From 1300fe88a459f2946633d146d9d3665f9d462f15 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mario=20H=C3=BCttel?= Date: Fri, 9 Jun 2023 00:04:32 +0200 Subject: [PATCH] Shorten wtchdog trigger interval to 1.25 seconds nominal. This will ensure the internal watchdog triggers before the external one --- .../reflow-controller/safety/safety-config.h | 10 ++++++- .../reflow-controller/safety/watchdog.h | 12 ++++++-- stm-firmware/safety/safety-controller.c | 3 +- stm-firmware/safety/watchdog.c | 29 ++++++++++++------- 4 files changed, 40 insertions(+), 14 deletions(-) diff --git a/stm-firmware/include/reflow-controller/safety/safety-config.h b/stm-firmware/include/reflow-controller/safety/safety-config.h index b8d4609..b1b0d4c 100644 --- a/stm-firmware/include/reflow-controller/safety/safety-config.h +++ b/stm-firmware/include/reflow-controller/safety/safety-config.h @@ -126,7 +126,15 @@ enum analog_value_monitor { #define WATCHDOG_HALT_DEBUG (0) #endif -#define WATCHDOG_PRESCALER 16 +/** + * @brief Watchdog clock prescaler value + */ +#define WATCHDOG_PRESCALER (16) + +/** + * @brief Watchdog reload value + */ +#define WATCHDOG_RELOAD_VALUE (2500) /** * @brief Minimum number of bytes that have to be free on the stack. If this is not the case, an error is detected diff --git a/stm-firmware/include/reflow-controller/safety/watchdog.h b/stm-firmware/include/reflow-controller/safety/watchdog.h index 6d283cd..b9cfc17 100644 --- a/stm-firmware/include/reflow-controller/safety/watchdog.h +++ b/stm-firmware/include/reflow-controller/safety/watchdog.h @@ -27,11 +27,19 @@ /** * @brief Setup the watchdog for the safety controller - * @param Prescaler to use for the 32 KHz LSI clock + * + * The watchdog timeout can be calculated with: + * \f[ t = \frac{(\mathrm{RELOAD_VAL} + 1)\cdot \mathrm{PRESCALER}}{32000 } s\f] + * + * Valid prescaler values are: 4, 8, 16, 32, 64, 128, 256. + * @param prescaler Prescaler to use for the 32 KHz LSI clock + * @param reload_value Reload value to reload the timer with when reset. 0 to 0xFFF * @return 0 if successful + * @return -1 if prescaler is wrong + * @return -2 if a reload value > 0xFFF is selected. 0xFFF will be used in this case * @note Once the watchdog is enabled, it cannot be turned off! */ -int watchdog_setup(uint8_t prescaler); +int watchdog_setup(uint16_t prescaler, uint16_t reload_value); /** * @brief Reset watchdog counter diff --git a/stm-firmware/safety/safety-controller.c b/stm-firmware/safety/safety-controller.c index 21305f1..eeaf7f7 100644 --- a/stm-firmware/safety/safety-controller.c +++ b/stm-firmware/safety/safety-controller.c @@ -322,6 +322,7 @@ static const struct crc_monitor_register safety_adc_crc_regs[] = { static const struct crc_monitor_register misc_config_crc_regs[] = { /* Check clock tree settings */ CRC_MON_REGISTER_ENTRY(RCC->CR, RCC_CR_PLLON | RCC_CR_HSEON | RCC_CR_PLLI2SON | RCC_CR_HSION, 4), + CRC_MON_REGISTER_ENTRY(RCC->CSR, RCC_CSR_LSION, 4), CRC_MON_REGISTER_ENTRY(RCC->CFGR, RCC_CFGR_SWS | RCC_CFGR_HPRE | RCC_CFGR_PPRE1 | RCC_CFGR_PPRE2, 4), CRC_MON_REGISTER_ENTRY(RCC->PLLCFGR, RCC_PLLCFGR_PLLM | RCC_PLLCFGR_PLLQ | RCC_PLLCFGR_PLLSRC | RCC_PLLCFGR_PLLP | RCC_PLLCFGR_PLLN | RCC_PLLCFGR_PLLM , 4), /* Check Flash settings */ @@ -972,7 +973,7 @@ void safety_controller_init(void) MEAS_ADC_SAFETY_FLAG_KEY); safety_adc_init(); - watchdog_setup(WATCHDOG_PRESCALER); + (void)watchdog_setup(WATCHDOG_PRESCALER, WATCHDOG_RELOAD_VALUE); if (rcc_manager_get_reset_cause(false) & RCC_RESET_SOURCE_IWDG) safety_controller_report_error(ERR_FLAG_WTCHDG_FIRED); diff --git a/stm-firmware/safety/watchdog.c b/stm-firmware/safety/watchdog.c index 44d4ee6..7b51b1b 100644 --- a/stm-firmware/safety/watchdog.c +++ b/stm-firmware/safety/watchdog.c @@ -42,9 +42,10 @@ */ #define STM32_WATCHDOG_REGISTER_ACCESS_KEY 0x5555 -int watchdog_setup(uint8_t prescaler) +int watchdog_setup(uint16_t prescaler, uint16_t reload_value) { uint32_t prescaler_reg_val; + int ret = 0; /** - Activate the LSI oscillator */ RCC->CSR |= RCC_CSR_LSION; @@ -53,20 +54,24 @@ int watchdog_setup(uint8_t prescaler) while (!(RCC->CSR & RCC_CSR_LSIRDY)) ; - if (prescaler == 4U) + if (prescaler == 4U) { prescaler_reg_val = 0UL; - else if (prescaler == 8U) + } else if (prescaler == 8U) { prescaler_reg_val = 1UL; - else if (prescaler == 16U) + } else if (prescaler == 16U) { prescaler_reg_val = 2UL; - else if (prescaler == 32U) + } else if (prescaler == 32U) { prescaler_reg_val = 3UL; - else if (prescaler == 64U) + } else if (prescaler == 64U) { prescaler_reg_val = 4UL; - else if (prescaler == 128U) + } else if (prescaler == 128U) { prescaler_reg_val = 5UL; - else + } else if (prescaler == 256U) { prescaler_reg_val = 6UL; + } else { + prescaler_reg_val = 6UL; + ret = -1; + } /** - (De)activate the watchdog during debug access according to @ref WATCHDOG_HALT_DEBUG */ if (WATCHDOG_HALT_DEBUG) @@ -88,7 +93,11 @@ int watchdog_setup(uint8_t prescaler) while (IWDG->SR & IWDG_SR_RVU) ; - /** - Set reload value fixed to 0xFFF */ + /** - Set reload value */ + if (reload_value > 0xFFFu) { + reload_value = 0xFFFFu; + ret = -2; + } IWDG->RLR = 0xFFFU; /** - Write enable key */ @@ -97,7 +106,7 @@ int watchdog_setup(uint8_t prescaler) /** - Do a first reset of the counter. This also locks the config regs */ watchdog_ack(WATCHDOG_MAGIC_KEY); - return 0; + return ret; } int watchdog_ack(uint32_t magic)