mhu/reflow-oven-control-sw
2
0
Fork 0
Code Issues 4 Pull Requests Releases 4 Wiki Activity

Merge branch 'issue/15-safety-controller-hardening' into issue/18-Backup-RAM

Browse Source
This commit is contained in:
Mario Hüttel 2020-09-05 20:31:23 +02:00
commit 7ea0e73869
1 changed files with 23 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
stm-firmware/safety/safety-controller.c
View File

@ -36,11 +36,13 @@
#include <stddef.h> #include <stddef.h>
#include <string.h> #include <string.h>
#include <reflow-controller/safety/safety-memory.h> #include <reflow-controller/safety/safety-memory.h>
#include <helper-macros/helper-macros.h>
struct error_flag { struct error_flag {
const char *name; const char *name;
enum safety_flag flag; enum safety_flag flag;
bool error_state; bool error_state;
bool error_state_inv;
bool persistent; bool persistent;
uint32_t key; uint32_t key;
}; };
@ -73,11 +75,11 @@ struct analog_mon {
#define COUNT_OF(x) ((sizeof(x)/sizeof(0[x])) / ((size_t)(!(sizeof(x) % sizeof(0[x]))))) #define COUNT_OF(x) ((sizeof(x)/sizeof(0[x])) / ((size_t)(!(sizeof(x) % sizeof(0[x])))))
#define ERR_FLAG_ENTRY(errflag, persistency) {.name=#errflag, .flag = (errflag), .error_state = false, .persistent = (persistency), .key = 0UL} #define ERR_FLAG_ENTRY(errflag, persistency) {.name=#errflag, .flag = (errflag), .error_state = false, .error_state_inv = true, .persistent = (persistency), .key = 0UL}
#define TIM_MON_ENTRY(mon, min, max, flag) {.name=#mon, .monitor = (mon), .associated_flag=(flag), .min_delta = (min), .max_delta = (max), .last = 0ULL, .enabled= false} #define TIM_MON_ENTRY(mon, min, max, flag) {.name=#mon, .monitor = (mon), .associated_flag=(flag), .min_delta = (min), .max_delta = (max), .last = 0ULL, .enabled= false}
#define ANA_MON_ENTRY(mon, min_value, max_value, flag) {.name=#mon, .monitor = (mon), .associated_flag=(flag), .min = (min_value), .max = (max_value), .value = 0.0f, .valid = false} #define ANA_MON_ENTRY(mon, min_value, max_value, flag) {.name=#mon, .monitor = (mon), .associated_flag=(flag), .min = (min_value), .max = (max_value), .value = 0.0f, .valid = false}
static volatile struct error_flag flags[] = { static volatile struct error_flag IN_SECTION(.ccm.data) flags[] = {
ERR_FLAG_ENTRY(ERR_FLAG_MEAS_ADC_OFF, false), ERR_FLAG_ENTRY(ERR_FLAG_MEAS_ADC_OFF, false),
ERR_FLAG_ENTRY(ERR_FLAG_MEAS_ADC_WATCHDOG, false), ERR_FLAG_ENTRY(ERR_FLAG_MEAS_ADC_WATCHDOG, false),
ERR_FLAG_ENTRY(ERR_FLAG_MEAS_ADC_UNSTABLE, false), ERR_FLAG_ENTRY(ERR_FLAG_MEAS_ADC_UNSTABLE, false),
@ -96,20 +98,29 @@ static volatile struct error_flag flags[] = {
ERR_FLAG_ENTRY(ERR_FLAG_SAFETY_MEM_CORRUPT, true), ERR_FLAG_ENTRY(ERR_FLAG_SAFETY_MEM_CORRUPT, true),
}; };
static volatile struct timing_mon timings[] = { static volatile struct timing_mon IN_SECTION(.ccm.data) timings[] = {
TIM_MON_ENTRY(ERR_TIMING_PID, 2, 1000, ERR_FLAG_TIMING_PID), TIM_MON_ENTRY(ERR_TIMING_PID, 2, 1000, ERR_FLAG_TIMING_PID),
TIM_MON_ENTRY(ERR_TIMING_MEAS_ADC, 0, 50, ERR_FLAG_TIMING_MEAS_ADC), TIM_MON_ENTRY(ERR_TIMING_MEAS_ADC, 0, 50, ERR_FLAG_TIMING_MEAS_ADC),
TIM_MON_ENTRY(ERR_TIMING_SAFETY_ADC, 10, SAFETY_CONTROLLER_ADC_DELAY_MS + 1000, ERR_FLAG_SAFETY_ADC), TIM_MON_ENTRY(ERR_TIMING_SAFETY_ADC, 10, SAFETY_CONTROLLER_ADC_DELAY_MS + 1000, ERR_FLAG_SAFETY_ADC),
TIM_MON_ENTRY(ERR_TIMING_MAIN_LOOP, 0, 1000, ERR_FLAG_TIMING_MAIN_LOOP), TIM_MON_ENTRY(ERR_TIMING_MAIN_LOOP, 0, 1000, ERR_FLAG_TIMING_MAIN_LOOP),
}; };
static volatile struct analog_mon analog_mons[] = { static volatile struct analog_mon IN_SECTION(.ccm.data) analog_mons[] = {
ANA_MON_ENTRY(ERR_AMON_VREF, SAFETY_ADC_VREF_MVOLT - SAFETY_ADC_VREF_TOL_MVOLT, ANA_MON_ENTRY(ERR_AMON_VREF, SAFETY_ADC_VREF_MVOLT - SAFETY_ADC_VREF_TOL_MVOLT,
SAFETY_ADC_VREF_MVOLT + SAFETY_ADC_VREF_TOL_MVOLT, ERR_FLAG_AMON_VREF), SAFETY_ADC_VREF_MVOLT + SAFETY_ADC_VREF_TOL_MVOLT, ERR_FLAG_AMON_VREF),
ANA_MON_ENTRY(ERR_AMON_UC_TEMP, SAFETY_ADC_TEMP_LOW_LIM, SAFETY_ADC_TEMP_HIGH_LIM, ANA_MON_ENTRY(ERR_AMON_UC_TEMP, SAFETY_ADC_TEMP_LOW_LIM, SAFETY_ADC_TEMP_HIGH_LIM,
ERR_FLAG_AMON_UC_TEMP), ERR_FLAG_AMON_UC_TEMP),
}; };
static bool error_flag_get_status(const volatile struct error_flag *flag)
{
if (flag->error_state == flag->error_state_inv) {
return true;
} else {
return flag->error_state;
}
}
static volatile struct analog_mon *find_analog_mon(enum analog_value_monitor mon) static volatile struct analog_mon *find_analog_mon(enum analog_value_monitor mon)
{ {
uint32_t i; uint32_t i;
@ -183,7 +194,6 @@ static void safety_controller_process_checks()
amon_state = safety_controller_get_analog_mon_value(ERR_AMON_UC_TEMP, &amon_value); amon_state = safety_controller_get_analog_mon_value(ERR_AMON_UC_TEMP, &amon_value);
if (amon_state != ANALOG_MONITOR_OK) if (amon_state != ANALOG_MONITOR_OK)
safety_controller_report_error(ERR_FLAG_AMON_UC_TEMP); safety_controller_report_error(ERR_FLAG_AMON_UC_TEMP);
} }
safety_controller_process_active_timing_mons(); safety_controller_process_active_timing_mons();
@ -202,6 +212,7 @@ int safety_controller_report_error_with_key(enum safety_flag flag, uint32_t key)
for (i = 0; i < COUNT_OF(flags); i++) { for (i = 0; i < COUNT_OF(flags); i++) {
if (flags[i].flag & flag) { if (flags[i].flag & flag) {
flags[i].error_state = true; flags[i].error_state = true;
flags[i].error_state_inv = !flags[i].error_state;
flags[i].key = key; flags[i].key = key;
ret = 0; ret = 0;
} }
@ -434,13 +445,15 @@ int safety_controller_get_flag(enum safety_flag flag, bool *status, bool try_ack
found_flag = find_error_flag(flag); found_flag = find_error_flag(flag);
if (found_flag) { if (found_flag) {
*status = found_flag->error_state; *status = error_flag_get_status(found_flag);
if (try_ack && !found_flag->persistent) { if (try_ack && !found_flag->persistent) {
/* Flag is generally non persistent /* Flag is generally non persistent
* If key is set, this function cannot remove the flag * If key is set, this function cannot remove the flag
*/ */
if (found_flag->key == 0UL) if (found_flag->key == 0UL) {
found_flag->error_state = false; found_flag->error_state = false;
found_flag->error_state_inv = !found_flag->error_state;
}
} }
} }
@ -465,6 +478,7 @@ int safety_controller_ack_flag_with_key(enum safety_flag flag, uint32_t key)
if (found_flag) { if (found_flag) {
if (!found_flag->persistent && (found_flag->key == key || !key)) { if (!found_flag->persistent && (found_flag->key == key || !key)) {
found_flag->error_state = false; found_flag->error_state = false;
found_flag->error_state_inv = true;
ret = 0; ret = 0;
} else { } else {
ret = -2; ret = -2;
@ -480,7 +494,7 @@ bool safety_controller_get_flags_by_mask(enum safety_flag mask)
bool ret = false; bool ret = false;
for (i = 0; i < COUNT_OF(flags); i++) { for (i = 0; i < COUNT_OF(flags); i++) {
if ((flags[i].flag & mask) && flags[i].error_state) { if ((flags[i].flag & mask) && error_flag_get_status(&flags[i])) {
ret = true; ret = true;
break; break;
} }
@ -555,7 +569,7 @@ int safety_controller_get_flag_by_index(uint32_t index, bool *status, enum safet
if (index < COUNT_OF(flags)) { if (index < COUNT_OF(flags)) {
if (status) if (status)
*status = flags[index].error_state; *status = error_flag_get_status(&flags[index]);
if (flag_enum) if (flag_enum)
*flag_enum = flags[index].flag; *flag_enum = flags[index].flag;