diff --git a/stm-firmware/include/reflow-controller/safety/safety-memory.h b/stm-firmware/include/reflow-controller/safety/safety-memory.h index 541baee..7c62ac9 100644 --- a/stm-firmware/include/reflow-controller/safety/safety-memory.h +++ b/stm-firmware/include/reflow-controller/safety/safety-memory.h @@ -34,7 +34,7 @@ */ #define SAFETY_MEMORY_HEADER_ADDRESS 0UL -#define SAFETY_MEMORY_CONFIG_OVERRIDE_COUNT 512 +#define SAFETY_MEMORY_CONFIG_OVERRIDE_COUNT 32UL /** * @brief Safety memory header @@ -91,6 +91,8 @@ struct config_override { int safety_memory_init(enum safety_memory_state *found_state); +int safety_memory_reinit(enum safety_memory_state *found_state); + int safety_memory_get_boot_status(struct safety_memory_boot_status *status); int safety_memory_get_error_entry_count(uint32_t *count); diff --git a/stm-firmware/safety/safety-controller.c b/stm-firmware/safety/safety-controller.c index 18e445f..5e10fc4 100644 --- a/stm-firmware/safety/safety-controller.c +++ b/stm-firmware/safety/safety-controller.c @@ -328,6 +328,23 @@ static void safety_controller_handle_safety_adc() } } +static void safety_controller_handle_safety_memory_check(void) +{ + static uint64_t ts = 0; + enum safety_memory_state found_state; + + if (systick_ticks_have_passed(ts, 5000)) { + ts = systick_get_global_tick(); + + if (safety_memory_check()) { + safety_memory_reinit(&found_state); + if (found_state != SAFETY_MEMORY_INIT_VALID_MEMORY) { + safety_controller_report_error(ERR_FLAG_SAFETY_MEM_CORRUPT); + } + } + } +} + int safety_controller_handle() { static uint64_t last_systick; @@ -338,6 +355,7 @@ int safety_controller_handle() safety_controller_check_stack(); safety_controller_handle_safety_adc(); + safety_controller_handle_safety_memory_check(); systick = systick_get_global_tick(); if (systick == last_systick) { diff --git a/stm-firmware/safety/safety-memory.c b/stm-firmware/safety/safety-memory.c index b376cd0..7421219 100644 --- a/stm-firmware/safety/safety-memory.c +++ b/stm-firmware/safety/safety-memory.c @@ -71,10 +71,13 @@ static void safety_memory_write_new_header(void) { struct safety_memory_header header; - header.boot_status_offset = sizeof(struct safety_memory_header); - header.config_overrides_offset = header.boot_status_offset + sizeof(struct safety_memory_boot_status)/4; + header.boot_status_offset = wordsize_of(struct safety_memory_header); + header.config_overrides_len = SAFETY_MEMORY_CONFIG_OVERRIDE_COUNT; + header.config_overrides_offset = header.boot_status_offset + wordsize_of(struct safety_memory_boot_status); header.err_memory_offset = header.config_overrides_offset + SAFETY_MEMORY_CONFIG_OVERRIDE_COUNT; header.err_memory_end = header.err_memory_offset; + header.magic = SAFETY_MEMORY_MAGIC; + header.magic_i = ~SAFETY_MEMORY_MAGIC; backup_ram_wipe(); backup_ram_write_data(0UL, (uint32_t *)&header, wordsize_of(header)); @@ -140,7 +143,7 @@ static int safety_memory_gen_crc() return 0; } -int safety_memory_init(enum safety_memory_state *found_state) +int safety_memory_reinit(enum safety_memory_state *found_state) { struct safety_memory_header header; int res; @@ -149,9 +152,6 @@ int safety_memory_init(enum safety_memory_state *found_state) if (!found_state) return -1001; - crc_unit_init(); - backup_ram_init(true); - *found_state = safety_memory_get_header(&header); switch (*found_state) { @@ -162,28 +162,39 @@ int safety_memory_init(enum safety_memory_state *found_state) *found_state = SAFETY_MEMORY_INIT_CORRUPTED; break; case SAFETY_MEMORY_INIT_FRESH: - safety_memory_write_new_header(); break; case SAFETY_MEMORY_INIT_CORRUPTED: + break; default: *found_state = SAFETY_MEMORY_INIT_CORRUPTED; - safety_memory_write_new_header(); break; } - /* Check if memory header was written newly */ + /* Check if memory header has to be written */ if (*found_state != SAFETY_MEMORY_INIT_VALID_MEMORY) { + safety_memory_write_new_header(); /* If yes, generate new CRC checksum */ res = safety_memory_gen_crc(); if (res) ret = -100; else ret = 0; + } else { + ret = 0; } return ret; } +int safety_memory_init(enum safety_memory_state *found_state) +{ + + crc_unit_init(); + backup_ram_init(true); + + return safety_memory_reinit(found_state); +} + int safety_memory_get_boot_status(struct safety_memory_boot_status *status); int safety_memory_get_error_entry_count(uint32_t *count);