From 1f8a6347e9bd00682b30e64a157e321bf0e81556 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mario=20H=C3=BCttel?= <mario.huettel@gmx.net>
Date: Sat, 5 Sep 2020 20:14:08 +0200
Subject: [PATCH 1/3] Issue #15: Move safety controller working pages to CCMRAM

---
 stm-firmware/safety/safety-controller.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/stm-firmware/safety/safety-controller.c b/stm-firmware/safety/safety-controller.c
index 5e10fc4..2dc3e7b 100644
--- a/stm-firmware/safety/safety-controller.c
+++ b/stm-firmware/safety/safety-controller.c
@@ -36,6 +36,7 @@
 #include <stddef.h>
 #include <string.h>
 #include <reflow-controller/safety/safety-memory.h>
+#include <helper-macros/helper-macros.h>
 
 struct error_flag {
 	const char *name;
@@ -77,7 +78,7 @@ struct analog_mon {
 #define TIM_MON_ENTRY(mon, min, max, flag) {.name=#mon, .monitor = (mon), .associated_flag=(flag), .min_delta = (min), .max_delta = (max), .last = 0ULL, .enabled= false}
 #define ANA_MON_ENTRY(mon, min_value, max_value, flag) {.name=#mon, .monitor = (mon), .associated_flag=(flag), .min = (min_value), .max = (max_value), .value = 0.0f, .valid = false}
 
-static volatile struct error_flag flags[] = {
+static volatile struct error_flag IN_SECTION(.ccm.data) flags[] = {
 	ERR_FLAG_ENTRY(ERR_FLAG_MEAS_ADC_OFF, false),
 	ERR_FLAG_ENTRY(ERR_FLAG_MEAS_ADC_WATCHDOG, false),
 	ERR_FLAG_ENTRY(ERR_FLAG_MEAS_ADC_UNSTABLE, false),
@@ -96,14 +97,14 @@ static volatile struct error_flag flags[] = {
 	ERR_FLAG_ENTRY(ERR_FLAG_SAFETY_MEM_CORRUPT, true),
 };
 
-static volatile struct timing_mon timings[] = {
+static volatile struct timing_mon IN_SECTION(.ccm.data) timings[] = {
 	TIM_MON_ENTRY(ERR_TIMING_PID, 2, 1000, ERR_FLAG_TIMING_PID),
 	TIM_MON_ENTRY(ERR_TIMING_MEAS_ADC, 0, 50, ERR_FLAG_TIMING_MEAS_ADC),
 	TIM_MON_ENTRY(ERR_TIMING_SAFETY_ADC, 10, SAFETY_CONTROLLER_ADC_DELAY_MS + 1000, ERR_FLAG_SAFETY_ADC),
 	TIM_MON_ENTRY(ERR_TIMING_MAIN_LOOP, 0, 1000, ERR_FLAG_TIMING_MAIN_LOOP),
 };
 
-static volatile struct analog_mon analog_mons[] = {
+static volatile struct analog_mon IN_SECTION(.ccm.data) analog_mons[] = {
 	ANA_MON_ENTRY(ERR_AMON_VREF, SAFETY_ADC_VREF_MVOLT - SAFETY_ADC_VREF_TOL_MVOLT,
 		      SAFETY_ADC_VREF_MVOLT + SAFETY_ADC_VREF_TOL_MVOLT, ERR_FLAG_AMON_VREF),
 	ANA_MON_ENTRY(ERR_AMON_UC_TEMP, SAFETY_ADC_TEMP_LOW_LIM, SAFETY_ADC_TEMP_HIGH_LIM,

From b2b1702670a6950fdb16728cf66cdb74f34afb31 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mario=20H=C3=BCttel?= <mario.huettel@gmx.net>
Date: Sat, 5 Sep 2020 20:17:35 +0200
Subject: [PATCH 2/3] Issue #15: add redundant invers error flag

---
 stm-firmware/safety/safety-controller.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/stm-firmware/safety/safety-controller.c b/stm-firmware/safety/safety-controller.c
index 2dc3e7b..c2081cb 100644
--- a/stm-firmware/safety/safety-controller.c
+++ b/stm-firmware/safety/safety-controller.c
@@ -42,6 +42,7 @@ struct error_flag {
 	const char *name;
 	enum safety_flag flag;
 	bool error_state;
+	bool error_state_inv;
 	bool persistent;
 	uint32_t key;
 };
@@ -74,7 +75,7 @@ struct analog_mon {
 
 #define COUNT_OF(x) ((sizeof(x)/sizeof(0[x])) / ((size_t)(!(sizeof(x) % sizeof(0[x])))))
 
-#define ERR_FLAG_ENTRY(errflag, persistency) {.name=#errflag, .flag = (errflag), .error_state = false, .persistent = (persistency), .key = 0UL}
+#define ERR_FLAG_ENTRY(errflag, persistency) {.name=#errflag, .flag = (errflag), .error_state = false, .error_state_inv = true, .persistent = (persistency), .key = 0UL}
 #define TIM_MON_ENTRY(mon, min, max, flag) {.name=#mon, .monitor = (mon), .associated_flag=(flag), .min_delta = (min), .max_delta = (max), .last = 0ULL, .enabled= false}
 #define ANA_MON_ENTRY(mon, min_value, max_value, flag) {.name=#mon, .monitor = (mon), .associated_flag=(flag), .min = (min_value), .max = (max_value), .value = 0.0f, .valid = false}
 

From c4fe006efad963b12b63eb9e551c77626ce7c55a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mario=20H=C3=BCttel?= <mario.huettel@gmx.net>
Date: Sat, 5 Sep 2020 20:29:21 +0200
Subject: [PATCH 3/3] Issue #15: Implement redundancy for error flags

---
 stm-firmware/safety/safety-controller.c | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/stm-firmware/safety/safety-controller.c b/stm-firmware/safety/safety-controller.c
index c2081cb..f38aa2e 100644
--- a/stm-firmware/safety/safety-controller.c
+++ b/stm-firmware/safety/safety-controller.c
@@ -112,6 +112,15 @@ static volatile struct analog_mon IN_SECTION(.ccm.data) analog_mons[] = {
 		      ERR_FLAG_AMON_UC_TEMP),
 };
 
+static bool error_flag_get_status(const volatile struct error_flag *flag)
+{
+	if (flag->error_state == flag->error_state_inv) {
+		return true;
+	} else {
+		return flag->error_state;
+	}
+}
+
 static volatile struct analog_mon *find_analog_mon(enum analog_value_monitor mon)
 {
 	uint32_t i;
@@ -185,7 +194,6 @@ static void safety_controller_process_checks()
 		amon_state = safety_controller_get_analog_mon_value(ERR_AMON_UC_TEMP, &amon_value);
 		if (amon_state != ANALOG_MONITOR_OK)
 			safety_controller_report_error(ERR_FLAG_AMON_UC_TEMP);
-
 	}
 
 	safety_controller_process_active_timing_mons();
@@ -204,6 +212,7 @@ int safety_controller_report_error_with_key(enum safety_flag flag, uint32_t key)
 	for (i = 0; i < COUNT_OF(flags); i++) {
 		if (flags[i].flag & flag) {
 			flags[i].error_state = true;
+			flags[i].error_state_inv = !flags[i].error_state;
 			flags[i].key = key;
 			ret = 0;
 		}
@@ -436,13 +445,15 @@ int safety_controller_get_flag(enum safety_flag flag, bool *status, bool try_ack
 
 	found_flag = find_error_flag(flag);
 	if (found_flag) {
-		*status = found_flag->error_state;
+		*status = error_flag_get_status(found_flag);
 		if (try_ack && !found_flag->persistent) {
 			/* Flag is generally non persistent
 			 * If key is set, this function cannot remove the flag
 			 */
-			if (found_flag->key == 0UL)
+			if (found_flag->key == 0UL) {
 				found_flag->error_state = false;
+				found_flag->error_state_inv = !found_flag->error_state;
+			}
 		}
 	}
 
@@ -467,6 +478,7 @@ int safety_controller_ack_flag_with_key(enum safety_flag flag, uint32_t key)
 	if (found_flag) {
 		if (!found_flag->persistent && (found_flag->key == key || !key)) {
 			found_flag->error_state = false;
+			found_flag->error_state_inv = true;
 			ret = 0;
 		} else {
 			ret = -2;
@@ -482,7 +494,7 @@ bool safety_controller_get_flags_by_mask(enum safety_flag mask)
 	bool ret = false;
 
 	for (i = 0; i < COUNT_OF(flags); i++) {
-		if ((flags[i].flag & mask) && flags[i].error_state) {
+		if ((flags[i].flag & mask) && error_flag_get_status(&flags[i])) {
 			ret = true;
 			break;
 		}
@@ -557,7 +569,7 @@ int safety_controller_get_flag_by_index(uint32_t index, bool *status, enum safet
 
 	if (index < COUNT_OF(flags)) {
 		if (status)
-			*status = flags[index].error_state;
+			*status = error_flag_get_status(&flags[index]);
 		if (flag_enum)
 			*flag_enum = flags[index].flag;