety_hyundai_common.h index 54ea0f024a..a8d9e1620b 100644 --- a/board/safety/safety_hyundai_common.h +++ b/board/safety/safety_hyundai_common.h @@ -1,15 +1,8 @@ #ifndef SAFETY_HYUNDAI_COMMON_H #define SAFETY_HYUNDAI_COMMON_H -const int HYUNDAI_PARAM_EV_GAS = 1; -const int HYUNDAI_PARAM_HYBRID_GAS = 2; -const int HYUNDAI_PARAM_LONGITUDINAL = 4; -const int HYUNDAI_PARAM_CAMERA_SCC = 8; -const int HYUNDAI_PARAM_CANFD_HDA2 = 16; -const int HYUNDAI_PARAM_ALT_LIMITS = 64; // TODO: shift this down with the rest of the common flags - -const uint8_t HYUNDAI_PREV_BUTTON_SAMPLES = 8; // roughly 160 ms -const uint32_t HYUNDAI_STANDSTILL_THRSLD = 12; // 0.375 kph + +static const uint8_t HYUNDAI_PREV_BUTTON_SAMPLES = 8; // roughly 160 ms enum { HYUNDAI_BTN_NONE = 0, @@ -18,6 +11,10 @@ enum { HYUNDAI_BTN_CANCEL = 4, }; +// Unable to use extern keyword, variables are used in other files as well as in this file +// cppcheck-suppress-begin misra-c2012-8.4 +const uint32_t HYUNDAI_STANDSTILL_THRSLD = 12; // 0.375 kph + // common state bool hyundai_ev_gas_signal = false; bool hyundai_hybrid_gas_signal = false; @@ -25,11 +22,19 @@ bool hyundai_longitudinal = false; bool hyundai_camera_scc = false; bool hyundai_canfd_hda2 = false; bool hyundai_alt_limits = false; -uint8_t hyundai_last_button_interaction; // button messages since the user pressed an enable button +// cppcheck-suppress-end misra-c2012-8.4 + +static uint8_t hyundai_last_button_interaction; // button messages since the user pressed an enable button +// cppcheck-suppress misra-c2012-8.4 uint16_t hyundai_canfd_crc_lut[256]; void hyundai_common_init(uint16_t param) { + const int HYUNDAI_PARAM_EV_GAS = 1; + const int HYUNDAI_PARAM_HYBRID_GAS = 2; + const int HYUNDAI_PARAM_CAMERA_SCC = 8; + const int HYUNDAI_PARAM_CANFD_HDA2 = 16; + const int HYUNDAI_PARAM_ALT_LIMITS = 64; // TODO: shift this down with the rest of the common flags hyundai_ev_gas_signal = GET_FLAG(param, HYUNDAI_PARAM_EV_GAS); hyundai_hybrid_gas_signal = !hyundai_ev_gas_signal && GET_FLAG(param, HYUNDAI_PARAM_HYBRID_GAS); hyundai_camera_scc = GET_FLAG(param, HYUNDAI_PARAM_CAMERA_SCC); @@ -39,6 +44,7 @@ void hyundai_common_init(uint16_t param) { hyundai_last_button_interaction = HYUNDAI_PREV_BUTTON_SAMPLES; #ifdef ALLOW_DEBUG + const int HYUNDAI_PARAM_LONGITUDINAL = 4; hyundai_longitudinal = GET_FLAG(param, HYUNDAI_PARAM_LONGITUDINAL); #else hyundai_longitudinal = false; diff --git a/board/safety/safety_mazda.h b/board/safety/safety_mazda.h index 7c6d8be9c7..0eb944d9a0 100644 --- a/board/safety/safety_mazda.h +++ b/board/safety/safety_mazda.h @@ -12,26 +12,8 @@ #define MAZDA_AUX 1 #define MAZDA_CAM 2 -const SteeringLimits MAZDA_STEERING_LIMITS = { - .max_steer = 800, - .max_rate_up = 10, - .max_rate_down = 25, - .max_rt_delta = 300, - .max_rt_interval = 250000, - .driver_torque_factor = 1, - .driver_torque_allowance = 15, - .type = TorqueDriverLimited, -}; - -const CanMsg MAZDA_TX_MSGS[] = {{MAZDA_LKAS, 0, 8}, {MAZDA_CRZ_BTNS, 0, 8}, {MAZDA_LKAS_HUD, 0, 8}}; - -RxCheck mazda_rx_checks[] = { - {.msg = {{MAZDA_CRZ_CTRL, 0, 8, .frequency = 50U}, { 0 }, { 0 }}}, - {.msg = {{MAZDA_CRZ_BTNS, 0, 8, .frequency = 10U}, { 0 }, { 0 }}}, - {.msg = {{MAZDA_STEER_TORQUE, 0, 8, .frequency = 83U}, { 0 }, { 0 }}}, - {.msg = {{MAZDA_ENGINE_DATA, 0, 8, .frequency = 100U}, { 0 }, { 0 }}}, - {.msg = {{MAZDA_PEDALS, 0, 8, .frequency = 50U}, { 0 }, { 0 }}}, -}; + + // track msgs coming from OP so that we know what CAM msgs to drop and what to forward static void mazda_rx_hook(const CANPacket_t *to_push) { @@ -69,6 +51,16 @@ static void mazda_rx_hook(const CANPacket_t *to_push) { } static bool mazda_tx_hook(const CANPacket_t *to_send) { + const SteeringLimits MAZDA_STEERING_LIMITS = { + .max_steer = 800, + .max_rate_up = 10, + .max_rate_down = 25, + .max_rt_delta = 300, + .max_rt_interval = 250000, + .driver_torque_factor = 1, + .driver_torque_allowance = 15, + .type = TorqueDriverLimited, + }; bool tx = true; int addr = GET_ADDR(to_send); int bus = GET_BUS(to_send); @@ -117,13 +109,16 @@ static int mazda_fwd_hook(int bus, int addr) { } static safety_config mazda_init(uint16_t param) { + const CanMsg MAZDA_TX_MSGS[] = {{MAZDA_LKAS, 0, 8}, {MAZDA_CRZ_BTNS, 0, 8}, {MAZDA_LKAS_HUD, 0, 8}}; + RxCheck mazda_rx_checks[] = { + {.msg = {{MAZDA_CRZ_CTRL, 0, 8, .frequency = 50U}, { 0 }, { 0 }}}, + {.msg = {{MAZDA_CRZ_BTNS, 0, 8, .frequency = 10U}, { 0 }, { 0 }}}, + {.msg = {{MAZDA_STEER_TORQUE, 0, 8, .frequency = 83U}, { 0 }, { 0 }}}, + {.msg = {{MAZDA_ENGINE_DATA, 0, 8, .frequency = 100U}, { 0 }, { 0 }}}, + {.msg = {{MAZDA_PEDALS, 0, 8, .frequency = 50U}, { 0 }, { 0 }}}, + }; UNUSED(param); return BUILD_SAFETY_CFG(mazda_rx_checks, MAZDA_TX_MSGS); } -const safety_hooks mazda_hooks = { - .init = mazda_init, - .rx = mazda_rx_hook, - .tx = mazda_tx_hook, - .fwd = mazda_fwd_hook, -}; +extern const safety_hooks mazda_hooks; diff --git a/board/safety/safety_nissan.h b/board/safety/safety_nissan.h index c2406260fe..9f865281bc 100644 --- a/board/safety/safety_nissan.h +++ b/board/safety/safety_nissan.h @@ -1,44 +1,6 @@ -const SteeringLimits NISSAN_STEERING_LIMITS = { - .angle_deg_to_can = 100, - .angle_rate_up_lookup = { - {0., 5., 15.}, - {5., .8, .15} - }, - .angle_rate_down_lookup = { - {0., 5., 15.}, - {5., 3.5, .4} - }, -}; - -const CanMsg NISSAN_TX_MSGS[] = { - {0x169, 0, 8}, // LKAS - {0x2b1, 0, 8}, // PROPILOT_HUD - {0x4cc, 0, 8}, // PROPILOT_HUD_INFO_MSG - {0x20b, 2, 6}, // CRUISE_THROTTLE (X-Trail) - {0x20b, 1, 6}, // CRUISE_THROTTLE (Altima) - {0x280, 2, 8} // CANCEL_MSG (Leaf) -}; - -// Signals duplicated below due to the fact that these messages can come in on either CAN bus, depending on car model. -RxCheck nissan_rx_checks[] = { - {.msg = {{0x2, 0, 5, .frequency = 100U}, - {0x2, 1, 5, .frequency = 100U}, { 0 }}}, // STEER_ANGLE_SENSOR - {.msg = {{0x285, 0, 8, .frequency = 50U}, - {0x285, 1, 8, .frequency = 50U}, { 0 }}}, // WHEEL_SPEEDS_REAR - {.msg = {{0x30f, 2, 3, .frequency = 10U}, - {0x30f, 1, 3, .frequency = 10U}, { 0 }}}, // CRUISE_STATE - {.msg = {{0x15c, 0, 8, .frequency = 50U}, - {0x15c, 1, 8, .frequency = 50U}, - {0x239, 0, 8, .frequency = 50U}}}, // GAS_PEDAL - {.msg = {{0x454, 0, 8, .frequency = 10U}, - {0x454, 1, 8, .frequency = 10U}, - {0x1cc, 0, 4, .frequency = 100U}}}, // DOORS_LIGHTS / BRAKE -}; - -// EPS Location. false = V-CAN, true = C-CAN -const int NISSAN_PARAM_ALT_EPS_BUS = 1; - -bool nissan_alt_eps = false; + + +static bool nissan_alt_eps = false; static void nissan_rx_hook(const CANPacket_t *to_push) { int bus = GET_BUS(to_push); @@ -94,6 +56,17 @@ static void nissan_rx_hook(const CANPacket_t *to_push) { static bool nissan_tx_hook(const CANPacket_t *to_send) { + const SteeringLimits NISSAN_STEERING_LIMITS = { + .angle_deg_to_can = 100, + .angle_rate_up_lookup = { + {0., 5., 15.}, + {5., .8, .15} + }, + .angle_rate_down_lookup = { + {0., 5., 15.}, + {5., 3.5, .4} + }, + }; bool tx = true; int addr = GET_ADDR(to_send); bool violation = false; @@ -147,13 +120,33 @@ static int nissan_fwd_hook(int bus_num, int addr) { } static safety_config nissan_init(uint16_t param) { + const CanMsg NISSAN_TX_MSGS[] = { + {0x169, 0, 8}, // LKAS + {0x2b1, 0, 8}, // PROPILOT_HUD + {0x4cc, 0, 8}, // PROPILOT_HUD_INFO_MSG + {0x20b, 2, 6}, // CRUISE_THROTTLE (X-Trail) + {0x20b, 1, 6}, // CRUISE_THROTTLE (Altima) + {0x280, 2, 8} // CANCEL_MSG (Leaf) + }; + // Signals duplicated below due to the fact that these messages can come in on either CAN bus, depending on car model. + RxCheck nissan_rx_checks[] = { + {.msg = {{0x2, 0, 5, .frequency = 100U}, + {0x2, 1, 5, .frequency = 100U}, { 0 }}}, // STEER_ANGLE_SENSOR + {.msg = {{0x285, 0, 8, .frequency = 50U}, + {0x285, 1, 8, .frequency = 50U}, { 0 }}}, // WHEEL_SPEEDS_REAR + {.msg = {{0x30f, 2, 3, .frequency = 10U}, + {0x30f, 1, 3, .frequency = 10U}, { 0 }}}, // CRUISE_STATE + {.msg = {{0x15c, 0, 8, .frequency = 50U}, + {0x15c, 1, 8, .frequency = 50U}, + {0x239, 0, 8, .frequency = 50U}}}, // GAS_PEDAL + {.msg = {{0x454, 0, 8, .frequency = 10U}, + {0x454, 1, 8, .frequency = 10U}, + {0x1cc, 0, 4, .frequency = 100U}}}, // DOORS_LIGHTS / BRAKE + }; + // EPS Location. false = V-CAN, true = C-CAN + const int NISSAN_PARAM_ALT_EPS_BUS = 1; nissan_alt_eps = GET_FLAG(param, NISSAN_PARAM_ALT_EPS_BUS); return BUILD_SAFETY_CFG(nissan_rx_checks, NISSAN_TX_MSGS); } -const safety_hooks nissan_hooks = { - .init = nissan_init, - .rx = nissan_rx_hook, - .tx = nissan_tx_hook, - .fwd = nissan_fwd_hook, -}; +extern const safety_hooks nissan_hooks; diff --git a/board/safety/safety_subaru.h b/board/safety/safety_subaru.h index c445bc435e..b951f2b16a 100644 --- a/board/safety/safety_subaru.h +++ b/board/safety/safety_subaru.h @@ -17,19 +17,8 @@ } -const SteeringLimits SUBARU_STEERING_LIMITS = SUBARU_STEERING_LIMITS_GENERATOR(2047, 50, 70); -const SteeringLimits SUBARU_GEN2_STEERING_LIMITS = SUBARU_STEERING_LIMITS_GENERATOR(1000, 40, 40); -const LongitudinalLimits SUBARU_LONG_LIMITS = { - .min_gas = 808, // appears to be engine braking - .max_gas = 3400, // approx 2 m/s^2 when maxing cruise_rpm and cruise_throttle - .inactive_gas = 1818, // this is zero acceleration - .max_brake = 600, // approx -3.5 m/s^2 - - .min_transmission_rpm = 0, - .max_transmission_rpm = 2400, -}; #define MSG_SUBARU_Brake_Status 0x13c #define MSG_SUBARU_CruiseControl 0x240 @@ -80,39 +69,12 @@ const LongitudinalLimits SUBARU_LONG_LIMITS = { {.msg = {{MSG_SUBARU_Brake_Status, alt_bus, 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, \ {.msg = {{MSG_SUBARU_CruiseControl, alt_bus, 8, .check_checksum = true, .max_counter = 15U, .frequency = 20U}, { 0 }, { 0 }}}, \ -const CanMsg SUBARU_TX_MSGS[] = { - SUBARU_COMMON_TX_MSGS(SUBARU_MAIN_BUS, MSG_SUBARU_ES_LKAS) -}; - -const CanMsg SUBARU_LONG_TX_MSGS[] = { - SUBARU_COMMON_TX_MSGS(SUBARU_MAIN_BUS, MSG_SUBARU_ES_LKAS) - SUBARU_COMMON_LONG_TX_MSGS(SUBARU_MAIN_BUS) -}; - -const CanMsg SUBARU_GEN2_TX_MSGS[] = { - SUBARU_COMMON_TX_MSGS(SUBARU_ALT_BUS, MSG_SUBARU_ES_LKAS) -}; - -const CanMsg SUBARU_GEN2_LONG_TX_MSGS[] = { - SUBARU_COMMON_TX_MSGS(SUBARU_ALT_BUS, MSG_SUBARU_ES_LKAS) - SUBARU_COMMON_LONG_TX_MSGS(SUBARU_ALT_BUS) - SUBARU_GEN2_LONG_ADDITIONAL_TX_MSGS() -}; - -RxCheck subaru_rx_checks[] = { - SUBARU_COMMON_RX_CHECKS(SUBARU_MAIN_BUS) -}; -RxCheck subaru_gen2_rx_checks[] = { - SUBARU_COMMON_RX_CHECKS(SUBARU_ALT_BUS) -}; -const uint16_t SUBARU_PARAM_GEN2 = 1; -const uint16_t SUBARU_PARAM_LONGITUDINAL = 2; -bool subaru_gen2 = false; -bool subaru_longitudinal = false; +static bool subaru_gen2 = false; +static bool subaru_longitudinal = false; static uint32_t subaru_get_checksum(const CANPacket_t *to_push) { @@ -180,6 +142,17 @@ static void subaru_rx_hook(const CANPacket_t *to_push) { } static bool subaru_tx_hook(const CANPacket_t *to_send) { + const SteeringLimits SUBARU_STEERING_LIMITS = SUBARU_STEERING_LIMITS_GENERATOR(2047, 50, 70); + const SteeringLimits SUBARU_GEN2_STEERING_LIMITS = SUBARU_STEERING_LIMITS_GENERATOR(1000, 40, 40); + const LongitudinalLimits SUBARU_LONG_LIMITS = { + .min_gas = 808, // appears to be engine braking + .max_gas = 3400, // approx 2 m/s^2 when maxing cruise_rpm and cruise_throttle + .inactive_gas = 1818, // this is zero acceleration + .max_brake = 600, // approx -3.5 m/s^2 + + .min_transmission_rpm = 0, + .max_transmission_rpm = 2400, + }; bool tx = true; int addr = GET_ADDR(to_send); bool violation = false; @@ -266,9 +239,36 @@ static int subaru_fwd_hook(int bus_num, int addr) { } static safety_config subaru_init(uint16_t param) { + const CanMsg SUBARU_TX_MSGS[] = { + SUBARU_COMMON_TX_MSGS(SUBARU_MAIN_BUS, MSG_SUBARU_ES_LKAS) + }; + + const CanMsg SUBARU_LONG_TX_MSGS[] = { + SUBARU_COMMON_TX_MSGS(SUBARU_MAIN_BUS, MSG_SUBARU_ES_LKAS) + SUBARU_COMMON_LONG_TX_MSGS(SUBARU_MAIN_BUS) + }; + + const CanMsg SUBARU_GEN2_TX_MSGS[] = { + SUBARU_COMMON_TX_MSGS(SUBARU_ALT_BUS, MSG_SUBARU_ES_LKAS) + }; + + const CanMsg SUBARU_GEN2_LONG_TX_MSGS[] = { + SUBARU_COMMON_TX_MSGS(SUBARU_ALT_BUS, MSG_SUBARU_ES_LKAS) + SUBARU_COMMON_LONG_TX_MSGS(SUBARU_ALT_BUS) + SUBARU_GEN2_LONG_ADDITIONAL_TX_MSGS() + }; + RxCheck subaru_rx_checks[] = { + SUBARU_COMMON_RX_CHECKS(SUBARU_MAIN_BUS) + }; + + RxCheck subaru_gen2_rx_checks[] = { + SUBARU_COMMON_RX_CHECKS(SUBARU_ALT_BUS) + }; + const uint16_t SUBARU_PARAM_GEN2 = 1; subaru_gen2 = GET_FLAG(param, SUBARU_PARAM_GEN2); #ifdef ALLOW_DEBUG + const uint16_t SUBARU_PARAM_LONGITUDINAL = 2; subaru_longitudinal = GET_FLAG(param, SUBARU_PARAM_LONGITUDINAL); #endif @@ -283,12 +283,4 @@ static safety_config subaru_init(uint16_t param) { return ret; } -const safety_hooks subaru_hooks = { - .init = subaru_init, - .rx = subaru_rx_hook, - .tx = subaru_tx_hook, - .fwd = subaru_fwd_hook, - .get_counter = subaru_get_counter, - .get_checksum = subaru_get_checksum, - .compute_checksum = subaru_compute_checksum, -}; +extern const safety_hooks subaru_hooks; diff --git a/board/safety/safety_subaru_preglobal.h b/board/safety/safety_subaru_preglobal.h index 1047814ac3..b4264c425a 100644 --- a/board/safety/safety_subaru_preglobal.h +++ b/board/safety/safety_subaru_preglobal.h @@ -1,13 +1,3 @@ -const SteeringLimits SUBARU_PG_STEERING_LIMITS = { - .max_steer = 2047, - .max_rt_delta = 940, - .max_rt_interval = 250000, - .max_rate_up = 50, - .max_rate_down = 70, - .driver_torque_factor = 10, - .driver_torque_allowance = 75, - .type = TorqueDriverLimited, -}; // Preglobal platform // 0x161 is ES_CruiseThrottle @@ -24,21 +14,10 @@ const SteeringLimits SUBARU_PG_STEERING_LIMITS = { #define SUBARU_PG_MAIN_BUS 0 #define SUBARU_PG_CAM_BUS 2 -const CanMsg SUBARU_PG_TX_MSGS[] = { - {MSG_SUBARU_PG_ES_Distance, SUBARU_PG_MAIN_BUS, 8}, - {MSG_SUBARU_PG_ES_LKAS, SUBARU_PG_MAIN_BUS, 8} -}; -// TODO: do checksum and counter checks after adding the signals to the outback dbc file -RxCheck subaru_preglobal_rx_checks[] = { - {.msg = {{MSG_SUBARU_PG_Throttle, SUBARU_PG_MAIN_BUS, 8, .frequency = 100U}, { 0 }, { 0 }}}, - {.msg = {{MSG_SUBARU_PG_Steering_Torque, SUBARU_PG_MAIN_BUS, 8, .frequency = 50U}, { 0 }, { 0 }}}, - {.msg = {{MSG_SUBARU_PG_CruiseControl, SUBARU_PG_MAIN_BUS, 8, .frequency = 20U}, { 0 }, { 0 }}}, -}; -const int SUBARU_PG_PARAM_REVERSED_DRIVER_TORQUE = 1; -bool subaru_pg_reversed_driver_torque = false; +static bool subaru_pg_reversed_driver_torque = false; static void subaru_preglobal_rx_hook(const CANPacket_t *to_push) { @@ -78,6 +57,16 @@ static void subaru_preglobal_rx_hook(const CANPacket_t *to_push) { } static bool subaru_preglobal_tx_hook(const CANPacket_t *to_send) { + const SteeringLimits SUBARU_PG_STEERING_LIMITS = { + .max_steer = 2047, + .max_rt_delta = 940, + .max_rt_interval = 250000, + .max_rate_up = 50, + .max_rate_down = 70, + .driver_torque_factor = 10, + .driver_torque_allowance = 75, + .type = TorqueDriverLimited, + }; bool tx = true; int addr = GET_ADDR(to_send); @@ -114,13 +103,19 @@ static int subaru_preglobal_fwd_hook(int bus_num, int addr) { } static safety_config subaru_preglobal_init(uint16_t param) { + const CanMsg SUBARU_PG_TX_MSGS[] = { + {MSG_SUBARU_PG_ES_Distance, SUBARU_PG_MAIN_BUS, 8}, + {MSG_SUBARU_PG_ES_LKAS, SUBARU_PG_MAIN_BUS, 8} + }; + // TODO: do checksum and counter checks after adding the signals to the outback dbc file + RxCheck subaru_preglobal_rx_checks[] = { + {.msg = {{MSG_SUBARU_PG_Throttle, SUBARU_PG_MAIN_BUS, 8, .frequency = 100U}, { 0 }, { 0 }}}, + {.msg = {{MSG_SUBARU_PG_Steering_Torque, SUBARU_PG_MAIN_BUS, 8, .frequency = 50U}, { 0 }, { 0 }}}, + {.msg = {{MSG_SUBARU_PG_CruiseControl, SUBARU_PG_MAIN_BUS, 8, .frequency = 20U}, { 0 }, { 0 }}}, + }; + const int SUBARU_PG_PARAM_REVERSED_DRIVER_TORQUE = 1; subaru_pg_reversed_driver_torque = GET_FLAG(param, SUBARU_PG_PARAM_REVERSED_DRIVER_TORQUE); return BUILD_SAFETY_CFG(subaru_preglobal_rx_checks, SUBARU_PG_TX_MSGS); } -const safety_hooks subaru_preglobal_hooks = { - .init = subaru_preglobal_init, - .rx = subaru_preglobal_rx_hook, - .tx = subaru_preglobal_tx_hook, - .fwd = subaru_preglobal_fwd_hook, -}; +extern const safety_hooks subaru_preglobal_hooks; diff --git a/board/safety/safety_tesla.h b/board/safety/safety_tesla.h index 652161ff2c..225a82fe06 100644 --- a/board/safety/safety_tesla.h +++ b/board/safety/safety_tesla.h @@ -1,70 +1,8 @@ -const SteeringLimits TESLA_STEERING_LIMITS = { - .angle_deg_to_can = 10, - .angle_rate_up_lookup = { - {0., 5., 15.}, - {10., 1.6, .3} - }, - .angle_rate_down_lookup = { - {0., 5., 15.}, - {10., 7.0, .8} - }, -}; - -const LongitudinalLimits TESLA_LONG_LIMITS = { - .max_accel = 425, // 2. m/s^2 - .min_accel = 287, // -3.52 m/s^2 // TODO: limit to -3.48 - .inactive_accel = 375, // 0. m/s^2 -}; - - -const int TESLA_FLAG_POWERTRAIN = 1; -const int TESLA_FLAG_LONGITUDINAL_CONTROL = 2; -const int TESLA_FLAG_RAVEN = 4; - -const CanMsg TESLA_TX_MSGS[] = { - {0x488, 0, 4}, // DAS_steeringControl - {0x45, 0, 8}, // STW_ACTN_RQ - {0x45, 2, 8}, // STW_ACTN_RQ - {0x2b9, 0, 8}, // DAS_control -}; - -const CanMsg TESLA_PT_TX_MSGS[] = { - {0x2bf, 0, 8}, // DAS_control -}; - -RxCheck tesla_rx_checks[] = { - {.msg = {{0x2b9, 2, 8, .frequency = 25U}, { 0 }, { 0 }}}, // DAS_control - {.msg = {{0x370, 0, 8, .frequency = 25U}, { 0 }, { 0 }}}, // EPAS_sysStatus - {.msg = {{0x108, 0, 8, .frequency = 100U}, { 0 }, { 0 }}}, // DI_torque1 - {.msg = {{0x118, 0, 6, .frequency = 100U}, { 0 }, { 0 }}}, // DI_torque2 - {.msg = {{0x20a, 0, 8, .frequency = 50U}, { 0 }, { 0 }}}, // BrakeMessage - {.msg = {{0x368, 0, 8, .frequency = 10U}, { 0 }, { 0 }}}, // DI_state - {.msg = {{0x318, 0, 8, .frequency = 10U}, { 0 }, { 0 }}}, // GTW_carState -}; - -RxCheck tesla_raven_rx_checks[] = { - {.msg = {{0x2b9, 2, 8, .frequency = 25U}, { 0 }, { 0 }}}, // DAS_control - {.msg = {{0x131, 2, 8, .frequency = 100U}, { 0 }, { 0 }}}, // EPAS3P_sysStatus - {.msg = {{0x108, 0, 8, .frequency = 100U}, { 0 }, { 0 }}}, // DI_torque1 - {.msg = {{0x118, 0, 6, .frequency = 100U}, { 0 }, { 0 }}}, // DI_torque2 - {.msg = {{0x20a, 0, 8, .frequency = 50U}, { 0 }, { 0 }}}, // BrakeMessage - {.msg = {{0x368, 0, 8, .frequency = 10U}, { 0 }, { 0 }}}, // DI_state - {.msg = {{0x318, 0, 8, .frequency = 10U}, { 0 }, { 0 }}}, // GTW_carState -}; - -RxCheck tesla_pt_rx_checks[] = { - {.msg = {{0x106, 0, 8, .frequency = 100U}, { 0 }, { 0 }}}, // DI_torque1 - {.msg = {{0x116, 0, 6, .frequency = 100U}, { 0 }, { 0 }}}, // DI_torque2 - {.msg = {{0x1f8, 0, 8, .frequency = 50U}, { 0 }, { 0 }}}, // BrakeMessage - {.msg = {{0x2bf, 2, 8, .frequency = 25U}, { 0 }, { 0 }}}, // DAS_control - {.msg = {{0x256, 0, 8, .frequency = 10U}, { 0 }, { 0 }}}, // DI_state -}; - -bool tesla_longitudinal = false; -bool tesla_powertrain = false; // Are we the second panda intercepting the powertrain bus? -bool tesla_raven = false; - -bool tesla_stock_aeb = false; +static bool tesla_longitudinal = false; +static bool tesla_powertrain = false; // Are we the second panda intercepting the powertrain bus? +static bool tesla_raven = false; + +static bool tesla_stock_aeb = false; static void tesla_rx_hook(const CANPacket_t *to_push) { int bus = GET_BUS(to_push); @@ -129,6 +67,22 @@ static void tesla_rx_hook(const CANPacket_t *to_push) { static bool tesla_tx_hook(const CANPacket_t *to_send) { + const SteeringLimits TESLA_STEERING_LIMITS = { + .angle_deg_to_can = 10, + .angle_rate_up_lookup = { + {0., 5., 15.}, + {10., 1.6, .3} + }, + .angle_rate_down_lookup = { + {0., 5., 15.}, + {10., 7.0, .8} + }, + }; + const LongitudinalLimits TESLA_LONG_LIMITS = { + .max_accel = 425, // 2. m/s^2 + .min_accel = 287, // -3.52 m/s^2 // TODO: limit to -3.48 + .inactive_accel = 375, // 0. m/s^2 + }; bool tx = true; int addr = GET_ADDR(to_send); bool violation = false; @@ -216,6 +170,38 @@ static int tesla_fwd_hook(int bus_num, int addr) { } static safety_config tesla_init(uint16_t param) { + const int TESLA_FLAG_RAVEN = 4; + const int TESLA_FLAG_POWERTRAIN = 1; + const int TESLA_FLAG_LONGITUDINAL_CONTROL = 2; + const CanMsg TESLA_PT_TX_MSGS[] = { + {0x2bf, 0, 8}, // DAS_control + }; + // Due to code readability, array was not declared inside if...else + // cppcheck-suppress variableScope + RxCheck tesla_rx_checks[] = { + {.msg = {{0x2b9, 2, 8, .frequency = 25U}, { 0 }, { 0 }}}, // DAS_control + {.msg = {{0x370, 0, 8, .frequency = 25U}, { 0 }, { 0 }}}, // EPAS_sysStatus + {.msg = {{0x108, 0, 8, .frequency = 100U}, { 0 }, { 0 }}}, // DI_torque1 + {.msg = {{0x118, 0, 6, .frequency = 100U}, { 0 }, { 0 }}}, // DI_torque2 + {.msg = {{0x20a, 0, 8, .frequency = 50U}, { 0 }, { 0 }}}, // BrakeMessage + {.msg = {{0x368, 0, 8, .frequency = 10U}, { 0 }, { 0 }}}, // DI_state + {.msg = {{0x318, 0, 8, .frequency = 10U}, { 0 }, { 0 }}}, // GTW_carState + }; + RxCheck tesla_raven_rx_checks[] = { + {.msg = {{0x2b9, 2, 8, .frequency = 25U}, { 0 }, { 0 }}}, // DAS_control + {.msg = {{0x131, 2, 8, .frequency = 100U}, { 0 }, { 0 }}}, // EPAS3P_sysStatus + {.msg = {{0x108, 0, 8, .frequency = 100U}, { 0 }, { 0 }}}, // DI_torque1 + {.msg = {{0x118, 0, 6, .frequency = 100U}, { 0 }, { 0 }}}, // DI_torque2 + {.msg = {{0x20a, 0, 8, .frequency = 50U}, { 0 }, { 0 }}}, // BrakeMessage + {.msg = {{0x368, 0, 8, .frequency = 10U}, { 0 }, { 0 }}}, // DI_state + {.msg = {{0x318, 0, 8, .frequency = 10U}, { 0 }, { 0 }}}, // GTW_carState + }; + const CanMsg TESLA_TX_MSGS[] = { + {0x488, 0, 4}, // DAS_steeringControl + {0x45, 0, 8}, // STW_ACTN_RQ + {0x45, 2, 8}, // STW_ACTN_RQ + {0x2b9, 0, 8}, // DAS_control + }; tesla_powertrain = GET_FLAG(param, TESLA_FLAG_POWERTRAIN); tesla_longitudinal = GET_FLAG(param, TESLA_FLAG_LONGITUDINAL_CONTROL); tesla_raven = GET_FLAG(param, TESLA_FLAG_RAVEN); @@ -224,6 +210,13 @@ static safety_config tesla_init(uint16_t param) { safety_config ret; if (tesla_powertrain) { + RxCheck tesla_pt_rx_checks[] = { + {.msg = {{0x106, 0, 8, .frequency = 100U}, { 0 }, { 0 }}}, // DI_torque1 + {.msg = {{0x116, 0, 6, .frequency = 100U}, { 0 }, { 0 }}}, // DI_torque2 + {.msg = {{0x1f8, 0, 8, .frequency = 50U}, { 0 }, { 0 }}}, // BrakeMessage + {.msg = {{0x2bf, 2, 8, .frequency = 25U}, { 0 }, { 0 }}}, // DAS_control + {.msg = {{0x256, 0, 8, .frequency = 10U}, { 0 }, { 0 }}}, // DI_state + }; ret = BUILD_SAFETY_CFG(tesla_pt_rx_checks, TESLA_PT_TX_MSGS); } else if (tesla_raven) { ret = BUILD_SAFETY_CFG(tesla_raven_rx_checks, TESLA_TX_MSGS); @@ -233,9 +226,4 @@ static safety_config tesla_init(uint16_t param) { return ret; } -const safety_hooks tesla_hooks = { - .init = tesla_init, - .rx = tesla_rx_hook, - .tx = tesla_tx_hook, - .fwd = tesla_fwd_hook, -}; +extern const safety_hooks tesla_hooks; diff --git a/board/safety/safety_toyota.h b/board/safety/safety_toyota.h index 50c00b38a8..83c607a9de 100644 --- a/board/safety/safety_toyota.h +++ b/board/safety/safety_toyota.h @@ -1,46 +1,6 @@ -const SteeringLimits TOYOTA_STEERING_LIMITS = { - .max_steer = 1500, - .max_rate_up = 15, // ramp up slow - .max_rate_down = 25, // ramp down fast - .max_torque_error = 350, // max torque cmd in excess of motor torque - .max_rt_delta = 450, // the real time limit is 1800/sec, a 20% buffer - .max_rt_interval = 250000, - .type = TorqueMotorLimited, - - // the EPS faults when the steering angle rate is above a certain threshold for too long. to prevent this, - // we allow setting STEER_REQUEST bit to 0 while maintaining the requested torque value for a single frame - .min_valid_request_frames = 18, - .max_invalid_request_frames = 1, - .min_valid_request_rt_interval = 170000, // 170ms; a ~10% buffer on cutting every 19 frames - .has_steer_req_tolerance = true, - - // LTA angle limits - // factor for STEER_TORQUE_SENSOR->STEER_ANGLE and STEERING_LTA->STEER_ANGLE_CMD (1 / 0.0573) - .angle_deg_to_can = 17.452007, - .angle_rate_up_lookup = { - {5., 25., 25.}, - {0.3, 0.15, 0.15} - }, - .angle_rate_down_lookup = { - {5., 25., 25.}, - {0.36, 0.26, 0.26} - }, -}; - -const int TOYOTA_LTA_MAX_ANGLE = 1657; // EPS only accepts up to 94.9461 -const int TOYOTA_LTA_MAX_MEAS_TORQUE = 1500; -const int TOYOTA_LTA_MAX_DRIVER_TORQUE = 150; - -// longitudinal limits -const LongitudinalLimits TOYOTA_LONG_LIMITS = { - .max_accel = 2000, // 2.0 m/s2 - .min_accel = -3500, // -3.5 m/s2 -}; - // panda interceptor threshold needs to be equivalent to openpilot threshold to avoid controls mismatches // If thresholds are mismatched then it is possible for panda to see the gas fall and rise while openpilot is in the pre-enabled state // Threshold calculated from DBC gains: round((((15 + 75.555) / 0.159375) + ((15 + 151.111) / 0.159375)) / 2) = 805 -const int TOYOTA_GAS_INTERCEPTOR_THRSLD = 805; #define TOYOTA_GET_INTERCEPTOR(msg) (((GET_BYTE((msg), 0) << 8) + GET_BYTE((msg), 1) + (GET_BYTE((msg), 2) << 8) + GET_BYTE((msg), 3)) / 2U) // avg between 2 tracks // Stock longitudinal @@ -54,19 +14,6 @@ const int TOYOTA_GAS_INTERCEPTOR_THRSLD = 805; {0x411, 0, 8}, /* PCS_HUD */ \ {0x750, 0, 8}, /* radar diagnostic address */ \ -const CanMsg TOYOTA_TX_MSGS[] = { - TOYOTA_COMMON_TX_MSGS -}; - -const CanMsg TOYOTA_LONG_TX_MSGS[] = { - TOYOTA_COMMON_LONG_TX_MSGS -}; - -const CanMsg TOYOTA_INTERCEPTOR_TX_MSGS[] = { - TOYOTA_COMMON_LONG_TX_MSGS - {0x200, 0, 6}, // gas interceptor -}; - #define TOYOTA_COMMON_RX_CHECKS(lta) \ {.msg = {{ 0xaa, 0, 8, .check_checksum = false, .frequency = 83U}, { 0 }, { 0 }}}, \ {.msg = {{0x260, 0, 8, .check_checksum = true, .quality_flag = (lta), .frequency = 50U}, { 0 }, { 0 }}}, \ @@ -74,38 +21,10 @@ const CanMsg TOYOTA_INTERCEPTOR_TX_MSGS[] = { {.msg = {{0x224, 0, 8, .check_checksum = false, .frequency = 40U}, \ {0x226, 0, 8, .check_checksum = false, .frequency = 40U}, { 0 }}}, \ -RxCheck toyota_lka_rx_checks[] = { - TOYOTA_COMMON_RX_CHECKS(false) -}; - -RxCheck toyota_lka_interceptor_rx_checks[] = { - TOYOTA_COMMON_RX_CHECKS(false) - {.msg = {{0x201, 0, 6, .check_checksum = false, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, -}; - -// Check the quality flag for angle measurement when using LTA, since it's not set on TSS-P cars -RxCheck toyota_lta_rx_checks[] = { - TOYOTA_COMMON_RX_CHECKS(true) -}; - -RxCheck toyota_lta_interceptor_rx_checks[] = { - TOYOTA_COMMON_RX_CHECKS(true) - {.msg = {{0x201, 0, 6, .check_checksum = false, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, -}; - -// safety param flags -// first byte is for EPS factor, second is for flags -const uint32_t TOYOTA_PARAM_OFFSET = 8U; -const uint32_t TOYOTA_EPS_FACTOR = (1UL << TOYOTA_PARAM_OFFSET) - 1U; -const uint32_t TOYOTA_PARAM_ALT_BRAKE = 1UL << TOYOTA_PARAM_OFFSET; -const uint32_t TOYOTA_PARAM_STOCK_LONGITUDINAL = 2UL << TOYOTA_PARAM_OFFSET; -const uint32_t TOYOTA_PARAM_LTA = 4UL << TOYOTA_PARAM_OFFSET; -const uint32_t TOYOTA_PARAM_GAS_INTERCEPTOR = 8UL << TOYOTA_PARAM_OFFSET; - -bool toyota_alt_brake = false; -bool toyota_stock_longitudinal = false; -bool toyota_lta = false; -int toyota_dbc_eps_torque_factor = 100; // conversion factor for STEER_TORQUE_EPS in %: see dbc file +static bool toyota_alt_brake = false; +static bool toyota_stock_longitudinal = false; +static bool toyota_lta = false; +static int toyota_dbc_eps_torque_factor = 100; // conversion factor for STEER_TORQUE_EPS in %: see dbc file static uint32_t toyota_compute_checksum(const CANPacket_t *to_push) { int addr = GET_ADDR(to_push); @@ -144,6 +63,12 @@ static bool toyota_get_quality_flag_valid(const CANPacket_t *to_push) { } static void toyota_rx_hook(const CANPacket_t *to_push) { + const int TOYOTA_LTA_MAX_ANGLE = 1657; // EPS only accepts up to 94.9461 + // panda interceptor threshold needs to be equivalent to openpilot threshold to avoid controls mismatches + // If thresholds are mismatched then it is possible for panda to see the gas fall and rise while openpilot is in the pre-enabled state + // Threshold calculated from DBC gains: round((((15 + 75.555) / 0.159375) + ((15 + 151.111) / 0.159375)) / 2) = 805 + const int TOYOTA_GAS_INTERCEPTOR_THRSLD = 805; + if (GET_BUS(to_push) == 0U) { int addr = GET_ADDR(to_push); @@ -228,6 +153,41 @@ static void toyota_rx_hook(const CANPacket_t *to_push) { } static bool toyota_tx_hook(const CANPacket_t *to_send) { + const SteeringLimits TOYOTA_STEERING_LIMITS = { + .max_steer = 1500, + .max_rate_up = 15, // ramp up slow + .max_rate_down = 25, // ramp down fast + .max_torque_error = 350, // max torque cmd in excess of motor torque + .max_rt_delta = 450, // the real time limit is 1800/sec, a 20% buffer + .max_rt_interval = 250000, + .type = TorqueMotorLimited, + + // the EPS faults when the steering angle rate is above a certain threshold for too long. to prevent this, + // we allow setting STEER_REQUEST bit to 0 while maintaining the requested torque value for a single frame + .min_valid_request_frames = 18, + .max_invalid_request_frames = 1, + .min_valid_request_rt_interval = 170000, // 170ms; a ~10% buffer on cutting every 19 frames + .has_steer_req_tolerance = true, + + // LTA angle limits + // factor for STEER_TORQUE_SENSOR->STEER_ANGLE and STEERING_LTA->STEER_ANGLE_CMD (1 / 0.0573) + .angle_deg_to_can = 17.452007, + .angle_rate_up_lookup = { + {5., 25., 25.}, + {0.3, 0.15, 0.15} + }, + .angle_rate_down_lookup = { + {5., 25., 25.}, + {0.36, 0.26, 0.26} + }, + }; + const int TOYOTA_LTA_MAX_MEAS_TORQUE = 1500; + const int TOYOTA_LTA_MAX_DRIVER_TORQUE = 150; + // longitudinal limits + const LongitudinalLimits TOYOTA_LONG_LIMITS = { + .max_accel = 2000, // 2.0 m/s2 + .min_accel = -3500, // -3.5 m/s2 + }; bool tx = true; int addr = GET_ADDR(to_send); int bus = GET_BUS(to_send); @@ -354,6 +314,48 @@ static bool toyota_tx_hook(const CANPacket_t *to_send) { } static safety_config toyota_init(uint16_t param) { + const CanMsg TOYOTA_TX_MSGS[] = { + TOYOTA_COMMON_TX_MSGS + }; + + const CanMsg TOYOTA_LONG_TX_MSGS[] = { + TOYOTA_COMMON_LONG_TX_MSGS + }; + + const CanMsg TOYOTA_INTERCEPTOR_TX_MSGS[] = { + TOYOTA_COMMON_LONG_TX_MSGS + {0x200, 0, 6}, // gas interceptor + }; + // if arrays were declared inside if...else code readability would be compromised + // cppcheck-suppress-begin variableScope + RxCheck toyota_lka_rx_checks[] = { + TOYOTA_COMMON_RX_CHECKS(false) + }; + + RxCheck toyota_lka_interceptor_rx_checks[] = { + TOYOTA_COMMON_RX_CHECKS(false) + {.msg = {{0x201, 0, 6, .check_checksum = false, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, + }; + // Check the quality flag for angle measurement when using LTA, since it's not set on TSS-P cars + RxCheck toyota_lta_rx_checks[] = { + TOYOTA_COMMON_RX_CHECKS(true) + }; + + RxCheck toyota_lta_interceptor_rx_checks[] = { + TOYOTA_COMMON_RX_CHECKS(true) + {.msg = {{0x201, 0, 6, .check_checksum = false, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, + }; + // cppcheck-suppress-end variableScope + + // safety param flags + // first byte is for EPS factor, second is for flags + const uint32_t TOYOTA_PARAM_OFFSET = 8U; + const uint32_t TOYOTA_EPS_FACTOR = (1UL << TOYOTA_PARAM_OFFSET) - 1U; + const uint32_t TOYOTA_PARAM_ALT_BRAKE = 1UL << TOYOTA_PARAM_OFFSET; + const uint32_t TOYOTA_PARAM_STOCK_LONGITUDINAL = 2UL << TOYOTA_PARAM_OFFSET; + const uint32_t TOYOTA_PARAM_LTA = 4UL << TOYOTA_PARAM_OFFSET; + const uint32_t TOYOTA_PARAM_GAS_INTERCEPTOR = 8UL << TOYOTA_PARAM_OFFSET; + toyota_alt_brake = GET_FLAG(param, TOYOTA_PARAM_ALT_BRAKE); toyota_stock_longitudinal = GET_FLAG(param, TOYOTA_PARAM_STOCK_LONGITUDINAL); toyota_lta = GET_FLAG(param, TOYOTA_PARAM_LTA); @@ -406,13 +408,4 @@ static int toyota_fwd_hook(int bus_num, int addr) { return bus_fwd; } -const safety_hooks toyota_hooks = { - .init = toyota_init, - .rx = toyota_rx_hook, - .tx = toyota_tx_hook, - .fwd = toyota_fwd_hook, - .get_checksum = toyota_get_checksum, - .compute_checksum = toyota_compute_checksum, - .get_counter = toyota_get_counter, - .get_quality_flag_valid = toyota_get_quality_flag_valid, -}; +extern const safety_hooks toyota_hooks; diff --git a/board/safety/safety_volkswagen_common.h b/board/safety/safety_volkswagen_common.h index ce2bf580fe..c21426746d 100644 --- a/board/safety/safety_volkswagen_common.h +++ b/board/safety/safety_volkswagen_common.h @@ -1,10 +1,12 @@ #ifndef SAFETY_VOLKSWAGEN_COMMON_H #define SAFETY_VOLKSWAGEN_COMMON_H -const uint16_t FLAG_VOLKSWAGEN_LONG_CONTROL = 1; +// cppcheck-suppress-begin misra-c2012-8.4 +const uint16_t FLAG_VOLKSWAGEN_LONG_CONTROL = 1; bool volkswagen_longitudinal = false; bool volkswagen_set_button_prev = false; bool volkswagen_resume_button_prev = false; +// cppcheck-suppress-end misra-c2012-8.4 #endif diff --git a/board/safety/safety_volkswagen_mqb.h b/board/safety/safety_volkswagen_mqb.h index d880a69a6e..27e51902ee 100644 --- a/board/safety/safety_volkswagen_mqb.h +++ b/board/safety/safety_volkswagen_mqb.h @@ -1,24 +1,6 @@ #include "safety_volkswagen_common.h" -// lateral limits -const SteeringLimits VOLKSWAGEN_MQB_STEERING_LIMITS = { - .max_steer = 300, // 3.0 Nm (EPS side max of 3.0Nm with fault if violated) - .max_rt_delta = 75, // 4 max rate up * 50Hz send rate * 250000 RT interval / 1000000 = 50 ; 50 * 1.5 for safety pad = 75 - .max_rt_interval = 250000, // 250ms between real time checks - .max_rate_up = 4, // 2.0 Nm/s RoC limit (EPS rack has own soft-limit of 5.0 Nm/s) - .max_rate_down = 10, // 5.0 Nm/s RoC limit (EPS rack has own soft-limit of 5.0 Nm/s) - .driver_torque_allowance = 80, - .driver_torque_factor = 3, - .type = TorqueDriverLimited, -}; - -// longitudinal limits -// acceleration in m/s2 * 1000 to avoid floating point math -const LongitudinalLimits VOLKSWAGEN_MQB_LONG_LIMITS = { - .max_accel = 2000, - .min_accel = -3500, - .inactive_accel = 3010, // VW sends one increment above the max range when inactive -}; + #define MSG_ESP_19 0x0B2 // RX from ABS, for wheel speeds #define MSG_LH_EPS_03 0x09F // RX from EPS, for driver steering torque @@ -33,25 +15,10 @@ const LongitudinalLimits VOLKSWAGEN_MQB_LONG_LIMITS = { #define MSG_MOTOR_14 0x3BE // RX from ECU, for brake switch status #define MSG_LDW_02 0x397 // TX by OP, Lane line recognition and text alerts -// Transmit of GRA_ACC_01 is allowed on bus 0 and 2 to keep compatibility with gateway and camera integration -const CanMsg VOLKSWAGEN_MQB_STOCK_TX_MSGS[] = {{MSG_HCA_01, 0, 8}, {MSG_GRA_ACC_01, 0, 8}, {MSG_GRA_ACC_01, 2, 8}, - {MSG_LDW_02, 0, 8}, {MSG_LH_EPS_03, 2, 8}}; -const CanMsg VOLKSWAGEN_MQB_LONG_TX_MSGS[] = {{MSG_HCA_01, 0, 8}, {MSG_LDW_02, 0, 8}, {MSG_LH_EPS_03, 2, 8}, - {MSG_ACC_02, 0, 8}, {MSG_ACC_06, 0, 8}, {MSG_ACC_07, 0, 8}}; - -RxCheck volkswagen_mqb_rx_checks[] = { - {.msg = {{MSG_ESP_19, 0, 8, .check_checksum = false, .max_counter = 0U, .frequency = 100U}, { 0 }, { 0 }}}, - {.msg = {{MSG_LH_EPS_03, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 100U}, { 0 }, { 0 }}}, - {.msg = {{MSG_ESP_05, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, - {.msg = {{MSG_TSK_06, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, - {.msg = {{MSG_MOTOR_20, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, - {.msg = {{MSG_MOTOR_14, 0, 8, .check_checksum = false, .max_counter = 0U, .frequency = 10U}, { 0 }, { 0 }}}, - {.msg = {{MSG_GRA_ACC_01, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 33U}, { 0 }, { 0 }}}, -}; - -uint8_t volkswagen_crc8_lut_8h2f[256]; // Static lookup table for CRC8 poly 0x2F, aka 8H2F/AUTOSAR -bool volkswagen_mqb_brake_pedal_switch = false; -bool volkswagen_mqb_brake_pressure_detected = false; + +static uint8_t volkswagen_crc8_lut_8h2f[256]; // Static lookup table for CRC8 poly 0x2F, aka 8H2F/AUTOSAR +static bool volkswagen_mqb_brake_pedal_switch = false; +static bool volkswagen_mqb_brake_pressure_detected = false; static uint32_t volkswagen_mqb_get_checksum(const CANPacket_t *to_push) { return (uint8_t)GET_BYTE(to_push, 0); @@ -95,6 +62,20 @@ static uint32_t volkswagen_mqb_compute_crc(const CANPacket_t *to_push) { } static safety_config volkswagen_mqb_init(uint16_t param) { + // Transmit of GRA_ACC_01 is allowed on bus 0 and 2 to keep compatibility with gateway and camera integration + const CanMsg VOLKSWAGEN_MQB_STOCK_TX_MSGS[] = {{MSG_HCA_01, 0, 8}, {MSG_GRA_ACC_01, 0, 8}, {MSG_GRA_ACC_01, 2, 8}, + {MSG_LDW_02, 0, 8}, {MSG_LH_EPS_03, 2, 8}}; + const CanMsg VOLKSWAGEN_MQB_LONG_TX_MSGS[] = {{MSG_HCA_01, 0, 8}, {MSG_LDW_02, 0, 8}, {MSG_LH_EPS_03, 2, 8}, + {MSG_ACC_02, 0, 8}, {MSG_ACC_06, 0, 8}, {MSG_ACC_07, 0, 8}}; + RxCheck volkswagen_mqb_rx_checks[] = { + {.msg = {{MSG_ESP_19, 0, 8, .check_checksum = false, .max_counter = 0U, .frequency = 100U}, { 0 }, { 0 }}}, + {.msg = {{MSG_LH_EPS_03, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 100U}, { 0 }, { 0 }}}, + {.msg = {{MSG_ESP_05, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, + {.msg = {{MSG_TSK_06, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, + {.msg = {{MSG_MOTOR_20, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 50U}, { 0 }, { 0 }}}, + {.msg = {{MSG_MOTOR_14, 0, 8, .check_checksum = false, .max_counter = 0U, .frequency = 10U}, { 0 }, { 0 }}}, + {.msg = {{MSG_GRA_ACC_01, 0, 8, .check_checksum = true, .max_counter = 15U, .frequency = 33U}, { 0 }, { 0 }}}, + }; UNUSED(param); volkswagen_set_button_prev = false; @@ -197,6 +178,25 @@ static void volkswagen_mqb_rx_hook(const CANPacket_t *to_push) { } static bool volkswagen_mqb_tx_hook(const CANPacket_t *to_send) { + // lateral limits + const SteeringLimits VOLKSWAGEN_MQB_STEERING_LIMITS = { + .max_steer = 300, // 3.0 Nm (EPS side max of 3.0Nm with fault if violated) + .max_rt_delta = 75, // 4 max rate up * 50Hz send rate * 250000 RT interval / 1000000 = 50 ; 50 * 1.5 for safety pad = 75 + .max_rt_interval = 250000, // 250ms between real time checks + .max_rate_up = 4, // 2.0 Nm/s RoC limit (EPS rack has own soft-limit of 5.0 Nm/s) + .max_rate_down = 10, // 5.0 Nm/s RoC limit (EPS rack has own soft-limit of 5.0 Nm/s) + .driver_torque_allowance = 80, + .driver_torque_factor = 3, + .type = TorqueDriverLimited, + }; + + // longitudinal limits + // acceleration in m/s2 * 1000 to avoid floating point math + const LongitudinalLimits VOLKSWAGEN_MQB_LONG_LIMITS = { + .max_accel = 2000, + .min_accel = -3500, + .inactive_accel = 3010, // VW sends one increment above the max range when inactive + }; int addr = GET_ADDR(to_send); bool tx = true; @@ -287,12 +287,4 @@ static int volkswagen_mqb_fwd_hook(int bus_num, int addr) { return bus_fwd; } -const safety_hooks volkswagen_mqb_hooks = { - .init = volkswagen_mqb_init, - .rx = volkswagen_mqb_rx_hook, - .tx = volkswagen_mqb_tx_hook, - .fwd = volkswagen_mqb_fwd_hook, - .get_counter = volkswagen_mqb_get_counter, - .get_checksum = volkswagen_mqb_get_checksum, - .compute_checksum = volkswagen_mqb_compute_crc, -}; +extern const safety_hooks volkswagen_mqb_hooks; \ No newline at end of file diff --git a/board/safety/safety_volkswagen_pq.h b/board/safety/safety_volkswagen_pq.h index de147cb58a..6198cfe72f 100644 --- a/board/safety/safety_volkswagen_pq.h +++ b/board/safety/safety_volkswagen_pq.h @@ -1,24 +1,5 @@ #include "safety_volkswagen_common.h" -// lateral limits -const SteeringLimits VOLKSWAGEN_PQ_STEERING_LIMITS = { - .max_steer = 300, // 3.0 Nm (EPS side max of 3.0Nm with fault if violated) - .max_rt_delta = 113, // 6 max rate up * 50Hz send rate * 250000 RT interval / 1000000 = 75 ; 125 * 1.5 for safety pad = 113 - .max_rt_interval = 250000, // 250ms between real time checks - .max_rate_up = 6, // 3.0 Nm/s RoC limit (EPS rack has own soft-limit of 5.0 Nm/s) - .max_rate_down = 10, // 5.0 Nm/s RoC limit (EPS rack has own soft-limit of 5.0 Nm/s) - .driver_torque_factor = 3, - .driver_torque_allowance = 80, - .type = TorqueDriverLimited, -}; - -// longitudinal limits -// acceleration in m/s2 * 1000 to avoid floating point math -const LongitudinalLimits VOLKSWAGEN_PQ_LONG_LIMITS = { - .max_accel = 2000, - .min_accel = -3500, - .inactive_accel = 3010, // VW sends one increment above the max range when inactive -}; #define MSG_LENKHILFE_3 0x0D0 // RX from EPS, for steering angle and driver steering torque #define MSG_HCA_1 0x0D2 // TX by OP, Heading Control Assist steering torque @@ -31,20 +12,7 @@ const LongitudinalLimits VOLKSWAGEN_PQ_LONG_LIMITS = { #define MSG_ACC_GRA_ANZEIGE 0x56A // TX by OP, ACC HUD #define MSG_LDW_1 0x5BE // TX by OP, Lane line recognition and text alerts -// Transmit of GRA_Neu is allowed on bus 0 and 2 to keep compatibility with gateway and camera integration -const CanMsg VOLKSWAGEN_PQ_STOCK_TX_MSGS[] = {{MSG_HCA_1, 0, 5}, {MSG_LDW_1, 0, 8}, - {MSG_GRA_NEU, 0, 4}, {MSG_GRA_NEU, 2, 4}}; -const CanMsg VOLKSWAGEN_PQ_LONG_TX_MSGS[] = {{MSG_HCA_1, 0, 5}, {MSG_LDW_1, 0, 8}, - {MSG_ACC_SYSTEM, 0, 8}, {MSG_ACC_GRA_ANZEIGE, 0, 8}}; - -RxCheck volkswagen_pq_rx_checks[] = { - {.msg = {{MSG_LENKHILFE_3, 0, 6, .check_checksum = true, .max_counter = 15U, .frequency = 100U}, { 0 }, { 0 }}}, - {.msg = {{MSG_BREMSE_1, 0, 8, .check_checksum = false, .max_counter = 0U, .frequency = 100U}, { 0 }, { 0 }}}, - {.msg = {{MSG_MOTOR_2, 0, 8, .check_checksum = false, .max_counter = 0U, .frequency = 50U}, { 0 }, { 0 }}}, - {.msg = {{MSG_MOTOR_3, 0, 8, .check_checksum = false, .max_counter = 0U, .frequency = 100U}, { 0 }, { 0 }}}, - {.msg = {{MSG_MOTOR_5, 0, 8, .check_checksum = true, .max_counter = 0U, .frequency = 50U}, { 0 }, { 0 }}}, - {.msg = {{MSG_GRA_NEU, 0, 4, .check_checksum = true, .max_counter = 15U, .frequency = 30U}, { 0 }, { 0 }}}, -}; + static uint32_t volkswagen_pq_get_checksum(const CANPacket_t *to_push) { int addr = GET_ADDR(to_push); @@ -83,6 +51,19 @@ static uint32_t volkswagen_pq_compute_checksum(const CANPacket_t *to_push) { } static safety_config volkswagen_pq_init(uint16_t param) { + // Transmit of GRA_Neu is allowed on bus 0 and 2 to keep compatibility with gateway and camera integration + const CanMsg VOLKSWAGEN_PQ_STOCK_TX_MSGS[] = {{MSG_HCA_1, 0, 5}, {MSG_LDW_1, 0, 8}, + {MSG_GRA_NEU, 0, 4}, {MSG_GRA_NEU, 2, 4}}; + const CanMsg VOLKSWAGEN_PQ_LONG_TX_MSGS[] = {{MSG_HCA_1, 0, 5}, {MSG_LDW_1, 0, 8}, + {MSG_ACC_SYSTEM, 0, 8}, {MSG_ACC_GRA_ANZEIGE, 0, 8}}; + RxCheck volkswagen_pq_rx_checks[] = { + {.msg = {{MSG_LENKHILFE_3, 0, 6, .check_checksum = true, .max_counter = 15U, .frequency = 100U}, { 0 }, { 0 }}}, + {.msg = {{MSG_BREMSE_1, 0, 8, .check_checksum = false, .max_counter = 0U, .frequency = 100U}, { 0 }, { 0 }}}, + {.msg = {{MSG_MOTOR_2, 0, 8, .check_checksum = false, .max_counter = 0U, .frequency = 50U}, { 0 }, { 0 }}}, + {.msg = {{MSG_MOTOR_3, 0, 8, .check_checksum = false, .max_counter = 0U, .frequency = 100U}, { 0 }, { 0 }}}, + {.msg = {{MSG_MOTOR_5, 0, 8, .check_checksum = true, .max_counter = 0U, .frequency = 50U}, { 0 }, { 0 }}}, + {.msg = {{MSG_GRA_NEU, 0, 4, .check_checksum = true, .max_counter = 15U, .frequency = 30U}, { 0 }, { 0 }}}, + }; UNUSED(param); volkswagen_set_button_prev = false; @@ -170,6 +151,26 @@ static void volkswagen_pq_rx_hook(const CANPacket_t *to_push) { } static bool volkswagen_pq_tx_hook(const CANPacket_t *to_send) { + // lateral limits + const SteeringLimits VOLKSWAGEN_PQ_STEERING_LIMITS = { + .max_steer = 300, // 3.0 Nm (EPS side max of 3.0Nm with fault if violated) + .max_rt_delta = 113, // 6 max rate up * 50Hz send rate * 250000 RT interval / 1000000 = 75 ; 125 * 1.5 for safety pad = 113 + .max_rt_interval = 250000, // 250ms between real time checks + .max_rate_up = 6, // 3.0 Nm/s RoC limit (EPS rack has own soft-limit of 5.0 Nm/s) + .max_rate_down = 10, // 5.0 Nm/s RoC limit (EPS rack has own soft-limit of 5.0 Nm/s) + .driver_torque_factor = 3, + .driver_torque_allowance = 80, + .type = TorqueDriverLimited, + }; + + // longitudinal limits + // acceleration in m/s2 * 1000 to avoid floating point math + const LongitudinalLimits VOLKSWAGEN_PQ_LONG_LIMITS = { + .max_accel = 2000, + .min_accel = -3500, + .inactive_accel = 3010, // VW sends one increment above the max range when inactive + }; + int addr = GET_ADDR(to_send); bool tx = true; @@ -244,12 +245,4 @@ static int volkswagen_pq_fwd_hook(int bus_num, int addr) { return bus_fwd; } -const safety_hooks volkswagen_pq_hooks = { - .init = volkswagen_pq_init, - .rx = volkswagen_pq_rx_hook, - .tx = volkswagen_pq_tx_hook, - .fwd = volkswagen_pq_fwd_hook, - .get_counter = volkswagen_pq_get_counter, - .get_checksum = volkswagen_pq_get_checksum, - .compute_checksum = volkswagen_pq_compute_checksum, -}; +extern const safety_hooks volkswagen_pq_hooks; \ No newline at end of file diff --git a/board/safety_declarations.h b/board/safety_declarations.h index 64b55f2033..7d8b5f4219 100644 --- a/board/safety_declarations.h +++ b/board/safety_declarations.h @@ -1,5 +1,6 @@ #pragma once - +// Unable to use extern keyword for variables that are initialized at definition +// cppcheck-suppress-begin misra-c2012-8.4 #define GET_BIT(msg, b) ((bool)!!(((msg)->data[((b) / 8U)] >> ((b) % 8U)) & 0x1U)) #define GET_BYTE(msg, b) ((msg)->data[(b)]) #define GET_FLAG(value, mask) (((__typeof__(mask))(value) & (mask)) == (mask)) @@ -269,3 +270,4 @@ int alternative_experience = 0; uint32_t safety_mode_cnt = 0U; // allow 1s of transition timeout after relay changes state before assessing malfunctioning const uint32_t RELAY_TRNS_TIMEOUT = 1U; +// cppcheck-suppress-end misra-c2012-8.4 \ No newline at end of file diff --git a/board/stm32fx/llbxcan.h b/board/stm32fx/llbxcan.h index 72523cf1bc..6a3f08c07e 100644 --- a/board/stm32fx/llbxcan.h +++ b/board/stm32fx/llbxcan.h @@ -18,9 +18,12 @@ void print(const char *a); +// surppressed because of declaration and definition, unable to use extern +// cppcheck-suppress-begin misra-c2012-8.4 // kbps multiplied by 10 const uint32_t speeds[] = {100U, 200U, 500U, 1000U, 1250U, 2500U, 5000U, 10000U}; const uint32_t data_speeds[] = {0U}; // No separate data speed, dummy +// cppcheck-suppress-end misra-c2012-8.4 bool llcan_set_speed(CAN_TypeDef *CANx, uint32_t speed, bool loopback, bool silent) { bool ret = true; diff --git a/board/stm32fx/llusb.h b/board/stm32fx/llusb.h index 20c980864b..71275bc74d 100644 --- a/board/stm32fx/llusb.h +++ b/board/stm32fx/llusb.h @@ -1,3 +1,5 @@ +// Variable used in other files, unable to use extern whi9le initializing variable +// cppcheck-suppress misra-c2012-8.4 USB_OTG_GlobalTypeDef *USBx = USB_OTG_FS; #define USBx_HOST ((USB_OTG_HostTypeDef *)((uint32_t)USBx + USB_OTG_HOST_BASE)) diff --git a/board/stm32h7/llfdcan.h b/board/stm32h7/llfdcan.h index 4bb6d3d04e..905f437fc0 100644 --- a/board/stm32h7/llfdcan.h +++ b/board/stm32h7/llfdcan.h @@ -40,11 +40,12 @@ void print(const char *a); - +// surppressed because of declaration and definition, unable to use extern +// cppcheck-suppress-begin misra-c2012-8.4 // kbps multiplied by 10 const uint32_t speeds[] = {100U, 200U, 500U, 1000U, 1250U, 2500U, 5000U, 10000U}; const uint32_t data_speeds[] = {100U, 200U, 500U, 1000U, 1250U, 2500U, 5000U, 10000U, 20000U, 50000U}; - +// cppcheck-suppress-end misra-c2012-8.4 bool fdcan_request_init(FDCAN_GlobalTypeDef *FDCANx) { bool ret = true; diff --git a/board/stm32h7/llusb.h b/board/stm32h7/llusb.h index ada1630f8b..5e1163ea33 100644 --- a/board/stm32h7/llusb.h +++ b/board/stm32h7/llusb.h @@ -1,4 +1,4 @@ -USB_OTG_GlobalTypeDef *USBx = USB_OTG_HS; +static USB_OTG_GlobalTypeDef *USBx = USB_OTG_HS; #define USBx_HOST ((USB_OTG_HostTypeDef *)((uint32_t)USBx + USB_OTG_HOST_BASE)) #define USBx_DEVICE ((USB_OTG_DeviceTypeDef *)((uint32_t)USBx + USB_OTG_DEVICE_BASE)) diff --git a/tests/misra/suppressions.txt b/tests/misra/suppressions.txt index d5b14c836a..4ad037c422 100644 --- a/tests/misra/suppressions.txt +++ b/tests/misra/suppressions.txt @@ -22,5 +22,4 @@ misra-config misra-c2012-1.2 # this is from the extensions (e.g. __typeof__) used in the MIN, MAX, ABS, and CLAMP macros misra-c2012-2.5 misra-c2012-8.7 -misra-c2012-8.4 misra-c2012-21.15