Panda safety: minor generalization of the function max_limit_check

commaai · Jun 21, 2018 · 1a94543 · 1a94543
1 parent 6b31601
commit 1a94543
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 9 deletions.
diff --git a/board/safety.h b/board/safety.h
@@ -12,7 +12,7 @@ int safety_ignition_hook();
 uint32_t get_ts_elapsed(uint32_t ts, uint32_t ts_last);
 int to_signed(int d, int bits);
 void update_sample(struct sample_t *sample, int sample_new);
-int max_limit_check(int val, const int MAX);
+int max_limit_check(int val, const int MAX, const int MIN);
 int dist_to_meas_check(int val, int val_last, struct sample_t *val_meas,
   const int MAX_RATE_UP, const int MAX_RATE_DOWN, const int MAX_ERROR);
 int driver_limit_check(int val, int val_last, struct sample_t *val_driver,
@@ -149,8 +149,8 @@ void update_sample(struct sample_t *sample, int sample_new) {
   }
 }
 
-int max_limit_check(int val, const int MAX) {
-  return (val > MAX) | (val < -MAX);
+int max_limit_check(int val, const int MAX, const int MIN) {
+  return (val > MAX) || (val < MIN);
 }
 
 // check that commanded value isn't too far from measured

diff --git a/board/safety/safety_cadillac.h b/board/safety/safety_cadillac.h
@@ -70,7 +70,7 @@ static int cadillac_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
     if (controls_allowed) {
 
       // *** global torque limit check ***
-      violation |= max_limit_check(desired_torque, CADILLAC_MAX_STEER);
+      violation |= max_limit_check(desired_torque, CADILLAC_MAX_STEER, -CADILLAC_MAX_STEER);
 
       // *** torque rate limit check ***
       int desired_torque_last = cadillac_desired_torque_last[idx];

diff --git a/board/safety/safety_gm.h b/board/safety/safety_gm.h
@@ -163,7 +163,7 @@ static int gm_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
     if (current_controls_allowed) {
 
       // *** global torque limit check ***
-      violation |= max_limit_check(desired_torque, GM_MAX_STEER);
+      violation |= max_limit_check(desired_torque, GM_MAX_STEER, -GM_MAX_STEER);
 
       // *** torque rate limit check ***
       violation |= driver_limit_check(desired_torque, gm_desired_torque_last, &gm_torque_driver,

diff --git a/board/safety/safety_toyota.h b/board/safety/safety_toyota.h
@@ -71,9 +71,8 @@ static int toyota_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
       int desired_accel = ((to_send->RDLR & 0xFF) << 8) | ((to_send->RDLR >> 8) & 0xFF);
       desired_accel = to_signed(desired_accel, 16);
       if (controls_allowed && actuation_limits) {
-        if ((desired_accel > MAX_ACCEL) || (desired_accel < MIN_ACCEL)) {
-          return 0;
-        }
+        int violation = max_limit_check(desired_accel, MAX_ACCEL, MIN_ACCEL);
+        if (violation) return 0;
       } else if (!controls_allowed && (desired_accel != 0)) {
         return 0;
       }
@@ -91,7 +90,7 @@ static int toyota_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
       if (controls_allowed && actuation_limits) {
 
         // *** global torque limit check ***
-        violation |= max_limit_check(desired_torque, MAX_TORQUE);
+        violation |= max_limit_check(desired_torque, MAX_TORQUE, -MAX_TORQUE);
 
         // *** torque rate limit check ***
         violation |= dist_to_meas_check(desired_torque, desired_torque_last, &torque_meas, MAX_RATE_UP, MAX_RATE_DOWN, MAX_TORQUE_ERROR);