Safety Controller:

* Add watchdog code
* Add file structure for safety controller
* Lay groundstones to move all error flags to the safety controller
* Improve doxygen

stm-firmware/Makefile

@@ -47,7 +47,7 @@ CFILES += fatfs/diskio.c fatfs/ff.c fatfs/ffsystem.c fatfs/ffunicode.c fatfs/shi
 CFILES += pid-controller.c oven-driver.c
 CFILES += settings/settings.c settings/settings-sd-card.c
 
-CFILES += safety/safety-adc.c
+CFILES += safety/safety-adc.c safety/safety-controller.c safety/watchdog.c
 
 DEBUG_DEFINES = -DDEBUGBUILD
 RELEASE_DEFINES =

stm-firmware/include/reflow-controller/safety/safety-adc.h

@@ -18,6 +18,11 @@
 * If not, see <http://www.gnu.org/licenses/>.
 */
 
+/**
+ * @addtogroup safety-adc
+ * @{
+ */
+
 #ifndef __SAFETY_ADC_H__
 #define __SAFETY_ADC_H__
 
@@ -68,3 +73,5 @@ float safety_adc_get_temp();
 float safety_adc_get_vref();
 
 #endif /* __SAFETY_ADC_H__ */
+
+/** @} */

stm-firmware/include/reflow-controller/safety/safety-config.h

@@ -0,0 +1,38 @@
+/* Reflow Oven Controller
+*
+* Copyright (C) 2020  Mario Hüttel <mario.huettel@gmx.net>
+*
+* This file is part of the Reflow Oven Controller Project.
+*
+* The reflow oven controller is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License version 2 as
+* published by the Free Software Foundation.
+*
+* The Reflow Oven Control Firmware is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with the reflow oven controller project.
+* If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __SAFETY_CONFIG_H__
+#define __SAFETY_CONFIG_H__
+
+/**
+ * @brief Magic key used to reset the watchdog using the @ref watchdog_ack function
+ */
+#define WATCHDOG_MAGIC_KEY 0x1a2c56F4
+
+/**
+ * @brief If one, the watchdog is halted whenever the core is halted by the debugger.
+ *
+ * This is only applicable in a debug build. In release mode, the watchdog stays always enabled
+ */
+#define WATCHDOG_HALT_DEBUG (1)
+
+#define WATCHDOG_PRESCALER 4
+
+#endif /* __SAFETY_CONFIG_H__ */

stm-firmware/include/reflow-controller/safety/safety-controller.h

@@ -0,0 +1,26 @@
+/* Reflow Oven Controller
+*
+* Copyright (C) 2020  Mario Hüttel <mario.huettel@gmx.net>
+*
+* This file is part of the Reflow Oven Controller Project.
+*
+* The reflow oven controller is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License version 2 as
+* published by the Free Software Foundation.
+*
+* The Reflow Oven Control Firmware is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with the reflow oven controller project.
+* If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __SAFETY_CONTROLLER_H__
+#define __SAFETY_CONTROLLER_H__
+
+
+
+#endif /* __SAFETY_CONTROLLER_H__ */

stm-firmware/include/reflow-controller/safety/watchdog.h

@@ -0,0 +1,43 @@
+/* Reflow Oven Controller
+*
+* Copyright (C) 2020  Mario Hüttel <mario.huettel@gmx.net>
+*
+* This file is part of the Reflow Oven Controller Project.
+*
+* The reflow oven controller is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License version 2 as
+* published by the Free Software Foundation.
+*
+* The Reflow Oven Control Firmware is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with the reflow oven controller project.
+* If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __WATCHDOG_H__
+#define __WATCHDOG_H__
+
+#include <reflow-controller/safety/safety-config.h>
+#include <stdint.h>
+
+/**
+ * @brief Setup the watchdog for the safety controller
+ * @param Prescaler to use for the 32 KHz LSI clock
+ * @return 0 if successful
+ * @note Once the watchdog is enabled, it cannot be turned off!
+ */
+int watchdog_setup(uint8_t prescaler);
+
+/**
+ * @brief Reset watchdog counter
+ * @param magic Magic value to prevent this fuinction from being called randomly
+ * @return 0 if successful
+ */
+int watchdog_ack(uint32_t magic);
+
+
+#endif /* __WATCHDOG_H__ */

stm-firmware/safety/safety-adc.c

@@ -18,6 +18,11 @@
 * If not, see <http://www.gnu.org/licenses/>.
 */
 
+/**
+ * @addtogroup safety-adc
+ * @{
+ */
+
 #include <reflow-controller/safety/safety-adc.h>
 #include <reflow-controller/periph-config/safety-adc-hwcfg.h>
 #include <helper-macros/helper-macros.h>
@@ -186,3 +191,5 @@ float safety_adc_get_vref()
 {
 	return safety_vref;
 }
+
+/** @} */

stm-firmware/safety/safety-adc.dox

@@ -0,0 +1,8 @@
+/**
+@defgroup safety-adc Safety ADC
+@ingroup safety
+
+The safety ADC continuously monitors the microcontrollers internal core temperature (and therefore the whole device's temperature) and the external reference voltage compared to its 
+internal bandgap reference voltage.
+
+*/

stm-firmware/safety/safety-controller.c

@@ -0,0 +1,21 @@
+/* Reflow Oven Controller
+*
+* Copyright (C) 2020  Mario Hüttel <mario.huettel@gmx.net>
+*
+* This file is part of the Reflow Oven Controller Project.
+*
+* The reflow oven controller is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License version 2 as
+* published by the Free Software Foundation.
+*
+* The Reflow Oven Control Firmware is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with the reflow oven controller project.
+* If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <reflow-controller/safety/safety-controller.h>

stm-firmware/safety/safety.dox

@@ -0,0 +1,6 @@
+/**
+
+@defgroup safety Safety Module
+@brief Safety Supervisor Module
+This is the safety module which ensures safe operation of the reflow controller
+*/

stm-firmware/safety/watchdog.c

@@ -0,0 +1,99 @@
+/* Reflow Oven Controller
+*
+* Copyright (C) 2020  Mario Hüttel <mario.huettel@gmx.net>
+*
+* This file is part of the Reflow Oven Controller Project.
+*
+* The reflow oven controller is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License version 2 as
+* published by the Free Software Foundation.
+*
+* The Reflow Oven Control Firmware is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with the reflow oven controller project.
+* If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/**
+ * @addtogroup watchdog
+ * @{
+ */
+
+#include <reflow-controller/safety/watchdog.h>
+#include <stm32/stm32f4xx.h>
+
+/**
+ * @brief This key is expected by hardware to be written to the IWDG_KR register in order to reset the watchdog
+ */
+#define STM32_WATCHDOG_RESET_KEY 0xAAAA
+
+/**
+ * @brief This key is expected by hardware to be written to the IWDG_KR register in order to enable the watchdog
+ */
+#define STM32_WATCHDOG_ENABLE_KEY 0xCCCC
+
+/**
+ * @brief This key is expected by hardware to be written to the IWDG_KR register in order to enable access to config
+ * registers
+ */
+#define STM32_WATCHDOG_REGISTER_ACCESS_KEY 0x5555
+
+int watchdog_setup(uint8_t prescaler)
+{
+	uint32_t prescaler_reg_val;
+
+	/** - Activate the LSI oscillator */
+	RCC->CSR |= RCC_CSR_LSION;
+	__DSB();
+	/** - Wait for the oscillator to be ready */
+	while (!(RCC->CSR & RCC_CSR_LSIRDY));
+
+	if (prescaler == 4)
+		prescaler_reg_val = 0UL;
+	else if (prescaler == 8)
+		prescaler_reg_val = 1UL;
+	else if (prescaler == 16)
+		prescaler_reg_val = 2UL;
+	else if (prescaler == 32)
+		prescaler_reg_val = 3UL;
+	else if (prescaler == 64)
+		prescaler_reg_val = 4UL;
+	else if (prescaler == 128)
+		prescaler_reg_val = 5UL;
+	else
+		prescaler_reg_val = 6UL;
+
+	/** - Unlock registers */
+	IWDG->KR = STM32_WATCHDOG_REGISTER_ACCESS_KEY;
+
+	/** - Write prescaler value */
+	IWDG->PR = prescaler_reg_val;
+
+	/** - Set reload value fixed to 0xFFF */
+	IWDG->RLR = 0xFFFU;
+
+	/** - Write enable key */
+	IWDG->KR = STM32_WATCHDOG_ENABLE_KEY;
+
+	return 0;
+}
+
+int watchdog_ack(uint32_t magic)
+{
+	int ret = -1;
+
+	/** - Check if magic key is correct */
+	if (magic == WATCHDOG_MAGIC_KEY) {
+		/** - Write reset key to watchdog */
+		IWDG->KR = STM32_WATCHDOG_RESET_KEY;
+		ret = 0;
+	}
+
+	return ret;
+}
+
+/** @} */

stm-firmware/safety/watchdog.dox

@@ -0,0 +1,9 @@
+/**
+@defgroup watchdog Independent Watchdog
+@ingroup safety
+
+The independet watchdog module enusres that the safety controller run continuously and the whole formware does not lock.
+The watchdog is entirely controlled by the safety controller and must not be used by the rest of the firmware
+
+
+*/