Honda Nidec: max gas safety and common speed cmd checks (commaai#1179)

* limit gas and speed * gas safety test
mlocoteta · Apr 29, 2023 · d8a1933 · d8a1933
1 parent 76113b4
commit d8a1933
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 6 deletions.
diff --git a/board/safety.h b/board/safety.h
@@ -494,6 +494,10 @@ bool longitudinal_accel_checks(int desired_accel, const LongitudinalLimits limit
   return violation;
 }
 
+bool longitudinal_speed_checks(int desired_speed, const LongitudinalLimits limits, const bool longitudinal_allowed) {
+  return !longitudinal_allowed && (desired_speed != limits.inactive_speed);
+}
+
 bool longitudinal_gas_checks(int desired_gas, const LongitudinalLimits limits, const bool longitudinal_allowed) {
   bool violation = false;
   if (!longitudinal_allowed) {

diff --git a/board/safety/safety_honda.h b/board/safety/safety_honda.h
@@ -27,7 +27,10 @@ const LongitudinalLimits HONDA_BOSCH_LONG_LIMITS = {
 };
 
 const LongitudinalLimits HONDA_NIDEC_LONG_LIMITS = {
+  .max_gas = 198,  // 0xc6
   .max_brake = 255,
+
+  .inactive_speed = 0,
 };
 
 // Nidec and bosch radarless has the powertrain bus on bus 0
@@ -280,10 +283,12 @@ static int honda_tx_hook(CANPacket_t *to_send, bool longitudinal_allowed) {
   if ((addr == 0x30C) && (bus == bus_pt)) {
     int pcm_speed = (GET_BYTE(to_send, 0) << 8) | GET_BYTE(to_send, 1);
     int pcm_gas = GET_BYTE(to_send, 2);
-    if (!longitudinal_allowed) {
-      if ((pcm_speed != 0) || (pcm_gas != 0)) {
-        tx = 0;
-      }
+
+    bool violation = false;
+    violation |= longitudinal_speed_checks(pcm_speed, HONDA_NIDEC_LONG_LIMITS, longitudinal_allowed);
+    violation |= longitudinal_gas_checks(pcm_gas, HONDA_NIDEC_LONG_LIMITS, longitudinal_allowed);
+    if (violation) {
+      tx = 0;
     }
   }
 

diff --git a/board/safety_declarations.h b/board/safety_declarations.h
@@ -66,6 +66,9 @@ typedef struct {
   const int min_gas;
   const int inactive_gas;
   const int max_brake;
+
+  // speed cmd limits
+  const int inactive_speed;
 } LongitudinalLimits;
 
 typedef struct {
@@ -128,6 +131,7 @@ void relay_malfunction_set(void);
 void relay_malfunction_reset(void);
 bool steer_torque_cmd_checks(int desired_torque, int steer_req, const SteeringLimits limits);
 bool longitudinal_accel_checks(int desired_accel, const LongitudinalLimits limits, const bool longitudinal_allowed);
+bool longitudinal_speed_checks(int desired_speed, const LongitudinalLimits limits, const bool longitudinal_allowed);
 bool longitudinal_gas_checks(int desired_gas, const LongitudinalLimits limits, const bool longitudinal_allowed);
 bool longitudinal_brake_checks(int desired_brake, const LongitudinalLimits limits, const bool longitudinal_allowed);
 bool longitudinal_interceptor_checks(CANPacket_t *to_send, const bool longitudinal_allowed);

diff --git a/tests/safety/test_honda.py b/tests/safety/test_honda.py
@@ -266,6 +266,7 @@ class TestHondaNidecSafetyBase(HondaBase):
   BUTTONS_BUS = 0
 
   INTERCEPTOR_THRESHOLD = 492
+  MAX_GAS = 198
 
   @classmethod
   def setUpClass(cls):
@@ -297,9 +298,9 @@ def _send_acc_hud_msg(self, pcm_gas, pcm_speed):
   def test_acc_hud_safety_check(self):
     for controls_allowed in [True, False]:
       self.safety.set_controls_allowed(controls_allowed)
-      for pcm_gas in range(0, 0xc6):
+      for pcm_gas in range(0, 255):
         for pcm_speed in range(0, 100):
-          send = True if controls_allowed else pcm_gas == 0 and pcm_speed == 0
+          send = pcm_gas <= self.MAX_GAS if controls_allowed else pcm_gas == 0 and pcm_speed == 0
           self.assertEqual(send, self.safety.safety_tx_hook(self._send_acc_hud_msg(pcm_gas, pcm_speed)))
 
   def test_fwd_hook(self):