2020-07-06 21:12:18 +02:00
|
|
|
/* Reflow Oven Controller
|
|
|
|
*
|
|
|
|
* Copyright (C) 2020 Mario Hüttel <mario.huettel@gmx.net>
|
|
|
|
*
|
|
|
|
* This file is part of the Reflow Oven Controller Project.
|
|
|
|
*
|
|
|
|
* The reflow oven controller is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
|
|
* published by the Free Software Foundation.
|
|
|
|
*
|
|
|
|
* The Reflow Oven Control Firmware is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with the reflow oven controller project.
|
|
|
|
* If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*/
|
|
|
|
|
2020-07-07 19:26:00 +02:00
|
|
|
/**
|
|
|
|
* @addtogroup safety-controller
|
|
|
|
* @{
|
|
|
|
*/
|
|
|
|
|
2020-07-06 21:12:18 +02:00
|
|
|
#include <reflow-controller/safety/safety-controller.h>
|
2020-07-07 19:26:00 +02:00
|
|
|
#include <reflow-controller/safety/safety-config.h>
|
2020-07-07 20:47:22 +02:00
|
|
|
#include <reflow-controller/safety/watchdog.h>
|
2020-07-09 22:31:42 +02:00
|
|
|
#include <reflow-controller/safety/safety-adc.h>
|
2020-07-26 21:40:09 +02:00
|
|
|
#include <reflow-controller/stack-check.h>
|
2020-07-09 22:31:42 +02:00
|
|
|
#include <helper-macros/helper-macros.h>
|
2020-09-06 21:05:00 +02:00
|
|
|
#include <stm-periph/crc-unit.h>
|
2020-07-07 20:47:22 +02:00
|
|
|
#include <reflow-controller/systick.h>
|
2020-09-05 15:15:31 +02:00
|
|
|
#include <reflow-controller/safety/fault.h>
|
2020-08-18 20:47:08 +02:00
|
|
|
#include <stm32/stm32f4xx.h>
|
|
|
|
#include <cmsis/core_cm4.h>
|
2020-07-07 20:47:22 +02:00
|
|
|
#include <stddef.h>
|
2020-07-28 22:55:02 +02:00
|
|
|
#include <string.h>
|
2020-09-05 15:15:31 +02:00
|
|
|
#include <reflow-controller/safety/safety-memory.h>
|
2020-09-06 21:05:00 +02:00
|
|
|
#include <helper-macros/helper-macros.h>
|
2020-07-07 19:26:00 +02:00
|
|
|
|
2020-07-07 20:47:22 +02:00
|
|
|
struct error_flag {
|
|
|
|
const char *name;
|
|
|
|
enum safety_flag flag;
|
|
|
|
bool error_state;
|
2020-09-05 20:17:35 +02:00
|
|
|
bool error_state_inv;
|
2020-07-07 20:47:22 +02:00
|
|
|
bool persistent;
|
2020-07-27 21:29:15 +02:00
|
|
|
uint32_t key;
|
2020-07-07 20:47:22 +02:00
|
|
|
};
|
2020-07-07 19:26:00 +02:00
|
|
|
|
2020-07-07 20:47:22 +02:00
|
|
|
struct timing_mon {
|
|
|
|
const char *name;
|
|
|
|
enum timing_monitor monitor;
|
2020-07-09 22:31:42 +02:00
|
|
|
enum safety_flag associated_flag;
|
2020-07-07 20:47:22 +02:00
|
|
|
uint64_t min_delta;
|
|
|
|
uint64_t max_delta;
|
|
|
|
uint64_t last;
|
2020-08-16 12:34:41 +02:00
|
|
|
uint64_t calculated_delta;
|
2020-07-07 20:47:22 +02:00
|
|
|
bool enabled;
|
|
|
|
};
|
|
|
|
|
|
|
|
struct analog_mon {
|
|
|
|
const char *name;
|
|
|
|
enum analog_value_monitor monitor;
|
2020-07-09 22:31:42 +02:00
|
|
|
enum safety_flag associated_flag;
|
2020-07-07 20:47:22 +02:00
|
|
|
float min;
|
|
|
|
float max;
|
|
|
|
float value;
|
|
|
|
bool valid;
|
2020-07-30 20:29:41 +02:00
|
|
|
uint64_t timestamp;
|
2020-07-07 20:47:22 +02:00
|
|
|
};
|
|
|
|
|
2020-09-06 19:52:44 +02:00
|
|
|
struct safety_weight {
|
2020-09-06 21:05:00 +02:00
|
|
|
uint32_t start_dummy;
|
|
|
|
enum config_weight weight;
|
2020-09-06 19:52:44 +02:00
|
|
|
enum safety_flag flag;
|
2020-09-06 21:05:00 +02:00
|
|
|
volatile struct error_flag *flag_ptr;
|
|
|
|
uint32_t end_dummy;
|
2020-09-06 19:52:44 +02:00
|
|
|
};
|
|
|
|
|
2020-09-05 20:17:35 +02:00
|
|
|
#define ERR_FLAG_ENTRY(errflag, persistency) {.name=#errflag, .flag = (errflag), .error_state = false, .error_state_inv = true, .persistent = (persistency), .key = 0UL}
|
2020-07-09 22:31:42 +02:00
|
|
|
#define TIM_MON_ENTRY(mon, min, max, flag) {.name=#mon, .monitor = (mon), .associated_flag=(flag), .min_delta = (min), .max_delta = (max), .last = 0ULL, .enabled= false}
|
|
|
|
#define ANA_MON_ENTRY(mon, min_value, max_value, flag) {.name=#mon, .monitor = (mon), .associated_flag=(flag), .min = (min_value), .max = (max_value), .value = 0.0f, .valid = false}
|
2020-09-06 21:05:00 +02:00
|
|
|
#define ERR_FLAG_WEIGHT_ENTRY(_flag, _weight) {.flag = (_flag), .flag_ptr = NULL, .weight = (_weight), .start_dummy = 0x11823344, .end_dummy = 0xAABBCCFD}
|
2020-07-07 20:47:22 +02:00
|
|
|
|
2020-09-05 20:14:08 +02:00
|
|
|
static volatile struct error_flag IN_SECTION(.ccm.data) flags[] = {
|
2020-07-07 20:47:22 +02:00
|
|
|
ERR_FLAG_ENTRY(ERR_FLAG_MEAS_ADC_OFF, false),
|
|
|
|
ERR_FLAG_ENTRY(ERR_FLAG_MEAS_ADC_WATCHDOG, false),
|
|
|
|
ERR_FLAG_ENTRY(ERR_FLAG_MEAS_ADC_UNSTABLE, false),
|
|
|
|
ERR_FLAG_ENTRY(ERR_FLAG_MEAS_ADC_OVERFLOW, true),
|
|
|
|
ERR_FLAG_ENTRY(ERR_FLAG_TIMING_MEAS_ADC, false),
|
|
|
|
ERR_FLAG_ENTRY(ERR_FLAG_TIMING_PID, false),
|
|
|
|
ERR_FLAG_ENTRY(ERR_FLAG_AMON_UC_TEMP, true),
|
|
|
|
ERR_FLAG_ENTRY(ERR_FLAG_AMON_VREF, false),
|
|
|
|
ERR_FLAG_ENTRY(ERR_FLAG_STACK, true),
|
2020-07-26 21:40:09 +02:00
|
|
|
ERR_FLAG_ENTRY(ERR_FLAG_SAFETY_ADC, true),
|
|
|
|
ERR_FLAG_ENTRY(ERR_FLAG_SYSTICK, true),
|
2020-07-27 21:29:15 +02:00
|
|
|
ERR_FLAG_ENTRY(ERR_FLAG_WTCHDG_FIRED, true),
|
2020-07-27 22:15:01 +02:00
|
|
|
ERR_FLAG_ENTRY(ERR_FLAG_UNCAL, false),
|
2020-07-28 23:29:35 +02:00
|
|
|
ERR_FLAG_ENTRY(ERR_FLAG_DEBUG, true),
|
2020-08-16 12:34:41 +02:00
|
|
|
ERR_FLAG_ENTRY(ERR_FLAG_TIMING_MAIN_LOOP, false),
|
2020-09-04 23:04:27 +02:00
|
|
|
ERR_FLAG_ENTRY(ERR_FLAG_SAFETY_MEM_CORRUPT, true),
|
2020-07-07 20:47:22 +02:00
|
|
|
};
|
|
|
|
|
2020-09-05 20:14:08 +02:00
|
|
|
static volatile struct timing_mon IN_SECTION(.ccm.data) timings[] = {
|
2020-07-28 22:55:02 +02:00
|
|
|
TIM_MON_ENTRY(ERR_TIMING_PID, 2, 1000, ERR_FLAG_TIMING_PID),
|
|
|
|
TIM_MON_ENTRY(ERR_TIMING_MEAS_ADC, 0, 50, ERR_FLAG_TIMING_MEAS_ADC),
|
2020-08-16 01:22:26 +02:00
|
|
|
TIM_MON_ENTRY(ERR_TIMING_SAFETY_ADC, 10, SAFETY_CONTROLLER_ADC_DELAY_MS + 1000, ERR_FLAG_SAFETY_ADC),
|
2020-08-16 12:34:41 +02:00
|
|
|
TIM_MON_ENTRY(ERR_TIMING_MAIN_LOOP, 0, 1000, ERR_FLAG_TIMING_MAIN_LOOP),
|
2020-07-07 20:47:22 +02:00
|
|
|
};
|
|
|
|
|
2020-09-05 20:14:08 +02:00
|
|
|
static volatile struct analog_mon IN_SECTION(.ccm.data) analog_mons[] = {
|
2020-07-26 21:40:09 +02:00
|
|
|
ANA_MON_ENTRY(ERR_AMON_VREF, SAFETY_ADC_VREF_MVOLT - SAFETY_ADC_VREF_TOL_MVOLT,
|
|
|
|
SAFETY_ADC_VREF_MVOLT + SAFETY_ADC_VREF_TOL_MVOLT, ERR_FLAG_AMON_VREF),
|
|
|
|
ANA_MON_ENTRY(ERR_AMON_UC_TEMP, SAFETY_ADC_TEMP_LOW_LIM, SAFETY_ADC_TEMP_HIGH_LIM,
|
|
|
|
ERR_FLAG_AMON_UC_TEMP),
|
2020-07-07 20:47:22 +02:00
|
|
|
};
|
|
|
|
|
2020-09-06 21:05:00 +02:00
|
|
|
static const struct safety_weight default_flag_weights[] = {
|
|
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_MEAS_ADC_OFF, SAFETY_FLAG_CONFIG_WEIGHT_NONE),
|
|
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_MEAS_ADC_WATCHDOG, SAFETY_FLAG_CONFIG_WEIGHT_NONE),
|
|
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_MEAS_ADC_UNSTABLE, SAFETY_FLAG_CONFIG_WEIGHT_NONE),
|
|
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_MEAS_ADC_OVERFLOW, SAFETY_FLAG_CONFIG_WEIGHT_NONE),
|
|
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_TIMING_MEAS_ADC, SAFETY_FLAG_CONFIG_WEIGHT_NONE),
|
|
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_TIMING_PID, SAFETY_FLAG_CONFIG_WEIGHT_NONE),
|
|
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_AMON_UC_TEMP, SAFETY_FLAG_CONFIG_WEIGHT_NONE),
|
|
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_AMON_VREF, SAFETY_FLAG_CONFIG_WEIGHT_NONE),
|
|
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_STACK, SAFETY_FLAG_CONFIG_WEIGHT_NONE),
|
|
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_SAFETY_ADC, SAFETY_FLAG_CONFIG_WEIGHT_NONE),
|
|
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_SYSTICK, SAFETY_FLAG_CONFIG_WEIGHT_NONE),
|
|
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_WTCHDG_FIRED, SAFETY_FLAG_CONFIG_WEIGHT_NONE),
|
|
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_UNCAL, SAFETY_FLAG_CONFIG_WEIGHT_NONE),
|
|
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_DEBUG, SAFETY_FLAG_CONFIG_WEIGHT_NONE),
|
|
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_TIMING_MAIN_LOOP, SAFETY_FLAG_CONFIG_WEIGHT_NONE),
|
|
|
|
ERR_FLAG_WEIGHT_ENTRY(ERR_FLAG_SAFETY_MEM_CORRUPT, SAFETY_FLAG_CONFIG_WEIGHT_NONE),
|
|
|
|
};
|
|
|
|
|
|
|
|
static volatile struct safety_weight IN_SECTION(.ccm.bss) flag_weights[COUNT_OF(default_flag_weights)];
|
|
|
|
static uint32_t IN_SECTION(.ccm.data) flag_weight_crc;
|
|
|
|
|
|
|
|
static int flag_weight_table_crc_check(void)
|
|
|
|
{
|
|
|
|
/* Check the flag weight table */
|
|
|
|
crc_unit_reset();
|
|
|
|
crc_unit_input_array((uint32_t *)flag_weights, wordsize_of(flag_weights));
|
|
|
|
|
|
|
|
if (crc_unit_get_crc() != flag_weight_crc)
|
|
|
|
return -1;
|
2020-09-06 19:52:44 +02:00
|
|
|
|
2020-09-06 21:05:00 +02:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static volatile struct error_flag *find_error_flag(enum safety_flag flag)
|
|
|
|
{
|
|
|
|
uint32_t i;
|
|
|
|
volatile struct error_flag *ret = NULL;
|
|
|
|
|
|
|
|
for (i = 0; i < COUNT_OF(flags); i++) {
|
|
|
|
if (flags[i].flag == flag)
|
|
|
|
ret = &flags[i];
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief This function copies the safety weigths from flash ro RAM and computes the CRC
|
|
|
|
*/
|
|
|
|
static void init_safety_flag_weight_table_from_default(void)
|
|
|
|
{
|
|
|
|
uint32_t index;
|
|
|
|
volatile struct safety_weight *current_weight;
|
|
|
|
|
|
|
|
/* Copy the table */
|
|
|
|
memcpy((void *)flag_weights, default_flag_weights, wordsize_of(flag_weights));
|
|
|
|
|
|
|
|
/* Fill in the flag pointers */
|
|
|
|
for (index = 0; index < COUNT_OF(flag_weights); index++) {
|
|
|
|
current_weight = &flag_weights[index];
|
|
|
|
current_weight->flag_ptr = find_error_flag(current_weight->flag);
|
|
|
|
}
|
|
|
|
|
|
|
|
crc_unit_reset();
|
|
|
|
crc_unit_input_array((uint32_t*)flag_weights, wordsize_of(flag_weights));
|
|
|
|
flag_weight_crc = crc_unit_get_crc();
|
2020-09-06 19:52:44 +02:00
|
|
|
}
|
|
|
|
|
2020-09-05 20:29:21 +02:00
|
|
|
static bool error_flag_get_status(const volatile struct error_flag *flag)
|
|
|
|
{
|
|
|
|
if (flag->error_state == flag->error_state_inv) {
|
|
|
|
return true;
|
|
|
|
} else {
|
|
|
|
return flag->error_state;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-07-27 21:32:25 +02:00
|
|
|
static volatile struct analog_mon *find_analog_mon(enum analog_value_monitor mon)
|
2020-07-09 22:31:42 +02:00
|
|
|
{
|
|
|
|
uint32_t i;
|
2020-07-27 21:32:25 +02:00
|
|
|
volatile struct analog_mon *ret = NULL;
|
2020-07-09 22:31:42 +02:00
|
|
|
|
|
|
|
for (i = 0; i < COUNT_OF(analog_mons); i++) {
|
|
|
|
if (analog_mons[i].monitor == mon)
|
|
|
|
ret = &analog_mons[i];
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2020-07-27 21:32:25 +02:00
|
|
|
static volatile struct timing_mon *find_timing_mon(enum timing_monitor mon)
|
2020-07-09 22:31:42 +02:00
|
|
|
{
|
|
|
|
uint32_t i;
|
2020-07-27 21:32:25 +02:00
|
|
|
volatile struct timing_mon *ret = NULL;
|
2020-07-09 22:31:42 +02:00
|
|
|
|
|
|
|
for (i = 0; i < COUNT_OF(timings); i++) {
|
|
|
|
if (timings[i].monitor == mon)
|
|
|
|
ret = &timings[i];
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2020-07-26 21:40:09 +02:00
|
|
|
static void safety_controller_process_active_timing_mons()
|
|
|
|
{
|
|
|
|
uint32_t i;
|
2020-07-27 21:32:25 +02:00
|
|
|
volatile struct timing_mon *current_mon;
|
2020-08-18 20:47:08 +02:00
|
|
|
uint64_t last;
|
2020-07-26 21:40:09 +02:00
|
|
|
|
|
|
|
for (i = 0; i < COUNT_OF(timings); i++) {
|
|
|
|
current_mon = &timings[i];
|
|
|
|
if (current_mon->enabled) {
|
2020-08-18 20:47:08 +02:00
|
|
|
__disable_irq();
|
|
|
|
last = current_mon->last;
|
|
|
|
__enable_irq();
|
|
|
|
if (systick_ticks_have_passed(last, current_mon->max_delta))
|
2020-07-26 21:40:09 +02:00
|
|
|
safety_controller_report_error(current_mon->associated_flag);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-09-06 21:05:00 +02:00
|
|
|
static void safety_controller_process_monitor_checks()
|
2020-07-09 22:31:42 +02:00
|
|
|
{
|
2020-07-26 21:40:09 +02:00
|
|
|
static bool startup_completed = false;
|
|
|
|
enum analog_monitor_status amon_state;
|
|
|
|
float amon_value;
|
|
|
|
|
2020-07-28 21:00:37 +02:00
|
|
|
if (!startup_completed && systick_get_global_tick() >= 1000)
|
2020-07-26 21:40:09 +02:00
|
|
|
startup_completed = true;
|
2020-07-28 21:00:37 +02:00
|
|
|
|
2020-07-26 21:40:09 +02:00
|
|
|
if (startup_completed) {
|
|
|
|
amon_state = safety_controller_get_analog_mon_value(ERR_AMON_VREF, &amon_value);
|
|
|
|
if (amon_state != ANALOG_MONITOR_OK)
|
|
|
|
safety_controller_report_error(ERR_FLAG_AMON_VREF);
|
|
|
|
amon_state = safety_controller_get_analog_mon_value(ERR_AMON_UC_TEMP, &amon_value);
|
|
|
|
if (amon_state != ANALOG_MONITOR_OK)
|
|
|
|
safety_controller_report_error(ERR_FLAG_AMON_UC_TEMP);
|
|
|
|
}
|
|
|
|
|
|
|
|
safety_controller_process_active_timing_mons();
|
2020-07-09 22:31:42 +02:00
|
|
|
}
|
|
|
|
|
2020-07-07 20:47:22 +02:00
|
|
|
int safety_controller_report_error(enum safety_flag flag)
|
2020-07-27 22:15:01 +02:00
|
|
|
{
|
|
|
|
return safety_controller_report_error_with_key(flag, 0x0UL);
|
|
|
|
}
|
|
|
|
|
|
|
|
int safety_controller_report_error_with_key(enum safety_flag flag, uint32_t key)
|
2020-07-07 20:47:22 +02:00
|
|
|
{
|
|
|
|
uint32_t i;
|
|
|
|
int ret = -1;
|
2020-09-06 01:40:10 +02:00
|
|
|
bool old_state;
|
|
|
|
int res;
|
|
|
|
struct error_memory_entry err_mem_entry;
|
2020-07-07 20:47:22 +02:00
|
|
|
|
|
|
|
for (i = 0; i < COUNT_OF(flags); i++) {
|
|
|
|
if (flags[i].flag & flag) {
|
2020-09-06 01:40:10 +02:00
|
|
|
old_state = flags[i].error_state;
|
2020-07-07 20:47:22 +02:00
|
|
|
flags[i].error_state = true;
|
2020-09-05 20:29:21 +02:00
|
|
|
flags[i].error_state_inv = !flags[i].error_state;
|
2020-07-27 22:15:01 +02:00
|
|
|
flags[i].key = key;
|
2020-09-06 01:40:10 +02:00
|
|
|
|
|
|
|
if (flags[i].persistent && !old_state) {
|
|
|
|
err_mem_entry.counter = 1;
|
|
|
|
err_mem_entry.flag_num = i;
|
|
|
|
err_mem_entry.type = SAFETY_MEMORY_ERR_ENTRY_FLAG;
|
|
|
|
res = safety_memory_insert_error_entry(&err_mem_entry);
|
|
|
|
if (res) {
|
|
|
|
ret = -12;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
ret = 0;
|
|
|
|
}
|
2020-07-07 20:47:22 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
2020-07-07 19:26:00 +02:00
|
|
|
|
2020-07-07 20:47:22 +02:00
|
|
|
void safety_controller_report_timing(enum timing_monitor monitor)
|
|
|
|
{
|
2020-07-27 21:32:25 +02:00
|
|
|
volatile struct timing_mon *tim;
|
2020-07-07 20:47:22 +02:00
|
|
|
uint64_t timestamp;
|
|
|
|
|
|
|
|
timestamp = systick_get_global_tick();
|
|
|
|
|
2020-07-09 22:31:42 +02:00
|
|
|
tim = find_timing_mon(monitor);
|
|
|
|
if (tim) {
|
2020-07-26 21:40:09 +02:00
|
|
|
if (tim->enabled) {
|
2020-07-28 22:55:02 +02:00
|
|
|
if (!systick_ticks_have_passed(tim->last, tim->min_delta) && tim->min_delta > 0U) {
|
2020-07-26 21:40:09 +02:00
|
|
|
safety_controller_report_error(tim->associated_flag);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-08-16 12:34:41 +02:00
|
|
|
tim->calculated_delta = timestamp - tim->last;
|
2020-07-09 22:31:42 +02:00
|
|
|
tim->last = timestamp;
|
|
|
|
tim->enabled = true;
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
void safety_controller_report_analog_value(enum analog_value_monitor monitor, float value)
|
|
|
|
{
|
2020-07-27 21:32:25 +02:00
|
|
|
volatile struct analog_mon *ana;
|
2020-07-09 22:31:42 +02:00
|
|
|
|
|
|
|
/* Return if not a power of two */
|
|
|
|
if (!is_power_of_two(monitor))
|
|
|
|
return;
|
|
|
|
ana = find_analog_mon(monitor);
|
|
|
|
if (ana) {
|
|
|
|
ana->valid = true;
|
|
|
|
ana->value = value;
|
2020-07-30 20:29:41 +02:00
|
|
|
ana->timestamp = systick_get_global_tick();
|
2020-07-07 20:47:22 +02:00
|
|
|
}
|
2020-07-09 22:31:42 +02:00
|
|
|
|
2020-07-07 20:47:22 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
void safety_controller_init()
|
|
|
|
{
|
2020-09-05 15:15:31 +02:00
|
|
|
enum safety_memory_state found_memory_state;
|
|
|
|
|
|
|
|
/* Init the safety memory */
|
|
|
|
if (safety_memory_init(&found_memory_state)) {
|
|
|
|
/* Trigger panic mode! */
|
|
|
|
panic_mode();
|
|
|
|
}
|
2020-09-06 21:05:00 +02:00
|
|
|
|
|
|
|
/* This is usually done by the safety memory already. But, since this module also uses the CRC... */
|
|
|
|
crc_unit_init();
|
|
|
|
|
|
|
|
init_safety_flag_weight_table_from_default();
|
|
|
|
|
2020-09-05 15:15:31 +02:00
|
|
|
if (found_memory_state == SAFETY_MEMORY_INIT_CORRUPTED)
|
|
|
|
safety_controller_report_error(ERR_FLAG_SAFETY_MEM_CORRUPT);
|
2020-07-27 22:15:01 +02:00
|
|
|
|
|
|
|
/* Init default flag states */
|
|
|
|
safety_controller_report_error_with_key(ERR_FLAG_MEAS_ADC_OFF | ERR_FLAG_MEAS_ADC_UNSTABLE,
|
|
|
|
MEAS_ADC_SAFETY_FLAG_KEY);
|
|
|
|
|
2020-07-09 22:31:42 +02:00
|
|
|
safety_adc_init();
|
2020-07-07 20:47:22 +02:00
|
|
|
watchdog_setup(WATCHDOG_PRESCALER);
|
2020-07-27 22:15:01 +02:00
|
|
|
|
2020-07-28 21:00:37 +02:00
|
|
|
if (watchdog_check_reset_source())
|
|
|
|
safety_controller_report_error(ERR_FLAG_WTCHDG_FIRED);
|
2020-07-28 23:29:35 +02:00
|
|
|
|
|
|
|
#ifdef DEBUGBUILD
|
|
|
|
safety_controller_report_error(ERR_FLAG_DEBUG);
|
|
|
|
#endif
|
2020-07-07 20:47:22 +02:00
|
|
|
}
|
|
|
|
|
2020-07-26 21:40:09 +02:00
|
|
|
static void safety_controller_check_stack()
|
|
|
|
{
|
|
|
|
int32_t free_stack;
|
|
|
|
|
|
|
|
free_stack = stack_check_get_free();
|
|
|
|
if (free_stack < SAFETY_MIN_STACK_FREE)
|
|
|
|
safety_controller_report_error(ERR_FLAG_STACK);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void safety_controller_handle_safety_adc()
|
|
|
|
{
|
|
|
|
static enum safety_adc_meas_channel current_channel = SAFETY_ADC_MEAS_TEMP;
|
2020-07-28 22:55:02 +02:00
|
|
|
static uint64_t last_result_timestamp = 0;
|
2020-07-26 21:40:09 +02:00
|
|
|
int poll_result;
|
|
|
|
uint16_t result;
|
|
|
|
float analog_value;
|
|
|
|
|
|
|
|
poll_result = safety_adc_poll_result(&result);
|
2020-07-28 22:55:02 +02:00
|
|
|
if (!systick_ticks_have_passed(last_result_timestamp, SAFETY_CONTROLLER_ADC_DELAY_MS) && poll_result != 1)
|
|
|
|
return;
|
|
|
|
|
2020-07-26 21:40:09 +02:00
|
|
|
if (poll_result) {
|
|
|
|
if (poll_result == -1) {
|
|
|
|
switch (current_channel) {
|
|
|
|
case SAFETY_ADC_MEAS_TEMP:
|
|
|
|
current_channel = SAFETY_ADC_MEAS_VREF;
|
|
|
|
break;
|
|
|
|
case SAFETY_ADC_MEAS_VREF:
|
|
|
|
/* Expected fallthru */
|
|
|
|
default:
|
|
|
|
current_channel = SAFETY_ADC_MEAS_TEMP;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
safety_adc_trigger_meas(current_channel);
|
|
|
|
} else if (poll_result == 1) {
|
2020-07-28 22:55:02 +02:00
|
|
|
last_result_timestamp = systick_get_global_tick();
|
2020-07-26 21:40:09 +02:00
|
|
|
analog_value = safety_adc_convert_channel(current_channel, result);
|
|
|
|
safety_controller_report_timing(ERR_TIMING_SAFETY_ADC);
|
|
|
|
switch (current_channel) {
|
|
|
|
case SAFETY_ADC_MEAS_TEMP:
|
|
|
|
safety_controller_report_analog_value(ERR_AMON_UC_TEMP, analog_value);
|
|
|
|
break;
|
|
|
|
case SAFETY_ADC_MEAS_VREF:
|
|
|
|
safety_controller_report_analog_value(ERR_AMON_VREF, analog_value);
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
safety_controller_report_error(ERR_FLAG_SAFETY_ADC);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-09-06 21:05:00 +02:00
|
|
|
/**
|
|
|
|
* @brief Check the memory structures.
|
|
|
|
* @return 0 if okay, != 0 when an error was detected. PANIC mode shall be entered in this case.
|
|
|
|
*/
|
|
|
|
static int safety_controller_handle_memory_checks(void)
|
2020-09-05 15:56:52 +02:00
|
|
|
{
|
|
|
|
static uint64_t ts = 0;
|
|
|
|
enum safety_memory_state found_state;
|
2020-09-06 21:05:00 +02:00
|
|
|
int panic_request = 0;
|
2020-09-05 15:56:52 +02:00
|
|
|
|
2020-09-06 21:05:00 +02:00
|
|
|
if (systick_ticks_have_passed(ts, 1000)) {
|
2020-09-05 15:56:52 +02:00
|
|
|
ts = systick_get_global_tick();
|
|
|
|
|
2020-09-06 21:05:00 +02:00
|
|
|
/* Check the safety memory */
|
2020-09-05 15:56:52 +02:00
|
|
|
if (safety_memory_check()) {
|
2020-09-06 21:05:00 +02:00
|
|
|
(void)safety_memory_reinit(&found_state);
|
2020-09-05 15:56:52 +02:00
|
|
|
if (found_state != SAFETY_MEMORY_INIT_VALID_MEMORY) {
|
|
|
|
safety_controller_report_error(ERR_FLAG_SAFETY_MEM_CORRUPT);
|
|
|
|
}
|
|
|
|
}
|
2020-09-06 21:05:00 +02:00
|
|
|
|
|
|
|
panic_request = flag_weight_table_crc_check();
|
2020-09-05 15:56:52 +02:00
|
|
|
}
|
2020-09-06 21:05:00 +02:00
|
|
|
|
|
|
|
return panic_request;
|
2020-09-05 15:56:52 +02:00
|
|
|
}
|
|
|
|
|
2020-09-06 21:05:00 +02:00
|
|
|
static void safety_controller_do_systick_checking()
|
2020-07-07 20:47:22 +02:00
|
|
|
{
|
2020-07-28 21:00:37 +02:00
|
|
|
static uint64_t last_systick;
|
|
|
|
static uint32_t same_systick_cnt = 0UL;
|
|
|
|
uint64_t systick;
|
2020-07-09 22:31:42 +02:00
|
|
|
|
2020-07-28 21:00:37 +02:00
|
|
|
systick = systick_get_global_tick();
|
|
|
|
if (systick == last_systick) {
|
|
|
|
same_systick_cnt++;
|
|
|
|
if (same_systick_cnt > 1000)
|
|
|
|
safety_controller_report_error(ERR_FLAG_SYSTICK);
|
|
|
|
} else {
|
|
|
|
same_systick_cnt = 0UL;
|
|
|
|
}
|
|
|
|
last_systick = systick;
|
2020-09-06 21:05:00 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
int safety_controller_handle()
|
|
|
|
{
|
|
|
|
int panic_requested;
|
|
|
|
int ret = 0;
|
|
|
|
|
|
|
|
safety_controller_check_stack();
|
|
|
|
safety_controller_handle_safety_adc();
|
|
|
|
panic_requested = safety_controller_handle_memory_checks();
|
|
|
|
|
|
|
|
/* Panic here. If our internal structures are broken, we cannot be sure of anything anymore */
|
|
|
|
if (panic_requested)
|
|
|
|
panic_mode();
|
|
|
|
|
|
|
|
safety_controller_do_systick_checking();
|
2020-07-07 20:47:22 +02:00
|
|
|
|
2020-09-06 21:05:00 +02:00
|
|
|
safety_controller_process_monitor_checks();
|
2020-07-07 20:47:22 +02:00
|
|
|
/* TODO: Check flags for PID and HALT */
|
|
|
|
|
|
|
|
ret |= watchdog_ack(WATCHDOG_MAGIC_KEY);
|
|
|
|
|
|
|
|
return (ret ? -1 : 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
int safety_controller_enable_timing_mon(enum timing_monitor monitor, bool enable)
|
|
|
|
{
|
2020-07-27 21:32:25 +02:00
|
|
|
volatile struct timing_mon *tim;
|
2020-07-07 20:47:22 +02:00
|
|
|
|
|
|
|
if (enable) {
|
|
|
|
safety_controller_report_timing(monitor);
|
|
|
|
} else {
|
2020-07-09 22:31:42 +02:00
|
|
|
tim = find_timing_mon(monitor);
|
|
|
|
if (!tim)
|
|
|
|
return -1;
|
|
|
|
tim->enabled = false;
|
2020-07-07 20:47:22 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
2020-07-09 22:31:42 +02:00
|
|
|
|
|
|
|
enum analog_monitor_status safety_controller_get_analog_mon_value(enum analog_value_monitor monitor, float *value)
|
|
|
|
{
|
2020-07-27 21:32:25 +02:00
|
|
|
volatile struct analog_mon *mon;
|
2020-07-09 22:31:42 +02:00
|
|
|
int ret = ANALOG_MONITOR_ERROR;
|
|
|
|
|
|
|
|
if (!is_power_of_two(monitor))
|
|
|
|
goto go_out;
|
|
|
|
|
|
|
|
if (!value)
|
|
|
|
goto go_out;
|
|
|
|
|
|
|
|
mon = find_analog_mon(monitor);
|
|
|
|
if (mon) {
|
|
|
|
if (!mon->valid) {
|
|
|
|
ret = ANALOG_MONITOR_INACTIVE;
|
|
|
|
goto go_out;
|
|
|
|
}
|
|
|
|
|
|
|
|
*value = mon->value;
|
|
|
|
if (mon->value < mon->min)
|
|
|
|
ret = ANALOG_MONITOR_UNDER;
|
|
|
|
else if (mon->value > mon->max)
|
|
|
|
ret = ANALOG_MONITOR_OVER;
|
|
|
|
else
|
|
|
|
ret = ANALOG_MONITOR_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
go_out:
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2020-07-26 21:40:09 +02:00
|
|
|
int safety_controller_get_flag(enum safety_flag flag, bool *status, bool try_ack)
|
|
|
|
{
|
2020-07-27 21:32:25 +02:00
|
|
|
volatile struct error_flag *found_flag;
|
2020-07-26 21:40:09 +02:00
|
|
|
int ret = -1;
|
|
|
|
|
|
|
|
if (!status)
|
|
|
|
return -1002;
|
|
|
|
if (!is_power_of_two(flag))
|
|
|
|
return -1001;
|
|
|
|
|
|
|
|
found_flag = find_error_flag(flag);
|
|
|
|
if (found_flag) {
|
2020-09-05 20:29:21 +02:00
|
|
|
*status = error_flag_get_status(found_flag);
|
2020-07-27 21:29:15 +02:00
|
|
|
if (try_ack && !found_flag->persistent) {
|
|
|
|
/* Flag is generally non persistent
|
|
|
|
* If key is set, this function cannot remove the flag
|
|
|
|
*/
|
2020-09-05 20:29:21 +02:00
|
|
|
if (found_flag->key == 0UL) {
|
2020-07-27 21:29:15 +02:00
|
|
|
found_flag->error_state = false;
|
2020-09-05 20:29:21 +02:00
|
|
|
found_flag->error_state_inv = !found_flag->error_state;
|
|
|
|
}
|
2020-07-27 21:29:15 +02:00
|
|
|
}
|
2020-07-26 21:40:09 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
int safety_controller_ack_flag(enum safety_flag flag)
|
2020-07-27 21:29:15 +02:00
|
|
|
{
|
|
|
|
return safety_controller_ack_flag_with_key(flag, 0UL);
|
|
|
|
}
|
|
|
|
|
|
|
|
int safety_controller_ack_flag_with_key(enum safety_flag flag, uint32_t key)
|
2020-07-26 21:40:09 +02:00
|
|
|
{
|
|
|
|
int ret = -1;
|
2020-07-27 21:32:25 +02:00
|
|
|
volatile struct error_flag *found_flag;
|
2020-07-26 21:40:09 +02:00
|
|
|
|
|
|
|
if (!is_power_of_two(flag)) {
|
|
|
|
return -1001;
|
|
|
|
}
|
|
|
|
|
|
|
|
found_flag = find_error_flag(flag);
|
|
|
|
if (found_flag) {
|
2020-07-27 22:15:01 +02:00
|
|
|
if (!found_flag->persistent && (found_flag->key == key || !key)) {
|
2020-07-26 21:40:09 +02:00
|
|
|
found_flag->error_state = false;
|
2020-09-05 20:29:21 +02:00
|
|
|
found_flag->error_state_inv = true;
|
2020-07-26 21:40:09 +02:00
|
|
|
ret = 0;
|
|
|
|
} else {
|
|
|
|
ret = -2;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2020-07-27 22:15:01 +02:00
|
|
|
bool safety_controller_get_flags_by_mask(enum safety_flag mask)
|
|
|
|
{
|
|
|
|
uint32_t i;
|
|
|
|
bool ret = false;
|
|
|
|
|
|
|
|
for (i = 0; i < COUNT_OF(flags); i++) {
|
2020-09-05 20:29:21 +02:00
|
|
|
if ((flags[i].flag & mask) && error_flag_get_status(&flags[i])) {
|
2020-07-27 22:15:01 +02:00
|
|
|
ret = true;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2020-07-28 22:55:02 +02:00
|
|
|
uint32_t safety_controller_get_flag_count()
|
|
|
|
{
|
|
|
|
return COUNT_OF(flags);
|
|
|
|
}
|
|
|
|
|
2020-07-30 20:29:41 +02:00
|
|
|
uint32_t safety_controller_get_analog_monitor_count()
|
|
|
|
{
|
|
|
|
return COUNT_OF(analog_mons);
|
|
|
|
}
|
|
|
|
|
2020-08-16 12:34:41 +02:00
|
|
|
uint32_t safety_controller_get_timing_monitor_count()
|
|
|
|
{
|
|
|
|
return COUNT_OF(timings);
|
|
|
|
}
|
|
|
|
|
2020-07-30 20:29:41 +02:00
|
|
|
int safety_controller_get_analog_mon_name_by_index(uint32_t index, char *buffer, size_t buffsize)
|
|
|
|
{
|
|
|
|
if (index >= COUNT_OF(analog_mons))
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
if (buffsize == 0 || !buffer)
|
|
|
|
return -1000;
|
|
|
|
|
|
|
|
strncpy(buffer, analog_mons[index].name, buffsize);
|
|
|
|
buffer[buffsize - 1] = 0;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2020-07-28 22:55:02 +02:00
|
|
|
int safety_controller_get_flag_name_by_index(uint32_t index, char *buffer, size_t buffsize)
|
|
|
|
{
|
|
|
|
if (index >= COUNT_OF(flags))
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
if (buffsize == 0 || !buffer)
|
|
|
|
return -1000;
|
|
|
|
|
|
|
|
strncpy(buffer, flags[index].name, buffsize);
|
|
|
|
buffer[buffsize - 1] = 0;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2020-08-16 12:34:41 +02:00
|
|
|
int safety_controller_get_timing_mon_name_by_index(uint32_t index, char *buffer, size_t buffsize)
|
|
|
|
{
|
|
|
|
if (index >= COUNT_OF(timings))
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
if (buffsize == 0 || !buffer)
|
|
|
|
return -1000;
|
|
|
|
|
|
|
|
strncpy(buffer, timings[index].name, buffsize);
|
|
|
|
buffer[buffsize - 1] = 0;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2020-07-28 22:55:02 +02:00
|
|
|
int safety_controller_get_flag_by_index(uint32_t index, bool *status, enum safety_flag *flag_enum)
|
|
|
|
{
|
|
|
|
int ret = -1;
|
|
|
|
|
|
|
|
if (!status && !flag_enum)
|
|
|
|
return -1000;
|
|
|
|
|
|
|
|
if (index < COUNT_OF(flags)) {
|
|
|
|
if (status)
|
2020-09-05 20:29:21 +02:00
|
|
|
*status = error_flag_get_status(&flags[index]);
|
2020-07-28 22:55:02 +02:00
|
|
|
if (flag_enum)
|
|
|
|
*flag_enum = flags[index].flag;
|
|
|
|
|
|
|
|
ret = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2020-07-30 20:29:41 +02:00
|
|
|
int safety_controller_get_analog_mon_by_index(uint32_t index, struct analog_monitor_info *info)
|
|
|
|
{
|
|
|
|
volatile struct analog_mon *mon;
|
|
|
|
|
|
|
|
if (!info)
|
|
|
|
return -1002;
|
|
|
|
|
|
|
|
if (index >= COUNT_OF(analog_mons)) {
|
|
|
|
info->status = ANALOG_MONITOR_ERROR;
|
|
|
|
return -1001;
|
|
|
|
}
|
|
|
|
|
|
|
|
mon = &analog_mons[index];
|
|
|
|
|
|
|
|
info->max = mon->max;
|
|
|
|
info->min = mon->min;
|
|
|
|
info->value = mon->value;
|
|
|
|
info->timestamp = mon->timestamp;
|
|
|
|
|
|
|
|
if (!mon->valid) {
|
|
|
|
info->status = ANALOG_MONITOR_INACTIVE;
|
|
|
|
} else {
|
|
|
|
if (mon->value > mon->max)
|
|
|
|
info->status = ANALOG_MONITOR_OVER;
|
|
|
|
else if (mon->value < mon->min)
|
|
|
|
info->status = ANALOG_MONITOR_UNDER;
|
|
|
|
else
|
|
|
|
info->status = ANALOG_MONITOR_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2020-08-16 12:34:41 +02:00
|
|
|
int safety_controller_get_timing_mon_by_index(uint32_t index, struct timing_monitor_info *info)
|
|
|
|
{
|
|
|
|
volatile struct timing_mon *mon;
|
|
|
|
|
|
|
|
if (!info)
|
|
|
|
return -1002;
|
|
|
|
|
|
|
|
if (index >= COUNT_OF(timings)) {
|
|
|
|
return -1001;
|
|
|
|
}
|
|
|
|
|
|
|
|
mon = &timings[index];
|
|
|
|
|
|
|
|
info->max = mon->max_delta;
|
|
|
|
info->min = mon->min_delta;
|
|
|
|
info->enabled = mon->enabled;
|
|
|
|
info->last_run = mon->last;
|
|
|
|
info->delta = mon->calculated_delta;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2020-07-09 22:31:42 +02:00
|
|
|
/** @} */
|