reflow-oven-control-sw/stm-firmware/safety/safety-controller.c

/* Reflow Oven Controller
*
* Copyright (C) 2020  Mario Hüttel <mario.huettel@gmx.net>
*
* This file is part of the Reflow Oven Controller Project.
*
* The reflow oven controller is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* The Reflow Oven Control Firmware is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with the reflow oven controller project.
* If not, see <http://www.gnu.org/licenses/>.
*/

/**
 * @addtogroup safety-controller
 * @{
 */

#include <reflow-controller/safety/safety-controller.h>
#include <reflow-controller/safety/safety-config.h>
#include <reflow-controller/safety/watchdog.h>
#include <reflow-controller/safety/safety-adc.h>
#include <reflow-controller/stack-check.h>
#include <helper-macros/helper-macros.h>
#include <reflow-controller/systick.h>
#include <reflow-controller/safety/fault.h>
#include <stm32/stm32f4xx.h>
#include <cmsis/core_cm4.h>
#include <stddef.h>
#include <string.h>
#include <reflow-controller/safety/safety-memory.h>
#include <helper-macros/helper-macros.h>

struct error_flag {
	const char *name;
	enum safety_flag flag;
	bool error_state;
	bool error_state_inv;
	bool persistent;
	uint32_t key;
};

struct timing_mon {
	const char *name;
	enum timing_monitor monitor;
	enum safety_flag associated_flag;
	uint64_t min_delta;
	uint64_t max_delta;
	uint64_t last;
	uint64_t calculated_delta;
	bool enabled;
};

struct analog_mon {
	const char *name;
	enum analog_value_monitor monitor;
	enum safety_flag associated_flag;
	float min;
	float max;
	float value;
	bool valid;
	uint64_t timestamp;
};

#ifdef COUNT_OF
#undef COUNT_OF
#endif

#define COUNT_OF(x) ((sizeof(x)/sizeof(0[x])) / ((size_t)(!(sizeof(x) % sizeof(0[x])))))

#define ERR_FLAG_ENTRY(errflag, persistency) {.name=#errflag, .flag = (errflag), .error_state = false, .error_state_inv = true, .persistent = (persistency), .key = 0UL}
#define TIM_MON_ENTRY(mon, min, max, flag) {.name=#mon, .monitor = (mon), .associated_flag=(flag), .min_delta = (min), .max_delta = (max), .last = 0ULL, .enabled= false}
#define ANA_MON_ENTRY(mon, min_value, max_value, flag) {.name=#mon, .monitor = (mon), .associated_flag=(flag), .min = (min_value), .max = (max_value), .value = 0.0f, .valid = false}

static volatile struct error_flag IN_SECTION(.ccm.data) flags[] = {
	ERR_FLAG_ENTRY(ERR_FLAG_MEAS_ADC_OFF, false),
	ERR_FLAG_ENTRY(ERR_FLAG_MEAS_ADC_WATCHDOG, false),
	ERR_FLAG_ENTRY(ERR_FLAG_MEAS_ADC_UNSTABLE, false),
	ERR_FLAG_ENTRY(ERR_FLAG_MEAS_ADC_OVERFLOW, true),
	ERR_FLAG_ENTRY(ERR_FLAG_TIMING_MEAS_ADC, false),
	ERR_FLAG_ENTRY(ERR_FLAG_TIMING_PID, false),
	ERR_FLAG_ENTRY(ERR_FLAG_AMON_UC_TEMP, true),
	ERR_FLAG_ENTRY(ERR_FLAG_AMON_VREF, false),
	ERR_FLAG_ENTRY(ERR_FLAG_STACK, true),
	ERR_FLAG_ENTRY(ERR_FLAG_SAFETY_ADC, true),
	ERR_FLAG_ENTRY(ERR_FLAG_SYSTICK, true),
	ERR_FLAG_ENTRY(ERR_FLAG_WTCHDG_FIRED, true),
	ERR_FLAG_ENTRY(ERR_FLAG_UNCAL, false),
	ERR_FLAG_ENTRY(ERR_FLAG_DEBUG, true),
	ERR_FLAG_ENTRY(ERR_FLAG_TIMING_MAIN_LOOP, false),
	ERR_FLAG_ENTRY(ERR_FLAG_SAFETY_MEM_CORRUPT, true),
};

static volatile struct timing_mon IN_SECTION(.ccm.data) timings[] = {
	TIM_MON_ENTRY(ERR_TIMING_PID, 2, 1000, ERR_FLAG_TIMING_PID),
	TIM_MON_ENTRY(ERR_TIMING_MEAS_ADC, 0, 50, ERR_FLAG_TIMING_MEAS_ADC),
	TIM_MON_ENTRY(ERR_TIMING_SAFETY_ADC, 10, SAFETY_CONTROLLER_ADC_DELAY_MS + 1000, ERR_FLAG_SAFETY_ADC),
	TIM_MON_ENTRY(ERR_TIMING_MAIN_LOOP, 0, 1000, ERR_FLAG_TIMING_MAIN_LOOP),
};

static volatile struct analog_mon IN_SECTION(.ccm.data) analog_mons[] = {
	ANA_MON_ENTRY(ERR_AMON_VREF, SAFETY_ADC_VREF_MVOLT - SAFETY_ADC_VREF_TOL_MVOLT,
		      SAFETY_ADC_VREF_MVOLT + SAFETY_ADC_VREF_TOL_MVOLT, ERR_FLAG_AMON_VREF),
	ANA_MON_ENTRY(ERR_AMON_UC_TEMP, SAFETY_ADC_TEMP_LOW_LIM, SAFETY_ADC_TEMP_HIGH_LIM,
		      ERR_FLAG_AMON_UC_TEMP),
};

static bool error_flag_get_status(const volatile struct error_flag *flag)
{
	if (flag->error_state == flag->error_state_inv) {
		return true;
	} else {
		return flag->error_state;
	}
}

static volatile struct analog_mon *find_analog_mon(enum analog_value_monitor mon)
{
	uint32_t i;
	volatile struct analog_mon *ret = NULL;

	for (i = 0; i < COUNT_OF(analog_mons); i++) {
		if (analog_mons[i].monitor == mon)
			ret = &analog_mons[i];
	}

	return ret;
}

static volatile struct timing_mon *find_timing_mon(enum timing_monitor mon)
{
	uint32_t i;
	volatile struct timing_mon *ret = NULL;

	for (i = 0; i < COUNT_OF(timings); i++) {
		if (timings[i].monitor == mon)
			ret = &timings[i];
	}

	return ret;
}

static volatile struct error_flag *find_error_flag(enum safety_flag flag)
{
	uint32_t i;
	volatile struct error_flag *ret = NULL;

	for (i = 0; i < COUNT_OF(flags); i++) {
		if (flags[i].flag == flag)
			ret = &flags[i];
	}

	return ret;
}

static void safety_controller_process_active_timing_mons()
{
	uint32_t i;
	volatile struct timing_mon *current_mon;
	uint64_t last;

	for (i = 0; i < COUNT_OF(timings); i++) {
		current_mon = &timings[i];
		if (current_mon->enabled) {
			__disable_irq();
			last = current_mon->last;
			__enable_irq();
			if (systick_ticks_have_passed(last, current_mon->max_delta))
				safety_controller_report_error(current_mon->associated_flag);
		}
	}
}

static void safety_controller_process_checks()
{
	static bool startup_completed = false;
	enum analog_monitor_status amon_state;
	float amon_value;

	if (!startup_completed && systick_get_global_tick() >= 1000)
		startup_completed = true;

	if (startup_completed) {
		amon_state = safety_controller_get_analog_mon_value(ERR_AMON_VREF, &amon_value);
		if (amon_state != ANALOG_MONITOR_OK)
			safety_controller_report_error(ERR_FLAG_AMON_VREF);
		amon_state = safety_controller_get_analog_mon_value(ERR_AMON_UC_TEMP, &amon_value);
		if (amon_state != ANALOG_MONITOR_OK)
			safety_controller_report_error(ERR_FLAG_AMON_UC_TEMP);
	}

	safety_controller_process_active_timing_mons();
}

int safety_controller_report_error(enum safety_flag flag)
{
	return safety_controller_report_error_with_key(flag, 0x0UL);
}

int safety_controller_report_error_with_key(enum safety_flag flag, uint32_t key)
{
	uint32_t i;
	int ret = -1;

	for (i = 0; i < COUNT_OF(flags); i++) {
		if (flags[i].flag & flag) {
			flags[i].error_state = true;
			flags[i].error_state_inv = !flags[i].error_state;
			flags[i].key = key;
			ret = 0;
		}
	}

	return ret;
}

void safety_controller_report_timing(enum timing_monitor monitor)
{
	volatile struct timing_mon *tim;
	uint64_t timestamp;

	timestamp = systick_get_global_tick();

	tim = find_timing_mon(monitor);
	if (tim) {
		if (tim->enabled) {
			if (!systick_ticks_have_passed(tim->last, tim->min_delta) && tim->min_delta > 0U) {
				safety_controller_report_error(tim->associated_flag);
			}
		}

		tim->calculated_delta = timestamp - tim->last;
		tim->last = timestamp;
		tim->enabled = true;
	}

}

void safety_controller_report_analog_value(enum analog_value_monitor monitor, float value)
{
	volatile struct analog_mon *ana;

	/* Return if not a power of two */
	if (!is_power_of_two(monitor))
		return;
	ana = find_analog_mon(monitor);
	if (ana) {
		ana->valid = true;
		ana->value = value;
		ana->timestamp = systick_get_global_tick();
	}

}

void safety_controller_init()
{
	enum safety_memory_state found_memory_state;

	/* Init the safety memory */
	if (safety_memory_init(&found_memory_state)) {
		/* Trigger panic mode! */
		panic_mode();
	}
	if (found_memory_state == SAFETY_MEMORY_INIT_CORRUPTED)
		safety_controller_report_error(ERR_FLAG_SAFETY_MEM_CORRUPT);

	/* Init default flag states */
	safety_controller_report_error_with_key(ERR_FLAG_MEAS_ADC_OFF | ERR_FLAG_MEAS_ADC_UNSTABLE,
						MEAS_ADC_SAFETY_FLAG_KEY);

	safety_adc_init();
	watchdog_setup(WATCHDOG_PRESCALER);

	if (watchdog_check_reset_source())
		safety_controller_report_error(ERR_FLAG_WTCHDG_FIRED);

#ifdef DEBUGBUILD
	safety_controller_report_error(ERR_FLAG_DEBUG);
#endif
}

static void safety_controller_check_stack()
{
	int32_t free_stack;

	free_stack = stack_check_get_free();
	if (free_stack < SAFETY_MIN_STACK_FREE)
		safety_controller_report_error(ERR_FLAG_STACK);
}

static void safety_controller_handle_safety_adc()
{
	static enum safety_adc_meas_channel current_channel = SAFETY_ADC_MEAS_TEMP;
	static uint64_t last_result_timestamp = 0;
	int poll_result;
	uint16_t result;
	float analog_value;

	poll_result = safety_adc_poll_result(&result);
	if (!systick_ticks_have_passed(last_result_timestamp, SAFETY_CONTROLLER_ADC_DELAY_MS) && poll_result != 1)
		return;

	if (poll_result) {
		if (poll_result == -1) {
			switch (current_channel) {
			case SAFETY_ADC_MEAS_TEMP:
				current_channel = SAFETY_ADC_MEAS_VREF;
				break;
			case SAFETY_ADC_MEAS_VREF:
				/* Expected fallthru */
			default:
				current_channel = SAFETY_ADC_MEAS_TEMP;
				break;
			}
			safety_adc_trigger_meas(current_channel);
		} else if (poll_result == 1) {
			last_result_timestamp = systick_get_global_tick();
			analog_value = safety_adc_convert_channel(current_channel, result);
			safety_controller_report_timing(ERR_TIMING_SAFETY_ADC);
			switch (current_channel) {
			case SAFETY_ADC_MEAS_TEMP:
				safety_controller_report_analog_value(ERR_AMON_UC_TEMP, analog_value);
				break;
			case SAFETY_ADC_MEAS_VREF:
				safety_controller_report_analog_value(ERR_AMON_VREF, analog_value);
				break;
			default:
				safety_controller_report_error(ERR_FLAG_SAFETY_ADC);
				break;
			}
		}
	}
}

static void safety_controller_handle_safety_memory_check(void)
{
	static uint64_t ts = 0;
	enum safety_memory_state found_state;

	if (systick_ticks_have_passed(ts, 5000)) {
		ts = systick_get_global_tick();

		if (safety_memory_check()) {
			safety_memory_reinit(&found_state);
			if (found_state != SAFETY_MEMORY_INIT_VALID_MEMORY) {
				safety_controller_report_error(ERR_FLAG_SAFETY_MEM_CORRUPT);
			}
		}
	}
}

int safety_controller_handle()
{
	static uint64_t last_systick;
	static uint32_t same_systick_cnt = 0UL;
	uint64_t systick;

	int ret = 0;

	safety_controller_check_stack();
	safety_controller_handle_safety_adc();
	safety_controller_handle_safety_memory_check();

	systick = systick_get_global_tick();
	if (systick == last_systick) {
		same_systick_cnt++;
		if (same_systick_cnt > 1000)
			safety_controller_report_error(ERR_FLAG_SYSTICK);
	} else {
		same_systick_cnt = 0UL;
	}
	last_systick = systick;

	safety_controller_process_checks();
	/* TODO: Check flags for PID and HALT */

	ret |= watchdog_ack(WATCHDOG_MAGIC_KEY);

	return (ret ? -1 : 0);
}

int safety_controller_enable_timing_mon(enum timing_monitor monitor, bool enable)
{
	volatile struct timing_mon *tim;

	if (enable) {
		safety_controller_report_timing(monitor);
	} else {
		tim = find_timing_mon(monitor);
		if (!tim)
			return -1;
		tim->enabled = false;
	}

	return 0;
}

enum analog_monitor_status safety_controller_get_analog_mon_value(enum analog_value_monitor monitor, float *value)
{
	volatile struct analog_mon *mon;
	int ret = ANALOG_MONITOR_ERROR;

	if (!is_power_of_two(monitor))
		goto go_out;

	if (!value)
		goto go_out;

	mon = find_analog_mon(monitor);
	if (mon) {
		if (!mon->valid) {
			ret = ANALOG_MONITOR_INACTIVE;
			goto go_out;
		}

		*value = mon->value;
		if (mon->value < mon->min)
			ret = ANALOG_MONITOR_UNDER;
		else if (mon->value > mon->max)
			ret = ANALOG_MONITOR_OVER;
		else
			ret = ANALOG_MONITOR_OK;
	}

go_out:
	return ret;
}

int safety_controller_get_flag(enum safety_flag flag, bool *status, bool try_ack)
{
	volatile struct error_flag *found_flag;
	int ret = -1;

	if (!status)
		return -1002;
	if (!is_power_of_two(flag))
		return -1001;

	found_flag = find_error_flag(flag);
	if (found_flag) {
		*status = error_flag_get_status(found_flag);
		if (try_ack && !found_flag->persistent) {
			/* Flag is generally non persistent
			 * If key is set, this function cannot remove the flag
			 */
			if (found_flag->key == 0UL) {
				found_flag->error_state = false;
				found_flag->error_state_inv = !found_flag->error_state;
			}
		}
	}

	return ret;
}

int safety_controller_ack_flag(enum safety_flag flag)
{
	return safety_controller_ack_flag_with_key(flag, 0UL);
}

int safety_controller_ack_flag_with_key(enum safety_flag flag, uint32_t key)
{
	int ret = -1;
	volatile struct error_flag *found_flag;

	if (!is_power_of_two(flag)) {
		return -1001;
	}

	found_flag = find_error_flag(flag);
	if (found_flag) {
		if (!found_flag->persistent && (found_flag->key == key || !key)) {
			found_flag->error_state = false;
			found_flag->error_state_inv = true;
			ret = 0;
		} else {
			ret = -2;
		}
	}

	return ret;
}

bool safety_controller_get_flags_by_mask(enum safety_flag mask)
{
	uint32_t i;
	bool ret = false;

	for (i = 0; i < COUNT_OF(flags); i++) {
		if ((flags[i].flag & mask) && error_flag_get_status(&flags[i])) {
			ret = true;
			break;
		}
	}

	return ret;
}

uint32_t safety_controller_get_flag_count()
{
	return COUNT_OF(flags);
}

uint32_t safety_controller_get_analog_monitor_count()
{
	return COUNT_OF(analog_mons);
}

uint32_t safety_controller_get_timing_monitor_count()
{
	return COUNT_OF(timings);
}

int safety_controller_get_analog_mon_name_by_index(uint32_t index, char *buffer, size_t buffsize)
{
	if (index >= COUNT_OF(analog_mons))
		return -1;

	if (buffsize == 0 || !buffer)
		return -1000;

	strncpy(buffer, analog_mons[index].name, buffsize);
	buffer[buffsize - 1] = 0;

	return 0;
}

int safety_controller_get_flag_name_by_index(uint32_t index, char *buffer, size_t buffsize)
{
	if (index >= COUNT_OF(flags))
		return -1;

	if (buffsize == 0 || !buffer)
		return -1000;

	strncpy(buffer, flags[index].name, buffsize);
	buffer[buffsize - 1] = 0;

	return 0;
}

int safety_controller_get_timing_mon_name_by_index(uint32_t index, char *buffer, size_t buffsize)
{
	if (index >= COUNT_OF(timings))
		return -1;

	if (buffsize == 0 || !buffer)
		return -1000;

	strncpy(buffer, timings[index].name, buffsize);
	buffer[buffsize - 1] = 0;

	return 0;
}

int safety_controller_get_flag_by_index(uint32_t index, bool *status, enum safety_flag *flag_enum)
{
	int ret = -1;

	if (!status && !flag_enum)
		return -1000;

	if (index < COUNT_OF(flags)) {
		if (status)
			*status = error_flag_get_status(&flags[index]);
		if (flag_enum)
			*flag_enum = flags[index].flag;

		ret = 0;
	}

	return ret;
}

int safety_controller_get_analog_mon_by_index(uint32_t index, struct analog_monitor_info *info)
{
	volatile struct analog_mon *mon;

	if (!info)
		return -1002;

	if (index >= COUNT_OF(analog_mons)) {
		info->status = ANALOG_MONITOR_ERROR;
		return -1001;
	}

	mon = &analog_mons[index];

	info->max = mon->max;
	info->min = mon->min;
	info->value = mon->value;
	info->timestamp = mon->timestamp;

	if (!mon->valid) {
		info->status = ANALOG_MONITOR_INACTIVE;
	} else {
		if (mon->value > mon->max)
			info->status = ANALOG_MONITOR_OVER;
		else if (mon->value < mon->min)
			info->status = ANALOG_MONITOR_UNDER;
		else
			info->status = ANALOG_MONITOR_OK;
	}

	return 0;
}

int safety_controller_get_timing_mon_by_index(uint32_t index, struct timing_monitor_info *info)
{
	volatile struct timing_mon *mon;

	if (!info)
		return -1002;

	if (index >= COUNT_OF(timings)) {
		return -1001;
	}

	mon = &timings[index];

	info->max = mon->max_delta;
	info->min = mon->min_delta;
	info->enabled = mon->enabled;
	info->last_run = mon->last;
	info->delta = mon->calculated_delta;

	return 0;
}

/** @} */