Skip to content

Commit ef079e6

Browse files
author
Commaremote
committed
Safety: made rate limit check also common
1 parent dc3cc24 commit ef079e6

File tree

2 files changed

+25
-17
lines changed

2 files changed

+25
-17
lines changed

board/safety.h

+24-6
Original file line numberDiff line numberDiff line change
@@ -12,8 +12,10 @@ int safety_ignition_hook();
1212
uint32_t get_ts_elapsed(uint32_t ts, uint32_t ts_last);
1313
int to_signed(int d, int bits);
1414
void update_sample(struct sample_t *sample, int sample_new);
15-
int rt_rate_limit_check(int val, int val_last, const int MAX_RT_DELTA);
1615
int max_limit_check(int val, const int MAX);
16+
int dist_to_meas_check(int val, int val_last, struct sample_t *val_meas,
17+
const int MAX_RATE_UP, const int MAX_RATE_DOWN, const int MAX_ERROR);
18+
int rt_rate_limit_check(int val, int val_last, const int MAX_RT_DELTA);
1719

1820
typedef void (*safety_hook_init)(int16_t param);
1921
typedef void (*rx_hook)(CAN_FIFOMailBox_TypeDef *to_push);
@@ -144,17 +146,33 @@ void update_sample(struct sample_t *sample, int sample_new) {
144146
}
145147
}
146148

149+
int max_limit_check(int val, const int MAX) {
150+
return (val > MAX) | (val < -MAX);
151+
}
152+
153+
// check that commanded value isn't too far from measured
154+
int dist_to_meas_check(int val, int val_last, struct sample_t *val_meas,
155+
const int MAX_RATE_UP, const int MAX_RATE_DOWN, const int MAX_ERROR) {
156+
157+
// *** val rate limit check ***
158+
int16_t highest_allowed_val = max(val_last, 0) + MAX_RATE_UP;
159+
int16_t lowest_allowed_val = min(val_last, 0) - MAX_RATE_UP;
160+
161+
// if we've exceeded the meas val, we must start moving toward 0
162+
highest_allowed_val = min(highest_allowed_val, max(val_last - MAX_RATE_DOWN, max(val_meas->max, 0) + MAX_ERROR));
163+
lowest_allowed_val = max(lowest_allowed_val, min(val_last + MAX_RATE_DOWN, min(val_meas->min, 0) - MAX_ERROR));
164+
165+
// check for violation
166+
return (val < lowest_allowed_val) || (val > highest_allowed_val);
167+
}
168+
147169
// real time check, mainly used for steer torque rate limiter
148170
int rt_rate_limit_check(int val, int val_last, const int MAX_RT_DELTA) {
149171

150172
// *** torque real time rate limit check ***
151173
int16_t highest_val = max(val_last, 0) + MAX_RT_DELTA;
152174
int16_t lowest_val = min(val_last, 0) - MAX_RT_DELTA;
153175

154-
// return 1 if violation
176+
// check for violation
155177
return (val < lowest_val) || (val > highest_val);
156178
}
157-
158-
int max_limit_check(int val, const int MAX) {
159-
return (val > MAX) | (val < -MAX);
160-
}

board/safety/safety_toyota.h

+1-11
Original file line numberDiff line numberDiff line change
@@ -92,17 +92,7 @@ static int toyota_tx_hook(CAN_FIFOMailBox_TypeDef *to_send) {
9292
violation |= max_limit_check(desired_torque, MAX_TORQUE);
9393

9494
// *** torque rate limit check ***
95-
int16_t highest_allowed_torque = max(desired_torque_last, 0) + MAX_RATE_UP;
96-
int16_t lowest_allowed_torque = min(desired_torque_last, 0) - MAX_RATE_UP;
97-
98-
// if we've exceeded the applied torque, we must start moving toward 0
99-
highest_allowed_torque = min(highest_allowed_torque, max(desired_torque_last - MAX_RATE_DOWN, max(torque_meas.max, 0) + MAX_TORQUE_ERROR));
100-
lowest_allowed_torque = max(lowest_allowed_torque, min(desired_torque_last + MAX_RATE_DOWN, min(torque_meas.min, 0) - MAX_TORQUE_ERROR));
101-
102-
// check for violation
103-
if ((desired_torque < lowest_allowed_torque) || (desired_torque > highest_allowed_torque)) {
104-
violation = 1;
105-
}
95+
violation |= dist_to_meas_check(desired_torque, desired_torque_last, &torque_meas, MAX_RATE_UP, MAX_RATE_DOWN, MAX_TORQUE_ERROR);
10696

10797
// used next time
10898
desired_torque_last = desired_torque;

0 commit comments

Comments
 (0)