Fix documentation and add safety RAM module to Makefile
This commit is contained in:
@@ -10,7 +10,7 @@ Severe error flags, like a drifting reference voltage, stop the PID controller a
|
||||
The controller stays in a usable state. After the errors have been cleared, normal operation may continue.
|
||||
|
||||
On the other hand, fatal errors like an over-temperature error, or memory problem, lead to the activation of the :ref:`safety_panic`,
|
||||
which forces the output zero, but does not allow any more interaction.
|
||||
which forces the output zero, but does not allow any further interaction.
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 2
|
||||
|
||||
@@ -47,7 +47,7 @@ CFILES += fatfs/diskio.c fatfs/ff.c fatfs/ffsystem.c fatfs/ffunicode.c fatfs/shi
|
||||
CFILES += pid-controller.c oven-driver.c
|
||||
CFILES += settings/settings.c settings/settings-sd-card.c
|
||||
|
||||
CFILES += safety/safety-adc.c safety/safety-controller.c safety/watchdog.c safety/fault.c
|
||||
CFILES += safety/safety-adc.c safety/safety-controller.c safety/watchdog.c safety/fault.c safety/safety-memory.c
|
||||
|
||||
DEBUG_DEFINES = -DDEBUGBUILD
|
||||
RELEASE_DEFINES =
|
||||
|
||||
@@ -1,52 +0,0 @@
|
||||
/* Reflow Oven Controller
|
||||
*
|
||||
* Copyright (C) 2020 Mario Hüttel <mario.huettel@gmx.net>
|
||||
*
|
||||
* This file is part of the Reflow Oven Controller Project.
|
||||
*
|
||||
* The reflow oven controller is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
* published by the Free Software Foundation.
|
||||
*
|
||||
* The Reflow Oven Control Firmware is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with the reflow oven controller project.
|
||||
* If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#ifndef __SAFETY_MEMORY_H__
|
||||
#define __SAFETY_MEMORY_H__
|
||||
|
||||
/**
|
||||
* @brief Magic number to signal a valid safety memory header.
|
||||
*/
|
||||
#define SAFETY_MEMORY_MAGIC 0x12AA5CB7
|
||||
|
||||
/**
|
||||
* @brief Offset address for the safety_memory_header.
|
||||
* @note Any other value than 0UL doesn't really make sense. Therfore, this should not be changed.
|
||||
*/
|
||||
#define SAFETY_MEMORY_HEADER_ADDRESS 0UL
|
||||
|
||||
/**
|
||||
* @brief Safety memory header
|
||||
*/
|
||||
struct safety_memory_header {
|
||||
uint32_t magic; /**< @brief Magic. Set to SAFETY_MEMORY_MAGIC */
|
||||
uint32_t boot_status_offset; /**< Offset of the safety_memory_boot_status struct (in 32 bit words)*/
|
||||
uint32_t err_memory_offset; /**< Offset of the error memory */
|
||||
uint32_t err_memory_end; /**< End of the error memory. This points to the word after the error memory, containing the CRC of the whole backup RAM. */
|
||||
uint32_t magic_i; /**< @brief Invers Magic. Set to ~SAFETY_MEMORY_MAGIC */
|
||||
};
|
||||
|
||||
struct safety_memory_boot_status {
|
||||
uint32_t reboot_to_bootloader;
|
||||
uint32_t code_updated;
|
||||
}
|
||||
|
||||
|
||||
#endif /* __SAFETY_MEMORY_H__ */
|
||||
@@ -18,33 +18,37 @@
|
||||
* If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#ifndef __WATCHDOG_H__
|
||||
#define __WATCHDOG_H__
|
||||
#ifndef __SAFETY_MEMORY_H__
|
||||
#define __SAFETY_MEMORY_H__
|
||||
|
||||
#include <reflow-controller/safety/safety-config.h>
|
||||
#include <stdint.h>
|
||||
#include <stdbool.h>
|
||||
|
||||
/**
|
||||
* @brief Setup the watchdog for the safety controller
|
||||
* @param Prescaler to use for the 32 KHz LSI clock
|
||||
* @return 0 if successful
|
||||
* @note Once the watchdog is enabled, it cannot be turned off!
|
||||
* @brief Magic number to signal a valid safety memory header.
|
||||
*/
|
||||
int watchdog_setup(uint8_t prescaler);
|
||||
#define SAFETY_MEMORY_MAGIC 0x12AA5CB7
|
||||
|
||||
/**
|
||||
* @brief Reset watchdog counter
|
||||
* @param magic Magic value to prevent this fuinction from being called randomly
|
||||
* @return 0 if successful
|
||||
* @brief Offset address for the safety_memory_header.
|
||||
* @note Any other value than 0UL doesn't really make sense. Therfore, this should not be changed.
|
||||
*/
|
||||
int watchdog_ack(uint32_t magic);
|
||||
#define SAFETY_MEMORY_HEADER_ADDRESS 0UL
|
||||
|
||||
/**
|
||||
* @brief Check if reset was generated by the watchdog.
|
||||
* @note This also clears the relevant flag, so the function will reutrn false when called a second time
|
||||
* @return
|
||||
* @brief Safety memory header
|
||||
*/
|
||||
bool watchdog_check_reset_source(void);
|
||||
struct safety_memory_header {
|
||||
uint32_t magic; /**< @brief Magic. Set to @ref SAFETY_MEMORY_MAGIC */
|
||||
uint32_t boot_status_offset; /**< @brief Offset of the safety_memory_boot_status struct (in 32 bit words)*/
|
||||
uint32_t err_memory_offset; /**< @brief Offset of the error memory */
|
||||
uint32_t err_memory_end; /**< @brief End of the error memory. This points to the word after the error memory, containing the CRC of the whole backup RAM. */
|
||||
uint32_t magic_i; /**< @brief Invers Magic. Set to the bitwise inverse of @ref SAFETY_MEMORY_MAGIC */
|
||||
};
|
||||
|
||||
#endif /* __WATCHDOG_H__ */
|
||||
struct safety_memory_boot_status {
|
||||
uint32_t reboot_to_bootloader;
|
||||
uint32_t code_updated;
|
||||
};
|
||||
|
||||
|
||||
#endif /* __SAFETY_MEMORY_H__ */
|
||||
|
||||
Reference in New Issue
Block a user