feat(protocol): Add input validation for voltage and current setpoints #270
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
avion23 force-pushed the safety-input-validation branch 2 times, most recently from ccbbe65 to 99c65f1 Compare Incoming setpoint commands for voltage and current from the host were not validated before being used by the power control module. This created a safety risk where a malformed or out-of-range value could be written directly to the hardware DACs. This could result in an output voltage/current that exceeds the device's safe operating area, potentially damaging the OpenDPS unit or the connected load. This commit introduces range checks in the following places: - protocol_handler.c: Validates parsed values from serial commands are within maximum theoretical device limits - pwrctl.c: Clamps final values before writing to hardware registers as final safety guarantee - opendps.c: Adds calibration coefficient validation to prevent malicious or accidental dangerous calibration values If an invalid value is received, an error response is sent to the host and the setpoint is rejected, maintaining the last known-good state.
avion23 force-pushed the safety-input-validation branch from 99c65f1 to ee5c343 Compare Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. Suggestions cannot be applied while the pull request is queued to merge. Suggestion cannot be applied right now. Please check back later.
Input Validation for Safety
Adds validation to prevent out-of-range values from being written to hardware DACs.
Changes
protocol_handler.c: Validate parsed command values before processingpwrctl.c: Add bounds checking (65V max input, 60V max output, 20A max current)opendps.c: Validate calibration coefficients (current ADC gain: 0.1-100.0f)Behavior
Prevents potential hardware damage from malformed commands or invalid calibration data.